diff --git a/.acrolinx-config.edn b/.acrolinx-config.edn index a3a07ef4f2..0ffbb03551 100644 --- a/.acrolinx-config.edn +++ b/.acrolinx-config.edn @@ -1,4 +1,4 @@ -{:allowed-branchname-matches ["master"] +{:allowed-branchname-matches ["main"] :allowed-filename-matches ["windows/"] :targets @@ -47,12 +47,12 @@ For more information about the exception criteria and exception process, see [Mi Click the scorecard links for each article to review the Acrolinx feedback on grammar, spelling, punctuation, writing style, and terminology: -| Article | Score | Issues | Scorecard | Processed | -| ------- | ----- | ------ | --------- | --------- | +| Article | Score | Issues | Correctness
issues | Scorecard | Processed | +| ------- | ----- | ------ | ------ | --------- | --------- | " :template-change - "| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | [link](${acrolinx/scorecard}) | ${s/status} | + "| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | ${acrolinx/flags/correctness} | [link](${acrolinx/scorecard}) | ${s/status} | " :template-footer diff --git a/.gitignore b/.gitignore index 9841e0daea..23057defcc 100644 --- a/.gitignore +++ b/.gitignore @@ -10,9 +10,11 @@ Tools/NuGet/ *.ini _themes*/ common/ +.vscode/ .openpublishing.build.mdproj .openpublishing.buildcore.ps1 packages.config +settings.json # User-specific files .vs/ diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index f9ebdac192..08c19e447c 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -1,439 +1,421 @@ -{ - "build_entry_point": "", - "docsets_to_publish": [ - { - "docset_name": "education", - "build_source_folder": "education", - "build_output_subfolder": "education", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "hololens", - "build_source_folder": "devices/hololens", - "build_output_subfolder": "hololens", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "internet-explorer", - "build_source_folder": "browsers/internet-explorer", - "build_output_subfolder": "internet-explorer", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "keep-secure", - "build_source_folder": "windows/keep-secure", - "build_output_subfolder": "keep-secure", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "microsoft-edge", - "build_source_folder": "browsers/edge", - "build_output_subfolder": "microsoft-edge", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "release-information", - "build_source_folder": "windows/release-information", - "build_output_subfolder": "release-information", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "smb", - "build_source_folder": "smb", - "build_output_subfolder": "smb", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "store-for-business", - "build_source_folder": "store-for-business", - "build_output_subfolder": "store-for-business", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-access-protection", - "build_source_folder": "windows/access-protection", - "build_output_subfolder": "win-access-protection", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-app-management", - "build_source_folder": "windows/application-management", - "build_output_subfolder": "win-app-management", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-client-management", - "build_source_folder": "windows/client-management", - "build_output_subfolder": "win-client-management", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-configuration", - "build_source_folder": "windows/configuration", - "build_output_subfolder": "win-configuration", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-deployment", - "build_source_folder": "windows/deployment", - "build_output_subfolder": "win-deployment", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-device-security", - "build_source_folder": "windows/device-security", - "build_output_subfolder": "win-device-security", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-configure", - "build_source_folder": "windows/configure", - "build_output_subfolder": "windows-configure", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-deploy", - "build_source_folder": "windows/deploy", - "build_output_subfolder": "windows-deploy", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-hub", - "build_source_folder": "windows/hub", - "build_output_subfolder": "windows-hub", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-manage", - "build_source_folder": "windows/manage", - "build_output_subfolder": "windows-manage", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-plan", - "build_source_folder": "windows/plan", - "build_output_subfolder": "windows-plan", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-privacy", - "build_source_folder": "windows/privacy", - "build_output_subfolder": "windows-privacy", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-security", - "build_source_folder": "windows/security", - "build_output_subfolder": "windows-security", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "windows-update", - "build_source_folder": "windows/update", - "build_output_subfolder": "windows-update", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-threat-protection", - "build_source_folder": "windows/threat-protection", - "build_output_subfolder": "win-threat-protection", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, - { - "docset_name": "win-whats-new", - "build_source_folder": "windows/whats-new", - "build_output_subfolder": "win-whats-new", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - } - ], - "notification_subscribers": [ - "elizapo@microsoft.com" - ], - "sync_notification_subscribers": [ - "dstrome@microsoft.com" - ], - "branches_to_filter": [ - "" - ], - "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/windows-itpro-docs", - "git_repository_branch_open_to_public_contributors": "public", - "skip_source_output_uploading": false, - "need_preview_pull_request": true, - "resolve_user_profile_using_github": true, - "contribution_branch_mappings": {}, - "dependent_repositories": [ - { - "path_to_root": "_themes.pdf", - "url": "https://github.com/Microsoft/templates.docs.msft.pdf", - "branch": "master", - "branch_mapping": {} - }, - { - "path_to_root": "_themes", - "url": "https://github.com/Microsoft/templates.docs.msft", - "branch": "master", - "branch_mapping": {} - } - ], - "branch_target_mapping": { - "live": [ - "Publish", - "Pdf" - ], - "master": [ - "Publish", - "Pdf" - ] - }, - "need_generate_pdf_url_template": true, - "targets": { - "Pdf": { - "template_folder": "_themes.pdf" - } - }, - "docs_build_engine": { - "name": "docfx_v3" - }, - "need_generate_pdf": false, - "need_generate_intellisense": false +{ + "build_entry_point": "", + "docsets_to_publish": [ + { + "docset_name": "education", + "build_source_folder": "education", + "build_output_subfolder": "education", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "hololens", + "build_source_folder": "devices/hololens", + "build_output_subfolder": "hololens", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "internet-explorer", + "build_source_folder": "browsers/internet-explorer", + "build_output_subfolder": "internet-explorer", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "keep-secure", + "build_source_folder": "windows/keep-secure", + "build_output_subfolder": "keep-secure", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "microsoft-edge", + "build_source_folder": "browsers/edge", + "build_output_subfolder": "microsoft-edge", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "release-information", + "build_source_folder": "windows/release-information", + "build_output_subfolder": "release-information", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "smb", + "build_source_folder": "smb", + "build_output_subfolder": "smb", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "store-for-business", + "build_source_folder": "store-for-business", + "build_output_subfolder": "store-for-business", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-access-protection", + "build_source_folder": "windows/access-protection", + "build_output_subfolder": "win-access-protection", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-app-management", + "build_source_folder": "windows/application-management", + "build_output_subfolder": "win-app-management", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-client-management", + "build_source_folder": "windows/client-management", + "build_output_subfolder": "win-client-management", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-configuration", + "build_source_folder": "windows/configuration", + "build_output_subfolder": "win-configuration", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-deployment", + "build_source_folder": "windows/deployment", + "build_output_subfolder": "win-deployment", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-device-security", + "build_source_folder": "windows/device-security", + "build_output_subfolder": "win-device-security", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-configure", + "build_source_folder": "windows/configure", + "build_output_subfolder": "windows-configure", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-deploy", + "build_source_folder": "windows/deploy", + "build_output_subfolder": "windows-deploy", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-hub", + "build_source_folder": "windows/hub", + "build_output_subfolder": "windows-hub", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-plan", + "build_source_folder": "windows/plan", + "build_output_subfolder": "windows-plan", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-privacy", + "build_source_folder": "windows/privacy", + "build_output_subfolder": "windows-privacy", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-security", + "build_source_folder": "windows/security", + "build_output_subfolder": "windows-security", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "windows-update", + "build_source_folder": "windows/update", + "build_output_subfolder": "windows-update", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-threat-protection", + "build_source_folder": "windows/threat-protection", + "build_output_subfolder": "win-threat-protection", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, + { + "docset_name": "win-whats-new", + "build_source_folder": "windows/whats-new", + "build_output_subfolder": "win-whats-new", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + } + ], + "notification_subscribers": [ + "elizapo@microsoft.com" + ], + "sync_notification_subscribers": [ + "dstrome@microsoft.com" + ], + "branches_to_filter": [ + "" + ], + "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/windows-itpro-docs", + "git_repository_branch_open_to_public_contributors": "public", + "skip_source_output_uploading": false, + "need_preview_pull_request": true, + "resolve_user_profile_using_github": true, + "dependent_repositories": [ + { + "path_to_root": "_themes.pdf", + "url": "https://github.com/Microsoft/templates.docs.msft.pdf", + "branch": "main", + "branch_mapping": {} + }, + { + "path_to_root": "_themes", + "url": "https://github.com/Microsoft/templates.docs.msft", + "branch": "main", + "branch_mapping": {} + } + ], + "branch_target_mapping": { + "live": [ + "Publish", + "Pdf" + ], + "main": [ + "Publish", + "Pdf" + ] + }, + "need_generate_pdf_url_template": true, + "targets": { + "Pdf": { + "template_folder": "_themes.pdf" + } + }, + "docs_build_engine": {}, + "contribution_branch_mappings": {}, + "need_generate_pdf": false, + "need_generate_intellisense": false } \ No newline at end of file diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 8dbea776cc..6ba49fc316 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1,5 +1,270 @@ { "redirections": [ + { + "source_path": "windows/client-management/mdm/browserfavorite-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-10-mobile-security-guide.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/windowssecurityauditing-ddf-file.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/windowssecurityauditing-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/remotelock-ddf-file.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/remotelock-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/registry-ddf-file.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/registry-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/maps-ddf-file.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/maps-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/hotspot-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/filesystem-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-ddf.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseext-ddf.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseext-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseassignedaccess-xsd.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseassignedaccess-ddf.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseassignedaccess-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md", + "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/deviceinstanceservice-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/cm-proxyentries-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/bootstrap-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-textinput.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-shell.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-rcspresence.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-otherassets.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-nfc.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-multivariant.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-modemconfigurations.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-messaging.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-internetexplorer.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-initialsetup.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-deviceinfo.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-calling.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-callandmessagingenhancement.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-automatictime.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-theme.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/wcd/wcd-embeddedlockdownprofiles.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/configure-mobile.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/lockdown-xml.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/mobile-lockdown-designer.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/provisioning-configure-mobile.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/provisioning-nfc.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/provisioning-package-splitter.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/settings-that-can-be-locked-down.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/mobile-devices/start-layout-xml-mobile.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/whats-new/windows-11.md", + "redirect_url": "/windows/whats-new/windows-11-whats-new", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/use-json-customize-start-menu-windows.md", + "redirect_url": "/windows/configuration/customize-start-menu-layout-windows-11", + "redirect_document_id": false + }, + { + "source_path": "windows/application-management/msix-app-packaging-tool.md", + "redirect_url": "/windows/application-management/apps-in-windows-10", + "redirect_document_id": false + }, { "source_path": "browsers/edge/about-microsoft-edge.md", "redirect_url": "/previous-versions/windows/edge-legacy/about-microsoft-edge", @@ -215,6 +480,11 @@ "redirect_url": "/surface/manage-surface-driver-and-firmware-updates", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md", + "redirect_url": "/azure/active-directory/devices/device-registration-how-it-works", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md", "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-exploit-protection-mitigations", @@ -4897,12 +5167,12 @@ }, { "source_path": "windows/device-security/security-compliance-toolkit-10.md", - "redirect_url": "/windows/security/threat-protection/security-compliance-toolkit-10", + "redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10", "redirect_document_id": false }, { "source_path": "windows/device-security/windows-10-mobile-security-guide.md", - "redirect_url": "/windows/security/threat-protection/windows-10-mobile-security-guide", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -5207,7 +5477,7 @@ }, { "source_path": "windows/access-protection/installing-digital-certificates-on-windows-10-mobile.md", - "redirect_url": "/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -6617,22 +6887,22 @@ }, { "source_path": "windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md", - "redirect_url": "/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { "source_path": "windows/manage/lockdown-xml.md", - "redirect_url": "/windows/configuration/mobile-devices/lockdown-xml", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { "source_path": "windows/manage/settings-that-can-be-locked-down.md", - "redirect_url": "/windows/configuration/mobile-devices/settings-that-can-be-locked-down", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { "source_path": "windows/manage/product-ids-in-windows-10-mobile.md", - "redirect_url": "/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -6662,7 +6932,7 @@ }, { "source_path": "windows/manage/start-layout-xml-mobile.md", - "redirect_url": "/windows/configuration/mobile-devices/start-layout-xml-mobile", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -6827,7 +7097,7 @@ }, { "source_path": "windows/deploy/provisioning-nfc.md", - "redirect_url": "/windows/configuration/provisioning-packages/provisioning-nfc", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7582,7 +7852,7 @@ }, { "source_path": "windows/configure/configure-mobile.md", - "redirect_url": "/windows/configuration/mobile-devices/configure-mobile", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7747,7 +8017,7 @@ }, { "source_path": "windows/configure/lockdown-xml.md", - "redirect_url": "/windows/configuration/mobile-devices/lockdown-xml", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7767,12 +8037,12 @@ }, { "source_path": "windows/configure/mobile-lockdown-designer.md", - "redirect_url": "/windows/configuration/mobile-devices/mobile-lockdown-designer", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { "source_path": "windows/configure/product-ids-in-windows-10-mobile.md", - "redirect_url": "/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7802,7 +8072,7 @@ }, { "source_path": "windows/configure/provisioning-configure-mobile.md", - "redirect_url": "/windows/configuration/mobile-devices/provisioning-configure-mobile", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7827,12 +8097,12 @@ }, { "source_path": "windows/configure/provisioning-nfc.md", - "redirect_url": "/windows/configuration/mobile-devices/provisioning-nfc", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { "source_path": "windows/configure/provisioning-package-splitter.md", - "redirect_url": "/windows/configuration/mobile-devices/provisioning-package-splitter", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7872,7 +8142,7 @@ }, { "source_path": "windows/configure/set-up-a-kiosk-for-windows-10-for-mobile-edition.md", - "redirect_url": "/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7882,7 +8152,7 @@ }, { "source_path": "windows/configure/settings-that-can-be-locked-down.md", - "redirect_url": "/windows/configuration/mobile-devices/settings-that-can-be-locked-down", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7892,7 +8162,7 @@ }, { "source_path": "windows/configure/start-layout-xml-mobile.md", - "redirect_url": "/windows/configuration/mobile-devices/start-layout-xml-mobile", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -8441,8 +8711,8 @@ "redirect_document_id": false }, { - "source_path": "windows/deploy/upgrade-windows-phone-8-1-to-10.md", - "redirect_url": "/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10", + "source_path": "windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md", + "redirect_url": "/windows/deployment/upgrade/windows-10-edition-upgrades", "redirect_document_id": false }, { @@ -11817,7 +12087,7 @@ }, { "source_path": "windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md", - "redirect_url": "/windows/access-protection/installing-digital-certificates-on-windows-10-mobile", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -13307,7 +13577,7 @@ }, { "source_path": "windows/keep-secure/windows-10-mobile-security-guide.md", - "redirect_url": "/windows/device-security/windows-10-mobile-security-guide", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -14085,6 +14355,11 @@ "redirect_url": "/microsoft-store/prerequisites-microsoft-store-for-business", "redirect_document_id": false }, + { + "source_path": "store-for-business/manage-mpsa-software-microsoft-store-for-business.md", + "redirect_url": "/microsoft-store/index", + "redirect_document_id": false + }, { "source_path": "windows/manage/reset-a-windows-10-mobile-device.md", "redirect_url": "/windows/client-management/reset-a-windows-10-mobile-device", @@ -16236,7 +16511,7 @@ "redirect_document_id": false }, { - "source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md.md", + "source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md", "redirect_url": "/microsoft-365/security/defender-endpoint/gov", "redirect_document_id": false }, @@ -17957,27 +18232,27 @@ }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/manage-endpoint-post-migration", + "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/manage-endpoint-post-migration-configuration-manager", + "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-configuration-manager", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/manage-endpoint-post-migration-group-policy-objects", + "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-group-policy-objects", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/manage-endpoint-post-migration-intune", + "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-intune", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/manage-endpoint-post-migration-other-tools", + "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-other-tools", "redirect_document_id": false }, { @@ -18022,22 +18297,22 @@ }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-migration", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-migration", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-onboard", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-prepare", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-prepare", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-setup", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup", "redirect_document_id": false }, { @@ -18367,22 +18642,22 @@ }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-endpoint-migration", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-migration", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-endpoint-onboard", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-endpoint-prepare", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-prepare", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-endpoint-setup", + "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup", "redirect_document_id": false }, { @@ -18919,11 +19194,326 @@ "source_path": "windows/security/threat-protection/device-control/device-control-report.md", "redirect_url": "/microsoft-365/security/defender-endpoint/device-control-report", "redirect_document_id": false + }, + { + "source_path": "windows/privacy/deploy-data-processor-service-windows.md", + "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/ransomware-malware.md", + "redirect_url": "/security/compass/human-operated-ransomware", + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md", "redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows", "redirect_document_id": false - } - ] -} + }, + { + "source_path": "windows/security/identity-protection/change-history-for-access-protection.md", + "redirect_url": "/windows/security/", + "redirect_document_id": false + }, + { + "source_path": "windows/deploy-windows-cm/upgrade-to-windows-with-configuraton-manager.md", + "redirect_url": "/windows/deploy-windows-cm/upgrade-to-windows-with-configuration-manager", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/waas-deployment-rings-windows-10-updates.md", + "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/waas-servicing-differences.md", + "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/wufb-autoupdate.md", + "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/wufb-basics.md", + "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/wufb-managedrivers.md", + "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/wufb-manageupdate.md", + "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/wwufb-onboard.md", + "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/feature-update-conclusion.md", + "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/waas-wufb-intune.md", + "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/feature-update-maintenance-window.md", + "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/feature-update-mission-critical.md", + "redirect_url": "/windows/deployment/waas-manage-updates-wufb", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-security-baselines.md", + "redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/change-history-for-update-windows-10.md", + "redirect_url": "/windows/deployment/deploy-whats-new", + "redirect_document_id": true + }, + { + "source_path": "windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md", + "redirect_url": "/windows/client-management/mdm/policy-csp-admx-wordwheel", + "redirect_document_id": true + }, + { + "source_path": "windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md", + "redirect_url": "/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings", + "redirect_document_id": true + }, + { + "source_path": "windows/client-management/mdm/policy-csp-admx-skydrive.md", + "redirect_url": "/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools", + "redirect_document_id": true + }, + { + "source_path": "windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md", + "redirect_url": "/legal/windows/license-terms-windows-diagnostic-data-for-powershell", + "redirect_document_id": false + }, + { + "source_path": "windows/privacy/windows-endpoints-1709-non-enterprise-editions.md", + "redirect_url": "/windows/privacy/windows-endpoints-21h1-non-enterprise-editions", + "redirect_document_id": true + }, + { + "source_path": "windows/privacy/windows-endpoints-1803-non-enterprise-editions.md", + "redirect_url": "/windows/privacy/windows-endpoints-21h1-non-enterprise-editions", + "redirect_document_id": false + }, + { + "source_path": "windows/privacy/manage-windows-1709-endpoints.md", + "redirect_url": "/windows/privacy/manage-windows-21h2-endpoints", + "redirect_document_id": true + }, + { + "source_path": "windows/privacy/manage-windows-1803-endpoints.md", + "redirect_url": "/windows/privacy/manage-windows-21h2-endpoints", + "redirect_document_id": false + }, + { + "source_path": "windows/whats-new/windows-11-whats-new.md", + "redirect_url": "/windows/whats-new/windows-11-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/waas-delivery-optimization.md", + "redirect_url": "/windows/deployment/do/waas-delivery-optimization", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/delivery-optimization-proxy.md", + "redirect_url": "/windows/deployment/do/delivery-optimization-proxy", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/delivery-optimization-workflow.md", + "redirect_url": "/windows/deployment/do/delivery-optimization-workflow", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/waas-delivery-optimization-reference.md", + "redirect_url": "/windows/deployment/do/waas-delivery-optimization-reference", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/waas-delivery-optimization-setup.md", + "redirect_url": "/windows/deployment/do/waas-delivery-optimization-setup", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/waas-optimize-windows-10.md", + "redirect_url": "/windows/deployment/do/waas-optimize-windows-10", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/coinminer-malware.md", + "redirect_url": "/microsoft-365/security/intelligence/coinminer-malware", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/coordinated-malware-eradication.md", + "redirect_url": "/microsoft-365/security/intelligence/coordinated-malware-eradication", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/criteria.md", + "redirect_url": "/microsoft-365/security/intelligence/criteria", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md", + "redirect_url": "/microsoft-365/security/intelligence/cybersecurity-industry-partners", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/developer-faq.yml", + "redirect_url": "/microsoft-365/security/intelligence/developer-faq", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/developer-resources.md", + "redirect_url": "/microsoft-365/security/intelligence/developer-resources", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/exploits-malware.md", + "redirect_url": "/microsoft-365/security/intelligence/exploits-malware", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/fileless-threats.md", + "redirect_url": "/microsoft-365/security/intelligence/fileless-threats", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/macro-malware.md", + "redirect_url": "/microsoft-365/security/intelligence/macro-malware", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/malware-naming.md", + "redirect_url": "/microsoft-365/security/intelligence/malware-naming", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/phishing-trends.md", + "redirect_url": "/microsoft-365/security/intelligence/phishing-trends", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/phishing.md", + "redirect_url": "/microsoft-365/security/intelligence/phishing", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md", + "redirect_url": "/microsoft-365/security/intelligence/portal-submission-troubleshooting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/prevent-malware-infection.md", + "redirect_url": "/microsoft-365/security/intelligence/prevent-malware-infection", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/rootkits-malware.md", + "redirect_url": "/microsoft-365/security/intelligence/rootkits-malware.md", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/safety-scanner-download.md", + "redirect_url": "/microsoft-365/security/intelligence/safety-scanner-download", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/submission-guide.md", + "redirect_url": "/microsoft-365/security/intelligence/submission-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/supply-chain-malware.md", + "redirect_url": "/microsoft-365/security/intelligence/supply-chain-malware", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/support-scams.md", + "redirect_url": "/microsoft-365/security/intelligence/support-scams", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/trojans-malware.md", + "redirect_url": "/microsoft-365/security/intelligence/trojans-malware", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/understanding-malware.md", + "redirect_url": "/microsoft-365/security/intelligence/understanding-malware", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/unwanted-software.md", + "redirect_url": "/microsoft-365/security/intelligence/unwanted-software", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md", + "redirect_url": "/microsoft-365/security/intelligence/virus-information-alliance-criteria", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/virus-initiative-criteria.md", + "redirect_url": "/microsoft-365/security/intelligence/virus-initiative-criteria", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/intelligence/worms-malware.md", + "redirect_url": "/microsoft-365/security/intelligence/worms-malware", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/microsoft-bug-bounty-program.md", + "redirect_url": "/microsoft-365/security/intelligence/microsoft-bug-bounty-program", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/waas-microsoft-connected-cache.md", + "redirect_url": "/windows/deployment/do/waas-microsoft-connected-cache", + "redirect_document_id": false + }, + { + "source_path": "windows/education/itadmins.yml", + "redirect_url": "/education/", + "redirect_document_id": true + }, + { + "source_path": "windows/education/partners.yml", + "redirect_url": "/education/", + "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/security-compliance-toolkit-10.md", + "redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10", + "redirect_document_id": false + }, + { + "source_path": "windows/education/developers.yml", + "redirect_url": "/education/", + "redirect_document_id": true + } + ] +} \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index f66a07d2e4..0000000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "cSpell.words": [ - "emie" - ] -} \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 75cb7255c8..ef3a69ff52 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -20,7 +20,7 @@ We've tried to make editing an existing, public file as simple as possible. 1. Go to the page on docs.microsoft.com that you want to update, and then click **Edit**. - ![GitHub Web, showing the Edit link](images/contribute-link.png) + ![GitHub Web, showing the Edit link.](images/contribute-link.png) 2. Log into (or sign up for) a GitHub account. @@ -28,7 +28,7 @@ We've tried to make editing an existing, public file as simple as possible. 3. Click the **Pencil** icon (in the red box) to edit the content. - ![GitHub Web, showing the Pencil icon in the red box](images/pencil-icon.png) + ![GitHub Web, showing the Pencil icon in the red box.](images/pencil-icon.png) 4. Using Markdown language, make your changes to the topic. For info about how to edit content using Markdown, see: - **If you're linked to the Microsoft organization in GitHub:** [Windows authoring guide](https://aka.ms/WindowsAuthoring) @@ -37,11 +37,11 @@ We've tried to make editing an existing, public file as simple as possible. 5. Make your suggested change, and then click **Preview Changes** to make sure it looks correct. - ![GitHub Web, showing the Preview Changes tab](images/preview-changes.png) + ![GitHub Web, showing the Preview Changes tab.](images/preview-changes.png) 6. When you’re done editing the topic, scroll to the bottom of the page, and then click **Propose file change** to create a fork in your personal GitHub account. - ![GitHub Web, showing the Propose file change button](images/propose-file-change.png) + ![GitHub Web, showing the Propose file change button.](images/propose-file-change.png) The **Comparing changes** screen appears to see what the changes are between your fork and the original content. @@ -49,7 +49,7 @@ We've tried to make editing an existing, public file as simple as possible. If there are no problems, you’ll see the message, **Able to merge**. - ![GitHub Web, showing the Comparing changes screen](images/compare-changes.png) + ![GitHub Web, showing the Comparing changes screen.](images/compare-changes.png) 8. Click **Create pull request**. diff --git a/bcs/docfx.json b/bcs/docfx.json index 8bb25b9c4c..f1384ac71a 100644 --- a/bcs/docfx.json +++ b/bcs/docfx.json @@ -35,6 +35,7 @@ "overwrite": [], "externalReference": [], "globalMetadata": { + "recommendations": true, "breadcrumb_path": "/microsoft-365/business/breadcrumb/toc.json", "extendBreadcrumb": true, "contributors_to_exclude": [ diff --git a/browsers/edge/docfx.json b/browsers/edge/docfx.json index d77b68f7fb..d786e0bbfb 100644 --- a/browsers/edge/docfx.json +++ b/browsers/edge/docfx.json @@ -27,12 +27,13 @@ } ], "globalMetadata": { + "recommendations": true, "breadcrumb_path": "/microsoft-edge/deploy/breadcrumb/toc.json", "ROBOTS": "INDEX, FOLLOW", "ms.technology": "microsoft-edge", "audience": "ITPro", "ms.topic": "article", - "manager": "laurawi", + "manager": "dansimp", "ms.prod": "edge", "feedback_system": "None", "hideEdit": true, diff --git a/browsers/edge/group-policies/index.yml b/browsers/edge/group-policies/index.yml index a1604c10e5..0f970282ed 100644 --- a/browsers/edge/group-policies/index.yml +++ b/browsers/edge/group-policies/index.yml @@ -6,10 +6,10 @@ summary: Microsoft Edge Legacy works with Group Policy and Microsoft Intune to h metadata: title: Microsoft Edge Legacy # Required; page title displayed in search results. Include the brand. < 60 chars. description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. # Required; article description that is displayed in search results. < 160 chars. - keywords: Microsoft Edge Legacy, Windows 10, Windows 10 Mobile + keywords: Microsoft Edge Legacy, Windows 10 ms.localizationpriority: medium ms.prod: edge - author: shortpatti + author: dougeby ms.author: pashort ms.topic: landing-page ms.devlang: na diff --git a/browsers/edge/index.yml b/browsers/edge/index.yml index 04b23cd56e..accbb0e679 100644 --- a/browsers/edge/index.yml +++ b/browsers/edge/index.yml @@ -11,7 +11,7 @@ metadata: ms.localizationpriority: medium ms.topic: landing-page # Required ms.collection: collection # Optional; Remove if no collection is used. - author: shortpatti #Required; your GitHub user alias, with correct capitalization. + author: dougeby #Required; your GitHub user alias, with correct capitalization. ms.author: pashort #Required; microsoft alias of author; optional team alias. ms.date: 07/07/2020 #Required; mm/dd/yyyy format. diff --git a/browsers/edge/microsoft-edge-faq.yml b/browsers/edge/microsoft-edge-faq.yml index 126a8572e8..41ba94ebb6 100644 --- a/browsers/edge/microsoft-edge-faq.yml +++ b/browsers/edge/microsoft-edge-faq.yml @@ -8,14 +8,13 @@ metadata: author: dansimp ms.author: dansimp ms.prod: edge - ms.topic: article + ms.topic: faq ms.mktglfcycl: general ms.sitesec: library ms.localizationpriority: medium - title: Frequently Asked Questions (FAQ) for IT Pros summary: | - Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile + Applies to: Microsoft Edge on Windows 10 > [!NOTE] > You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](/DeployEdge/). @@ -40,7 +39,7 @@ sections: - question: How do I customize Microsoft Edge and related settings for my organization? answer: | - You can use Group Policy or Microsoft Intune to manage settings related to Microsoft Edge, such as security settings, folder redirection, and preferences. See [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](./group-policies/index.yml) for a list of policies currently available for Microsoft Edge and configuration information. Note that the preview release of Chromium-based Microsoft Edge might not include management policies or other enterprise functionality; our focus during the preview is modern browser fundamentals. + You can use Group Policy or Microsoft Intune to manage settings related to Microsoft Edge, such as security settings, folder redirection, and preferences. See [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](./group-policies/index.yml) for a list of policies currently available for Microsoft Edge and configuration information. The preview release of Chromium-based Microsoft Edge might not include management policies or other enterprise functionality; our focus during the preview is modern browser fundamentals. - question: Is Adobe Flash supported in Microsoft Edge? answer: | @@ -62,7 +61,7 @@ sections: - question: Will Internet Explorer 11 continue to receive updates? answer: | - We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](https://support.microsoft.com/help/17454/). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge. + We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](/lifecycle/faq/internet-explorer-microsoft-edge). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge. - question: How do I find out which version of Microsoft Edge I have? answer: | @@ -70,4 +69,4 @@ sections: - question: What is Microsoft EdgeHTML? answer: | - Microsoft EdgeHTML is the web rendering engine that powers the current Microsoft Edge web browser and Windows 10 web app platform (as opposed to *Microsoft Edge, based on Chromium*). \ No newline at end of file + Microsoft EdgeHTML is the web rendering engine that powers the current Microsoft Edge web browser and Windows 10 web app platform (as opposed to *Microsoft Edge, based on Chromium*). diff --git a/browsers/edge/microsoft-edge.yml b/browsers/edge/microsoft-edge.yml index 54276502a1..053f03eeb7 100644 --- a/browsers/edge/microsoft-edge.yml +++ b/browsers/edge/microsoft-edge.yml @@ -48,8 +48,6 @@ landingContent: links: - text: Test your site on Microsoft Edge for free on BrowserStack url: https://developer.microsoft.com/microsoft-edge/tools/remote/ - - text: Use sonarwhal to improve your website - url: https://sonarwhal.com/ # Card (optional) - title: Improve compatibility with Enterprise Mode @@ -77,7 +75,7 @@ landingContent: - linkListType: download links: - text: NSS Labs web browser security reports - url: https://www.microsoft.com/download/details.aspx?id=54773 + url: https://www.microsoft.com/download/details.aspx?id=58080 - linkListType: overview links: - text: Microsoft Edge sandbox @@ -126,10 +124,8 @@ landingContent: url: ./edge-technical-demos.md - linkListType: how-to-guide links: - - text: Import bookmarks - url: https://microsoftedgetips.microsoft.com/2/39 - - text: Password management - url: https://microsoftedgetips.microsoft.com/2/18 + - text: Microsoft Edge features and tips + url: https://microsoftedgetips.microsoft.com # Card (optional) - title: Stay informed diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md index 4fc4fb1ecc..10d59733dd 100644 --- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md +++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md @@ -34,11 +34,11 @@ Before you start, you need to make sure you have the following: 1. Go to the [Microsoft Security Bulletin](https://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**. - ![microsoft security bulletin techcenter](images/securitybulletin-filter.png) + ![microsoft security bulletin techcenter.](images/securitybulletin-filter.png) 2. Click the title of the latest cumulative security update, and then scroll down to the **Affected software** table. - ![affected software section](images/affectedsoftware.png) + ![affected software section.](images/affectedsoftware.png) 3. Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section. @@ -201,68 +201,32 @@ You can use Group Policy to finish setting up Enterprise Site Discovery. If you You can use both the WMI and XML settings individually or together: **To turn off Enterprise Site Discovery** - - - - - - - - - - - - - -
Setting nameOption
Turn on Site Discovery WMI outputOff
Turn on Site Discovery XML outputBlank
+ +|Setting name |Option | +|---------|---------| +|Turn on Site Discovery WMI output | Off | +|Turn on Site Discovery XML output | Blank | **Turn on WMI recording only** - - - - - - - - - - - - - -
Setting nameOption
Turn on Site Discovery WMI outputOn
Turn on Site Discovery XML outputBlank
+ +|Setting name |Option | +|---------|---------| +|Turn on Site Discovery WMI output | On | +|Turn on Site Discovery XML output | Blank | **To turn on XML recording only** - - - - - - - - - - - - - -
Setting nameOption
Turn on Site Discovery WMI outputOff
Turn on Site Discovery XML outputXML file path
+ +|Setting name |Option | +|---------|---------| +|Turn on Site Discovery WMI output | Off | +|Turn on Site Discovery XML output | XML file path | **To turn on both WMI and XML recording** - - - - - - - - - - - - - -
Setting nameOption
Turn on Site Discovery WMI outputOn
Turn on Site Discovery XML outputXML file path
+ +|Setting name |Option | +|---------|---------| +|Turn on Site Discovery WMI output | On | +|Turn on Site Discovery XML output | XML file path | ## Use Configuration Manager to collect your data After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options: @@ -280,13 +244,13 @@ You can collect your hardware inventory using the MOF Editor, while you’re con 1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**. - ![Configuration Manager, showing the hardware inventory settings for client computers](images/configmgrhardwareinventory.png) + ![Configuration Manager, showing the hardware inventory settings for client computers.](images/configmgrhardwareinventory.png) 2. Click **Add**, click **Connect**, and connect to a computer that has completed the setup process and has already existing classes. 3. Change the **WMI Namespace** to `root\cimv2\IETelemetry`, and click **Connect**. - ![Configuration Manager, with the Connect to Windows Management Instrumentation (WMI) box](images/ie11-inventory-addclassconnectscreen.png) + ![Configuration Manager, with the Connect to Windows Management Instrumentation (WMI) box.](images/ie11-inventory-addclassconnectscreen.png) 4. Select the check boxes next to the following classes, and then click **OK**: @@ -393,12 +357,12 @@ The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sam ### SCCM Report Sample – ActiveX.rdl Gives you a list of all of the ActiveX-related sites visited by the client computer. -![ActiveX.rdl report, lists all ActiveX-related sites visited by the client computer](images/configmgractivexreport.png) +![ActiveX.rdl report, lists all ActiveX-related sites visited by the client computer.](images/configmgractivexreport.png) ### SCCM Report Sample – Site Discovery.rdl Gives you a list of all of the sites visited by the client computer. -![Site Discovery.rdl report, lists all websites visited by the client computer](images/ie-site-discovery-sample-report.png) +![Site Discovery.rdl report, lists all websites visited by the client computer.](images/ie-site-discovery-sample-report.png) ## View the collected XML data After the XML files are created, you can use your own solutions to extract and parse the data. The data will look like: @@ -436,7 +400,7 @@ You can import this XML data into the correct version of the Enterprise Mode Sit 1. Open the Enterprise Mode Site List Manager, click **File**, and then click **Bulk add from file**. - ![Enterprise Mode Site List Manager with Bulk add from file option](images/bulkadd-emiesitelistmgr.png) + ![Enterprise Mode Site List Manager with Bulk add from file option.](images/bulkadd-emiesitelistmgr.png) 2. Go to your XML file to add the included sites to the tool, and then click **Open**.
Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md). diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md index 634fd7cd91..d04fbf79b9 100644 --- a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md +++ b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md @@ -60,132 +60,21 @@ Make sure that you don't specify a protocol when adding your URLs. Using a URL l ### Schema elements This table includes the elements used by the Enterprise Mode schema. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ElementDescriptionSupported browser
<rules>Root node for the schema. -

Example -

-<rules version="205">
-  <emie>
-    <domain>contoso.com</domain>
-  </emie>
-</rules>
Internet Explorer 11 and Microsoft Edge
<emie>The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied. -

Example -

-<rules version="205">
-  <emie>
-    <domain>contoso.com</domain>
-  </emie>
-</rules>
--or- -

For IPv6 ranges:

<rules version="205">
-  <emie>
-    <domain>[10.122.34.99]:8080</domain>
-  </emie>
-  </rules>
--or- -

For IPv4 ranges:

<rules version="205">
-  <emie>
-    <domain>10.122.34.99:8080</domain>
-  </emie>
-  </rules>
Internet Explorer 11 and Microsoft Edge
<docMode>The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the <docMode> section that uses the same value as a <domain> element in the <emie> section, the <emie> element is applied. -

Example -

-<rules version="205">
-  <docMode>
-    <domain docMode="7">contoso.com</domain>
-  </docMode>
-</rules>
Internet Explorer 11
<domain>A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element. -

Example -

-<emie>
-  <domain>contoso.com:8080</domain>
-</emie>
Internet Explorer 11 and Microsoft Edge
<path>A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section. -

Example -

-<emie>
-  <domain exclude="false">fabrikam.com
-    <path exclude="true">/products</path>
-  </domain>
-</emie>

-Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.

Internet Explorer 11 and Microsoft Edge
+|Element |Description |Supported browser | +|---------|---------|---------| +|<rules> | Root node for the schema.
**Example** 
<rules version="205"> 
  <emie> 
   <domain>contoso.com</domain> 
  </emie>
 </rules> |Internet Explorer 11 and Microsoft Edge         |
+|<emie>     |The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied. 
 **Example** 
<rules version="205"> 
 <emie> 
   <domain>contoso.com</domain> 
 </emie>
</rules>  
 
 **or** 
 For IPv6 ranges: 

<rules version="205"> 
 <emie> 
  <domain>[10.122.34.99]:8080</domain> 
 </emie>
</rules> 
 
 **or**
 For IPv4 ranges:
<rules version="205"> 
 <emie> 
  <domain>[10.122.34.99]:8080</domain> 
 </emie>
</rules> | Internet Explorer 11 and Microsoft Edge       |
+|<docMode>     |The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the docMode section that uses the same value as a <domain> element in the emie section, the emie element is applied.  
 **Example** 
 
<rules version="205"> 
 <docmode> 
   <domain docMode="7">contoso.com</domain> 
 </docmode>
</rules>     |Internet Explorer 11         |
+|<domain>     |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element. 
 **Example** 
 
<emie> 
 <domain>contoso.com:8080</domain>
</emie>       |Internet Explorer 11 and Microsoft Edge         |
+|<path>    |A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section.
 **Example**  
 
<emie> 
 <domain exclude="false">fabrikam.com 
   <path exclude="true">/products</path>
 </domain>
</emie>
 
 Where [https://fabrikam.com](https://fabrikam.com) doesn't use IE8 Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) does.   |Internet Explorer 11 and Microsoft Edge         |
 
 ### Schema attributes
 This table includes the attributes used by the Enterprise Mode schema.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
AttributeDescriptionSupported browser
<version>Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element.Internet Explorer 11 and Microsoft Edge
<exclude>Specifies the domain or path that is excluded from getting the behavior applied. This attribute is supported on the <domain> and <path> elements.
-
Example
-
-<emie>
-  <domain exclude="false">fabrikam.com
-    <path exclude="true">/products</path>
-  </domain>
-</emie>

-Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.
Internet Explorer 11 and Microsoft Edge
<docMode>Specifies the document mode to apply. This attribute is only supported on <domain> or <path> elements in the <docMode> section.
-
Example
-
-<docMode>
-  <domain exclude="false">fabrikam.com
-    <path docMode="7">/products</path>
-  </domain>
-</docMode>
Internet Explorer 11

+|Attribute|Description|Supported browser|
+|--- |--- |--- |
+|<version>|Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element.|Internet Explorer 11 and Microsoft Edge|
+|<exclude>|Specifies the domain or path that is excluded from getting the behavior applied. This attribute is supported on the  and  elements.
 **Example** 
<emie>
  <domain exclude="false">fabrikam.com 
    <path exclude="true">/products</path>
  </domain>
</emie> 
 Where [https://fabrikam.com](https://fabrikam.com) doesn't use IE8 Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) does.|Internet Explorer 11 and Microsoft Edge|
+|<docMode>|Specifies the document mode to apply. This attribute is only supported on <domain> or <path>elements in the <docMode> section.
 **Example**
<docMode> 
  <domain exclude="false">fabrikam.com 
    <path docMode="7">/products</path>
  </domain>
</docMode>|Internet Explorer 11|
 
 ### Using Enterprise Mode and document mode together
 If you want to use both Enterprise Mode and document mode together, you need to be aware that  <emie> entries override <docMode> entries for the same domain. 
diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
index 70694a3df2..fcdaa18eee 100644
--- a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
@@ -92,194 +92,32 @@ Make sure that you don't specify a protocol when adding your URLs. Using a URL l
 ### Updated schema elements
 This table includes the elements used by the v.2 version of the Enterprise Mode schema.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
ElementDescriptionSupported browser
<site-list>A new root node with this text is using the updated v.2 version of the schema. It replaces <rules>.
-
Example
-
-<site-list version="205">
-  <site url="contoso.com">
-    <compat-mode>IE8Enterprise</compat-mode>
-    <open-in>IE11</open-in>
-  </site>
-</site-list>
Internet Explorer 11 and Microsoft Edge
<site>A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element.
-
Example
-
-<site url="contoso.com">
-  <compat-mode>default</compat-mode>
-  <open-in>none</open-in>
-</site>

--or-
-
For IPv4 ranges:
<site url="10.122.34.99:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>

--or-
-
For IPv6 ranges:
<site url="[10.122.34.99]:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>

-You can also use the self-closing version, <url="contoso.com" />, which also sets:
-
    
-  
  • <compat-mode>default</compat-mode>
    • 
-  
  • <open-in>none</open-in>
    • 
-
Internet Explorer 11 and Microsoft Edge
<compat-mode>A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11.
-
Example
-
-<site url="contoso.com">
-  <compat-mode>IE8Enterprise</compat-mode>
-</site>

--or-
-
For IPv4 ranges:
<site url="10.122.34.99:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>

--or-
-
For IPv6 ranges:
<site url="[10.122.34.99]:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>

-Where:
-
    
-  
  • IE8Enterprise. Loads the site in IE8 Enterprise Mode.
    This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE8 Enterprise Mode.
    • 
-  
  • IE7Enterprise. Loads the site in IE7 Enterprise Mode.
    This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE7 Enterprise Mode.
    Important
    This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
    • 
-  
  • IE[x]. Where [x] is the document mode number into which the site loads.
    • 
-  
  • Default or not specified. Loads the site using the default compatibility mode for the page. In this situation, X-UA-compatible meta tags or HTTP headers are honored.
    • 
-
Internet Explorer 11
<open-in>A child element that controls what browser is used for sites. This element supports the Open in IE11 or Open in Microsoft Edge experiences, for devices running Windows 10.
-
Example
-
-<site url="contoso.com">
-  <open-in>none</open-in>
-</site>

-Where:
-
    
-  
  • IE11. Opens the site in IE11, regardless of which browser is opened by the employee.
    • 
-  
  • MSEdge. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
    • 
-  
  • None or not specified. Opens in whatever browser the employee chooses.
    • 
-
Internet Explorer 11 and Microsoft Edge

+
+|Element  |Description |Supported browser  |
+|---------|---------|---------|
+|<site-list>     |A new root node with this text is using the updated v.2 version of the schema. It replaces <rules>. 
 **Example** 
 
<site-list version="205">
  <site url="contoso.com">
   <compat-mode>IE8Enterprise</compat-mode>
   <open-in>IE11</open-in>
  </site>
</site-list>
         | Internet Explorer 11 and Microsoft Edge        |
+|<site>    |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element. 
 **Example** 
<site url="contoso.com">
  <compat-mode>default</compat-mode>
  <open-in>none</open-in>
</site>
 
 **or** For IPv4 ranges: 
  
<site url="10.122.34.99:8080">
 <compat-mode>IE8Enterprise</compat-mode>
<site>
 
 **or**  For IPv6 ranges:
<site url="[10.122.34.99]:8080">
  <compat-mode>IE8Enterprise</compat-mode>
<site>
 
 You can also use the self-closing version, <url="contoso.com" />, which also sets:
  • <compat-mode>default</compat-mode>
  • <open-in>none</open-in>
    • | Internet Explorer 11 and Microsoft Edge        |
+|<compat-mode>     |A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11. 
     **Example** 

    <site url="contoso.com">
      <compat-mode>IE8Enterprise</compat-mode>
    </site>
     **or** 
     For IPv4 ranges:
    <site url="10.122.34.99:8080">
      <compat-mode>IE8Enterprise</compat-mode>
    <site>
     **or** For IPv6 ranges:
    <site url="[10.122.34.99]:8080">
      <compat-mode>IE8Enterprise</compat-mode>
    <site>
     Where
    • **IE8Enterprise.** Loads the site in IE8 Enterprise Mode.
      This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE8 Enterprise Mode.
    • **IE7Enterprise.** Loads the site in IE7 Enterprise Mode.
      This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE7 Enterprise Mode
      **Important**
      This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
    • **IE[x]**. Where [x] is the document mode number into which the site loads.
    • **Default or not specified.** Loads the site using the default compatibility mode for the page. In this situation, X-UA-compatible meta tags or HTTP headers are honored.
      •       |Internet Explorer 11         |
+|<open-in>    |A child element that controls what browser is used for sites. This element supports the **Open in IE11** or **Open in Microsoft Edge** experiences, for devices running Windows 10.
       **Examples**
      <site url="contoso.com">
        <open-in>none</open-in> 
      </site>
       
       Where
      • IE11. Opens the site in IE11, regardless of which browser is opened by the employee.
      • MSEdge. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
      • None or not specified. Opens in whatever browser the employee chooses.
        •   | Internet Explorer 11 and Microsoft Edge        |
 
 ### Updated schema attributes
 The <url> attribute, as part of the <site> element in the v.2 version of the schema, replaces the <domain> element from the v.1 version of the schema.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
        AttributeDescriptionSupported browser
        allow-redirectA boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
-
        Example
-
        -<site url="contoso.com/travel">
-  <open-in allow-redirect="true">IE11</open-in>
-</site>
        
-In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.        		Internet Explorer 11 and Microsoft Edge
        versionSpecifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element.Internet Explorer 11 and Microsoft Edge
        urlSpecifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
-
        Note
        
-Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both https://contoso.com and https://contoso.com.
-
        Example
-
        -<site url="contoso.com:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-  <open-in>IE11</open-in>
-</site>
        
-In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.        		Internet Explorer 11 and Microsoft Edge
        
+|Attribute|Description|Supported browser|
+|---------|---------|---------|
+|allow-redirect|A boolean attribute of the  element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
        **Example**
        <site url="contoso.com/travel">
          <open-in allow-redirect="true">IE11 </open-in>
        </site> 
         In this example, if [https://contoso.com/travel](https://contoso.com/travel) is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.| Internet Explorer 11 and Microsoft Edge|
+|version     |Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element.   | Internet Explorer 11 and Microsoft Edge|
+|url|Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
         **Note**
         Make sure that you don't specify a protocol. Using <site url="contoso.com">  applies to both [https://contoso.com](https://contoso.com) and [https://contoso.com](https://contoso.com). 
         **Example**
        <site url="contoso.com:8080">
           <compat-mode>IE8Enterprise</compat-mode> 
         <open-in>IE11</open-in>
        </site>
        In this example, going to [https://contoso.com:8080](https://contoso.com:8080) using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. | Internet Explorer 11 and Microsoft Edge|
 
 ### Deprecated attributes
 These v.1 version schema attributes have been deprecated in the v.2 version of the schema:
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
        Deprecated attributeNew attributeReplacement example
        <forceCompatView><compat-mode>Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>
        <docMode><compat-mode>Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>
        <doNotTransition><open-in>Replace <doNotTransition="true"> with <open-in>none</open-in>
        <domain> and <path><site>Replace:
-
        -<emie>
-  <domain exclude="false">contoso.com</domain>
-</emie>
        
-With:
-
        -<site url="contoso.com"/>
-  <compat-mode>IE8Enterprise</compat-mode>
-</site>
        
--AND-
        
-Replace:
-
        -<emie>
-  <domain exclude="true">contoso.com
-     <path exclude="false" forceCompatView="true">/about</path>
-  </domain>
-</emie>
        
-With:
-
        -<site url="contoso.com/about">
-  <compat-mode>IE7Enterprise</compat-mode>
-</site>
        
+|Deprecated attribute|New attribute|Replacement example|
+|--- |--- |--- |
+|<forceCompatView>|<compat-mode>|Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>|
+|<docMode>|<compat-mode>|Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>|
+|<doNotTransition>|<open-in>|Replace:
         <doNotTransition="true"> with <open-in>none</open-in>|
+|<domain> and <path>|<site>|Replace:
        <emie>
         <domain exclude="false">contoso.com</domain>
        </emie>
        With:
        <site url="contoso.com"/> 
          <compat-mode>IE8Enterprise</compat-mode>
        </site>
        **-AND-** 
        Replace:
        <emie> 
          <domain exclude="true">contoso.com 
         <path exclude="false" forceCompatView="true">/about</path>
         </domain>
        </emie>

         With:
        <site url="contoso.com/about">
         <compat-mode>IE7Enterprise</compat-mode>
        </site>|
 
 While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We don’t recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features.
 
diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
index 47322f0c03..923d4dfe04 100644
--- a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
@@ -27,11 +27,11 @@ ms.date: 07/27/2017
 
 Using Group Policy, you can turn on Enterprise Mode for Internet Explorer and then you can turn on local user control using the **Let users turn on and use Enterprise Mode from the Tools menu** setting, located in the `Administrative Templates\Windows Components\Internet Explorer` category path. After you turn this setting on, your users can turn on Enterprise Mode locally, from the IE **Tools** menu.
 
-![enterprise mode option on the tools menu](images/ie-emie-toolsmenu.png)
+![enterprise mode option on the tools menu.](images/ie-emie-toolsmenu.png)
 
 The **Let users turn on and use Enterprise Mode from the Tools menu** setting also lets you decide where to send the user reports (as a URL). We recommend creating a custom HTTP port 81 to let your incoming user information go to a dedicated site. A dedicated site is important so you can quickly pick out the Enterprise Mode traffic from your other website traffic.
 
-![group policy to turn on enterprise mode](images/ie-emie-grouppolicy.png)
+![group policy to turn on enterprise mode.](images/ie-emie-grouppolicy.png)
 
 Getting these reports lets you find out about sites that aren’t working right, so you can add them to your Enterprise Mode site list, without having to locate them all yourself. For more information about creating and using a site list, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system.
 
@@ -47,11 +47,11 @@ This lets you create an ASP form that accepts the incoming POST messages.
 
 3.  Open the Internet Information Services (IIS) Manager, click **Bindings**, highlight **Port 81**, click **Edit**, and then change the website information to point to Port 81 so it matches your custom-created port.
 
-    ![IIS Manager, editing website bindings](images/ie-emie-editbindings.png)
+    ![IIS Manager, editing website bindings.](images/ie-emie-editbindings.png)
 
 4.  Open the **Logging** feature, pick **W3C** for the format, and click **Select Fields** to open the **W3C Logging Fields** box.
 
-    ![IIS Manager, setting logging options](images/ie-emie-logging.png)
+    ![IIS Manager, setting logging options.](images/ie-emie-logging.png)
 
 5.  Change the WC3 logging fields to include only the **Date**, **Client IP**, **User Name**, and **URI Query** standard fields, and then click **OK**.
        
 Using only these fields keeps the log file simple, giving you the date, client IP address, and the website URI information for any site changed by your users.
@@ -72,7 +72,7 @@ This code logs your POST fields to your IIS log file, where you can review all o
 ### IIS log file information
 This is what your log files will look like after you set everything up and at least one of your users has turned on Enterprise Mode locally from the **Tools** menu. You can see the URL of the problematic website and client IP address of the user that turned on Enterprise Mode.
 
-![Enterprise Mode log file](images/ie-emie-logfile.png)
+![Enterprise Mode log file.](images/ie-emie-logfile.png)
 
 
 ## Using the GitHub sample to collect your data
@@ -99,14 +99,14 @@ The required packages are automatically downloaded and included in the solution.
 
 1.  Right-click on the name, PhoneHomeSample, and click **Publish**.
 
-    ![Visual Studio, Publish menu](images/ie-emie-publishsolution.png)
+    ![Visual Studio, Publish menu.](images/ie-emie-publishsolution.png)
 
 2.  In the **Publish Web** wizard, pick the publishing target and options that work for your organization.
 
    **Important**
        
    Make sure you have a database associated with your publishing target. Otherwise, your reports won’t be collected and you’ll have problems deploying the website. 
 
-    ![Visual Studio, Publish Web wizard](images/ie-emie-publishweb.png)
+    ![Visual Studio, Publish Web wizard.](images/ie-emie-publishweb.png)
 
    After you finish the publishing process, you need to test to make sure the app deployed successfully.
 
@@ -131,7 +131,7 @@ The required packages are automatically downloaded and included in the solution.
 -   Go to `https:///List` to see the report results.
        
 If you’re already on the webpage, you’ll need to refresh the page to see the results.
 
-    ![Enterprise Mode Result report with details](images/ie-emie-reportwdetails.png)
+    ![Enterprise Mode Result report with details.](images/ie-emie-reportwdetails.png)
 
 
 ### Troubleshooting publishing errors
@@ -141,7 +141,7 @@ If you have errors while you’re publishing your project, you should try to upd
 
 1.  From the **Tools** menu of Microsoft Visual Studio, click **NuGet Package Manager**, and click **Manage NuGet Packages for Solution**.
 
-    ![Nuget Package Manager for package updates](images/ie-emie-packageupdate.png)
+    ![Nuget Package Manager for package updates.](images/ie-emie-packageupdate.png)
 
 2.  Click **Updates** on the left side of the tool, and click the **Update All** button.
        
 You may need to do some additional package cleanup to remove older package versions.
diff --git a/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
index 4651adf5cf..4573423115 100644
--- a/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
+++ b/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
@@ -9,7 +9,7 @@ centralized control, you can create one global list of websites that render usin
 1.  Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Microsoft Edge\\Configure the Enterprise Mode     Site List** setting.
        Turning this setting on also requires you to create and store a site list.
 
 
 
 2.  Click **Enabled**, and then in the **Options** area, type the location to your site list.
@@ -24,7 +24,7 @@ All of your managed devices must have access to this location if you want them t
 
 2.  Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file.
        For example:
     
+    ![Enterprise mode with site list in the registry.](../edge/images/enterprise-mode-value-data.png) -->
 
     -   **HTTPS location:** `"SiteList"="https://localhost:8080/sites.xml"`
 
diff --git a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
index b34f9be63f..c8ef3d030c 100644
--- a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -33,7 +33,7 @@ Besides turning on this feature, you also have the option to provide a URL for E
 
 1.  Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Internet Explorer\\Let users turn on and use Enterprise Mode from the Tools menu** setting.
 
-    ![group policy editor with emie setting](images/ie-emie-editpolicy.png)
+    ![group policy editor with emie setting.](images/ie-emie-editpolicy.png)
 
 2.  Click **Enabled**, and then in the **Options** area, type the location for where to receive reports about when your employees use this functionality to turn Enterprise Mode on or off from the **Tools** menu.
 
@@ -45,7 +45,7 @@ Besides turning on this feature, you also have the option to provide a URL for E
 
 3.  Right-click the **Enable** key, click **Modify**, and then type a **Value data** to point to a server that you can listen to for updates.
 
-    ![edit registry string for data collection location](images/ie-emie-editregistrystring.png)
+    ![edit registry string for data collection location.](images/ie-emie-editregistrystring.png)
 
 Your **Value data** location can be any of the following types:
 
diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json
index 927e4c51ac..37391cc166 100644
--- a/browsers/internet-explorer/docfx.json
+++ b/browsers/internet-explorer/docfx.json
@@ -23,13 +23,14 @@
       }
     ],
     "globalMetadata": {
+      "recommendations": true,
       "breadcrumb_path": "/internet-explorer/breadcrumb/toc.json",
       "ROBOTS": "INDEX, FOLLOW",
       "audience": "ITPro",
       "ms.technology": "internet-explorer",
       "ms.prod": "ie11",
       "ms.topic": "article",
-      "manager": "laurawi",
+      "manager": "dansimp",
       "ms.date": "04/05/2017",
       "feedback_system": "None",
       "hideEdit": true,
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
index 37ef55dea6..18c0b63cac 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
@@ -16,9 +16,9 @@ ms.date: 10/24/2017
 ---
 
 
-# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
 
 
 **Applies to:**
@@ -91,7 +91,7 @@ The following is an example of what your XML file should look like when you’re
 ```
 In the above example, the following is true:
 
-- www.cpandl.com, as the main domain, must use IE8 Enterprise Mode. However, www.cpandl.com/images must use IE7 Enterprise Mode.
+- ```www.cpandl.com```, as the main domain, must use IE8 Enterprise Mode. However, ```www.cpandl.com/images``` must use IE7 Enterprise Mode.
 
 - contoso.com, and all of its domain paths, can use the default compatibility mode for the site.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
index f358312bbc..be03e1819a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
@@ -1,7 +1,7 @@
 ---
 ms.localizationpriority: medium
 title: Change history for Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros)
-description: This topic lists new and updated topics in the Internet Explorer 11 Deployment Guide documentation for Windows 10 and Windows 10 Mobile.
+description: This topic lists new and updated topics in the Internet Explorer 11 Deployment Guide documentation for Windows 10.
 ms.mktglfcycl: deploy
 ms.prod: ie11
 ms.sitesec: library
@@ -18,7 +18,7 @@ ms.author: dansimp
 
 [!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
 
-This topic lists new and updated topics in the Internet Explorer 11 documentation for both Windows 10 and Windows 10 Mobile.
+This topic lists new and updated topics in the Internet Explorer 11 documentation for Windows 10.
 
 ## April 2017
 |New or changed topic | Description |
diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
index 1acd936993..8cef068687 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
@@ -38,11 +38,11 @@ Before you start, you need to make sure you have the following:
 
     1.  Go to the [Microsoft Security Bulletin](/security-updates/) page, and change the filter to **Windows Internet Explorer 11**.
 
-        ![microsoft security bulletin techcenter](images/securitybulletin-filter.png)
+        ![microsoft security bulletin techcenter.](images/securitybulletin-filter.png)
 
     2.  Click the title of the latest cumulative security update, and then scroll down to the **Affected software** table.
 
-        ![affected software section](images/affectedsoftware.png)
+        ![affected software section.](images/affectedsoftware.png)
 
     3.  Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section.
 
@@ -63,17 +63,17 @@ Data is collected on the configuration characteristics of IE and the sites it br
 
 |Data point              |IE11 |IE10 |IE9  |IE8  |Description                                                             |
 |------------------------|-----|-----|-----|-----|------------------------------------------------------------------------|
-|URL                     |  X  |  X  |  X  |  X  |URL of the browsed site, including any parameters included in the URL.  |
-|Domain                  |  X  |  X  |  X  |  X  |Top-level domain of the browsed site.                                   |
-|ActiveX GUID            |  X  |  X  |  X  |  X  |GUID of the ActiveX controls loaded by the site.                        |
-|Document mode           |  X  |  X  |  X  |  X  |Document mode used by IE for a site, based on page characteristics.     |
-|Document mode reason    |  X  |  X  |     |     |The reason why a document mode was set by IE.                           |
-|Browser state reason    |  X  |  X  |     |     |Additional information about why the browser is in its current state. Also called, browser mode.           |
-|Hang count              |  X  |  X  |  X  |  X  |Number of visits to the URL when the browser hung.                      |
-|Crash count             |  X  |  X  |  X  |  X  |Number of visits to the URL when the browser crashed.                   |
-|Most recent navigation failure (and count) |  X  |  X  |  X  |  X  |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened.  |
-|Number of visits        |  X  |  X  |  X  |  X  |Number of times a site has been visited.                                |
-|Zone                    |  X  |  X  |  X  |  X  |Zone used by IE to browse sites, based on browser settings.             |
+|URL                     |  ✔️  |  ✔️  |  ✔️  |  ✔️  |URL of the browsed site, including any parameters included in the URL.  |
+|Domain                  |  ✔️  |  ✔️  |  ✔️  |  ✔️  |Top-level domain of the browsed site.                                   |
+|ActiveX GUID            |  ✔️  |  ✔️  |  ✔️  |  ✔️  |GUID of the ActiveX controls loaded by the site.                        |
+|Document mode           |  ✔️  |  ✔️  |  ✔️  |  ✔️  |Document mode used by IE for a site, based on page characteristics.     |
+|Document mode reason    |  ✔️  |  ✔️  |     |     |The reason why a document mode was set by IE.                           |
+|Browser state reason    |  ✔️  |  ✔️  |     |     |Additional information about why the browser is in its current state. Also called, browser mode.           |
+|Hang count              |  ✔️  |  ✔️  |  ✔️  |  ✔️  |Number of visits to the URL when the browser hung.                      |
+|Crash count             |  ✔️  |  ✔️  |  ✔️  |  ✔️  |Number of visits to the URL when the browser crashed.                   |
+|Most recent navigation failure (and count) |  ✔️  |  ✔️  |  ✔️  |  ✔️  |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened.  |
+|Number of visits        |  ✔️  |  ✔️  |  ✔️  |  ✔️  |Number of times a site has been visited.                                |
+|Zone                    |  ✔️  |  ✔️  |  ✔️  |  ✔️  |Zone used by IE to browse sites, based on browser settings.             |
 
 
 >**Important**
        By default, IE doesn’t collect this data; you have to turn this feature on if you want to use it. After you turn on this feature, data is collected on all sites visited by IE, except during InPrivate sessions. Additionally, the data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
@@ -205,68 +205,32 @@ You can use Group Policy to finish setting up Enterprise Site Discovery. If you
 You can use both the WMI and XML settings individually or together:
 
 **To turn off Enterprise Site Discovery**
-
-    
-        
-        
-    
-    
-        
-        
-    
-        
-        
-        
-    
-
        Setting nameOption
        Turn on Site Discovery WMI outputOff
        Turn on Site Discovery XML outputBlank
        
+
+|Setting name|Option|
+|--- |--- |
+|Turn on Site Discovery WMI output|Off|
+|Turn on Site Discovery XML output|Blank|
 
 **Turn on WMI recording only**
-
-    
-        
-        
-    
-    
-        
-        
-    
-        
-        
-        
-    
-
        Setting nameOption
        Turn on Site Discovery WMI outputOn
        Turn on Site Discovery XML outputBlank
        
+
+|Setting name|Option|
+|--- |--- |
+|Turn on Site Discovery WMI output|On|
+|Turn on Site Discovery XML output|Blank|
 
 **To turn on XML recording only**
-
-    
-        
-        
-    
-    
-        
-        
-    
-        
-        
-        
-    
-
        Setting nameOption
        Turn on Site Discovery WMI outputOff
        Turn on Site Discovery XML outputXML file path
        
+
+|Setting name|Option|
+|--- |--- |
+|Turn on Site Discovery WMI output|Off|
+|Turn on Site Discovery XML output|XML file path|
  
-To turn on both WMI and XML recording
-
-    
-        
-        
-    
-    
-        
-        
-    
-        
-        
-        
-    
-
        Setting nameOption
        Turn on Site Discovery WMI outputOn
        Turn on Site Discovery XML outputXML file path
        
+**To turn on both WMI and XML recording**
+
+|Setting name|Option|
+|--- |--- |
+|Turn on Site Discovery WMI output|On|
+|Turn on Site Discovery XML output|XML file path|
 
 ## Use Configuration Manager to collect your data
 After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options:
@@ -284,13 +248,13 @@ You can collect your hardware inventory using the MOF Editor, while you’re con
 
 1.  From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
 
-    ![Configuration Manager, showing the hardware inventory settings for client computers](images/configmgrhardwareinventory.png)
+    ![Configuration Manager, showing the hardware inventory settings for client computers.](images/configmgrhardwareinventory.png)
 
 2.  Click **Add**, click **Connect**, and connect to a computer that has completed the setup process and has already existing classes.
 
 3.  Change the **WMI Namespace** to `root\cimv2\IETelemetry`, and click **Connect**.
 
-    ![Configuration Manager, with the Connect to Windows Management Instrumentation (WMI) box](images/ie11-inventory-addclassconnectscreen.png)
+    ![Configuration Manager, with the Connect to Windows Management Instrumentation (WMI) box.](images/ie11-inventory-addclassconnectscreen.png)
 
 4.  Select the check boxes next to the following classes, and then click **OK**:
 
@@ -397,12 +361,12 @@ The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sam
 ### SCCM Report Sample – ActiveX.rdl
 Gives you a list of all of the ActiveX-related sites visited by the client computer.
 
-![ActiveX.rdl report, lists all ActiveX-related sites visited by the client computer](images/configmgractivexreport.png)
+![ActiveX.rdl report, lists all ActiveX-related sites visited by the client computer.](images/configmgractivexreport.png)
 
 ### SCCM Report Sample – Site Discovery.rdl
 Gives you a list of all of the sites visited by the client computer.
 
-![Site Discovery.rdl report, lists all websites visited by the client computer](images/ie-site-discovery-sample-report.png)
+![Site Discovery.rdl report, lists all websites visited by the client computer.](images/ie-site-discovery-sample-report.png)
 
 ## View the collected XML data
 After the XML files are created, you can use your own solutions to extract and parse the data. The data will look like:
@@ -440,7 +404,7 @@ You can import this XML data into the correct version of the Enterprise Mode Sit
 
 1.  Open the Enterprise Mode Site List Manager, click **File**, and then click **Bulk add from file**.
 
-    ![Enterprise Mode Site List Manager with Bulk add from file option](images/bulkadd-emiesitelistmgr.png)
+    ![Enterprise Mode Site List Manager with Bulk add from file option.](images/bulkadd-emiesitelistmgr.png)
 
 2.  Go to your XML file to add the included sites to the tool, and then click **Open**.
        Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
index e8d1ec3d7d..5cfa201d18 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
@@ -48,7 +48,7 @@ The compatibility improvements made in IE11 lets older websites just work in the
 ## Document mode selection flowchart
 This flowchart shows how IE11 works when document modes are used.
 
-![Flowchart detailing how document modes are chosen in IE11](images/docmode-decisions-sm.png)
        
+![Flowchart detailing how document modes are chosen in IE11.](images/docmode-decisions-sm.png)
        
 [Click this link to enlarge image](img-ie11-docmode-lg.md)
 
 ## Known Issues with Internet Explorer 8 document mode in Enterprise Mode
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
index 6832c2797b..e486ed248d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
@@ -35,7 +35,7 @@ If you don't want to use the Enterprise Mode Site List Manager, you also have th
 The following is an example of the Enterprise Mode schema v.1. This schema can run on devices running Windows 7 and Windows 8.1.
 
 > [!IMPORTANT]
-> Make sure that you don't specify a protocol when adding your URLs. Using a URL like `contoso.com` automatically applies to both http://contoso.com and https://contoso.com.
+> Make sure that you don't specify a protocol when adding your URLs. Using a URL like `contoso.com` automatically applies to both `http://contoso.com` and `https://contoso.com`.
 
 ```xml
 
@@ -65,162 +65,24 @@ The following is an example of the Enterprise Mode schema v.1. This schema can r
 ### Schema elements
 This table includes the elements used by the Enterprise Mode schema.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
        ElementDescriptionSupported browser
        <rules>Root node for the schema.
-
        Example
-
        -<rules version="205">
-  <emie>
-    <domain>contoso.com</domain>
-  </emie>
-</rules>
        		Internet Explorer 11 and Microsoft Edge
        <emie>The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied.
-
        Example
-
        -<rules version="205">
-  <emie>
-    <domain>contoso.com</domain>
-  </emie>
-</rules>
        
--or-
-
        For IPv6 ranges:
        <rules version="205">
-  <emie>
-    <domain>[10.122.34.99]:8080</domain>
-  </emie>
-  </rules>
        
--or-
-
        For IPv4 ranges:
        <rules version="205">
-  <emie>
-    <domain>10.122.34.99:8080</domain>
-  </emie>
-  </rules>
        		Internet Explorer 11 and Microsoft Edge
        <docMode>The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the <docMode> section that uses the same value as a <domain> element in the <emie> section, the <emie> element is applied.
-
        Example
-
        -<rules version="205">
-  <docMode>
-    <domain docMode="7">contoso.com</domain>
-  </docMode>
-</rules>
        		Internet Explorer 11
        <domain>A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element.
-
        Example
-
        -<emie>
-  <domain>contoso.com:8080</domain>
-</emie>
        		Internet Explorer 11 and Microsoft Edge
        <path>A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section.
-
        Example
-
        -<emie>
-  <domain exclude="true">fabrikam.com
-    <path exclude="false">/products</path>
-  </domain>
-</emie>
        
-Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.
        		Internet Explorer 11 and Microsoft Edge
        
+|Element |Description  |Supported browser  |
+|---------|---------|---------|
+|<rules>   | Root node for the schema.
        **Example** 
        <rules version="205"> 
          <emie> 
           <domain>contoso.com</domain> 
          </emie>
         </rules> |Internet Explorer 11 and Microsoft Edge         |
+|<emie>     |The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied. 
         **Example** 
        <rules version="205"> 
         <emie> 
           <domain>contoso.com</domain> 
         </emie>
        </rules>  
         
         **or** 
         For IPv6 ranges: 

        <rules version="205"> 
         <emie> 
          <domain>[10.122.34.99]:8080</domain> 
         </emie>
        </rules> 
         
         **or**
         For IPv4 ranges:
        <rules version="205"> 
         <emie> 
          <domain>[10.122.34.99]:8080</domain> 
         </emie>
        </rules> | Internet Explorer 11 and Microsoft Edge       |
+|<docMode>     |The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the docMode section that uses the same value as a <domain> element in the emie section, the emie element is applied.  
         **Example** 
         
        <rules version="205"> 
         <docmode> 
           <domain docMode="7">contoso.com</domain> 
         </docmode>
        </rules>     |Internet Explorer 11         |
+|<domain>     |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element. 
         **Example** 
         
        <emie> 
         <domain>contoso.com:8080</domain>
        </emie>       |Internet Explorer 11 and Microsoft Edge         |
+|<path>    |A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section.
         **Example**  
         
        <emie> 
         <domain exclude="true">fabrikam.com 
           <path exclude="false">/products</path>
         </domain>
        </emie>
         
         Where `https://fabrikam.com` doesn't use IE8 Enterprise Mode, but `https://fabrikam.com/products` does.   |Internet Explorer 11 and Microsoft Edge         |
 
 ### Schema attributes
 This table includes the attributes used by the Enterprise Mode schema.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
        AttributeDescriptionSupported browser
        versionSpecifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element.Internet Explorer 11 and Microsoft Edge
        excludeSpecifies the domain or path excluded from applying Enterprise Mode. This attribute is only supported on the <domain> and <path> elements in the <emie> section. If this attribute is absent, it defaults to false.
-
        
-
        Example:
        
-
        -<emie>
-  <domain exclude="false">fabrikam.com
-    <path exclude="true">/products</path>
-  </domain>
-</emie>
        
-Where https://fabrikam.com uses IE8 Enterprise Mode, but https://fabrikam.com/products does not.
        		Internet Explorer 11
        docModeSpecifies the document mode to apply. This attribute is only supported on <domain> or <path> elements in the <docMode> section.
-
        
-
        Example:
        
-
        -<docMode>
-  <domain>fabrikam.com
-    <path docMode="9">/products</path>
-  </domain>
-</docMode>
        
-Where https://fabrikam.com loads in IE11 document mode, but https://fabrikam.com/products uses IE9 document mode.
        		Internet Explorer 11
        doNotTransitionSpecifies that the page should load in the current browser, otherwise it will open in IE11. This attribute is supported on all <domain> or <path> elements. If this attribute is absent, it defaults to false.
-
        
-
        Example:
        
-
        -<emie>
-  <domain doNotTransition="false">fabrikam.com
-    <path doNotTransition="true">/products</path>
-  </domain>
-</emie>
        
-Where https://fabrikam.com opens in the IE11 browser, but https://fabrikam.com/products loads in the current browser (eg. Microsoft Edge).
        		Internet Explorer 11 and Microsoft Edge
        forceCompatViewSpecifies that the page should load in IE7 document mode (Compat View). This attribute is only supported on <domain> or <path> elements in the <emie> section. If the page is also configured to load in Enterprise Mode, it will load in IE7 Enterprise Mode. Otherwise (exclude="true"), it will load in IE11's IE7 document mode. If this attribute is absent, it defaults to false.
-
        
-
        Example:
        
-
        -<emie>
-  <domain exclude="true">fabrikam.com
-    <path forceCompatView="true">/products</path>
-  </domain>
-</emie>
        
-Where https://fabrikam.com does not use Enterprise Mode, but https://fabrikam.com/products uses IE7 Enterprise Mode.
        		Internet Explorer 11
        
+|Attribute|Description|Supported browser|
+|--- |--- |--- |
+|version|Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element.|Internet Explorer 11 and Microsoft Edge|
+|exclude|Specifies the domain or path that is excluded from getting the behavior applied. This attribute is supported on the <domain> and <path> elements.
         **Example** 
        <emie>
          <domain exclude="false">fabrikam.com 
            <path exclude="true">/products</path>
          </domain>
        </emie> 
         Where `https://fabrikam.com` doesn't use IE8 Enterprise Mode, but `https://fabrikam.com/products` does.|Internet Explorer 11 and Microsoft Edge|
+|docMode|Specifies the document mode to apply. This attribute is only supported on <domain> or <path>elements in the <docMode> section.
         **Example**
        <docMode> 
          <domain exclude="false">fabrikam.com 
            <path docMode="9">/products</path>
          </domain>
        </docMode>|Internet Explorer 11|
+|doNotTransition| Specifies that the page should load in the current browser, otherwise it will open in IE11. This attribute is supported on all <domain> or <path> elements. If this attribute is absent, it defaults to false.
         **Example**
        <emie>
         <domain doNotTransition="false">fabrikam.com 
           <path doNotTransition="true">/products</path>
         </domain>
        </emie>
        Where `https://fabrikam.com` opens in the IE11 browser, but `https://fabrikam.com/products` loads in the current browser (eg. Microsoft Edge)|Internet Explorer 11 and Microsoft Edge|
+|forceCompatView|Specifies that the page should load in IE7 document mode (Compat View). This attribute is only supported on <domain> or <path> elements in the <emie> section. If the page is also configured to load in Enterprise Mode, it will load in IE7 Enterprise Mode. Otherwise (exclude="true"), it will load in IE11's IE7 document mode. If this attribute is absent, it defaults to false. 
         **Example**
        <emie>
         <domain exclude="true">fabrikam.com 
           <path forcecompatview="true">/products</path>
         </domain>
        </emie>
        Where `https://fabrikam.com` does not use Enterprise Mode, but `https://fabrikam.com/products` uses IE7 Enterprise Mode.|Internet Explorer 11|
 
 ### Using Enterprise Mode and document mode together
 If you want to use both Enterprise Mode and document mode together, you need to be aware that  <emie> entries override <docMode> entries for the same domain. 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
index 299c6c093f..5af6fab521 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
@@ -45,7 +45,7 @@ You can continue to use the v.1 version of the schema on Windows 10, but you wo
 The following is an example of the v.2 version of the Enterprise Mode schema.
 
 > [!IMPORTANT]
-> Make sure that you don't specify a protocol when adding your URLs. Using a URL like ``, automatically applies to both http://contoso.com and https://contoso.com.
+> Make sure that you don't specify a protocol when adding your URLs. Using a URL like ``, automatically applies to both `http://contoso.com` and `https://contoso.com`.
  
 ```xml
 
@@ -97,197 +97,31 @@ The following is an example of the v.2 version of the Enterprise Mode schema.
 ### Updated schema elements
 This table includes the elements used by the v.2 version of the Enterprise Mode schema.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
        ElementDescriptionSupported browser
        <site-list>A new root node with this text is using the updated v.2 version of the schema. It replaces <rules>.
-
        Example
-
        -<site-list version="205">
-  <site url="contoso.com">
-    <compat-mode>IE8Enterprise</compat-mode>
-    <open-in>IE11</open-in>
-  </site>
-</site-list>
        		Internet Explorer 11 and Microsoft Edge
        <site>A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element.
-
        Example
-
        -<site url="contoso.com">
-  <compat-mode>default</compat-mode>
-  <open-in>none</open-in>
-</site>
        
--or-
-
        For IPv4 ranges:
        <site url="10.122.34.99:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>
        
--or-
-
        For IPv6 ranges:
        <site url="[10.122.34.99]:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>
        
-You can also use the self-closing version, <url="contoso.com" />, which also sets:
-
          
-  
        • <compat-mode>default</compat-mode>
          • 
-  
        • <open-in>none</open-in>
          • 
-
        		Internet Explorer 11 and Microsoft Edge
        <compat-mode>A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11.
-
        Example
-
        -<site url="contoso.com">
-  <compat-mode>IE8Enterprise</compat-mode>
-</site>
        
--or-
-
        For IPv4 ranges:
        <site url="10.122.34.99:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>
        
--or-
-
        For IPv6 ranges:
        <site url="[10.122.34.99]:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>
        
-Where:
-
          
-  
        • IE8Enterprise. Loads the site in IE8 Enterprise Mode.
          This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE8 Enterprise Mode.
          • 
-  
        • IE7Enterprise. Loads the site in IE7 Enterprise Mode.
          This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE7 Enterprise Mode.
          Important
          This tag replaces the combination of the "forceCompatView"="true" attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
          • 
-  
        • IE[x]. Where [x] is the document mode number into which the site loads.
          • 
-  
        • Default or not specified. Loads the site using the default compatibility mode for the page. In this situation, X-UA-compatible meta tags or HTTP headers are honored.
          • 
-
        		Internet Explorer 11
        <open-in>A child element that controls what browser is used for sites. This element supports the Open in IE11 or Open in Microsoft Edge experiences, for devices running Windows 10.
-
        Example
-
        -<site url="contoso.com">
-  <open-in>none</open-in>
-</site>
        
-Where:
-
          
-  
        • IE11. Opens the site in IE11, regardless of which browser is opened by the employee.
          • 
-  
        • MSEdge. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
          • 
-  
        • None or not specified. Opens in whatever browser the employee chooses.
          • 
-
        		Internet Explorer 11 and Microsoft Edge
        
+|Element  |Description |Supported browser  |
+|---------|---------|---------|
+|<site-list>     |A new root node with this text is using the updated v.2 version of the schema. It replaces <rules>. 
         **Example** 
         
        <site-list version="205">
          <site url="contoso.com">
           <compat-mode>IE8Enterprise</compat-mode>
           <open-in>IE11</open-in>
          </site>
        </site-list>
                 | Internet Explorer 11 and Microsoft Edge        |
+|<site>    |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element. 
         **Example** 
        <site url="contoso.com">
          <compat-mode>default</compat-mode>
          <open-in>none</open-in>
        </site>
         
         **or** For IPv4 ranges: 
          
        <site url="10.122.34.99:8080">
         <compat-mode>IE8Enterprise</compat-mode>
        <site>
         
         **or**  For IPv6 ranges:
        <site url="[10.122.34.99]:8080">
          <compat-mode>IE8Enterprise</compat-mode>
        <site>
         
         You can also use the self-closing version, <url="contoso.com" />, which also sets:
        • <compat-mode>default</compat-mode>
        • <open-in>none</open-in>
          • | Internet Explorer 11 and Microsoft Edge        |
+|<compat-mode>     |A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11. 
           **Example** 

          <site url="contoso.com">
            <compat-mode>IE8Enterprise</compat-mode>
          </site>
           **or** 
           For IPv4 ranges:
          <site url="10.122.34.99:8080">
            <compat-mode>IE8Enterprise</compat-mode>
          <site>
           **or** For IPv6 ranges:
          <site url="[10.122.34.99]:8080">
            <compat-mode>IE8Enterprise</compat-mode>
          <site>
           Where
          • **IE8Enterprise.** Loads the site in IE8 Enterprise Mode.
            This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE8 Enterprise Mode.
          • **IE7Enterprise.** Loads the site in IE7 Enterprise Mode.
            This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE7 Enterprise Mode
            **Important**
            This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
          • **IE[x]**. Where [x] is the document mode number into which the site loads.
          • **Default or not specified.** Loads the site using the default compatibility mode for the page. In this situation, X-UA-compatible meta tags or HTTP headers are honored.
            •       |Internet Explorer 11         |
+|<open-in>    |A child element that controls what browser is used for sites. This element supports the **Open in IE11** or **Open in Microsoft Edge** experiences, for devices running Windows 10.
             **Examples**
            <site url="contoso.com">
              <open-in>none</open-in> 
            </site>
             
             Where
            • IE11. Opens the site in IE11, regardless of which browser is opened by the employee.
            • MSEdge. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
            • None or not specified. Opens in whatever browser the employee chooses.
              •   | Internet Explorer 11 and Microsoft Edge        |
 
 ### Updated schema attributes
 The <url> attribute, as part of the <site> element in the v.2 version of the schema, replaces the <domain> element from the v.1 version of the schema.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
              AttributeDescriptionSupported browser
              allow-redirectA boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
-
              Example
-
              -<site url="contoso.com/travel">
-  <open-in allow-redirect="true">IE11</open-in>
-</site>
              
-In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.              		Internet Explorer 11 and Microsoft Edge
              versionSpecifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element.Internet Explorer 11 and Microsoft Edge
              urlSpecifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
-
              Note
              
-Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both http://contoso.com and https://contoso.com.
-
              Example
-
              -<site url="contoso.com:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-  <open-in>IE11</open-in>
-</site>
              
-In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.              		Internet Explorer 11 and Microsoft Edge
              
+|Attribute|Description|Supported browser|
+|---------|---------|---------|
+|allow-redirect|A boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
              **Example**
              <site url="contoso.com/travel">
                <open-in allow-redirect="true">IE11 </open-in>
              </site>
               In this example, if `https://contoso.com/travel` is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer. | Internet Explorer 11 and Microsoft Edge|
+|version     |Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element.   | Internet Explorer 11 and Microsoft Edge|
+|url|Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
               **Note**
               Make sure that you don't specify a protocol. Using <site url="contoso.com">  applies to both `http://contoso.com` and `https://contoso.com`. 
               **Example**
              <site url="contoso.com:8080">
                 <compat-mode>IE8Enterprise</compat-mode> 
               <open-in>IE11</open-in>
              </site>
              In this example, going to `https://contoso.com:8080` using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. | Internet Explorer 11 and Microsoft Edge|
 
 ### Deprecated attributes
 These v.1 version schema attributes have been deprecated in the v.2 version of the schema:
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
              Deprecated element/attributeNew elementReplacement example
              forceCompatView<compat-mode>Replace forceCompatView="true" with <compat-mode>IE7Enterprise</compat-mode>
              docMode<compat-mode>Replace docMode="IE5" with <compat-mode>IE5</compat-mode>
              doNotTransition<open-in>Replace doNotTransition="true" with <open-in>none</open-in>
              <domain> and <path><site>Replace:
-
              -<emie>
-  <domain>contoso.com</domain>
-</emie>
              
-With:
-
              -<site url="contoso.com"/>
-  <compat-mode>IE8Enterprise</compat-mode>
-  <open-in>IE11</open-in>
-</site>
              
--AND-
              
-Replace:
-
              -<emie>
-  <domain exclude="true" doNotTransition="true">
-    contoso.com
-    <path forceCompatView="true">/about</path>
-  </domain>
-</emie>
              
-With:
-
              -<site url="contoso.com/about">
-  <compat-mode>IE7Enterprise</compat-mode>
-  <open-in>IE11</open-in>
-</site>
              
+|Deprecated attribute|New attribute|Replacement example|
+|--- |--- |--- |
+|forceCompatView|<compat-mode>|Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>|
+|docMode|<compat-mode>|Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>|
+|doNotTransition|<open-in>|Replace:
               <doNotTransition="true"> with <open-in>none</open-in>|
+|<domain> and <path>|<site>|Replace:
              <emie>
               <domain>contoso.com</domain>
              </emie>
              With:
              <site url="contoso.com"/> 
                <compat-mode>IE8Enterprise</compat-mode>
                <open-in>IE11</open-in>
              </site>
              **-AND-** 
              Replace:
              <emie> 
                <domain exclude="true"  donotTransition="true">contoso.com 
               <path forceCompatView="true">/about</path>
               </domain>
              </emie>

               With:
              <site url="contoso.com/about">
               <compat-mode>IE7Enterprise</compat-mode>
               <open-in>IE11</open-in>
              </site>|
 
 While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We don’t recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
index 333686dc07..9ec7ddf862 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
@@ -45,7 +45,7 @@ To see if this fix might help you, run through this process one step at a time,
 
 1.  Go to a site having compatibility problems, press **F12** to open the **F12 Developer Tools**, and go to the **Emulation** tool.
 
-    ![Emulation tool showing document mode selection](images/docmode-f12.png)
+    ![Emulation tool showing document mode selection.](images/docmode-f12.png)
 
 2.  Starting with the **11 (Default)** option, test your broken scenario.
              
 If that doesn’t work, continue down to the next lowest document mode, stopping as soon as you find a document mode that fixes your problems. For more information about the Emulation tool, see [Emulate browsers, screen sizes, and GPS locations](/previous-versions/windows/internet-explorer/ie-developer/samples/dn255001(v=vs.85)).
@@ -62,7 +62,7 @@ There are two versions of the Enterprise Mode site list schema and the Enterpris
 
 1.  Open the Enterprise Mode Site List Manager, and click **Add**.
 
-    ![Enterprise Mode Site List Manager, showing the available modes](images/emie-listmgr.png)
+    ![Enterprise Mode Site List Manager, showing the available modes.](images/emie-listmgr.png)
 
 2.  Add the **URL** and pick the document mode from the **Launch in** box. This should be the same document mode you found fixed your problems while testing the site.
              
 Similar to Enterprise Mode, you can specify a document mode for a particular web path—such as contoso.com/ERP—or at a domain level. In the above, the entire contoso.com domain loads in Enterprise Mode, while microsoft.com is forced to load into IE8 Document Mode and bing.com loads in IE11.
@@ -74,7 +74,7 @@ For more information about Enterprise Mode, see [What is Enterprise Mode?](what-
 ### Review your Enterprise Mode site list
 Take a look at your Enterprise Mode site list and make sure everything is the way you want it. The next step will be to turn the list on and start to use it in your company. The Enterprise Mode Site List Manager will look something like:
 
-![Enterprise Mode Site List Manager, showing the different modes](images/emie-sitelistmgr.png)
+![Enterprise Mode Site List Manager, showing the different modes.](images/emie-sitelistmgr.png)
 
 And the underlying XML code will look something like:
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
index 938e3e036e..b30e90d746 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
@@ -22,7 +22,7 @@ ms.date: 07/27/2017
 
 Group Policy preferences are less strict than Group Policy settings, based on:
 
-|    |Group Policy preferences |Group Policy settings |
+| Type   |Group Policy preferences |Group Policy settings |
 |-----|-------------------------|----------------------|
 |Enforcement |
              • Not enforced
              • Has the user interface turned on
              • Can only be refreshed or applied once
               |
              • Enforced
              • Has the user interface turned off
              • Can be refreshed multiple times
               |
 |Flexibility |Lets you create preference items for registry settings, files, and folders. |
              • Requires app support
              • Needs you to create Administrative Templates for new policy settings
              • Won't let you create policy settings to manage files and folders
               |
diff --git a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
index cd8bea93d3..bbfd85b95e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 ms.pagetype: security
-description: 
+description: A high-level overview of the delivery process and your options to control deployment of Internet Explorer through automatic updates.
 author: dansimp
 ms.author: dansimp
 ms.manager: dansimp
@@ -60,7 +60,7 @@ If you use Automatic Updates in your company, but want to stop your users from a
     If you already use an update management solution, like [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [Microsoft Endpoint Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682129(v=technet.10)), you should use that instead of the Internet Explorer Blocker Toolkit.
 
     > [!NOTE]
-    > If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company. This scenario is discussed in detail in the Knowledge Base article [here](https://support.microsoft.com/kb/946202).
+    > If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company.
 
 Additional information on Internet Explorer 11, including a Readiness Toolkit, technical overview, in-depth feature summary, and Internet Explorer 11 download is available on the [Internet Explorer 11 page of the Microsoft Edge IT Center](https://technet.microsoft.com/microsoft-edge/dn262703.aspx).
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
index 30de0a2c97..ca1542a952 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
@@ -14,9 +14,7 @@ ms.author: dansimp
 [!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
 
 
-Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)
              
+Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)
 
-
              
-	Full-sized flowchart detailing how document modes are chosen in IE11
-
              
+:::image type="content" source="images/docmode-decisions-lg.png" alt-text="Full-sized flowchart detailing how document modes are chosen in IE11" lightbox="images/docmode-decisions-lg.png":::
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/index.md b/browsers/internet-explorer/ie11-deploy-guide/index.md
index 561c0f9983..dfb9b8391c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/index.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/index.md
@@ -33,7 +33,7 @@ Because this content isn't intended to be a step-by-step guide, not all of the s
 ## In this guide
 |Topic |Description |
 |------|------------|
-|[Change history for Internet Explorer 11](change-history-for-internet-explorer-11.md) |Lists new and updated topics in the Internet Explorer 11 documentation for both Windows 10 and Windows 10 Mobile. |
+|[Change history for Internet Explorer 11](change-history-for-internet-explorer-11.md) |Lists new and updated topics in the Internet Explorer 11 documentation for Windows 10. |
 |[System requirements and language support for Internet Explorer 11 (IE11)](system-requirements-and-language-support-for-ie11.md) |IE11 is available for a number of systems and languages. This topic provides info about the minimum system requirements and language support. |
 |[List of updated features and tools - Internet Explorer 11 (IE11)](updated-features-and-tools-with-ie11.md) |IE11 includes several new features and tools. This topic includes high-level info about the each of them. |
 |[Install and Deploy Internet Explorer 11 (IE11)](install-and-deploy-ie11.md) |Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment. You can also find more info about your virtualization options for legacy apps. |
@@ -42,7 +42,7 @@ Because this content isn't intended to be a step-by-step guide, not all of the s
 |[Group Policy and Internet Explorer 11 (IE11)](group-policy-and-ie11.md) |Use the topics in this section to learn about Group Policy and how to use it to manage IE. |
 |[Manage Internet Explorer 11](manage-ie11-overview.md) |Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for IE. |
 |[Troubleshoot Internet Explorer 11 (IE11)](troubleshoot-ie11.md) |Use the topics in this section to learn how to troubleshoot several of the more common problems experienced with IE. |
-|[Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) |ActiveX controls are small apps that let websites provide content, like videos, games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren’t automatically updated, they can become outdated as new versions are released. It’s very important that you keep your ActiveX controls up-to-date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, IE includes a new security feature, called out-of-date ActiveX control blocking. |
+|[Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) |ActiveX controls are small apps that let websites provide content, like videos, games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren’t automatically updated, they can become outdated as new versions are released. It’s important that you keep your ActiveX controls up-to-date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, IE includes a new security feature, called out-of-date ActiveX control blocking. |
 |[Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md) |Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices. Starting with Windows 10, we’re deprecating document modes.
              This means that while IE11 will continue to support document modes, Microsoft Edge won’t. And because of that, it also means that if you want to use Microsoft Edge, you’re going to have to update your legacy webpages and apps to support modern features, browsers, and devices.
              Note
              For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](https://go.microsoft.com/fwlink/p/?LinkId=615953). |
 |[What is the Internet Explorer 11 Blocker Toolkit?](what-is-the-internet-explorer-11-blocker-toolkit.md) |The IE11 Blocker Toolkit lets you turn off the automatic delivery of IE11 through the Automatic Updates feature of Windows Update. |
 |[Missing Internet Explorer Maintenance (IEM) settings for Internet Explorer 11](missing-internet-explorer-maintenance-settings-for-ie11.md) |The Internet Explorer Maintenance (IEM) settings have been deprecated in favor of Group Policy preferences, Administrative Templates (.admx), and the Internet Explorer Administration Kit 11 (IEAK 11).
              Because of this change, your IEM-configured settings will no longer work on computers running Internet Explorer 10 or newer. To fix this, you need to update the affected settings using Group Policy preferences, Administrative Templates (.admx), or the IEAK 11.
              Because Group Policy Preferences and IEAK 11 run using asynchronous processes, you should choose to use only one of the tools within each group of settings. For example, using only IEAK 11 in the Security settings or Group Policy Preferences within the Internet Zone settings. Also, it's important to remember that policy is enforced and can't be changed by the user, while preferences are configured, but can be changed by the user. |
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
index 125703ca28..0ec2a15346 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
@@ -47,7 +47,7 @@ For more info about this, see [Deploy and configure apps](/mem/intune/).
 
 2.  Any employee in the assigned group can now install the package. 
 
-For more info about this, see [Update apps using Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=301808)
+For more info about this, see [Update apps using Microsoft Intune](/mem/intune/apps/apps-windows-10-app-deploy)
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
index 66b29a20c4..58a2d5298b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
@@ -36,11 +36,4 @@ Use the topics in this section to learn about how to auto detect your settings,
 |------|------------|
 |[Auto detect settings Internet Explorer 11](auto-detect-settings-for-ie11.md) |Guidance about how to update your automatic detection of DHCP and DNS servers. |
 |[Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md) |Guidance about how to add, update and lock your auto configuration settings. |
-|[Auto proxy configuration settings for Internet Explorer 11](auto-proxy-configuration-settings-for-ie11.md) |Guidance about how to add, update, and lock your auto-proxy settings. | 
-
- 
-
- 
-
-
-
+|[Auto proxy configuration settings for Internet Explorer 11](auto-proxy-configuration-settings-for-ie11.md) |Guidance about how to add, update, and lock your auto-proxy settings. |
diff --git a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
index 557d57b34a..e6c30a056e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
@@ -34,6 +34,7 @@ Internet Explorer 11 gives you some new Group Policy settings to help you manage
 |                                   Always send Do Not Track header                                   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |       At least Internet Explorer 10        |                                                                                                                                                                                                                                    This policy setting allows you to configure how IE sends the Do Not Track (DNT) header.
              If you enable this policy setting, IE sends a `DNT:1` header with all HTTP and HTTPS requests. The `DNT:1` header signals to the servers not to track the user.
              **In Internet Explorer 9 and 10:**
              If you disable this policy setting, IE only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.
              **In at least IE11:**
              If you disable this policy setting, IE only sends the Do Not Track header if inPrivate Browsing mode is used.
              If you don't configure the policy setting, users can select the **Always send Do Not Track header** option on the **Advanced\* tab of the \*\*Internet Options** dialog box. By selecting this option, IE sends a `DNT:1` header with all HTTP and HTTPS requests; unless the user grants a site-specific exception, in which case IE sends a `DNT:0` header. By default, this option is enabled.                                                                                                                                                                                                                                     |
 |       Don't run antimalware programs against ActiveX controls
              (Internet, Restricted Zones)       |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
              • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
              • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
              • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
              • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |             IE11 on Windows 10             |                                                                                                                                                                                                                                                                                                                                                                               This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
              If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
              If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
              If you don't configure this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using the Internet Explorer's **Security** settings.                                                                                                                                                                                                                                                                                                                                                                                |
 | Don't run antimalware programs against ActiveX controls
              (Intranet, Trusted, Local Machine Zones) |                                                                                                                                                                                                                                                                                                                                                  
              • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
              • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
              • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
              • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
              • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
              • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
                                                                                                                                                                                                                                                                                                                                                                |             IE11 on Windows 10             |                                                                                                                                                                                                                                                                                                                                                                                  This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
              If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
              If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
              If you don't configure this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer's **Security** settings.                                                                                                                                                                                                                                                                                                                                                                                   |
+|               Hide Internet Explorer 11 Application Retirement Notification                         |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Administrative Templates\Windows Components\Internet Explorer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |      Internet Explorer 11 on Windows 10 20H2 & newer      |      This policy setting allows you to prevent the notification bar that informs users of Internet Explorer 11’s retirement from showing up. 
              If you disable or don’t configure this setting, the notification will be shown.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
 |               Hide the button (next to the New Tab button) that opens Microsoft Edge                |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              User Configuration\Administrative Templates\Windows Components/Internet Explorer\Internet Settings\Advanced Settings\Browsing\                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |      IE11 on Windows 10, version 1703      |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This policy setting lets you decide whether employees can see the open Microsoft Edge button, which appears next to the New Tab button.
              If you enable this policy setting, the button to open Microsoft Edge from Internet Explorer will be hidden.
              If you disable this policy setting, the button to open Microsoft Edge from Internet Explorer appears.
              If you don't configure this policy setting, the button to open Microsoft Edge from Internet Explorer can be configured by your employees.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
 |                  Let users turn on and use Enterprise Mode from the **Tools** menu                  |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Administrative Templates\Windows Components\Internet Explorer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |             IE11 on Windows 10             |                                                                                                                                                                                                                                                                                                                                                                      This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the **Tools** menu.
              If you enable this policy setting, users can see and use the **Enterprise Mode** option from the **Tools** menu. If you enable this setting, but don’t specify a report location, Enterprise Mode will still be available to your users, but you won’t get any reports.
              If you disable or don’t configure this policy setting, the menu option won’t appear and users won’t be able to turn on Enterprise Mode locally.                                                                                                                                                                                                                                                                                                                                                                       |
 |                                Limit Site Discovery output by Domain                                |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Administrative Templates\Windows Components\Internet Explorer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |        At least Internet Explorer 8        |                                                                                                                                                                                                                                                                                                                                                                                                              This policy setting allows you to control which domains are included in the discovery function of the Internet Explorer Site Discovery Toolkit.
              If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in your specified domains, configured by adding one domain per line to the included text box.
              If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all domains.
              **Note:**
              You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit.                                                                                                                                                                                                                                                                                                                                                                                                              |
diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
index 75283c1f64..4eed39657f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
@@ -62,15 +62,15 @@ When IE blocks an outdated ActiveX control, you’ll see a notification bar simi
 
 **Internet Explorer 9 through Internet Explorer 11**
 
-![Warning about outdated activex controls (ie9+)](images/outdatedcontrolwarning.png)
+![Warning about outdated activex controls (ie9+).](images/outdatedcontrolwarning.png)
 
 **Windows Internet Explorer 8**
 
-![Warning about outdated activex controls (ie8)](images/ieoutdatedcontrolwarning.png)
+![Warning about outdated activex controls (ie8).](images/ieoutdatedcontrolwarning.png)
 
 Out-of-date ActiveX control blocking also gives you a security warning that tells you if a webpage tries to launch specific outdated apps, outside of IE:
 
-![Warning about outdated activex controls outside ie](images/ieoutdatedcontroloutsideofie.png)
+![Warning about outdated activex controls outside ie.](images/ieoutdatedcontroloutsideofie.png)
 
 
 ## How do I fix an outdated ActiveX control or app?
diff --git a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
index fbcbcbadb9..f701d8ff8d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
@@ -42,7 +42,7 @@ RIES does not:
 
 -   Affect the applied Administrative Template Group Policy settings.
 
-RIES turns off all custom toolbars, browser extensions, and customizations installed with IE11. If you change your mind, you can turn each of the customizations back on through the **Manage Add-ons** dialog box. For more information about resetting IE settings, see [How to Reset Internet Explorer Settings](https://go.microsoft.com/fwlink/p/?LinkId=214528).
+RIES turns off all custom toolbars, browser extensions, and customizations installed with IE11. If you change your mind, you can turn each of the customizations back on through the **Manage Add-ons** dialog box. For more information about resetting IE settings, see [How to Reset Internet Explorer Settings](https://support.microsoft.com/windows/change-or-reset-internet-explorer-settings-2d4bac50-5762-91c5-a057-a922533f77d5).
 
 ## IE is crashing or seems slow
 If you notice that CPU usage is running higher than normal, or that IE is frequently crashing or slowing down, you should check your browser add-ons and video card. By default, IE11 uses graphics processing unit (GPU) rendering mode. However, some outdated video cards and video drivers don't support GPU hardware acceleration. If IE11 determines that your current video card or video driver doesn't support GPU hardware acceleration, it'll use Software Rendering mode.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
index 93b323b78a..d6bb2e98eb 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
@@ -31,32 +31,27 @@ ms.date: 07/27/2017
 
 Remove websites that were added to a local Enterprise Mode site list by mistake or because the sites no longer have compatibility problems.
 
-**Note**
              The changes described in this topic only impact sites added to a local Enterprise Mode site list and not the list of sites deployed to all employees by an administrator. Employees can't delete sites added to the list by an administrator.
+> [!NOTE]
+> The changes described in this topic only impact sites added to a local Enterprise Mode site list and not the list of sites deployed to all employees by an administrator. Employees can't delete sites added to the list by an administrator.
 
-  **To remove single sites from a local Enterprise Mode site list**
+**To remove single sites from a local Enterprise Mode site list**
 
 1.  Open Internet Explorer 11 and go to the site you want to remove.
 
-2.  Click **Tools**, and then click **Enterprise Mode**.
              
-The checkmark disappears from next to Enterprise Mode and the site is removed from the list.
+2.  Click **Tools**, and then click **Enterprise Mode**.
 
-**Note**
              If the site is removed by mistake, it can be added back by clicking **Enterprise Mode** again.
+    The checkmark disappears from next to Enterprise Mode and the site is removed from the list.
 
- **To remove all sites from a local Enterprise Mode site list**
+    > [!NOTE]
+    > If the site is removed by mistake, it can be added back by clicking **Enterprise Mode** again.
 
-1.  Open IE11, click **Tools**, and then click **Internet options**.
+**To remove all sites from a local Enterprise Mode site list**
+
+1.  Open Internet Explorer 11, click **Tools**, and then click **Internet options**.
 
 2.  Click the **Delete** button from the **Browsing history** area.
 
 3.  Click the box next to **Cookies and website data**, and then click **Delete**.
 
-**Note**
              This removes all of the sites from a local Enterprise Mode site list.
-
-     
-
- 
-
- 
-
-
-
+    > [!NOTE]
+    > This removes all of the sites from a local Enterprise Mode site list.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
index 6edccdda73..9424e5e32f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
@@ -27,7 +27,7 @@ You can use the Group Policy setting, **Set a default associations configuration
 1.  Open your Group Policy editor and go to the **Computer Configuration\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.
              
 Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( https://go.microsoft.com/fwlink/p/?LinkId=618268).
 
-    ![set default associations group policy setting](images/setdefaultbrowsergp.png)
+    ![set default associations group policy setting.](images/setdefaultbrowsergp.png)
 
 2.  Click **Enabled**, and then in the **Options** area, type the location to your default associations configuration file.
              
 If this setting is turned on and your employee's device is domain-joined, this file is processed and default associations are applied at logon. If this setting isn't configured or is turned off, or if your employee's device isn't domain-joined, no default associations are applied at logon.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
index dd26f8e369..b42426f1d7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
@@ -31,11 +31,11 @@ ms.date: 07/27/2017
 
 Using Group Policy, you can turn on Enterprise Mode for Internet Explorer and then you can turn on local user control using the **Let users turn on and use Enterprise Mode from the Tools menu** setting, located in the `Administrative Templates\Windows Components\Internet Explorer` category path. After you turn this setting on, your users can turn on Enterprise Mode locally, from the IE **Tools** menu.
 
-![enterprise mode option on the tools menu](images/ie-emie-toolsmenu.png)
+![enterprise mode option on the tools menu.](images/ie-emie-toolsmenu.png)
 
 The **Let users turn on and use Enterprise Mode from the Tools menu** setting also lets you decide where to send the user reports (as a URL). We recommend creating a custom HTTP port 81 to let your incoming user information go to a dedicated site. A dedicated site is important so you can quickly pick out the Enterprise Mode traffic from your other website traffic.
 
-![group policy to turn on enterprise mode](images/ie-emie-grouppolicy.png)
+![group policy to turn on enterprise mode.](images/ie-emie-grouppolicy.png)
 
 Getting these reports lets you find out about sites that aren’t working right, so you can add them to your Enterprise Mode site list, without having to locate them all yourself. For more information about creating and using a site list, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system.
 
@@ -51,11 +51,11 @@ When you turn logging on, you need a valid URL that points to a server that can
 
 3. Open the Internet Information Services (IIS) Manager, click **Bindings**, highlight **Port 81**, click **Edit**, and then change the website information to point to Port 81 so it matches your custom-created port.
 
-   ![IIS Manager, editing website bindings](images/ie-emie-editbindings.png)
+   ![IIS Manager, editing website bindings.](images/ie-emie-editbindings.png)
 
 4. Open the **Logging** feature, pick **W3C** for the format, and click **Select Fields** to open the **W3C Logging Fields** box.
 
-   ![IIS Manager, setting logging options](images/ie-emie-logging.png)
+   ![IIS Manager, setting logging options.](images/ie-emie-logging.png)
 
 5. Change the WC3 logging fields to include only the **Date**, **Client IP**, **User Name**, and **URI Query** standard fields, and then click **OK**.
              
    Using only these fields keeps the log file simple, giving you the date, client IP address, and the website URI information for any site changed by your users.
@@ -76,7 +76,7 @@ When you turn logging on, you need a valid URL that points to a server that can
 ### IIS log file information
 This is what your log files will look like after you set everything up and at least one of your users has turned on Enterprise Mode locally from the **Tools** menu. You can see the URL of the problematic website and client IP address of the user that turned on Enterprise Mode.
 
-![Enterprise Mode log file](images/ie-emie-logfile.png)
+![Enterprise Mode log file.](images/ie-emie-logfile.png)
 
 
 ## Using the GitHub sample to collect your data
@@ -103,14 +103,14 @@ For logging, you’re going to need a valid URL that points to a server that can
 
 5. Right-click on the name, PhoneHomeSample, and click **Publish**.
 
-   ![Visual Studio, Publish menu](images/ie-emie-publishsolution.png)
+   ![Visual Studio, Publish menu.](images/ie-emie-publishsolution.png)
 
 6. In the **Publish Web** wizard, pick the publishing target and options that work for your organization.
 
    **Important**
              
    Make sure you have a database associated with your publishing target. Otherwise, your reports won’t be collected and you’ll have problems deploying the website. 
 
-   ![Visual Studio, Publish Web wizard](images/ie-emie-publishweb.png)
+   ![Visual Studio, Publish Web wizard.](images/ie-emie-publishweb.png)
 
    After you finish the publishing process, you need to test to make sure the app deployed successfully.
 
@@ -135,7 +135,7 @@ For logging, you’re going to need a valid URL that points to a server that can
 -   Go to `https:///List` to see the report results.
              
 If you’re already on the webpage, you’ll need to refresh the page to see the results.
 
-    ![Enterprise Mode Result report with details](images/ie-emie-reportwdetails.png)
+    ![Enterprise Mode Result report with details.](images/ie-emie-reportwdetails.png)
 
 
 ### Troubleshooting publishing errors
@@ -145,7 +145,7 @@ If you have errors while you’re publishing your project, you should try to upd
 
 1.  From the **Tools** menu of Microsoft Visual Studio, click **NuGet Package Manager**, and click **Manage NuGet Packages for Solution**.
 
-    ![Nuget Package Manager for package updates](images/ie-emie-packageupdate.png)
+    ![Nuget Package Manager for package updates.](images/ie-emie-packageupdate.png)
 
 2.  Click **Updates** on the left side of the tool, and click the **Update All** button.
              
 You may need to do some additional package cleanup to remove older package versions.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
index 14bd40e745..ec77071c73 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
@@ -28,7 +28,7 @@ Jump to:
 
 [Enterprise Mode for Internet Explorer 11](enterprise-mode-overview-for-ie11.md) can be very effective in providing backward compatibility for older web apps. The Enterprise Mode Site List includes the ability to put any web app in any document mode, include IE8 and IE7 Enterprise Modes, without changing a single line of code on the website.
 
-![Internet Explorer Enterprise Modes and document modes](images/img-enterprise-mode-site-list-xml.jpg)
+![Internet Explorer Enterprise Modes and document modes.](images/img-enterprise-mode-site-list-xml.jpg)
 
 Sites in the \ section can be rendered in any document mode, as shown in blue above. Some sites designed for older versions of Internet Explorer may require better backward compatibility, and these can leverage the \ section of the Enterprise Mode Site List. IE8 Enterprise Mode provides higher-fidelity emulation for Internet Explorer 8 by using, among other improvements, the original Internet Explorer 8 user agent string. IE7 Enterprise Mode further improves emulation by adding Compatibility View.  
   
@@ -84,7 +84,7 @@ To see if the site works in the Internet Explorer 5, Internet Explorer 7, Intern
 
 -   Open the site in Internet Explorer 11, load the F12 tools by pressing the **F12** key or by selecting **F12 Developer Tools** from the **Tools** menu, and select the **Emulation** tab.  
 
-    ![F12 Developer Tools Emulation tab](images/img-f12-developer-tools-emulation.jpg)
+    ![F12 Developer Tools Emulation tab.](images/img-f12-developer-tools-emulation.jpg)
 
 -   Run the site in each document mode until you find the mode in which the site works.
  
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
index 8c84054dc3..1b32fa64ad 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
@@ -39,7 +39,7 @@ Before you can use a site list with Enterprise Mode, you need to turn the functi
 1. Open your Group Policy editor and go to the `Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list` setting.
              
    Turning this setting on also requires you to create and store a site list. For more information about creating your site list, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
 
-   ![local group policy editor for using a site list](images/ie-emie-grouppolicysitelist.png)
+   ![local group policy editor for using a site list.](images/ie-emie-grouppolicysitelist.png)
 
 2. Click **Enabled**, and then in the **Options** area, type the location to your site list.
 
@@ -51,7 +51,7 @@ Before you can use a site list with Enterprise Mode, you need to turn the functi
 
 4. Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file. For example:
 
-   ![enterprise mode with site list in the registry](images/ie-emie-registrysitelist.png)
+   ![enterprise mode with site list in the registry.](images/ie-emie-registrysitelist.png)
 
    -   **HTTPS location**: `"SiteList"="https://localhost:8080/sites.xml"`
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
index b4db0fb7a4..897b27ceed 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -37,7 +37,7 @@ Besides turning on this feature, you also have the option to provide a URL for E
 
 1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Internet Explorer\\Let users turn on and use Enterprise Mode from the Tools menu** setting.
 
-   ![group policy editor with emie setting](images/ie-emie-editpolicy.png)
+   ![group policy editor with emie setting.](images/ie-emie-editpolicy.png)
 
 2. Click **Enabled**, and then in the **Options** area, type the location for where to receive reports about when your employees use this functionality to turn Enterprise Mode on or off from the **Tools** menu.
 
@@ -49,7 +49,7 @@ Besides turning on this feature, you also have the option to provide a URL for E
 
 5. Right-click the **Enable** key, click **Modify**, and then type a **Value data** to point to a server that you can listen to for updates.
 
-   ![edit registry string for data collection location](images/ie-emie-editregistrystring.png)
+   ![edit registry string for data collection location.](images/ie-emie-editregistrystring.png)
 
 Your **Value data** location can be any of the following types:
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
index a216f90395..613d58863c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
@@ -27,7 +27,7 @@ We strongly suggest that while you're using virtualization, you also update your
 
 The Microsoft-supported options for virtualizing web apps are:
 
--   **Microsoft Enterprise Desktop Virtualization (MED-V).** Uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization. With MED-V, you can easily create, deliver, and manage corporate Virtual PC images on any Windows®-based desktop. For more information, see [MED-V](https://go.microsoft.com/fwlink/p/?LinkId=271653).
+-   **Microsoft Enterprise Desktop Virtualization (MED-V).** Uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization. With MED-V, you can easily create, deliver, and manage corporate Virtual PC images on any Windows®-based desktop. For more information, see [MED-V](/microsoft-desktop-optimization-pack/medv-v2/).
 
 -   **Client Hyper-V.** Uses the same virtualization technology previously available in Windows Server, but now installed for Windows 8.1. For more information, see [Client Hyper-V](/previous-versions/windows/it-pro/windows-8.1-and-8/hh857623(v=ws.11)).
              
 For more information about virtualization options, see [Microsoft Desktop Virtualization](https://go.microsoft.com/fwlink/p/?LinkId=271662).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
index 5ea3970866..fd8cca1014 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
@@ -39,7 +39,7 @@ Using Enterprise Mode means that you can continue to use Microsoft Edge as your
 > [!TIP]
 > If you are running an earlier version of Internet Explorer, we recommend upgrading to IE11, so that any legacy apps continue to work correctly.
 
-For Windows 10 and Windows 10 Mobile, Microsoft Edge is the default browser experience. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. 
+For Windows 10, Microsoft Edge is the default browser experience. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. 
 
 
 ## What is Enterprise Mode?
@@ -68,12 +68,12 @@ Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microso
 
 [!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
  XML file
-The Enterprise Mode Site List is an XML document that specifies a list of sites, their compat mode, and their intended browser. Using [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853), you can automatically start a webpage using a specific browser. In the case of IE11, the webpage can also be launched in a specific compat mode, so it always renders correctly. Your employees can easily view this site list by typing _about:compat_ in either Microsoft Edge or IE11.
+The Enterprise Mode Site List is an XML document that specifies a list of sites, their compatibility mode, and their intended browser. Using [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853), you can automatically start a webpage using a specific browser. In IE11, the webpage can also be launched in a specific compatibility mode, so it always renders correctly. Your employees can easily view this site list by typing `about:compat` in either Microsoft Edge or IE11.
 
 Starting with Windows 10, version 1511 (also known as the Anniversary Update), you can also [restrict IE11 to only the legacy web apps that need it](https://blogs.windows.com/msedgedev/2016/05/19/edge14-ie11-better-together/), automatically sending sites not included in the Enterprise Mode Site List to Microsoft Edge.
 
 ### Site list xml file
-This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypflug/9e9961de771d2fcbd86b#file-emie-v2-schema-xml). There are equivalent Enterprise Mode Site List policies for both [Microsoft Edge](/microsoft-edge/deploy/emie-to-improve-compatibility) and [Internet Explorer 11](turn-on-enterprise-mode-and-use-a-site-list.md). The Microsoft Edge list is used to determine which sites should open in IE11; while the IE11 list is used to determine the compat mode for a site, and which sites should open in Microsoft Edge. We recommend using one list for both browsers, where each policy points to the same XML file location.
+This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypflug/9e9961de771d2fcbd86b#file-emie-v2-schema-xml). There are equivalent Enterprise Mode Site List policies for both [Microsoft Edge](/microsoft-edge/deploy/emie-to-improve-compatibility) and [Internet Explorer 11](turn-on-enterprise-mode-and-use-a-site-list.md). The Microsoft Edge list is used to determine which sites should open in IE11; while the IE11 list is used to determine the compatibility mode for a site, and which sites should open in Microsoft Edge. We recommend using one list for both browsers, where each policy points to the same XML file location.
 
 ```xml
 
@@ -123,7 +123,7 @@ You can build and manage your Enterprise Mode Site List is by using any generic
 ### Enterprise Mode Site List Manager
 This tool helps you create error-free XML documents with simple n+1 versioning and URL verification. We recommend using this tool if your site list is relatively small. For more info about this tool, see the Use the [Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
 
-There are 2 versions of this tool, both supported on Windows 7, Windows 8.1, and Windows 10:
+There are two versions of this tool, both supported on Windows 7, Windows 8.1, and Windows 10:
 
 - [Enterprise Mode Site List Manager (schema v.1)](https://www.microsoft.com/download/details.aspx?id=42501). This is an older version of the schema that you must use if you want to create and update your Enterprise Mode Site List for devices running the v.1 version of the schema.
 
@@ -170,6 +170,4 @@ Because the tool is open-source, the source code is readily available for examin
 
 - [Web Application Compatibility Lab Kit](https://technet.microsoft.com/microsoft-edge/mt612809.aspx)
 
-- [Microsoft Services Support](https://www.microsoft.com/microsoftservices/support.aspx)
-
 - [Find a Microsoft partner on Pinpoint](https://partnercenter.microsoft.com/pcv/search)
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml
index b025aa3409..96fce41e4b 100644
--- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml
+++ b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml
@@ -13,7 +13,7 @@ metadata:
   title: Internet Explorer 11 - FAQ for IT Pros (Internet Explorer 11 for IT Pros)
   ms.sitesec: library
   ms.date: 10/16/2017
-    
+  ms.topic: faq
 title: Internet Explorer 11 - FAQ for IT Pros
 summary: |
   [!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
@@ -24,9 +24,6 @@ summary: |
 sections:
   - name: Ignored
     questions:
-      - question: |
-          Frequently Asked Questions
-        answer: |
       - question: |
           What operating system does IE11 run on?
         answer: |
@@ -86,7 +83,7 @@ sections:
       - question: |
           What test tools exist to test for potential application compatibility issues?
         answer: |
-          The Compat Inspector tool supports Windows Internet Explorer 9 through IE11. For more information, see [Compat Inspector User Guide](https://go.microsoft.com/fwlink/p/?LinkId=313189). In addition, you can use the new [F12 Developer Tools](/previous-versions/windows/internet-explorer/ie-developer/dev-guides/bg182632(v=vs.85)) that are included with IE11, or the [modern.ie](https://go.microsoft.com/fwlink/p/?linkid=308902) website for Microsoft Edge.
+          The Compat Inspector tool supports Windows Internet Explorer 9 through IE11. For more information, see [Compat Inspector User Guide](https://testdrive-archive.azurewebsites.net/html5/compatinspector/help/post.htm). In addition, you can use the new [F12 Developer Tools](/previous-versions/windows/internet-explorer/ie-developer/dev-guides/bg182632(v=vs.85)) that are included with IE11, or the [modern.ie](https://go.microsoft.com/fwlink/p/?linkid=308902) website for Microsoft Edge.
           
       - question: |
           Why am I having problems launching my legacy apps with Internet Explorer 11?
@@ -250,4 +247,4 @@ additionalContent: |
 
   - [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
   - [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-  - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
\ No newline at end of file
+  - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
diff --git a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml
index 217b48f990..178595abf4 100644
--- a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml
+++ b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.yml
@@ -13,7 +13,7 @@ metadata:
   title: Internet Explorer 11 Blocker Toolkit - Frequently Asked Questions
   ms.sitesec: library
   ms.date: 05/10/2018
-    
+  ms.topic: faq
 title: Internet Explorer 11 Blocker Toolkit - Frequently Asked Questions
 summary: |
   [!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
diff --git a/browsers/internet-explorer/ie11-faq/faq-ieak11.yml b/browsers/internet-explorer/ie11-faq/faq-ieak11.yml
index e2400b19af..20e3889f45 100644
--- a/browsers/internet-explorer/ie11-faq/faq-ieak11.yml
+++ b/browsers/internet-explorer/ie11-faq/faq-ieak11.yml
@@ -15,7 +15,7 @@ metadata:
   title: IEAK 11 - Frequently Asked Questions
   ms.sitesec: library
   ms.date: 05/10/2018
-    
+  ms.topic: faq
 title: IEAK 11 - Frequently Asked Questions
 summary: |
   [!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
@@ -137,4 +137,4 @@ additionalContent: |
   -[Download IEAK 11](../ie11-ieak/ieak-information-and-downloads.md)
   -[IEAK 11 overview](../ie11-ieak/index.md)
   -[IEAK 11 product documentation](../ie11-ieak/index.md)
-  -[IEAK 11 licensing guidelines](../ie11-ieak/licensing-version-and-features-ieak11.md)
\ No newline at end of file
+  -[IEAK 11 licensing guidelines](../ie11-ieak/licensing-version-and-features-ieak11.md)
diff --git a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
index 9ed59cf64e..634e13f2fb 100644
--- a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
+++ b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
@@ -19,7 +19,7 @@ ms.date: 07/27/2017
 
 [!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
 
-Internet Explorer lets websites advertise any search provider that uses the open search standard described at the A9 website ( [OpenSearch 1.1 Draft 5](https://go.microsoft.com/fwlink/p/?LinkId=208582)). When IE detects new search providers, the **Search** box becomes active and adds the new providers to the drop-down list of providers.
+Internet Explorer lets websites advertise any search provider that uses the open search standard described at the A9 website ([OpenSearch 1.1 Draft 5](https://opensearch.org/docs/latest/opensearch/index/)). When IE detects new search providers, the **Search** box becomes active and adds the new providers to the drop-down list of providers.
 
 Using the **Administrative Templates** section of Group Policy, you can prevent the search box from appearing, you can add a list of acceptable search providers, or you can restrict your employee’s ability to add or remove search providers.
 
diff --git a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md b/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
index 69b71a1820..8a02248b90 100644
--- a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
+++ b/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
@@ -40,16 +40,57 @@ The Internet Explorer Administration Kit (IEAK) simplifies the creation, deploym
 
 To download, choose to **Open** the download or **Save** it to your hard drive first.
 
+:::row:::
+   :::column span="":::
+      [English](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi)
 
-|  |  |  |
-|---------|---------|---------|
-|[English](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi)     |[French](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi)         |[Norwegian (Bokmål)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi)         |
-|[Arabic](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ar-sa/ieak.msi)    |[German](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/de-de/ieak.msi)          |[Polish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pl-pl/ieak.msi)         |
-|[Chinese (Simplified)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-cn/ieak.msi)     |[Greek](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/el-gr/ieak.msi)         |[Portuguese (Brazil)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-br/ieak.msi)         |
-|[Chinese (Traditional)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-tw/ieak.msi)     |[Hebrew](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/he-il/ieak.msi)         |[Portuguese (Portugal)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-pt/ieak.msi)         |
-|[Czech](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/cs-cz/ieak.msi)    |[Hungarian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/hu-hu/ieak.msi)         |[Russian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ru-ru/ieak.msi)         |
-|[Danish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/da-dk/ieak.msi)     |[Italian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/it-it/ieak.msi)         |[Spanish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/es-es/ieak.msi)         |
-|[Dutch](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nl-nl/ieak.msi)     |[Japanese](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ja-jp/ieak.msi)         |[Swedish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/sv-se/ieak.msi)         |
-|[Finnish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fi-fi/ieak.msi)     |[Korean](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ko-kr/ieak.msi)         |[Turkish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/tr-tr/ieak.msi)         |
+      [Arabic](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ar-sa/ieak.msi)
 
+      [Chinese (Simplified)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-cn/ieak.msi)
+
+      [Chinese (Traditional)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-tw/ieak.msi)
+
+      [Czech](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/cs-cz/ieak.msi)
+ 
+     [Danish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/da-dk/ieak.msi)
+
+      [Dutch](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nl-nl/ieak.msi)
+ 
+     [Finnish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fi-fi/ieak.msi)
+:::column-end:::
+   :::column span="":::
+      [French](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi)
+ 
+     [German](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/de-de/ieak.msi)
+
+      [Greek](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/el-gr/ieak.msi)
+
+      [Hebrew](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/he-il/ieak.msi)
+
+      [Hungarian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/hu-hu/ieak.msi)
+
+      [Italian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/it-it/ieak.msi)
+
+      [Japanese](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ja-jp/ieak.msi)
+
+      [Korean](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ko-kr/ieak.msi)
+:::column-end:::
+   :::column span="":::
+      [Norwegian (Bokmål)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi)
+
+      [Polish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pl-pl/ieak.msi)
+
+      [Portuguese (Brazil)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-br/ieak.msi)
+
+      [Portuguese (Portugal)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-pt/ieak.msi)
+
+      [Russian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ru-ru/ieak.msi)
+
+      [Spanish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/es-es/ieak.msi)
+
+      [Swedish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/sv-se/ieak.msi)
+
+      [Turkish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/tr-tr/ieak.msi)
+:::column-end:::
+:::row-end:::
 
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
index 57128dfefe..391784b8a4 100644
--- a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
+++ b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
@@ -39,8 +39,6 @@ These command-line options work with IExpress:
              
 |`/r:a` |Always restarts the computer after installation. |
 |`/r:s` |Restarts the computer after installation without prompting the employee. |
 
-For more information, see [Command-line switches for IExpress software update packages](https://go.microsoft.com/fwlink/p/?LinkId=317973).
-
 ## Related topics
 - [IExpress Wizard for Windows Server 2008 R2 with SP1](iexpress-wizard-for-win-server.md)
 - [Internet Explorer Setup command-line options and return codes](ie-setup-command-line-options-and-return-codes.md)
diff --git a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
index fd6904f4a8..9eba34b5e1 100644
--- a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
@@ -33,32 +33,32 @@ During installation, you must pick a version of IEAK 11, either **External** or
 
 |                  Feature                  |                                     Internal                                     |                                       External                                       |
 |-------------------------------------------|:--------------------------------------------------------------------------------:|:------------------------------------------------------------------------------------:|
-|              Welcome screen               | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|              File locations               | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|            Platform selection             | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|            Language selection             | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|          Package type selection           | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|             Feature selection             | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|  Automatic Version Synchronization (AVS)  | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|             Custom components             | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|             Internal install              | ![Available](/microsoft-edge/deploy/images/148767.png) | ![Not available](/microsoft-edge/deploy/images/148766.png) |
-|              User experience              | ![Available](/microsoft-edge/deploy/images/148767.png) | ![Not available](/microsoft-edge/deploy/images/148766.png) |
-|          Browser user interface           | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|             Search providers              | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|  Important URLs – Home page and support   | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|               Accelerators                | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|    Favorites, Favorites bar, and feeds    | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|             Browsing options              | ![Available](/microsoft-edge/deploy/images/148767.png) | ![Not available](/microsoft-edge/deploy/images/148766.png) |
-| First Run wizard and Welcome page options | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|            Connection manager             | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|            Connection settings            | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|          Automatic configuration          | ![Available](/microsoft-edge/deploy/images/148767.png) | ![Not available](/microsoft-edge/deploy/images/148766.png) |
-|              Proxy settings               | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|       Security and privacy settings       | ![Available](/microsoft-edge/deploy/images/148767.png) | ![Not available](/microsoft-edge/deploy/images/148766.png) |
-|          Add a root certificate           | ![Available](/microsoft-edge/deploy/images/148767.png) | ![Not available](/microsoft-edge/deploy/images/148766.png) |
-|                 Programs                  | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
-|            Additional settings            | ![Available](/microsoft-edge/deploy/images/148767.png) | ![Not available](/microsoft-edge/deploy/images/148766.png) |
-|              Wizard complete              | ![Available](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|              Welcome screen               | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|              File locations               | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|            Platform selection             | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|            Language selection             | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|          Package type selection           | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|             Feature selection             | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|  Automatic Version Synchronization (AVS)  | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|             Custom components             | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|             Internal install              | ![Available.](/microsoft-edge/deploy/images/148767.png) | ![Not available](/microsoft-edge/deploy/images/148766.png) |
+|              User experience              | ![Available.](/microsoft-edge/deploy/images/148767.png) | ![Not available](/microsoft-edge/deploy/images/148766.png) |
+|          Browser user interface           | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|             Search providers              | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|  Important URLs – Home page and support   | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|               Accelerators                | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|    Favorites, Favorites bar, and feeds    | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|             Browsing options              | ![Available.](/microsoft-edge/deploy/images/148767.png) | ![Not available](/microsoft-edge/deploy/images/148766.png) |
+| First Run wizard and Welcome page options | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|            Connection manager             | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|            Connection settings            | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|          Automatic configuration          | ![Available.](/microsoft-edge/deploy/images/148767.png) | ![Not available](/microsoft-edge/deploy/images/148766.png) |
+|              Proxy settings               | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|       Security and privacy settings       | ![Available.](/microsoft-edge/deploy/images/148767.png) | ![Not available](/microsoft-edge/deploy/images/148766.png) |
+|          Add a root certificate           | ![Available.](/microsoft-edge/deploy/images/148767.png) | ![Not available](/microsoft-edge/deploy/images/148766.png) |
+|                 Programs                  | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
+|            Additional settings            | ![Available.](/microsoft-edge/deploy/images/148767.png) | ![Not available](/microsoft-edge/deploy/images/148766.png) |
+|              Wizard complete              | ![Available.](/microsoft-edge/deploy/images/148767.png) |   ![Available](/microsoft-edge/deploy/images/148767.png)   |
 
 ---
 
@@ -104,7 +104,7 @@ Support for some of the Internet Explorer settings on the wizard pages varies de
 Two installation modes are available to you, depending on how you are planning to use the customized browser created with the software. Each mode requires a separate installation of the software.
 
 -   **External Distribution**
-    You shall use commercially reasonable efforts to maintain the quality of (i) any non-Microsoft software distributed with Internet Explorer 11, and (ii) any media used for distribution (for example, optical media, flash drives), at a level that meets or exceeds the highest industry standards. If you distribute add-ons with Internet Explorer 11, those add-ons must comply with the [Microsoft browser extension policy](/legal/windows/agreements/microsoft-browser-extension-policy).
+    You shall use commercially reasonable efforts to maintain the quality of (i) any non-Microsoft software distributed with Internet Explorer 11, and (ii) any media used for distribution (for example, optical media, flash drives), at a level that meets or exceeds the highest industry standards. If you distribute add-ons with Internet Explorer 11, those add-ons must comply with the [Microsoft browser extension policy](/legal/microsoft-edge/microsoft-browser-extension-policy).
 
 -   **Internal Distribution - corporate intranet**
     The software is solely for use by your employees within your company's organization and affiliated companies through your corporate intranet. Neither you nor any of your employees may permit redistribution of the software to or for use by third parties other than for third parties such as consultants, contractors, and temporary staff accessing your corporate intranet.
\ No newline at end of file
diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml
index 6aa0242523..27e231694f 100644
--- a/browsers/internet-explorer/internet-explorer.yml
+++ b/browsers/internet-explorer/internet-explorer.yml
@@ -31,7 +31,7 @@ landingContent:
           - text: Use Enterprise Mode to improve compatibility
             url: /microsoft-edge/deploy/emie-to-improve-compatibility
           - text: Lifecycle FAQ - Internet Explorer
-            url: https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer
+            url: /lifecycle/faq/internet-explorer-microsoft-edge
       - linkListType: download
         links:
           - text: Download IE11 with Windows 10
@@ -46,8 +46,6 @@ landingContent:
             url: https://mva.microsoft.com/training-courses/getting-started-with-windows-10-for-it-professionals-10629?l=fCowqpy8_5905094681
           - text: 'Windows 10: Top Features for IT Pros'
             url: https://mva.microsoft.com/training-courses/windows-10-top-features-for-it-pros-16319?l=xBnT2ihhC_7306218965
-          - text: Manage and modernize Internet Explorer with Enterprise Mode
-            url: https://channel9.msdn.com/events/teched/newzealand/2014/pcit307
           - text: 'Virtual Lab: Enterprise Mode'
             url: https://www.microsoft.com/handsonlabs/SelfPacedLabs/?storyGuid=e4155067-2c7e-4b46-8496-eca38bedca02
 
@@ -123,7 +121,7 @@ landingContent:
           - text: Group Policy preferences for IE11
             url: ./ie11-deploy-guide/group-policy-preferences-and-ie11.md
           - text: Configure Group Policy preferences
-            url: https://support.microsoft.com/help/2898604/how-to-configure-group-policy-preference-settings-for-internet-explorer-11-in-windows-8.1-or-windows-server-2012-r2
+            url: /troubleshoot/browsers/how-to-configure-group-policy-preference-settings
           - text: Blocked out-of-date ActiveX controls
             url: ./ie11-deploy-guide/blocked-out-of-date-activex-controls.md
           - text: Out-of-date ActiveX control blocking
diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
index 50862d688d..ea499a1774 100644
--- a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
+++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
@@ -9,11 +9,10 @@ metadata:
   ms.reviewer: ramakoni, DEV_Triage
   ms.prod: internet-explorer
   ms.technology:
-  ms.topic: kb-support
+  ms.topic: faq
   ms.custom: CI=111020
   ms.localizationpriority: medium
   ms.date: 01/23/2020
-    
 title: Internet Explorer and Microsoft Edge frequently asked questions (FAQ) for IT Pros
 summary: |
 
@@ -148,7 +147,7 @@ sections:
       - question: |
           Where to find Internet Explorer security zones registry entries
         answer: |
-          Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](https://support.microsoft.com/help/182569/internet-explorer-security-zones-registry-entries-for-advanced-users).
+          Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](/troubleshoot/browsers/ie-security-zones-registry-entries).
           
           This article was written for Internet Explorer 6 but is still applicable to Internet Explorer 11.
           
@@ -193,7 +192,7 @@ sections:
         answer: |
           Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it is installed.
           
-          For more information, see [Lifecycle FAQ — Internet Explorer and Edge](https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer).
+          For more information, see [Lifecycle FAQ — Internet Explorer and Edge](/lifecycle/faq/internet-explorer-microsoft-edge).
           
       - question: |
           How to configure TLS (SSL) for Internet Explorer
diff --git a/devices/hololens/docfx.json b/devices/hololens/docfx.json
index 9b7317309d..2908606c60 100644
--- a/devices/hololens/docfx.json
+++ b/devices/hololens/docfx.json
@@ -30,11 +30,12 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
+      "recommendations": true,
       "breadcrumb_path": "/hololens/breadcrumb/toc.json",
       "ms.technology": "windows",
       "ms.topic": "article",
       "audience": "ITPro",
-      "manager": "laurawi",
+      "manager": "dansimp",
       "ms.date": "04/05/2017",
       "feedback_system": "GitHub",
       "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json
index 8eba3c49b1..1e0f65ecc7 100644
--- a/devices/surface-hub/docfx.json
+++ b/devices/surface-hub/docfx.json
@@ -24,12 +24,13 @@
       }
     ],
     "globalMetadata": {
+      "recommendations": true,
       "breadcrumb_path": "/surface-hub/breadcrumb/toc.json",
       "ROBOTS": "INDEX, FOLLOW",
       "ms.technology": "windows",
       "audience": "ITPro",
       "ms.topic": "article",
-      "manager": "laurawi",
+      "manager": "dansimp",
       "ms.mktglfcycl": "manage",
       "ms.sitesec": "library",
       "ms.date": "05/23/2017",
diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json
index 42faacbcac..da410e3263 100644
--- a/devices/surface/docfx.json
+++ b/devices/surface/docfx.json
@@ -22,12 +22,13 @@
       }
     ],
     "globalMetadata": {
+      "recommendations": true,
       "breadcrumb_path": "/surface/breadcrumb/toc.json",
       "ROBOTS": "INDEX, FOLLOW",
       "ms.technology": "windows",
       "audience": "ITPro",
       "ms.topic": "article",
-      "manager": "laurawi",
+      "manager": "dansimp",
       "ms.date": "05/09/2017",
       "feedback_system": "GitHub",
       "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
diff --git a/education/developers.yml b/education/developers.yml
deleted file mode 100644
index 5b67147739..0000000000
--- a/education/developers.yml
+++ /dev/null
@@ -1,33 +0,0 @@
-### YamlMime:Hub
-
-title: Microsoft 365 Education Documentation for developers
-summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here.
-
-metadata:
-  title: Microsoft 365 Education Documentation for developers
-  description: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here.
-  ms.service: help
-  ms.topic: hub-page
-  author: LaurenMoynihan
-  ms.author: v-lamoyn
-  ms.date: 10/24/2019
-
-additionalContent:
-  sections:
-    - items:
-        # Card
-        - title: UWP apps for education
-          summary: Learn how to write universal apps for education.
-          url: /windows/uwp/apps-for-education/
-        # Card
-        - title: Take a test API
-          summary: Learn how web applications can use the API to provide a locked down experience for taking tests.
-          url: /windows/uwp/apps-for-education/take-a-test-api
-        # Card
-        - title: Office Education Dev center
-          summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app
-          url: https://developer.microsoft.com/office/edu
-        # Card
-        - title: Data Streamer
-          summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.
-          url: /microsoft-365/education/data-streamer
\ No newline at end of file
diff --git a/education/docfx.json b/education/docfx.json
index 8ba1394c6d..04a27cb629 100644
--- a/education/docfx.json
+++ b/education/docfx.json
@@ -26,11 +26,12 @@
       }
     ],
     "globalMetadata": {
+      "recommendations": true,
       "ROBOTS": "INDEX, FOLLOW",
       "audience": "windows-education",
       "ms.topic": "article",
       "ms.technology": "windows",
-      "manager": "laurawi",
+      "manager": "dansimp",
       "audience": "ITPro",
       "breadcrumb_path": "/education/breadcrumb/toc.json",
       "ms.date": "05/09/2017",
diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md
index 1f83558533..8100e0959b 100644
--- a/education/includes/education-content-updates.md
+++ b/education/includes/education-content-updates.md
@@ -2,8 +2,18 @@
 

 
 
-## Week of April 26, 2021
+## Week of April 25, 2022
 
 
 | Published On |Topic title | Change |
 |------|------------|--------|
+| 4/25/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
+| 4/25/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
+
+
+## Week of April 18, 2022
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 4/21/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
diff --git a/education/index.yml b/education/index.yml
index 80796a921a..26aa73e3a7 100644
--- a/education/index.yml
+++ b/education/index.yml
@@ -2,6 +2,8 @@
 
 title: Microsoft 365 Education Documentation
 summary: Microsoft 365 Education empowers educators to unlock creativity, promote teamwork, and provide a simple and safe experience in a single, affordable solution built for education.
+# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-apps | power-automate | power-bi | power-platform | power-virtual-agents | sql | sql-server | vs | visual-studio | windows | xamarin
+brand: m365
 
 metadata:
   title: Microsoft 365 Education Documentation
@@ -13,23 +15,112 @@ metadata:
   ms.date: 10/24/2019
 
 productDirectory:
+  title: For IT admins
+  summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments.
   items:
     # Card    
-    - title: IT Admins
-      # imageSrc should be square in ratio with no whitespace
-      imageSrc: ./images/EDUAdmins.svg
-      links:
-        - url: itadmins.yml
-          text: Get started with deploying and managing a full cloud IT solution for your school.
+    - title: Phase 1 - Cloud deployment
+      imageSrc: ./images/EDU-Deploy.svg
+      summary: Create your Microsoft 365 tenant, secure and configure your environment, sync your active directry and SIS, and license users.
+      url: /microsoft-365/education/deploy/create-your-office-365-tenant
     # Card
-    - title: Developers
-      imageSrc: ./images/EDUDevelopers.svg
-      links:
-        - url: developers.yml
-          text: Looking for information about developing solutions on Microsoft Education products? Start here. 
+    - title: Phase 2 - Device management
+      imageSrc: ./images/EDU-Device-Mgmt.svg
+      summary: Get started with Windows for Education, set up and enroll devices in Intune.
+      url: /microsoft-365/education/deploy/set-up-windows-10-education-devices
     # Card    
-    - title: Partners
-      imageSrc: ./images/EDUPartners.svg
+    - title: Phase 3 - Apps management
+      imageSrc: ./images/EDU-Apps-Mgmt.svg
+      summary: Configure admin settings, set up Teams for Education, install apps and install Minecraft.
+      url: /microsoft-365/education/deploy/configure-admin-settings
+    # Card    
+    - title: Phase 4 - Complete your deployment
+      # imageSrc should be square in ratio with no whitespace
+      imageSrc: ./images/EDU-Tasks.svg
+      summary: Configure settings for Exchange and SharePoint.
+      url: /microsoft-365/education/deploy/deploy-exchange-online
+    # Card
+    - title: Security & compliance
+      imageSrc: ./images/EDU-Lockbox.svg
       links:
-        - url: partners.yml
-          text: Looking for resources available to Microsoft Education partners? Start here.
\ No newline at end of file
+        - url: /azure/active-directory/fundamentals/active-directory-deployment-checklist-p2
+          text: AAD feature deployment guide
+        - url: https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-Deployment-Acceleration-Guide/ba-p/334423
+          text: Azure information protection deployment acceleration guide
+        - url: /cloud-app-security/getting-started-with-cloud-app-security
+          text: Microsoft Defender for Cloud Apps
+        - url: /microsoft-365/compliance/create-test-tune-dlp-policy
+          text: Data loss prevention
+        - url: /microsoft-365/compliance/
+          text: Microsoft 365 Compliance
+        - url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx
+          text: Deploying Lockbox
+    # Card    
+    - title: Analytics & insights
+      imageSrc: ./images/EDU-Education.svg
+      links:
+        - url: /power-bi/service-admin-administering-power-bi-in-your-organization
+          text: Power BI for IT admins
+        - url: /dynamics365/#pivot=get-started
+          text: Dynamics 365
+    # Card    
+    - title: Find deployment help and other support resources
+      imageSrc: ./images/EDU-Teachers.svg
+      links:
+        - url: /microsoft-365/education/deploy/find-deployment-help
+          text: IT admin help
+        - url: https://social.technet.microsoft.com/forums/en-us/home
+          text: TechNet
+        - url: https://support.office.com/en-us/education
+          text: Education help center
+        - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921
+          text: Teacher training packs
+    # Card    
+    - title: Check out our education journey
+      imageSrc: ./images/EDU-ITJourney.svg
+      links:
+        - url: https://edujourney.microsoft.com/k-12/
+          text: K-12
+        - url: https://edujourney.microsoft.com/hed/
+          text: Higher education
+
+additionalContent:
+  sections:
+    - title: For developers # < 60 chars (optional)
+      summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here. # < 160 chars (optional)
+    - items:
+        # Card
+        - title: UWP apps for education
+          summary: Learn how to write universal apps for education.
+          url: /windows/uwp/apps-for-education/
+        # Card
+        - title: Take a test API
+          summary: Learn how web applications can use the API to provide a locked down experience for taking tests.
+          url: /windows/uwp/apps-for-education/take-a-test-api
+        # Card
+        - title: Office Education Dev center
+          summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app
+          url: https://developer.microsoft.com/office/edu
+        # Card
+        - title: Data Streamer
+          summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.
+          url: /microsoft-365/education/data-streamer
+    - title: For partners # < 60 chars (optional)
+      summary: Looking for resources available to Microsoft Education partners? Start here. # < 160 chars (optional)
+    - items:
+        # Card
+        - title: Microsoft Partner Network
+          summary: Discover the latest news and resources for Microsoft Education products, solutions, licensing and readiness.
+          url: https://partner.microsoft.com/solutions/education
+        # Card
+        - title: Authorized Education Partner (AEP) program
+          summary: Become authorized to purchase and resell academic priced offers and products to Qualified Educational Users (QEUs).
+          url: https://www.mepn.com/
+        # Card
+        - title: Authorized Education Partner Directory
+          summary: Search through the list of Authorized Education Partners worldwide who can deliver on customer licensing requirements, and provide solutions and services to current and future school needs.
+          url: https://www.mepn.com/MEPN/AEPSearch.aspx
+        # Card
+        - title: Education Partner community Yammer group
+          summary: Sign in with your Microsoft Partner account and join the Education Partner community private group on Yammer.
+          url: https://www.yammer.com/mepn/
\ No newline at end of file
diff --git a/education/itadmins.yml b/education/itadmins.yml
deleted file mode 100644
index 849c8bb478..0000000000
--- a/education/itadmins.yml
+++ /dev/null
@@ -1,120 +0,0 @@
-### YamlMime:Hub
-
-title: Microsoft 365 Education Documentation for IT admins
-summary: Microsoft 365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync.
-
-metadata:
-  title: Microsoft 365 Education Documentation for IT admins
-  description: M365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync.
-  ms.service: help
-  ms.topic: hub-page
-  author: LaurenMoynihan
-  ms.author: v-lamoyn
-  ms.date: 10/24/2019
-
-productDirectory:
-  summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments.
-  items:
-    # Card    
-    - title: Phase 1 - Cloud deployment
-      imageSrc: ./images/EDU-Deploy.svg
-      links:
-        - url: /microsoft-365/education/deploy/create-your-office-365-tenant
-          text: 1. Create your Office 365 tenant
-        - url: /microsoft-365/education/deploy/secure-and-configure-your-network
-          text: 2. Secure and configure your network
-        - url: /microsoft-365/education/deploy/aad-connect-and-adfs
-          text: 3. Sync your active directory
-        - url: /microsoft-365/education/deploy/school-data-sync
-          text: 4. Sync you SIS using School Data Sync
-        - url: /microsoft-365/education/deploy/license-users
-          text: 5. License users
-    # Card
-    - title: Phase 2 - Device management
-      imageSrc: ./images/EDU-Device-Mgmt.svg
-      links:
-        - url: ./windows/index.md
-          text: 1. Get started with Windows 10 for Education
-        - url: /microsoft-365/education/deploy/set-up-windows-10-education-devices
-          text: 2. Set up Windows 10 devices
-        - url: /microsoft-365/education/deploy/intune-for-education
-          text: 3. Get started with Intune for Education
-        - url: /microsoft-365/education/deploy/use-intune-for-education
-          text: 4. Use Intune to manage groups, apps, and settings
-        - url: /intune/enrollment/enrollment-autopilot
-          text: 5. Enroll devices using Windows Autopilot
-    # Card    
-    - title: Phase 3 - Apps management
-      imageSrc: ./images/EDU-Apps-Mgmt.svg
-      links:
-        - url: /microsoft-365/education/deploy/configure-admin-settings
-          text: 1. Configure admin settings
-        - url: /microsoft-365/education/deploy/set-up-teams-for-education
-          text: 2. Set up Teams for Education
-        - url: /microsoft-365/education/deploy/deploy-office-365
-          text: 3. Set up Office 365
-        - url: /microsoft-365/education/deploy/microsoft-store-for-education
-          text: 4. Install apps from Microsoft Store for Education
-        - url: /microsoft-365/education/deploy/minecraft-for-education
-          text: 5. Install Minecraft - Education Edition
-    # Card    
-    - title: Complete your deployment
-      # imageSrc should be square in ratio with no whitespace
-      imageSrc: ./images/EDU-Tasks.svg
-      links:
-        - url: /microsoft-365/education/deploy/deploy-exchange-online
-          text: Deploy Exchange Online
-        - url: /microsoft-365/education/deploy/deploy-sharepoint-online-and-onedrive
-          text: Deploy SharePoint Online and OneDrive
-        - url: /microsoft-365/education/deploy/deploy-exchange-server-hybrid
-          text: Deploy Exchange Server hybrid
-        - url: /microsoft-365/education/deploy/deploy-sharepoint-server-hybrid
-          text: Deploy SharePoint Server Hybrid
-    # Card
-    - title: Security & compliance
-      imageSrc: ./images/EDU-Lockbox.svg
-      links:
-        - url: /azure/active-directory/fundamentals/active-directory-deployment-checklist-p2
-          text: AAD feature deployment guide
-        - url: https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-Deployment-Acceleration-Guide/ba-p/334423
-          text: Azure information protection deployment acceleration guide
-        - url: /cloud-app-security/getting-started-with-cloud-app-security
-          text: Microsoft Cloud app security
-        - url: /microsoft-365/compliance/create-test-tune-dlp-policy
-          text: Office 365 data loss prevention
-        - url: /microsoft-365/compliance/
-          text: Office 365 advanced compliance
-        - url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx
-          text: Deploying Lockbox
-    # Card    
-    - title: Analytics & insights
-      imageSrc: ./images/EDU-Education.svg
-      links:
-        - url: /power-bi/service-admin-administering-power-bi-in-your-organization
-          text: Power BI for IT admins
-        - url: /dynamics365/#pivot=get-started
-          text: Dynamics 365
-    # Card    
-    - title: Find deployment help
-      imageSrc: ./images/EDU-FindHelp.svg
-      links:
-        - url: /microsoft-365/education/deploy/find-deployment-help
-          text: IT admin help
-        - url: https://social.technet.microsoft.com/forums/en-us/home
-          text: TechNet
-    # Card    
-    - title: Check out our education journey
-      imageSrc: ./images/EDU-ITJourney.svg
-      links:
-        - url: https://edujourney.microsoft.com/k-12/
-          text: K-12
-        - url: https://edujourney.microsoft.com/hed/
-          text: Higher education
-    # Card    
-    - title: Additional support resources
-      imageSrc: ./images/EDU-Teachers.svg
-      links:
-        - url: https://support.office.com/en-us/education
-          text: Education help center
-        - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921
-          text: Teacher training packs
\ No newline at end of file
diff --git a/education/partners.yml b/education/partners.yml
deleted file mode 100644
index 42925925f4..0000000000
--- a/education/partners.yml
+++ /dev/null
@@ -1,33 +0,0 @@
-### YamlMime:Hub
-
-title: Microsoft 365 Education Documentation for partners
-summary: Looking for resources available to Microsoft Education partners? Start here.
-
-metadata:
-  title: Microsoft 365 Education Documentation for partners
-  description: Looking for resources available to Microsoft Education partners? Start here.
-  ms.service: help
-  ms.topic: hub-page
-  author: LaurenMoynihan
-  ms.author: v-lamoyn
-  ms.date: 10/24/2019
-
-additionalContent:
-  sections:
-    - items:
-        # Card
-        - title: Microsoft Partner Network
-          summary: Discover the latest news and resources for Microsoft Education products, solutions, licensing and readiness.
-          url: https://partner.microsoft.com/solutions/education
-        # Card
-        - title: Authorized Education Partner (AEP) program
-          summary: Become authorized to purchase and resell academic priced offers and products to Qualified Educational Users (QEUs).
-          url: https://www.mepn.com/
-        # Card
-        - title: Authorized Education Partner Directory
-          summary: Search through the list of Authorized Education Partners worldwide who can deliver on customer licensing requirements, and provide solutions and services to current and future school needs.
-          url: https://www.mepn.com/MEPN/AEPSearch.aspx
-        # Card
-        - title: Education Partner community Yammer group
-          summary: Sign in with your Microsoft Partner account and join the Education Partner community private group on Yammer.
-          url: https://www.yammer.com/mepn/
\ No newline at end of file
diff --git a/education/trial-in-a-box/TOC.yml b/education/trial-in-a-box/TOC.yml
deleted file mode 100644
index 6050d91b67..0000000000
--- a/education/trial-in-a-box/TOC.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-- name: Microsoft Education Trial in a Box
-  href: index.md
-  items: 
-    - name: Educator Trial in a Box Guide
-      href: educator-tib-get-started.md
-    - name: IT Admin Trial in a Box Guide
-      href: itadmin-tib-get-started.md
-    - name: Microsoft Education Trial in a Box Support
-      href: support-options.md
diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md
deleted file mode 100644
index aff8c085b5..0000000000
--- a/education/trial-in-a-box/educator-tib-get-started.md
+++ /dev/null
@@ -1,350 +0,0 @@
----
-title: Educator Trial in a Box Guide
-description: Need help or have a question about using Microsoft Education? Start here.
-keywords: support, troubleshooting, education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, Microsoft Store for Education, Set up School PCs
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.topic: article
-ms.localizationpriority: medium
-ms.pagetype: edu
-ROBOTS: noindex,nofollow
-author: dansimp
-ms.author: dansimp
-ms.date: 03/18/2018
-ms.reviewer: 
-manager: dansimp
----
-
-# Educator Trial in a Box Guide
-
-![Welcome, Educators!](images/Welocme-Educators.png)
-
-This guide shows you how to quickly and easily try a few transformational tools from Microsoft Education in 5 quick steps.
-
-|  |  |
-| :---: |:--- |
-| [![Connect the device to Wi-Fi](images/edu-TIB-setp-1-v3.png)](#edu-task1) | [Log in](#edu-task1) to **Device A** with your Teacher credentials and connect to the school network. |
-| [![Try Learning Tools Immersive Reader](images/edu-TIB-setp-2-v3.png)](#edu-task2) | **Interested in significantly improving your students' reading speed and comprehension?[1](#footnote1)** 
              Try the [Learning Tools Immersive Reader](#edu-task2) to see how kids can learn to read faster, using text read aloud, and highlighting words for syntax. |
-| [![Launch Microsoft Teams](images/edu-TIB-setp-3-v3.png)](#edu-task3) | **Looking to foster collaboration, communication, and critical thinking in the classroom?** 
              Launch [Microsoft Teams](#edu-task3) and learn how to set up digital classroom discussions, respond to student questions, and organize class content. |
-| [![Open OneNote](images/edu-TIB-setp-4-v3.png)](#edu-task4) | **Trying to expand classroom creativity and interaction between students?** 
              Open [OneNote](#edu-task4) and create an example group project for your class. |
-| [![Try Photos app](images/edu-tib-setp-5-v4.png)](#edu-task5) | **Curious about telling stories through video?** 
              Try the [Photos app](#edu-task5) to make your own example video. |
-| [![Play with Minecraft: Education Edition](images/edu-tib-setp-6-v4.png)](#edu-task6) | **Want to teach kids to further collaborate and problem solve?** 
              Play with [Minecraft: Education Edition](#edu-task6) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. |
-| [![Do Math with Windows Ink](images/edu-tib-setp-7-v1.png)](#edu-task7) | **Want to provide a personal math tutor for your students?** 
              Use [Windows Ink and the Math Assistant feature](#edu-task7) in OneNote to give students step-by-step instructions and interactive 2D graphs for math problems. |
-|  |  |
-
-
              
-
-> [!VIDEO https://www.youtube.com/embed/3nqooY9Iqq4]
-
-
              
-
              
-
-
-![Log in to Device A and connect to the school network](images/edu-TIB-setp-1-jump.png)
-## 1. Log in and connect to the school network
-To try out the educator tasks, start by logging in as a teacher.
-
-1. Turn on **Device A** and ensure you plug in the PC to an electrical outlet.
-2. Connect **Device A** to your school's Wi-Fi network or connect with a local Ethernet connection using the Ethernet adapter included in this kit.
-   >**Note**: If your Wi-Fi network requires a web browser login page to connect to the Internet, connect using the Ethernet port. If your Wi-Fi network has additional restrictions that will prevent the device from connecting to the internet without registration, consider connecting **Device A** to a different network.
-
-3. Log in to **Device A** using the **Teacher Username** and **Teacher Password** included in the **Credentials Sheet** located in your kit.
-
-
-
              
-
              
-
-![Improve student reading speed and comprehension](images/edu-TIB-setp-2-jump.png)
-## 2. Significantly improve student reading speed and comprehension
-
-> [!VIDEO https://www.youtube.com/embed/GCzSAslq_2Y]
-
-
              
-
-
-Learning Tools and the Immersive Reader can be used in the Microsoft Edge browser, Microsoft Word, and Microsoft OneNote to:
-* Increase fluency for English language learners
-* Build confidence for emerging readers
-* Provide text decoding solutions for students with learning differences such as dyslexia
-
-**Try this!**
-
-1. On the **Start** menu, click the Word document titled **Design Think**.
-
-2. Click **Edit Document** and select **Edit in Browser**.
-
-3. Select the **View** menu.
-
-4. Select the **Immersive Reader** button.
-
-   ![Word's Immersive Reader](images/word_online_immersive_reader.png)
-
-5. Press the **Play** button to hear text read aloud.
-
-6. Select these various settings to see different ways to configure Immersive Reader for your students.
-
-   | Text to Speech | Text Preferences | Grammar Options | Line Focus |
-   | :------------: | :--------------: | :-------------: | :--------: |
-   | ![Word Text to Speech](images/wordonline_tts.png) | ![Word Text Preferences](images/wordonline_text_preferences.png) | ![Word Grammar Options](images/wordonline_grammar_options.png) | ![Word Line Focus](images/wordonline_line_focus.png) |
-
-
              
-
              
-
-
-
-![Spark communication, critical thinking, and creativity with Microsoft Teams](images/edu-TIB-setp-3-jump.png)
-## 3. Spark communication, critical thinking, and creativity in the classroom
-
-> [!VIDEO https://www.youtube.com/embed/riQr4Dqb8B8]
-
-
              
-
-
-Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. This guided tour walks you through the essential teaching features of the app. Then, through interactive prompts, experience how you can use this tool in your own classroom to spark digital classroom discussions, respond to student questions, organize content, and more!
-
-Take a guided tour of Microsoft Teams and test drive this digital hub.
-
-**Try this!**
-
-1. Take a guided tour of Microsoft Teams and test drive some teaching tasks. Open the Microsoft Edge browser and navigate to https://msteamsdemo.azurewebsites.net.
-
-2. Use your school credentials provided in the **Credentials Sheet**.
-
-
              
-
              
-
-![Expand classroom collaboration and interaction with OneNote](images/edu-TIB-setp-4-jump.png)
-## 4. Expand classroom collaboration and interaction between students
-
-> [!VIDEO https://www.youtube.com/embed/dzDSWMb_fIE]
-
-
              
-
-
-Microsoft OneNote organizes curriculum and lesson plans for teachers and students to work together and at their own pace. It provides a digital canvas to store text, images, handwritten drawings, attachments, links, voice, and video.
-
-**Try this!**
-See how a group project comes together with opportunities to interact with other students and collaborate with peers. This one works best with the digital pen, included with your Trial in a Box.
-When you're not using the pen, just use the magnet to stick it to the left side of the screen until you need it again.
-
-1. On the **Start** menu, click the OneNote shortcut named **Imagine Giza** to open the **Reimagine the Great Pyramid of Giza project**.
-
-2. Take the digital pen out of the box and make notes or draw.
-
-3. Follow the instructions for the project. Look for the **Try this!** callouts to experiment with these engaging activities.
-   - Discover the power of digital ink by selecting the Draw tab. Choose your pen and get scribbling.
-
-     ![OneNote Draw tab](images/onenote_draw.png)
-
-   - Type anywhere on the page! Just click your cursor where you want to place text.
-   - Use the checkmark in the **Home** tab to keep track of completed tasks.
-
-     ![OneNote To Do Tag](images/onenote_checkmark.png)
-
-   - To find information without leaving OneNote, use the Researcher tool found under the Insert tab.
-
-     ![OneNote Researcher](images/onenote_researcher.png)
-
-
              
-
              
-
-![Inspire your students to tell their stories through video!](images/edu-tib-setp-5-jump2.png)
-## 5. Engage with students by creating videos
-
-> [!VIDEO https://www.youtube.com/embed/Ko7XLM1VBRE]
-
-
              
-
-The Photos app now has a built-in video editor, making it easy for you and your students to create movies using photos, video clips, music, 3D models, and special effects.  Improve comprehension, unleash creativity, and capture your student’s imagination through video.
-
-**Try this!**
-Use video to create a project summary.
-
-1. Check you have the latest version of Microsoft Photos. Open the **Start** menu and search for **Store**. Select the **See more** button (**…**) and select **Downloads and updates**. Select **Get updates**.
-
-2. Open Microsoft Edge and visit https://aka.ms/PhotosTIB to download a zip file of the project media.
-
-3. Once the download has completed, open the zip file and select **Extract** > **Extract all**.  Select **Browse** and choose the **Pictures** folder as the destination, and then select **Extract**.
-
-4. In the **Start** menu, search for **Photos** or select the Photos tile to launch the app.
-
-5. Select the first video to preview it full screen. Select **Edit & Create**, then select **Create a video with text**.
-   1. If you don't see the **Edit & Create** menu, select the video and the menu will appear at the top of the screen.
-
-6. Name your project “Laser Maze Project.” Hit Enter to continue.
-
-7. Select **Add photos and videos** and then **From my collection**. Scroll to select the 6 additional videos and select **Add**.
-
-8. Drag the videos to the Storyboard, one by one. Your project should look roughly like this:
-
-   ![Photos app layout showing videos added in previous steps](images/photo_app_1.png)
-
-9. Select the first card in the Storyboard (the video of the project materials) and select **Text**, type a title in, a text style, a layout, and select **Done**.
-
-10. Select the third card in the Storyboard (the video of the children assembling the maze) and select **Trim**.  Drag the trim handle on the left to shorten the duration of the clip and select **Done**.
-
-11. Select the last card on the Storyboard and select **3D effects**.
-    1. Position the playback indicator to be roughly 1 second into the video clip, or when the boy moves down to examine the laser.
-    2. Find the **lightning bolt** effect and click or drag to add it to the scene.  Rotate, scale, and position the effect so it looks like the lightning is coming out of the laser beam and hitting the black back of the mirror.
-    3. Position the blue anchor over the end of the laser pointer in the video and toggle on **Attach to a point** for the lightning bolt effect to anchor the effect in the scene.
-    4. Play back your effect.
-    5. Select **Done** when you have it where you want it.
-
-    ![Lighting bolt effect being added to a video clip](images/photo_app_2.png)
-
-12. Select **Music** and select a track from the **Recommended** music collection.
-    1. The music will update automatically to match the length of your video project, even as you make changes.
-    2. If you don’t see more than a few music options, confirm that you’re connected to Wi-Fi and then close and re-open Microsoft Photos (returning to your project via the **Albums** tab). Additional music files should download in the background.
-
-13. You can adjust the volume for the background music using the **Music volume** button.
-
-14. Preview your video to see how it all came together.
-
-15. Select **Export or share** and select either the **Small** or **Medium** file size. You can share your video to social media, email, or another apps.
-
-Check out this use case video of the Photos team partnering with the Bureau Of Fearless Ideas in Seattle to bring the Photos app to local middle school students: https://www.youtube.com/watch?v=0dFFAu6XwPg
-
              
-
              
-
              
-
-![Further collaborate and problem solve with Minecraft: Education Edition](images/edu-TIB-setp-5-jump.png)
-## 6. Get kids to further collaborate and problem solve
-
-> [!VIDEO https://www.youtube.com/embed/QI_bRNUugog]
-
-
              
-
-Minecraft: Education Edition provides an immersive environment to develop creativity, collaboration, and problem-solving in an immersive environment where the only limit is your imagination.
-
-**Try this!**
-Today, we'll explore a Minecraft world through the eyes of a student.
-
-1. Connect the included mouse to your computer for optimal interaction.
-
-2. Open Microsoft Edge and visit https://aka.ms/lessonhub.
-
-3. Scroll down to the **Details** section and select **Download World**.
-
-   ![Select the download world link](images/mcee_downloadworld.png)
-
-4. When prompted, save the world.
-
-5. Enter your same teacher username and password and click **Accept**.
-
-6. Click **OK** on the **Minecraft: Education Edition Free Trial** box.
-
-7. Click **Play**.
-
-8. Click **Lesson Hub Vol 1** to enter the downloaded world.
-
-9. Explore the world by using the keys on your keyboard.
-   * **W** moves forward.
-   * **A** moves left.
-   * **S** moves right.
-   * **D** moves backward.
-
-10. Use your mouse as your "eyes". Just move it to look around.
-
-11. For a bird's eye view, double-tap the SPACE BAR. Now press the SPACE BAR to fly higher. And then hold the SHIFT key to safely land.
-
-    To try more advanced movements or building within Minecraft, use the Minecraft Controls Diagram.
-
-    ![Minecraft mouse and keyboard controls](images/mcee_keyboard_mouse_controls.png)
-
-12. Access and adapt over 300 lesson plans, spanning all grades and subjects, to meet your needs. Enjoy exploring new worlds and happy crafting.
-
-    **Try this!**
-
-    1. Go to education.minecraft.net/.
-    2. Click **Class Resources**.
-    3. Click **Find a Lesson**.
-
-    ![Access and adapt over 300 Minecraft lesson plans](images/minecraft_lesson_plans.png)
-
-
              
-
              
-
              
-
-![Help students understand new math concepts with the Math Assistant in OneNote](images/Inking.png)
-## 7. Use Windows Ink to provide a personal math tutor for your students
-
-The **Math Assistant** and **Ink Replay** features available in the OneNote app give your students step-by-step instructions on how to solve their math problems and help them visualize math functions on an interactive 2D graph.
-
-**Let's solve 3x+4=7 in OneNote using the pen!**
-To get started:
-1. Open the OneNote app for Windows 10 (not OneNote 2016).
-
-   ![OneNote icon](images/OneNote_logo.png)
-
-2. In the top left corner, click on the **<** arrow to access your notebooks and pages.
-
-   ![OneNote back arrow navigation button](images/left_arrow.png)
-
-3. Click **Add Page** to launch a blank work space.
-
-   ![Select add page button](images/plus-page.png)
-
-4. Make sure your pen is paired to the device. To pair, see Connect to Bluetooth devices.
-
-To solve the equation 3x+4=7, follow these instructions:
-1. Write the equation 3x+4=7 in ink using the pen or type it in as text.
-
-2. If you wrote the equation using digital ink, use the **Lasso tool** to circle the equation. If you typed the equation, highlight it using your mouse.
-
-   ![Lasso button](images/lasso.png)
-
-3. On the **Draw** tab, click the **Math** button.
-
-   ![Math button](images/math-button.png)
-
-4. From the drop-down menu in the **Math** pane, select the option to **Solve for x**. You can now see the final solution of the equation.
-
-   ![Solve for x menu](images/solve-for-x.png)
-
-5. From the second drop-down below, choose **Steps for Solving Linear Formula**, which shows you the step-by-step solution of this equation.
-
-6. On the **View** tab, click the **Replay** button. Use your mouse to select the written equation and watch your text in replay. Replay is great for students to review how the teacher solved the equation and for teachers to review how students approached a problem.
-
-   ![Replay button](images/replay.png)
-
-To graph the equation 3x+4=7, follow these instructions:
-1. From the drop-down menu in the **Math** pane, select the option to **Graph Both Sides in 2D**. You can play with the interactive graph of your equation - use a single finger to move the graph position or two fingers to change the **zoom** level.
-
-   ![Graph both sides in 2D](images/graph-for-x.png)
-
-2. Click the **Insert on Page** button below the graph to add a screenshot of the graph to your page.
-   
              
-   
              
-
-**Watch what Educators say about Microsoft Education delivering better learning outcomes**
-Bring out the best in students by providing a platform for collaborating, exploring, personalized learning, and getting things done across all devices.
-
-|  |  |
-|:--- |:--- |
-| 
              See how one school improves reading skills using Learning Tools Immersive Reader | 
              Here's how Microsoft Teams creates more robust classroom experiences at all ages. |
-| 
              Watch teachers elevate the education of students using OneNote. | 
              Here what other teachers say about using Minecraft: Education Edition in their classrooms. |
-|  |  |
-
-## Update your apps
-
-Microsoft Education works hard to bring you the most current Trial in a Box program experience. As a result, you may need to update your apps to get our latest innovations.
-
-For more information about checking for updates, and how to optionally turn on automatic app updates, see the following articles:
-
-- [Check updates for apps and games from Microsoft Store](https://support.microsoft.com/help/4026259/microsoft-store-check-updates-for-apps-and-games)
-
-- [Turn on automatic app updates](https://support.microsoft.com/help/15081/windows-turn-on-automatic-app-updates)
-
-## Get more info
-* Learn more at microsoft.com/education
-* Find out if your school is eligible for a device trial at aka.ms/EDUTrialInABox
-* Buy Windows 10 devices
-
-
              
-
              
-
              
-
              
-
              
-
              
-1 OneNote in Education Learning Tools transform the student experience.
diff --git a/education/trial-in-a-box/images/Bug.png b/education/trial-in-a-box/images/Bug.png
deleted file mode 100644
index 3199821631..0000000000
Binary files a/education/trial-in-a-box/images/Bug.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/Inking.png b/education/trial-in-a-box/images/Inking.png
deleted file mode 100644
index b6dcb58920..0000000000
Binary files a/education/trial-in-a-box/images/Inking.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/Math1.png b/education/trial-in-a-box/images/Math1.png
deleted file mode 100644
index 70891c9c29..0000000000
Binary files a/education/trial-in-a-box/images/Math1.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/Math2.png b/education/trial-in-a-box/images/Math2.png
deleted file mode 100644
index 9ffd2638ac..0000000000
Binary files a/education/trial-in-a-box/images/Math2.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/OneNote_logo.png b/education/trial-in-a-box/images/OneNote_logo.png
deleted file mode 100644
index 9adca44e69..0000000000
Binary files a/education/trial-in-a-box/images/OneNote_logo.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/TrialInABox_Header_Map_Graphic-01.png b/education/trial-in-a-box/images/TrialInABox_Header_Map_Graphic-01.png
deleted file mode 100644
index 07dae4fa9a..0000000000
Binary files a/education/trial-in-a-box/images/TrialInABox_Header_Map_Graphic-01.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/Unlock-Limitless-Learning.png b/education/trial-in-a-box/images/Unlock-Limitless-Learning.png
deleted file mode 100644
index 5697eee7bb..0000000000
Binary files a/education/trial-in-a-box/images/Unlock-Limitless-Learning.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/Welcome-IT-Admins.png b/education/trial-in-a-box/images/Welcome-IT-Admins.png
deleted file mode 100644
index e1bc425bb1..0000000000
Binary files a/education/trial-in-a-box/images/Welcome-IT-Admins.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/Welocme-Educators.png b/education/trial-in-a-box/images/Welocme-Educators.png
deleted file mode 100644
index 5906fd82bb..0000000000
Binary files a/education/trial-in-a-box/images/Welocme-Educators.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/activate_21st_learning.png b/education/trial-in-a-box/images/activate_21st_learning.png
deleted file mode 100644
index 750846f38e..0000000000
Binary files a/education/trial-in-a-box/images/activate_21st_learning.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/admin-TIB-setp-1-jump.png b/education/trial-in-a-box/images/admin-TIB-setp-1-jump.png
deleted file mode 100644
index 7a4ae9b645..0000000000
Binary files a/education/trial-in-a-box/images/admin-TIB-setp-1-jump.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/admin-TIB-setp-1-v3.png b/education/trial-in-a-box/images/admin-TIB-setp-1-v3.png
deleted file mode 100644
index 00dd5bbb40..0000000000
Binary files a/education/trial-in-a-box/images/admin-TIB-setp-1-v3.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/admin-TIB-setp-2-jump.png b/education/trial-in-a-box/images/admin-TIB-setp-2-jump.png
deleted file mode 100644
index 3bb2096f07..0000000000
Binary files a/education/trial-in-a-box/images/admin-TIB-setp-2-jump.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/admin-TIB-setp-2-v3.png b/education/trial-in-a-box/images/admin-TIB-setp-2-v3.png
deleted file mode 100644
index 66f0d899df..0000000000
Binary files a/education/trial-in-a-box/images/admin-TIB-setp-2-v3.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/admin-TIB-setp-3-jump.png b/education/trial-in-a-box/images/admin-TIB-setp-3-jump.png
deleted file mode 100644
index 801a858422..0000000000
Binary files a/education/trial-in-a-box/images/admin-TIB-setp-3-jump.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/admin-TIB-setp-3-v3.png b/education/trial-in-a-box/images/admin-TIB-setp-3-v3.png
deleted file mode 100644
index 228e0fe52e..0000000000
Binary files a/education/trial-in-a-box/images/admin-TIB-setp-3-v3.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/admin-TIB-setp-4-jump.png b/education/trial-in-a-box/images/admin-TIB-setp-4-jump.png
deleted file mode 100644
index 291f41f4b3..0000000000
Binary files a/education/trial-in-a-box/images/admin-TIB-setp-4-jump.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/admin-TIB-setp-4-v3.png b/education/trial-in-a-box/images/admin-TIB-setp-4-v3.png
deleted file mode 100644
index da700a5321..0000000000
Binary files a/education/trial-in-a-box/images/admin-TIB-setp-4-v3.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/admin-TIB-setp-5-jump.png b/education/trial-in-a-box/images/admin-TIB-setp-5-jump.png
deleted file mode 100644
index 5b0e1230b2..0000000000
Binary files a/education/trial-in-a-box/images/admin-TIB-setp-5-jump.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/admin-TIB-setp-5-v3.png b/education/trial-in-a-box/images/admin-TIB-setp-5-v3.png
deleted file mode 100644
index 5a11f7c057..0000000000
Binary files a/education/trial-in-a-box/images/admin-TIB-setp-5-v3.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-TIB-setp-1-jump.png b/education/trial-in-a-box/images/edu-TIB-setp-1-jump.png
deleted file mode 100644
index ab75a4c733..0000000000
Binary files a/education/trial-in-a-box/images/edu-TIB-setp-1-jump.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-TIB-setp-1-v3.png b/education/trial-in-a-box/images/edu-TIB-setp-1-v3.png
deleted file mode 100644
index 3763d04261..0000000000
Binary files a/education/trial-in-a-box/images/edu-TIB-setp-1-v3.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-TIB-setp-2-jump.png b/education/trial-in-a-box/images/edu-TIB-setp-2-jump.png
deleted file mode 100644
index 1064f06843..0000000000
Binary files a/education/trial-in-a-box/images/edu-TIB-setp-2-jump.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-TIB-setp-2-v3.png b/education/trial-in-a-box/images/edu-TIB-setp-2-v3.png
deleted file mode 100644
index a0c6d57d22..0000000000
Binary files a/education/trial-in-a-box/images/edu-TIB-setp-2-v3.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-TIB-setp-3-jump.png b/education/trial-in-a-box/images/edu-TIB-setp-3-jump.png
deleted file mode 100644
index 8383abf0f7..0000000000
Binary files a/education/trial-in-a-box/images/edu-TIB-setp-3-jump.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-TIB-setp-3-v3.png b/education/trial-in-a-box/images/edu-TIB-setp-3-v3.png
deleted file mode 100644
index 2ca24538db..0000000000
Binary files a/education/trial-in-a-box/images/edu-TIB-setp-3-v3.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-TIB-setp-4-jump.png b/education/trial-in-a-box/images/edu-TIB-setp-4-jump.png
deleted file mode 100644
index 5b8b8751a7..0000000000
Binary files a/education/trial-in-a-box/images/edu-TIB-setp-4-jump.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-TIB-setp-4-v3.png b/education/trial-in-a-box/images/edu-TIB-setp-4-v3.png
deleted file mode 100644
index 7ed0026dd3..0000000000
Binary files a/education/trial-in-a-box/images/edu-TIB-setp-4-v3.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-TIB-setp-5-jump.png b/education/trial-in-a-box/images/edu-TIB-setp-5-jump.png
deleted file mode 100644
index 3703de260f..0000000000
Binary files a/education/trial-in-a-box/images/edu-TIB-setp-5-jump.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-TIB-setp-5-v3.png b/education/trial-in-a-box/images/edu-TIB-setp-5-v3.png
deleted file mode 100644
index e6a165980b..0000000000
Binary files a/education/trial-in-a-box/images/edu-TIB-setp-5-v3.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-TIB-setp-6-jump.png b/education/trial-in-a-box/images/edu-TIB-setp-6-jump.png
deleted file mode 100644
index ef787873bf..0000000000
Binary files a/education/trial-in-a-box/images/edu-TIB-setp-6-jump.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-tib-setp-5-jump2.png b/education/trial-in-a-box/images/edu-tib-setp-5-jump2.png
deleted file mode 100644
index 684bc59a50..0000000000
Binary files a/education/trial-in-a-box/images/edu-tib-setp-5-jump2.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-tib-setp-5-v4.png b/education/trial-in-a-box/images/edu-tib-setp-5-v4.png
deleted file mode 100644
index d1d3f51fb8..0000000000
Binary files a/education/trial-in-a-box/images/edu-tib-setp-5-v4.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-tib-setp-6-v4.png b/education/trial-in-a-box/images/edu-tib-setp-6-v4.png
deleted file mode 100644
index 72393bc1ea..0000000000
Binary files a/education/trial-in-a-box/images/edu-tib-setp-6-v4.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-tib-setp-7-jump.png b/education/trial-in-a-box/images/edu-tib-setp-7-jump.png
deleted file mode 100644
index 1287f292b8..0000000000
Binary files a/education/trial-in-a-box/images/edu-tib-setp-7-jump.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/edu-tib-setp-7-v1.png b/education/trial-in-a-box/images/edu-tib-setp-7-v1.png
deleted file mode 100644
index 78b755cf3a..0000000000
Binary files a/education/trial-in-a-box/images/edu-tib-setp-7-v1.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/educator_getstarted_banner.png b/education/trial-in-a-box/images/educator_getstarted_banner.png
deleted file mode 100644
index 6262a6f28e..0000000000
Binary files a/education/trial-in-a-box/images/educator_getstarted_banner.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/educator_priority.png b/education/trial-in-a-box/images/educator_priority.png
deleted file mode 100644
index abd0995fff..0000000000
Binary files a/education/trial-in-a-box/images/educator_priority.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/foster_prof_collab.png b/education/trial-in-a-box/images/foster_prof_collab.png
deleted file mode 100644
index 4e6a86df97..0000000000
Binary files a/education/trial-in-a-box/images/foster_prof_collab.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/graph-for-x.png b/education/trial-in-a-box/images/graph-for-x.png
deleted file mode 100644
index 66d1d49621..0000000000
Binary files a/education/trial-in-a-box/images/graph-for-x.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/i4e_dashboard.PNG b/education/trial-in-a-box/images/i4e_dashboard.PNG
deleted file mode 100644
index 41304ad303..0000000000
Binary files a/education/trial-in-a-box/images/i4e_dashboard.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/i4e_dashboard_expressconfig.png b/education/trial-in-a-box/images/i4e_dashboard_expressconfig.png
deleted file mode 100644
index 41304ad303..0000000000
Binary files a/education/trial-in-a-box/images/i4e_dashboard_expressconfig.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/i4e_expressconfig_chooseapps.PNG b/education/trial-in-a-box/images/i4e_expressconfig_chooseapps.PNG
deleted file mode 100644
index b58d1f0da7..0000000000
Binary files a/education/trial-in-a-box/images/i4e_expressconfig_chooseapps.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/i4e_groups_alldevices_newfolders.PNG b/education/trial-in-a-box/images/i4e_groups_alldevices_newfolders.PNG
deleted file mode 100644
index 6e5a5661a9..0000000000
Binary files a/education/trial-in-a-box/images/i4e_groups_alldevices_newfolders.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/i4e_groups_allusers.PNG b/education/trial-in-a-box/images/i4e_groups_allusers.PNG
deleted file mode 100644
index 925ff9664a..0000000000
Binary files a/education/trial-in-a-box/images/i4e_groups_allusers.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/i4e_groups_allusers_apps.PNG b/education/trial-in-a-box/images/i4e_groups_allusers_apps.PNG
deleted file mode 100644
index 24e4110abc..0000000000
Binary files a/education/trial-in-a-box/images/i4e_groups_allusers_apps.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/i4e_groups_allusers_editapps.PNG b/education/trial-in-a-box/images/i4e_groups_allusers_editapps.PNG
deleted file mode 100644
index debf56ef03..0000000000
Binary files a/education/trial-in-a-box/images/i4e_groups_allusers_editapps.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/i4e_groups_settings_wincustomizations.PNG b/education/trial-in-a-box/images/i4e_groups_settings_wincustomizations.PNG
deleted file mode 100644
index bf081dec43..0000000000
Binary files a/education/trial-in-a-box/images/i4e_groups_settings_wincustomizations.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/inspire_innovation.png b/education/trial-in-a-box/images/inspire_innovation.png
deleted file mode 100644
index 0a55e5923a..0000000000
Binary files a/education/trial-in-a-box/images/inspire_innovation.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/it-admin.png b/education/trial-in-a-box/images/it-admin.png
deleted file mode 100644
index 83a69022cc..0000000000
Binary files a/education/trial-in-a-box/images/it-admin.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/it-admin1.svg b/education/trial-in-a-box/images/it-admin1.svg
deleted file mode 100644
index 695337f601..0000000000
--- a/education/trial-in-a-box/images/it-admin1.svg
+++ /dev/null
@@ -1,260 +0,0 @@
-
-
-
-
-	
-
-	
-
-	
-		Page-1
-		
-		
-			Sheet.3
-			
-			
-			
-		
-	
-
diff --git a/education/trial-in-a-box/images/itadmin_rotated.png b/education/trial-in-a-box/images/itadmin_rotated.png
deleted file mode 100644
index 2494b2db66..0000000000
Binary files a/education/trial-in-a-box/images/itadmin_rotated.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/itadmin_rotated_resized.png b/education/trial-in-a-box/images/itadmin_rotated_resized.png
deleted file mode 100644
index d7e805eadb..0000000000
Binary files a/education/trial-in-a-box/images/itadmin_rotated_resized.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/lasso.png b/education/trial-in-a-box/images/lasso.png
deleted file mode 100644
index 99da81e620..0000000000
Binary files a/education/trial-in-a-box/images/lasso.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/left_arrow.png b/education/trial-in-a-box/images/left_arrow.png
deleted file mode 100644
index 5521199254..0000000000
Binary files a/education/trial-in-a-box/images/left_arrow.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/m365edu_tib_itadminsteps.PNG b/education/trial-in-a-box/images/m365edu_tib_itadminsteps.PNG
deleted file mode 100644
index 5ab4c44f60..0000000000
Binary files a/education/trial-in-a-box/images/m365edu_tib_itadminsteps.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/m365edu_tib_itadminsteps_2.PNG b/education/trial-in-a-box/images/m365edu_tib_itadminsteps_2.PNG
deleted file mode 100644
index 536d78c8da..0000000000
Binary files a/education/trial-in-a-box/images/m365edu_tib_itadminsteps_2.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/m365edu_trialinabox_adminsteps.PNG b/education/trial-in-a-box/images/m365edu_trialinabox_adminsteps.PNG
deleted file mode 100644
index f9a565f3c5..0000000000
Binary files a/education/trial-in-a-box/images/m365edu_trialinabox_adminsteps.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/math-button.png b/education/trial-in-a-box/images/math-button.png
deleted file mode 100644
index a01e92e09a..0000000000
Binary files a/education/trial-in-a-box/images/math-button.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/mcee_downloadworld.PNG b/education/trial-in-a-box/images/mcee_downloadworld.PNG
deleted file mode 100644
index b81d4d94af..0000000000
Binary files a/education/trial-in-a-box/images/mcee_downloadworld.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/mcee_keyboard_controls.png b/education/trial-in-a-box/images/mcee_keyboard_controls.png
deleted file mode 100644
index 86428815a6..0000000000
Binary files a/education/trial-in-a-box/images/mcee_keyboard_controls.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/mcee_keyboard_mouse_controls.png b/education/trial-in-a-box/images/mcee_keyboard_mouse_controls.png
deleted file mode 100644
index f76c6951b2..0000000000
Binary files a/education/trial-in-a-box/images/mcee_keyboard_mouse_controls.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/meet_diverse_needs.png b/education/trial-in-a-box/images/meet_diverse_needs.png
deleted file mode 100644
index 5726b761af..0000000000
Binary files a/education/trial-in-a-box/images/meet_diverse_needs.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/microsoft_store_suspc_install.PNG b/education/trial-in-a-box/images/microsoft_store_suspc_install.PNG
deleted file mode 100644
index 80a6466b33..0000000000
Binary files a/education/trial-in-a-box/images/microsoft_store_suspc_install.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/minecraft_lesson_plans.png b/education/trial-in-a-box/images/minecraft_lesson_plans.png
deleted file mode 100644
index 69b430f910..0000000000
Binary files a/education/trial-in-a-box/images/minecraft_lesson_plans.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/msedu_tib_adminsteps.PNG b/education/trial-in-a-box/images/msedu_tib_adminsteps.PNG
deleted file mode 100644
index 512da71d05..0000000000
Binary files a/education/trial-in-a-box/images/msedu_tib_adminsteps.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/msedu_tib_adminsteps_nologo.png b/education/trial-in-a-box/images/msedu_tib_adminsteps_nologo.png
deleted file mode 100644
index 0a16a63350..0000000000
Binary files a/education/trial-in-a-box/images/msedu_tib_adminsteps_nologo.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/msedu_tib_teachersteps_nologo.png b/education/trial-in-a-box/images/msedu_tib_teachersteps_nologo.png
deleted file mode 100644
index 3b4115374f..0000000000
Binary files a/education/trial-in-a-box/images/msedu_tib_teachersteps_nologo.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/mses_getstarted_banner.png b/education/trial-in-a-box/images/mses_getstarted_banner.png
deleted file mode 100644
index 48dde0456c..0000000000
Binary files a/education/trial-in-a-box/images/mses_getstarted_banner.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/msfe_boughtapps.PNG b/education/trial-in-a-box/images/msfe_boughtapps.PNG
deleted file mode 100644
index 72de644cf4..0000000000
Binary files a/education/trial-in-a-box/images/msfe_boughtapps.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/msfe_portal.PNG b/education/trial-in-a-box/images/msfe_portal.PNG
deleted file mode 100644
index aac1c78f43..0000000000
Binary files a/education/trial-in-a-box/images/msfe_portal.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/o365_adminaccountinfo.PNG b/education/trial-in-a-box/images/o365_adminaccountinfo.PNG
deleted file mode 100644
index 30ab5e5c8e..0000000000
Binary files a/education/trial-in-a-box/images/o365_adminaccountinfo.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/o365_needhelp.PNG b/education/trial-in-a-box/images/o365_needhelp.PNG
deleted file mode 100644
index 72689ee2bf..0000000000
Binary files a/education/trial-in-a-box/images/o365_needhelp.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/o365_needhelp_callingoption.PNG b/education/trial-in-a-box/images/o365_needhelp_callingoption.PNG
deleted file mode 100644
index beb77f970a..0000000000
Binary files a/education/trial-in-a-box/images/o365_needhelp_callingoption.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/o365_needhelp_questionbutton.png b/education/trial-in-a-box/images/o365_needhelp_questionbutton.png
deleted file mode 100644
index 8c7a6aeeaa..0000000000
Binary files a/education/trial-in-a-box/images/o365_needhelp_questionbutton.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/o365_needhelp_supporttickets.PNG b/education/trial-in-a-box/images/o365_needhelp_supporttickets.PNG
deleted file mode 100644
index f9414da09a..0000000000
Binary files a/education/trial-in-a-box/images/o365_needhelp_supporttickets.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/o365_support_options.PNG b/education/trial-in-a-box/images/o365_support_options.PNG
deleted file mode 100644
index dfb3182c72..0000000000
Binary files a/education/trial-in-a-box/images/o365_support_options.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/o365_users_password.PNG b/education/trial-in-a-box/images/o365_users_password.PNG
deleted file mode 100644
index 4c423e670c..0000000000
Binary files a/education/trial-in-a-box/images/o365_users_password.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/o365_users_password_reset.PNG b/education/trial-in-a-box/images/o365_users_password_reset.PNG
deleted file mode 100644
index 02528706fe..0000000000
Binary files a/education/trial-in-a-box/images/o365_users_password_reset.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/o365_users_resetpassword.PNG b/education/trial-in-a-box/images/o365_users_resetpassword.PNG
deleted file mode 100644
index e32ff5b6bd..0000000000
Binary files a/education/trial-in-a-box/images/o365_users_resetpassword.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/officeportal_cantaccessaccount.PNG b/education/trial-in-a-box/images/officeportal_cantaccessaccount.PNG
deleted file mode 100644
index 79fcae5d8f..0000000000
Binary files a/education/trial-in-a-box/images/officeportal_cantaccessaccount.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/onenote_checkmark.png b/education/trial-in-a-box/images/onenote_checkmark.png
deleted file mode 100644
index 1d276b4c1d..0000000000
Binary files a/education/trial-in-a-box/images/onenote_checkmark.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/onenote_draw.PNG b/education/trial-in-a-box/images/onenote_draw.PNG
deleted file mode 100644
index 48c49e6e84..0000000000
Binary files a/education/trial-in-a-box/images/onenote_draw.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/onenote_researcher.png b/education/trial-in-a-box/images/onenote_researcher.png
deleted file mode 100644
index a03b00c820..0000000000
Binary files a/education/trial-in-a-box/images/onenote_researcher.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/photo_app_1.png b/education/trial-in-a-box/images/photo_app_1.png
deleted file mode 100644
index b5e6a59f63..0000000000
Binary files a/education/trial-in-a-box/images/photo_app_1.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/photo_app_2.png b/education/trial-in-a-box/images/photo_app_2.png
deleted file mode 100644
index 69ec9b01dd..0000000000
Binary files a/education/trial-in-a-box/images/photo_app_2.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/plus-page.png b/education/trial-in-a-box/images/plus-page.png
deleted file mode 100644
index b10bde2383..0000000000
Binary files a/education/trial-in-a-box/images/plus-page.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/replay.png b/education/trial-in-a-box/images/replay.png
deleted file mode 100644
index 9826112c50..0000000000
Binary files a/education/trial-in-a-box/images/replay.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/screenshot-bug.png b/education/trial-in-a-box/images/screenshot-bug.png
deleted file mode 100644
index 3199821631..0000000000
Binary files a/education/trial-in-a-box/images/screenshot-bug.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/solve-for-x.png b/education/trial-in-a-box/images/solve-for-x.png
deleted file mode 100644
index f0abd1379f..0000000000
Binary files a/education/trial-in-a-box/images/solve-for-x.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/start_microsoft_store.png b/education/trial-in-a-box/images/start_microsoft_store.png
deleted file mode 100644
index 083bae842a..0000000000
Binary files a/education/trial-in-a-box/images/start_microsoft_store.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/student.png b/education/trial-in-a-box/images/student.png
deleted file mode 100644
index 8349a0f5dc..0000000000
Binary files a/education/trial-in-a-box/images/student.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/student1.svg b/education/trial-in-a-box/images/student1.svg
deleted file mode 100644
index 25c267bae9..0000000000
--- a/education/trial-in-a-box/images/student1.svg
+++ /dev/null
@@ -1,168 +0,0 @@
-
-
-
-
-	
-
-	
-
-	
-		Page-1
-		
-		
-			Sheet.2
-			
-			
-			
-		
-	
-
diff --git a/education/trial-in-a-box/images/student2.svg b/education/trial-in-a-box/images/student2.svg
deleted file mode 100644
index 5d473d1baf..0000000000
--- a/education/trial-in-a-box/images/student2.svg
+++ /dev/null
@@ -1,176 +0,0 @@
-
-
-
-
-	
-
-	
-
-	
-		Page-1
-		
-		
-			Sheet.2
-			
-			
-			
-		
-		
-			Box
-			
-				
-			
-			
-		
-	
-
diff --git a/education/trial-in-a-box/images/suspc_configure_pc2.jpg b/education/trial-in-a-box/images/suspc_configure_pc2.jpg
deleted file mode 100644
index 68c0080b22..0000000000
Binary files a/education/trial-in-a-box/images/suspc_configure_pc2.jpg and /dev/null differ
diff --git a/education/trial-in-a-box/images/suspc_configure_pcsettings.PNG b/education/trial-in-a-box/images/suspc_configure_pcsettings.PNG
deleted file mode 100644
index 9dc6298c43..0000000000
Binary files a/education/trial-in-a-box/images/suspc_configure_pcsettings.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/suspc_configure_pcsettings2.png b/education/trial-in-a-box/images/suspc_configure_pcsettings2.png
deleted file mode 100644
index 2dba596ef9..0000000000
Binary files a/education/trial-in-a-box/images/suspc_configure_pcsettings2.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/suspc_configure_pcsettings_selected.png b/education/trial-in-a-box/images/suspc_configure_pcsettings_selected.png
deleted file mode 100644
index b0204e110a..0000000000
Binary files a/education/trial-in-a-box/images/suspc_configure_pcsettings_selected.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/suspc_configure_recommended_apps.png b/education/trial-in-a-box/images/suspc_configure_recommended_apps.png
deleted file mode 100644
index 4a75409f34..0000000000
Binary files a/education/trial-in-a-box/images/suspc_configure_recommended_apps.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/suspc_configure_recommendedapps.png b/education/trial-in-a-box/images/suspc_configure_recommendedapps.png
deleted file mode 100644
index 126cf46911..0000000000
Binary files a/education/trial-in-a-box/images/suspc_configure_recommendedapps.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/suspc_configure_recommendedapps_v2.png b/education/trial-in-a-box/images/suspc_configure_recommendedapps_v2.png
deleted file mode 100644
index 7fa7b7a190..0000000000
Binary files a/education/trial-in-a-box/images/suspc_configure_recommendedapps_v2.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/suspc_review_summary.PNG b/education/trial-in-a-box/images/suspc_review_summary.PNG
deleted file mode 100644
index e515809d8f..0000000000
Binary files a/education/trial-in-a-box/images/suspc_review_summary.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/suspc_start.PNG b/education/trial-in-a-box/images/suspc_start.PNG
deleted file mode 100644
index 4fef71992d..0000000000
Binary files a/education/trial-in-a-box/images/suspc_start.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/suspc_takeatest.PNG b/education/trial-in-a-box/images/suspc_takeatest.PNG
deleted file mode 100644
index 282720e66f..0000000000
Binary files a/education/trial-in-a-box/images/suspc_takeatest.PNG and /dev/null differ
diff --git a/education/trial-in-a-box/images/teacher.png b/education/trial-in-a-box/images/teacher.png
deleted file mode 100644
index e3b89bb7a7..0000000000
Binary files a/education/trial-in-a-box/images/teacher.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/teacher1.svg b/education/trial-in-a-box/images/teacher1.svg
deleted file mode 100644
index 00feb1e22a..0000000000
--- a/education/trial-in-a-box/images/teacher1.svg
+++ /dev/null
@@ -1,155 +0,0 @@
-
-
-
-
-	
-
-	
-
-	
-		Page-1
-		
-		
-			Sheet.1
-			
-			
-			
-		
-	
-
diff --git a/education/trial-in-a-box/images/teacher2.svg b/education/trial-in-a-box/images/teacher2.svg
deleted file mode 100644
index 592c516120..0000000000
--- a/education/trial-in-a-box/images/teacher2.svg
+++ /dev/null
@@ -1,163 +0,0 @@
-
-
-
-
-	
-
-	
-
-	
-		Page-1
-		
-		
-			Sheet.1
-			
-			
-			
-		
-		
-			Box.5
-			
-				
-			
-			
-		
-	
-
diff --git a/education/trial-in-a-box/images/teacher_rotated.png b/education/trial-in-a-box/images/teacher_rotated.png
deleted file mode 100644
index ccca16f0e2..0000000000
Binary files a/education/trial-in-a-box/images/teacher_rotated.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/teacher_rotated_resized.png b/education/trial-in-a-box/images/teacher_rotated_resized.png
deleted file mode 100644
index 4e9f0e03f8..0000000000
Binary files a/education/trial-in-a-box/images/teacher_rotated_resized.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/trial-in-a-box.png b/education/trial-in-a-box/images/trial-in-a-box.png
deleted file mode 100644
index ca9b031f24..0000000000
Binary files a/education/trial-in-a-box/images/trial-in-a-box.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/win10_oobe_firstscreen.png b/education/trial-in-a-box/images/win10_oobe_firstscreen.png
deleted file mode 100644
index 0d5343d0b4..0000000000
Binary files a/education/trial-in-a-box/images/win10_oobe_firstscreen.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/windows_start.png b/education/trial-in-a-box/images/windows_start.png
deleted file mode 100644
index 08a2568c83..0000000000
Binary files a/education/trial-in-a-box/images/windows_start.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/word_online_grammar_options.png b/education/trial-in-a-box/images/word_online_grammar_options.png
deleted file mode 100644
index 8d6eec92db..0000000000
Binary files a/education/trial-in-a-box/images/word_online_grammar_options.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/word_online_immersive_reader.png b/education/trial-in-a-box/images/word_online_immersive_reader.png
deleted file mode 100644
index 74340efca5..0000000000
Binary files a/education/trial-in-a-box/images/word_online_immersive_reader.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/word_online_line_focus.png b/education/trial-in-a-box/images/word_online_line_focus.png
deleted file mode 100644
index ee9db0ca08..0000000000
Binary files a/education/trial-in-a-box/images/word_online_line_focus.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/word_online_text_preferences.png b/education/trial-in-a-box/images/word_online_text_preferences.png
deleted file mode 100644
index 1eec52893f..0000000000
Binary files a/education/trial-in-a-box/images/word_online_text_preferences.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/word_online_tts.png b/education/trial-in-a-box/images/word_online_tts.png
deleted file mode 100644
index 96e04f35f9..0000000000
Binary files a/education/trial-in-a-box/images/word_online_tts.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/wordonline_grammar_options.png b/education/trial-in-a-box/images/wordonline_grammar_options.png
deleted file mode 100644
index aef5976456..0000000000
Binary files a/education/trial-in-a-box/images/wordonline_grammar_options.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/wordonline_line_focus.png b/education/trial-in-a-box/images/wordonline_line_focus.png
deleted file mode 100644
index fcb39edd26..0000000000
Binary files a/education/trial-in-a-box/images/wordonline_line_focus.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/wordonline_text_preferences.png b/education/trial-in-a-box/images/wordonline_text_preferences.png
deleted file mode 100644
index a336c2356d..0000000000
Binary files a/education/trial-in-a-box/images/wordonline_text_preferences.png and /dev/null differ
diff --git a/education/trial-in-a-box/images/wordonline_tts.png b/education/trial-in-a-box/images/wordonline_tts.png
deleted file mode 100644
index 973a7dd031..0000000000
Binary files a/education/trial-in-a-box/images/wordonline_tts.png and /dev/null differ
diff --git a/education/trial-in-a-box/index.md b/education/trial-in-a-box/index.md
deleted file mode 100644
index f21a0ddcf4..0000000000
--- a/education/trial-in-a-box/index.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: Microsoft Education Trial in a Box
-description: For IT admins, educators, and students, discover what you can do with Microsoft 365 Education. Try it out with our Trial in a Box program.
-keywords: education, Microsoft 365 Education, trial, full cloud IT solution, school, deploy, setup, IT admin, educator, student, explore, Trial in a Box
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.topic: article
-ms.localizationpriority: medium
-ms.pagetype: edu
-ROBOTS: noindex,nofollow
-author: dansimp
-ms.author: dansimp
-ms.date: 12/11/2017
----
-
-# Microsoft Education Trial in a Box
-
-![Microsoft Education Trial in a Box - Unlock Limitless Learning](images/Unlock-Limitless-Learning.png)
-
-
              
-
-> [!VIDEO https://www.youtube.com/embed/azoxUYWbeGg]
-
-
              
-
-Welcome to Microsoft Education Trial in a Box. We built this trial to make it easy to try our latest classroom technologies. We have two scenarios for you to try: one for educators and one for IT. We recommend starting with Educators. To begin, click **Get started** below. 
-
-
              
-
-| [![Get started for Educators](images/teacher_rotated_resized.png)](educator-tib-get-started.md) | [![Get started for IT Admins](images/itadmin_rotated_resized.png)](itadmin-tib-get-started.md) |
-| :---: | :---: | 
-| **Educator**
              Enhance students of all abilities by unleashing their creativity, collaboration, and improving problem-solving skills. 
              [Get started](educator-tib-get-started.md) | **IT Admin**
              Quickly implement and deploy a full cloud infrastructure that's secure and easy to manage. 
               [Get started](itadmin-tib-get-started.md) |
-
-
-
diff --git a/education/trial-in-a-box/itadmin-tib-get-started.md b/education/trial-in-a-box/itadmin-tib-get-started.md
deleted file mode 100644
index 51e0cf23d8..0000000000
--- a/education/trial-in-a-box/itadmin-tib-get-started.md
+++ /dev/null
@@ -1,281 +0,0 @@
----
-title: IT Admin Trial in a Box Guide
-description: Try out Microsoft 365 Education to implement a full cloud infrastructure for your school, manage devices and apps, and configure and deploy policies to your Windows 10 devices.
-keywords: education, Microsoft 365 Education, trial, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, Microsoft Store for Education
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.topic: quickstart
-ms.localizationpriority: medium
-ms.pagetype: edu
-ROBOTS: noindex,nofollow
-author: dansimp
-ms.author: dansimp
-ms.date: 03/18/2018
-ms.reviewer: 
-manager: dansimp
----
-
-# IT Admin Trial in a Box Guide
-
-![Welcome, IT Admins!](images/Welcome-IT-Admins.png)
-
-Learn how to quickly deploy and manage devices for your school in 5 quick steps.
-
-|  |  |
-| :---: |:--- |
-| [![Log in to Device A](images/admin-TIB-setp-1-v3.png)](#it-task1) | [Log in](#it-task1) to **Device A** with your IT Admin credentials and connect to your school's network. |
-| [![Configure Device B with Set up School PCs](images/admin-TIB-setp-2-v3.png)](#it-task2) | [Configure Device B](#it-task2) with the Set up School PCs app. |
-| [![Configure Intune for Education](images/admin-TIB-setp-3-v3.png)](#it-task3) | [Express configure Intune for Education](#it-task3) to manage devices, users, and policies. |
-| [![Find and deploy apps](images/admin-TIB-setp-4-v3.png)](#it-task4) | [Find apps from the Microsoft Store for Education](#it-task4) and deploy them to manage devices in your tenant. |
-| [![Create custom folders](images/admin-TIB-setp-5-v3.png)](#it-task5) | [Create custom folders](#it-task5) that will appear on each managed device's **Start** menu. |
-|  |  |
-
-
              
-To get the most out of Microsoft Education, we've pre-configured your tenant for you so you don't need to set it up. A tenant is representative of an organization. It is a dedicated instance of the Azure AD service that an organization receives and owns when it signs up for a Microsoft cloud service such as Azure, Microsoft Intune, or Office 365. We've also pre-populated the tenant with fictitious Student Information System (SIS) data so you can work with this as you follow the guide.
-
-If you run into any problems while following the steps in this guide, or you have questions about Trial in a Box or Microsoft Education, see [Microsoft Education Trial in a Box Support](support-options.md).
-
-
              
-
-> [!VIDEO https://www.youtube.com/embed/cVVKCpO2tyI]
-
-
              
-
-![Log in to Device A](images/admin-TIB-setp-1-jump.png) 
-## 1. Log in to Device A with your IT Admin credentials and connect to the school network
-To try out the IT admin tasks, start by logging in as an IT admin.
-
-1. Set up **Device A** first, then set up **Device B**.
-2. Turn on **Device A** and ensure you plug in the PC to an electrical outlet.
-3. Connect **Device A** to your school's Wi-Fi network or connect with a local Ethernet connection using the Ethernet adapter included in this kit.
-   >**Note**: If your Wi-Fi network requires a web browser login page to connect to the Internet, connect using the Ethernet port. If your Wi-Fi network has additional restrictions that will prevent the device from connecting to the internet without registration, consider connecting **Device A** to a different network.
-
-4. Log in to **Device A** using the **Administrator Username** and **Administrator Password** included in the **Credentials Sheet** located in your kit.
-5. Note the serial numbers on the Trial in a Box devices and register both devices with the hardware manufacturer to activate the manufacturer's warranty.
-
-
              
-
-![Configure Device B with Set up School PCs](images/admin-TIB-setp-2-jump.png) 
-## 2. Configure Device B with Set up School PCs
-Now you're ready to learn how to configure a brand new device. You will start on **Device A** by downloading and running the Set up School PCs app. Then, you will configure **Device B**.
-
-If you've previously used Set up School PCs to provision student devices, you can follow the instructions in this section to quickly configure **Device B**. Otherwise, we recommend you follow the instructions in [Use the Set up School PCs app](../windows/use-set-up-school-pcs-app.md) for more detailed information, including tips for successfully running Set up School PCs.
-
-### Download, install, and get ready
-
-1. From the **Start** menu, find and then click **Microsoft Store** to launch the Store.
-
-    ![Microsoft Store from the Start menu](images/start_microsoft_store.png)
-
-2. Search for the **Set up School PCs** app.
-
-    ![Set up School PCs on Microsoft Store](images/microsoft_store_suspc_install.png)
-
-3. Click **Install**.
-
-### Create the provisioning package
-
-1. On **Device A**, launch the Set up School PCs app.
-
-    ![Launch the Set up School PCs app](images/suspc_start.png)
-
-2. Click **Get started**.
-3. Select **Sign-in**.
-4. In **Let's get you signed in**, choose your Trial in a Box admin account. If you don't see it on the list, follow these steps:
-    1. Select **Work or school account > Use another account** and then enter your Trial in a Box admin account email and password. 
-    2. Click **Accept**.
-
-5. Add a short name that Set up School PCs will use as a prefix to identify and easily manage the group of devices, apps, and other settings through Intune for Education.
-  
-    > [!NOTE]  
-    > The name must be five (5) characters or less. Set up School PCs automatically appends `_%SERIAL%` to the prefix that you specify. `_%SERIAL%` ensures that all device names are unique. For example, if you add *Math4* as the prefix, the device names will be *Math4* followed by a random string of letters and numbers. 
-
-6. In **Configure student PC settings**, you can specify other settings for the student PC.
-
-    We recommend checking the highlighted settings below:
-
-    ![Configure student PC settings](images/suspc_configure_pcsettings_selected.png)
-
-   - **Remove apps pre-installed by the device manufacturer** - If you select this option, this will reset the machine and the provisioning process will take longer (about 30 minutes).
-   - **Allow local storage (not recommended for shared devices)** lets students save files to the **Desktop** and **Documents** folder on the student PC.
-   - **Optimize device for a single student, instead of a shared cart or lab** optimizes the device for use by a single student (1:1). 
-     - Set up School PCs will change some account management logic so that it sets the expiration time for an account to 180 days (without requiring sign-in). 
-     - This setting also increases the maximum storage to 100% of the available disk space. This prevents the student's account from being erased if the student stores a lot of files or data or if the student doesn't use the PC over a prolonged period.
-   - **Let guests sign-in to these PCs** allows guests to use student PCs without a school account. If you select this option, a **Guest** account button will be added in the PC's sign-in screen to allow anyone to use the PC.
-   - **Enable Windows 10 Autopilot Reset** enables IT admins to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment the student PC is returned to a fully configured or known approved state. For more info, see [Autopilot Reset](../windows/autopilot-reset.md).
-   - **Lock screen background** shows the default background used for student PCs provisioned by Set up School PCs. Select **Browse** to change the default.
-
-7. **Set up the Take a Test app** configures the device for taking quizzes and high-stakes assessments by some providers like Smarter Balanced. Windows will lock down the student PC so that students can't access anything else while taking the test.
-
-    ![Configure the Take a Test app](images/suspc_takeatest.png)
-
-   1. Specify if you want to create a Take a Test button on the students' sign-in screens.
-   2. Select **Advanced settings** to allow keyboard text suggestions to appear and to allow teachers to monitor online tests. 
-
-      > [!NOTE]
-      > The Take a Test app doesn't provide monitoring capabilities, but it allows tools like AssistX ClassPolicy to see what is going on in the app.
-
-   3. Enter the assessment URL. 
-
-8. **Add recommended apps** lets you choose from a set of recommended Microsoft Store apps to provision. 
-
-    ![Recommended apps in Set up School PCs package configuration](images/suspc_configure_recommendedapps_v2.png)
-
-    The recommended apps include the following:
-    * **Office 365 for Windows 10 S (Education Preview)** - Optional. This works well for the Trial in a Box PCs running Windows 10 S. However, if you try to install this app on other editions of Windows 10, setup will fail. Also note that if you select **Office 365 for Windows 10 S (Education Preview)**, it will take about 30-45 minutes longer for Set up School PCs to create the provisioning package as the app downloads Office 365 for Windows 10 S (Education Preview) from the Microsoft Store.
-    * **Minecraft: Education Edition** - This is pre-provisioned in your tenant's app catalog, but it's not yet installed on a device. Select this option now to include it in the provisioning package.
-    * **Other apps fit for the classroom** - Optional. You can choose other recommended apps to install on the PC.
-
-9. **Review package summary**. 
-
-    To change any of the settings, select the page or section (such as **Sign-in** or **Settings**) to go back to that page and make your changes.
-
-    ![Select the section or page name to make a change](images/suspc_review_summary.png)
-
-10. Accept the summary and then insert a USB drive in **Device A**. Use the USB drive that came in the Trial in a Box accessories box to save the provisioning package.
-11. Select the drive and then **Save** to create the provisioning package. 
-
-    The provisioning package on your USB drive will be named SetUpSchoolPCs_*ABCDE* (Expires *MM-DD-YYYY*).ppkg, where *ABCDE* is the device name you added (if any), and *MM-DD-YYYY* is the month, day, and year when the package will expire.
-    
-    > [!NOTE]
-    > If you selected **Office 365 for Windows 10 S (Education Preview)**, this step will take about 30-45 minutes. You can jump ahead to task 3, [Express configure Intune for Education to manage devices, users, and policies](#it-task3), and then finish the rest of task 2 afterwards.
-
-12. Follow the instructions in the **Get the student PCs ready** page to start setting up **Device B**. 
-13. Follow the instructions in the **Install the package** page to apply the provisioning package to **Device B**. For more guidance, you can follow the steps in [Apply the provisioning package](#apply-the-provisioning-package).
-
-    Select **Create new package** if you need to create a new provisioning package. Otherwise, remove the USB drive.
-
-### Apply the provisioning package
-A provisioning package is a method for applying settings to Windows 10 without needing to reimage the device. 
-
-**Set up Device B using the Set up School PCs provisioning package**
-
-1. Start with **Device B** turned off or with the PC on the first-run setup screen. In Windows 10 S Fall Creators Update, the first-run setup screen says **Let's start with region. Is this right?**. 
-
-    ![The first screen to set up a new PC in Windows 10 Fall Creators Update](images/win10_oobe_firstscreen.png)
-
-    If you go past the region selection screen, select **Ctrl + Shift + F3** which will prompt the "System Preparation Tool." Select **Okay** in the tool to return to the region selection screen. If this doesn't work, reset the PC by going to **Settings > Update & Security > Recovery > Reset this PC.**
-
-2. Insert the USB drive into **Device B**. Windows will recognize the drive and automatically install the provisioning package. 
-3. When prompted, remove the USB drive. You can then use the USB drive to start provisioning another student PC.
-
-    After provisioning **Device B**, wait 1-2 minutes to allow the device to fully connect to the tenant. You can then select any one of the teacher or student accounts from the **User name and passwords** sheet provided in your Trial in a Box to test **Device B** and the Microsoft Education tools and services that are part of your 1-year trial.
-
-You can complete the rest of the IT admin tasks using **Device A**.
-
-
              
-
-![Express configure Intune for Education](images/admin-TIB-setp-3-jump.png) 
-## 3. Express configure Intune for Education to manage devices, users, and policies
-Intune for Education provides an **Express configuration** option so you can get going right away. We'll use that option here.
-
-1. Log into the Intune for Education console. 
-2. On the Intune for Education dashboard, click **Launch Express Configuration** or select the **Express configuration**.
-
-    ![Intune for Education dashboard](images/i4e_dashboard_expressconfig.png)
-
-3. In the **Welcome to Intune for Education** screen, click **Get started** and follow the prompts until you get to the **Choose group** screen.
-4. In the **Choose group** screen, select **All Users** so that all apps and settings that we select during express setup will apply to this group. 
-5. In the **Choose apps** screen, you will see a selection of desktop (Win32) apps, Web apps, and Microsoft Store apps. 
-
-    ![Choose apps you want to provision to the group](images/i4e_expressconfig_chooseapps.png)
-
-6. Add or remove apps by clicking on them. A blue checkmark means the app is added and will be installed for all members of the group selected in step 5.
-
-    > [!TIP]
-    > Web apps are pushed as links in the Windows Start menu under **All apps**. If you want apps to appear in Microsoft Edge browser tabs, use the **Homepages** setting for Microsoft Edge through **Express configuration** or **Manage Users and Devices**.
-
-7. In the **Choose settings** screen, set the settings to apply to the group. Expand each settings group to see all the configurable settings.
-
-    For example, set these settings:
-    - In the **Basic device settings** group, change the **Block changing language settings** and **Block changing device region settings** to **Block**.
-    - In the **Microsoft Edge settings** group, change the **Block pop-ups** setting to **Block**.
-
-8. Click **Next** and review the list of apps and settings you selected to apply.
-9. Click **Save** and then click **All done** to go back to the dashboard.
-
-
              
-
-![Find apps from the Microsoft Store for Education](images/admin-TIB-setp-4-jump.png) 
-## 4. Find apps from the Microsoft Store for Education and deploy them to managed devices in your tenant
-The Microsoft Store for Education is where you can shop for more apps for your school.
-
-1. In Intune for Education, select **Apps**. 
-2. In the **Store apps** section, select **+ New app** to go to the Microsoft Store for Education.
-3. Select **Sign in** and start shopping for apps for your school.
-
-    ![Microsoft Store for Education site](images/msfe_portal.png)
-
-4. Check some of the categories for suggested apps or search the Store for a free educational or reference app. Find ones that you haven't already installed during express configuration for Intune for Education. For example, these apps are free:
-    - Duolingo - Learn Languages for Free
-    - Khan Academy
-    - My Study Life
-    - Arduino IDE
-
-5. Find or select the app you want to install and click **Get the app**.
-6. In the app's Store page, click the **...** button and select **Add to private store**. 
-
-    Repeat steps 3-5 to install another app or go to the next step.
-
-7. Select **Manage > Products & services** to verify that the apps you purchased appear in your inventory.
-
-    The apps will show up in your inventory along with the apps that Microsoft automatically provisioned for your education tenant.
-
-    ![List of apps bought for the school](images/msfe_boughtapps.png)
-
-    In the **Private store** column of the **Products & services** page, the status for some apps will indicate that it's "In private store" while others will say "Adding to private store" or "Not applicable". Learn more about this in Distribute apps using your private store.
-
-    > [!NOTE]  
-    > Sync happens automatically, but it may take up to 36 hours for your organization's private store and 12 hours for Intune for Education to sync all your purchased apps.
-
-
              
-
-![Create custom folders that appear on managed devices](images/admin-TIB-setp-5-jump.png) 
-## 5. Create custom folders that will appear on each managed device's Start menu
-Update settings for all devices in your tenant by adding the **Documents** and **Downloads** folders to all devices managed in Intune for Education.
-
-1. Go to the Intune for Education console.
-2. Select **Group > All Devices > Settings** and expand **Windows interface settings**.
-3. In **Choose folders that appear in the Start menu**, select **Documents** and **Downloads**.
-
-    ![Choose folders that appear in the Start menu](images/screenshot-bug.png)
-
-4. **Save** your changes.
-
-## Verify correct device setup and other IT admin tasks
-Follow these instructions to confirm if you configured your tenant correctly and the right apps and settings were applied to all users or devices on your tenant:
-
-* [Verify correct device setup](/microsoft-365/education/deploy/#verify-correct-device-setup) 
-
-    1. Confirm that the apps you bought from the Microsoft Store for Education appear in the Windows Start screen's **Recently added** section.
-
-        > [!NOTE]
-        > It may take some time before the apps appear on your devices. When you select **Start**, some apps may show up under **Recently added** while others may say that **Add is in progress**. Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune for Education to sync all your purchased apps down to your devices. 
-
-    2. Confirm that the folders you added, if you chose to customize the Windows interface from Intune for Education, appear in the Start menu.
-    3. If you added **Office 365 for Windows 10 S (Education Preview)** to the package and provisioned **Device B** with it, you need to click on one of the Office apps in the **Start** menu to complete app registration. 
-
-* [Verify the device is Azure AD joined](/microsoft-365/education/deploy/#verify-the-device-is-azure-ad-joined) - Confirm that your devices are being managed in Intune for Education.
-* [Add more users](/microsoft-365/education/deploy/#add-more-users) - Go to the Microsoft 365 admin center to add more users.
-* Get app updates (including updates for Office 365 for Windows 10 S)
-    1. Open the **Start** menu and go to the **Microsoft Store**.
-    2. From the **Microsoft Store**, click **...** (See more) and select **Downloads and updates**.
-    3. In the **Downloads and updates** page, click **Get updates**.
-* [Try the BYOD scenario](/microsoft-365/education/deploy/#connect-other-devices-to-your-cloud-infrastructure) 
-
-## Update your apps
-
-Microsoft Education works hard to bring you the most current Trial in a Box program experience. As a result, you may need to update your apps to get our latest innovations. 
-
-For more information about checking for updates, and how to optionally turn on automatic app updates, see the following articles:
-
-- [Check updates for apps and games from Microsoft Store](https://support.microsoft.com/help/4026259/microsoft-store-check-updates-for-apps-and-games)
-
-- [Turn on automatic app updates](https://support.microsoft.com/help/15081/windows-turn-on-automatic-app-updates)
-
-
-## Get more info
-* Learn more at microsoft.com/education
-* Find out if your school is eligible for a device trial at aka.ms/EDUTrialInABox
-* Buy Windows 10 devices
\ No newline at end of file
diff --git a/education/trial-in-a-box/support-options.md b/education/trial-in-a-box/support-options.md
deleted file mode 100644
index 9cb32351de..0000000000
--- a/education/trial-in-a-box/support-options.md
+++ /dev/null
@@ -1,78 +0,0 @@
----
-title: Microsoft Education Trial in a Box Support
-description: Need help or have a question about using Microsoft Education Trial in a Box? Start here.
-keywords: support, troubleshooting, education, Microsoft 365 Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, Microsoft Store for Education, Set up School PCs
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.topic: article
-ms.localizationpriority: medium
-ms.pagetype: edu
-ROBOTS: noindex,nofollow
-author: dansimp
-ms.author: dansimp
-ms.date: 03/18/2018
-ms.reviewer: 
-manager: dansimp
----
-
-# Microsoft Education Trial in a Box Support
-Need help or have a question about using Microsoft Education? Start here.
-
-## 1. Update your apps
-
-Microsoft Education works hard to bring you the most current Trial in a Box program experience. As a result, you may need to update your apps to get our latest innovations. 
-
-For more information about checking for updates, and how to optionally turn on automatic app updates, see the following articles:
-
-- [Check updates for apps and games from Microsoft Store](https://support.microsoft.com/help/4026259/microsoft-store-check-updates-for-apps-and-games)
-
-- [Turn on automatic app updates](https://support.microsoft.com/help/15081/windows-turn-on-automatic-app-updates)
-
-## 2. Confirm your admin contact information is current
-
-1. Go to the admin center and sign in with your Office 365 admin credentials.
-2. In the admin center dashboard, select your profile on the upper righthand corner and select **My account** from the options.
-3. Select **Personal info** and then edit **Contact details** to update  your phone, primary email address, and alternate email address. 
-
-   > [!NOTE]
-   > For the alternate email address, make sure you use a different address from your Office 365 email address.
-
-   ![Complete your contact details](images/o365_adminaccountinfo.png)
-
-4. Click **Save**.
-
-## 3. Request a call back
-
-1. Click the **Need help?** button in the lower right-hand corner of the Office 365 console.
-
-   ![Select Need help to get support](images/o365_needhelp.png)
-
-   You will see a sidebar window open up on the right-hand side of the screen.
-
-   ![Option to have a support representative call you](images/o365_needhelp_callingoption.png)
-
-   If you chose to have a support representative call you, a new support ticket will be opened and you can track these in **Support tickets**.
-
-   ![Track your support tickets](images/o365_needhelp_supporttickets.png)
-
-2. Click the **question button** ![Question button](images/o365_needhelp_questionbutton.png) in the top navigation of the sidebar window.
-3. In the field below **Need help?**, enter a description of your help request.
-4. Click the **Get help button**.
-5. In the **Let us call you** section, enter a phone number where you can be reached.
-6. Click the **Call me** button.
-7. A Microsoft Education support representative will call you back.
-
-## Forgot your password?
-Forget your password? Follow these steps to recover it.
-
-1. Go to https://portal.office.com
-2. Select **Can't access your account** and follow the prompts to get back into your account.
-
-   ![Recover your account](images/officeportal_cantaccessaccount.png)
-
-
-
-
-## Get more info
-[Microsoft Education Trial in a Box](index.md)
diff --git a/education/windows/TOC.yml b/education/windows/TOC.yml
index 6571e40f23..3a592b8263 100644
--- a/education/windows/TOC.yml
+++ b/education/windows/TOC.yml
@@ -1,3 +1,9 @@
+- name: Windows 11 SE for Education
+  items:
+   - name: Overview
+     href: windows-11-se-overview.md
+   - name: Settings and CSP list
+     href: windows-11-se-settings-list.md
 - name: Windows 10 for Education
   href: index.md
   items: 
diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md
index dba25c2b0f..5e41713a4b 100644
--- a/education/windows/autopilot-reset.md
+++ b/education/windows/autopilot-reset.md
@@ -19,7 +19,7 @@ manager: dansimp
 
 -   Windows 10, version 1709 
 
-IT admins or technical teachers can use Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
+IT admins or technical teachers can use Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen anytime and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
 
 To enable Autopilot Reset in Windows 10, version 1709 (Fall Creators Update), you must:
 
@@ -30,34 +30,38 @@ To enable Autopilot Reset in Windows 10, version 1709 (Fall Creators Update), yo
 
 To use Autopilot Reset, [Windows Recovery Environment (WinRE) must be enabled on the device](#winre).
 
-**DisableAutomaticReDeploymentCredentials** is a policy that enables or disables the visibility of the credentials for Autopilot Reset. It is a policy node in the [Policy CSP](/windows/client-management/mdm/policy-csp-credentialproviders), **CredentialProviders/DisableAutomaticReDeploymentCredentials**. By default, this policy is set to 1 (Disable). This ensures that Autopilot Reset isn't triggered by accident.
+**DisableAutomaticReDeploymentCredentials** is a policy that enables or disables the visibility of the credentials for Autopilot Reset. It's a policy node in the [Policy CSP](/windows/client-management/mdm/policy-csp-credentialproviders), **CredentialProviders/DisableAutomaticReDeploymentCredentials**. By default, this policy is set to 1 (Disable). This setting ensures that Autopilot Reset isn't triggered by accident.
 
 You can set the policy using one of these methods:
 
 - MDM provider
 
-    -Check your MDM provider documentation on how to set this policy. If your MDM provider doesn't explicitly support this policy, you can manually set this policy if your MDM provider allows specific OMA-URIs to be manually set.
+  Check your MDM provider documentation on how to set this policy. If your MDM provider doesn't explicitly support this policy, you can manually set this policy if your MDM provider allows specific OMA-URIs to be manually set.
 
-        For example, in Intune, create a new configuration policy and add an OMA-URI. 
-        - OMA-URI:  ./Vendor/MSFT/Policy/Config/CredentialProviders/DisableAutomaticReDeploymentCredentials
-        - Data type:  Integer
-        - Value:  0
+  For example, in Intune, create a new configuration policy and add an OMA-URI. 
+  - OMA-URI:  ./Vendor/MSFT/Policy/Config/CredentialProviders/DisableAutomaticReDeploymentCredentials
+  - Data type:  Integer
+  - Value:  0
 
 - Windows Configuration Designer
     
-    You can [use Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-create-package) to set the **Runtime settings > Policies > CredentialProviders > DisableAutomaticReDeploymentCredentials** setting and create a provisioning package.
+  You can [use Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-create-package) to set the **Runtime settings > Policies > CredentialProviders > DisableAutomaticReDeploymentCredentials** setting and create a provisioning package.
 
 - Set up School PCs app
 
-    Autopilot Reset in the Set up School PCs app is available in the latest release of the app. Make sure you are running Windows 10, version 1709 on the student PCs if you want to use Autopilot Reset through the Set up School PCs app. You can check the version several ways:
+  Autopilot Reset in the Set up School PCs app is available in the latest release of the app. Make sure you're running Windows 10, version 1709 on the student PCs if you want to use Autopilot Reset through the Set up School PCs app. You can check the version several ways:
+
   - Reach out to your device manufacturer.
-  - If you manage your PCs using Intune or Intune for Education, you can check the OS version by checking the **OS version** info for the device. If  you are using another MDM provider, check the documentation for the MDM provider to confirm the OS version.
+
+  - If you manage your PCs using Intune or Intune for Education, you can check the OS version by checking the **OS version** info for the device. If  you're using another MDM provider, check the documentation for the MDM provider to confirm the OS version.
+
   - Log into the PCs, go to the **Settings > System > About** page, look in the **Windows specifications** section and confirm **Version** is set to 1709.
 
-    To use the Autopilot Reset setting in the Set up School PCs app:
+  To use the Autopilot Reset setting in the Set up School PCs app:
+
   - When using [Set up School PCs](use-set-up-school-pcs-app.md), in the **Configure student PC settings** screen, select **Enable Windows 10 Autopilot Reset** among the list of settings for the student PC as shown in the following example:
 
-    ![Configure student PC settings in Set up School PCs](images/suspc_configure_pc2.jpg)
+    ![Configure student PC settings in Set up School PCs.](images/suspc_configure_pc2.jpg)
     
 ## Trigger Autopilot Reset
 Autopilot Reset is a two-step process: trigger it and then authenticate. Once you've done these two steps, you can let the process execute and once it's done, the device is again ready for use. 
@@ -66,45 +70,51 @@ Autopilot Reset is a two-step process: trigger it and then authenticate. Once yo
 
 1. From the Windows device lock screen, enter the keystroke: **CTRL + Windows key + R**. 
 
-    ![Enter CTRL+Windows key+R on the Windows lockscreen](images/autopilot-reset-lockscreen.png)
+   ![Enter CTRL+Windows key+R on the Windows lockscreen.](images/autopilot-reset-lockscreen.png)
+
+   This keystroke will open up a custom sign-in screen for Autopilot Reset. The screen serves two purposes:
 
-    This will open up a custom login screen for Autopilot Reset. The screen serves two purposes:
    1. Confirm/verify that the end user has the right to trigger Autopilot Reset
+
    2. Notify the user in case a provisioning package, created using Windows Configuration Designer or Set up School PCs, will be used as part of the process.
 
-      ![Custom login screen for Autopilot Reset](images/autopilot-reset-customlogin.png)
+      ![Custom login screen for Autopilot Reset.](images/autopilot-reset-customlogin.png)
 
 2. Sign in with the admin account credentials. If you created a provisioning package, plug in the USB drive and trigger Autopilot Reset.
 
->[!IMPORTANT]
->To reestablish Wi-Fi connectivity after reset, make sure the **Connect automatically** box is checked for the device's wireless network connection. 
+   > [!IMPORTANT]
+   > To reestablish Wi-Fi connectivity after reset, make sure the **Connect automatically** box is checked for the device's wireless network connection. 
 
-    Once Autopilot Reset is triggered, the reset process starts. 
+   Once Autopilot Reset is triggered, the reset process starts. 
     
-    After reset, the device:
-    - Sets the region, language, and keyboard.
-    - Connects to Wi-Fi.
-    - If you provided a provisioning package when Autopilot Reset is triggered, the system will apply this new provisioning package. Otherwise, the system will re-apply the original provisioning package on the device. 
-    - Is returned to a known good managed state, connected to Azure AD and MDM.
+   After reset, the device:
 
-     ![Notification that provisioning is complete](images/autopilot-reset-provisioningcomplete.png)
+   - Sets the region, language, and keyboard.
 
-    Once provisioning is complete, the device is again ready for use.
+   - Connects to Wi-Fi.
+
+   - If you provided a provisioning package when Autopilot Reset is triggered, the system will apply this new provisioning package. Otherwise, the system will reapply the original provisioning package on the device. 
+
+   - Is returned to a known good managed state, connected to Azure AD and MDM.
+
+     ![Notification that provisioning is complete.](images/autopilot-reset-provisioningcomplete.png)
+
+     Once provisioning is complete, the device is again ready for use.
 
 
 
 ## Troubleshoot Autopilot Reset
 
-Autopilot Reset will fail when the [Windows Recovery Environment (WinRE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference) is not enabled on the device. You will see `Error code: ERROR_NOT_SUPPORTED (0x80070032)`.
+Autopilot Reset will fail when the [Windows Recovery Environment (WinRE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference) isn't enabled on the device. You'll see `Error code: ERROR_NOT_SUPPORTED (0x80070032)`.
 
 To make sure WinRE is enabled, use the [REAgentC.exe tool](/windows-hardware/manufacture/desktop/reagentc-command-line-options) to run the following command:
 
-```
+```console
 reagentc /enable
 ```
 
-If Autopilot Reset fails after enabling WinRE, or if you are unable to enable WinRE, please contact [Microsoft Support](https://support.microsoft.com) for assistance.
+If Autopilot Reset fails after enabling WinRE, or if you're unable to enable WinRE, kindly contact [Microsoft Support](https://support.microsoft.com) for assistance.
 
-## Related topics
+## Related articles
 
-[Set up Windows devices for education](set-up-windows-10.md)
\ No newline at end of file
+[Set up Windows devices for education](set-up-windows-10.md)
diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md
index aafc6c622f..9a828c6755 100644
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@@ -42,7 +42,7 @@ New or changed topic | Description
 | [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md) | Updated the list of device manufacturers. |
 | [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md) | Updated instances of the parameter enablePrint, or enablePrinting, to requirePrinting. |
 | [Set up Take a Test on a single PC](take-a-test-single-pc.md) | Updated instances of the parameter enablePrint, or enablePrinting, to requirePrinting. |
-| [Take a Test app technical reference](take-a-test-app-technical.md) | Added a note that the Alt+F4 key combination for enabling students to exit the test is disabled in Windows 10, version 1703 (Creators Update) and later. Also added additional info about the Ctrl+Alt+Del key combination. |
+| [Take a Test app technical reference](take-a-test-app-technical.md) | Added a note that the Alt+F4 key combination for enabling students to exit the test is disabled in Windows 10, version 1703 (Creators Update) and later. Also added more information about the Ctrl+Alt+Del key combination. |
 
 ## RELEASE: Windows 10, version 1709 (Fall Creators Update)
 
@@ -62,7 +62,7 @@ New or changed topic | Description
 
 | New or changed topic | Description |
 | --- | ---- |
-| [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md) | New. Find out how you can test Windows 10 S on a variety of Windows 10 devices (except Windows 10 Home) in your school and share your feedback with us. |
+| [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md) | New. Find out how you can test Windows 10 S on various Windows 10 devices (except Windows 10 Home) in your school and share your feedback with us. |
 | [Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Updated the instructions to reflect the new or updated functionality in the latest version of the app. |
 
 ## July 2017
@@ -85,16 +85,16 @@ New or changed topic | Description
 
 | New or changed topic | Description |
 | --- | ---- |
-| [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) | New. If you have an education tenant and use devices Windows 10 Pro or Windows 10 S in your schools, find out how you can opt-in to a free switch to Windows 10 Pro Education. |
+| [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) | New. If you have an education tenant and use devices Windows 10 Pro or Windows 10 S in your schools, find out how you can opt in to a free switch to Windows 10 Pro Education. |
 | [Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Updated. Now includes network tips and updated step-by-step instructions that show the latest updates to the app such as Wi-Fi setup. |
 
 ## RELEASE: Windows 10, version 1703 (Creators Update)
 
 | New or changed topic | Description|
 | --- | --- |
-| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](/microsoft-365/education/deploy/) | New. Learn how you can you can quickly and easily use the new Microsoft Education system to implement a full IT cloud solution for your school. |
+| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](/microsoft-365/education/deploy/) | New. Learn how you can quickly and easily use the new Microsoft Education system to implement a full IT cloud solution for your school. |
 | [Microsoft Education documentation and resources](/education) | New. Find links to more content for IT admins, teachers, students, and education app developers. |
-| [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md)  | New. Provides guidance on ways to configure the OS diagnostic data, consumer experiences, Cortana, search, as well as some of the preinstalled apps, so that Windows is ready for your school. |
+| [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md)  | New. Provides guidance on ways to configure the OS diagnostic data, consumer experiences, Cortana, search, and some of the preinstalled apps, so that Windows is ready for your school. |
 | [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)  | Updated the screenshots and related instructions to reflect the current UI and experience.  |
 | [Set up Windows devices for education](set-up-windows-10.md) | Updated for Windows 10, version 1703. |
 | Set up School PCs app: 
               [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md) 
               [Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Updated. Describes the school-specific settings and policies that Set up School PC configures. Also provides step-by-step instructions for using the latest version of the app to create a provisioning package that you can use to set up student PCs. |
diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md
index b104042dbc..9d165c8892 100644
--- a/education/windows/change-to-pro-education.md
+++ b/education/windows/change-to-pro-education.md
@@ -17,7 +17,7 @@ manager: dansimp
 # Change to Windows 10 Pro Education from Windows 10 Pro
 Windows 10 Pro Education is a new offering in Windows 10, version 1607. This edition builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools by providing education-specific default settings.
 
-If you have an education tenant and use devices with Windows 10 Pro, global administrators can opt-in to a free change to Windows 10 Pro Education depending on your scenario.
+If you have an education tenant and use devices with Windows 10 Pro, global administrators can opt in to a free change to Windows 10 Pro Education depending on your scenario.
 - [Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode](./s-mode-switch-to-edu.md)
 
 To take advantage of this offering, make sure you meet the [requirements for changing](#requirements-for-changing). For academic customers who are eligible to change to Windows 10 Pro Education, but are unable to use the above methods, contact Microsoft Support for assistance.
@@ -43,7 +43,7 @@ For more info about Windows 10 default settings and recommendations for educatio
 
 ## Change from Windows 10 Pro to Windows 10 Pro Education
 
-For schools that want to standardize all their Windows 10 Pro devices to Windows 10 Pro Education, a global admin for the school can opt-in to a free change through the Microsoft Store for Education.
+For schools that want to standardize all their Windows 10 Pro devices to Windows 10 Pro Education, a global admin for the school can opt in to a free change through the Microsoft Store for Education.
 
 In this scenario:
 
@@ -51,7 +51,7 @@ In this scenario:
 - Any device that joins the Azure AD will change automatically to Windows 10 Pro Education.
 - The IT admin has the option to automatically roll back to Windows 10 Pro, if desired. See [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro).
 
-See [change using Microsoft Store for Education](#change-using-microsoft-store-for-education) for details on how to do this.
+See [change using Microsoft Store for Education](#change-using-microsoft-store-for-education) for details on how to turn on the change.
 
 ### Change using Intune for Education
 
@@ -65,7 +65,7 @@ See [change using Microsoft Store for Education](#change-using-microsoft-store-f
    
         **Figure 1** - Enter the details for the Windows edition change
 
-        ![Enter the details for the Windows edition change](images/i4e_editionupgrade.png)
+        ![Enter the details for the Windows edition change.](images/i4e_editionupgrade.png)
 
 3. The change will automatically be applied to the group you selected.
 
@@ -78,7 +78,7 @@ You can use Windows Configuration Designer to create a provisioning package that
 
     **Figure 2** - Enter the license key 
 
-    ![Enter the license key to change to Windows 10 Pro Education](images/wcd_productkey.png)
+    ![Enter the license key to change to Windows 10 Pro Education.](images/wcd_productkey.png)
 
 3. Complete the rest of the process for creating a provisioning package and then apply the package to the devices you want to change to Windows 10 Pro Education.
 
@@ -98,8 +98,8 @@ Academic institutions can easily move from Windows 10 Pro to Windows 10 Pro Educ
 
 When you change to Windows 10 Pro Education, you get the following benefits:
 
-- **Windows 10 Pro Education edition**. Devices currently running Windows 10 Pro, version 1607 or higher, or Windows 10 S mode, version 1703, can get Windows 10 Pro Education Current Branch (CB). This benefit does not include Long Term Service Branch (LTSB).
-- **Support from one to hundreds of users**. The Windows 10 Pro Education program does not have a limitation on the number of licenses an organization can have.
+- **Windows 10 Pro Education edition**. Devices currently running Windows 10 Pro, version 1607 or higher, or Windows 10 S mode, version 1703, can get Windows 10 Pro Education Current Branch (CB). This benefit doesn't include Long Term Service Branch (LTSB).
+- **Support from one to hundreds of users**. The Windows 10 Pro Education program doesn't have a limitation on the number of licenses an organization can have.
 - **Roll back options to Windows 10 Pro**
   - When a user leaves the domain or you turn off the setting to automatically change to Windows 10 Pro Education, the device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 30 days). 
   - For devices that originally had Windows 10 Pro edition installed, when a license expires or is transferred to another user, the Windows 10 Pro Education device seamlessly steps back down to Windows 10 Pro. 
@@ -108,13 +108,13 @@ When you change to Windows 10 Pro Education, you get the following benefits:
 
 
 ### Change using Microsoft Store for Education
-Once you enable the setting to change to Windows 10 Pro Education, the change will begin only after a user signs in to their device. The setting applies to the entire organization or tenant, so you cannot select which users will receive the change. The change will only apply to Windows 10 Pro devices.
+Once you enable the setting to change to Windows 10 Pro Education, the change will begin only after a user signs in to their device. The setting applies to the entire organization or tenant, so you can't select which users will receive the change. The change will only apply to Windows 10 Pro devices.
 
 **To turn on the automatic change to Windows 10 Pro Education**
 
 1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your work or school account.
 
-   If this is the first time you're signing into the Microsoft Store for Education, you'll be prompted to accept the Microsoft Store for Education Terms of Use.
+   If you're signing into the Microsoft Store for Education for the first time, you'll be prompted to accept the Microsoft Store for Education Terms of Use.
 
 2. Click **Manage** from the top menu and then select the **Benefits tile**.
 3. In the **Benefits** tile, look for the **Change to Windows 10 Pro Education for free** link and then click it.
@@ -123,18 +123,18 @@ Once you enable the setting to change to Windows 10 Pro Education, the change wi
 
     **Figure 3** - Check the box to confirm
 
-    ![Check the box to confirm](images/msfe_manage_benefits_checktoconfirm.png)
+    ![Check the box to confirm.](images/msfe_manage_benefits_checktoconfirm.png)
 
 5. Click **Change all my devices**. 
 
     A confirmation window pops up to let you know that an email has been sent to you to enable the change. 
 
 6. Close the confirmation window and check the email to proceed to the next step.
-7. In the email, click the link to **Change to Windows 10 Pro Education**. Once you click the link, this will take you back to the Microsoft Store for Education portal.
+7. In the email, click the link to **Change to Windows 10 Pro Education**. Once you click the link, you are taken back to the Microsoft Store for Education portal.
 
 8. Click **Change now** in the **changing your device to Windows 10 Pro Education for free** page in the Microsoft Store. 
 
-    You will see a window that confirms you've successfully changed all the devices in your organization to Windows 10 Pro Education, and each Azure AD joined device running Windows 10 Pro will automatically change the next time someone in your organization signs in to the device.
+    You'll see a window that confirms you've successfully changed all the devices in your organization to Windows 10 Pro Education, and each Azure AD joined device running Windows 10 Pro will automatically change the next time someone in your organization signs in to the device.
 
 9. Click **Close** in the **Success** window.
 
@@ -146,7 +146,7 @@ Enabling the automatic change also triggers an email message notifying all globa
 So what will users experience? How will they change their devices?
 
 ### For existing Azure AD joined devices
-Existing Azure AD domain joined devices will be changed to Windows 10 Pro Education the next time the user logs in. That's it! No additional steps are needed.
+Existing Azure AD domain joined devices will be changed to Windows 10 Pro Education the next time the user logs in. That's it! No other steps are needed.
 
 ### For new devices that are not Azure AD joined
 Now that you've turned on the setting to automatically change to Windows 10 Pro Education, the users are ready to change their devices running Windows 10 Pro, version 1607 or higher, version 1703 to Windows 10 Pro Education edition.
@@ -169,13 +169,13 @@ If the Windows device is running Windows 10, version 1703, follow these steps.
 
     **Figure 4** - Select how you'd like to set up the device
 
-    ![Select how you'd like to set up the device](images/1_howtosetup.png)
+    ![Select how you'd like to set up the device.](images/1_howtosetup.png)
 
 2. On the **Sign in with Microsoft** page, enter the username and password to use with Office 365 or other services from Microsoft, and then click **Next**.
 
     **Figure 5** - Enter the account details
 
-    ![Enter the account details you use with Office 365 or other Microsoft services](images/2_signinwithms.png)
+    ![Enter the account details you use with Office 365 or other Microsoft services.](images/2_signinwithms.png)
 
 3. Go through the rest of Windows device setup. Once you're done, the device will be Azure AD joined to your school's subscription.
 
@@ -188,26 +188,26 @@ If the Windows device is running Windows 10, version 1703, follow these steps.
 
     **Figure 6** - Go to **Access work or school** in Settings
 
-    ![Go to Access work or school in Settings](images/settings_workorschool_1.png)
+    ![Go to Access work or school in Settings.](images/settings_workorschool_1.png)
 
 2. In **Access work or school**, click **Connect**.
 3. In the **Set up a work or school account** window, click the **Join this device to Azure Active Directory** option at the bottom.
 
     **Figure 7** - Select the option to join the device to Azure Active Directory
 
-    ![Select the option to join the device to Azure Active Directory](images/settings_setupworkorschoolaccount_2.png)
+    ![Select the option to join the device to Azure Active Directory.](images/settings_setupworkorschoolaccount_2.png)
 
-4. On the **Let's get you signed in** window, enter the Azure AD credentials (username and password) and sign in. This will join the device to the school's Azure AD.
+4. On the **Let's get you signed in** window, enter the Azure AD credentials (username and password) and sign in. The device is joined with the school's Azure AD.
 5. To verify that the device was successfully joined to Azure AD, go back to **Settings > Accounts > Access work or school**. You should now see a connection under the **Connect to work or school** section that indicates the device is connected to Azure AD.
 
     **Figure 8** - Verify the device connected to Azure AD
 
-    ![Verify the device is connected to Azure AD](images/settings_connectedtoazuread_3.png)
+    ![Verify the device is connected to Azure AD.](images/settings_connectedtoazuread_3.png)
 
 
 #### Step 2: Sign in using Azure AD account
 
-Once the device is joined to your Azure AD subscription, the user will sign in by using his or her Azure AD account. The Windows 10 Pro Education license associated with the user will enable Windows 10 Pro Education edition capabilities on the device.
+Once the device is joined to your Azure AD subscription, users will sign in by using their Azure AD account. The Windows 10 Pro Education license associated with the user will enable Windows 10 Pro Education edition capabilities on the device.
 
 
 #### Step 3: Verify that Pro Education edition is enabled
@@ -224,7 +224,7 @@ If there are any problems with the Windows 10 Pro Education license or the acti
 
 In some instances, users may experience problems with the Windows 10 Pro Education change. The most common problems that users may experience are as follows:
 
--   The existing operating system (Windows 10 Pro, version 1607 or higher, or version 1703) is not activated.
+-   The existing operating system (Windows 10 Pro, version 1607 or higher, or version 1703) isn't activated.
 -   The Windows 10 Pro Education change has lapsed or has been removed.
 
 Use the following figures to help you troubleshoot when users experience these common problems:
@@ -234,7 +234,7 @@ Use the following figures to help you troubleshoot when users experience these c
 Windows 10 activated and subscription active

              
 
 
-**Figure 11** - Illustrates a device on which the existing operating system is not activated, but the Windows 10 Pro Education change is active.
+**Figure 11** - Illustrates a device on which the existing operating system isn't activated, but the Windows 10 Pro Education change is active.
 
 Windows 10 not activated and subscription active

              
 
@@ -245,7 +245,7 @@ Devices must be running Windows 10 Pro, version 1607 or higher, or domain joined
 
 **To determine if a device is Azure AD joined**
 
-1.  Open a command prompt and type the following:
+1.  Open a command prompt and type the following command:
 
     ```
     dsregcmd /status
@@ -268,27 +268,27 @@ Devices must be running Windows 10 Pro, version 1607 or higher, or domain joined
 
 ### Roll back Windows 10 Pro Education to Windows 10 Pro
 
-If your organization has the Windows 10 Pro to Windows 10 Pro Education change enabled, and you decide to roll back to Windows 10 Pro or to cancel the change, you can do this by:
+If your organization has the Windows 10 Pro to Windows 10 Pro Education change enabled, and you decide to roll back to Windows 10 Pro or to cancel the change, perform the following task:
 
-- Logging into Microsoft Store for Education page and turning off the automatic change.
+- Log into Microsoft Store for Education page and turning off the automatic change.
 - Selecting the link to turn off the automatic change from the notification email sent to all global administrators.
 
-Once the automatic change to Windows 10 Pro Education is turned off, the change is effective immediately. Devices that were changed will revert to Windows 10 Pro only after the license has been refreshed (every 30 days) and the next time the user signs in. This means that a user whose device was changed may not immediately see Windows 10 Pro Education rolled back to Windows 10 Pro for up to 30 days. However, users who haven't signed in during the time that a change was enabled and then turned off will never see their device change from Windows 10 Pro.
+Once the automatic change to Windows 10 Pro Education is turned off, the change is effective immediately. Devices that were changed will revert to Windows 10 Pro only after the license has been refreshed (every 30 days) and the next time the user signs in. Therefore, users whose device was changed may not immediately see Windows 10 Pro Education rolled back to Windows 10 Pro for up to 30 days. However, users who haven't signed in during the time that a change was enabled and then turned off will never see their device change from Windows 10 Pro.
 
 > [!NOTE]  
-> Devices that were changed from  mode to Windows 10 Pro Education cannot roll back to Windows 10 Pro Education S mode.
+> Devices that were changed from  mode to Windows 10 Pro Education can't roll back to Windows 10 Pro Education S mode.
 
 **To roll back Windows 10 Pro Education to Windows 10 Pro**
 
-1. Log in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your school or work account, or follow the link from the notification email to turn off the automatic change.
+1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your school or work account, or follow the link from the notification email to turn off the automatic change.
 2. Select **Manage > Benefits** and locate the section **Windows 10 Pro Education** and follow the link.
 3. In the **Revert to Windows 10 Pro** page, click **Revert to Windows 10 Pro**.
 
     **Figure 12** - Revert to Windows 10 Pro
 
-    ![Revert to Windows 10 Pro](images/msfe_manage_reverttowin10pro.png)
+    ![Revert to Windows 10 Pro.](images/msfe_manage_reverttowin10pro.png)
 
-4. You will be asked if you're sure that you want to turn off automatic changes to Windows 10 Pro Education. Click **Yes**.
+4. You'll be asked if you're sure that you want to turn off automatic changes to Windows 10 Pro Education. Click **Yes**.
 5. Click **Close** in the **Success** page.
 
     All global admins get a confirmation email that a request was made to roll back your organization to Windows 10 Pro. If you, or another global admin, decide later that you want to turn on automatic changes again, you can do this by selecting **change to Windows 10 Pro Education for free** from the **Manage > Benefits** in the Microsoft Store for Education.
@@ -304,7 +304,7 @@ You need to synchronize these identities so that users will have a *single ident
 
 **Figure 13** - On-premises AD DS integrated with Azure AD
 
-![Illustration of Azure Active Directory Connect](images/windows-ad-connect.png)
+![Illustration of Azure Active Directory Connect.](images/windows-ad-connect.png)
 
 For more information about integrating on-premises AD DS domains with Azure AD, see these resources:
 -   [Integrating your on-premises identities with Azure Active Directory](/azure/active-directory/hybrid/whatis-hybrid-identity)
diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md
index 59da859362..37e9cba645 100644
--- a/education/windows/chromebook-migration-guide.md
+++ b/education/windows/chromebook-migration-guide.md
@@ -1,6 +1,6 @@
 ---
 title: Chromebook migration guide (Windows 10)
-description: In this guide you will learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment.
+description: In this guide, you'll learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment.
 ms.assetid: 7A1FA48A-C44A-4F59-B895-86D4D77F8BEA
 ms.reviewer: 
 manager: dansimp
@@ -22,23 +22,23 @@ ms.date: 10/13/2017
 
 -   Windows 10
 
-In this guide you will learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. You will learn how to perform the necessary planning steps, including Windows device deployment, migration of user and device settings, app migration or replacement, and cloud storage migration. You will then learn the best method to perform the migration by using automated deployment and migration tools.
+In this guide, you'll learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. You'll learn how to perform the necessary planning steps, including Windows device deployment, migration of user and device settings, app migration or replacement, and cloud storage migration. You'll then learn the best method to perform the migration by using automated deployment and migration tools.
 
 ## Plan Chromebook migration
 
 
 Before you begin to migrate Chromebook devices, plan your migration. As with most projects, there can be an urge to immediately start doing before planning. When you plan your Chromebook migration before you perform the migration, you can save countless hours of frustration and mistakes during the migration process.
 
-In the planning portion of this guide, you will identify all the decisions that you need to make and how to make each decision. At the end of the planning section, you will have a list of information you need to collect and what you need to do with the information. You will be ready to perform your Chromebook migration.
+In the planning portion of this guide, you'll identify all the decisions that you need to make and how to make each decision. At the end of the planning section, you'll have a list of information you need to collect and what you need to do with the information. You'll be ready to perform your Chromebook migration.
 
 ## Plan for app migration or replacement
 
 
-App migration or replacement is an essential part of your Chromebook migration. In this section you will plan how you will migrate or replace Chromebook (Chrome OS) apps that are currently in use with the same or equivalent Windows apps. At the end of this section, you will have a list of the active Chrome OS apps and the Windows app counterparts.
+App migration or replacement is an essential part of your Chromebook migration. In this section, you'll plan how you'll migrate or replace Chromebook (Chrome OS) apps that are currently in use with the same or equivalent Windows apps. At the end of this section, you'll have a list of the active Chrome OS apps and the Windows app counterparts.
 
 **Identify the apps currently in use on Chromebook devices**
 
-Before you can do any analysis or make decisions about which apps to migrate or replace, you need to identify which apps are currently in use on the Chromebook devices. You will create a list of apps that are currently in use (also called an app portfolio).
+Before you can do any analysis or make decisions about which apps to migrate or replace, you need to identify which apps are currently in use on the Chromebook devices. You'll create a list of apps that are currently in use (also called an app portfolio).
 
 > [!NOTE]  
 > The majority of Chromebook apps are web apps. For these apps you need to first perform Microsoft Edge compatibility testing and then publish the web app URL to the Windows users. For more information, see the [Perform app compatibility testing for web apps](#perform-testing-webapps) section.
@@ -63,7 +63,7 @@ Record the following information about each app in your app portfolio:
 
 -   App priority (how necessary is the app to the day-to-day process of the institution or a classroom? Rank as high, medium, or low)
 
-Throughout the entire app migration or replacement process, focus on the higher priority apps. Focus on lower priority apps only after you have determined what you will do with the higher priority apps.
+Throughout the entire app migration or replacement process, focus on the higher priority apps. Focus on lower priority apps only after you've determined what you'll do with the higher priority apps.
 
 ### 
 
@@ -85,13 +85,13 @@ Table 1. Google App replacements
 
  
 
-It may be that you will decide to replace Google Apps after you deploy Windows devices. For more information on making this decision, see the [Select cloud services migration strategy](#select-cs-migrationstrat) section of this guide.
+It may be that you'll decide to replace Google Apps after you deploy Windows devices. For more information on making this decision, see the [Select cloud services migration strategy](#select-cs-migrationstrat) section of this guide.
 
 **Find the same or similar apps in the Microsoft Store**
 
 In many instances, software vendors will create a version of their app for multiple platforms. You can search the Microsoft Store to find the same or similar apps to any apps not identified in the [Select Google Apps replacements](#select-googleapps) section.
 
-In other instances, the offline app does not have a version written for the Microsoft Store or is not a web app. In these cases, look for an app that provides similar functions. For example, you might have a graphing calculator offline Android app published on the Chrome OS, but the software publisher does not have a version for Windows devices. Search the Microsoft Store for a graphing calculator app that provides similar features and functionality. Use that Microsoft Store app as a replacement for the graphing calculator offline Android app published on the Chrome OS.
+In other instances, the offline app doesn't have a version written for the Microsoft Store or isn't a web app. In these cases, look for an app that provides similar functions. For example, you might have a graphing calculator offline Android app published on the Chrome OS, but the software publisher doesn't have a version for Windows devices. Search the Microsoft Store for a graphing calculator app that provides similar features and functionality. Use that Microsoft Store app as a replacement for the graphing calculator offline Android app published on the Chrome OS.
 
 Record the Windows app that replaces the Chromebook app in your app portfolio.
 
@@ -99,131 +99,58 @@ Record the Windows app that replaces the Chromebook app in your app portfolio.
 
 **Perform app compatibility testing for web apps**
 
-The majority of Chromebook apps are web apps. Because you cannot run native offline Chromebook apps on a Windows device, there is no reason to perform app compatibility testing for offline Chromebook apps. However, you may have a number of web apps that will run on both platforms.
+Most of the Chromebook apps are web apps. Because you can't run native offline Chromebook apps on a Windows device, there's no reason to perform app compatibility testing for offline Chromebook apps. However, you may have many web apps that will run on both platforms.
 
 Ensure that you test these web apps in Microsoft Edge. Record the level of compatibility for each web app in Microsoft Edge in your app portfolio.
 
 ## Plan for migration of user and device settings
 
 
-Some institutions have configured the Chromebook devices to make the devices easier to use by using the Google Chrome Admin Console. You have also probably configured the Chromebook devices to help ensure the user data access and ensure that the devices themselves are secure by using the Google Chrome Admin Console.
+Some institutions have configured the Chromebook devices to make the devices easier to use by using the Google Chrome Admin Console. You've also probably configured the Chromebook devices to help ensure the user data access and ensure that the devices themselves are secure by using the Google Chrome Admin Console.
 
 However, in addition to your centralized configuration in the Google Admin Console, Chromebook users have probably customized their device. In some instances, users may have changed the web content that is displayed when the Chrome browser starts. Or they may have bookmarked websites for future reference. Or users may have installed apps for use in the classroom.
 
-In this section, you will identify the user and device configuration settings for your Chromebook users and devices. Then you will prioritize these settings to focus on the configuration settings that are essential to your educational institution.
+In this section, you'll identify the user and device configuration settings for your Chromebook users and devices. Then you'll prioritize these settings to focus on the configuration settings that are essential to your educational institution.
 
-At the end of this section, you should have a list of Chromebook user and device settings that you want to migrate to Windows, as well as a level of priority for each setting. You may discover at the end of this section that you have few or no higher priority settings to be migrated. If this is the case, you can skip the [Perform migration of user and device settings](#migrate-user-device-settings) section of this guide.
+At the end of this section, you should have a list of Chromebook user and device settings that you want to migrate to Windows, and a level of priority for each setting. You may discover at the end of this section that you've few or no higher priority settings to be migrated. If so, you can skip the [Perform migration of user and device settings](#migrate-user-device-settings) section of this guide.
 
 **Identify Google Admin Console settings to migrate**
 
 You use the Google Admin Console (as shown in Figure 1) to manage user and device settings. These settings are applied to all the Chromebook devices in your institution that are enrolled in the Google Admin Console. Review the user and device settings in the Google Admin Console and determine which settings are appropriate for your Windows devices.
 
-![figure 1](images/chromebook-fig1-googleadmin.png)
+![figure 1.](images/chromebook-fig1-googleadmin.png)
 
 Figure 1. Google Admin Console
 
-Table 2 lists the settings in the Device Management node in the Google Admin Console. Review the settings and determine which settings you will migrate to Windows.
+Table 2 lists the settings in the Device Management node in the Google Admin Console. Review the settings and determine which settings you'll migrate to Windows.
 
 Table 2. Settings in the Device Management node in the Google Admin Console
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
              



              SectionSettings
              Network
              These settings configure the network connections for Chromebook devices and include the following settings categories:
              
-
                
-
              • Wi-Fi. Configures the Wi-Fi connections that are available. The Windows devices will need these configuration settings to connect to the same Wi-Fi networks.
                • 
-
              • Ethernet. Configures authentication for secured, wired Ethernet connections (802.1x). The Windows devices will need these configuration settings to connect to the network.
                • 
-
              • VPN. Specifies the VPN network connections used by devices when not directly connected to your intranet. The Windows devices will need the same VPN network connections for users to remotely connect to your intranet.
                • 
-
              • Certificates. Contains the certificates used for network authentication. The Windows devices will need these certificates to connect to the network.
                • 
-
              Mobile
              These settings configure and manage companion devices (such as smartphones or tablets) that are used in conjunction with the Chromebook devices and include the following settings categories:
              
-
                
-
              • Device management settings. Configures settings for mobile (companion) devices, such as device synchronization, password settings, auditing, enable remote wipe, and other settings. Record these settings so that you can ensure the same settings are applied when the devices are being managed by Microsoft Intune or another mobile device management (MDM) provider.
                • 
-
              • Device activation. Contains a list of mobile (companion) devices that need to be approved for management by using the Google Admin Console. Approve or block any devices in this list so that the list of managed devices accurately reflects active managed devices.
                • 
-
              • Managed devices. Performs management tasks on mobile (companion) devices that are managed by the Google Admin Console. Record the list of companion devices on this page so that you can ensure the same devices are managed by Intune or another MDM provider.
                • 
-
              • Set Up Apple Push Certificate. Configures the certificate that is essentially the digital signature that lets the Google Admin Console manage iOS devices. You will need this certificate if you plan to manage iOS devices by using Intune or another MDM provider.
                • 
-
              • Set Up Android for Work. Authorizes the Google Admin Console to be the MDM provider for Android devices by providing an Enterprise Mobility Management (EMM) token. You will need this token if you plan to manage Android devices by using another MDM provider.
                • 
-
              Chrome management
              These settings configure and manage companion devices (such as smartphones or tablets) that are used in conjunction with the Chromebook devices and include the following settings categories:
              
-
                
-
              • User settings. Configures user-based settings for the Chrome browser and Chromebook devices. Most of these Chromebook user-based settings can be mapped to a corresponding setting in Windows. Record the settings and then map them to settings in Group Policy or Intune.
                • 
-
              • Public session settings. Configures Public Sessions for Chrome devices that are used as kiosks, loaner devices, shared computers, or for any other work or school-related purpose for which users don't need to sign in with their credentials. You can configure Windows devices similarly by using Assigned Access. Record the settings and apps that are available in Public Sessions so that you can provide similar configuration in Assigned Access.
                • 
-
              • Device settings. Configures device-based settings for the Chrome browser and Chromebook devices. You can map most of these Chromebook device-based settings to a corresponding setting in Windows. Record the settings and then map them to settings in Group Policy or Intune.
                • 
-
              • Devices. Manages Chrome device management licenses. The number of licenses recorded here should correspond to the number of licenses you will need for your new management system, such as Intune. Record the number of licenses and use those to determine how many licenses you will need to manage your Windows devices.
                • 
-
              • App Management. Provides configuration settings for Chrome apps. Record the settings for any apps that you have identified that will run on Windows devices.
                • 
-
              
+|Section  |Settings  |
+|---------|---------|
+|Network     | 
              These settings configure the network connections for Chromebook devices and include the following settings categories:
              •  **Wi-Fi.** Configures the Wi-Fi connections that are available. The Windows devices will need these configuration settings to connect to the same Wi-Fi networks.
                •  
              • **Ethernet.** Configures authentication for secured, wired Ethernet connections (802.1x). The Windows devices will need these configuration settings to connect to the network.
              • **VPN.** Specifies the VPN network connections used by devices when not directly connected to your intranet. The Windows devices will need the same VPN network connections for users to remotely connect to your intranet.
              • **Certificates.** Contains the certificates used for network authentication. The Windows devices will need these certificates to connect to the network.
                        |
+|Mobile     |These settings configure and manage companion devices (such as smartphones or tablets) that are used in conjunction with the Chromebook devices and include the following settings categories:
                   
                • **Device management settings.** Configures settings for mobile (companion) devices, such as device synchronization, password settings, auditing, enable remote wipe, and other settings. Record these settings so that you can ensure the same settings are applied when the devices are being managed by Microsoft Intune or another mobile device management (MDM) provider.
                • **Device activation.** Contains a list of mobile (companion) devices that need to be approved for management by using the Google Admin Console. Approve or block any devices in this list so that the list of managed devices accurately reflects active managed devices.
                • **Managed devices.** Performs management tasks on mobile (companion) devices that are managed by the Google Admin Console. Record the list of companion devices on this page so that you can ensure the same devices are managed by Intune or another MDM provider.
                •  **Set Up Apple Push Certificate.** Configures the certificate that is essentially the digital signature that lets the Google Admin Console manage iOS devices. You'll need this certificate if you plan to manage iOS devices by using Intune or another MDM provider. 
                • **Set Up Android for Work.** Authorizes the Google Admin Console to be the MDM provider for Android devices by providing an Enterprise Mobility Management (EMM) token. You'll need this token if you plan to manage Android devices by using another MDM provider.        |
+|Chrome management    |These settings configure and manage companion devices (such as smartphones or tablets) that are used in conjunction with the Chromebook devices and include the following settings categories:
                     
                  • **User settings.** Configures user-based settings for the Chrome browser and Chromebook devices. Most of these Chromebook user-based settings can be mapped to a corresponding setting in Windows. Record the settings and then map them to settings in Group Policy or Intune.
                  • **Public session settings.** Configures Public Sessions for Chrome devices that are used as kiosks, loaner devices, shared computers, or for any other work or school-related purpose for which users don't need to sign in with their credentials. You can configure Windows devices similarly by using Assigned Access. Record the settings and apps that are available in Public Sessions so that you can provide similar configuration in Assigned Access.
                  •  **Device settings.** Configures device-based settings for the Chrome browser and Chromebook devices. You can map most of these Chromebook device-based settings to a corresponding setting in Windows. Record the settings and then map them to settings in Group Policy or Intune.
                  • **Devices.** Manages Chrome device management licenses. The number of licenses recorded here should correspond to the number of licenses you'll need for your new management system, such as Intune. Record the number of licenses and use those to determine how many licenses you'll need to manage your Windows devices 
                  • **App Management.** Provides configuration settings for Chrome apps. Record the settings for any apps that you've identified that will run on Windows devices.      |
 
- 
-
-Table 3 lists the settings in the Security node in the Google Admin Console. Review the settings and determine which settings you will migrate to Windows.
+Table 3 lists the settings in the Security node in the Google Admin Console. Review the settings and determine which settings you'll migrate to Windows.
 
 Table 3. Settings in the Security node in the Google Admin Console
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    SectionSettings
                    Basic settings
                    These settings configure password management and whether or not two-factor authentication (2FA) is configured. You can set the minimum password length, the maximum password length, if non-admin users can recover their own passwords, and enable 2FA.
                    
-
                    Record these settings and use them to help configure your on-premises Active Directory or Azure Active Directory (Azure AD) to mirror the current behavior of your Chromebook environment.
                    Password monitoring
                    This section is used to monitor the strength of user passwords. You don’t need to migrate any settings in this section.
                    API reference
                    This section is used to enable access to various Google Apps Administrative APIs. You don’t need to migrate any settings in this section.
                    Set up single sign-on (SSO)
                    This section is used to configure SSO for Google web-based apps (such as Google Apps Gmail or Google Apps Calendar). While you don’t need to migrate any settings in this section, you probably will want to configure Azure Active Directory synchronization to replace Google-based SSO.
                    Advanced settings
                    This section is used to configure administrative access to user data and to configure the Google Secure Data Connector (which allows Google Apps to access data on your local network). You don’t need to migrate any settings in this section.
                    
-
- 
+|Section|Settings|
+|--- |--- |
+|Basic settings|These settings configure password management and whether or not two-factor authentication (2FA) is configured. You can set the minimum password length, the maximum password length, if non-admin users can recover their own passwords, and enable 2FA.
                     Record these settings and use them to help configure your on-premises Active Directory or Azure Active Directory (Azure AD) to mirror the current behavior of your Chromebook environment.|
+|Password monitoring|This section is used to monitor the strength of user passwords. You don’t need to migrate any settings in this section.|
+|API reference|This section is used to enable access to various Google Apps Administrative APIs. You don’t need to migrate any settings in this section.|
+|Set up single sign-on (SSO)|This section is used to configure SSO for Google web-based apps (such as Google Apps Gmail or Google Apps Calendar). While you don’t need to migrate any settings in this section, you probably will want to configure Azure Active Directory synchronization to replace Google-based SSO.|
+|Advanced settings|This section is used to configure administrative access to user data and to configure the Google Secure Data Connector (which allows Google Apps to access data on your local network). You don’t need to migrate any settings in this section.|
 
 **Identify locally-configured settings to migrate**
 
-In addition to the settings configured in the Google Admin Console, users may have locally configured their devices based on their own personal preferences (as shown in Figure 2). Table 4 lists the Chromebook user and device settings that you can locally configure. Review the settings and determine which settings you will migrate to Windows. Some of the settings listed in Table 4 can only be seen when you click the **Show advanced settings** link (as shown in Figure 2).
+In addition to the settings configured in the Google Admin Console, users may have locally configured their devices based on their own personal preferences (as shown in Figure 2). Table 4 lists the Chromebook user and device settings that you can locally configure. Review the settings and determine which settings you'll migrate to Windows. Some of the settings listed in Table 4 can only be seen when you click the **Show advanced settings** link (as shown in Figure 2).
 
-![figure 2](images/fig2-locallyconfig.png)
+![figure 2.](images/fig2-locallyconfig.png)
 
-Figure 2. Locally-configured settings on Chromebook
+Figure 2. Locally configured settings on Chromebook
 
 Table 4. Locally-configured settings
 
@@ -256,32 +183,32 @@ Also, as a part of this planning process, consider settings that may not be curr
 
 **Prioritize settings to migrate**
 
-After you have collected all the Chromebook user, app, and device settings that you want to migrate, you need to prioritize each setting. Evaluate each setting and assign a priority to the setting based on the levels of high, medium, and low.
+After you've collected all the Chromebook user, app, and device settings that you want to migrate, you need to prioritize each setting. Evaluate each setting and assign a priority to the setting based on the levels of high, medium, and low.
 
-Assign the setting-migration priority based on how critical the setting is to the faculty performing their day-to-day tasks and how the setting affects the curriculum in the classrooms. Focus on the migration of higher priority settings and put less effort into the migration of lower priority settings. There may be some settings that are not necessary at all and can be dropped from your list of settings entirely. Record the setting priority in the list of settings you plan to migrate.
+Assign the setting-migration priority based on how critical the setting is to the faculty performing their day-to-day tasks and how the setting affects the curriculum in the classrooms. Focus on the migration of higher priority settings and put less effort into the migration of lower priority settings. There may be some settings that aren't necessary at all and can be dropped from your list of settings entirely. Record the setting priority in the list of settings you plan to migrate.
 
 ## Plan for email migration
 
 
-Many of your users may be using Google Apps Gmail to manage their email, calendars, and contacts. You need to create the list of users you will migrate and the best time to perform the migration.
+Many of your users may be using Google Apps Gmail to manage their email, calendars, and contacts. You need to create the list of users you'll migrate and the best time to perform the migration.
 
 Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information, see [Migrate Google Apps mailboxes to Office 365](/Exchange/mailbox-migration/migrating-imap-mailboxes/migrate-g-suite-mailboxes).
 
 **Identify the list of user mailboxes to migrate**
 
-In regards to creating the list of users you will migrate, it might seem that the answer “all the users” might be the best one. However, depending on the time you select for migration, only a subset of the users may need to be migrated. For example, you may not persist student email accounts between semesters or between academic years. In this case you would only need to migrate faculty and staff.
+With regard to creating the list of users you'll migrate, it might seem that the answer “all the users” might be the best one. However, depending on the time you select for migration, only a subset of the users may need to be migrated. For example, you may not persist student email accounts between semesters or between academic years. In this case, you would only need to migrate faculty and staff.
 
-Also, when you perform a migration it is a great time to verify that all user mailboxes are active. In many environments there are a significant number of mailboxes that were provisioned for users that are no longer a part of the institution (such as interns or student assistants). You can eliminate these users from your list of user mailboxes to migrate.
+Also, when you perform a migration, it's a great time to verify that all user mailboxes are active. In many environments there are a significant number of mailboxes that were provisioned for users that are no longer a part of the institution (such as interns or student assistants). You can eliminate these users from your list of user mailboxes to migrate.
 
 Create your list of user mailboxes to migrate in Excel 2016 based on the format described in step 7 in [Create a list of Gmail mailboxes to migrate](/Exchange/mailbox-migration/migrating-imap-mailboxes/migrate-g-suite-mailboxes). If you follow this format, you can use the Microsoft Excel spreadsheet to perform the actual migration later in the process.
 
 **Identify companion devices that access Google Apps Gmail**
 
-In addition to Chromebook devices, users may have companion devices (smartphones, tablets, desktops, laptops, and so on) that also access the Google Apps Gmail mailbox. You will need to identify those companion devices and identify the proper configuration for those devices to access Office 365 mailboxes.
+In addition to Chromebook devices, users may have companion devices (smartphones, tablets, desktops, laptops, and so on) that also access the Google Apps Gmail mailbox. You'll need to identify those companion devices and identify the proper configuration for those devices to access Office 365 mailboxes.
 
-After you have identified each companion device, verify the settings for the device that are used to access Office 365. You only need to test one type of each companion device. For example, if users use Android phones to access Google Apps Gmail mailboxes, configure the device to access Office 365 and then record those settings. You can publish those settings on a website or to your helpdesk staff so that users will know how to access their Office 365 mailbox.
+After you've identified each companion device, verify the settings for the device that are used to access Office 365. You only need to test one type of each companion device. For example, if users use Android phones to access Google Apps Gmail mailboxes, configure the device to access Office 365 and then record those settings. You can publish those settings on a website or to your helpdesk staff so that users will know how to access their Office 365 mailbox.
 
-In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify this on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690254).
+In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify these credentials on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690254).
 
 **Identify the optimal timing for the migration**
 
@@ -292,13 +219,13 @@ Ensure that you communicate the time the migration will occur to your users well
 ## Plan for cloud storage migration
 
 
-Chromebook devices have limited local storage. So, most of your users will store data in cloud storage, such as Google Drive. You will need to plan how to migrate your cloud storage as a part of the Chromebook migration process.
+Chromebook devices have limited local storage. So, most of your users will store data in cloud storage, such as Google Drive. You'll need to plan how to migrate your cloud storage as a part of the Chromebook migration process.
 
-In this section, you will create a list of the existing cloud services, select the Microsoft cloud services that best meet your needs, and then optimize your cloud storage services migration plan.
+In this section, you'll create a list of the existing cloud services, select the Microsoft cloud services that best meet your needs, and then optimize your cloud storage services migration plan.
 
 **Identify cloud storage services currently in use**
 
-Typically, most Chromebook users use Google Drive for cloud storage services because your educational institution purchased other Google cloud services and Google Drive is a part of those services. However, some users may use cloud storage services from other vendors. For each member of your faculty and staff and for each student, create a list of cloud storage services that includes the following:
+Typically, most Chromebook users use Google Drive for cloud storage services because your educational institution purchased other Google cloud services and Google Drive is a part of those services. However, some users may use cloud storage services from other vendors. For each member of your faculty and staff and for each student, create a list of cloud storage services that includes the following details:
 
 -   Name of the cloud storage service
 
@@ -308,7 +235,7 @@ Typically, most Chromebook users use Google Drive for cloud storage services bec
 
 -   Approximate storage currently in use per user
 
-Use this information as the requirements for your cloud storage services after you migrate to Windows devices. If at the end of this discovery you determine there is no essential data being stored in cloud storage services that requires migration, then you can skip to the [Plan for cloud services migration](#plan-cloud-services) section.
+Use this information as the requirements for your cloud storage services after you migrate to Windows devices. If at the end of this discovery you determine there's no essential data being stored in cloud storage services that requires migration, then you can skip to the [Plan for cloud services migration](#plan-cloud-services) section.
 
 **Optimize cloud storage services migration plan**
 
@@ -318,24 +245,24 @@ Consider the following to help optimize your cloud storage services migration pl
 
 -   **Eliminate inactive user storage.** Before you perform the cloud storage services migration, identify cloud storage that is currently allocated to inactive users. Remove this storage from your list of cloud storage to migrate.
 
--   **Eliminate or archive inactive files.** Review cloud storage to identify files that are inactive (have not been accessed for some period of time). Eliminate or archive these files so that they do not consume cloud storage.
+-   **Eliminate or archive inactive files.** Review cloud storage to identify files that are inactive (haven't been accessed for some period of time). Eliminate or archive these files so that they don't consume cloud storage.
 
--   **Consolidate cloud storage services.** If multiple cloud storage services are in use, reduce the number of cloud storage services and standardize on one cloud storage service. This will help reduce management complexity, support time, and typically will reduce cloud storage costs.
+-   **Consolidate cloud storage services.** If multiple cloud storage services are in use, reduce the number of cloud storage services and standardize on one cloud storage service. This standardization will help reduce management complexity, support time, and typically will reduce cloud storage costs.
 
 Record your optimization changes in your cloud storage services migration plan.
 
 ## Plan for cloud services migration
 
 
-Many of your users may use cloud services on their Chromebook device, such as Google Apps, Google Drive, or Google Apps Gmail. You have planned for these individual cloud services in the [Plan for app migration or replacement](#plan-app-migrate-replace), [Plan for Google Apps Gmail to Office 365 migration](#plan-email-migrate), and [Plan for cloud storage migration](#plan-cloud-storage-migration) sections.
+Many of your users may use cloud services on their Chromebook device, such as Google Apps, Google Drive, or Google Apps Gmail. You've planned for these individual cloud services in the [Plan for app migration or replacement](#plan-app-migrate-replace), [Plan for Google Apps Gmail to Office 365 migration](#plan-email-migrate), and [Plan for cloud storage migration](#plan-cloud-storage-migration) sections.
 
-In this section, you will create a combined list of these cloud services and then select the appropriate strategy to migrate these cloud services.
+In this section, you'll create a combined list of these cloud services and then select the appropriate strategy to migrate these cloud services.
 
 ### 
 
 **Identify cloud services currently in use**
 
-You have already identified the individual cloud services that are currently in use in your educational institution in the [Plan for app migration or replacement](#plan-app-migrate-replace), [Plan for Google Apps Gmail to Office 365 migration](#plan-email-migrate), and [Plan for cloud storage migration](#plan-cloud-storage-migration) sections. Create a unified list of these cloud services and record the following about each service:
+You've already identified the individual cloud services that are currently in use in your educational institution in the [Plan for app migration or replacement](#plan-app-migrate-replace), [Plan for Google Apps Gmail to Office 365 migration](#plan-email-migrate), and [Plan for cloud storage migration](#plan-cloud-storage-migration) sections. Create a unified list of these cloud services and record the following about each service:
 
 -   Cloud service name
 
@@ -347,9 +274,9 @@ You have already identified the individual cloud services that are currently in
 
 One of the first questions you should ask after you identify the cloud services currently in use is, “Why do we need to migrate from these cloud services?” The answer to this question largely comes down to finances and features.
 
-Here is a list of reasons that describe why you might want to migrate from an existing cloud service to Microsoft cloud services:
+Here's a list of reasons that describe why you might want to migrate from an existing cloud service to Microsoft cloud services:
 
--   **Better integration with Office 365.** If your long-term strategy is to migrate to Office 365 apps (such as Word 2016 or Excel 2016) then a migration to Microsoft cloud services will provide better integration with these apps. The use of existing cloud services may not be as intuitive for users. For example, Office 365 apps will integrate better with OneDrive for Business compared to Google Drive.
+-   **Better integration with Office 365.** If your long-term strategy is to migrate to Office 365 apps (such as Word 2016 or Excel 2016), then a migration to Microsoft cloud services will provide better integration with these apps. The use of existing cloud services may not be as intuitive for users. For example, Office 365 apps will integrate better with OneDrive for Business compared to Google Drive.
 
 -   **Online apps offer better document compatibility.** Microsoft Office apps (such as Word and Excel for the web) provide the highest level of compatibility with Microsoft Office documents. The Office apps allow you to open and edit documents directly from SharePoint or OneDrive for Business. Users can access the Office app from any device with Internet connectivity.
 
@@ -361,7 +288,7 @@ Review the list of existing cloud services that you created in the [Identify clo
 
 **Prioritize cloud services**
 
-After you have created your aggregated list of cloud services currently in use by Chromebook users, prioritize each cloud service. Evaluate each cloud service and assign a priority based on the levels of high, medium, and low.
+After you've created your aggregated list of cloud services currently in use by Chromebook users, prioritize each cloud service. Evaluate each cloud service and assign a priority based on the levels of high, medium, and low.
 
 Assign the priority based on how critical the cloud service is to the faculty and staff performing their day-to-day tasks and how the cloud service affects the curriculum in the classrooms. Also, make cloud services that are causing pain for the users a higher priority. For example, if users experience outages with a specific cloud service, then make migration of that cloud service a higher priority.
 
@@ -371,48 +298,48 @@ Focus on the migration of higher priority cloud services first and put less effo
 
 **Select cloud services migration strategy**
 
-When you deploy the Windows devices, should you migrate the faculty, staff, and students to the new cloud services? Perhaps. But, in most instances you will want to select a migration strategy that introduces a number of small changes over a period of time.
+When you deploy the Windows devices, should you migrate the faculty, staff, and students to the new cloud services? Perhaps. But, in most instances you'll want to select a migration strategy that introduces many small changes over a period of time.
 
 Consider the following when you create your cloud services migration strategy:
 
 -   **Introduce small changes.** The move from Chrome OS to Windows will be simple for most users as most will have exposure to Windows from home, friends, or family. However, users may not be as familiar with the apps or cloud services. Consider the move to Windows first, and then make other changes as time progresses.
 
--   **Start off by using existing apps and cloud services.** Immediately after the migration to Windows devices, you may want to consider running the existing apps and cloud services (such Google Apps, Google Apps Gmail, and Google Drive). This gives users a familiar method to perform their day-to-day tasks.
+-   **Start off by using existing apps and cloud services.** Immediately after the migration to Windows devices, you may want to consider running the existing apps and cloud services (such Google Apps, Google Apps Gmail, and Google Drive). This option gives users a familiar method to perform their day-to-day tasks.
 
--   **Resolve pain points.** If some existing apps or cloud services cause problems, you may want to migrate them sooner rather than later. In most instances, users will be happy to go through the learning curve of a new app or cloud service if it is more reliable or intuitive for them to use.
+-   **Resolve pain points.** If some existing apps or cloud services cause problems, you may want to migrate them sooner rather than later. In most instances, users will be happy to go through the learning curve of a new app or cloud service if it's more reliable or intuitive for them to use.
 
 -   **Migrate classrooms or users with common curriculum.** Migrate to Windows devices for an entire classroom or for multiple classrooms that share common curriculum. You must ensure that the necessary apps and cloud services are available for the curriculum prior to the migration of one or more classrooms.
 
--   **Migrate when the fewest number of active users are affected.** Migrate your cloud services at the end of an academic year or end of a semester. This will ensure you have minimal impact on faculty, staff, and students. Also, a migration during this time will minimize the learning curve for users as they are probably dealing with new curriculum for the next semester. Also, you may not need to migrate student apps and data because many educational institutions do not preserve data between semesters or academic years.
+-   **Migrate when the fewest number of active users are affected.** Migrate your cloud services at the end of an academic year or end of a semester. This migration will ensure you've minimal impact on faculty, staff, and students. Also, a migration during this time will minimize the learning curve for users as they're probably dealing with new curriculum for the next semester. Also, you may not need to migrate student apps and data because many educational institutions don't preserve data between semesters or academic years.
 
--   **Overlap existing and new cloud services.** For faculty and staff, consider overlapping the existing and new cloud services (having both services available) for one business cycle (end of semester or academic year) after migration. This allows you to easily recover any data that might not have migrated successfully from the existing cloud services. At a minimum, overlap the user of existing and new cloud services until the user can verify the migration. Of course, the tradeoff for using this strategy is the cost of the existing cloud services. However, depending on when license renewal occurs, the cost may be minimal.
+-   **Overlap existing and new cloud services.** For faculty and staff, consider overlapping the existing and new cloud services (having both services available) for one business cycle (end of semester or academic year) after migration. This overlap operation allows you to easily recover any data that might not have migrated successfully from the existing cloud services. At a minimum, overlap the user of existing and new cloud services until the user can verify the migration. The tradeoff for using this strategy is the cost of the existing cloud services. However, depending on when license renewal occurs, the cost may be minimal.
 
 ## Plan for Windows device deployment
 
 
 You need to plan for Windows device deployment to help ensure that the devices are successfully installed and configured to replace the Chromebook devices. Even if the vendor that provides the devices pre-loads Windows 10 on them, you still will need to perform other tasks.
 
-In this section you will select a Windows device deployment strategy; plan for Active Directory Domain Services (AD DS) and Azure AD services; plan for device, user, and app management; and plan for any necessary network infrastructure remediation.
+In this section, you'll select a Windows device deployment strategy; plan for Active Directory Domain Services (AD DS) and Azure AD services; plan for device, user, and app management; and plan for any necessary network infrastructure remediation.
 
 ### 
 
 **Select a Windows device deployment strategy**
 
-What decisions need to be made about Windows device deployment? You just put the device on a desk, hook up power, connect to Wi-Fi, and then let the users operate the device, right? That is essentially correct, but depending on the extent of your deployment and other factors, you need to consider different deployment strategies.
+What decisions need to be made about Windows device deployment? You just put the device on a desk, hook up power, connect to Wi-Fi, and then let the users operate the device, right? That approach is correct, but depending on the extent of your deployment and other factors, you need to consider different deployment strategies.
 
 For each classroom that has Chromebook devices, select a combination of the following device deployment strategies:
 
--   **Deploy one classroom at a time.** In most cases you will want to perform your deployment in batches of devices and a classroom is an excellent way to batch devices. You can treat each classroom as a unit and check each classroom off your list after you have deployed the devices.
+-   **Deploy one classroom at a time.** In most cases, you'll want to perform your deployment in batches of devices and a classroom is an excellent way to batch devices. You can treat each classroom as a unit and check each classroom off your list after you've deployed the devices.
 
--   **Deploy based on curriculum.** Deploy the Windows devices after you have confirmed that the curriculum is ready for the Windows devices. If you deploy Windows devices without the curriculum installed and tested, you could significantly reduce the ability for students and teachers to perform effectively in the classroom. Also, deployment based on curriculum has the advantage of letting you move from classroom to classroom quickly if multiple classrooms use the same curriculum.
+-   **Deploy based on curriculum.** Deploy the Windows devices after you've confirmed that the curriculum is ready for the Windows devices. If you deploy Windows devices without the curriculum installed and tested, you could significantly reduce the ability for students and teachers to perform effectively in the classroom. Also, deployment based on curriculum has the advantage of letting you move from classroom to classroom quickly if multiple classrooms use the same curriculum.
 
--   **Deploy side-by-side.** In some instances you may need to have both the Chromebook and Windows devices in one or more classrooms. You can use this strategy if some of the curriculum only works on Chromebook and other parts of the curriculum works on Windows devices. This is a good method to help prevent delays in Windows device deployment, while ensuring that students and teachers can make optimal use of technology in their curriculum.
+-   **Deploy side-by-side.** In some instances, you may need to have both the Chromebook and Windows devices in one or more classrooms. You can use this strategy if some of the curriculum only works on Chromebook and other parts of the curriculum works on Windows devices. This method helps prevent delays in Windows device deployment, while ensuring that students and teachers can make optimal use of technology in their curriculum.
 
--   **Deploy after apps and cloud services migration.** If you deploy a Windows device without the necessary apps and cloud services to support the curriculum, this provides only a portion of your complete solution. Ensure that the apps and cloud services are tested, provisioned, and ready for use prior to the deployment of Windows devices.
+-   **Deploy after apps and cloud services migration.** If you deploy a Windows device without the necessary apps and cloud services to support the curriculum, this arrangement provides only a portion of your complete solution. Ensure that the apps and cloud services are tested, provisioned, and ready for use prior to the deployment of Windows devices.
 
--   **Deploy after the migration of user and device settings.** Ensure that you have identified the user and device settings that you plan to migrate and that those settings are ready to be applied to the new Windows devices. For example, you would want to create Group Policy Objects (GPOs) to apply the user and device settings to Windows devices.
+-   **Deploy after the migration of user and device settings.** Ensure that you've identified the user and device settings that you plan to migrate and that those settings are ready to be applied to the new Windows devices. For example, you would want to create Group Policy Objects (GPOs) to apply the user and device settings to Windows devices.
 
-    If you ensure that Windows devices closely mirror the Chromebook device configuration, you will ease user learning curve and create a sense of familiarity. Also, when you have the settings ready to be applied to the devices, it helps ensure you will deploy your new Windows devices in a secure configuration.
+    If you ensure that Windows devices closely mirror the Chromebook device configuration, you'll ease user learning curve and create a sense of familiarity. Also, when you've the settings ready to be applied to the devices, it helps ensure you'll deploy your new Windows devices in a secure configuration.
 
 Record the combination of Windows device deployment strategies that you selected.
 
@@ -420,7 +347,7 @@ Record the combination of Windows device deployment strategies that you selected
 
 **Plan for AD DS and Azure AD services**
 
-The next decision you will need to make concerns AD DS and Azure AD services. You can run AD DS on-premises, in the cloud by using Azure AD, or a combination of both (hybrid). The decision about which of these options is best is closely tied to how you will manage your users, apps, and devices and if you will use Office 365 and other Azure-based cloud services.
+The next decision you'll need to make concerns AD DS and Azure AD services. You can run AD DS on-premises, in the cloud by using Azure AD, or a combination of both (hybrid). The decision about which of these options is best is closely tied to how you'll manage your users, apps, and devices and if you'll use Office 365 and other Azure-based cloud services.
 
 In the hybrid configuration, your on-premises AD DS user and group objects are synchronized with Azure AD (including passwords). The synchronization happens both directions so that changes are made in both your on-premises AD DS and Azure AD.
 
@@ -428,68 +355,20 @@ Table 5 is a decision matrix that helps you decide if you can use only on-premis
 
 Table 5. Select on-premises AD DS, Azure AD, or hybrid
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    If you plan to...On-premises AD DSAzure ADHybrid
                    Use Office 365XX
                    Use Intune for managementXX
                    Use Microsoft Endpoint Manager for managementXX
                    Use Group Policy for managementXX
                    Have devices that are domain-joinedXX
                    Allow faculty and students to Bring Your Own Device (BYOD) which are not domain-joinedXX
                    
-
- 
+|If you plan to...|On-premises AD DS|Azure AD|Hybrid|
+|--- |--- |--- |--- |
+|Use Office 365||✔️|✔️|
+|Use Intune for management||✔️|✔️|
+|Use Microsoft Endpoint Manager for management|✔️||✔️|
+|Use Group Policy for management|✔️||✔️|
+|Have devices that are domain-joined|✔️||✔️|
+|Allow faculty and students to Bring Your Own Device (BYOD) which aren't domain-joined||✔️|✔️|
 
 ### 
 
 **Plan device, user, and app management**
 
-You may ask the question, “Why plan for device, user, and app management before you deploy the device?” The answer is that you will only deploy the device once, but you will manage the device throughout the remainder of the device's lifecycle.
+You may ask the question, “Why plan for device, user, and app management before you deploy the device?” The answer is that you'll only deploy the device once, but you'll manage the device throughout the remainder of the device's lifecycle.
 
 Also, planning management before deployment is essential to being ready to support the devices as you deploy them. You want to have your management processes and technology in place when the first teachers, facility, or students start using their new Windows device.
 
@@ -497,115 +376,19 @@ Table 6 is a decision matrix that lists the device, user, and app management pro
 
 Table 6. Device, user, and app management products and technologies
 
-
---------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    








                    Desired featureWindows provisioning packagesGroup PolicyConfiguration ManagerIntuneMDTWindows Software Update Services
                    Deploy operating system imagesXXX
                    Deploy apps during operating system deploymentXXX
                    Deploy apps after operating system deploymentXXX
                    Deploy software updates during operating system deploymentXX
                    Deploy software updates after operating system deploymentXXXXX
                    Support devices that are domain-joinedXXXXX
                    Support devices that are not domain-joinedXXX
                    Use on-premises resourcesXXXX
                    Use cloud-based servicesX
                    
+|Desired feature|Windows provisioning packages|Group Policy|Configuration Manager|Intune|MDT|Windows Software Update Services|
+|--- |--- |--- |--- |--- |--- |--- |
+|Deploy operating system images|✔️||✔️||✔️||
+|Deploy apps during operating system deployment|✔️||✔️||✔️||
+|Deploy apps after operating system deployment|✔️|✔️|✔️||||
+|Deploy software updates during operating system deployment|||✔️||✔️||
+|Deploy software updates after operating system deployment|✔️|✔️|✔️|✔️||✔️|
+|Support devices that are domain-joined|✔️|✔️|✔️|✔️|✔️||
+|Support devices that aren't domain-joined|✔️|||✔️|✔️||
+|Use on-premises resources|✔️|✔️|✔️||✔️||
+|Use cloud-based services||||✔️|||
 
- 
-
-You can use Configuration Manager and Intune in conjunction with each other to provide features from both products and technologies. In some instances you may need only one of these products or technologies. In other instances, you may need two or more to meet the device, user, and app management needs for your institution.
+You can use Configuration Manager and Intune with each other to provide features from both products and technologies. In some instances, you may need only one of these products or technologies. In other instances, you may need two or more to meet the device, user, and app management needs for your institution.
 
 Record the device, user, and app management products and technologies that you selected.
 
@@ -619,7 +402,7 @@ Examine each of the following network infrastructure technologies and services a
 
 -   **Domain Name System (DNS)** provides translation between a device name and its associated IP address. For Chromebook devices, public facing, Internet DNS services are the most important. For Windows devices that only access the Internet, they have the same requirements.
 
-    However, if you intend to communicate between Windows devices (peer-to-peer or client/server) then you will need local DNS services. Windows devices will register their name and IP address with the local DNS services so that Windows devices can locate each other.
+    However, if you intend to communicate between Windows devices (peer-to-peer or client/server) then you'll need local DNS services. Windows devices will register their name and IP address with the local DNS services so that Windows devices can locate each other.
 
 -   **Dynamic Host Configuration Protocol (DHCP)** provides automatic IP configuration for devices. Your existing Chromebook devices probably use DHCP for configuration. If you plan to immediately replace the Chromebook devices with Windows devices, then you only need to release all the DHCP reservations for the Chromebook devices prior to the deployment of Windows devices.
 
@@ -629,7 +412,7 @@ Examine each of the following network infrastructure technologies and services a
 
     If you plan to significantly increase the number of Windows devices or you plan to run Chromebook and Windows devices side-by-side, then you need to ensure that Wi-Fi network can support the number of devices.
 
--   **Internet bandwidth.** Chromebook devices consume more Internet bandwidth (up to 700 times more) than Windows devices. This means that if your existing Internet bandwidth is adequate for the Chromebook devices, then the bandwidth will be more than adequate for Windows devices.
+-   **Internet bandwidth.** Chromebook devices consume more Internet bandwidth (up to 700 times more) than Windows devices. This consumption behavior means that if your existing Internet bandwidth is adequate for the Chromebook devices, then the bandwidth will be more than adequate for Windows devices.
 
     However, if you plan to significantly increase the number of Windows devices or you plan to run Chromebook and Windows devices side-by-side, then you need to ensure that your Internet connection can support the number of devices.
 
@@ -641,7 +424,7 @@ Examine each of the following network infrastructure technologies and services a
 
     -   [Microsoft Windows 8.1 Notebook vs. Chromebooks for Education](https://go.microsoft.com/fwlink/p/?LinkId=690257)
 
--   **Power.** Although not specifically a network infrastructure, you need to ensure your classrooms have adequate power. Chromebook and Windows devices should consume similar amounts of power. This means that your existing power outlets should support the same number of Windows devices.
+-   **Power.** Although not specifically a network infrastructure, you need to ensure your classrooms have adequate power. Chromebook and Windows devices should consume similar amounts of power. This condition means that your existing power outlets should support the same number of Windows devices.
 
     If you plan to significantly increase the number of Windows devices or you plan to run Chromebook and Windows devices side-by-side, you need to ensure that the power outlets, power strips, and other power management components can support the number of devices.
 
@@ -650,9 +433,9 @@ At the end of this process, you may determine that no network infrastructure rem
 ## Perform Chromebook migration
 
 
-Thus far, planning has been the primary focus. Believe it or not most of the work is now done. The rest of the Chromebook migration is just the implementation of the plan you have created.
+Thus far, planning has been the primary focus. Believe it or not most of the work is now done. The rest of the Chromebook migration is just the implementation of the plan you've created.
 
-In this section you will perform the necessary steps for the Chromebook device migration. You will perform the migration based on the planning decision that you made in the [Plan Chromebook migration](#plan-migration) section earlier in this guide.
+In this section, you'll perform the necessary steps for the Chromebook device migration. You'll perform the migration based on the planning decision that you made in the [Plan Chromebook migration](#plan-migration) section earlier in this guide.
 
 You must perform some of the steps in this section in a specific sequence. Each section has guidance about when to perform a step. You can perform other steps before, during, or after the migration. Again, each section will tell you if the sequence is important.
 
@@ -661,39 +444,14 @@ You must perform some of the steps in this section in a specific sequence. Each
 
 The first migration task is to perform any network infrastructure remediation. In the [Plan network infrastructure remediation](#plan-network-infra-remediation) section, you determined the network infrastructure remediation (if any) that you needed to perform.
 
-It is important that you perform any network infrastructure remediation first because the remaining migration steps are dependent on the network infrastructure. Table 7 lists the Microsoft network infrastructure products and technologies and deployment resources for each.
+It's important that you perform any network infrastructure remediation first because the remaining migration steps are dependent on the network infrastructure. Table 7 lists the Microsoft network infrastructure products and technologies and deployment resources for each.
 
 Table 7. Network infrastructure products and technologies and deployment resources
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Product or technologyResources
                    DHCP
                    DNS
                    
-
+|Product or technology|Resources|
+|--- |--- |
+|DHCP|
                  •  [Core Network Guide](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh911995(v=ws.11)) 
                  •  [DHCP Deployment Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd283051(v=ws.10))|
+|DNS|
                  • [Core Network Guide](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh911995(v=ws.11)) 
                  • [Deploying Domain Name System (DNS)](/previous-versions/windows/it-pro/windows-server-2003/cc780661(v=ws.10))|
  
 
 If you use network infrastructure products and technologies from other vendors, refer to the vendor documentation on how to perform the necessary remediation. If you determined that no remediation is necessary, you can skip this section.
@@ -701,108 +459,35 @@ If you use network infrastructure products and technologies from other vendors,
 ## Perform AD DS and Azure AD services deployment or remediation
 
 
-It is important that you perform AD DS and Azure AD services deployment or remediation right after you finish network infrastructure remediation. Many of the remaining migration steps are dependent on you having your identity system (AD DS or Azure AD) in place and up to necessary expectations.
+It's important that you perform AD DS and Azure AD services deployment or remediation right after you finish network infrastructure remediation. Many of the remaining migration steps are dependent on you having your identity system (AD DS or Azure AD) in place and up to necessary expectations.
 
 In the [Plan for Active Directory services](#plan-adservices) section, you determined the AD DS and/or Azure AD deployment or remediation (if any) that needed to be performed. Table 8 list AD DS, Azure AD, and the deployment resources for both. Use the resources in this table to deploy or remediate on-premises AD DS, Azure AD, or both.
 
 Table 8. AD DS, Azure AD and deployment resources
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Product or technologyResources
                    AD DS
                    Azure AD
                    
-
- 
+|Product or technology|Resources|
+|--- |--- |
+|AD DS| 
                  •  [Core Network Guide](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh911995(v=ws.11)) 
                  • [Active Directory Domain Services Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831484(v=ws.11))|
+|Azure AD| 
                  •  [Azure Active Directory documentation](/azure/active-directory/) 
                  • [Manage and support Azure Active Directory Premium](https://go.microsoft.com/fwlink/p/?LinkId=690259) 
                  • [Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines](/windows-server/identity/ad-ds/introduction-to-active-directory-domain-services-ad-ds-virtualization-level-100)|
 
 If you decided not to migrate to AD DS or Azure AD as a part of the migration, or if you determined that no remediation is necessary, you can skip this section. If you use identity products and technologies from another vendor, refer to the vendor documentation on how to perform the necessary steps.
 
 ## Prepare device, user, and app management systems
 
 
-In the [Plan device, user, and app management](#plan-userdevapp-manage) section of this guide, you selected the products and technologies that you will use to manage devices, users, and apps on Windows devices. You need to prepare your management systems prior to Windows 10 device deployment. You will use these management systems to manage the user and device settings that you selected to migrate in the [Plan for migration of user and device settings](#plan-migrate-user-device-settings) section. You need to prepare these systems prior to the migration of user and device settings.
+In the [Plan device, user, and app management](#plan-userdevapp-manage) section of this guide, you selected the products and technologies that you'll use to manage devices, users, and apps on Windows devices. You need to prepare your management systems prior to Windows 10 device deployment. You'll use these management systems to manage the user and device settings that you selected to migrate in the [Plan for migration of user and device settings](#plan-migrate-user-device-settings) section. You need to prepare these systems prior to the migration of user and device settings.
 
 Table 9 lists the Microsoft management systems and the deployment resources for each. Use the resources in this table to prepare (deploy or remediate) these management systems.
 
 Table 9. Management systems and deployment resources
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Management systemResources
                    Windows provisioning packages
                    Group Policy
                    Configuration Manager
                    Intune
                    MDT
                    
-
- 
+|Management system|Resources|
+|--- |--- |
+|Windows provisioning packages| 
                  •  [Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package) 
                  • [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd) 
                  •  [Step-By-Step: Building Windows 10 Provisioning Packages](/archive/blogs/canitpro/step-by-step-building-windows-10-provisioning-packages)|
+|Group Policy|
                  •  [Core Network Companion Guide: Group Policy Deployment](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj899807(v=ws.11)) 
                  •  [Deploying Group Policy](/previous-versions/windows/it-pro/windows-server-2003/cc737330(v=ws.10))"|
+|Configuration Manager| 
                  •  [Site Administration for System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg681983(v=technet.10)) 
                  •  [Deploying Clients for System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg699391(v=technet.10))|
+|Intune| 
                  •  [Set up and manage devices with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=690262) 
                  •  [System Center 2012 R2 Configuration Manager &amp; Windows Intune](/learn/?l=fCzIjVKy_6404984382)|
+|MDT| 
                  •  [Step-By-Step: Installing Windows 8.1 From A USB Key](/archive/blogs/canitpro/step-by-step-installing-windows-8-1-from-a-usb-key)|
 
 If you determined that no new management system or no remediation of existing systems is necessary, you can skip this section. If you use a management system from another vendor, refer to the vendor documentation on how to perform the necessary steps.
 
@@ -815,44 +500,11 @@ In this step, you need to configure your management system to deploy the apps to
 
 Table 10. Management systems and app deployment resources
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Management systemResources
                    Group Policy
                    Configuration Manager
                    Intune
                    
-
- 
+|Management system|Resources|
+|--- |--- |
+|Group Policy| 
                  •  [Editing an AppLocker Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791894(v=ws.10)) 
                  •  [Group Policy Software Deployment Background](/previous-versions/windows/it-pro/windows-server-2003/cc739305(v=ws.10)) 
                  •  [Assigning and Publishing Software](/previous-versions/windows/it-pro/windows-server-2003/cc783635(v=ws.10))|
+|Configuration Manager| 
                  •  [How to Deploy Applications in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682082(v=technet.10)) 
                  •  [Application Management in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg699373(v=technet.10))|
+|Intune| 
                  •  [Manage apps with Microsoft Intune](/mem/intune/)|
 
 If you determined that no deployment of apps is necessary, you can skip this section. If you use a management system from another vendor, refer to the vendor documentation on how to perform the necessary steps.
 
@@ -895,7 +547,7 @@ Alternatively, if you want to migrate to Office 365 from:
 ## Perform cloud storage migration
 
 
-In the [Plan for cloud storage migration](#plan-cloud-storage-migration) section, you identified the cloud storage services currently in use, selected the Microsoft cloud storage services that you will use, and optimized your cloud storage services migration plan. You can perform the cloud storage migration before or after you deploy the Windows devices.
+In the [Plan for cloud storage migration](#plan-cloud-storage-migration) section, you identified the cloud storage services currently in use, selected the Microsoft cloud storage services that you'll use, and optimized your cloud storage services migration plan. You can perform the cloud storage migration before or after you deploy the Windows devices.
 
 Manually migrate the cloud storage migration by using the following steps:
 
@@ -909,7 +561,7 @@ Manually migrate the cloud storage migration by using the following steps:
 
 5.  Optionally uninstall the Google Drive app.
 
-There are also a number of software vendors who provide software that helps automate the migration from Google Drive to OneDrive for Business, Office 365 SharePoint, or OneDrive. For more information about these automated migration tools, contact the vendors.
+There are also many software vendors who provide software that helps automate the migration from Google Drive to OneDrive for Business, Office 365 SharePoint, or OneDrive. For more information about these automated migration tools, contact the vendors.
 
 ## Perform cloud services migration
 
@@ -918,7 +570,7 @@ In the [Plan for cloud services migration](#plan-cloud-services)section, you ide
 
 Migrate the cloud services that you currently use to the Microsoft cloud services that you selected. For example, you could migrate from a collaboration website to Office 365 SharePoint. Perform the cloud services migration based on the existing cloud services and the Microsoft cloud services that you selected.
 
-There are also a number of software vendors who provide software that helps automate the migration from other cloud services to Microsoft cloud services. For more information about these automated migration tools, contact the vendors.
+There are also many software vendors who provide software that helps automate the migration from other cloud services to Microsoft cloud services. For more information about these automated migration tools, contact the vendors.
 
 ## Perform Windows device deployment
 
@@ -933,8 +585,6 @@ In some instances, you may receive the devices with Windows 10 already deployed
 
 -   [Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package)
 
--   [MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=690324)
-
 -   [Step-By-Step: Installing Windows 8.1 From A USB Key](/archive/blogs/canitpro/step-by-step-installing-windows-8-1-from-a-usb-key)
 
 -   [Operating System Deployment in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682018(v=technet.10))
diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md
index f662b8ac78..6d0c2694a5 100644
--- a/education/windows/configure-windows-for-education.md
+++ b/education/windows/configure-windows-for-education.md
@@ -1,6 +1,6 @@
 ---
 title: Windows 10 configuration recommendations for education customers
-description: Provides guidance on ways to configure the OS diagnostic data, consumer experiences, Cortana, search, as well as some of the preinstalled apps, so that Windows is ready for your school.
+description: Provides guidance on ways to configure the OS diagnostic data, consumer experiences, Cortana, search, and some of the preinstalled apps, so that Windows is ready for your school.
 keywords: Windows 10 deployment, recommendations, privacy settings, school, education, configurations, accessibility, assistive technology
 ms.mktglfcycl: plan
 ms.sitesec: library
@@ -20,24 +20,24 @@ manager: dansimp
 -   Windows 10
 
 
-Privacy is important to us, we want to provide you with ways to customize the OS diagnostic data, consumer experiences, Cortana, search, as well as some of the preinstalled apps, for usage with [education editions of Windows 10](windows-editions-for-education-customers.md) in education environments. These features work on all Windows 10 editions, but education editions of Windows 10 have the settings preconfigured. We recommend that all Windows 10 devices in an education setting be configured with **[SetEduPolicies](#setedupolicies)** enabled. See the following table for more information. To learn more about Microsoft's commitment to privacy, see [Windows 10 and privacy](https://go.microsoft.com/fwlink/?LinkId=809305).
+Privacy is important to us, we want to provide you with ways to customize the OS diagnostic data, consumer experiences, Cortana, search, and some of the preinstalled apps, for usage with [education editions of Windows 10](windows-editions-for-education-customers.md) in education environments. These features work on all Windows 10 editions, but education editions of Windows 10 have the settings preconfigured. We recommend that all Windows 10 devices in an education setting be configured with **[SetEduPolicies](#setedupolicies)** enabled. For more information, see the following table. To learn more about Microsoft's commitment to privacy, see [Windows 10 and privacy](https://go.microsoft.com/fwlink/?LinkId=809305).
 
-We want all students to have the chance to use the apps they need for success in the classroom and all school personnel to have apps they need for their job. Students and school personnel who use assistive technology apps not available in the Microsoft Store for Education, and use devices running Windows 10 S, will be able to configure the device at no additional charge to Windows 10 Pro Education. To learn more about the steps to configure this, see [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md).
+We want all students to have the chance to use the apps they need for success in the classroom and all school personnel to have apps they need for their job. Students and school personnel who use assistive technology apps not available in the Microsoft Store for Education, and use devices running Windows 10 S, will be able to configure the device at no extra charge to Windows 10 Pro Education. To learn more about the steps to configure this device, see [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md).
 
-In Windows 10, version 1703 (Creators Update), it is straightforward to configure Windows to be education ready.
+In Windows 10, version 1703 (Creators Update), it's straightforward to configure Windows to be education ready.
 
-| Area | How to configure | What this does | Windows 10 Education | Windows 10 Pro Education | Windows 10 S | 
+| Area | How to configure | What this area does | Windows 10 Education | Windows 10 Pro Education | Windows 10 S | 
 | --- | --- | --- | --- | --- | --- |
-| **Diagnostic Data** | **AllowTelemetry** | Sets Diagnostic Data to [Basic](/windows/configuration/configure-windows-telemetry-in-your-organization) | This is already set | This is already set | The policy must be set |
-| **Microsoft consumer experiences** | **SetEduPolicies** | Disables suggested content from Windows such as app recommendations | This is already set | This is already set | The policy must be set |
+| **Diagnostic Data** | **AllowTelemetry** | Sets Diagnostic Data to [Basic](/windows/configuration/configure-windows-telemetry-in-your-organization) | This feature is already set | This feature is already set | The policy must be set |
+| **Microsoft consumer experiences** | **SetEduPolicies** | Disables suggested content from Windows such as app recommendations | This feature is already set | This feature is already set | The policy must be set |
 | **Cortana** | **AllowCortana** | Disables Cortana 

                     * Cortana is enabled by default on all editions in Windows 10, version 1703 | If using Windows 10 Education, upgrading from Windows 10, version 1607 to Windows 10, version 1703 will enable Cortana. 

                     See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. | If using Windows 10 Pro Education, upgrading from Windows 10, version 1607 to Windows 10, version 1703 will enable Cortana. 

                     See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. | See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. |
-| **Safe search** | **SetEduPolicies** | Locks Bing safe search to Strict in Microsoft Edge | This is already set | This is already set | The policy must be set |
+| **Safe search** | **SetEduPolicies** | Locks Bing safe search to Strict in Microsoft Edge | This feature is already set | This feature is already set | The policy must be set |
 | **Bing search advertising** | Ad free search with Bing | Disables ads when searching the internet with Bing in Microsoft Edge. See [Ad-free search with Bing](#ad-free-search-with-bing | View configuration instructions as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | View configuration instructions as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | View configuration instructions as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) |
-| **Apps** | **SetEduPolicies** | Preinstalled apps like Microsoft Edge, Movies & TV, Groove, and Skype become education ready 

                     * Any app can detect Windows is running in an education ready configuration through [IsEducationEnvironment](/uwp/api/windows.system.profile.educationsettings) | This is already set | This is already set | The policy must be set |
+| **Apps** | **SetEduPolicies** | Preinstalled apps like Microsoft Edge, Movies & TV, Groove, and Skype become education ready 

                     * Any app can detect Windows is running in an education ready configuration through [IsEducationEnvironment](/uwp/api/windows.system.profile.educationsettings) | This feature is already set | This feature is already set | The policy must be set |
 
 
 ## Recommended configuration
-It is easy to be education ready when using Microsoft products. We recommend the following configuration:
+It's easy to be education ready when using Microsoft products. We recommend the following configuration:
 
 1. Use an Office 365 Education tenant. 
 
@@ -49,15 +49,15 @@ It is easy to be education ready when using Microsoft products. We recommend the
 
 3. On PCs running Windows 10, version 1703:
    1. Provision the PC using one of these methods:
-      * [Provision PCs with the Set up School PCs app](use-set-up-school-pcs-app.md) - This will automatically set both **SetEduPolicies** to True and **AllowCortana** to False.
+      * [Provision PCs with the Set up School PCs app](use-set-up-school-pcs-app.md) - The usage of this method will automatically set both **SetEduPolicies** to True and **AllowCortana** to False.
       * [Provision PCs with a custom package created with Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-create-package) - Make sure to set both **SetEduPolicies** to True and **AllowCortana** to False.
    2. Join the PC to Azure Active Directory.
       * Use Set up School PCs or Windows Configuration Designer to bulk enroll to Azure AD.
       * Manually Azure AD join the PC during the Windows device setup experience.
    3. Enroll the PCs in MDM.
-      * If you have activated Intune for Education in your Azure AD tenant, enrollment will happen automatically when the PC is joined to Azure AD. Intune for Education will automatically set **SetEduPolicies** to True and **AllowCortana** to False.
+      * If you've activated Intune for Education in your Azure AD tenant, enrollment will happen automatically when the PC is joined to Azure AD. Intune for Education will automatically set **SetEduPolicies** to True and **AllowCortana** to False.
    4. Ensure that needed assistive technology apps can be used.
-      * If you have students or school personnel who rely on assistive technology apps that are not available in the Microsoft Store for Education, and who are using a Windows 10 S device, configure their device to Windows 10 Pro Education to allow the download and use of non-Microsoft Store assistive technology apps. See [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) for more info.
+      * If you've students or school personnel who rely on assistive technology apps that aren't available in the Microsoft Store for Education, and who are using a Windows 10 S device, configure their device to Windows 10 Pro Education to allow the download and use of non-Microsoft Store assistive technology apps. See [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) for more info.
 
 4. Distribute the PCs to students.
 
@@ -77,7 +77,7 @@ You can set all the education compliance areas through both provisioning and man
 - [Intune for Education](/intune-education/available-settings)
 
 ## AllowCortana
-**AllowCortana** is a policy that enables or disables Cortana. It is a policy node in the Policy configuration service provider, [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana). 
+**AllowCortana** is a policy that enables or disables Cortana. It's a policy node in the Policy configuration service provider, [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana). 
 
 > [!NOTE]
 > See the [Recommended configuration](#recommended-configuration) section for recommended Cortana settings.
@@ -94,22 +94,22 @@ Use one of these methods to set this policy.
     - Data type:  Integer
     - Value:  0
 
-      ![Create an OMA URI for AllowCortana](images/allowcortana_omauri.png)
+      ![Create an OMA URI for AllowCortana.](images/allowcortana_omauri.png)
 
 ### Group Policy
 Set **Computer Configuration > Administrative Templates > Windows Components > Search > AllowCortana** to **Disabled**.
 
-![Set AllowCortana to disabled through Group Policy](images/allowcortana_gp.png)
+![Set AllowCortana to disabled through Group Policy.](images/allowcortana_gp.png)
 
 ### Provisioning tools
 - [Set up School PCs](use-set-up-school-pcs-app.md) always sets this policy in provisioning packages it creates.
 - [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-create-package) 
     - Under **Runtime settings**, click the **Policies** settings group, set **Experience > Cortana** to **No**.
 
-        ![Set AllowCortana to No in Windows Configuration Designer](images/allowcortana_wcd.png)
+        ![Set AllowCortana to No in Windows Configuration Designer.](images/allowcortana_wcd.png)
 
 ## SetEduPolicies
-**SetEduPolicies** is a policy that applies a set of configuration behaviors to Windows. It is a policy node in the [SharedPC configuration service provider](/windows/client-management/mdm/sharedpc-csp).
+**SetEduPolicies** is a policy that applies a set of configuration behaviors to Windows. It's a policy node in the [SharedPC configuration service provider](/windows/client-management/mdm/sharedpc-csp).
 
 Use one of these methods to set this policy. 
 
@@ -123,10 +123,10 @@ Use one of these methods to set this policy.
     - Data type:  Boolean
     - Value:  true
 
-      ![Create an OMA URI for SetEduPolices](images/setedupolicies_omauri.png)
+      ![Create an OMA URI for SetEduPolices.](images/setedupolicies_omauri.png)
 
 ### Group Policy
-**SetEduPolicies** is not natively supported in Group Policy. Instead, use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to set the policy in [MDM SharedPC](/windows/win32/dmwmibridgeprov/mdm-sharedpc). 
+**SetEduPolicies** isn't natively supported in Group Policy. Instead, use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to set the policy in [MDM SharedPC](/windows/win32/dmwmibridgeprov/mdm-sharedpc). 
 
 For example:
 
@@ -147,7 +147,7 @@ For example:
 - [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-create-package) 
     - Under **Runtime settings**, click the **SharedPC** settings group, set **PolicyCustomization > SetEduPolicies** to **True**.
 
-        ![Set SetEduPolicies to True in Windows Configuration Designer](images/setedupolicies_wcd.png)
+        ![Set SetEduPolicies to True in Windows Configuration Designer.](images/setedupolicies_wcd.png)
 
 ## Ad-free search with Bing
 Provide an ad-free experience that is a safer, more private search option for K–12 education institutions in the United States. 
@@ -158,7 +158,7 @@ Provide an ad-free experience that is a safer, more private search option for K
 To suppress ads when searching with Bing on Microsoft Edge on any network, follow these steps:
 
 1. Ensure your Office 365 tenant is registered as an education tenant. For more information, see [Verify your Office 365 domain to prove education status](https://support.office.com/article/Verify-your-Office-365-domain-to-prove-ownership-nonprofit-or-education-status-or-to-activate-Yammer-87d1844e-aa47-4dc0-a61b-1b773fd4e590).
-2. Domain join the Windows 10 PCs to your Azure AD tenant (this is the same as your Office 365 tenant).
+2. Domain join the Windows 10 PCs to your Azure AD tenant (this tenant is the same as your Office 365 tenant).
 3. Configure **SetEduPolicies** according to one of the methods described in the previous sections in this topic.
 4. Have students sign in with their Azure AD identity, which is the same as your Office 365 identity, to use the PC.
 > [!NOTE]
diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md
index 79c0a643ed..aa2e5b4d70 100644
--- a/education/windows/deploy-windows-10-in-a-school-district.md
+++ b/education/windows/deploy-windows-10-in-a-school-district.md
@@ -20,11 +20,11 @@ manager: dansimp
 - Windows 10
 
 
-This guide shows you how to deploy the Windows 10 operating system in a school district. You learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD); and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. This guide also describes how to use Microsoft Endpoint Configuration Manager, Microsoft Intune, and Group Policy to manage devices. Finally, the guide discusses common, ongoing maintenance tasks that you will perform after initial deployment as well as the automated tools and built-in features of the operating system.
+This guide shows you how to deploy the Windows 10 operating system in a school district. You learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD); and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. This guide also describes how to use Microsoft Endpoint Configuration Manager, Microsoft Intune, and Group Policy to manage devices. Finally, the guide discusses common, ongoing maintenance tasks that you'll perform after initial deployment and the automated tools and built-in features of the operating system.
 
 ## Prepare for district deployment
 
-Proper preparation is essential for a successful district deployment. To avoid common mistakes, your first step is to plan a typical district configuration. Just as with building a house, you need a blueprint for what your district and individual schools should look like when it’s finished. The second step in preparation is to learn how you will manage the users, apps, and devices in your district. Just as a builder needs to have the right tools to build a house, you need the right set of tools to deploy your district.
+Proper preparation is essential for a successful district deployment. To avoid common mistakes, your first step is to plan a typical district configuration. As with building a house, you need a blueprint for what your district and individual schools should look like when it’s finished. The second step in preparation is to learn how you'll manage the users, apps, and devices in your district. Just as a builder needs to have the right tools to build a house, you need the right set of tools to deploy your district.
 
 > [!NOTE]
 > This guide focuses on Windows 10 deployment and management in a district. For management of other devices and operating systems in education environments, see [Manage BYOD and corporate-owned devices with MDM solutions](https://www.microsoft.com/cloud-platform/mobile-device-management).
@@ -34,21 +34,21 @@ Proper preparation is essential for a successful district deployment. To avoid c
 As part of preparing for your district deployment, you need to plan your district configuration — the focus of this guide. Figure 1 illustrates a typical finished district configuration that you can use as a model (the blueprint in our builder analogy) for the finished state.
 
 > [!div class="mx-imgBorder"]
-> ![Typical district configuration for this guide](images/edu-districtdeploy-fig1.png "Typical district configuration for this guide")
+> ![Typical district configuration for this guide.](images/edu-districtdeploy-fig1.png "Typical district configuration for this guide")
 
 *Figure 1. Typical district configuration for this guide*
 
 A *district* consists of multiple schools, typically at different physical locations. Figure 2 illustrates a typical school configuration within the district that this guide uses.
 
 > [!div class="mx-imgBorder"]
-> ![Typical school configuration for this guide](images/edu-districtdeploy-fig2.png "Typical school configuration for this guide")
+> ![Typical school configuration for this guide.](images/edu-districtdeploy-fig2.png "Typical school configuration for this guide")
 
 *Figure 2. Typical school configuration for this guide*
 
 Finally, each school consists of multiple classrooms. Figure 3 shows the classroom configuration this guide uses.
 
 > [!div class="mx-imgBorder"]
-> ![Typical classroom configuration in a school](images/edu-districtdeploy-fig3.png "Typical classroom configuration in a school")
+> ![Typical classroom configuration in a school.](images/edu-districtdeploy-fig3.png "Typical classroom configuration in a school")
 
 *Figure 3. Typical classroom configuration in a school*
 
@@ -81,9 +81,9 @@ This district configuration has the following characteristics:
   
 * The devices use Azure AD in Office 365 Education for identity management.
 
-* If you have on-premises AD DS, you can [integrate Azure AD with on-premises AD DS](/azure/active-directory/hybrid/whatis-hybrid-identity).
+* If you've on-premises AD DS, you can [integrate Azure AD with on-premises AD DS](/azure/active-directory/hybrid/whatis-hybrid-identity).
 
-* Use [Intune](/intune/), [Mobile Device Management for Office 365](https://support.office.com/en-us/article/Set-up-Mobile-Device-Management-MDM-in-Office-365-dd892318-bc44-4eb1-af00-9db5430be3cd?ui=en-US&rs=en-US&ad=US), or [Group Policy in AD DS](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725828(v=ws.10)) to manage devices.
+* Use [Intune](/intune/), [Mobile Device Management for Office 365](/microsoft-365/admin/basic-mobility-security/set-up), or [Group Policy in AD DS](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725828(v=ws.10)) to manage devices.
 
 * Each device supports a one-student-per-device or multiple-students-per-device scenario.
 
@@ -114,7 +114,7 @@ Office 365 Education allows:
 
 * Faculty to help prevent unauthorized users from accessing documents and email by using Microsoft Azure Rights Management.
 
-* Faculty to use advanced compliance tools on the unified eDiscovery pages in the Office 365 Compliance Center.
+* Faculty to use advanced compliance tools on the unified eDiscovery pages in the Microsoft Purview compliance portal.
 
 * Faculty to host online classes, parent–teacher conferences, and other collaboration in Skype for Business.
 
@@ -126,15 +126,15 @@ Office 365 Education allows:
 
 * Students and faculty to use Yammer to collaborate through private social networking.
 
-* Students and faculty to access classroom resources from anywhere on any device (including Windows 10 Mobile, iOS, and Android devices).
+* Students and faculty to access classroom resources from anywhere on any device (including iOS and Android devices).
 
-For more information about Office 365 Education features and an FAQ, go to [Office 365 Education plans and pricing](https://products.office.com/en-us/academic).
+For more information about Office 365 Education features and an FAQ, go to [Office 365 Education plans and pricing](https://www.microsoft.com/microsoft-365/academic/compare-office-365-education-plans).
 
 ### How to configure a district
 
-Now that you have the plan (blueprint) for your district and individual schools and classrooms, you’re ready to learn about the tools you will use to deploy it. There are many tools you could use to accomplish the task, but this guide focuses on using those tools that require the least infrastructure and technical knowledge.
+Now that you've the plan (blueprint) for your district and individual schools and classrooms, you’re ready to learn about the tools you'll use to deploy it. There are many tools you could use to accomplish the task, but this guide focuses on using those tools that require the least infrastructure and technical knowledge.
 
-The primary tool you will use to deploy Windows 10 in your school is MDT, which uses Windows ADK components to make deployment easier. You could just use the Windows ADK to perform your deployment, but MDT simplifies the process by providing an intuitive, wizard-driven user interface (UI).
+The primary tool you'll use to deploy Windows 10 in your school is MDT, which uses Windows ADK components to make deployment easier. You could just use the Windows ADK to perform your deployment, but MDT simplifies the process by providing an intuitive, wizard-driven user interface (UI).
 
 You can use MDT as a stand-alone tool or integrate it with Microsoft Endpoint Configuration Manager. As a stand-alone tool, MDT performs Lite Touch Installation (LTI) deployments—deployments that require minimal infrastructure and allow you to control the level of automation. When integrated with Configuration Manager, MDT performs Zero Touch Installation (ZTI) deployments, which require more infrastructure (such as Configuration Manager) but result in fully automated deployments.
 
@@ -142,7 +142,7 @@ This guide focuses on LTI deployments to deploy the reference device. You can us
 
 MDT includes the Deployment Workbench, a console from which you can manage the deployment of Windows 10 and your apps. You configure the deployment process in the Deployment Workbench, including the management of operating systems, device drivers, apps, and migration of user settings on existing devices.
 
-LTI performs deployment from a *deployment share* — a network-shared folder on the device on which you installed MDT. You can perform over-the-network deployments from the deployment share or perform deployments from a local copy of the deployment share on a USB drive or DVD. You will learn more about MDT in [Prepare the admin device](#prepare-the-admin-device), earlier in this article.
+LTI performs deployment from a *deployment share* — a network-shared folder on the device on which you installed MDT. You can perform over-the-network deployments from the deployment share or perform deployments from a local copy of the deployment share on a USB drive or DVD. You'll learn more about MDT in [Prepare the admin device](#prepare-the-admin-device), earlier in this article.
 
 The focus of MDT is deployment, so you also need tools that help you manage your Windows 10 devices and apps. You can manage Windows 10 devices and apps with Intune, the Compliance Management feature in Office 365, or Group Policy in AD DS. You can use any combination of these tools based on your school requirements.
 
@@ -150,23 +150,23 @@ ZTI performs fully automated deployments using Configuration Manager and MDT. Al
 
 The configuration process requires the following devices:
 
-* **Admin device.** This is the device you use for your day-to-day job functions. It’s also the one you use to create and manage the Windows 10 and app deployment process. You install the Windows ADK, MDT, and the Configuration Manager Console on this device.
+* **Admin device.** This device is the one you use for your day-to-day job functions. It’s also the one you use to create and manage the Windows 10 and app deployment process. You install the Windows ADK, MDT, and the Configuration Manager Console on this device.
 
-* **Reference devices.** These are the devices that you will use as a template for the faculty and student devices. You install Windows 10 and Windows desktop apps on these devices, and then capture an image (.wim file) of the devices.
+* **Reference devices.** These devices are the ones that you'll use as a template for the faculty and student devices. You install Windows 10 and Windows desktop apps on these devices, and then capture an image (.wim file) of the devices.
 
-  You will have a reference device for each type of device in your district. For example, if your district has Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you would have a reference device for each model. For more information about approved Windows 10 devices, see [Explore devices](https://www.microsoft.com/windows/view-all).
+  You'll have a reference device for each type of device in your district. For example, if your district has Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you would have a reference device for each model. For more information about approved Windows 10 devices, see [Explore devices](https://www.microsoft.com/windows/view-all).
   
-* **Faculty and staff devices.** These are the devices that the teachers, faculty, and staff use for their day-to-day job functions. You use the admin device to deploy (or upgrade) Windows 10 and apps to these devices.
+* **Faculty and staff devices.** These devices are the ones that the teachers, faculty, and staff use for their day-to-day job functions. You use the admin device to deploy (or upgrade) Windows 10 and apps to these devices.
 
-* **Student devices.** The students will use these devices. You will use the admin device deploy (or upgrade) Windows 10 and apps to them.
+* **Student devices.** The students will use these devices. You'll use the admin device deploy (or upgrade) Windows 10 and apps to them.
 
 The high-level process for deploying and configuring devices within individual classrooms, individual schools, and the district as a whole is as follows and illustrated in Figure 4:
 
 1. Prepare the admin device for use, which includes installing the Windows ADK, MDT, and the Configuration Manager console.
 
-2. On the admin device, create and configure the Office 365 Education subscription that you will use for the district’s classrooms.
+2. On the admin device, create and configure the Office 365 Education subscription that you'll use for the district’s classrooms.
 
-3. On the admin device, configure integration between on-premises AD DS and Azure AD (if you have an on premises AD DS configuration).
+3. On the admin device, configure integration between on-premises AD DS and Azure AD (if you've an on premises AD DS configuration).
 
 4. On the admin device, create and configure a Microsoft Store for Business portal.
 
@@ -181,7 +181,7 @@ The high-level process for deploying and configuring devices within individual c
 9. On the admin device, manage the Windows 10 devices and apps, the Office 365 subscription, and the AD DS–Azure AD integration.
 
 > [!div class="mx-imgBorder"]
-> ![How district configuration works](images/edu-districtdeploy-fig4.png "How district configuration works")
+> ![How district configuration works.](images/edu-districtdeploy-fig4.png "How district configuration works")
 
 *Figure 4. How district configuration works*
 
@@ -217,7 +217,7 @@ Some constraints exist in these scenarios. As you select the deployment and mana
 
 * You can use Group Policy or Intune to manage configuration settings on a device but not both.
 * You can use Microsoft Endpoint Manager or Intune to manage apps and updates on a device but not both.
-* You cannot manage multiple users on a device with Intune if the device is AD DS domain joined.
+* You can't  manage multiple users on a device with Intune if the device is AD DS domain joined.
 
 Use the cloud-centric scenario and on-premises and cloud scenario as a guide for your district. You may need to customize these scenarios, however, based on your district. As you go through the [Select the deployment methods](#select-the-deployment-methods), [Select the configuration setting management methods](#select-the-configuration-setting-management-methods), and the [Select the app and update management products](#select-the-app-and-update-management-products) sections, remember these scenarios and use them as the basis for your district.
 
@@ -225,80 +225,10 @@ Use the cloud-centric scenario and on-premises and cloud scenario as a guide for
 
 To deploy Windows 10 and your apps, you can use MDT by itself or Microsoft Endpoint Manager and MDT together. For a district, there are a few ways to deploy Windows 10 to devices. Table 2 lists the methods that this guide describes and recommends. Use this information to determine which combination of deployment methods is right for your institution.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    MethodDescription
                    MDT
                    MDT is an on-premises solution that supports initial operating system deployment and upgrade. You can use MDT to deploy and upgrade Windows 10. In addition, you can initially deploy Windows desktop and Microsoft Store apps and software updates.

                    
-Select this method when you:
                    
-
                      
-
                    • Want to deploy Windows 10 to institution-owned and personal devices. (Devices need not be domain joined.)
                      • 
-
                    • Don’t have an existing AD DS infrastructure.
                      • 
-
                    • Need to manage devices regardless of where they are (on or off premises).
                      • 
-
                    
-
-
                    The advantages of this method are that:
                    
-
                      
-
                    • You can deploy Windows 10 operating systems.
                      • 
-
                    • You can manage device drivers during initial deployment.
                      • 
-
                    • You can deploy Windows desktop apps (during initial deployment)
                      • 
-
                    • It doesn’t require an AD DS infrastructure.
                      • 
-
                    • It doesn’t have additional infrastructure requirements.
                      • 
-
                    • MDT doesn’t incur additional cost: it’s a free tool.
                      • 
-
                    • You can deploy Windows 10 operating systems to institution-owned and personal devices.
                      • 
-
                    
-
-
                    The disadvantages of this method are that it:
                    
-
-
                      
-
                    • Can’t manage applications throughout entire application life cycle (by itself).
                      • 
-
                    • Can’t manage software updates for Windows 10 and apps (by itself).
                      • 
-
                    • Doesn’t provide antivirus and malware protection (by itself).
                      • 
-
                    • Has limited scaling to large numbers of users and devices.
                      • 
-
                    
-
-
                    Microsoft Endpoint Configuration Manager
                    Configuration Manager is an on-premises solution that supports operating system management throughout the entire operating system life cycle. You can use Configuration Manager to deploy and upgrade Windows 10. In addition, you can manage Windows desktop and Microsoft Store apps and software updates as well as provide antivirus and antimalware protection.

                    
-Select this method when you:
                    
-
                      
-
                    • Want to deploy Windows 10 to institution-owned devices that are domain joined (personal devices are typically not domain joined).
                      • 
-
                    • Have an existing AD DS infrastructure (or plan to deploy an AD DS infrastructure).
                      • 
-
                    • Typically deploy Windows 10 to on-premises devices.
                      • 
-
                    
-
-
                    The advantages of this method are that:
                    
-
                      
-
                    • You can deploy Windows 10 operating systems.
                      • 
-
                    • You can manage (deploy) Windows desktop and Microsoft Store apps throughout entire application life cycle.
                      • 
-
                    • You can manage software updates for Windows 10 and apps.
                      • 
-
                    • You can manage antivirus and malware protection.
                      • 
-
                    • It scales to large number of users and devices.
                      • 
-
                    
-
                    The disadvantages of this method are that it:
                    
-
                      
-
                    • Carries an additional cost for Microsoft Endpoint Manager server licenses (if the institution does not have Configuration Manager already).
                      • 
-
                    • Can deploy Windows 10 only to domain-joined (institution-owned devices).
                      • 
-
                    • Requires an AD DS infrastructure (if the institution does not have AD DS already).
                      • 
-
                    
-
                    
+|Method|Description|
+|--- |--- |
+|MDT|MDT is an on-premises solution that supports initial operating system deployment and upgrade. You can use MDT to deploy and upgrade Windows 10. In addition, you can initially deploy Windows desktop and Microsoft Store apps and software updates.
                     Select this method when you: 
                  •  Want to deploy Windows 10 to institution-owned and personal devices. (Devices need not be domain joined.) 
                  •  Don’t have an existing AD DS infrastructure. 
                  •  Need to manage devices regardless of where they are (on or off premises). 
                    The advantages of this method are that: 
                     
                  •  You can deploy Windows 10 operating systems 
                  •  You can manage device drivers during initial deployment. 
                  • You can deploy Windows desktop apps (during initial deployment)
                  •  It doesn’t require an AD DS infrastructure.
                  • It doesn’t have extra infrastructure requirements.
                  • MDT doesn’t incur extra cost: it’s a free tool.
                  • You can deploy Windows 10 operating systems to institution-owned and personal devices. 
                     The disadvantages of this method are that it:
                     
                  • Can’t manage applications throughout entire application life cycle (by itself).
                  • Can’t manage software updates for Windows 10 and apps (by itself).
                  • Doesn’t provide antivirus and malware protection (by itself).
                  • Has limited scaling to large numbers of users and devices.|
+|Microsoft Endpoint Configuration Manager|
                  •  Configuration Manager is an on-premises solution that supports operating system management throughout the entire operating system life cycle 
                  • You can use Configuration Manager to deploy and upgrade Windows 10. In addition, you can manage Windows desktop and Microsoft Store apps and software updates as well as provide antivirus and antimalware protection. 
                     Select this method when you: 
                  •  Want to deploy Windows 10 to institution-owned devices that are domain joined (personal devices are typically not domain joined). 
                  • Have an existing AD DS infrastructure (or plan to deploy an AD DS infrastructure). 
                  • Typically deploy Windows 10 to on-premises devices. 
                     The advantages of this method are that: 
                  • You can deploy Windows 10 operating systems.
                  • You can manage (deploy) Windows desktop and Microsoft Store apps throughout entire application life cycle.
                  • You can manage software updates for Windows 10 and apps.
                  • You can manage antivirus and malware protection.
                  • It scales to large number of users and devices. 
                    The disadvantages of this method are that it:
                  • Carries an extra cost for Microsoft Endpoint Manager server licenses (if the institution doesn't  have Configuration Manager already).
                  • Can deploy Windows 10 only to domain-joined (institution-owned devices).
                  • Requires an AD DS infrastructure (if the institution doesn't  have AD DS already).|
 
 *Table 2. Deployment methods*
 
@@ -313,85 +243,14 @@ Record the deployment methods you selected in Table 3.
 
 ### Select the configuration setting management methods
 
-If you have only one device to configure, manually configuring that one device is tedious but possible. When you have multiple classrooms of devices to configure, however, manually configuring each device becomes overwhelming. In addition, maintaining an identical configuration on every device will become virtually impossible as the number of devices in the district increases.
+If you've only one device to configure, manually configuring that one device is tedious but possible. When you've multiple classrooms of devices to configure, however, manually configuring each device becomes overwhelming. In addition, maintaining an identical configuration on every device will become impossible as the number of devices in the district increases.
 
 For a district, there are many ways to manage the configuration setting for users and devices. Table 4 lists the methods that this guide describes and recommends. Use this information to determine which combination of configuration setting management methods is right for your institution.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    MethodDescription
                    Group Policy
                    Group Policy is an integral part of AD DS and allows you to specify configuration settings for Windows 10 and previous versions of Windows.

                    
-Select this method when you:
                    
-
-
                      
-
                    • Want to manage institution-owned devices that are domain joined (personal devices are typically not domain joined).
                      • 
-
                    • Want more granular control of device and user settings.
                      • 
-
                    • Have an existing AD DS infrastructure.
                      • 
-
                    • Typically manage on-premises devices.
                      • 
-
                    • Can manage a required setting only by using Group Policy.
                      • 
-
                    
-
-
                    The advantages of this method include:
                    
-
                      
-
                    • No cost beyond the AD DS infrastructure.
                      • 
-
                    • A larger number of settings (compared to Intune).
                      • 
-
                    
-
-
                    The disadvantages of this method are that it:
                    
-
                      
-
                    • Can only manage domain-joined (institution-owned devices).
                      • 
-
                    • Requires an AD DS infrastructure (if the institution does not have AD DS already).
                      • 
-
                    • Typically manages on-premises devices (unless devices use a virtual private network [VPN] or Microsoft DirectAccess to connect).
                      • 
-
                    • Has rudimentary app management capabilities.
                      • 
-
                    • Cannot deploy Windows 10 operating systems.
                      • 
-
                    
-
                    Intune
                    Intune is a cloud-based management system that allows you to specify configuration settings for Windows 10, previous versions of Windows, and other operating systems (such as iOS or Android). Intune is a subscription-based cloud service that integrates with Office 365 and Azure AD.

                    
-Intune is the cloud-based management system described in this guide, but you can use other MDM providers. If you use an MDM provider other than Intune, integration with Configuration Manager is unavailable.

                    
-Select this method when you:
                    
-
-
                      
-
                    • Want to manage institution-owned and personal devices (does not require that the device be domain joined).
                      • 
-
                    • Don’t need granular control over device and user settings (compared to Group Policy).
                      • 
-
                    • Don’t have an existing AD DS infrastructure.
                      • 
-
                    • Need to manage devices regardless of where they are (on or off premises).
                      • 
-
                    • Want to provide application management for the entire application life cycle.
                      • 
-
                    • Can manage a required setting only by using Intune.
                      • 
-
                    
-
-
                    The advantages of this method are that:
                    
-
                      
-
                    • You can manage institution-owned and personal devices.
                      • 
-
                    • It doesn’t require that devices be domain joined.
                      • 
-
                    • It doesn’t require any on-premises infrastructure.
                      • 
-
                    • It can manage devices regardless of their location (on or off premises).
                      • 
-
                    
-
                    The disadvantages of this method are that it:
                    
-
                      
-
                    • Carries an additional cost for Intune subscription licenses.
                      • 
-
                    • Doesn’t offer granular control over device and user settings (compared to Group Policy).
                      • 
-
                    • Cannot deploy Windows 10 operating systems.
                      • 
-
                    
-
                    
+|Method|Description|
+|--- |--- |
+|Group Policy|Group Policy is an integral part of AD DS and allows you to specify configuration settings for Windows 10 and previous versions of Windows. 
                     Select this method when you 
                  • Want to manage institution-owned devices that are domain joined (personal devices are typically not domain joined).
                  •  Want more granular control of device and user settings. 
                  • Have an existing AD DS infrastructure.
                  • Typically manage on-premises devices.
                  • Can manage a required setting only by using Group Policy. 
                    The advantages of this method include: 
                  • No cost beyond the AD DS infrastructure. 
                  • A larger number of settings (compared to Intune).
                    The disadvantages of this method are that it:
                  • Can only manage domain-joined (institution-owned devices).
                  • Requires an AD DS infrastructure (if the institution doesn't  have AD DS already).
                  • Typically manages on-premises devices (unless devices use a virtual private network [VPN] or Microsoft DirectAccess to connect).
                  •  Has rudimentary app management capabilities.
                  •  can't  deploy Windows 10 operating systems.|
+|Intune|Intune is a cloud-based management system that allows you to specify configuration settings for Windows 10, previous versions of Windows, and other operating systems (such as iOS or Android). Intune is a subscription-based cloud service that integrates with Office 365 and Azure AD.
                    Intune is the cloud-based management system described in this guide, but you can use other MDM providers. If you use an MDM provider other than Intune, integration with Configuration Manager is unavailable.
                    Select this method when you:
                  •  Want to manage institution-owned and personal devices (doesn't require that the device be domain joined).
                  • Don’t need granular control over device and user settings (compared to Group Policy).
                  • Don’t have an existing AD DS infrastructure.
                  • Need to manage devices regardless of where they are (on or off premises).
                  • Want to provide application management for the entire application life cycle.
                  • Can manage a required setting only by using Intune.
                    The advantages of this method are that:
                  • You can manage institution-owned and personal devices.
                  • It doesn’t require that devices be domain joined.
                  • It doesn’t require any on-premises infrastructure.
                  • It can manage devices regardless of their location (on or off premises).
                    The disadvantages of this method are that it:
                  • Carries an extra cost for Intune subscription licenses.
                  • Doesn’t offer granular control over device and user settings (compared to Group Policy).
                  • can't  deploy Windows 10 operating systems.|
 
 *Table 4. Configuration setting management methods*
 
@@ -410,114 +269,11 @@ For a district, there are many ways to manage apps and software updates. Table 6
 
 Use the information in Table 6 to determine which combination of app and update management products is right for your district.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    SelectionManagement method
                    Microsoft Endpoint Configuration Manager
                    Configuration Manager is an on-premises solution that allows you to specify configuration settings for Windows 10; previous versions of Windows; and other operating systems, such as iOS or Android, through integration with Intune.

                    Configuration Manager supports application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using Configuration Manager. You can also manage Windows desktop and Microsoft Store applications.

                    Select this method when you:
                    
-
                      
-
                    • Selected Configuration Manager to deploy Windows 10.
                      • 
-
                    • Want to manage institution-owned devices that are domain joined (personally owned devices are typically not domain joined).
                      • 
-
                    • Want to manage AD DS domain-joined devices.
                      • 
-
                    • Have an existing AD DS infrastructure.
                      • 
-
                    • Typically manage on-premises devices.
                      • 
-
                    • Want to deploy operating systems.
                      • 
-
                    • Want to provide application management for the entire application life cycle.
                      • 
-
                    
-
-
                    The advantages of this method are that:
                    
-
                      
-
                    • You can deploy Windows 10 operating systems.
                      • 
-
                    • You can manage applications throughout the entire application life cycle.
                      • 
-
                    • You can manage software updates for Windows 10 and apps.
                      • 
-
                    • You can manage antivirus and malware protection.
                      • 
-
                    • It scales to large numbers of users and devices.
                      • 
-
                    
-
                    The disadvantages of this method are that it:
                    
-
                      
-
                    • Carries an additional cost for Configuration Manager server licenses (if the institution does not have Configuration Manager already).
                      • 
-
                    • Carries an additional cost for Windows Server licenses and the corresponding server hardware.
                      • 
-
                    • Can only manage domain-joined (institution-owned devices).
                      • 
-
                    • Requires an AD DS infrastructure (if the institution does not have AD DS already).
                      • 
-
                    • Typically manages on-premises devices (unless devices through VPN or DirectAccess).
                      • 
-
                    
-
                    Intune
                    Intune is a cloud-based solution that allows you to manage apps and software updates for Windows 10, previous versions of Windows, and other operating systems (such as iOS or Android). Intune is a subscription-based cloud service that integrates with Office 365 and Azure AD.

                    
-Select this method when you:
                    
-
                      
-
                    • Selected MDT only to deploy Windows 10.
                      • 
-
                    • Want to manage institution-owned and personal devices that are not domain joined.
                      • 
-
                    • Want to manage Azure AD domain-joined devices.
                      • 
-
                    • Need to manage devices regardless of where they are (on or off premises).
                      • 
-
                    • Want to provide application management for the entire application life cycle.
                      • 
-
                    
-
                    The advantages of this method are that:
                    
-
                      
-
                    • You can manage institution-owned and personal devices.
                      • 
-
                    • It doesn’t require that devices be domain joined.
                      • 
-
                    • It doesn’t require on-premises infrastructure.
                      • 
-
                    • It can manage devices regardless of their location (on or off premises).
                      • 
-
                    • You can deploy keys to perform in-place Windows 10 upgrades (such as upgrading from Windows 10 Pro to Windows 10 Education edition).
                      • 
-
                    
-
                    The disadvantages of this method are that it:
                    
-
                      
-
                    • Carries an additional cost for Intune subscription licenses.
                      • 
-
                    • Cannot deploy Windows 10 operating systems.
                      • 
-
                    
-
                    Microsoft Endpoint Manager and Intune (hybrid)
                    Configuration Manager and Intune together extend Configuration Manager from an on-premises management system for domain-joined devices to a solution that can manage devices regardless of their location and connectivity options. This hybrid option provides the benefits of both Configuration Manager and Intune.

                    
-Configuration Manager and Intune in the hybrid configuration allow you to support application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using Configuration Manager, and you can manage Windows desktop and Microsoft Store applications for both institution-owned and personal devices.

                    
-Select this method when you:
                    
-
                      
-
                    • Selected Microsoft Endpoint Manager to deploy Windows 10.
                      • 
-
                    • Want to manage institution-owned and personal devices (does not require that the device be domain joined).
                      • 
-
                    • Want to manage domain-joined devices.
                      • 
-
                    • Want to manage Azure AD domain-joined devices.
                      • 
-
                    • Have an existing AD DS infrastructure.
                      • 
-
                    • Want to manage devices regardless of their connectivity.
                      • 
-
                    • Want to deploy operating systems.
                      • 
-
                    • Want to provide application management for the entire application life cycle.
                      • 
-
                    
-
                    The advantages of this method are that:
                    
-
                      
-
                    • You can deploy operating systems.
                      • 
-
                    • You can manage applications throughout the entire application life cycle.
                      • 
-
                    • You can scale to large numbers of users and devices.
                      • 
-
                    • You can support institution-owned and personal devices.
                      • 
-
                    • It doesn’t require that devices be domain joined.
                      • 
-
                    • It can manage devices regardless of their location (on or off premises).
                      • 
-
                    
-
                    The disadvantages of this method are that it:
                    
-
                      
-
                    • Carries an additional cost for Configuration Manager server licenses (if the institution does not have Configuration Manager already).
                      • 
-
                    • Carries an additional cost for Windows Server licenses and the corresponding server hardware.
                      • 
-
                    • Carries an additional cost for Intune subscription licenses.
                      • 
-
                    • Requires an AD DS infrastructure (if the institution does not have AD DS already).
                      • 
-
                    
-
                    
+|Selection|Management method|
+|--- |--- |
+|Microsoft Endpoint Configuration Manager|Configuration Manager is an on-premises solution that allows you to specify configuration settings for Windows 10; previous versions of Windows; and other operating systems, such as iOS or Android, through integration with Intune.Configuration Manager supports application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using Configuration Manager. You can also manage Windows desktop and Microsoft Store applications. Select this method when you:
                  • Selected Configuration Manager to deploy Windows 10.
                  • Want to manage institution-owned devices that are domain joined (personally owned devices are typically not domain joined).
                  • Want to manage AD DS domain-joined devices.
                  • Have an existing AD DS infrastructure.
                  • Typically manage on-premises devices.
                  • Want to deploy operating systems.
                  • Want to provide application management for the entire application life cycle.
                    The advantages of this method are that:
                  • You can deploy Windows 10 operating systems.
                  • You can manage applications throughout the entire application life cycle.
                  • You can manage software updates for Windows 10 and apps.
                  • You can manage antivirus and malware protection.
                  • It scales to large numbers of users and devices.
                    The disadvantages of this method are that it:
                  • Carries an extra cost for Configuration Manager server licenses (if the institution doesn't  have Configuration Manager already).
                  • Carries an extra cost for Windows Server licenses and the corresponding server hardware.
                  • Can only manage domain-joined (institution-owned devices).
                  • Requires an AD DS infrastructure (if the institution doesn't  have AD DS already).
                  • Typically manages on-premises devices (unless devices through VPN or DirectAccess).|
+|Intune|Intune is a cloud-based solution that allows you to manage apps and software updates for Windows 10, previous versions of Windows, and other operating systems (such as iOS or Android). Intune is a subscription-based cloud service that integrates with Office 365 and Azure AD.
                    Select this method when you:
                  • Selected MDT only to deploy Windows 10.
                  • Want to manage institution-owned and personal devices that aren't  domain joined.
                  • Want to manage Azure AD domain-joined devices.
                  • Need to manage devices regardless of where they are (on or off premises).
                  • Want to provide application management for the entire application life cycle.
                    The advantages of this method are that:
                  • You can manage institution-owned and personal devices.
                  • It doesn’t require that devices be domain joined.
                  • It doesn’t require on-premises infrastructure.vIt can manage devices regardless of their location (on or off premises).
                  • You can deploy keys to perform in-place Windows 10 upgrades (such as upgrading from Windows 10 Pro to Windows 10 Education edition).
                    The disadvantages of this method are that it:
                  • Carries an extra cost for Intune subscription licenses.
                  • can't  deploy Windows 10 operating systems.|
+|Microsoft Endpoint Manager and Intune (hybrid)|Configuration Manager and Intune together extend Configuration Manager from an on-premises management system for domain-joined devices to a solution that can manage devices regardless of their location and connectivity options. This hybrid option provides the benefits of both Configuration Manager and Intune.
                    Configuration Manager and Intune in the hybrid configuration allows you to support application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using Configuration Manager, and you can manage Windows desktop and Microsoft Store applications for both institution-owned and personal devices. 
                    Select this method when you:
                  • Selected Microsoft Endpoint Manager to deploy Windows 10.
                  • Want to manage institution-owned and personal devices (doesn't require that the device be domain joined).
                  • Want to manage domain-joined devices.
                  • Want to manage Azure AD domain-joined devices.
                  • Have an existing AD DS infrastructure.
                  • Want to manage devices regardless of their connectivity.vWant to deploy operating systems.
                  • Want to provide application management for the entire application life cycle.
                    The advantages of this method are that:
                  • You can deploy operating systems.
                  • You can manage applications throughout the entire application life cycle.
                  • You can scale to large numbers of users and devices.
                  • You can support institution-owned and personal devices.
                  • It doesn’t require that devices be domain joined.
                  • It can manage devices regardless of their location (on or off premises).
                    The disadvantages of this method are that it:
                  • Carries an extra cost for Configuration Manager server licenses (if the institution doesn't  have Configuration Manager already).
                  • Carries an extra cost for Windows Server licenses and the corresponding server hardware.
                  • Carries an extra cost for Intune subscription licenses.
                  • Requires an AD DS infrastructure (if the institution doesn't  have AD DS already).|
 
 *Table 6. App and update management products*
 
@@ -532,7 +288,7 @@ Record the app and update management methods that you selected in Table 7.
 *Table 7. App and update management methods selected*
 
 #### Summary
-In this section, you selected the methods that you will use to deploy Windows 10 to the faculty and student devices in your district. You selected the methods that you will use to manage configuration settings. Finally, you selected the methods that you will use to manage Windows desktop apps, Microsoft Store apps, and software updates.
+In this section, you selected the methods that you'll use to deploy Windows 10 to the faculty and student devices in your district. You selected the methods that you'll use to manage configuration settings. Finally, you selected the methods that you'll use to manage Windows desktop apps, Microsoft Store apps, and software updates.
 
 ## Prepare the admin device
 
@@ -551,7 +307,7 @@ For more information about installing the Windows ADK, see [Step 2-2: Install Wi
 
 ### Install MDT
 
-Next, install MDT. MDT uses the Windows ADK to help you manage and perform Windows 10 and app deployment. It is a free tool available directly from Microsoft.
+Next, install MDT. MDT uses the Windows ADK to help you manage and perform Windows 10 and app deployment. It's a free tool available directly from Microsoft.
 You can use MDT to deploy 32-bit or 64-bit versions of Windows 10. Install the 64-bit version of MDT to support deployment of 32-bit and 64-bit operating systems.
 
 > [!NOTE]
@@ -589,7 +345,7 @@ For more information, see [Enable Configuration Manager Console Integration for
 
 #### Summary
 
-In this section, you installed the Windows ADK and MDT on the admin device. You also created the MDT deployment share that you will configure and use later to capture a reference image. You can also use the MDT deployment share to deploy Windows 10 and your apps to faculty and students (if that’s the method you selected in [Select the deployment methods](#select-the-deployment-methods), earlier in this article). Finally, you installed the Configuration Manager console and configured MDT integration with the Configuration Manager console.
+In this section, you installed the Windows ADK and MDT on the admin device. You also created the MDT deployment share that you'll configure and use later to capture a reference image. You can also use the MDT deployment share to deploy Windows 10 and your apps to faculty and students (if that’s the method you selected in [Select the deployment methods](#select-the-deployment-methods), earlier in this article). Finally, you installed the Configuration Manager console and configured MDT integration with the Configuration Manager console.
 
 ## Create and configure Office 365
 
@@ -607,8 +363,8 @@ Complete the following steps to select the appropriate Office 365 Education lice
 
     |Plan  |Advantages  |Disadvantages |
     |----- |----------- |------------- |
-    |Office 365 Education |
                    • Less expensive than Microsoft 365 Apps for enterprise
                    • Can be run from any device
                    • No installation necessary
                     | 
                    • Must have an Internet connection to use it
                    • Does not support all the features found in Microsoft 365 Apps for enterprise
                     |
-    |Microsoft 365 Apps for enterprise |
                    • Only requires an Internet connection every 30 days (for activation)
                    • Supports the full set of Office features
                    • Can be installed on five devices per user (there is no limit to the number of devices on which you can run Office apps online)
                     |
                    • Requires installation
                    • More expensive than Office 365 Education
                    |
+    |Office 365 Education |
                    • Less expensive than Microsoft 365 Apps for enterprise
                    • Can be run from any device
                    • No installation necessary
                     | 
                    • Must have an Internet connection to use it
                    • Doesn't  support all the features found in Microsoft 365 Apps for enterprise
                     |
+    |Microsoft 365 Apps for enterprise |
                    • Only requires an Internet connection every 30 days (for activation)
                    • Supports the full set of Office features
                    • Can be installed on five devices per user (there's no limit to the number of devices on which you can run Office apps online)
                     |
                    • Requires installation
                    • More expensive than Office 365 Education
                    |
 
     *Table 8. Comparison of standard and Microsoft 365 Apps for enterprise plans*
 
@@ -629,7 +385,7 @@ Complete the following steps to select the appropriate Office 365 Education lice
 
     *Table 9. Office 365 Education license plans needed for the classroom*
 
-You will use the Office 365 Education license plan information you record in Table 9 in [Create user accounts in Office 365](#create-user-accounts-in-office-365) later in this guide.
+You'll use the Office 365 Education license plan information you record in Table 9 in [Create user accounts in Office 365](#create-user-accounts-in-office-365) later in this guide.
 
 ### Create a new Office 365 Education subscription
 
@@ -643,7 +399,7 @@ To create a new Office 365 Education subscription for use in the classroom, use
 1. In Microsoft Edge or Internet Explorer, type `https://portal.office.com/start?sku=faculty` in the address bar.
 
    > [!NOTE]
-   > If you have already used your current sign-in account to create a new Office 365 subscription, you will be prompted to sign in. If you want to create a new Office 365 subscription, start an In-Private Window by using one of the following methods:
+   > If you've already used your current sign-in account to create a new Office 365 subscription, you'll be prompted to sign in. If you want to create a new Office 365 subscription, start an In-Private Window by using one of the following methods:
    > 
    > - In Microsoft Edge, open the Microsoft Edge app (press Ctrl+Shift+P, or click or tap More actions), and then click or tap New InPrivate window.
    > 
@@ -652,7 +408,7 @@ To create a new Office 365 Education subscription for use in the classroom, use
 
 2. On the **Get started** page, in **Enter your school email address**, type your school email address, and then click **Sign up**.
 
-   You will receive an email in your school email account.
+   You'll receive an email in your school email account.
 3. Click the hyperlink in the email in your school email account.
 
 4. On the **One last thing** page, complete your user information, and then click **Start**.
@@ -662,9 +418,9 @@ The wizard creates your new Office 365 Education subscription, and you’re auto
 
 ### Add domains and subdomains
 
-Now that you have created your new Office 365 Education subscription, add the domains and subdomains that your institution uses. For example, if your institution has contoso.edu as the primary domain name but you have subdomains for students or faculty (such as students.contoso.edu and faculty.contoso.edu), then you need to add the subdomains.
+Now that you've created your new Office 365 Education subscription, add the domains and subdomains that your institution uses. For example, if your institution has contoso.edu as the primary domain name but you've subdomains for students or faculty (such as students.contoso.edu and faculty.contoso.edu), then you need to add the subdomains.
 
-#### To add additional domains and subdomains
+#### To add more domains and subdomains
 
 1. In the admin center, in the list view, click **DOMAINS**.
 
@@ -683,19 +439,19 @@ Now that you have created your new Office 365 Education subscription, add the do
 To make it easier for faculty and students to join your Office 365 Education subscription (or *tenant*), allow them to automatically sign up to your tenant (*automatic tenant join*). In automatic tenant join, when a faculty member or student signs up for Office 365, Office 365 automatically adds (joins) the user to your Office 365 tenant.
 
 > [!NOTE]
-> By default, automatic tenant join is enabled in Office 365 Education, with the exception of certain areas in Europe, the Middle East, and Africa. These countries/regions require opt-in steps to add new users to existing Office 365 tenants. Check your country/region requirements to determine the automatic tenant join default configuration. Also, if you use Azure AD Connect, then automatic tenant join is disabled. For more information, see [Office 365 Education Self-Sign up: Technical FAQ](https://support.office.com/en-us/article/Office-365-Education-Self-Sign-up-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US&WT.mc_id=eml_CXM__33537_MOD_EDU_Student_Advantage_Rush).
+> By default, automatic tenant join is enabled in Office 365 Education, with the exception of certain areas in Europe, the Middle East, and Africa. These countries/regions require opt-in steps to add new users to existing Office 365 tenants. Check your country/region requirements to determine the automatic tenant join default configuration. Also, if you use Azure AD Connect, then automatic tenant join is disabled. For more information, see [Office 365 Education Self-Sign up FAQ](/microsoft-365/education/deploy/office-365-education-self-sign-up).
 
 Office 365 uses the domain portion of the user’s email address to know which Office 365 tenant to join. For example, if a faculty member or student provides an email address of user@contoso.edu, then Office 365 automatically performs one of the following tasks:
 
 * If an Office 365 tenant with that domain name (contoso.edu) exists, Office 365 automatically adds the user to that tenant.
-* If an Office 365 tenant with that domain name (contoso.edu) does not exists, Office 365 automatically creates a new Office 365 tenant with that domain name and adds the user to it.
+* If an Office 365 tenant with that domain name (contoso.edu) doesn't  exist, Office 365 automatically creates a new Office 365 tenant with that domain name and adds the user to it.
 
-You will always want faculty and students to join the Office 365 tenant that you created. Ensure that you perform the steps in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) and [Add domains and subdomains](#add-domains-and-subdomains) sections before you allow other faculty and students to join Office 365.
+You'll always want faculty and students to join the Office 365 tenant that you created. Ensure that you perform the steps in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) and [Add domains and subdomains](#add-domains-and-subdomains) sections before you allow other faculty and students to join Office 365.
 
 > [!NOTE]
-> You cannot merge multiple tenants, so any faculty or students who create their own tenant will need to abandon their existing tenant and join yours.
+> You can't  merge multiple tenants, so any faculty or students who create their own tenant will need to abandon their existing tenant and join yours.
 
-By default, all new Office 365 Education subscriptions have automatic tenant join enabled, but you can enable or disable automatic tenant join by using the Windows PowerShell commands in Table 10. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](https://support.office.com/en-us/article/Office-365-Education-Self-Sign-up-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US#BKMK_PreventJoins).
+By default, all new Office 365 Education subscriptions have automatic tenant join enabled, but you can enable or disable automatic tenant join by using the Windows PowerShell commands in Table 10. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](/microsoft-365/education/deploy/office-365-education-self-sign-up).
 
 |Action |Windows PowerShell command|
 |-------|--------------------------|
@@ -709,12 +465,12 @@ By default, all new Office 365 Education subscriptions have automatic tenant joi
 
 ### Disable automatic licensing
 
-To reduce your administrative effort, automatically assign Office 365 Education or Office 365 Education Plus licenses to faculty and students when they sign up (automatic licensing). Automatic licensing also enables Office 365 Education or Office 365 Education Plus features that do not require administrative approval.
+To reduce your administrative effort, automatically assign Office 365 Education or Office 365 Education Plus licenses to faculty and students when they sign up (automatic licensing). Automatic licensing also enables Office 365 Education or Office 365 Education Plus features that don't  require administrative approval.
 
 > [!NOTE]
 > By default, automatic licensing is enabled in Office 365 Education. If you want to use automatic licensing, then skip this section and go to the next section.
 
-Although all new Office 365 Education subscriptions have automatic licensing enabled by default, you can enable or disable it for your Office 365 tenant by using the Windows PowerShell commands in Table 11. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](https://support.office.com/en-us/article/Office-365-Education-Self-Sign-up-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US#BKMK_PreventJoins).
+Although all new Office 365 Education subscriptions have automatic licensing enabled by default, you can enable or disable it for your Office 365 tenant by using the Windows PowerShell commands in Table 11. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](/microsoft-365/education/deploy/office-365-education-self-sign-up).
 
 |Action |Windows PowerShell command|
 |-------|--------------------------|
@@ -729,7 +485,7 @@ When you create your Office 365 subscription, you create an Office 365 tenant th
 
 Educational institutions can obtain Azure AD Basic edition licenses at no cost if they have a volume license agreement. After your institution obtains its licenses, activate your Azure AD access by completing the steps in [Step 3: Activate your Azure Active Directory access](/azure/active-directory/fundamentals/active-directory-get-started-premium#step-3-activate-your-azure-active-directory-access).
 
-The following Azure AD Premium features are not in Azure AD Basic:
+The following Azure AD Premium features aren't  in Azure AD Basic:
 
 * Allow designated users to manage group membership
 * Dynamic group membership based on user metadata
@@ -742,7 +498,7 @@ The following Azure AD Premium features are not in Azure AD Basic:
 
 You can assign Azure AD Premium licenses to the users who need these features. For example, you may want the users who have access to confidential student information to use MFA. In this example, you could assign Azure AD Premium to only those users.
 
-You can sign up for Azure AD Premium, and then assign licenses to users. In this section, you sign up for Azure AD Premium. You will assign Azure AD Premium licenses to users later in the deployment process.
+You can sign up for Azure AD Premium, and then assign licenses to users. In this section, you sign up for Azure AD Premium. You'll assign Azure AD Premium licenses to users later in the deployment process.
 
 For more information about:
 
@@ -751,24 +507,24 @@ For more information about:
 
 #### Summary
 
-You provision and initially configure Office 365 Education as part of initial configuration. With the subscription in place, automatic tenant join configured, automatic licensing established, and Azure AD Premium enabled (if required), you’re ready to select the method you will use to create user accounts in Office 365.
+You provision and initially configure Office 365 Education as part of initial configuration. With the subscription in place, automatic tenant join configured, automatic licensing established, and Azure AD Premium enabled (if necessary), you’re ready to select the method you'll use to create user accounts in Office 365.
 
 ## Select an Office 365 user account–creation method
 
-Now that you have an Office 365 subscription, you must determine how you’ll create your Office 365 user accounts. Use one of the following methods to make your decision:
+Now that you've an Office 365 subscription, you must determine how you’ll create your Office 365 user accounts. Use one of the following methods to make your decision:
 
-* Method 1: Automatically synchronize your on-premises AD DS domain with Azure AD. Select this method if you have an on-premises AD DS domain.
+* Method 1: Automatically synchronize your on-premises AD DS domain with Azure AD. Select this method if you've an on-premises AD DS domain.
 * Method 2: Bulk-import the user accounts from a .csv file (based on information from other sources) into Azure AD. Select this method if you don’t have an on-premises AD DS domain.
 
 ### Method 1: Automatic synchronization between AD DS and Azure AD
 
-In this method, you have an on-premises AD DS domain. As shown in Figure 5, the Azure AD Connector tool automatically synchronizes AD DS with Azure AD. When you add or change any user accounts in AD DS, the Azure AD Connector tool automatically updates Azure AD.
+In this method, you've an on-premises AD DS domain. As shown in Figure 5, the Azure AD Connector tool automatically synchronizes AD DS with Azure AD. When you add or change any user accounts in AD DS, the Azure AD Connector tool automatically updates Azure AD.
 
 > [!NOTE]
 > Azure AD Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [Generic LDAP Connector for FIM 2010 R2 Technical Reference](/previous-versions/mim/dn510997(v=ws.10)).
 
 > [!div class="mx-imgBorder"]
-> ![Automatic synchronization between AD DS and Azure AD](images/edu-districtdeploy-fig5.png "Automatic synchronization between AD DS and Azure AD")
+> ![Automatic synchronization between AD DS and Azure AD.](images/edu-districtdeploy-fig5.png "Automatic synchronization between AD DS and Azure AD")
 
 *Figure 5. Automatic synchronization between AD DS and Azure AD*
 
@@ -776,10 +532,10 @@ For more information about how to perform this step, see the [Integrate on-premi
 
 ### Method 2: Bulk import into Azure AD from a .csv file
 
-In this method, you have no on-premises AD DS domain. As shown in Figure 6, you manually prepare a .csv file with the student information from your source, and then manually import the information directly into Azure AD. The .csv file must be in the format that Office 365 specifies.
+In this method, you've no on-premises AD DS domain. As shown in Figure 6, you manually prepare a .csv file with the student information from your source, and then manually import the information directly into Azure AD. The .csv file must be in the format that Office 365 specifies.
 
 > [!div class="mx-imgBorder"]
-> ![Bulk import into Azure AD from other sources](images/edu-districtdeploy-fig6.png "Bulk import into Azure AD from other sources")
+> ![Bulk import into Azure AD from other sources.](images/edu-districtdeploy-fig6.png "Bulk import into Azure AD from other sources")
 
 *Figure 6. Bulk import into Azure AD from other sources*
 
@@ -801,7 +557,7 @@ In this section, you selected the method for creating user accounts in your Offi
 You can integrate your on-premises AD DS domain with Azure AD to provide identity management for your Office 365 tenant. With this integration, you can synchronize the users, security groups, and distribution lists in your AD DS domain with Azure AD with the Azure AD Connect tool. Users will be able to sign in to Office 365 automatically by using their email account and the same password they use to sign in to AD DS.
 
 > [!NOTE]
-> If your institution does not have an on-premises AD DS domain, you can skip this section.
+> If your institution doesn't  have an on-premises AD DS domain, you can skip this section.
 
 ### Select a synchronization model
 
@@ -809,17 +565,17 @@ Before you deploy AD DS and Azure AD synchronization, determine where you want t
 
 You can deploy the Azure AD Connect tool:
 
-- **On premises.** As shown in Figure 7, Azure AD Connect runs on premises, which has the advantage of not requiring a VPN connection to Azure. It does, however, require a virtual machine (VM) or physical server.
+- **On premises.** As shown in Figure 7, Azure AD Connect runs on premises which has the advantage of not requiring a VPN connection to Azure. It does, however, require a virtual machine (VM) or physical server.
 
   > [!div class="mx-imgBorder"]
-  > ![Azure AD Connect on premises](images/edu-districtdeploy-fig7.png "Azure AD Connect on premises")
+  > ![Azure AD Connect on premises.](images/edu-districtdeploy-fig7.png "Azure AD Connect on premises")
 
   *Figure 7. Azure AD Connect on premises*
 
 - **In Azure.** As shown in Figure 8, Azure AD Connect runs on a VM in Azure AD, which has the advantages of being faster to provision (than a physical, on-premises server), offers better site availability, and helps reduce the number of on-premises servers. The disadvantage is that you need to deploy a VPN gateway on premises.
 
   > [!div class="mx-imgBorder"]
-  > ![Azure AD Connect in Azure](images/edu-districtdeploy-fig8.png "Azure AD Connect in Azure")
+  > ![Azure AD Connect in Azure.](images/edu-districtdeploy-fig8.png "Azure AD Connect in Azure")
 
   *Figure 8. Azure AD Connect in Azure*
 
@@ -831,7 +587,7 @@ In this synchronization model (illustrated in Figure 7), you run Azure AD Connec
 
 #### To deploy AD DS and Azure AD synchronization
 
-1. Configure your environment to meet the prerequisites for installing Azure AD Connect by performing the steps in [Prerequisites for Azure AD Connect](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect-prerequisites/).
+1. Configure your environment to meet the prerequisites for installing Azure AD Connect by performing the steps in [Prerequisites for Azure AD Connect](/azure/active-directory/cloud-sync/how-to-prerequisites).
 
 2. In the VM or on the physical device that will run Azure AD Connect, sign in with a domain administrator account.
 
@@ -839,7 +595,7 @@ In this synchronization model (illustrated in Figure 7), you run Azure AD Connec
 
 4. Configure Azure AD Connect features based on your institution’s requirements by performing the steps in [Configure sync features](/azure/active-directory/hybrid/whatis-hybrid-identity#configure-sync-features).
 
-Now that you have used on premises Azure AD Connect to deploy AD DS and Azure AD synchronization, you’re ready to verify that Azure AD Connect is synchronizing AD DS user and group accounts with Azure AD.
+Now that you've used on premises Azure AD Connect to deploy AD DS and Azure AD synchronization, you’re ready to verify that Azure AD Connect is synchronizing AD DS user and group accounts with Azure AD.
 
 ### Verify synchronization
 
@@ -866,7 +622,7 @@ Azure AD Connect should start synchronization immediately. Depending on the numb
    The list of security group members should mirror the group membership for the corresponding security group in AD DS.
 8. Close the browser.
 
-Now that you have verified Azure AD Connect synchronization, you’re ready to assign user licenses for Azure AD Premium.
+Now that you've verified Azure AD Connect synchronization, you’re ready to assign user licenses for Azure AD Premium.
 
 #### Summary
 
@@ -886,14 +642,14 @@ Several methods are available to bulk-import user accounts into AD DS domains. T
 |Method |Description and reason to select this method |
 |-------|---------------------------------------------|
 |Ldifde.exe|This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren't comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)), and [LDIFDE](/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)).|
-|VBScript|This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)) and [ADSI Scriptomatic](https://technet.microsoft.com/scriptcenter/dd939958.aspx).|
-|Windows PowerShell|This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Window PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).|
+|VBScript|This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)).|
+|Windows PowerShell|This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Windows PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).|
 
 *Table 12. AD DS bulk-import account methods*
 
 ### Create a source file that contains the user and group accounts
 
-After you have selected your user and group account bulk import method, you’re ready to create the source file that contains the user and group account. You’ll use the source file as the input to the import process. The source file format depends on the method you selected. Table 13 lists the source file format for the bulk import methods.
+After you've selected your user and group account bulk import method, you’re ready to create the source file that contains the user and group account. You’ll use the source file as the input to the import process. The source file format depends on the method you selected. Table 13 lists the source file format for the bulk import methods.
 
 |Method |Source file format |
 |-------|-------------------|
@@ -918,7 +674,7 @@ For more information about how to import user accounts into AD DS by using:
 
 #### Summary
 
-In this section, you selected the bulk-import method, created the source file that contains the user and group accounts, and imported the user and group accounts into AD DS. If you have Azure AD Connect, it automatically synchronizes the new AD DS user and group accounts to Azure AD. Now, you’re ready to assign user licenses for Azure AD Premium in the [Assign user licenses for Azure AD Premium](#assign-user-licenses-for-azure-ad-premium) section later in this guide.
+In this section, you selected the bulk-import method, created the source file that contains the user and group accounts, and imported the user and group accounts into AD DS. If you've Azure AD Connect, it automatically synchronizes the new AD DS user and group accounts to Azure AD. Now, you’re ready to assign user licenses for Azure AD Premium in the [Assign user licenses for Azure AD Premium](#assign-user-licenses-for-azure-ad-premium) section later in this guide.
 
 ## Bulk-import user and group accounts into Office 365
 
@@ -926,16 +682,16 @@ You can bulk-import user and group accounts directly into Office 365, reducing t
 
 ### Create user accounts in Office 365
 
-Now that you have created your new Office 365 Education subscription, you need to create user accounts. You can add user accounts for the teachers, other faculty, and students who will use the classroom.
+Now that you've created your new Office 365 Education subscription, you need to create user accounts. You can add user accounts for the teachers, other faculty, and students who will use the classroom.
 
 > [!NOTE]
 > If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant.
 
-You can use the Microsoft 365 admin center to add individual Office 365 accounts manually—a reasonable process when you’re adding only a few users. If you have many users, however, you can automate the process by creating a list of those users, and then use that list to create user accounts (that is, bulk-add users).
+You can use the Microsoft 365 admin center to add individual Office 365 accounts manually—a reasonable process when you’re adding only a few users. If you've many users, however, you can automate the process by creating a list of those users, and then use that list to create user accounts (that is, bulk-add users).
 
 The bulk-add process assigns the same Office 365 Education license plan to all users on the list. Therefore, you must create a separate list for each license plan you recorded in Table 9. Depending on the number of faculty members who need to use the classroom, you may want to add the faculty Office 365 accounts manually; however, use the bulk-add process to add student accounts.
 
-For more information about how to bulk-add users to Office 365, see [Add several users at the same time to Office 365 - Admin help](https://support.office.com/en-us/article/Add-several-users-at-the-same-time-to-Office-365-Admin-Help-1f5767ed-e717-4f24-969c-6ea9d412ca88?ui=en-US&rs=en-US&ad=US).
+For more information about how to bulk-add users to Office 365, see [Add several users at the same time to Microsoft 365](/microsoft-365/enterprise/add-several-users-at-the-same-time).
 
 > [!NOTE]
 > If you encountered errors during bulk add, resolve them before you continue the bulk-add process. You can view the log file to see which users caused the errors, and then modify the .csv file to correct the problems. Click **Back** to retry the verification process.
@@ -949,7 +705,7 @@ Assign SharePoint Online resource permissions to Office 365 security groups, not
 > [!NOTE]
 > If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant.
 
-For information about creating security groups, see [Create an Office 365 Group in the admin center](https://support.office.com/en-us/article/Create-an-Office-365-Group-in-the-admin-center-74a1ef8b-3844-4d08-9980-9f8f7a36000f?ui=en-US&rs=en-001&ad=US).
+For information about creating security groups, see [Create an Office 365 Group in the admin center](/microsoft-365/admin/create-groups/create-groups).
 
 You can add and remove users from security groups at any time.
 
@@ -963,14 +719,14 @@ Microsoft Exchange Online uses an email distribution group as a single email rec
 You can create email distribution groups based on job role (such as teacher, administration, or student) or specific interests (such as robotics, drama club, or soccer team). You can create any number of distribution groups, and users can be members of more than one group.
 
 > [!NOTE]
-> Office 365 can take some time to complete the Exchange Online creation process. You will have to wait until the creation process ends before you can perform the following steps.
+> Office 365 can take some time to complete the Exchange Online creation process. You'll have to wait until the creation process ends before you can perform the following steps.
 
 
-For information about creating email distribution groups, see [Create an Office 365 Group in the admin center](https://support.office.com/en-us/article/Create-an-Office-365-Group-in-the-admin-center-74a1ef8b-3844-4d08-9980-9f8f7a36000f?ui=en-US&rs=en-001&ad=US).
+For information about creating email distribution groups, see [Create a Microsoft 365 group in the admin center](/microsoft-365/admin/create-groups/create-groups).
 
 #### Summary
 
-You have bulk-imported the user accounts into Office 365. First, you selected the bulk-import method. Next, you created the Office 365 security groups in Office 365. Finally, you created the Office 365 email distribution groups. Now, you’re ready to assign user licenses for Azure AD Premium.
+You've bulk-imported the user accounts into Office 365. First, you selected the bulk-import method. Next, you created the Office 365 security groups in Office 365. Finally, you created the Office 365 email distribution groups. Now, you’re ready to assign user licenses for Azure AD Premium.
 
 ## Assign user licenses for Azure AD Premium
 
@@ -993,7 +749,7 @@ This section shows you how to create a Microsoft Store for Business portal and c
 
 ### Create and configure your Microsoft Store for Business portal
 
-To create and configure your Microsoft Store for Business portal, simply use the administrative account for your Office 365 subscription to sign in to Microsoft Store for Business. Microsoft Store for Business automatically creates a portal for your institution and uses your account as its administrator.
+To create and configure your Microsoft Store for Business portal, use the administrative account for your Office 365 subscription to sign in to Microsoft Store for Business. Microsoft Store for Business automatically creates a portal for your institution and uses your account as its administrator.
 
 #### To create and configure a Microsoft Store for Business portal
 
@@ -1013,17 +769,17 @@ After you create the Microsoft Store for Business portal, configure it by using
 |--------------|----------------------------|
 |Account information |Displays information about your Microsoft Store for Business account (no settings can be changed). You make changes to this information in Office 365 or the Azure Management Portal. For more information, see [Update Microsoft Store for Business account settings](/microsoft-store/update-microsoft-store-for-business-account-settings).|
 |Device Guard signing |Allows you to upload and sign Device Guard catalog and policy files. For more information about Device Guard, see [Device Guard deployment guide](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).|
-|LOB publishers |Allows you to add line-of-business (LOB) publishers that can then publish apps to your private store. LOB publishers are usually internal developers or software vendors that are working with your institution. For more information, see [Working with line-of-business apps](/microsoft-store/working-with-line-of-business-apps).|
+|LOB publishers |Allows you to add line-of-business (LOB) publishers that can then publish apps to your private store. LOB publishers are internal developers or software vendors that are working with your institution. For more information, see [Working with line-of-business apps](/microsoft-store/working-with-line-of-business-apps).|
 |Management tools |Allows you to add tools that you can use to distribute (deploy) apps in your private store. For more information, see [Distribute apps with a management tool](/microsoft-store/distribute-apps-with-management-tool).|
 |Offline licensing|Allows you to show (or not show) offline licensed apps to people shopping in your private store. For more information, see the “Licensing model: online and offline licenses” section in [Apps in Microsoft Store for Business](/microsoft-store/apps-in-microsoft-store-for-business#licensing-model).|
-|Permissions |Allows you to grant other users in your organization the ability to buy, manage, and administer your Microsoft Store for Business portal. You can also remove permissions you have previously granted. For more information, see [Roles and permissions in Microsoft Store for Business](/microsoft-store/roles-and-permissions-microsoft-store-for-business).|
+|Permissions |Allows you to grant other users in your organization the ability to buy, manage, and administer your Microsoft Store for Business portal. You can also remove permissions you've previously granted. For more information, see [Roles and permissions in Microsoft Store for Business](/microsoft-store/roles-and-permissions-microsoft-store-for-business).|
 |Private store |Allows you to change the organization name used in your Microsoft Store for Business portal. When you create your portal, the private store uses the organization name that you used to create your Office 365 subscription. For more information, see [Distribute apps using your private store](/microsoft-store/distribute-apps-from-your-private-store).|
 
 *Table 14. Menu selections to configure Microsoft Store for Business settings*
 
 ### Find, acquire, and distribute apps in the portal
 
-Now that you have created your Microsoft Store for Business portal, you’re ready to find, acquire, and distribute apps that you will add to your portal. You do this from the **Inventory** page in Microsoft Store for Business.
+Now that you've created your Microsoft Store for Business portal, you’re ready to find, acquire, and distribute apps that you'll add to your portal. You do this task from the **Inventory** page in Microsoft Store for Business.
 
 > [!NOTE]
 > Your educational institution can now use a credit card or purchase order to pay for apps in Microsoft Store for Business.
@@ -1034,18 +790,18 @@ For more information about how to find, acquire, and distribute apps in the port
 
 #### Summary
 
-At the end of this section, you should have a properly configured Microsoft Store for Business portal. You have also found and acquired your apps from Microsoft Store. Finally, you should have deployed all your Microsoft Store apps to your users. Now, you’re ready to deploy Microsoft Store apps to your users.
+At the end of this section, you should have a properly configured Microsoft Store for Business portal. You've also found and acquired your apps from Microsoft Store. Finally, you should have deployed all your Microsoft Store apps to your users. Now, you’re ready to deploy Microsoft Store apps to your users.
 
 ## Plan for deployment
 
-You will use the LTI deployment process in MDT to deploy Windows 10 to devices or to upgrade devices to Windows 10. Prior to preparing for deployment, you must make some deployment planning decisions, including selecting the operating systems you will use, the approach you will use to create your Windows 10 images, and the method you will use to initiate the LTI deployment process.
+You'll use the LTI deployment process in MDT to deploy Windows 10 to devices or to upgrade devices to Windows 10. Prior to preparing for deployment, you must make some deployment planning decisions, including selecting the operating systems you'll use, the approach you'll use to create your Windows 10 images, and the method you'll use to initiate the LTI deployment process.
 
 ### Select the operating systems
 
-Later in the process, you will import the versions of Windows 10 you want to deploy. You can deploy the operating system to new devices, refresh existing devices, or upgrade existing devices. In the case of:
+Later in the process, you'll import the versions of Windows 10 you want to deploy. You can deploy the operating system to new devices, refresh existing devices, or upgrade existing devices. In the case of:
 
-* New devices or refreshing existing devices, you will completely replace the existing operating system on a device with Windows 10.
-* Upgrading existing devices, you will upgrade the existing operating system (the Windows 8.1 or Windows 7 operating system) to Windows 10.
+* New devices or refreshing existing devices, you'll completely replace the existing operating system on a device with Windows 10.
+* Upgrading existing devices, you'll upgrade the existing operating system (the Windows 8.1 or Windows 7 operating system) to Windows 10.
 
 
 Depending on your school’s requirements, you may need any combination of the following Windows 10 editions:
@@ -1063,12 +819,12 @@ Depending on your school’s requirements, you may need any combination of the f
 
 For more information about the Windows 10 editions, see [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare).
 
-One other consideration is the mix of processor architectures you will support. If you can, support only 64-bit versions of Windows 10. If you have devices that can run only 32-bit versions of Windows 10, you will need to import both 64-bit and 32-bit versions of the Windows 10 editions listed above.
+One other consideration is the mix of processor architectures you'll support. If you can, support only 64-bit versions of Windows 10. If you've devices that can run only 32-bit versions of Windows 10, you'll need to import both 64-bit and 32-bit versions of the Windows 10 editions listed above.
 
 > [!NOTE]
 > On devices that have minimal system resources (such as devices with only 2 GB of memory or 32 GB of storage), use 32-bit versions of Windows 10 because 64-bit versions of Windows 10 place more stress on device system resources.
 
-Finally, as a best practice, minimize the number of operating systems that you deploy and manage. If possible, standardize institution-owned devices on one Windows 10 edition (such as a 64-bit version of Windows 10 Education or Windows 10 Pro). Of course, you cannot standardize personal devices on a specific operating system version or processor architecture.
+Finally, as a best practice, minimize the number of operating systems that you deploy and manage. If possible, standardize institution-owned devices on one Windows 10 edition (such as a 64-bit version of Windows 10 Education or Windows 10 Pro). Of course, you can't  standardize personal devices on a specific operating system version or processor architecture.
 
 ### Select an image approach
 
@@ -1083,63 +839,11 @@ This guide discusses thick image deployment. For information about thin image de
 ### Select a method to initiate deployment
 The LTI deployment process is highly automated: it requires minimal information to deploy or upgrade Windows 10. The ZTI deployment process is fully automated, but you must manually initiate it. To do so, use the method listed in Table 15 that best meets the needs of your institution.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    MethodDescription and reason to select this method
                    Windows Deployment Services
                    This method:
                    
-
                      
-
                    • Uses diskless booting to initiate LTI and ZTI deployments.
                      • 
-
                    • Works only with devices that support PXE boot.
                      • 
-
                    • Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media.
                      • 
-
                    • Deploys images more slowly than when you use local media.
                      • 
-
                    • Requires that you deploy a Windows Deployment Services server.
                      • 
-
                    
-
                    Select this method when you want to deploy Windows over-the-network and perform diskless booting. The advantage of this method is that the diskless media are generic and typically don’t require updates after you create them (LTI and ZTI access the centrally located deployment content over the network). The disadvantage of this method is that over-the-network deployments are slower than deployments from local media, and you must deploy a Windows Deployment Services server.
-
                    Bootable media
                    This method:
                    
-
                      
-
                    • Initiates LTI or ZTI deployment by booting from local media, including from USB drives, DVD, or CD.
                      • 
-
                    • Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media.
                      • 
-
                    • Deploys images more slowly than when using local media.
                      • 
-
                    • Requires no additional infrastructure.
                      • 
-
                    
-
                    Select this method when you want to deploy Windows over the network and are willing to boot the target device from local media. The advantage of this method is that the media are generic and typically don’t require updates after you create them (LTI and ZTI access the centrally located deployment content over the network). The disadvantage of this method is that over-the-network deployments are slower than deployment from local media.
-
                    Deployment media
                    This method:
                    
-
                      
-
                    • Initiates LTI or ZTI deployment by booting from a local USB hard disk.
                      • 
-
                    • Deploys Windows 10 from local media, which consumes less network bandwidth than over-the-network methods.
                      • 
-
                    • Deploys images more quickly than network-based methods do.
                      • 
-
                    • Requires a USB hard disk because of the deployment share’s storage requirements (up to 100 GB).
                      • 
-
                    
-
                    Select this method when you want to perform local deployments and are willing to boot the target device from a local USB hard disk. The advantage of this method is that local deployments are faster than over-the-network deployments. The disadvantage of this method is that each time you change the deployment share or distribution point content, you must regenerate the deployment media and update the USB hard disk.
-
                    
+|Method|Description and reason to select this method|
+|--- |--- |
+|Windows Deployment Services|This method:
                  • Uses diskless booting to initiate LTI and ZTI deployments.
                  • Works only with devices that support PXE boot.
                  • Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media.
                  • Deploys images more slowly than when you use local media.
                  • Requires that you deploy a Windows Deployment Services server.

                    Select this method when you want to deploy Windows over-the-network and perform diskless booting. The advantage of this method is that the diskless media are generic and typically don’t require updates after you create them (LTI and ZTI access the centrally located deployment content over the network). The disadvantage of this method is that over-the-network deployments are slower than deployments from local media, and you must deploy a Windows Deployment Services server.|
+|Bootable media|This method:
                  • Initiates LTI or ZTI deployment by booting from local media, including from USB drives, DVD, or CD.
                  • Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media.
                  • Deploys images more slowly than when using local media.
                  • Requires no extra infrastructure.
                     
                    Select this method when you want to deploy Windows over the network and are willing to boot the target device from local media. The advantage of this method is that the media are generic and typically don’t require updates after you create them (LTI and ZTI access the centrally located deployment content over the network). The disadvantage of this method is that over-the-network deployments are slower than deployment from local media.|
+|Deployment media|This method:
                  • Initiates LTI or ZTI deployment by booting from a local USB hard disk.
                  • Deploys Windows 10 from local media, which consumes less network bandwidth than over-the-network methods.
                  • Deploys images more quickly than network-based methods do.
                  • Requires a USB hard disk because of the deployment share’s storage requirements (up to 100 GB).
                     
                    Select this method when you want to perform local deployments and are willing to boot the target device from a local USB hard disk. The advantage of this method is that local deployments are faster than over-the-network deployments. The disadvantage of this method is that each time you change the deployment share or distribution point content, you must regenerate the deployment media and update the USB hard disk.
 
 *Table 15. Methods to initiate LTI and ZTI deployments*
 
@@ -1154,100 +858,23 @@ Before you can deploy Windows 10 and your apps to devices, you need to prepare y
 
 The first step in preparing for Windows 10 deployment is to configure—that is, *populate*—the MDT deployment share. Table 16 lists the MDT deployment share configuration tasks that you must perform. Perform the tasks in the order represented in Table 16.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    TaskDescription
                    1. Import operating systemsImport the operating systems that you selected in the Select the operating systems section into the deployment share. For more information about how to import operating systems, see Import an Operating System into the Deployment Workbench.
                    2. Import device driversDevice drivers allow Windows 10 to know a device’s hardware resources and connected hardware accessories. Without the proper device drivers, certain features may be unavailable. For example, without the proper audio driver, a device cannot play sounds; without the proper camera driver, the device cannot take photos or use video chat.

                    
-Import device drivers for each device in your institution. For more information about how to import device drivers, see Import Device Drivers into the Deployment Workbench.
-
                    3. Create MDT applications for Microsoft Store appsCreate an MDT application for each Microsoft Store app you want to deploy. You can deploy Microsoft Store apps by using sideloading, which allows you to use the Add-AppxPackage Windows PowerShell cmdlet to deploy the .appx files associated with the app (called provisioned apps). Use this method to deploy up to 24 apps to Windows 10.

                    
-
                    Prior to sideloading the .appx files, obtain the Microsoft Store .appx files that you will use to deploy (sideload) the apps in your provisioning package. For apps in Microsoft Store, you will need to obtain the .appx files by performing one of the following tasks:
                    
-
                      
-
                    • For offline-licensed apps, download the .appx files from the Microsoft Store for Business.
                      • 
-
                    • For apps that are not offline licensed, obtain the .appx files from the app software vendor directly.
                      • 
-
                    
-
                    If you are unable to obtain the .appx files from the app software vendor, then you or the students will need to install the apps on the student devices directly from Microsoft Store or Microsoft Store for Business.

                    
-If you have Intune or Microsoft Endpoint Configuration Manager, you can deploy Microsoft Store apps after you deploy Windows 10, as described in the Deploy and manage apps by using Intune and Deploy and manage apps by using Microsoft Endpoint Configuration Manager sections. This method provides granular deployment of Microsoft Store apps, and you can use it for ongoing management of Microsoft Store apps. This is the preferred method of deploying and managing Microsoft Store apps.

                    
-In addition, you must prepare your environment for sideloading Microsoft Store apps. For more information about how to:

                    
-
-
-
                    4. Create MDT applications for Windows desktop appsYou need to create an MDT application for each Windows desktop app you want to deploy. You can obtain the Windows desktop apps from any source, but ensure that you have sufficient licenses for them.

                    
-To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool.

                    
-If you have Intune, you can deploy Windows desktop apps after you deploy Windows 10, as described in the Deploy and manage apps by using Intune section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps. This is the preferred method for deploying and managing Windows desktop apps.
-

                    
-Note  You can also deploy Windows desktop apps after you deploy Windows 10, as described in the Deploy and manage apps by using Intune section.
-
-For more information about how to create an MDT application for Window desktop apps, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt).
-
-
                    5. Create task sequences
                    You must create separate task sequences for each Windows 10 edition, processor architecture, operating system upgrade process, and new operating system deployment process. Minimally, create a task sequence for each Windows 10 operating system you imported in step 1—for example, (1) if you want to deploy Windows 10 Education to new devices or refresh existing devices with a new deployment of Windows 10 Education, (2) if you want to upgrade existing devices running Windows 8.1 or Windows 7 to Windows 10 Education, or (3) if you want to run deployments and upgrades for both 32-bit and 64-bit versions of Windows 10. To do so, you must create task sequences that will:
                    
-
                      
-
                    • Deploy 64-bit Windows 10 Education to devices.
                      • 
-
                    • Deploy 32-bit Windows 10 Education to devices.
                      • 
-
                    • Upgrade existing devices to 64-bit Windows 10 Education.
                      • 
-
                    • Upgrade existing devices to 32-bit Windows 10 Education.
                      • 
-
                    
-
                    Again, you will create the task sequences based on the operating systems that you imported in step 1. For more information about how to create a task sequence, see Create a New Task Sequence in the Deployment Workbench.
-
-
                    6. Update the deployment shareUpdating a deployment share generates the MDT boot images you use to initiate the Windows 10 deployment process. You can configure the process to create 32-bit and 64-bit versions of the .iso and .wim files you can use to create bootable media or in Windows Deployment Services.

                    
-For more information about how to update a deployment share, see Update a Deployment Share in the Deployment Workbench.
-
-
                    
+|Task|Description|
+|--- |--- |
+|1. Import operating systems|Import the operating systems that you selected in the [Select the operating systems](#select-the-operating-systems) section into the deployment share. For more information about how to import operating systems, see [Import Device Drivers into the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#ImportDeviceDriversintotheDeploymentWorkbench)|
+|2. Import device drivers|Device drivers allow Windows 10 to know a device’s hardware resources and connected hardware accessories. Without the proper device drivers, certain features may be unavailable. For example, without the proper audio driver, a device can't  play sounds; without the proper camera driver, the device can't  take photos or use video chat.
                    Import device drivers for each device in your institution. For more information about how to import device drivers, see [Import Device Drivers into the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#ImportDeviceDriversintotheDeploymentWorkbench)|
+|3. Create MDT applications for Microsoft Store apps|Create an MDT application for each Microsoft Store app you want to deploy. You can deploy Microsoft Store apps by using sideloading, which allows you to use the **Add-AppxPackage** Windows PowerShell cmdlet to deploy the .appx files associated with the app (called provisioned apps). Use this method to deploy up to 24 apps to Windows 10.
                    Prior to sideloading the .appx files, obtain the Microsoft Store .appx files that you'll use to deploy (sideload) the apps in your provisioning package. For apps in Microsoft Store, you'll need to obtain the .appx files by performing one of the following tasks:
                  • For offline-licensed apps, download the .appx files from the Microsoft Store for Business.
                  • For apps that aren't  offline licensed, obtain the .appx files from the app software vendor directly.
                     
                     If you are unable to obtain the .appx files from the app software vendor, then you or the students will need to install the apps on the student devices directly from Microsoft Store or Microsoft Store for Business.
                    If you've Intune or Microsoft Endpoint Configuration Manager, you can deploy Microsoft Store apps after you deploy Windows 10, as described in the [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune) and [Deploy and manage apps by using Microsoft Endpoint Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager). This method provides granular deployment of Microsoft Store apps, and you can use it for ongoing management of Microsoft Store apps. This is the preferred method of deploying and managing Microsoft Store apps.
                    In addition, you must prepare your environment for sideloading Microsoft Store apps. For more information about how to:
                  • Prepare your environment for sideloading, see [Try it out: sideload Microsoft Store apps](/previous-versions/windows/).
                  • Create an MDT application, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewApplicationintheDeploymentWorkbench).|
+|4. Create MDT applications for Windows desktop apps|You need to create an MDT application for each Windows desktop app you want to deploy. You can obtain the Windows desktop apps from any source, but ensure that you've sufficient licenses for them.
                    To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in[Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](/deployoffice/deploy-microsoft-365-apps-local-source).
                     If you've Intune, you can [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune), as described in the Deploy and manage apps by using Intune section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps.
                    This is the preferred method for deploying and managing Windows desktop apps.
                    **Note:**  You can also deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune) 
                    For more information about how to create an MDT application for Windows desktop apps, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt).|
+|5. Create task sequences|You must create separate task sequences for each Windows 10 edition, processor architecture, operating system upgrade process, and new operating system deployment process. Minimally, create a task sequence for each Windows 10 operating system you imported in step 1—for example, (1) if you want to deploy Windows 10 Education to new devices or refresh existing devices with a new deployment of Windows 10 Education, (2) if you want to upgrade existing devices running Windows 8.1 or Windows 7 to Windows 10 Education, or (3) if you want to run deployments and upgrades for both 32-bit and 64-bit versions of Windows 10. To do so, you must create task sequences that will:
                  • Deploy 64-bit Windows 10 Education to devices.
                  • Deploy 32-bit Windows 10 Education to devices.
                  • Upgrade existing devices to 64-bit Windows 10 Education.
                  • Upgrade existing devices to 32-bit Windows 10 Education.
                     
                    Again, you'll create the task sequences based on the operating systems that you imported in step 1. For more information about how to create a task sequence, see [Create a New Task Sequence in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewTaskSequenceintheDeploymentWorkbench).|
+|6. Update the deployment share|Updating a deployment share generates the MDT boot images you use to initiate the Windows 10 deployment process. You can configure the process to create 32-bit and 64-bit versions of the .iso and .wim files you can use to create bootable media or in Windows Deployment Services.
                    For more information about how to update a deployment share, see [Update a Deployment Share in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#UpdateaDeploymentShareintheDeploymentWorkbench).|
 
 *Table 16. Tasks to configure the MDT deployment share*
 
 ### Configure Microsoft Endpoint Configuration Manager
 
 > [!NOTE]
-> If you have already configured your Microsoft Endpoint Manager infrastructure to support the operating system deployment feature or if you selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next section.
+> If you've already configured your Microsoft Endpoint Manager infrastructure to support the operating system deployment feature or if you selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next section.
 
-Before you can use Configuration Manager to deploy Windows 10 and manage your apps and devices, you must configure Configuration Manager to support the operating system deployment feature. If you don’t have an existing Configuration Manager infrastructure, you will need to deploy a new infrastructure.
+Before you can use Configuration Manager to deploy Windows 10 and manage your apps and devices, you must configure Configuration Manager to support the operating system deployment feature. If you don’t have an existing Configuration Manager infrastructure, you'll need to deploy a new infrastructure.
 
 Deploying a new Configuration Manager infrastructure is beyond the scope of this guide, but the following resources can help you deploy a new Configuration Manager infrastructure:
 
@@ -1262,21 +889,21 @@ Deploying a new Configuration Manager infrastructure is beyond the scope of this
     Ensure that your existing infrastructure can support the operating system deployment feature. For more information, see [Infrastructure requirements for operating system deployment in Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/plan-design/infrastructure-requirements-for-operating-system-deployment).
 2. Add the Windows PE boot images, Windows 10 operating systems, and other content.
 
-    You need to add the Windows PE boot images, Windows 10 operating system images, and other deployment content that you will use to deploy Windows 10 with ZTI. To add this content, use the Create MDT Task Sequence Wizard.
+    You need to add the Windows PE boot images, Windows 10 operating system images, and other deployment content that you'll use to deploy Windows 10 with ZTI. To add this content, use the Create MDT Task Sequence Wizard.
 
     You can add this content by using Microsoft Endpoint Manager only (without MDT), but the Create MDT Task Sequence Wizard is the preferred method because the wizard prompts you for all the deployment content you need for a task sequence and provides a much more intuitive user experience. For more information, see [Create ZTI Task Sequences Using the Create MDT Task Sequence Wizard in Configuration Manager](/mem/configmgr/mdt/use-the-mdt#CreateZTITaskSequencesUsingtheCreateMDTTaskSequenceWizardinConfigurationManager).
 3. Add device drivers.
 
-    You must add device drivers for the different device types in your district. For example, if you have a mixture of Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you must have the device drivers for each device.
+    You must add device drivers for the different device types in your district. For example, if you've a mixture of Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you must have the device drivers for each device.
 
     Create a Microsoft Endpoint Manager driver package for each device type in your district. For more information, see [Manage drivers in Configuration Manager](/mem/configmgr/osd/get-started/manage-drivers).
 4. Add Windows apps.
 
-    Install the Windows apps (Windows desktop and Microsoft Store apps) that you want to deploy after the task sequence deploys your customized image (a thick, reference image that include Windows 10 and your core Windows desktop apps). These apps are in addition to the apps included in your reference image. You can only deploy Microsoft Store apps after you deploy Windows 10 because you cannot capture Microsoft Store apps in a reference image. Microsoft Store apps target users, not devices.
+    Install the Windows apps (Windows desktop and Microsoft Store apps) that you want to deploy after the task sequence deploys your customized image (a thick, reference image that includes Windows 10 and your core Windows desktop apps). These apps are in addition to the apps included in your reference image. You can only deploy Microsoft Store apps after you deploy Windows 10 because you can't capture Microsoft Store apps in a reference image. Microsoft Store apps target users, not devices.
 
     Create a Configuration Manager application for each Windows desktop or Microsoft Store app that you want to deploy after you apply the reference image to a device. For more information, see [Deploy and manage applications with Configuration Manager](/mem/configmgr/apps/deploy-use/deploy-applications).
 
-### Configure Window Deployment Services for MDT
+### Configure Windows Deployment Services for MDT
 
 You can use Windows Deployment Services in conjunction with MDT to automatically initiate boot images on target devices. These boot images can be Windows PE images (which you generated in step 6 in Table 16) or custom images that can deploy operating systems directly to the target devices.
 
@@ -1294,14 +921,14 @@ You can use Windows Deployment Services in conjunction with MDT to automatically
 
 2. Add LTI boot images (Windows PE images) to Windows Deployment Services.
 
-    The LTI boot images (.wim files) that you will add to Windows Deployment Services are in the MDT deployment share. Locate the .wim files in the deployment share’s Boot subfolder.
+    The LTI boot images (.wim files) that you'll add to Windows Deployment Services are in the MDT deployment share. Locate the .wim files in the deployment share’s Boot subfolder.
 
     For more information about how to perform this step, see [Add LTI Boot Images to Windows Deployment Services](/mem/configmgr/mdt/use-the-mdt#AddLTIBootImagestoWindowsDeploymentServices).
 
-### Configure Window Deployment Services for Microsoft Endpoint Configuration Manager
+### Configure Windows Deployment Services for Microsoft Endpoint Configuration Manager
 
 > [!NOTE]
-> If you have already configured your Microsoft Endpoint Manager infrastructure to support PXE boot or selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next.
+> If you've already configured your Microsoft Endpoint Manager infrastructure to support PXE boot or selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next.
 
 You can use Windows Deployment Services in conjunction with Configuration Manager to automatically initiate boot images on target devices. These boot images are Windows PE images that you use to boot the target devices, and then initiate Windows 10, app, and device driver deployment.
 
@@ -1328,7 +955,7 @@ You can use Windows Deployment Services in conjunction with Configuration Manage
 
 #### Summary
 
-Your MDT deployment share and Microsoft Endpoint Manager are now ready for deployment. Windows Deployment Services is ready to initiate the LTI or ZTI deployment process. You have set up and configured Windows Deployment Services for MDT and for Configuration Manager. You have also ensured that your boot images are available to Windows Deployment Services (for LTI) or the distribution points (for ZTI and Configuration Manager). Now, you’re ready to capture the reference images for the different devices you have in your district.
+Your MDT deployment share and Microsoft Endpoint Manager are now ready for deployment. Windows Deployment Services is ready to initiate the LTI or ZTI deployment process. You've set up and configured Windows Deployment Services for MDT and for Configuration Manager. You've also ensured that your boot images are available to Windows Deployment Services (for LTI) or the distribution points (for ZTI and Configuration Manager). Now, you’re ready to capture the reference images for the different devices you've in your district.
 
 ## Capture the reference image
 
@@ -1336,7 +963,7 @@ The reference device is a device that you use as the template for all the other
 
 After you deploy Windows 10 and the desktop apps to the reference device, you capture an image of the device (the reference image). You import the reference image to an MDT deployment share or into Configuration Manager. Finally, you create a task sequence to deploy the reference image to faculty and student devices.
 
-You will capture multiple reference images, one for each type of device that you have in your organization. You perform the steps in this section for each image (device) that you have in your district. Use LTI in MDT to automate the deployment and capture of the reference image.
+You'll capture multiple reference images, one for each type of device that you've in your organization. You perform the steps in this section for each image (device) that you've in your district. Use LTI in MDT to automate the deployment and capture of the reference image.
 
 > [!NOTE]
 > You can use LTI in MDT or Configuration Manager to automate the deployment and capture of the reference image, but this guide only discusses how to use LTI in MDT to capture the reference image.
@@ -1364,7 +991,7 @@ You initially configured the MDT deployment share in the [Configure the MDT depl
 
     A *selection profile* lets you select specific device drivers. For example, if you want to deploy the device drivers for a Surface Pro 4 device, you can create a selection profile that contains only the Surface Pro 4 device drivers.
 
-    First, in the Out-of-Box Drivers node in the Deployment Workbench, create a folder that will contain your device drivers. Next, import the device drivers into the folder you just created. Finally, create the selection profile and specify the folder that contains the device drivers. For more information, see the following resources:
+    First, in the Out-of-Box Drivers node in the Deployment Workbench, create a folder that will contain your device drivers. Next, import the device drivers into the folder you created. Finally, create the selection profile and specify the folder that contains the device drivers. For more information, see the following resources:
 
     * [Create Folders to Organize Device Drivers for LTI Deployments](/mem/configmgr/mdt/use-the-mdt#CreateFolderstoOrganizeDeviceDriversforLTIDeployments)
     * [Create Selection Profiles to Select the Device Drivers for LTI Deployments](/mem/configmgr/mdt/use-the-mdt#CreateSelectionProfilestoSelecttheDeviceDriversforLTIDeployments)
@@ -1392,7 +1019,7 @@ In most instances, deployments occur without incident. Only in rare occasions do
 
 ### Import reference image
 
-After you have captured the reference image (.wim file), import the image into the MDT deployment share or into Configuration Manager (depending on which method you selected to perform Windows 10 deployments). You will deploy the reference image to the student and faculty devices in your district.
+After you've captured the reference image (.wim file), import the image into the MDT deployment share or into Configuration Manager (depending on which method you selected to perform Windows 10 deployments). You'll deploy the reference image to the student and faculty devices in your district.
 
 Both the Deployment Workbench and the Configuration Manager console have wizards that help you import the reference image. After you import the reference image, you need to create a task sequence that will deploy the reference image.
 
@@ -1403,9 +1030,9 @@ For more information about how to import the reference image into:
 
 ### Create a task sequence to deploy the reference image
 
-You created an LTI task sequence in the Deployment Workbench earlier in this process to deploy Windows 10 and your desktop apps to the reference device. Now that you have captured and imported your reference image, you need to create a tasks sequence to deploy it.
+You created an LTI task sequence in the Deployment Workbench earlier in this process to deploy Windows 10 and your desktop apps to the reference device. Now that you've captured and imported your reference image, you need to create a tasks sequence to deploy it.
 
-As you might expect, both the Deployment Workbench and the Configuration Manager console have wizards that help you create a starting task sequence. After you create your task sequence, in most instances you will need to customize it to deploy additional apps, device drivers, and other software.
+As you might expect, both the Deployment Workbench and the Configuration Manager console have wizards that help you create a starting task sequence. After you create your task sequence, in most instances you'll need to customize it to deploy more apps, device drivers, and other software.
 
 For more information about how to create a task sequence in the:
 
@@ -1417,7 +1044,7 @@ In this section, you customized the MDT deployment share to deploy Windows 10 an
 
 ## Prepare for device management
 
-Before you deploy Windows 10 in your district, you must prepare for device management. You will deploy Windows 10 in a configuration that complies with your requirements, but you want to help ensure that your deployments remain compliant.
+Before you deploy Windows 10 in your district, you must prepare for device management. You'll deploy Windows 10 in a configuration that complies with your requirements, but you want to help ensure that your deployments remain compliant.
 
 You also want to deploy apps and software updates after you deploy Windows 10. You need to manage apps and updates by using Configuration Manager, Intune, or a combination of both (hybrid model).
 
@@ -1428,124 +1055,28 @@ Microsoft has several recommended settings for educational institutions. Table 1
 > [!NOTE]
 > The settings for Intune in Table 17 also apply to the Configuration Manager and Intune management (hybrid) method.
 
-Use the information in Table 17 to help you determine whether you need to configure the setting and which method you will use to do so. At the end, you will have a list of settings that you want to apply to the Windows 10 devices and know which management method you will use to configure the settings.
+Use the information in Table 17 to help you determine whether you need to configure the setting and which method you'll use to do so. At the end, you'll have a list of settings that you want to apply to the Windows 10 devices and know which management method you'll use to configure the settings.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Recommendation|Description|
+|--- |--- |
+|Use of Microsoft accounts|You want faculty and students to use only Azure AD accounts for institution-owned devices. For these devices, don't  use Microsoft accounts or associate a Microsoft account with the Azure AD accounts.
                    **Note**  Personal devices typically use Microsoft accounts. Faculty and students can associate their Microsoft account with their Azure AD account on these devices. 
                    **Group Policy.** Configure the [Accounts: Block Microsoft accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj966262(v=ws.11)) Group Policy setting to use the **Users can’t add Microsoft accounts** setting option.
                    ****Intune**.** To enable or disable the use of Microsoft accounts, use the **Allow Microsoft account**, **Allow adding non-Microsoft accounts manually**, and **Allow settings synchronization for Microsoft accounts** policy settings under the **Accounts and Synchronization** section of a **Windows 10 General Configuration** policy.|
+|Restrict the local administrator accounts on the devices|Ensure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.
                    **Group Policy**. Create a Local Group Policy preference to limit the local administrators group membership. Select the Delete all member users and Delete all member groups check boxes to remove any existing members. For more information about how to configure Local Group preferences, see Configure a Local Group Item. 
                    **Intune**. Not available.|
+|Manage the built-in administrator account created during device deployment|When you use MDT to deploy Windows 10, the MDT deployment process automatically creates a local Administrator account with the password you specified. As a security best practice, rename the built-in Administrator account and (optionally) disable it.
                     **Group Policy**. To rename the built-in Administrator account, use the Accounts: Rename administrator account Group policy setting. For more information about how to rename the built-in Administrator account, see [To rename the Administrator account using the Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-essentials-sbs/cc747484(v=ws.10)). You specify the new name for the Administrator account. To disable the built-in Administrator account, use the Accounts: Administrator account status Group policy setting. For more information about how to disable the built-in Administrator account, see [Accounts: Administrator account status](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj852165(v=ws.11)).
                     **Intune**. Not available.|
+|Control Microsoft Store access|You can control access to Microsoft Store and whether existing Microsoft Store apps receive updates. You can only disable the Microsoft Store app in Windows 10 Education and Windows 10 Enterprise.
                    **Group policy**. To disable the Microsoft Store app, use the Turn off the Store Application group policy setting. To prevent Microsoft Store apps from receiving updates, use the Turn off Automatic Download and Install of updates Group Policy setting. For more information about configuring these settings, see Can I use Group Policy to control the Microsoft Store in my enterprise environment?
                    **Intune**. To enable or disable Microsoft Store access, use the Allow application store policy setting in the Apps section of a Windows 10 General Configuration policy.|
+|Use of Remote Desktop connections to devices|Remote Desktop connections could allow unauthorized access to the device. Depending on your institution’s policies, you may want to disable Remote Desktop connections on your devices.
                    **Group policy**. To enable or disable Remote Desktop connections to devices, use the Allow Users to connect remotely using Remote Desktop setting in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections.
                    **Intune**. Not available.|
+|Use of camera|A device’s camera can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the camera on your devices.
                    **Group policy**. Not available.
                    **Intune**. To enable or disable the camera, use the Allow camera policy setting in the Hardware section of a Windows 10 General Configuration policy.|
+|Use of audio recording|Audio recording (by using the Sound Recorder app) can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the Sound Recorder app on your devices.
                    **Group policy**. To disable the Sound Recorder app, use the don't  allow Sound Recorder to run Group Policy setting. You can disable other audio recording apps by using AppLocker policies. To create AppLocker policies, use the information in [Editing an AppLocker Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791894(v=ws.10)) and [Create Your AppLocker Policies](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee791899(v=ws.11)).
                    **Intune**. To enable or disable audio recording, use the Allow voice recording policy setting in the Features section of a Windows 10 General Configuration policy.|
+|Use of screen capture|Screen captures can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the ability to perform screen captures on your devices.
                    **Group policy**. Not available.
                    **Intune**. To enable or disable screen capture, use the Allow screen capture policy setting in the System section of a Windows 10 General Configuration policy.|
+|Use of location services|Providing a device’s location can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the location service on your devices.
                    **Group policy**. To enable or disable location services, use the Turn off location group policy setting in User Configuration\Windows Components\Location and Sensors.
                    **Intune**. To enable or disable location services, use the Allow geolocation policy setting in the Hardware section of a Windows 10 General Configuration policy.|
+|Changing wallpaper|Custom wallpapers can be a source of disclosure or privacy issues in an education environment (if the wallpaper displays information about the user or device). Depending on your institution’s policies, you may want to prevent users from changing the wallpaper on institution-owned devices.
                    **Group policy**. To configure the wallpaper, use the Desktop WallPaper setting in User Configuration\Administrative Templates\Desktop\Desktop.
                    **Intune**. Not available.|
 
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    RecommendationDescription
                    Use of Microsoft accountsYou want faculty and students to use only Azure AD accounts for institution-owned devices. For these devices, do not use Microsoft accounts or associate a Microsoft account with the Azure AD accounts.

                    
-
-**Note**  Personal devices typically use Microsoft accounts. Faculty and students can associate their Microsoft account with their Azure AD account on these devices.

                    
-**Group Policy.** Configure the [Accounts: Block Microsoft accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj966262(v=ws.11)) Group Policy setting to use the **Users can’t add Microsoft accounts** setting option.

                    
-**Intune.** To enable or disable the use of Microsoft accounts, use the **Allow Microsoft account**, **Allow adding non-Microsoft accounts manually**, and **Allow settings synchronization for Microsoft accounts** policy settings under the **Accounts and Synchronization** section of a **Windows 10 General Configuration** policy.
-
-
                    Restrict the local administrator accounts on the devicesEnsure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.

                    
-Group Policy. Create a Local Group Group Policy preference to limit the local administrators group membership. Select the Delete all member users and Delete all member groups check boxes to remove any existing members. For more information about how to configure Local Group preferences, see Configure a Local Group Item.

                    
-Intune. Not available.
-
-
                    Manage the built-in administrator account created during device deploymentWhen you use MDT to deploy Windows 10, the MDT deployment process automatically creates a local Administrator account with the password you specified. As a security best practice, rename the built-in Administrator account and (optionally) disable it.

                    
-Group Policy. To rename the built-in Administrator account, use the Accounts: Rename administrator account Group Policy setting. For more information about how to rename the built-in Administrator account, see To rename the Administrator account using the Group Policy Management Console. You specify the new name for the Administrator account. To disable the built-in Administrator account, use the Accounts: Administrator account status Group Policy setting. For more information about how to disable the built-in Administrator account, see Accounts: Administrator account status.

                    
-Intune. Not available.
-
-
                    Control Microsoft Store accessYou can control access to Microsoft Store and whether existing Microsoft Store apps receive updates. You can only disable the Microsoft Store app in Windows 10 Education and Windows 10 Enterprise.

                    
-Group Policy. To disable the Microsoft Store app, use the Turn off the Store Application group policy setting. To prevent Microsoft Store apps from receiving updates, use the Turn off Automatic Download and Install of updates Group Policy setting. For more information about configuring these settings, see Can I use Group Policy to control the Microsoft Store in my enterprise environment?.

                    
-Intune. To enable or disable Microsoft Store access, use the Allow application store policy setting in the Apps section of a Windows 10 General Configuration policy.
-
-
                    Use of Remote Desktop connections to devicesRemote Desktop connections could allow unauthorized access to the device. Depending on your institution’s policies, you may want to disable Remote Desktop connections on your devices.

                    
-Group Policy. To enable or disable Remote Desktop connections to devices, use the Allow Users to connect remotely using Remote Desktop setting in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections.

                    
-Intune. Not available.
-
-
                    Use of cameraA device’s camera can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the camera on your devices.

                    
-Group Policy. Not available.

                    
-Intune. To enable or disable the camera, use the Allow camera policy setting in the Hardware section of a Windows 10 General Configuration policy.
-
-
                    Use of audio recordingAudio recording (by using the Sound Recorder app) can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the Sound Recorder app on your devices.

                    
-Group Policy. To disable the Sound Recorder app, use the Do not allow Sound Recorder to run Group Policy setting. You can disable other audio recording apps by using AppLocker policies. To create AppLocker policies, use the information in Editing an AppLocker Policy and Create Your AppLocker Policies.

                    
-Intune. To enable or disable audio recording, use the Allow voice recording policy setting in the Features section of a Windows 10 General Configuration policy.
-
-
                    Use of screen captureScreen captures can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the ability to perform screen captures on your devices.

                    
-Group Policy. Not available.

                    
-Intune. To enable or disable screen capture, use the Allow screen capture policy setting in the System section of a Windows 10 General Configuration policy.
-
-
                    Use of location servicesProviding a device’s location can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the location service on your devices.

                    
-Group Policy. To enable or disable location services, use the Turn off location group policy setting in User Configuration\Windows Components\Location and Sensors.

                    
-Intune. To enable or disable location services, use the Allow geolocation policy setting in the Hardware section of a Windows 10 General Configuration policy.
-
-
                    Changing wallpaperCustom wallpapers can be a source of disclosure or privacy issues in an education environment (if the wallpaper displays information about the user or device). Depending on your institution’s policies, you may want to prevent users from changing the wallpaper on institution-owned devices.

                    
-Group Policy. To configure the wallpaper, use the Desktop WallPaper setting in User Configuration\Administrative Templates\Desktop\Desktop.

                    
-Intune. Not available.
-
-
                    
 
                    
 Table 17. Recommended settings for educational institutions
 
 ### Configure settings by using Group Policy
 
-Now, you’re ready to use Group Policy to configure settings. The steps in this section assume that you have an AD DS infrastructure. Here, you configure the Group Policy settings you selected in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section.
+Now, you’re ready to use Group Policy to configure settings. The steps in this section assume that you've an AD DS infrastructure. Here, you configure the Group Policy settings you selected in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section.
 
 For more information about Group Policy, see [Group Policy Planning and Deployment Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754948(v=ws.10)).
 
@@ -1559,39 +1090,38 @@ For more information about Group Policy, see [Group Policy Planning and Deployme
 
 ### Configure settings by using Intune
 
-Now, you’re ready to use Intune to configure settings. The steps in this section assume that you have an Office 365 subscription. Here, you configure the Intune settings that you selected in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section.
+Now, you’re ready to use Intune to configure settings. The steps in this section assume that you've an Office 365 subscription. Here, you configure the Intune settings that you selected in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section.
 
 For more information about Intune, see [Microsoft Intune Documentation](/intune/).
 
 #### To configure Intune settings
 
-1. Add Intune to your Office 365 subscription by completing the steps in [Manage Intune licenses](/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4).
+1. Add Intune to your Office 365 subscription by completing the steps in [Manage Intune licenses](/mem/intune/fundamentals/licenses-assign).
 
-2. Enroll devices with Intune by completing the steps in [Get ready to enroll devices in Microsoft Intune](/intune/deploy-use/get-ready-to-enroll-devices-in-microsoft-intune).
+2. Enroll devices with Intune by completing the steps in [Get ready to enroll devices in Microsoft Intune](/mem/intune/enrollment/quickstart-enroll-windows-device).
 
-3. Configure the settings in Intune Windows 10 policies by completing the steps in [Manage settings and features on your devices with Microsoft Intune policies](/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies).
+3. Configure the settings in Intune Windows 10 policies by completing the steps in [Manage settings and features on your devices with Microsoft Intune policies](/mem/intune/configuration/device-profiles).
 
-4. Manage Windows 10 devices by completing the steps in [Manage Windows PCs with Microsoft Intune](/intune/deploy-use/manage-windows-pcs-with-microsoft-intune).
+4. Manage Windows 10 devices by completing the steps in [Manage Windows PCs with Microsoft Intune](/mem/intune/remote-actions/device-management).
 
 ### Deploy and manage apps by using Intune
 
 If you selected to deploy and manage apps by using Microsoft Endpoint Manager and Intune in a hybrid configuration, then skip this section and continue to the [Deploy and manage apps by using Microsoft Endpoint Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager) section.
 
-You can use Intune to deploy Microsoft Store and Windows desktop apps. Intune provides improved control over which users receive specific apps. In addition, Intune allows you to deploy apps to companion devices (such as Windows 10 Mobile, iOS, or Android devices). Finally, Intune helps you manage app security and features, such as mobile application management policies that let you manage apps on devices that are not enrolled in Intune or that another solution manages.
+You can use Intune to deploy Microsoft Store and Windows desktop apps. Intune provides improved control over which users receive specific apps. In addition, Intune allows you to deploy apps to companion devices (such as iOS or Android devices). Finally, Intune helps you manage app security and features, such as mobile application management policies that let you manage apps on devices that aren't enrolled in Intune or that another solution manages.
 
 For more information about how to configure Intune to manage your apps, see the following resources:
 
-- [Add apps with Microsoft Intune](/intune/deploy-use/add-apps)
-- [Deploy apps with Microsoft Intune](/intune/deploy-use/deploy-apps)
-- [Update apps using Microsoft Intune](/intune/deploy-use/update-apps-using-microsoft-intune)
-- [Protect apps and data with Microsoft Intune](/intune/deploy-use/protect-apps-and-data-with-microsoft-intune)
-- [Help protect your data with full or selective wipe using Microsoft Intune](/intune/deploy-use/use-remote-wipe-to-help-protect-data-using-microsoft-intune)
+- [Add apps with Microsoft Intune](/mem/intune/apps/apps-add)
+- [Deploy apps with Microsoft Intune](/mem/intune/apps/apps-windows-10-app-deploy)
+- [Protect apps and data with Microsoft Intune](/mem/intune/apps/app-protection-policy)
+- [Help protect your data with full or selective wipe using Microsoft Intune](/mem/intune/remote-actions/devices-wipe)
 
 ### Deploy and manage apps by using Microsoft Endpoint Configuration Manager
 
-You can use  Microsoft Endpoint Manager to deploy Microsoft Store and Windows desktop apps. Configuration Manager allows you to create a Configuration Manager application that you can use to deploy apps to different devices (such as Windows 10 desktop, Windows 10 Mobile, iOS, or Android devices) by using *deployment types*. You can think of a Configuration Manager application as a box. You can think of deployment types as one or more sets of installation files and installation instructions within that box.
+You can use  Microsoft Endpoint Manager to deploy Microsoft Store and Windows desktop apps. Configuration Manager allows you to create a Configuration Manager application that you can use to deploy apps to different devices (such as Windows 10 desktop, iOS, or Android devices) by using *deployment types*. You can think of a Configuration Manager application as a box. You can think of deployment types as one or more sets of installation files and installation instructions within that box.
 
-For example, you could create a Skype application that contains a deployment type for Windows 10 desktop, Windows 10 Mobile, iOS, and Android. You can deploy the one application to multiple device types.
+For example, you could create a Skype application that contains a deployment type for Windows 10 desktop, iOS, and Android. You can deploy the one application to multiple device types.
 
 > [!NOTE]
 > When you configure Configuration Manager and Intune in a hybrid model, you deploy apps by using Configuration Manager as described in this section.
@@ -1607,12 +1137,12 @@ If you selected to manage updates by using Configuration Manager and Intune in a
 To help ensure that your users have the most current features and security protection, keep Windows 10 and your apps current with updates. To configure Windows 10 and app updates, use the **Updates** workspace in Intune.
 
 > [!NOTE]
-> You can only manage updates (including antivirus and antimalware updates) for Windows 10 desktop operating systems (not Windows 10 Mobile, iOS, or Android).
+> You can only manage updates (including antivirus and antimalware updates) for Windows 10 desktop operating systems (not iOS or Android).
 
 For more information about how to configure Intune to manage updates and malware protection, see the following resources:
 
-- [Keep Windows PCs up to date with software updates in Microsoft Intune](/intune/deploy-use/keep-windows-pcs-up-to-date-with-software-updates-in-microsoft-intune)
-- [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune)
+- [Keep Windows PCs up to date with software updates in Microsoft Intune](/mem/intune/protect/windows-update-for-business-configure)
+- [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](/mem/intune/protect/endpoint-protection-configure)
 
 ### Manage updates by using Microsoft Endpoint Configuration Manager
 
@@ -1631,18 +1161,18 @@ In this section, you prepared your institution for device management. You identi
 
 ## Deploy Windows 10 to devices
 
-You’re ready to deploy Windows 10 to faculty and student devices. You must complete the steps in this section for each student device in the classrooms as well as for any new student devices you add in the future. You can also perform these actions for any device that’s eligible for a Windows 10 upgrade. This section discusses deploying Windows 10 to new devices, refreshing Windows 10 on existing devices, and upgrading existing devices that are running eligible versions of Windows 8.1 or Windows 7 to Windows 10.
+You’re ready to deploy Windows 10 to faculty and student devices. You must complete the steps in this section for each student device in the classrooms and for any new student devices you add in the future. You can also perform these actions for any device that’s eligible for a Windows 10 upgrade. This section discusses deploying Windows 10 to new devices, refreshing Windows 10 on existing devices, and upgrading existing devices that are running eligible versions of Windows 8.1 or Windows 7 to Windows 10.
 
 ### Prepare for deployment
 
 Prior to deployment of Windows 10, complete the tasks in Table 18. Most of these tasks are already complete, but use this step to make sure.
 
-|Task|   |
-|----|----|
-|1. |Ensure that the target devices have sufficient system resources to run Windows 10.|
-|2. |Identify the necessary devices drivers, and then import them into the MDT deployment share or Microsoft Endpoint Configuration Manager.|
-|3. |For each Microsoft Store and Windows desktop app, create an MDT application or Configuration Manager application.|
-|4. |Notify the students and faculty about the deployment.|
+|    | Task |
+|:---|:---|
+|**1.** |Ensure that the target devices have sufficient system resources to run Windows 10.|
+|**2.** |Identify the necessary devices drivers, and then import them into the MDT deployment share or Microsoft Endpoint Configuration Manager.|
+|**3.** |For each Microsoft Store and Windows desktop app, create an MDT application or Configuration Manager application.|
+|**4.** |Notify the students and faculty about the deployment.|
 
 *Table 18. Deployment preparation checklist*
 
@@ -1668,7 +1198,7 @@ In most instances, deployments occur without incident. Only in rare occasions do
 
 ### Set up printers
 
-After you have deployed Windows 10, the devices are almost ready for use. First, you must set up the printers that each classroom will use. Typically, you connect the printers to the same network as the devices in the same classroom. If you don’t have printers in your classrooms, skip this section and proceed to [Verify deployment](#verify-deployment).
+After you've deployed Windows 10, the devices are almost ready for use. First, you must set up the printers that each classroom will use. Typically, you connect the printers to the same network as the devices in the same classroom. If you don’t have printers in your classrooms, skip this section and proceed to [Verify deployment](#verify-deployment).
 
 > [!NOTE]
 > If you’re performing an upgrade instead of a new deployment, the printers remain configured as they were in the previous version of Windows. As a result, you can skip this section and proceed to [Verify deployment](#verify-deployment).
@@ -1681,7 +1211,7 @@ After you have deployed Windows 10, the devices are almost ready for use. First,
 
 3. Copy the printer drivers to a USB drive.
 
-4. On a device, use the same account you used to set up Windows 10 in the [Prepare for deployment](#prepare-for-deployment) section to log on to the device.
+4. On a device, use the same account you used to set up Windows 10 in the [Prepare for deployment](#prepare-for-deployment) section to sign in to the device.
 
 5. Plug the USB drive into the device.
 
@@ -1703,7 +1233,7 @@ As a final quality control step, verify the device configuration to ensure that
 * All Windows desktop apps are properly installed and updated.
 * Printers are properly configured.
 
-When you have verified that the first device is properly configured, you can move to the next device and perform the same steps.
+When you've verified that the first device is properly configured, you can move to the next device and perform the same steps.
 
 #### Summary
 
@@ -1719,211 +1249,29 @@ After the initial deployment, you need to perform certain tasks to maintain the
 
 Table 19 lists the school and individual classroom maintenance tasks, the resources for performing the tasks, and the schedule (or frequency) on which you should perform the tasks.
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Task and resourcesMonthlyNew semester or academic yearAs required
                    Verify that Windows Update is active and current with operating system and software updates.

                    
-For more information about completing this task when you have:
-
-                    		xxx
                    Verify that Windows Defender is active and current with malware Security intelligence.

                    
-For more information about completing this task, see Turn Windows Defender on or off and Updating Windows Defender.
-                    		xxx
                    Verify that Windows Defender has run a scan in the past week and that no viruses or malware were found.

                    
-For more information about completing this task, see the “How do I find and remove a virus?” topic in Protect my PC from viruses.
-                    		xxx
                    Download and approve updates for Windows 10, apps, device driver, and other software.

                    
-For more information, see:
-
-                    		xxx
                    Verify that you’re using the appropriate Windows 10 servicing options for updates and upgrades (such as selecting whether you want to use Current Branch or Current Branch for Business).

                    
-For more information about Windows 10 servicing options for updates and upgrades, see Windows 10 servicing options.
-                    		xx
                    Refresh the operating system and apps on devices.

                    
-For more information about completing this task, see the following resources:
-
-                    		xx
                    Install any new Windows desktop apps, or update any Windows desktop apps used in the curriculum.

                    
-For more information, see:
-
-                    		xx
                    Install new or update existing Microsoft Store apps used in the curriculum.

                    
-Microsoft Store apps are automatically updated from Microsoft Store. The menu bar in the Microsoft Store app shows whether any Microsoft Store app updates are available for download.

                    
-You can also deploy Microsoft Store apps directly to devices by using Intune, Microsoft Endpoint Configuration Manager, or both in a hybrid configuration. For more information, see:
-
-                    		xx
                    Remove unnecessary user accounts (and corresponding licenses) from AD DS and Office 365 (if you have an on-premises AD DS infrastructure).

                    
-For more information about how to:
-
-                    		xx
                    Add new accounts (and corresponding licenses) to AD DS (if you have an on-premises AD DS infrastructure).

                    
-For more information about how to:
-
-                    		xx
                    Remove unnecessary user accounts (and corresponding licenses) from Office 365 (if you do not have an on-premises AD DS infrastructure).

                    
-For more information about how to:
-
-                    		xx
                    Add new accounts (and corresponding licenses) to Office 365 (if you don’t have an on-premises AD DS infrastructure).

                    
-For more information about how to:
-
-                    		xx
                    Create or modify security groups, and manage group membership in Office 365.

                    
-For more information about how to:
-
-                    		xx
                    Create or modify Exchange Online or Microsoft Exchange Server distribution lists in Office 365.

                    
-For more information about how to create or modify Exchange Online or Exchange Server distribution lists in Office 365, see Create and manage distribution groups and Create, edit, or delete a security group.
-                    		xx
                    Install new student devices.

                    
-Follow the same steps you followed in the Deploy Windows 10 to devices section.
-                    		x
                    
-
                    
+|Task and resources|Monthly|New semester or academic year|As required|
+|--- |--- |--- |--- |
+|Verify that Windows Update is active and current with operating system and software updates.
                    For more information about completing this task when you have:
                  • Intune, see [Keep Windows PCs up to date with software updates in Microsoft Intune](/mem/intune/protect/windows-update-for-business-configure)
                  • Group Policy, see [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb).
                  • WSUS, see [Windows Server Update Services](/windows/deployment/deploy-whats-new).
                    Neither Intune, Group Policy, nor WSUS, see "Install, upgrade, & activate" in Windows 10 help.|✔️|✔️|✔️|
+|Verify that Windows Defender is active and current with malware Security intelligence.
                    For more information about completing this task, see [Turn Windows Defender on or off](/mem/intune/user-help/turn-on-defender-windows) and [Updating Windows Defender](/mem/intune/user-help/turn-on-defender-windows).|✔️|✔️|✔️|
+|Verify that Windows Defender has run a scan in the past week and that no viruses or malware were found.
                    For more information about completing this task, see the “How do I find and remove a virus?” topic in [Protect my PC from viruses](https://support.microsoft.com/help/17228/windows-protect-my-pc-from-viruses).|✔️|✔️|✔️|
+|Download and approve updates for Windows 10, apps, device driver, and other software.
                    For more information, see:
                  • [Manage updates by using Intune](#manage-updates-by-using-intune)
                  • [Manage updates by using Microsoft Endpoint Configuration Manager](#manage-updates-by-using-microsoft-endpoint-configuration-manager)|✔️|✔️|✔️|
+|Verify that you’re using the appropriate Windows 10 servicing options for updates and upgrades (such as selecting whether you want to use Current Branch or Current Branch for Business).
                    For more information about Windows 10 servicing options for updates and upgrades, see [Windows 10 servicing options](/windows/deployment/update/).||✔️|✔️|
+|Refresh the operating system and apps on devices.
                    For more information about completing this task, see the following resources:
                  • [Prepare for deployment](#prepare-for-deployment)
                  • [Capture the reference image](#capture-the-reference-image)
                  • [Deploy Windows 10 to devices](#deploy-windows-10-to-devices)||✔️|✔️|
+|Install any new Windows desktop apps, or update any Windows desktop apps used in the curriculum.
                    For more information, see:
                  • [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune)
                  • [Deploy and manage apps by using Microsoft Endpoint Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager)||✔️|✔️|
+|Install new or update existing Microsoft Store apps used in the curriculum.
                    Microsoft Store apps are automatically updated from Microsoft Store. The menu bar in the Microsoft Store app shows whether any Microsoft Store app updates are available for download.
                    You can also deploy Microsoft Store apps directly to devices by using Intune, Microsoft Endpoint Configuration Manager, or both in a hybrid configuration. 
                    For more information, see:
                  • [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune)
                  • [Deploy and manage apps by using Microsoft Endpoint Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager)||✔️|✔️|
+|Remove unnecessary user accounts (and corresponding licenses) from AD DS and Office 365 (if you've an on-premises AD DS infrastructure).
                    For more information about how to:
                  • Remove unnecessary user accounts, see [Active Directory Administrative Center](/windows-server/identity/ad-ds/get-started/adac/active-directory-administrative-center) 
                  • Remove licenses, see [Add users and assign licenses](/microsoft-365/admin/add-users/add-users)||✔️|✔️|
+|Add new accounts (and corresponding licenses) to AD DS (if you've an on-premises AD DS infrastructure).
                    For more information about how to:
                  • Add user accounts, see [Bulk-import user and group accounts into AD DS](#bulk-import-user-and-group-accounts-into-ad-ds)
                  • Assign licenses, see [Add users and assign licenses](/microsoft-365/admin/add-users/add-users)||✔️|✔️|
+|Remove unnecessary user accounts (and corresponding licenses) from Office 365 (if you don't have an on-premises AD DS infrastructure).
                    For more information about how to:
                  • Remove unnecessary user accounts, see [Delete or restore users](/microsoft-365/admin/add-users/delete-a-user)
                  •  Remove licenses, [Assign or remove licenses for Microsoft 365](/microsoft-365/admin/add-users/add-users).||✔️|✔️|
+|Add new accounts (and corresponding licenses) to Office 365 (if you don’t have an on-premises AD DS infrastructure).
                    For more information about how to:
                  • Add user accounts, see [Add users to Microsoft 365](/microsoft-365/admin/add-users/add-users) and [Add users individually or in bulk to Office 365](https://www.youtube.com/watch?v=zDs3VltTJps).
                  • Assign licenses, see [Add users to Microsoft 365](/microsoft-365/admin/add-users/add-users).||✔️|✔️|
+|Create or modify security groups, and manage group membership in Office 365.
                    For more information about how to:
                  • Create or modify security groups, see [Create a Microsoft 365 group](/microsoft-365/admin/create-groups/create-groups)
                  • Manage group membership, see [Manage Group membership](/microsoft-365/admin/create-groups/add-or-remove-members-from-groups).||✔️|✔️|
+|Create or modify Exchange Online or Microsoft Exchange Server distribution lists in Office 365.
                    For more information about how to create or modify Exchange Online or Exchange Server distribution lists in Office 365, see [Create and manage distribution groups](/exchange/recipients-in-exchange-online/manage-distribution-groups/manage-distribution-groups) and [Create, edit, or delete a security group](/microsoft-365/admin/email/create-edit-or-delete-a-security-group).||✔️|✔️|
+|Install new student devices.
                     Follow the same steps you followed in the[Deploy Windows 10 to devices](#deploy-windows-10-to-devices) section.|||✔️|
 
 *Table 19. School and individual classroom maintenance tasks, with resources and the schedule for performing them*
 
 #### Summary
 
-You have now identified the tasks you need to perform monthly, at the end of an academic year or semester, and as required. Your district and individual school configuration should match the typical school configuration you saw in the [Plan a typical district configuration](#plan-a-typical-district-configuration) section. By performing these maintenance tasks, you help ensure that your district as a whole stays secure and is configured as you specified.
+You've now identified the tasks you need to perform monthly, at the end of an academic year or semester, and as required. Your district and individual school configuration should match the typical school configuration you saw in the [Plan a typical district configuration](#plan-a-typical-district-configuration) section. By performing these maintenance tasks, you help ensure that your district as a whole stays secure and is configured as you specified.
 
 ## Related topics
 
@@ -1936,4 +1284,4 @@ You have now identified the tasks you need to perform monthly, at the end of an
 * [Manage Windows 10 updates and upgrades in a school environment (video)](./index.md)
 * [Reprovision devices at the end of the school year (video)](./index.md)
 * [Use MDT to deploy Windows 10 in a school (video)](./index.md)
-* [Use Microsoft Store for Business in a school environment (video)](./index.md)
\ No newline at end of file
+* [Use Microsoft Store for Business in a school environment (video)](./index.md)
diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
index 7608e698f0..b618ca7b09 100644
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@@ -20,23 +20,23 @@ manager: dansimp
 
 - Windows 10
 
-This guide shows you how to deploy the Windows 10 operating system in a school environment. You learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD); and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. This guide also describes how to use Microsoft Intune and Group Policy to manage devices. Finally, the guide discusses common, ongoing maintenance tasks that you will perform after initial deployment as well as the automated tools and built-in features of the operating system.
+This guide shows you how to deploy the Windows 10 operating system in a school environment. You learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD); and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. This guide also describes how to use Microsoft Intune and Group Policy to manage devices. Finally, the guide discusses common, ongoing maintenance tasks that you'll perform after initial deployment and the automated tools and built-in features of the operating system.
 
 ## Prepare for school deployment
 
-Proper preparation is essential for a successful school deployment. To avoid common mistakes, your first step is to plan a typical school configuration. Just as with building a house, you need a blueprint for what your school should look like when it’s finished. The second step in preparation is to learn how you will configure your school. Just as a builder needs to have the right tools to build a house, you need the right set of tools to deploy your school.
+Proper preparation is essential for a successful school deployment. To avoid common mistakes, your first step is to plan a typical school configuration. As with building a house, you need a blueprint for what your school should look like when it’s finished. The second step in preparation is to learn how you'll configure your school. Just as a builder needs to have the right tools to build a house, you need the right set of tools to deploy your school.
 
 ### Plan a typical school configuration
 
 As part of preparing for your school deployment, you need to plan your configuration—the focus of this guide. Figure 1 illustrates a typical finished school configuration that you can use as a model (the blueprint in our builder analogy) for the finished state.
 
-![fig 1](images/deploy-win-10-school-figure1.png)
+:::image type="content" source="images/deploy-win-10-school-figure1.png" alt-text="A finished school configuration for a Windows client deployment.":::
 
 *Figure 1. Typical school configuration for this guide*
 
 Figure 2 shows the classroom configuration this guide uses.
 
-![fig 2](images/deploy-win-10-school-figure2.png)
+:::image type="content" source="images/deploy-win-10-school-figure2.png" alt-text="See the classroom configuration used in this Windows client deployment guide.":::
 
 *Figure 2. Typical classroom configuration in a school*
 
@@ -54,13 +54,15 @@ This school configuration has the following characteristics:
 - You install the Windows Assessment and Deployment Kit (Windows ADK) on the admin device.
 - You install the 64-bit version of the Microsoft Deployment Toolkit (MDT) 2013 Update 2 on the admin device.
 
-  **Note**  In this guide, all references to MDT refer to the 64-bit version of MDT 2013 Update 2.
+  > [!NOTE]
+  > In this guide, all references to MDT refer to the 64-bit version of MDT 2013 Update 2.
+
 - The devices use Azure AD in Office 365 Education for identity management.
-- If you have on-premises AD DS, you can [integrate Azure AD with on-premises AD DS](/azure/active-directory/hybrid/whatis-hybrid-identity).
                    • 
-- Use [Intune](/mem/intune/), [compliance settings in Office 365](https://support.office.com/en-us/article/Manage-mobile-devices-in-Office-365-dd892318-bc44-4eb1-af00-9db5430be3cd?ui=en-US&rs=en-US&ad=US), or [Group Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725828(v=ws.10)?f=255&MSPPError=-2147217396) in AD DS to manage devices.
+- If you've on-premises AD DS, you can [integrate Azure AD with on-premises AD DS](/azure/active-directory/hybrid/whatis-hybrid-identity).
+- Use [Intune](/mem/intune/), [Set up Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/set-up), or Group Policy in AD DS to manage devices.
 - Each device supports a one-student-per-device or multiple-students-per-device scenario.
 - The devices can be a mixture of different make, model, and processor architecture (32 bit or 64 bit) or be identical.
-- To initiate Windows 10 deployment, use a USB flash drive, DVD-ROM or CD-ROM, or Pre-Boot Execution Environment Boot (PXE Boot).
+- To start a Windows 10 deployment, use a USB flash drive, DVD-ROM or CD-ROM, or Pre-Boot Execution Environment Boot (PXE Boot).
 - The devices can be a mixture of different Windows 10 editions, such as Windows 10 Home, Windows 10 Pro, and Windows 10 Education.
 
 Office 365 Education allows:
@@ -72,47 +74,47 @@ Office 365 Education allows:
 - Students and faculty to use email and calendars, with mailboxes up to 50 GB per user.
 - Faculty to use advanced email features like email archiving and legal hold capabilities.
 - Faculty to help prevent unauthorized users from accessing documents and email by using Azure Rights Management.
-- Faculty to use advanced compliance tools on the unified eDiscovery pages in the Office 365 Compliance Center.
+- Faculty to use advanced compliance tools on the unified eDiscovery pages in the Microsoft Purview compliance portal.
 - Faculty to host online classes, parent–teacher conferences, and other collaboration in Skype for Business or Skype.
 - Students and faculty to access up to 1 TB of personal cloud storage that users inside and outside the educational institution can share through OneDrive for Business.
 - Teachers to provide collaboration in the classroom through Microsoft SharePoint Online team sites.
 - Students and faculty to use Office 365 Video to manage videos.
 - Students and faculty to use Yammer to collaborate through private social networking.
-- Students and faculty to access classroom resources from anywhere on any device (including Windows 10 Mobile, iOS, and Android devices).
+- Students and faculty to access classroom resources from anywhere on any device (including iOS and Android devices).
 
-For more information about Office 365 Education features and a FAQ, go to [Office 365 Education](https://products.office.com/en-us/academic).
+For more information about Office 365 Education features and a FAQ, go to [Office 365 Education](https://www.microsoft.com/microsoft-365/academic/compare-office-365-education-plans).
 
 ## How to configure a school
 
-Now that you have the plan (blueprint) for your classroom, you’re ready to learn about the tools you will use to deploy it. There are many tools you could use to accomplish the task, but this guide focuses on using those tools that require the least infrastructure and technical knowledge.
+Now that you've the plan (blueprint) for your classroom, you’re ready to learn about the tools you'll use to deploy it. There are many tools you could use to accomplish the task, but this guide focuses on using those tools that require the least infrastructure and technical knowledge.
 
-The primary tool you will use to deploy Windows 10 in your school is MDT, which uses Windows ADK components to make deployment easier. You could just use the Windows ADK to perform your deployment, but MDT simplifies the process by providing an intuitive, wizard-driven user interface (UI).
+The primary tool you'll use to deploy Windows 10 in your school is MDT, which uses Windows ADK components to make deployment easier. You could just use the Windows ADK to perform your deployment, but MDT simplifies the process by providing an intuitive, wizard-driven user interface (UI).
 
 You can use MDT as a stand-alone tool or integrate it with Microsoft Endpoint Configuration Manager. As a stand-alone tool, MDT performs Lite Touch Installation (LTI) deployments—deployments that require minimal infrastructure and allow you to control the level of automation. When integrated with Configuration Manager, MDT performs Zero Touch Installation (ZTI) deployments, which require more infrastructure (such as Configuration Manager) but result in fully automated deployments.
 
-MDT includes the Deployment Workbench—a console from which you can manage the deployment of Windows 10 and your apps. You configure the deployment process in the Deployment Workbench, including the management of operating systems, device drivers, apps and migration of user settings on existing devices. 
+MDT includes the Deployment Workbench—a console from which you can manage the deployment of Windows 10 and your apps. You configure the deployment process in the Deployment Workbench, including the management of operating systems, device drivers, apps, and migration of user settings on existing devices. 
 
-LTI performs deployment from a *deployment share*—a network-shared folder on the device where you installed MDT. You can perform over-the-network deployments from the deployment share or perform deployments from a local copy of the deployment share on a USB drive or DVD. You will learn more about MDT in the [Prepare the admin device](#prepare-the-admin-device) section.
+LTI performs deployment from a *deployment share*—a network-shared folder on the device where you installed MDT. You can perform over-the-network deployments from the deployment share or perform deployments from a local copy of the deployment share on a USB drive or DVD. You'll learn more about MDT in the [Prepare the admin device](#prepare-the-admin-device) section.
 
-The focus of MDT is deployment, so you also need tools that help you manage your Windows 10 devices and apps. You can manage Windows 10 devices and apps with Intune, the Compliance Management feature in Office 365, or Group Policy in AD DS. You can use any combination of these tools based on your school requirements.
+The focus of MDT is deployment, so you also need tools that help you manage your Windows 10 devices and apps. You can manage Windows 10 devices and apps with [Microsoft Endpoint Manager](/mem/), the Compliance Management feature in Office 365, or Group Policy in AD DS. You can use any combination of these tools based on your school requirements.
 
 The configuration process requires the following devices:
 
 - **Admin device.** This is the device you use for your day-to-day job functions. It’s also the one you use to create and manage the Windows 10 and app deployment process. You install the Windows ADK and MDT on this device.
 - **Faculty devices.** These are the devices that the teachers and other faculty use for their day-to-day job functions. You use the admin device to deploy (or upgrade) Windows 10 and apps to these devices.
-- **Student devices.** The students will use these devices. You will use the admin device deploy (or upgrade) Windows 10 and apps to them.
+- **Student devices.** The students will use these devices. You'll use the admin device deploy (or upgrade) Windows 10 and apps to them.
 
 The high-level process for deploying and configuring devices within individual classrooms and the school as a whole is as follows and illustrated in Figure 3:
 
 1. Prepare the admin device for use, which includes installing the Windows ADK and MDT.
-2. On the admin device, create and configure the Office 365 Education subscription that you will use for each classroom in the school.
-3. On the admin device, configure integration between on-premises AD DS and Azure AD (if you have an on premises AD DS configuration).
+2. On the admin device, create and configure the Office 365 Education subscription that you'll use for each classroom in the school.
+3. On the admin device, configure integration between on-premises AD DS and Azure AD (if you've an on premises AD DS configuration).
 4. On the admin device, create and configure a Microsoft Store for Business portal.
 5. On the admin device, prepare for management of the Windows 10 devices after deployment.
 6. On the student and faculty devices, deploy Windows 10 to new or existing devices, or upgrade eligible devices to Windows 10.
 7. On the admin device, manage the Windows 10 devices and apps, the Office 365 subscription, and the AD DS and Azure AD integration.
 
-![fig 3](images/deploy-win-10-school-figure3.png)
+:::image type="content" source="images/deploy-win-10-school-figure3.png" alt-text="See the high level process of configuring Windows client devices in a classroom and the school":::
 
 *Figure 3. How school configuration works*
 
@@ -136,7 +138,7 @@ When you install the Windows ADK on the admin device, select the following featu
 - Windows Preinstallation Environment (Windows PE)
 - User State Migration Tool (USMT)
 
-For more information about installing the Windows ADK, see [Step 2-2: Install the Windows ADK](/mem/configmgr/mdt/lite-touch-installation-guide?f=255&MSPPError=-2147217396#InstallWindowsADK).
+For more information about installing the Windows ADK, see [Step 2-2: Install the Windows ADK](/mem/configmgr/mdt/lite-touch-installation-guide#InstallWindowsADK).
 
 ### Install MDT
 
@@ -144,7 +146,8 @@ Next, install MDT. MDT uses the Windows ADK to help you manage and perform Windo
 
 You can use MDT to deploy 32-bit or 64-bit versions of Windows 10. Install the 64-bit version of MDT to support deployment of 32-bit and 64-bit operating systems.
 
-**Note**  If you install the 32-bit version of MDT, you can install only 32-bit versions of Windows 10. Ensure that you download and install the 64-bit version of MDT so that you can install 64-bit and 32 bit versions of the operating system.
+> [!NOTE]
+> If you install the 32-bit version of MDT, you can install only 32-bit versions of Windows 10. Ensure that you download and install the 64-bit version of MDT so that you can install 64-bit and 32-bit versions of the operating system.
 
 For more information about installing MDT on the admin device, see [Installing a New Instance of MDT](/mem/configmgr/mdt/use-the-mdt#InstallingaNewInstanceofMDT).
 
@@ -154,100 +157,83 @@ Now, you’re ready to create the MDT deployment share and populate it with the
 
 MDT includes the Deployment Workbench, a graphical user interface that you can use to manage MDT deployment shares. A deployment share is a shared folder that contains all the MDT deployment content. The LTI Deployment Wizard accesses the deployment content over the network or from a local copy of the deployment share (known as MDT deployment media).
 
-For more information about how to create a deployment share, see [Step 3-1: Create an MDT Deployment Share](/mem/configmgr/mdt/lite-touch-installation-guide?f=255&MSPPError=-2147217396#CreateMDTDeployShare).
+For more information about how to create a deployment share, see [Step 3-1: Create an MDT Deployment Share](/mem/configmgr/mdt/lite-touch-installation-guide#step-3-configure-mdt-to-create-the-reference-computer).
 
 ### Summary
 
-In this section, you installed the Windows ADK and MDT on the admin device. You also created the MDT deployment share that you will configure and use later in the LTI deployment process.
+In this section, you installed the Windows ADK and MDT on the admin device. You also created the MDT deployment share that you'll configure and use later in the LTI deployment process.
 
 ## Create and configure Office 365
 
 Office 365 is one of the core components of your classroom environment. You create and manage student identities in Office 365, and students and teachers use the suite as their email, contacts, and calendar system. Teachers and students use Office 365 collaboration features such as SharePoint, OneNote, and OneDrive for Business.
 
-As a first step in deploying your classroom, create an Office 365 Education subscription, and then configure Office 365 for the classroom. For more information about Office 365 Education deployment, see [School deployment of Office 365 Education](https://www.microsoft.com/education/products/office-365-deployment-resources/default.aspx).
+As a first step in deploying your classroom, create an Office 365 Education subscription, and then configure Office 365 for the classroom. For more information about Office 365 Education deployment, see [School deployment of Office 365 Education](https://www.microsoft.com/education/products/office).
 
 ### Select the appropriate Office 365 Education license plan
 
 Complete the following steps to select the appropriate Office 365 Education license plan for your school:
 
-
                      
-
                    1. Determine the number of faculty members and students who will use the classroom.
                      Office 365 Education licensing plans are available specifically for faculty and students. You must assign faculty and students the correct licensing plan.
-
                      2. 
-
                    2. Determine the faculty members and students who need to install Office applications on devices (if any). Faculty and students can use Office applications online (standard plans) or run them locally (Microsoft 365 Apps for enterprise plans). Table 1 lists the advantages and disadvantages of standard and Microsoft 365 Apps for enterprise plans.
                      3. 
-
                      
-Table 1. Comparison of standard and Microsoft Microsoft 365 Apps for enterprise plans
-
                      
-
-----
-
-
-
-
-
-
-
-
-
-
+- Determine the number of faculty members and students who will use the classroom. Office 365 Education licensing plans are available specifically for faculty and students. You must assign faculty and students the correct licensing plan.
+
+- Determine the faculty members and students who need to install Office applications on devices (if any). Faculty and students can use Office applications online (standard plans) or run them locally (Microsoft 365 Apps for enterprise plans). Table 1 lists the advantages and disadvantages of standard and Microsoft 365 Apps for enterprise plans.
+
+*Table 1. Comparison of standard and Microsoft 365 Apps for enterprise plans*
+
+---
+| Plan | Advantages | Disadvantages |
+| --- | --- | --- |
+| Standard | - Less expensive than Microsoft 365 Apps for enterprise 
                      - Can be run from any device 
                      - No installation necessary | - Must have an Internet connection to use it
                      - Doesn't support all the features found in Microsoft 365 Apps for enterprise |
+| Office ProPlus | - Only requires an Internet connection every 30 days (for activation)
                      - Supports full set of Office features | - Requires installation 
                      - Can be installed on only five devices per user (there's no limit to the number of devices on which you can run Office apps online) |
+
+---
 
-
-
                      




                      PlanAdvantagesDisadvantages
                      Standard
                      • Less expensive than Microsoft 365 Apps for enterprise
                      • Can be run from any device
                      • No installation necessary
                      • Must have an Internet connection to use it
                      • Does not support all the features found in Microsoft 365 Apps for enterprise
                      Office ProPlus
                      • Only requires an Internet connection every 30 days (for activation)
                      • Supports full set of Office features
                      • Requires installation
                      • Can be installed on only five devices per user (there is no limit to the number of devices on which you can run Office apps online)
                      
-
                      
 The best user experience is to run Microsoft 365 Apps for enterprise or use native Office apps on mobile devices. If neither of these options is available, use Office applications online. In addition, all Office 365 plans provide a better user experience by storing documents in OneDrive for Business, which is included in all Office 365 plans. OneDrive for Business keeps content in sync among devices and helps ensure that users always have access to their documents on any device.
-
                      
-
                    3. Determine whether students or faculty need Azure Rights Management.
                      You can use Azure Rights Management to protect classroom information against unauthorized access. Azure Rights Management protects your information inside or outside the classroom through encryption, identity, and authorization policies, securing your files and email. You can retain control of the information, even when it’s shared with people outside the classroom or your educational institution. Azure Rights Management is free to use with all Office 365 Education license plans. For more information, see Azure Rights Management.
                      4. 
-
                    4. Record the Office 365 Education license plans needed for the classroom in Table 2.

                      
+
+- Determine whether students or faculty need Azure Rights Management.
+
+  You can use Azure Rights Management to protect classroom information against unauthorized access. Azure Rights Management protects your information inside or outside the classroom through encryption, identity, and authorization policies, securing your files and email. You can retain control of the information, even when it’s shared with people outside the classroom or your educational institution. Azure Rights Management is free to use with all Office 365 Education license plans. For more information, see [Azure Rights Management](/information-protection/).
+
+- Record the Office 365 Education license plans needed for the classroom in Table 2.
 
 *Table 2. Office 365 Education license plans needed for the classroom*
-
                      
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                      



                      QuantityPlan
                      Office 365 Education for students
                      Office 365 Education for faculty
                      Azure Rights Management for students
                      Azure Rights Management for faculty
                      
-
                      
-You will use the Office 365 Education license plan information you record in Table 2 in the Create user accounts in Office 365 section of this guide.
                    
+
+---
+| Quantity | Plan |
+| --- | --- |
+| | Office 365 Education for students |
+| | Office 365 Education for faculty |
+| | Azure Rights Management for students |
+| | Azure Rights Management for faculty |
+
+---
+
+You'll use the Office 365 Education license plan information you record in Table 2 in the [Create user accounts in Office 365](#create-user-accounts-in-office-365) section of this guide.
 
 ### Create a new Office 365 Education subscription
 
 To create a new Office 365 Education subscription for use in the classroom, use your educational institution’s email account. There are no costs to you or to students for signing up for Office 365 Education subscriptions.
 
-**Note**  If you already have an Office 365 Education subscription, you can use that subscription and continue to the next section, [Add domains and subdomains](#add-domains-and-subdomains).
+> [!NOTE]
+> If you already have an Office 365 Education subscription, you can use that subscription and continue to the next section, [Add domains and subdomains](#add-domains-and-subdomains).
 
 #### To create a new Office 365 subscription
 
 1. In Microsoft Edge or Internet Explorer, type `https://portal.office.com/start?sku=faculty` in the address bar.
 
-   **Note**  If you have already used your current sign-in account to create a new Office 365 subscription, you will be prompted to sign in. If you want to create a new Office 365 subscription, start an In-Private Window in one of the following:
-   - Microsoft Edge by opening the Microsoft Edge app, either pressing Ctrl+Shift+P or clicking or tapping **More actions**, and then clicking or tapping **New InPrivate window**.
-   - Internet Explorer 11 by opening Internet Explorer 11, either pressing Ctrl+Shift+P or clicking or tapping **Settings**, clicking or tapping **Safety**, and then clicking or tapping **InPrivate Browsing**.
+    If you've already used your current sign-in account to create a new Office 365 subscription, you'll be prompted to sign in. If you want to create a new Office 365 subscription, start an In-Private Window. Your options:
 
-2. On the **Get started** page, type your school email address in the **Enter your school email address** box, and then click **Sign up**. You will receive an email in your school email account.
+    - In Microsoft Edge, select Ctrl+Shift+N. Or, select **More actions** > **New InPrivate window**.
+    - In Internet Explorer,  select Ctrl+Shift+P. Or, select **Settings** > **Safety** > **InPrivate Browsing**.
+
+2. On the **Get started** page, type your school email address in the **Enter your school email address** box, and then click **Sign up**. You'll receive an email in your school email account.
 3. Click the hyperlink in the email in your school email account.
-4. On the **One last thing** page, complete your user information, and then click **Start**. The wizard creates your new Office 365 Education subscription, and you are automatically signed in as the administrative user you specified when you created the subscription.
+4. On the **One last thing** page, complete your user information, and then click **Start**. The wizard creates your new Office 365 Education subscription, and you're automatically signed in as the administrative user you specified when you created the subscription.
 
 ### Add domains and subdomains
 
-Now that you have created your new Office 365 Education subscription, add the domains and subdomains that your institution uses. For example, if your institution has contoso.edu as the primary domain name but you have subdomains for students or faculty (such as students.contoso.edu and faculty.contoso.edu), then you need to add the subdomains.
+Now that you've created your new Office 365 Education subscription, add the domains and subdomains that your institution uses. For example, if your institution has `contoso.edu` as the primary domain name but you've subdomains for students or faculty (such as students.contoso.edu and faculty.contoso.edu), then you need to add the subdomains.
 
-#### To add additional domains and subdomains
+#### To add more domains and subdomains
 
 1. In the admin center, in the list view, click **DOMAINS**.
 2. In the details pane, above the list of domains, on the menu bar, click **Add domain**.
@@ -260,55 +246,60 @@ Now that you have created your new Office 365 Education subscription, add the do
 
 To make it easier for faculty and students to join your Office 365 Education subscription (or *tenant*), allow them to automatically sign up to your tenant (*automatic tenant join*). In automatic tenant join, when a faculty member or student signs up for Office 365, Office 365 automatically adds (joins) the user to your Office 365 tenant.
 
-**Note**  By default, automatic tenant join is enabled in Office 365 Education, with the exception of certain areas in Europe, the Middle East, and Africa. These countries require opt-in steps to add new users to existing Office 365 tenants. Check your country requirements to determine the automatic tenant join default configuration. Also, if you use Azure AD Connect, then automatic tenant join is disabled.
+> [!NOTE]
+> By default, automatic tenant join is enabled in Office 365 Education, except for certain areas in Europe, the Middle East, and Africa. These countries require opt-in steps to add new users to existing Office 365 tenants. Check your country requirements to determine the automatic tenant join default configuration. Also, if you use Azure AD Connect, then automatic tenant join is disabled.
 
 Office 365 uses the domain portion of the user’s email address to know which Office 365 tenant to join. For example, if a faculty member or student provides an email address of user@contoso.edu, then Office 365 automatically performs one of the following tasks:
 
 - If an Office 365 tenant with that domain name (contoso.edu) exists, Office 365 automatically adds the user to that tenant.
-- If an Office 365 tenant with that domain name (contoso.edu) does not exists, Office 365 automatically creates a new Office 365 tenant with that domain name and adds the user to it.
+- If an Office 365 tenant with that domain name (contoso.edu) doesn't exists, Office 365 automatically creates a new Office 365 tenant with that domain name and adds the user to it.
 
-You will always want faculty and students to join the Office 365 tenant that you created. Ensure that you perform the steps in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) and [Add domains and subdomains](#add-domains-and-subdomains) sections before allowing other faculty and students to join Office 365.
+You'll always want faculty and students to join the Office 365 tenant that you created. Ensure that you perform the steps in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) and [Add domains and subdomains](#add-domains-and-subdomains) sections before allowing other faculty and students to join Office 365.
 
-**Note**  You cannot merge multiple tenants, so any faculty or students who create their own tenant will need to abandon their existing tenant and join yours.
+> [!NOTE]
+> You can't  merge multiple tenants, so any faculty or students who create their own tenant will need to abandon their existing tenant and join yours.
 
-All new Office 365 Education subscriptions have automatic tenant join enabled by default, but you can enable or disable automatic tenant join by using the Windows PowerShell commands in Table 3. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](https://support.office.com/en-us/article/Office-365-Education-Self-Sign-up-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US#BKMK_PreventJoins).
+All new Office 365 Education subscriptions have automatic tenant join enabled by default, but you can enable or disable automatic tenant join by using the Windows PowerShell commands in Table 3. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](/microsoft-365/education/deploy/office-365-education-self-sign-up#how-can-i-prevent-students-from-joining-my-existing-office-365-tenant).
 
 *Table 3. Windows PowerShell commands to enable or disable Automatic Tenant Join*
 
-
+---
 | Action  |                Windows PowerShell command                 |
 |---------|-----------------------------------------------------------|
 | Enable  | `Set-MsolCompanySettings -AllowEmailVerifiedUsers $true`  |
 | Disable | `Set-MsolCompanySettings -AllowEmailVerifiedUsers $false` |
 
-
                    
-Note  If your institution has AD DS, then disable automatic tenant join. Instead, use Azure AD integration with AD DS to add users to your Office 365 tenant.
+---
+
+> [!NOTE]
+> If your institution has AD DS, then disable automatic tenant join. Instead, use Azure AD integration with AD DS to add users to your Office 365 tenant.
 
 ### Disable automatic licensing
 
-To reduce your administrative effort, automatically assign Office 365 Education or Office 365 Education Plus licenses to faculty and students when they sign up (automatic licensing). Automatic licensing also enables Office 365 Education or Office 365 Education Plus features that do not require administrative approval.
+To reduce your administrative effort, automatically assign Office 365 Education or Office 365 Education Plus licenses to faculty and students when they sign up (automatic licensing). Automatic licensing also enables Office 365 Education or Office 365 Education Plus features that don't require administrative approval.
 
-**Note**  By default, automatic licensing is enabled in Office 365 Education. If you want to use automatic licensing, then skip this section and go to the next section.
+> [!NOTE]
+> By default, automatic licensing is enabled in Office 365 Education. If you want to use automatic licensing, then skip this section and go to the next section.
 
-Although all new Office 365 Education subscriptions have automatic licensing enabled by default, you can enable or disable it for your Office 365 tenant by using the Windows PowerShell commands in Table 4. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](https://support.office.com/en-us/article/Office-365-Education-Self-Sign-up-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US#BKMK_PreventJoins).
+Although all new Office 365 Education subscriptions have automatic licensing enabled by default, you can enable or disable it for your Office 365 tenant by using the Windows PowerShell commands in Table 4. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](/microsoft-365/education/deploy/office-365-education-self-sign-up#how-can-i-prevent-students-from-joining-my-existing-office-365-tenant).
 
 *Table 4. Windows PowerShell commands to enable or disable automatic licensing*
 
-
+---
 | Action  |                Windows PowerShell command                 |
 |---------|-----------------------------------------------------------|
 | Enable  | `Set-MsolCompanySettings -AllowAdHocSubscriptions $true`  |
 | Disable | `Set-MsolCompanySettings -AllowAdHocSubscriptions $false` |
 
-
                    
+---
 
 ### Enable Azure AD Premium
 
-When you create your Office 365 subscription, you create an Office 365 tenant that includes an Azure AD directory. Azure AD is the centralized repository for all your student and faculty accounts in Office 365, Intune, and other Azure AD–integrated apps. Azure AD is available in Free, Basic, and Premium editions. Azure AD Free, which is included in Office 365 Education, has fewer features than Azure AD Basic, which in turn has fewer features than Azure AD Premium.
+When you create your Office 365 subscription, you create an Office 365 tenant that includes an Azure AD directory. Azure AD is the centralized repository for all your student and faculty accounts in Office 365, Intune, and other Azure AD–integrated apps. Azure AD has different editions, which may include Office 365 Education. For more information, see [Introduction to Azure Active Directory Tenants](/microsoft-365/education/deploy/intro-azure-active-directory).
 
 Educational institutions can obtain Azure AD Basic edition licenses at no cost. After you obtain your licenses, activate your Azure AD access by completing the steps in [Step 3: Activate your Azure Active Directory access](/azure/active-directory/fundamentals/active-directory-get-started-premium#step-3-activate-your-azure-active-directory-access).
 
-The Azure AD Premium features that are not in Azure AD Basic include:
+The Azure AD Premium features that aren't in Azure AD Basic include:
 
 - Allow designated users to manage group membership
 - Dynamic group membership based on user metadata
@@ -322,31 +313,32 @@ The Azure AD Premium features that are not in Azure AD Basic include:
 
 You can assign Azure AD Premium licenses to the users who need these features. For example, you may want the users who have access to confidential student information to use MFA. In this example, you could assign Azure AD Premium to only those users.
 
-You can sign up for Azure AD Premium, and then assign licenses to users. In this section, you sign up for Azure AD Premium. You will assign Azure AD Premium licenses to users later in the deployment process.
+You can sign up for Azure AD Premium, and then assign licenses to users. In this section, you sign up for Azure AD Premium. You'll assign Azure AD Premium licenses to users later in the deployment process.
 
-For more information about:
+For more information, see:
 
-- Azure AD editions and the features in each, see [Azure Active Directory editions](/azure/active-directory/fundamentals/active-directory-whatis).
-- How to enable Azure AD premium, see [Associate an Azure AD directory with a new Azure subscription](/previous-versions/azure/azure-services/jj573650(v=azure.100)#create_tenant3).
+- [Azure Active Directory licenses](/azure/active-directory/fundamentals/active-directory-whatis)
+- [Sign up for Azure Active Directory Premium](/azure/active-directory/fundamentals/active-directory-get-started-premium)
 
 ### Summary
-You provision and initially configure Office 365 Education as part of the initial configuration. With the subscription in place, automatic tenant join configured, automatic licensing established, and Azure AD Premium enabled (if required), you’re ready to select the method you will use to create user accounts in Office 365.
+You provision and initially configure Office 365 Education as part of the initial configuration. With the subscription in place, automatic tenant join configured, automatic licensing established, and Azure AD Premium enabled (if necessary), you’re ready to select the method you'll use to create user accounts in Office 365.
 
 ## Select an Office 365 user account–creation method
 
 
-Now that you have an Office 365 subscription, you need to determine how you will create your Office 365 user accounts. Use the following methods to create Office 365 user accounts:
+Now that you've an Office 365 subscription, you need to determine how you'll create your Office 365 user accounts. Use the following methods to create Office 365 user accounts:
 
-- **Method 1:** Automatically synchronize your on-premises AD DS domain with Azure AD. Select this method if you have an on-premises AD DS domain.
+- **Method 1:** Automatically synchronize your on-premises AD DS domain with Azure AD. Select this method if you've an on-premises AD DS domain.
 - **Method 2:** Bulk-import the user accounts from a .csv file (based on information from other sources) into Azure AD. Select this method if you don’t have an on-premises AD DS domain.
 
 ### Method 1: Automatic synchronization between AD DS and Azure AD
 
-In this method, you have an on-premises AD DS domain. As shown in Figure 4, the Azure AD Connector tool automatically synchronizes AD DS with Azure AD. When you add or change any user accounts in AD DS, the Azure AD Connector tool automatically updates Azure AD.
+In this method, you've an on-premises AD DS domain. As shown in Figure 4, the Azure AD Connector tool automatically synchronizes AD DS with Azure AD. When you add or change any user accounts in AD DS, the Azure AD Connector tool automatically updates Azure AD.
 
-**Note**  Azure AD Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [Generic LDAP Connector for FIM 2010 R2 Technical Reference](/previous-versions/mim/dn510997(v=ws.10)?f=255&MSPPError=-2147217396).
+> [!NOTE]
+> Azure AD Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [LDAP synchronization with Azure Active Directory](/azure/active-directory/fundamentals/sync-ldap).
 
-![fig 4](images/deploy-win-10-school-figure4.png)
+:::image type="content" source="images/deploy-win-10-school-figure4.png" alt-text="See the automatic synchronization between Active Directory Directory Services and Azure AD.":::
 
 *Figure 4. Automatic synchronization between AD DS and Azure AD*
 
@@ -354,9 +346,9 @@ For more information about how to perform this step, see the [Integrate on-premi
 
 ### Method 2: Bulk import into Azure AD from a .csv file
 
-In this method, you have no on-premises AD DS domain. As shown in Figure 5, you manually prepare a .csv file with the student information from your source, and then manually import the information directly into Azure AD. The .csv file must be in the format that Office 365 specifies.
+In this method, you've no on-premises AD DS domain. As shown in Figure 5, you manually prepare a `.csv` file with the student information from your source, and then manually import the information directly into Azure AD. The `.csv` file must be in the format that Office 365 specifies.
 
-![fig 5](images/deploy-win-10-school-figure5.png)
+:::image type="content" source="images/deploy-win-10-school-figure5.png" alt-text="Create a csv file with student information, and import the csv file into Azure AD.":::
 
 *Figure 5. Bulk import into Azure AD from other sources*
 
@@ -373,7 +365,8 @@ In this section, you selected the method for creating user accounts in your Offi
 
 You can integrate your on-premises AD DS domain with Azure AD to provide identity management for your Office 365 tenant. With this integration, you can synchronize the users, security groups, and distribution lists in your AD DS domain with Azure AD with the Azure AD Connect tool. Users will be able to sign in to Office 365 automatically by using their email account and the same password they use to sign in to AD DS.
 
-**Note**  If your institution does not have an on-premises AD DS domain, you can skip this section.
+> [!NOTE]
+> If your institution doesn't have an on-premises AD DS domain, you can skip this section.
 
 ### Select synchronization model
 
@@ -381,15 +374,15 @@ Before you deploy AD DS and Azure AD synchronization, you need to determine wher
 
 You can deploy the Azure AD Connect tool by using one of the following methods:
 
-- **On premises.** As shown in Figure 6, Azure AD Connect runs on premises, which has the advantage of not requiring a virtual private network (VPN) connection to Azure. It does, however, require a virtual machine (VM) or physical server.
+- **On premises**: As shown in Figure 6, Azure AD Connect runs on premises, which have the advantage of not requiring a virtual private network (VPN) connection to Azure. It does, however, require a virtual machine (VM) or physical server.
 
-  ![fig 6](images/deploy-win-10-school-figure6.png)
+  :::image type="content" source="images/deploy-win-10-school-figure6.png" alt-text="Azure AD Connect runs on-premises and uses a virtual machine.":::
 
   *Figure 6. Azure AD Connect on premises*
 
-- **In Azure**. As shown in Figure 7, Azure AD Connect runs on a VM in Azure AD, which has the advantages of being faster to provision (than a physical, on-premises server), offers better site availability, and helps reduce the number of on-premises servers. The disadvantage is that you need to deploy a VPN gateway on premises.
+- **In Azure**: As shown in Figure 7, Azure AD Connect runs on a VM in Azure AD which has the advantages of being faster to provision (than a physical, on-premises server), offers better site availability, and helps reduce the number of on-premises servers. The disadvantage is that you need to deploy a VPN gateway on premises.
 
-  ![fig 7](images/deploy-win-10-school-figure7.png)
+  :::image type="content" source="images/deploy-win-10-school-figure7.png" alt-text="Azure AD Connect runs on a VM in Azure AD, and uses a VPN gateway on-premises.":::
 
   *Figure 7. Azure AD Connect in Azure*
 
@@ -401,12 +394,12 @@ In this synchronization model (illustrated in Figure 6), you run Azure AD Connec
 
 #### To deploy AD DS and Azure AD synchronization
 
-1. Configure your environment to meet the prerequisites for installing Azure AD Connect by performing the steps in [Prerequisites for Azure AD Connect](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect-prerequisites/).
+1. Configure your environment to meet the prerequisites for installing Azure AD Connect by performing the steps in [Prerequisites for Azure AD Connect](/azure/active-directory/hybrid/how-to-connect-install-prerequisites).
 2. On the VM or physical device that will run Azure AD Connect, sign in with a domain administrator account.
-3. Install Azure AD Connect by performing the steps in [Install Azure AD Connect](/azure/active-directory/hybrid/whatis-hybrid-identity#install-azure-ad-connect).
-4. Configure Azure AD Connect features based on your institution’s requirements by performing the steps in [Configure features](/azure/active-directory/hybrid/whatis-hybrid-identity#configure-sync-features).
+3. Install Azure AD Connect by performing the steps in [Install Azure AD Connect](/azure/active-directory/hybrid/how-to-connect-install-select-installation).
+4. Configure Azure AD Connect features based on your institution’s requirements. For more information, see [Azure AD Connect sync: Understand and customize synchronization](/azure/active-directory/hybrid/how-to-connect-sync-whatis).
 
-Now that you have used on premises Azure AD Connect to deploy AD DS and Azure AD synchronization, you’re ready to verify that Azure AD Connect is synchronizing AD DS user and group accounts with Azure AD.
+Now that you've used on premises Azure AD Connect to deploy AD DS and Azure AD synchronization, you’re ready to verify that Azure AD Connect is synchronizing AD DS user and group accounts with Azure AD.
 
 ### Verify synchronization
 
@@ -414,7 +407,7 @@ Azure AD Connect should start synchronization immediately. Depending on the numb
 
 #### To verify AD DS and Azure AD synchronization
 
-1. Open https://portal.office.com in your web browser.
+1. In your web browser, go to [https://portal.office.com](https://portal.office.com).
 2. Using the administrative account that you created in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) section, sign in to Office 365.
 3. In the list view, expand **USERS**, and then click **Active Users**.
 4. In the details pane, view the list of users. The list of users should mirror the users in AD DS.
@@ -424,7 +417,7 @@ Azure AD Connect should start synchronization immediately. Depending on the numb
 8. The list of security group members should mirror the group membership for the corresponding security group in AD DS.
 9. Close the browser.
 
-Now that you have verified Azure AD Connect synchronization, you’re ready to assign user licenses for Azure AD Premium.
+Now that you've verified Azure AD Connect synchronization, you’re ready to assign user licenses for Azure AD Premium.
 
 ### Summary
 
@@ -434,7 +427,8 @@ In this section, you selected your synchronization model, deployed Azure AD Conn
 
 You can bulk-import user and group accounts into your on-premises AD DS domain. Bulk-importing accounts helps reduce the time and effort needed to create users compared to creating the accounts manually in the Office 365 Admin portal. First, you select the appropriate method for bulk-importing user accounts into AD DS. Next, you create the .csv file that contains the user accounts. Finally, you use the selected method to import the .csv file into AD DS.
 
-**Note**  If your institution doesn’t have an on-premises AD DS domain, you can skip this section.
+> [!NOTE]
+> If your institution doesn’t have an on-premises AD DS domain, you can skip this section.
 
 ### Select the bulk import method
 
@@ -442,45 +436,46 @@ Several methods are available to bulk-import user accounts into AD DS domains. T
 
 *Table 5. AD DS bulk-import account methods*
 
+---
+|  Method |  Description and reason to select this method  |
+|---|---|
+| **Ldifde.exe** | This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren’t comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/116.active-directory-step-by-step-guide-bulk-import-and-export.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)), and [LDIFDE](/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)). |
+| **VBScript** | This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/116.active-directory-step-by-step-guide-bulk-import-and-export.aspx). |
+| **Windows PowerShell** |  This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Windows PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).  |
 
-|       Method       |                                                                                                                                                                                                                                                                                                                                         Description and reason to select this method                                                                                                                                                                                                                                                                                                                                         |
-|--------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|     Ldifde.exe     | This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren’t comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)), and [LDIFDE](/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)). |
-|      VBScript      |                                                                                                             This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)) and [ADSI Scriptomatic](https://technet.microsoft.com/scriptcenter/dd939958.aspx).                                                                                                              |
-| Windows PowerShell |                                                                          This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Window PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).                                                                          |
-
-
                    
+---
 
 ### Create a source file that contains the user and group accounts
 
-After you have selected your user and group account bulk import method, you’re ready to create the source file that contains the user and group account. You’ll use the source file as the input to the import process. The source file format depends on the method you selected. Table 6 lists the source file format for the bulk import methods.
+After you've selected your user and group account bulk import method, you’re ready to create the source file that contains the user and group account. You’ll use the source file as the input to the import process. The source file format depends on the method you selected. Table 6 lists the source file format for the bulk import methods.
 
 *Table 6. Source file format for each bulk import method*
 
+---
+| Method |  Source file format   |
+|---|---|
+| **Ldifde.exe** | Ldifde.exe requires a specific format for the source file. Use Ldifde.exe to export existing user and group accounts so that you can see the format. For examples of the format that Ldifde.exe requires, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/116.active-directory-step-by-step-guide-bulk-import-and-export.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)), and [LDIFDE](/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)). |
+| **VBScript**  |  VBScript can use any .csv file format to create a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in comma-separated values (CSV) format, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/116.active-directory-step-by-step-guide-bulk-import-and-export.aspx) |
+| **Windows PowerShell** | Windows PowerShell can use any .csv file format you want to create as a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in CSV format, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx). |
 
-|       Method       |                                                                                                                                                                                                                                                                                                      Source file format                                                                                                                                                                                                                                                                                                       |
-|--------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|     Ldifde.exe     | Ldifde.exe requires a specific format for the source file. Use Ldifde.exe to export existing user and group accounts so that you can see the format. For examples of the format that Ldifde.exe requires, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)), and [LDIFDE](/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)). |
-|      VBScript      |                                                                                                                              VBScript can use any .csv file format to create a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in comma-separated values (CSV) format, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)).                                                                                                                              |
-| Windows PowerShell |                               Windows PowerShell can use any .csv file format you want to create as a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in CSV format, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).                               |
-
-
                    
+---
 
 ### Import the user accounts into AD DS
 
 With the bulk-import source file finished, you’re ready to import the user and group accounts into AD DS. The steps for importing the file are slightly different for each method.
 
-**Note**  Bulk-import your group accounts first, and then import your user accounts. Importing in this order allows you to specify group membership when you import your user accounts. 
+> [!NOTE]
+> Bulk-import your group accounts first, and then import your user accounts. Importing in this order allows you to specify group membership when you import your user accounts. 
 
 For more information about how to import user accounts into AD DS by using:
 
-- Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)), and [LDIFDE](/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)).
-- VBScript, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)).
-- Windows PowerShell, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).
+- Ldifde.exe: See [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/116.active-directory-step-by-step-guide-bulk-import-and-export.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)), and [LDIFDE](/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)).
+- VBScript: See [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/116.active-directory-step-by-step-guide-bulk-import-and-export.aspx).
+- Windows PowerShell: See [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).
 
 ### Summary
 
-In this section, you selected the bulk-import method, created the source file that contains the user and group accounts, and imported the user and group accounts in to AD DS. If you have Azure AD Connect, it automatically synchronizes the new AD DS user and group accounts to Azure AD. Now, you’re ready to assign user licenses for Azure AD Premium in the [Assign user licenses for Azure AD Premium](#assign-user-licenses-for-azure-ad-premium) section later in this guide.
+In this section, you selected the bulk-import method, created the source file that contains the user and group accounts, and imported the user and group accounts in to AD DS. If you've Azure AD Connect, it automatically synchronizes the new AD DS user and group accounts to Azure AD. Now, you’re ready to assign user licenses for Azure AD Premium in the [Assign user licenses for Azure AD Premium](#assign-user-licenses-for-azure-ad-premium) section later in this guide.
 
 ## Bulk-import user accounts into Office 365
 
@@ -488,29 +483,32 @@ You can bulk-import user and group accounts directly into Office 365, reducing t
 
 ### Create user accounts in Office 365
 
-Now that you have created your new Office 365 Education subscription, you need to create user accounts. You can add user accounts for the teachers, other faculty, and students who will use the classroom.
+Now that you've created your new Office 365 Education subscription, you need to create user accounts. You can add user accounts for the teachers, other faculty, and students who will use the classroom.
 
-You can use the Microsoft 365 admin center to add individual Office 365 accounts manually—a reasonable process when you’re adding only a few users. If you have many users, however, you can automate the process by creating a list of those users, and then use that list to create user accounts (that is, bulk-add users).
+You can use the Microsoft 365 admin center to add individual Office 365 accounts manually—a reasonable process when you’re adding only a few users. If you've many users, however, you can automate the process by creating a list of those users, and then use that list to create user accounts (that is, bulk-add users).
 
 The bulk-add process assigns the same Office 365 Education license plan to all users on the list. Therefore, you must create a separate list for each license plan you recorded in Table 2. Depending on the number of faculty members who need to use the classroom, you may want to add the faculty Office 365 accounts manually; however, use the bulk-add process to add student accounts.
 
-For more information about how to bulk-add users to Office 365, see [Add several users at the same time to Office 365](https://support.office.com/en-us/article/Add-several-users-at-the-same-time-to-Office-365-Admin-Help-1f5767ed-e717-4f24-969c-6ea9d412ca88?ui=en-US&rs=en-US&ad=US).
+For more information about how to bulk-add users to Office 365, see [Add several users at the same time to Office 365](/microsoft-365/enterprise/add-several-users-at-the-same-time).
 
-**Note**  If you encountered errors during bulk add, resolve them before you continue the bulk-add process. You can view the log file to see which users caused the errors, and then modify the .csv file to correct the problems. Click **Back** to retry the verification process.
+> [!NOTE]
+> If you encountered errors during bulk add, resolve them before you continue the bulk-add process. You can view the log file to see which users caused the errors, and then modify the .csv file to correct the problems. Click **Back** to retry the verification process.
 
-The email accounts are assigned temporary passwords upon creation. You must communicate these temporary passwords to your users before they can sign in to Office 365.
+The email accounts are assigned temporary passwords upon creation. Communicate these temporary passwords to your users before they can sign in to Office 365.
 
 ### Create Office 365 security groups
 
 Assign SharePoint Online resource permissions to Office 365 security groups, not individual user accounts. For example, create one security group for faculty members and another for students. Then, you can assign unique SharePoint Online resource permissions to faculty members and a different set of permissions to students. Add or remove users from the security groups to grant or revoke access to SharePoint Online resources.
 
-**Note**  If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant.
+> [!NOTE]
+> If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant.
 
-For information about creating security groups, see [Create and manage Microsoft 365 groups in Admin Center Preview](https://support.office.com/en-us/article/Create-and-manage-Office-365-groups-in-Admin-Center-Preview-93df5bd4-74c4-45e8-9625-56db92865a6e?ui=en-US&rs=en-US&ad=US).
+For information about creating security groups, see [Create a group in the Microsoft 365 admin center](/microsoft-365/admin/create-groups/create-groups).
 
 You can add and remove users from security groups at any time.
 
-**Note**  Office 365 evaluates group membership when users sign in. If you change group membership for a user, that user may need to sign out, and then sign in again for the change to take effect.
+> [!NOTE]
+> Office 365 evaluates group membership when users sign in. If you change group membership for a user, that user may need to sign out, and then sign in again for the change to take effect.
 
 ### Create email distribution groups
 
@@ -518,13 +516,14 @@ Microsoft Exchange Online uses an email distribution group as a single email rec
 
 You can create email distribution groups based on job role (such as teachers, administration, or students) or specific interests (such as robotics, drama club, or soccer team). You can create any number of distribution groups, and users can be members of more than one group.
 
-**Note**  Office 365 can take some time to complete the Exchange Online creation process. You will have to wait until Office 365 completes the Exchange Online creation process before you can perform the following steps. 
+> [!NOTE]
+> Office 365 can take some time to complete the Exchange Online creation process. You'll have to wait until Office 365 completes the Exchange Online creation process before you can perform the following steps. 
 
-For information about how to create security groups, see [Create and manage Microsoft 365 groups in Admin Center Preview](https://support.office.com/en-us/article/Create-and-manage-Office-365-groups-in-Admin-Center-Preview-93df5bd4-74c4-45e8-9625-56db92865a6e?ui=en-US&rs=en-US&ad=US).
+For information about how to create security groups, see [Create a group in the Microsoft 365 admin center](/microsoft-365/admin/create-groups/create-groups).
 
 ### Summary
 
-Now, you have bulk-imported the user accounts into Office 365. First, you selected the bulk-import method. Next, you created the Office 365 security groups in Office 365. Finally, you created the Office 365 email distribution groups. Now, you’re ready to assign user licenses for Azure AD Premium.
+Now, you've bulk-imported the user accounts into Office 365. First, you selected the bulk-import method. Next, you created the Office 365 security groups in Office 365. Finally, you created the Office 365 email distribution groups. Now, you’re ready to assign user licenses for Azure AD Premium.
 
 ## Assign user licenses for Azure AD Premium
 
@@ -545,44 +544,48 @@ Microsoft Store for Business allows you to create your own private portal to man
 - Manage apps, app licenses, and updates.
 - Distribute apps to your users. 
 
-For more information about Microsoft Store for Business, see [Microsoft Store for Business overview](/microsoft-store/microsoft-store-for-business-overview).
+For more information, see [Microsoft Store for Business overview](/microsoft-store/microsoft-store-for-business-overview).
 
 The following section shows you how to create a Microsoft Store for Business portal and configure it for your school.
 
 ### Create and configure your Microsoft Store for Business portal
 
-To create and configure your Microsoft Store for Business portal, simply use the administrative account for your Office 365 subscription to sign in to Microsoft Store for Business. Microsoft Store for Business automatically creates a portal for your institution and uses your account as its administrator.
+To create and configure your Microsoft Store for Business portal, use the administrative account for your Office 365 subscription to sign in to Microsoft Store for Business. Microsoft Store for Business automatically creates a portal for your institution and uses your account as its administrator.
 
 #### To create and configure a Microsoft Store for Business portal
 
-1. In Microsoft Edge or Internet Explorer, type `https://microsoft.com/business-store` in the address bar.
-2. On the **Microsoft Store for Business** page, click **Sign in with an organizational account**.
                    **Note**  If your institution has AD DS, then don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant.
-3. On the Microsoft Store for Business sign-in page, use the administrative account for the Office 365 subscription you created in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) section to sign in.
-4. On the **Microsoft Store for Business Services Agreement** page, review the agreement, select the **I accept this agreement and certify that I have the authority to bind my organization to its terms** check box, and then click **Accept**
-5. In the **Welcome to the Microsoft Store for Business** dialog box, click **OK**.
+1. In Microsoft Edge or Internet Explorer, go to [https://microsoft.com/business-store](https://microsoft.com/business-store).
+2. On the **Microsoft Store for Business** page, click **Sign in with an organizational account**.
+
+    If your institution has AD DS, then don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant.
+
+1. On the Microsoft Store for Business sign-in page, use the administrative account for the Office 365 subscription you created in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) section to sign in.
+2. On the **Microsoft Store for Business Services Agreement** page, review the agreement, select the **I accept this agreement and certify that I have the authority to bind my organization to its terms** check box, and then click **Accept**
+3. In the **Welcome to the Microsoft Store for Business** dialog box, click **OK**.
 
 After you create the Microsoft Store for Business portal, configure it by using the commands in the settings menu listed in Table 7. Depending on your institution, you may (or may not) need to change these settings to further customize your portal. 
 
 *Table 7. Menu selections to configure Microsoft Store for Business settings*
 
-
-|    Menu selection    |                                                                                                                                                                                  What you can do in this menu                                                                                                                                                                                  |
-|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Account information  |              Displays information about your Microsoft Store for Business account (no settings can be changed). You make changes to this information in Office 365 or the Azure Portal. For more information, see [Update Microsoft Store for Business account settings](/microsoft-store/update-microsoft-store-for-business-account-settings).               |
-| Device Guard signing |                                                                           Allows you to upload and sign Device Guard catalog and policy files. For more information about Device Guard, see [Device Guard deployment guide](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).                                                                            |
-|    LOB publishers    |            Allows you to add line-of-business (LOB) publishers that can then publish apps to your private store. LOB publishers are usually internal developers or software vendors that are working with your institution. For more information, see [Working with line-of-business apps](/microsoft-store/working-with-line-of-business-apps).             |
-|   Management tools   |                                                                    Allows you to add tools that you can use to distribute (deploy) apps in your private store. For more information, see [Distribute apps with a management tool](/microsoft-store/distribute-apps-with-management-tool).                                                                    |
-|  Offline licensing   |                                                       Allows you to show (or not show) offline licensed apps to people shopping in your private store. For more information, see [Licensing model: online and offline licenses](/microsoft-store/apps-in-microsoft-store-for-business#licensing-model).                                                        |
-|     Permissions      | Allows you to grant other users in your organization the ability to buy, manage, and administer your Microsoft Store for Business portal. You can also remove permissions you have previously granted. For more information, see [Roles and permissions in Microsoft Store for Business](/microsoft-store/roles-and-permissions-microsoft-store-for-business). |
+---
+| Menu selection | What you can do in this menu |
+|---|---|
+| Account information  | Displays information about your Microsoft Store for Business account (no settings can be changed). You make changes to this information in Office 365 or the Azure portal. For more information, see [Update Microsoft Store for Business account settings](/microsoft-store/update-microsoft-store-for-business-account-settings).|
+| Device Guard signing |  Allows you to upload and sign Device Guard catalog and policy files. For more information about Device Guard, see [Device Guard deployment guide](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).  |
+|    LOB publishers    |  Allows you to add line-of-business (LOB) publishers that can then publish apps to your private store. LOB publishers are internal developers or software vendors that are working with your institution. For more information, see [Working with line-of-business apps](/microsoft-store/working-with-line-of-business-apps).             |
+|   Management tools   |  Allows you to add tools that you can use to distribute (deploy) apps in your private store. For more information, see [Distribute apps with a management tool](/microsoft-store/distribute-apps-with-management-tool).                                                                    |
+|  Offline licensing   |  Allows you to show (or not show) offline licensed apps to people shopping in your private store. For more information, see [Licensing model: online and offline licenses](/microsoft-store/apps-in-microsoft-store-for-business#licensing-model).  |
+|     Permissions      | Allows you to grant other users in your organization the ability to buy, manage, and administer your Microsoft Store for Business portal. You can also remove permissions you've previously granted. For more information, see [Roles and permissions in Microsoft Store for Business](/microsoft-store/roles-and-permissions-microsoft-store-for-business). |
 |    Private store     | Allows you to change the organization name used in your Microsoft Store for Business portal. When you create your portal, the private store uses the organization name that you used to create your Office 365 subscription. For more information, see [Distribute apps using your private store](/microsoft-store/distribute-apps-from-your-private-store). |
 
-
                    
+---
 
 ### Find, acquire, and distribute apps in the portal
 
-Now that you have created your Microsoft Store for Business portal, you’re ready to find, acquire, and distribute apps that you will add to your portal. You do this by using the Inventory page in Microsoft Store for Business.
+Now that you've created your Microsoft Store for Business portal, you’re ready to find, acquire, and distribute apps that you'll add to your portal. You do this task by using the Inventory page in Microsoft Store for Business.
 
-**Note**  Your educational institution can now use a credit card to pay for apps in Microsoft Store for Business.
+> [!NOTE]
+> Your educational institution can now use a credit card to pay for apps in Microsoft Store for Business.
 
 You can deploy apps to individual users or make apps available to users through your private store. Deploying apps to individual users restricts the app to those specified users. Making apps available through your private store allows all your users.
 
@@ -590,18 +593,18 @@ For more information about how to find, acquire, and distribute apps in the port
 
 ### Summary
 
-At the end of this section, you should have a properly configured Microsoft Store for Business portal. You have also found and acquired your apps from Microsoft Store. Finally, you should have deployed all your Microsoft Store apps to your users. Now, you’re ready to deploy Microsoft Store apps to your users.
+At the end of this section, you should have a properly configured Microsoft Store for Business portal. You've also found and acquired your apps from Microsoft Store. Finally, you should have deployed all your Microsoft Store apps to your users. Now, you’re ready to deploy Microsoft Store apps to your users.
 
 ## Plan for deployment
 
-You will use the LTI deployment process in MDT to deploy Windows 10 to devices or to upgrade devices to Windows 10. Prior to preparing for deployment, you must make some deployment planning decisions, including selecting the operating systems you will use, the approach you will use to create your Windows 10 images, and the method you will use to initiate the LTI deployment process.
+You'll use the LTI deployment process in MDT to deploy Windows 10 to devices or to upgrade devices to Windows 10. Prior to preparing for deployment, you must make some deployment planning decisions, including selecting the operating systems you'll use, the approach you'll use to create your Windows 10 images, and the method you'll use to initiate the LTI deployment process.
 
 ### Select the operating systems
 
-Later in the process, you will import the versions of Windows 10 you want to deploy. You can deploy the operating system to new devices, refresh existing devices, or upgrade existing devices. In the case of:
+Later in the process, you'll import the versions of Windows 10 you want to deploy. You can deploy the operating system to new devices, refresh existing devices, or upgrade existing devices. If:
 
-- New devices or refreshing existing devices, you will complete replace the existing operating system on a device with Windows 10.
-- Upgrading existing devices, you will upgrade the existing operating system (the Windows 8.1 or Windows 7 operating system) to Windows 10.
+- New devices or refreshing existing devices, you'll complete replace the existing operating system on a device with Windows 10.
+- Upgrading existing devices, you'll upgrade the existing operating system (the Windows 8.1 or Windows 7 operating system) to Windows 10.
 
 Depending on your school’s requirements, you may need any combination of the following Windows 10 editions:
 
@@ -614,13 +617,15 @@ Depending on your school’s requirements, you may need any combination of the f
   - Deploy new instances of Windows 10 Education so that new devices have a known configuration.
 - **Windows 10 Pro Education**. Use this operating system to upgrade existing eligible institution-owned devices running Windows 10 Pro Education, version 1903 or later, to Windows 10 Education using [subscription activation](/windows/deployment/windows-10-subscription-activation).
 
-**Note**  Although you can use Windows 10 Home on institution-owned devices, Microsoft recommends that you use Windows 10 Pro or Windows 10 Education, instead. Windows 10 Pro and Windows 10 Education provide support for MDM, policy-based management, and Microsoft Store for Business. These features are not available in Windows 10 Home.
+> [!NOTE]
+> Although you can use Windows 10 Home on institution-owned devices, Microsoft recommends that you use Windows 10 Pro or Windows 10 Education, instead. Windows 10 Pro and Windows 10 Education provide support for MDM, policy-based management, and Microsoft Store for Business. These features aren't available in Windows 10 Home.
 
-One other consideration is the mix of processor architectures you will support. If you can, support only 64-bit versions of Windows 10. If you have devices that can run only 32 bit versions of Windows 10, you will need to import both 64-bit and 32-bit versions of the Windows 10 editions listed above.
+One other consideration is the mix of processor architectures you'll support. If you can, support only 64-bit versions of Windows 10. If you've devices that can run only 32-bit versions of Windows 10, you'll need to import both 64-bit and 32-bit versions of the Windows 10 editions listed above.
 
-**Note**  On devices that have minimal system resources (such as devices with only 2 GB of memory or 32 GB of storage), use 32-bit versions of Windows 10 because 64-bit versions of Windows 10 place more stress on device system resources.
+> [!NOTE]
+> On devices that have minimal system resources (such as devices with only 2 GB of memory or 32 GB of storage), use 32-bit versions of Windows 10 because 64-bit versions of Windows 10 place more stress on device system resources.
 
-Finally, as a best practice, minimize the number of operating systems that you deploy and manage. If possible, standardize institution-owned devices on one Windows 10 edition (such as a 64-bit version of Windows 10 Education or Windows 10 Pro). Of course, you cannot standardize personal devices on a specific operating system version or processor architecture.
+Finally, as a best practice, minimize the number of operating systems that you deploy and manage. If possible, standardize institution-owned devices on one Windows 10 edition (such as a 64-bit version of Windows 10 Education or Windows 10 Pro). You can't  standardize personal devices on a specific operating system version or processor architecture.
 
 ### Select an image approach
 
@@ -636,60 +641,14 @@ The MDT deployment process is highly automated, requiring minimal information to
 
 *Table 8. Methods to initiate MDT deployment*
 
-
----
-
-
-
-
-
-
-
+---
+| Method | Description and reason to select this method |
+| --- | --- |
+| **Windows Deployment Services** | This method:

                    - Uses diskless booting to initiate MDT deployment
                    - Works only with devices that support PXE boot. 
                    - Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media. 
                    -Deploys images more slowly than when using local media. 
                    - Requires that you deploy a Windows Deployment Services server. 

                     Select this method when you want to deploy Windows over-the-network and perform diskless booting. The advantage of this method is that the diskless media are generic and typically don’t require updates after you create them (the Deployment Wizard accesses the centrally located deployment share over the network). The disadvantage of this method is that over-the-network deployments are slower than deployments from local media, and you must deploy a Windows Deployment Services server. |
+| **Bootable media** | This method:

                    - Initiates MDT deployment by booting from local media, including from USB drives, DVD-ROM, or CD-ROM.
                    - Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media. 
                    - Deploys images more slowly than when using local media. 
                    - Requires no extra infrastructure.

                    Select this method when you want to deploy Windows over-the-network and are willing to boot the target device from local media. The advantage of this method is that the media are generic and typically don’t require updates after you create them (the Deployment Wizard accesses the centrally located deployment share over the network). The disadvantage of this method is that over-the-network deployments are slower than deployment from local media. |
+| **MDT deployment media** | This method:

                    - Initiates MDT deployment by booting from a local USB hard disk.
                    - Deploys Windows 10 from local media, which consumes less network bandwidth than over-the-network methods.
                    - Deploys images more quickly than network-based methods do.
                    - Requires a USB hard disk because of the deployment share’s storage requirements (up to 100 GB).

                    Select this method when you want to perform local deployments and are willing to boot the target device from a local USB hard disk. The advantage of this method is that local deployments are faster than over-the-network deployments. The disadvantage of this method is that each time you change the deployment share, you must regenerate the MDT deployment media and update the USB hard disk. |
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    MethodDescription and reason to select this method
                    Windows Deployment ServicesThis method:

                    
-
                      
-
                    • Uses diskless booting to initiate MDT deployment.
                      • 
-
                    • Works only with devices that support PXE boot.
                      • 
-
                    • Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media.
                      • 
-
                    • Deploys images more slowly than when using local media.
                      • 
-
                    • Requires that you deploy a Windows Deployment Services server.
                      • 
-
                    
-
-Select this method when you want to deploy Windows over-the-network and perform diskless booting. The advantage of this method is that the diskless media are generic and typically don’t require updates after you create them (the Deployment Wizard accesses the centrally located deployment share over the network). The disadvantage of this method is that over-the-network deployments are slower than deployments from local media, and you must deploy a Windows Deployment Services server.
                    Bootable mediaThis method:

                    
-
                      
-
                    • Initiates MDT deployment by booting from local media, including from USB drives, DVD-ROM, or CD-ROM.
                      • 
-
                    • Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media.
                      • 
-
                    • Deploys images more slowly than when using local media.
                      • 
-
                    • Requires no additional infrastructure.
                      • 
-
                    
-
-Select this method when you want to deploy Windows over-the-network and are willing to boot the target device from local media. The advantage of this method is that the media are generic and typically don’t require updates after you create them (the Deployment Wizard accesses the centrally located deployment share over the network). The disadvantage of this method is that over-the-network deployments are slower than deployment from local media.
                    MDT deployment mediaThis method:

                    
-
                      
-
                    • Initiates MDT deployment by booting from a local USB hard disk.
                      • 
-
                    • Deploys Windows 10 from local media, which consumes less network bandwidth than over-the-network methods.
                      • 
-
                    • Deploys images more quickly than network-based methods do.
                      • 
-
                    • Requires a USB hard disk because of the deployment share’s storage requirements (up to 100 GB).
                      • 
-
                    
-
-Select this method when you want to perform local deployments and are willing to boot the target device from a local USB hard disk. The advantage of this method is that local deployments are faster than over-the-network deployments. The disadvantage of this method is that each time you change the deployment share, you must regenerate the MDT deployment media and update the USB hard disk.
                    
+---
 
 ### Summary
 
@@ -705,308 +664,85 @@ The first step in preparation for Windows 10 deployment is to configure—that i
 
 *Table 9. Tasks to configure the MDT deployment share*
 
-
----
-
-
-
-
-
-
-
-
-
-
-
+---
+| Task | Description |
+| --- | --- |
+| **1. Import operating systems** | Import the operating systems that you selected in the [Select operating systems](#select-the-operating-systems) section into the deployment share. For more information about how to import operating systems, see [Import an Operating System into the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#ImportanOperatingSystemintotheDeploymentWorkbench). |
+| **2. Import device drives** | Device drivers allow Windows 10 to know a device’s hardware resources and connected hardware accessories. Without the proper device drivers, certain features may be unavailable. For example, without the proper audio driver, a device can't  play sounds; without the proper camera driver, the device can't  take photos or use video chat.

                     Import device drivers for each device in your institution. For more information about how to import device drivers, see [Import Device Drivers into the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#ImportDeviceDriversintotheDeploymentWorkbench). |
+| **3. Create MDT applications for Microsoft Store apps** | Create an MDT application for each Microsoft Store app you want to deploy. You can deploy Microsoft Store apps by using sideloading, which allows you to use the Add-AppxPackage Windows PowerShell cmdlet to deploy the .appx files associated with the app (called provisioned apps). Use this method to deploy up to 24 apps to Windows 10.

                    Prior to sideloading the .appx files, obtain the Microsoft Store .appx files that you'll use to deploy (sideload) the apps in your provisioning package. For apps in Microsoft Store, you'll need to obtain the .appx files from the app software vendor directly. If you're unable to obtain the .appx files from the app software vendor, then you or the students will need to install the apps on the student devices directly from Microsoft Store or Microsoft Store for Business.

                    If you've Intune, you can deploy Microsoft Store apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section. This method provides granular deployment of Microsoft Store apps, and you can use it for ongoing management of Microsoft Store apps. This method is the preferred one for deploying and managing Microsoft Store apps.

                    In addition, you must prepare your environment for sideloading (deploying) Microsoft Store apps. For more information about how to:

                    - Prepare your environment for sideloading, see [Sideload LOB apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10).
                    - Create an MDT application, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewApplicationintheDeploymentWorkbench). |
+| **4. Create MDT applications for Windows desktop apps** | You need to create an MDT application for each Windows desktop app you want to deploy. You can obtain the Windows desktop apps from any source, but ensure that you've sufficient licenses for them.

                    To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in [Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](/deployoffice/deploy-microsoft-365-apps-local-source?f=255&MSPPError=-2147217396).

                    If you've Intune, you can deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps. This method is the preferred one for deploying and managing Windows desktop apps.

                     You can also deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section.

                    For more information about how to create an MDT application for Windows desktop apps, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewApplicationintheDeploymentWorkbench). | 
+| **5. Create task sequences.** | You must create a separate task sequence for each Windows 10 edition, processor architecture, operating system upgrade process, and new operating system deployment process. Minimally, create a task sequence for each Windows 10 operating system you imported in Step 1—for example, (1) if you want to deploy Windows 10 Education to new devices or refresh existing devices with a new deployment of Windows 10 Education; (2) if you want to upgrade existing devices running Windows 8.1 or Windows 7 to Windows 10 Education; or (3) if you want to run deployments and upgrades for both 32 bit and 64-bit versions of Windows 10. To do so, you must create task sequences that will:

                    - Deploy Windows 10 Education 64-bit to devices.
                    - Deploy Windows 10 Education 32-bit to devices.
                    - Upgrade existing devices to Windows 10 Education 64-bit.
                    - Upgrade existing devices to Windows 10 Education 32-bit.

                    Again, you'll create the task sequences based on the operating systems that you imported in Step 1. For more information about how to create a task sequence, see [Create a New Task Sequence in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewTaskSequenceintheDeploymentWorkbench). |
+| **6. Update the deployment share.** | Updating a deployment share generates the MDT boot images you use to initiate the Windows 10 deployment process. You can configure the process to create 32 bit and 64-bit versions of the .iso and .wim files you can use to create bootable media or in Windows Deployment Services.

                     For more information about how to update a deployment share, see [Update a Deployment Share in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#UpdateaDeploymentShareintheDeploymentWorkbench).|
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    TaskDescription
                    1. Import operating systemsImport the operating systems that you selected in the Select operating systems section into the deployment share. For more information about how to import operating systems, see Import an Operating System into the Deployment Workbench.
                    2. Import device drivesDevice drivers allow Windows 10 to know a device’s hardware resources and connected hardware accessories. Without the proper device drivers, certain features may be unavailable. For example, without the proper audio driver, a device cannot play sounds; without the proper camera driver, the device cannot take photos or use video chat.

                    
+---
 
-Import device drivers for each device in your institution. For more information about how to import device drivers, see [Import Device Drivers into the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#ImportDeviceDriversintotheDeploymentWorkbench).
+### Configure Windows Deployment Services for MDT
 
-
                    3. Create MDT applications for Microsoft Store appsCreate an MDT application for each Microsoft Store app you want to deploy. You can deploy Microsoft Store apps by using sideloading, which allows you to use the Add-AppxPackage Windows PowerShell cmdlet to deploy the .appx files associated with the app (called provisioned apps). Use this method to deploy up to 24 apps to Windows 10.

                    
-
-Prior to sideloading the .appx files, obtain the Microsoft Store .appx files that you will use to deploy (sideload) the apps in your provisioning package. For apps in Microsoft Store, you will need to obtain the .appx files from the app software vendor directly. If you are unable to obtain the .appx files from the app software vendor, then you or the students will need to install the apps on the student devices directly from Microsoft Store or Microsoft Store for Business.

                    
-
-If you have Intune, you can deploy Microsoft Store apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section. This method provides granular deployment of Microsoft Store apps, and you can use it for ongoing management of Microsoft Store apps. This is the preferred method of deploying and managing Microsoft Store apps.

                    
-
-In addition, you must prepare your environment for sideloading (deploying) Microsoft Store apps. For more information about how to:

                    
-
-
-
-
                    4. Create MDT applications for Windows desktop apps
-You need to create an MDT application for each Windows desktop app you want to deploy. You can obtain the Windows desktop apps from any source, but ensure that you have sufficient licenses for them.

                    
-
-To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in [Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](/deployoffice/deploy-microsoft-365-apps-local-source?f=255&MSPPError=-2147217396).

                    
-
-If you have Intune, you can deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps. This is the preferred method for deploying and managing Windows desktop apps.

                    
-
-**Note**  You can also deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section.

                    
-
-For more information about how to create an MDT application for Window desktop apps, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewApplicationintheDeploymentWorkbench).
-
-
                    5.  Create task sequences.
-You must create a separate task sequences for each Windows 10 edition, processor architecture, operating system upgrade process, and new operating system deployment process. Minimally, create a task sequence for each Windows 10 operating system you imported in Step 1—for example, (1) if you want to deploy Windows 10 Education to new devices or refresh existing devices with a new deployment of Windows 10 Education; (2) if you want to upgrade existing devices running Windows 8.1 or Windows 7 to Windows 10 Education; or (3) if you want to run deployments and upgrades for both 32 bit and 64 bit versions of Windows 10. To do so, you must create task sequences that will:
-

                    
-
                    • Deploy Windows 10 Education 64-bit to devices.
                      • 
-
                    • Deploy Windows 10 Education 32-bit to devices.
                      • 
-
                    • Upgrade existing devices to Windows 10 Education 64-bit.
                      • 
-
                    • Upgrade existing devices to Windows 10 Education 32-bit.
                      • 
-
                    
-
-Again, you will create the task sequences based on the operating systems that you imported in Step 1. For more information about how to create a task sequence, see [Create a New Task Sequence in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewTaskSequenceintheDeploymentWorkbench).
-
-
                    6.  Update the deployment share.
-Updating a deployment share generates the MDT boot images you use to initiate the Windows 10 deployment process. You can configure the process to create 32 bit and 64 bit versions of the .iso and .wim files you can use to create bootable media or in Windows Deployment Services.

                    
-
-For more information about how to update a deployment share, see [Update a Deployment Share in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#UpdateaDeploymentShareintheDeploymentWorkbench).
                    
-
-### Configure Window Deployment Services for MDT
-
-You can use Windows Deployment Services in conjunction with MDT to automatically initiate boot images on target computers. These boot images can be Windows PE images (which you generated in Step 6 in Table 9) or custom images that can deploy operating systems directly to the target computers.
+You can use Windows Deployment Services with MDT to automatically initiate boot images on target computers. These boot images can be Windows PE images (which you generated in Step 6 in Table 9) or custom images that can deploy operating systems directly to the target computers.
 
 #### To configure Windows Deployment Services for MDT
 
-1. Set up and configure Windows Deployment Services.
                    Windows Deployment Services is a server role available in all Windows Server editions. You can enable the Windows Deployment Services server role on a new server or on any server running Windows Server in your institution. For more information about how to perform this step, see the following resources:
+1. Set up and configure Windows Deployment Services.
 
-   - [Windows Deployment Services overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831764(v=ws.11))
-   - The Windows Deployment Services Help file, included in Windows Deployment Services
-   - [Windows Deployment Services Getting Started Guide for Windows Server 2012](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj648426(v=ws.11))
+    Windows Deployment Services is a server role available in all Windows Server editions. You can enable the Windows Deployment Services server role on a new server or on any server running Windows Server in your institution. For more information about how to perform this step, see the following resources:
 
-2. Add LTI boot images (Windows PE images) to Windows Deployment Services.
                    The LTI boot images (.wim files) that you will add to Windows Deployment Services are in the MDT deployment share. Locate the .wim files in the Boot subfolder in the deployment share. For more information about how to perform this step, see [Add LTI Boot Images to Windows Deployment Services](/mem/configmgr/mdt/use-the-mdt#AddLTIBootImagestoWindowsDeploymentServices).
+    - [Windows Deployment Services overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831764(v=ws.11))
+    - The Windows Deployment Services Help file, included in Windows Deployment Services
+    - [Windows Deployment Services Getting Started Guide for Windows Server 2012](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj648426(v=ws.11))
+
+2. Add LTI boot images (Windows PE images) to Windows Deployment Services.
+
+    The LTI boot images (.wim files) that you'll add to Windows Deployment Services are in the MDT deployment share. Locate the .wim files in the Boot subfolder in the deployment share. For more information about how to perform this step, see [Add LTI Boot Images to Windows Deployment Services](/mem/configmgr/mdt/use-the-mdt#AddLTIBootImagestoWindowsDeploymentServices).
 
 ### Summary
 
-Now, Windows Deployment Services is ready to initiate the LTI deployment process in MDT. You have set up and configured Windows Deployment Services and added the LTI boot images, which you generated in the previous section, to Windows Deployment Services. Now, you’re ready to prepare to manage the devices in your institution.
+Now, Windows Deployment Services is ready to initiate the LTI deployment process in MDT. You've set up and configured Windows Deployment Services and added the LTI boot images, which you generated in the previous section, to Windows Deployment Services. Now, you’re ready to prepare to manage the devices in your institution.
 
 ## Prepare for device management
 
-Before you deploy Windows 10 in your institution, you must prepare for device management. You will deploy Windows 10 in a configuration that complies with your requirements, but you want to help ensure that your deployments remain compliant.
+Before you deploy Windows 10 in your institution, you must prepare for device management. You'll deploy Windows 10 in a configuration that complies with your requirements, but you want to help ensure that your deployments remain compliant.
 
 ### Select the management method
 
-If you have only one device to configure, manually configuring that one device is tedious but possible. When you have multiple classrooms of devices to configure, however, manually configuring each device becomes overwhelming. In addition, manually keeping an identical configuration on each device is virtually impossible as the number of devices in the school increases.
+If you've only one device to configure, manually configuring that one device is tedious but possible. When you've multiple classrooms of devices to configure, however, manually configuring each device becomes overwhelming. In addition, manually keeping an identical configuration on each device is difficult as the number of devices in the school increases.
 
 For a school, there are many ways to manage devices. Table 10 lists the methods that this guide describes and recommends. Use the information in Table 10 to determine which combination of management methods is right for your institution.
 
 *Table 10. School management methods*
 
-
----
-
-
-
-
-
-
-
+---
+| Method | Description |
+| --- | --- |
+| **Group Policy** | Group Policy is an integral part of AD DS and allows you to specify configuration settings for Windows 10 and previous versions of Windows. Select this method when you: 

                    - Want to manage institution-owned devices that are domain joined (personally owned devices are typically not domain joined).
                    - Want more granular control of device and user settings.
                    - Have an existing AD DS infrastructure.
                    - Typically manage on-premises devices.
                    - Can manage a required setting only by using Group Policy.

                    The advantages of this method include:

                    - No cost beyond the AD DS infrastructure.
                    - A larger number of settings.

                    The disadvantages of this method are:

                    - Can only manage domain-joined (institution-owned devices).
                    - Requires an AD DS infrastructure (if the institution doesn't have AD DS already).
                    - Typically manages on-premises devices (unless devices connect by using a VPN or DirectAccess). | 
+| **Intune** | Intune is a cloud-based management system that allows you to specify configuration settings for Windows 10 and other operating systems, such as iOS/iPadOS, macOS, and Android. Intune is a subscription-based cloud service that integrates with Microsoft 365 and Azure AD.

                    Select this method when you:

                    - Want to manage institution-owned and personal devices (doesn't require that the device be domain joined).
                    - Don’t require the level of granular control over device and user settings (compared to Group Policy).
                    - Don’t have an existing AD DS infrastructure.
                    - Need to manage devices regardless of where they are (on or off premises).
                    - Can manage a required setting only by using Intune.

                    The advantages of this method are:

                    - You can manage institution-owned and personal devices.
                    - It doesn’t require that devices be domain joined.
                    - It doesn’t require any on-premises infrastructure.
                    - It can manage devices regardless of their location (on or off premises).

                    The disadvantages of this method are:

                    - Carries an extra cost for subscription.
                    - Doesn’t have a granular level control over device and user settings (compared to Group Policy). | 
 
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    MethodDescription
                    Group Policy
-Group Policy is an integral part of AD DS and allows you to specify configuration settings for Windows 10 and previous versions of Windows. Select this method when you:
-
                      
-
                    • Want to manage institution-owned devices that are domain joined (personally owned devices are typically not domain joined).
                      • 
-
                    • Want more granular control of device and user settings.
                      • 
-
                    • Have an existing AD DS infrastructure.
                      • 
-
                    • Typically manage on-premises devices.
                      • 
-
                    • Can manage a required setting only by using Group Policy.
                      • 
-
                    
-
-The advantages of this method include:
-
                      
-
                    • No cost beyond the AD DS infrastructure.
                      • 
-
                    • A larger number of settings (compared to Intune).
                      • 
-
                    
-The disadvantages of this method are:
-
                      
-
                    • Can only manage domain-joined (institution-owned devices).
                      • 
-
                    • Requires an AD DS infrastructure (if the institution does not have AD DS already).
                      • 
-
                    • Typically manages on-premises devices (unless devices connect by using a VPN or DirectAccess).
                      • 
-
                    
-
                    IntuneIntune is a cloud-based management system that allows you to specify configuration settings for Windows 10, previous versions of Windows, and other operating systems (such as iOS or Android). Intune is a subscription-based cloud service that integrates with Office 365 and Azure AD.
-Select this method when you:
-
                      
-
                    • Want to manage institution-owned and personal devices (does not require that the device be domain joined).
                      • 
-
                    • Don’t require the level of granular control over device and user settings (compared to Group Policy).
                      • 
-
                    • Don’t have an existing AD DS infrastructure.
                      • 
-
                    • Need to manage devices regardless of where they are (on or off premises).
                      • 
-
                    • Can manage a required setting only by using Intune.
                      • 
-
                    
-
-The advantages of this method are:
-
                      
-
                    • You can manage institution-owned and personal devices.
                      • 
-
                    • It doesn’t require that devices be domain joined.
                      • 
-
                    • It doesn’t require any on-premises infrastructure.
                      • 
-
                    • It can manage devices regardless of their location (on or off premises).
                      • 
-
-
                    
-The disadvantages of this method are:
-
                      
-
                    • Carries an additional cost for subscription.
                      • 
-
                    • Doesn’t have a granular level control over device and user settings (compared to Group Policy).
                      • 
-
                    
-
-
                    
+---
 
 ### Select Microsoft-recommended settings
 
-Microsoft has several recommended settings for educational institutions. Table 11 lists them, provides a brief description of why you need to configure them, and recommends methods for configuring the settings. Review the settings in Table 11 and evaluate their relevancy to your institution. Use the information to help you determine whether you need to configure the setting and which method you will use to do so. At the end, you will have a list of settings that you want to apply to the Windows 10 devices and know which management method you will use to configure the settings.
+Microsoft has several recommended settings for educational institutions. Table 11 lists them, provides a brief description of why you need to configure them, and recommends methods for configuring the settings. Review the settings in Table 11 and evaluate their relevancy to your institution. Use the information to help you determine whether you need to configure the setting and which method you'll use to do so. At the end, you'll have a list of settings that you want to apply to the Windows 10 devices and know which management method you'll use to configure the settings.
 
 *Table 11. Recommended settings for educational institutions*
 
-
----
-
-
-
-
-
-
-
+---
+| Recommendation | Description |
+| --- | --- |
+| **Use of Microsoft accounts** | You want faculty and students to use only Azure AD accounts for institution-owned devices. For these devices, don't use Microsoft accounts or associate a Microsoft account with the Azure AD accounts.

                    Personal devices typically use Microsoft accounts. Faculty and students can associate their Microsoft account with their Azure AD account on these devices.

                    **Group Policy**: Configure the [Accounts: Block Microsoft accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj966262(v=ws.11)?amp;MSPPError=-2147217396&f=255) Group Policy setting to use the Users can’t add Microsoft accounts setting option.

                    **Intune**: Enable or disable Microsoft accounts by using the **Allow Microsoft account**, **Allow adding non-Microsoft accounts manually**, and **Allow settings synchronization for Microsoft accounts** policy settings under the **Accounts and Synchronization** section of a **Windows 10 General Configuration** policy. |
+| **Restrict local administrator accounts on the devices** | Ensure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.

                    **Group Policy**: Create a **Local Group** Group Policy preference to limit the local administrators group membership. Select the **Delete all member users** and **Delete all member groups** check boxes to remove any existing members. For more information about how to configure Local Group preferences, see [Configure a Local Group Item](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732525(v=ws.11)).

                    **Intune**: Not available |
+| **Manage the built-in administrator account created during device deployment** | When you use MDT to deploy Windows 10, the MDT deployment process automatically creates a local Administrator account with the password you specified. As a security best practice, rename the built-in Administrator account and optionally disable it.

                    **Group Policy**: Rename the built-in Administrator account by using the **Accounts: Rename administrator account** Group Policy setting. For more information about how to rename the built-in Administrator account, see [To rename the Administrator account using the Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-essentials-sbs/cc747484(v=ws.10)). You'll specify the new name for the Administrator account. You can disable the built-in Administrator account by using the **Accounts: Administrator account status** Group Policy setting. For more information about how to disable the built-in Administrator account, see [Accounts: Administrator account status](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj852165(v=ws.11)).

                    **Intune**: Not available. |
+| **Control Microsoft Store access** | You can control access to Microsoft Store and whether existing Microsoft Store apps receive updates. You can only disable the Microsoft Store app in Windows 10 Education and Windows 10 Enterprise.

                    **Group Policy**: You can disable the Microsoft Store app by using the **Turn off the Store Application** Group Policy setting. You can prevent Microsoft Store apps from receiving updates by using the **Turn off Automatic Download and Install of updates** Group Policy setting. For more information about configuring these settings, see [Can I use Group Policy to control the Microsoft Store in my enterprise environment?](/previous-versions/windows/it-pro/windows-8.1-and-8/hh832040(v=ws.11)#BKMK_UseGP).

                    **Intune**: You can enable or disable the camera by using the **Allow application store** policy setting in the **Apps** section of a **Windows 10 General Configuration** policy. |
+| **Use of Remote Desktop connections to devices** | Remote Desktop connections could allow unauthorized access to the device. Depending on your institution’s policies, you may want to disable Remote Desktop connections on your devices.

                    **Group Policy**: You can enable or disable Remote Desktop connections to devices by using the **Allow Users to connect remotely using Remote Desktop setting** in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections.

                    **Intune**: Not available. |
+| **Use of camera** | A device’s camera can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the camera on your devices.

                    **Group Policy**: Not available.

                    **Intune**: You can enable or disable the camera by using the **Allow camera** policy setting in the **Hardware** section of a **Windows 10 General Configuration** policy. |
+| **Use of audio recording** | Audio recording (by using the Sound Recorder app) can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the Sound Recorder app on your devices.

                    **Group Policy**: You can disable the Sound Recorder app by using the **Do not allow Sound Recorder to run** Group Policy setting. You can disable other audio recording apps by using AppLocker policies. Create AppLocker policies by using the information in [Editing an AppLocker Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791894(v=ws.10)) and [Create Your AppLocker Policies](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee791899(v=ws.11))

                    **Intune**: You can enable or disable the camera by using the **Allow voice recording** policy setting in the **Features** section of a **Windows 10 General Configuration** policy. |
+| **Use of screen capture** | Screen captures can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the ability to perform screen captures on your devices.

                    **Group Policy**: Not available.

                    **Intune**: You can enable or disable the camera by using the **Allow screen capture** policy setting in the **System** section of a **Windows 10 General Configuration** policy. |
+| **Use of location services** | Providing a device’s location can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the location service on your devices.

                    **Group Policy**: You can enable or disable location services by using the **Turn off location** Group Policy setting in User Configuration\Windows Components\Location and Sensors.

                    **Intune**: You can enable or disable the camera by using the **Allow geolocation** policy setting in the **Hardware** section of a **Windows 10 General Configuration** policy. |
+| **Changing wallpaper** | Displaying a custom wallpaper can be a source of disclosure or privacy issues in an education environment (if the wallpaper displays information about the user or the device). Depending on your institution’s policies, you may want to prevent users from changing the wallpaper on your devices.

                    **Group Policy**: You can configure the wallpaper by using the **Desktop WallPaper** setting in User Configuration\Administrative Templates\Desktop\Desktop.

                    **Intune**: Not available. |
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    RecommendationDescription
                    Use of Microsoft accountsYou want faculty and students to use only Azure AD accounts for institution-owned devices. For these devices, do not use Microsoft accounts or associate a Microsoft account with the Azure AD accounts.

                    
-Note  Personal devices typically use Microsoft accounts. Faculty and students can associate their Microsoft account with their Azure AD account on these devices.

                    
-Group Policy. Configure the Accounts: Block Microsoft accounts Group Policy setting to use the Users can’t add Microsoft accounts setting option.

                    
-Intune. Enable or disable the camera by using the Allow Microsoft account, Allow adding non-Microsoft accounts manually, and Allow settings synchronization for Microsoft accounts policy settings under the Accounts and Synchronization section of a Windows 10 General Configuration policy.
-
                    Restrict local administrator accounts on the devicesEnsure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.

                    
-Group Policy. Create a Local Group Group Policy preference to limit the local administrators group membership. Select the Delete all member users and Delete all member groups check boxes to remove any existing members. For more information about how to configure Local Group preferences, see Configure a Local Group Item.

                    
-Intune. Not available.
-
                    Restrict the local administrator accounts on the devicesEnsure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.

                    
-Group Policy. Create a Local Group Group Policy preference to limit the local administrators group membership. Select the Delete all member users and Delete all member groups check boxes to remove any existing members. For more information about how to configure Local Group preferences, see Configure a Local Group Item.

                    
-Intune. Not available.
-
                    Manage the built-in administrator account created during device deploymentWhen you use MDT to deploy Windows 10, the MDT deployment process automatically creates a local Administrator account with the password you specified. As a security best practice, rename the built-in Administrator account and optionally disable it.

                    
-Group Policy. Rename the built-in Administrator account by using the Accounts: Rename administrator account Group Policy setting. For more information about how to rename the built-in Administrator account, see To rename the Administrator account using the Group Policy Management Console. You will specify the new name for the Administrator account. You can disable the built-in Administrator account by using the Accounts: Administrator account status Group Policy setting. For more information about how to disable the built-in Administrator account, see Accounts: Administrator account status.

                    
-Intune. Not available.
-
                    Control Microsoft Store accessYou can control access to Microsoft Store and whether existing Microsoft Store apps receive updates. You can only disable the Microsoft Store app in Windows 10 Education and Windows 10 Enterprise.

                    
-Group Policy. You can disable the Microsoft Store app by using the Turn off the Store Application Group Policy setting. You can prevent Microsoft Store apps from receiving updates by using the Turn off Automatic Download and Install of updates Group Policy setting. For more information about configuring these settings, see Can I use Group Policy to control the Microsoft Store in my enterprise environment?.

                    
-Intune. You can enable or disable the camera by using the Allow application store policy setting in the Apps section of a Windows 10 General Configuration policy.
-
                    Use of Remote Desktop connections to devicesRemote Desktop connections could allow unauthorized access to the device. Depending on your institution’s policies, you may want to disable Remote Desktop connections on your devices.

                    
-Group Policy. You can enable or disable Remote Desktop connections to devices by using the Allow Users to connect remotely using Remote Desktop setting in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections.

                    
-Intune. Not available.
-
                    Use of cameraA device’s camera can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the camera on your devices.

                    
-Group Policy. Not available.

                    
-Intune. You can enable or disable the camera by using the Allow camera policy setting in the Hardware section of a Windows 10 General Configuration policy.
-
                    Use of audio recordingAudio recording (by using the Sound Recorder app) can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the Sound Recorder app on your devices.

                    
-Group Policy. You can disable the Sound Recorder app by using the Do not allow Sound Recorder to run Group Policy setting. You can disable other audio recording apps by using AppLocker policies. Create AppLocker policies by using the information in Editing an AppLocker Policy and Create Your AppLocker Policies.

                    
-Intune. You can enable or disable the camera by using the Allow voice recording policy setting in the Features section of a Windows 10 General Configuration policy.
-
                    Use of screen captureScreen captures can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the ability to perform screen captures on your devices.

                    
-Group Policy. Not available.

                    
-Intune. You can enable or disable the camera by using the Allow screen capture policy setting in the System section of a Windows 10 General Configuration policy.
-
                    Use of location servicesProviding a device’s location can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the location service on your devices.

                    
-Group Policy. You can enable or disable location services by using the Turn off location Group Policy setting in User Configuration\Windows Components\Location and Sensors.

                    
-Intune. You can enable or disable the camera by using the Allow geolocation policy setting in the Hardware section of a Windows 10 General Configuration policy.
-
                    Changing wallpaperDisplaying a custom wallpaper can be a source of disclosure or privacy issues in an education environment (if the wallpaper displays information about the user or the device). Depending on your institution’s policies, you may want to prevent users from changing the wallpaper on your devices.

                    
-Group Policy. You can configure the wallpaper by using the Desktop WallPaper setting in User Configuration\Administrative Templates\Desktop\Desktop.

                    
-Intune. Not available.
-
                    
+---
 
 ### Configure settings by using Group Policy
 
-Now, you’re ready to configure settings by using Group Policy. The steps in this section assume that you have an AD DS infrastructure. You will configure the Group Policy settings you select in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section.
+Now, you’re ready to configure settings by using Group Policy. The steps in this section assume that you've an AD DS infrastructure. You'll configure the Group Policy settings you select in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section.
 
 For more information about Group Policy, see [Group Policy Planning and Deployment Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754948(v=ws.10)).
 
@@ -1018,22 +754,25 @@ For more information about Group Policy, see [Group Policy Planning and Deployme
 
 ### Configure settings by using Intune
 
-Now, you’re ready to configure settings by using Intune. The steps in this section assume that you have an Office 365 subscription. You will configure the Intune settings that you selected in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section.
+Now, you’re ready to configure settings using Intune. The steps in this section assume that you've an Office 365 subscription. You'll configure the Intune settings that you selected in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section.
 
-For more information about Intune, see [Documentation for Microsoft Intune](/intune/).
+For more information about Intune, see [Documentation for Microsoft Intune](/mem/intune/).
 
 #### To configure Intune settings
 
-1. Add Intune to your Office 365 subscription by completing the steps in [Get started with a paid subscription to Microsoft Intune](/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune).
-2. Enroll devices with Intune by completing the steps in [Get ready to enroll devices in Microsoft Intune](https://technet.microsoft.com/library/dn646962.aspx).
-3. Configure the settings in Intune Windows 10 policies by completing the steps in [Manage settings and features on your devices with Microsoft Intune policies](https://technet.microsoft.com/library/dn646984.aspx).
-4. Manage Windows 10 devices by completing the steps in [Manage Windows PCs with Microsoft Intune](https://technet.microsoft.com/library/dn646959.aspx). 
+1. Check your Intune licensing. If you've a Microsoft 365 subscription, you may already have Intune. For more information, see [Microsoft Intune licensing](/mem/intune/fundamentals/licenses).
+2. Enroll devices in Microsoft Intune. For more information on your enrollment options, see [Intune enrollment methods for Windows devices](/mem/intune/enrollment/windows-enrollment-methods). 
+3. Configure the [compliance settings](/mem/intune/protect/device-compliance-get-started) and [configuration settings](/mem/intune/configuration/device-profiles) that meet your school system's needs.
+4. Use the reporting features in Intune to monitor devices. For more information, see [Intune reports](/mem/intune/fundamentals/reports).
 
 ### Deploy apps by using Intune
 
-You can use Intune to deploy Microsoft Store and Windows desktop apps. Intune provides improved control over which users receive specific apps. In addition, Intune allows you deploy apps to companion devices (such as Windows 10 Mobile, iOS, or Android devices) Finally, Intune helps you manage app security and features, such as mobile application management policies that let you manage apps on devices that are not enrolled in Intune or are managed by another solution.
+You can use Intune to deploy apps to Android, iOS/iPadOS, macOS, and Windows devices. You can manage app security and features on organization-owned devices and personal devices.
 
-For more information about how to configure Intune to manage your apps, see [Deploy and configure apps with Microsoft Intune](/intune/).
+For more information about how to configure Intune to manage your apps, see:
+
+- [What is Microsoft Intune app management?](/mem/intune/apps/app-management)
+- [App protection policies overview](/mem/intune/apps/app-protection-policy)
 
 ### Summary
 
@@ -1041,7 +780,7 @@ In this section, you prepared your institution for device management. You determ
 
 ## Deploy Windows 10 to devices
 
-You’re ready to deploy Windows 10 to faculty and student devices. You must complete the steps in this section for each student device in the classrooms as well as for any new student devices you add in the future. You can also perform these actions for any device that’s eligible for a Windows 10 upgrade. This section discusses deploying Windows 10 to new devices, refreshing Windows 10 on existing devices, and upgrading existing devices that are running eligible versions of Windows 8.1 or Windows to Windows 10. 
+You’re ready to deploy Windows 10 to faculty and student devices. You must complete the steps in this section for each student device in the classrooms and for any new student devices you add in the future. You can also perform these actions for any device that’s eligible for a Windows 10 upgrade. This section discusses deploying Windows 10 to new devices, refreshing Windows 10 on existing devices, and upgrading existing devices that are running eligible versions of Windows 8.1 or Windows to Windows 10. 
 
 ### Prepare for deployment
 
@@ -1049,21 +788,22 @@ Prior to deployment of Windows 10, ensure that you complete the tasks listed in
 
 *Table 12. Deployment preparation checklist*
 
+---
+| Tasks |
+|-------|
+| The target devices have sufficient system resources to run Windows 10. |
+| Identify the necessary devices drivers, and import them to the MDT deployment share. |
+| Create an MDT application for each Microsoft Store and Windows desktop app. |
+| Notify the students and faculty about the deployment. |
 
-| Task |                                                                                      |
-|------|--------------------------------------------------------------------------------------|
-|      |        The target devices have sufficient system resources to run Windows 10.        |
-|      | Identify the necessary devices drivers, and import them to the MDT deployment share. |
-|      |     Create an MDT application for each Microsoft Store and Windows desktop app.      |
-|      |                Notify the students and faculty about the deployment.                 |
-
-
                    
+---
 
 ### Perform the deployment
 
 Use the Deployment Wizard to deploy Windows 10. The LTI deployment process is almost fully automated: You provide only minimal information to the Deployment Wizard at the beginning of the process. After the wizard collects the necessary information, the remainder of the process is fully automated. 
 
-**Note**  To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section in the [Microsoft Deployment Toolkit Samples Guide](/mem/configmgr/mdt/samples-guide).
+> [!NOTE]
+> To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section in the [Microsoft Deployment Toolkit Samples Guide](/mem/configmgr/mdt/samples-guide).
 
 In most instances, deployments occur without incident. Only in rare occasions do deployments experience problems.
 
@@ -1074,9 +814,10 @@ In most instances, deployments occur without incident. Only in rare occasions do
 
 ### Set up printers
 
-After you have deployed Windows 10, the devices are almost ready for use. First, you must set up the printers that each classroom will use. Typically, you connect the printers to the same network as the devices in the same classroom. If you don’t have printers in your classrooms, skip this section and proceed to the [Verify deployment](#verify-deployment) section.
+After you've deployed Windows 10, the devices are almost ready for use. First, you must set up the printers that each classroom will use. Typically, you connect the printers to the same network as the devices in the same classroom. If you don’t have printers in your classrooms, skip this section and proceed to the [Verify deployment](#verify-deployment) section.
 
-**Note**  If you’re performing an upgrade instead of a new deployment, the printers remain configured as they were in the previous version of Windows. As a result, you can skip this section and proceed to the [Verify deployment](#verify-deployment) section.
+> [!NOTE]
+> If you’re performing an upgrade instead of a new deployment, the printers remain configured as they were in the previous version of Windows. As a result, you can skip this section and proceed to the [Verify deployment](#verify-deployment) section.
 
 #### To set up printers
 
@@ -1091,7 +832,7 @@ After you have deployed Windows 10, the devices are almost ready for use. First,
 
 ### Verify deployment
 
-As a final quality control step, verify the device configuration to ensure that all apps run. Microsoft recommends that you perform all the tasks that the user would perform. Specifically, verify the following:
+As a final quality control step, verify the device configuration to ensure that all apps run. Microsoft recommends that you perform all the tasks that the user would perform. Specifically, verify the following requirements:
 
 - The device can connect to the Internet and view the appropriate web content in Microsoft Edge.
 - Windows Update is active and current with software updates.
@@ -1101,7 +842,7 @@ As a final quality control step, verify the device configuration to ensure that
 - All Windows desktop apps are properly installed and updated.
 - Printers are properly configured.
 
-When you have verified that the first device is properly configured, you can move to the next device and perform the same steps.
+When you've verified that the first device is properly configured, you can move to the next device and perform the same steps.
 
 ### Summary
 
@@ -1109,7 +850,7 @@ You prepared the devices for deployment by verifying that they have adequate sys
 
 ## Maintain Windows devices and Office 365
 
-After the initial deployment, you will need to perform certain tasks to maintain the Windows 10 devices and your Office 365 Education subscription. You should perform these tasks on the following schedule:
+After the initial deployment, you'll need to perform certain tasks to maintain the Windows 10 devices and your Office 365 Education subscription. You should perform these tasks on the following schedule:
 
 - **Monthly.** These tasks help ensure that the devices are current with software updates and properly protected against viruses and malware.
 - **New semester or academic year.** Perform these tasks prior to the start of a new curriculum—for example, at the start of a new academic year or semester. These tasks help ensure that the classroom environments are ready for the next group of students.
@@ -1119,167 +860,30 @@ Table 13 lists the school and individual classroom maintenance tasks, the resour
 
 *Table 13. School and individual classroom maintenance tasks, with resources and the schedule for performing them*
 
-
------
-
-
-
-
-
-
-
-
-
+---
+| Task and resources | Monthly | New semester or academic year | As required |
+| --- |  --- |  --- |  --- | 
+| Verify that Windows Update is active and current with operating system and software updates.

                    For more information about completing this task, see:

                    - Intune: See [Keep Windows PCs up to date with software updates in Microsoft Intune](https://www.microsoft.com/en-us/insidetrack/keeping-windows-10-devices-up-to-date-with-microsoft-intune-and-windows-update-for-business)
                    - Group Policy: See [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb)
                    - Windows Server Update Services (WSUS): See [Deploy Windows Server Update Services](/windows-server/administration/windows-server-update-services/deploy/deploy-windows-server-update-services)
                    - Neither Intune, Group Policy, or WSUS: See [Update Windows](https://support.microsoft.com/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a). | ✔️ | ✔️ | ✔️ |
+| Verify that Windows Defender is active and current with malware Security intelligence.

                    For more information, see [Enforce compliance for Microsoft Defender for Endpoint with Conditional Access in Intune](/mem/intune/protect/advanced-threat-protection) and [Enable and configure Microsoft Defender Antivirus always-on protection in Group Policy](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus)). | ✔️ | ✔️ | ✔️ |
+| Verify that Windows Defender has run a scan in the past week and that no viruses or malware were found.

                    For more information about completing this task, see [Protect my PC from viruses](https://support.microsoft.com/windows/protect-my-pc-from-viruses-b2025ed1-02d5-1e87-ba5f-71999008e026). | ✔️ | ✔️ | ✔️ |
+| Verify that you're using the appropriate Windows 10 servicing options for updates and upgrades (such as selecting whether you want to use Current Branch or Current Branch for Business).

                     For more information about Windows 10 servicing options for updates and upgrades, see [Windows 10 servicing options for updates and upgrades](/windows/deployment/update/). |  | ✔️ | ✔️ |
+| Refresh the operating system and apps on devices.

                    For more information about completing this task, see the [Deploy Windows 10 to devices](#deploy-windows-10-to-devices) section. |  | ✔️ | ✔️ |
+| Install any new Windows desktop apps or update any Windows desktop apps that are used in the curriculum.

                    For more information, see the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section. |  | ✔️ | ✔️ |
+| Install new or update existing Microsoft Store apps that are used in the curriculum.

                    Microsoft Store apps are automatically updated from Microsoft Store. The menu bar in the Microsoft Store app shows whether any Microsoft Store app updates are available for download.

                    You can also deploy Microsoft Store apps directly to devices by using Intune. For more information, see the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section. |  | ✔️ | ✔️ |
+| Remove unnecessary user accounts (and corresponding licenses) from Office 365.

                    For more information, see:

                    - Remove unnecessary user accounts, see [Delete a user from your organization](/microsoft-365/admin/add-users/delete-a-user).
                    - Unassign licenses, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users). |  | ✔️ | ✔️ |
+| Add new accounts (and corresponding licenses) to Office 365.

                    For more information, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users) and [Assign licenses to users](/microsoft-365/admin/manage/assign-licenses-to-users). |  | ✔️ | ✔️ |
+| Create or modify security groups and manage group membership in Office 365.

                    For more information, see:

                    - [Create a group in the Microsoft 365 admin center](/microsoft-365/admin/create-groups/create-groups)
                    - [Add or remove members from Microsoft 365 groups using the admin center](/microsoft-365/admin/create-groups/add-or-remove-members-from-groups) |  | ✔️ | ✔️ |
+| Create or modify Exchange Online or Microsoft Exchange Server distribution lists in Office 365.

                    For more information, see [Create and manage distribution list groups in Exchange Online](/exchange/recipients-in-exchange-online/manage-distribution-groups/manage-distribution-groups) and [Create, edit, or delete a security group in the Microsoft 365 admin center](/microsoft-365/admin/email/create-edit-or-delete-a-security-group) |  | ✔️ | ✔️ |
+| Install new student devices

                    Follow the same steps in the [Deploy Windows 10 to devices](#deploy-windows-10-to-devices) section. |  |  | ✔️ |
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Task and resourcesMonthlyNew semester or academic yearAs required
                    Verify that Windows Update is active and current with operating system and software updates.

                    
-For more information about completing this task when you have:
-
-                    		XXX
                    Verify that Windows Defender is active and current with malware Security intelligence.

                    
-For more information about completing this task, see Turn Windows Defender on or off and Updating Windows Defender.                     		XXX
                    Verify that Windows Defender has run a scan in the past week and that no viruses or malware were found.

                    
-For more information about completing this task, see How do I find and remove a virus?
-                    		XXX
                    Verify that you are using the appropriate Windows 10 servicing options for updates and upgrades (such as selecting whether you want to use Current Branch or Current Branch for Business).

                     
-For more information about Windows 10 servicing options for updates and upgrades, see Windows 10 servicing options for updates and upgrades.                    		XX
                    Refresh the operating system and apps on devices.

                    
-For more information about completing this task, see the Deploy Windows 10 to devices section.
-
-                    		XX
                    Install any new Windows desktop apps or update any Windows desktop apps that are used in the curriculum.

                    
-For more information, see the Deploy apps by using Intune section.
-
-                    		XX
                    Install new or update existing Microsoft Store apps that are used in the curriculum.

                    
-Microsoft Store apps are automatically updated from Microsoft Store. The menu bar in the Microsoft Store app shows whether any Microsoft Store app updates are available for download.

                    
-You can also deploy Microsoft Store apps directly to devices by using Intune. For more information, see the Deploy apps by using Intune section.
-
-                    		XX
                    Remove unnecessary user accounts (and corresponding licenses) from Office 365.

                    
-For more information about how to:
-
-
-                    		XX
                    Add new accounts (and corresponding licenses) to Office 365.

                    
-For more information about how to:
-
-                    		XX
                    Create or modify security groups and manage group membership in Office 365.

                    
-For more information about how to:
-
-
-                    		XX
                    Create or modify Exchange Online or Microsoft Exchange Server distribution lists in Office 365.

                    
-For more information about how to create or modify Exchange Online or Exchange Server distribution lists in Office 365, see Manage Distribution Groups and Groups in Exchange Online and SharePoint Online.
-
-                    		XX
                    Install new student devices

                    
-Follow the same steps described in the Deploy Windows 10 to devices section.
-
-                    		X
                    
-
                    
+---
 
 ### Summary
 
-Now, you have identified the tasks you need to perform monthly, at the end of an academic year or semester, and as required. Your school configuration should match the typical school configuration that you saw in the [Plan a typical school configuration](#plan-a-typical-school-configuration) section. By performing these maintenance tasks you help ensure that your school stays secure and is configured as you specified. 
+Now, you've identified the tasks you need to perform monthly, at the end of an academic year or semester, and as required. Your school configuration should match the typical school configuration that you saw in the [Plan a typical school configuration](#plan-a-typical-school-configuration) section. By running these maintenance tasks, you help ensure that your school stays secure and is configured as you specified. 
 
 ## Related resources
-
                    
\ No newline at end of file
+
+- [Try it out: Windows 10 deployment (for educational institutions)](../index.yml)
+- [Try it out: Windows 10 in the classroom](../index.yml)
+- [Chromebook migration guide](/education/windows/chromebook-migration-guide)
diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md
index 268f6d2d8b..fb2c72d34b 100644
--- a/education/windows/edu-deployment-recommendations.md
+++ b/education/windows/edu-deployment-recommendations.md
@@ -1,6 +1,6 @@
 ---
 title: Deployment recommendations for school IT administrators
-description: Provides guidance on ways to customize the OS privacy settings, as well as some of the apps, for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.
+description: Provides guidance on ways to customize the OS privacy settings, and some of the apps, for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.
 keywords: Windows 10 deployment, recommendations, privacy settings, school
 ms.mktglfcycl: plan
 ms.sitesec: library
@@ -19,22 +19,28 @@ ms.prod: w10
 -   Windows 10
 
 
-Your privacy is important to us, so we want to provide you with ways to customize the OS privacy settings, as well as some of the apps, so that you can choose what information is shared with Microsoft. To learn more about Microsoft’s commitment to privacy, see [Windows 10 and privacy](https://go.microsoft.com/fwlink/?LinkId=809305). The following sections provide some best practices and specific privacy settings we’d like you to be aware of. Also see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md) for more information about ways to customize the OS diagnostic data, consumer experiences, Cortana, and search.
+Your privacy is important to us, so we want to provide you with ways to customize the OS privacy settings, and some of the apps, so that you can choose what information is shared with Microsoft. To learn more about Microsoft’s commitment to privacy, see [Windows 10 and privacy](https://go.microsoft.com/fwlink/?LinkId=809305). The following sections provide some best practices and specific privacy settings we’d like you to be aware of. For more information about ways to customize the OS diagnostic data, consumer experiences, Cortana, and search, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
 
-We want all students to have the chance to use the apps they need for success in the classroom and all school personnel to have apps they need for their job. Students and school personnel who use assistive technology apps not available in the Microsoft Store for Education, and use devices running Windows 10 S, will be able to configure the device at no additional charge to Windows 10 Pro Education. To learn more about the steps to configure this, see [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md).
+We want all students to have the chance to use the apps they need for success in the classroom and all school personnel to have apps they need for their job. Students and school personnel who use assistive technology apps not available in the Microsoft Store for Education, and use devices running Windows 10 S, will be able to configure the device at no extra charge to Windows 10 Pro Education. To learn more about the steps to configure this device, see [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md).
 
 ## Deployment best practices
 
 Keep these best practices in mind when deploying any edition of Windows 10 in schools or districts:
+
 * A Microsoft account is only intended for consumer services. Enterprises and educational institutions should use enterprise versions where possible, such as Skype for Business, OneDrive for Business, and so on. For schools, consider using mobile device management (MDM) or Group Policy to block students from adding a Microsoft account as a secondary account.
+
 * If schools allow the use of personal accounts by their students to access personal services, schools should be aware that these accounts belong to individuals, not the school.
+
 * IT administrators, school officials, and teachers should also consider ratings when picking apps from the Microsoft Store.
-* If you have students or school personnel who rely on assistive technology apps that are not available in the Microsoft Store for Education, and who are using a Windows 10 S device, configure their device to Windows 10 Pro Education to allow the download and use of non-Microsoft Store assistive technology apps. See [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) for more info.
+
+* If you've students or school personnel who rely on assistive technology apps that aren't available in the Microsoft Store for Education, and who are using a Windows 10 S device, configure their device to Windows 10 Pro Education to allow the download and use of non-Microsoft Store assistive technology apps. See [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) for more info.
 
 ## Windows 10 Contacts privacy settings
 
 If you’re an IT administrator who deploys Windows 10 in a school or district, we recommend that you review these deployment resources to make informed decisions about how you can configure telemetry for your school or district:
+
 * [Configure Windows telemetry in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) - Describes the types of telemetry we gather and the ways you can manage this data.
+
 * [Manage connections from Windows operating system components to Microsoft services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) - Learn about network connections that Windows components make to Microsoft and also the privacy settings (such as location, camera, messaging, and more) that affect data that is shared with either Microsoft or apps and how you can manage this data.
 
 In particular, the **Contacts** area in the **Settings** > **Privacy** section lets you choose which apps can access a student’s contacts list. By default, this setting is turned on.
@@ -44,85 +50,106 @@ To change the setting, you can:
 * [Choose the apps that you want to allow access to contacts](#choose-the-apps-that-you-want-to-allow-access-to-contacts)
 
 ### Turn off access to contacts for all apps
+
 To turn off access to contacts for all apps on individual Windows devices:
+
 1. On the computer, go to **Settings** and select **Privacy**.
 
-   ![Privacy settings](images/win10_settings_privacy.png)
+   ![Privacy settings.](images/win10_settings_privacy.png)
 
 2. Under the list of **Privacy** areas, select **Contacts**.
 
-   ![Contacts privacy settings](images/win10_settings_privacy_contacts.png)
+   ![Contacts privacy settings.](images/win10_settings_privacy_contacts.png)
 
 3. Turn off **Let apps access my contacts**.
 
-For IT-managed Windows devices, you can use a Group Policy to turn off the setting. To do this:
+For IT-managed Windows devices, you can use a Group Policy to turn off the setting. To turn off the setting:
+
 1. Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access contacts**.
+
 2. Set the **Select a setting** box to **Force Deny**.
 
 ### Choose the apps that you want to allow access to contacts
+
 If you want to allow only certain apps to have access to contacts, you can use the switch for each app to specify which ones you want on or off.
 
-![Choose apps with access to contacts](images/win10_settings_privacy_contacts_apps.png)
+![Choose apps with access to contacts.](images/win10_settings_privacy_contacts_apps.png)
 
-The list of apps on the Windows-based device may vary from the above example. The list depends on what apps you have installed and which of these apps access contacts.
+The list of apps on the Windows-based device may vary from the above example. The list depends on what apps you've installed and which of these apps access contacts.
 
 To allow only certain apps to have access to contacts, you can:
+
 * Configure each app individually using the **Settings** > **Contacts** option in the Windows UI
+
 * Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access contacts** and then specify the default for each app by adding the app's Package Family Name under the default behavior you want to enforce.
 
-   ![App privacy Group Policy](images/gp_letwinappsaccesscontacts.png)
+  ![App privacy Group Policy.](images/gp_letwinappsaccesscontacts.png)
+
 
 ## Skype and Xbox settings
 
 Skype (a Universal Windows Platform [UWP]) and Xbox are preinstalled as part of Windows 10.
 
-The Skype app replaces the integration of Skype features into Skype video and Messaging apps on Windows PCs and large tablets. The Skype app provides all these features in one place and lets users have a single place to manage both their chat and voice conversations so they can take better advantage of their screen. For information about the new Skype UWP app preview, see this [FAQ](https://go.microsoft.com/fwlink/?LinkId=821441).
+The Skype app replaces the integration of Skype features into Skype video and Messaging apps on Windows PCs and large tablets. The Skype app provides all these features in one place and lets users have a single place to manage both their chat and voice conversations so they can take better advantage of their screen. For information about the new Skype UWP app preview, see [Skype for Windows 10 Insiders – your most asked questions](https://go.microsoft.com/fwlink/?LinkId=821441).
 
 With the Xbox app, students can use their Xbox profiles to play and make progress on their games using their Windows-based device. They can also unlock achievements and show off to their friends with game clips and screenshots. The Xbox app requires a Microsoft account, which is a personal account.
 
-Both Skype and Xbox include searchable directories that let students find other people to connect to. The online privacy and security settings for Skype and Xbox are not manageable through Group Policy so we recommend that school IT administrators and school officials let parents and students know about these searchable directories.
+Both Skype and Xbox include searchable directories that let students find other people to connect to. The online privacy and security settings for Skype and Xbox aren't manageable through Group Policy so we recommend that school IT administrators and school officials let parents and students know about these searchable directories.
 
 If the school allows the use of personal or Microsoft account in addition to organization accounts, we also recommend that IT administrators inform parents and students that they can optionally remove any identifying information from the directories by:
+
 * [Managing the user profile](#managing-the-user-profile)
 * [Deleting the account if the user name is part of the identifying information](#delete-an-account-if-username-is-identifying)
 
 ### Managing the user profile
+
 #### Skype
+
 Skype uses the user’s contact details to deliver important information about the account and it also lets friends find each other on Skype.
 
 To manage and edit your profile in the Skype UWP app, follow these steps:
-1. In the Skype UWP app, select the user profile icon ![Skype profile icon](images/skype_uwp_userprofile_icon.png)  to go to the user’s profile page.
+
+1. In the Skype UWP app, select the user profile icon ![Skype profile icon.](images/skype_uwp_userprofile_icon.png)  to go to the user’s profile page.
+
 2. In the account page, select **Manage account** for the Skype account that you want to change. This will take you to the online Skype portal.
+
 3. In the online Skype portal, scroll down to the **Account details** section. In **Settings and preferences**, click **Edit profile**.
 
    The profile page includes these sections:
 
-       * Personal information
-       * Contact details
-       * Profile settings
+   * Personal information
+   * Contact details
+   * Profile settings
 
 4. Review the information in each section and click **Edit profile** in either or both the **Personal information** and **Contact details** sections to change the information being shared. You can also remove the checks in the **Profile settings** section to change settings on discoverability, notifications, and staying in touch.
-5. If you do not wish the name to be included, edit the fields and replace the fields with **XXX**.
+
+5. If you don't wish the name to be included, edit the fields and replace the fields with **XXX**.
+
 6. To change the profile picture, go to the Skype app and click on the current profile picture or avatar. The **Manage Profile Picture** window pops up.
 
-   ![Skype profile icon](images/skype_uwp_manageprofilepic.png)
+   ![The icon for Skype profile.](images/skype_uwp_manageprofilepic.png)
+
+   * To take a new picture, click the camera icon in the pop-up window. To upload a new picture, click the three dots (**...**).
 
-   * To take a new picture, click the camera icon in the pop up window. To upload a new picture, click the three dots (**...**).
    * You can also change the visibility of the profile picture between public (everyone) or for contacts only. To change the profile picture visibility, select the dropdown under **Profile picture** and choose between **Show to everyone** or **Show to contacts only**.
 
 #### Xbox
+
 A user’s Xbox friends and their friends’ friends can see their real name and profile. By default, the Xbox privacy settings enforce that no personal identifying information of a minor is shared on the Xbox Live network, although adults in the child’s family can change these default settings to allow it to be more permissive.
 
 To learn more about how families can manage security and privacy settings on Xbox, see this [Xbox article on security](https://go.microsoft.com/fwlink/?LinkId=821445).
 
 
 ### Delete an account if username is identifying
+
 If you want to delete either (or both) the Skype and the Xbox accounts, here’s how to do it.
 
 #### Skype
+
 To delete a Skype account, you can follow the instructions here: [How do I close my Skype account?](https://go.microsoft.com/fwlink/?LinkId=816515)
 
-If you need help deleting the account, you can contact Skype customer service by going to the [Skype support request page](https://go.microsoft.com/fwlink/?LinkId=816519). You may need to sign in and specify a Skype account. Once you’ve signed in, you can:
+If you need help with deleting the account, you can contact Skype customer service by going to the [Skype support request page](https://go.microsoft.com/fwlink/?LinkId=816519). You may need to sign in and specify a Skype account. Once you’ve signed in, you can:
+
 1. Select a help topic (**Account and Password**)
 2. Select a related problem (**Deleting an account**)
 3. Click **Next**.
@@ -130,7 +157,8 @@ If you need help deleting the account, you can contact Skype customer service by
 
 
 #### Xbox
+
 To delete an Xbox account, you can follow the instructions here: [How to delete your Microsoft account and personal information associated with it](https://go.microsoft.com/fwlink/?LinkId=816521).
 
 ## Related topics
-[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
\ No newline at end of file
+[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
diff --git a/education/windows/education-scenarios-store-for-business.md b/education/windows/education-scenarios-store-for-business.md
index 586d6ea6b8..7909586e9b 100644
--- a/education/windows/education-scenarios-store-for-business.md
+++ b/education/windows/education-scenarios-store-for-business.md
@@ -39,7 +39,7 @@ Admins can control whether or not teachers are automatically assigned the **Basi
 2. Click **Manage**, and then click **Settings**. 
 3. On **Shop**, select or clear **Make everyone a Basic Purchaser**.
 
-![manage settings to control Basic Purchaser role assignment](images/sfe-make-everyone-bp.png)
+![manage settings to control Basic Purchaser role assignment.](images/sfe-make-everyone-bp.png)
 
 > [!NOTE]
 > **Make everyone a Basic Purchaser** is on by default. 
@@ -52,7 +52,7 @@ When **Make everyone a Basic Purchaser** is turned off, admins can manually assi
 2. Click **Manage**, and then choose **Permissions**.
 3. On **Roles**, click **Assign roles**, type and select a name, choose the role you want to assign, and then click **Save**.
 
-    ![Permission page for Microsoft Store for Business](images/sfe-roles.png)
+    ![Permission page for Microsoft Store for Business.](images/sfe-roles.png)
 
 **Blocked Basic Purchasers**
 
@@ -151,7 +151,7 @@ For info on how to distribute **Minecraft: Education Edition**, see [For teacher
 
 Employees will receive an email with a link that will install the app on their device. Click the link to start the Microsoft Store app, and then click **Install**. Also, in the Microsoft Store app, they can find the app under **My Library**.
 
-### Purchase additional licenses
+### Purchase more licenses
 Applies to: IT admins and teachers
 
 You can manage current app licenses, or purchase more licenses for apps in **Apps & software**. 
@@ -164,7 +164,7 @@ You'll have a summary of current license availability.
 
 **Minecraft: Education Edition subscriptions**
 
-Similarly, you can purchase additional subscriptions of **Minecraft: Education Edition** through Microsoft Store for Business. Find **Minecraft: Education Edition** in your inventory and use the previous steps for purchasing additional app licenses. 
+Similarly, you can purchase more subscriptions of **Minecraft: Education Edition** through Microsoft Store for Business. Find **Minecraft: Education Edition** in your inventory and use the previous steps for purchasing more app licenses. 
 
 ## Manage order history
 Applies to: IT admins and teachers
diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md
index 78f1759c45..2ce2c20be3 100644
--- a/education/windows/get-minecraft-for-education.md
+++ b/education/windows/get-minecraft-for-education.md
@@ -29,21 +29,21 @@ ms.topic: conceptual
 
 Teachers and IT administrators can now get early access to **Minecraft: Education Edition** and add it their Microsoft Store for Business for distribution. 
 
-
+
 
 ## Prerequisites
  
 - **Minecraft: Education Edition** requires Windows 10.
 - Trials or subscriptions of **Minecraft: Education Edition** are offered to education tenants that are managed by Azure Active Directory (Azure AD).
   - If your school doesn't have an Azure AD tenant, the [IT administrator can set one up](school-get-minecraft.md) as part of the process of getting **Minecraft: Education Edition**.
-  - Office 365 Education, which includes online versions of Office apps plus 1 TB online storage. [Sign up your school for Office 365 Education.](https://products.office.com/academic/office-365-education-plan)
+  - Office 365 Education, which includes online versions of Office apps plus 1 TB online storage. [Sign up your school for Office 365 Education.](https://www.microsoft.com/education/products/office)
   - If your school has an Office 365 Education subscription, it includes a free Azure AD subscription. [Register your free Azure AD subscription.](/windows/client-management/mdm/register-your-free-azure-active-directory-subscription)
 
- 
+ 
 
 [Learn how teachers can get and distribute **Minecraft: Education Edition**](teacher-get-minecraft.md)
 
   
-
+
 
 [Learn how IT administrators can get and distribute **Minecraft: Education Edition**](school-get-minecraft.md), and how to manage permissions for Minecraft.
\ No newline at end of file
diff --git a/education/windows/index.md b/education/windows/index.md
index 81e3f97634..9db6cd7672 100644
--- a/education/windows/index.md
+++ b/education/windows/index.md
@@ -14,33 +14,67 @@ ms.date: 10/13/2017
 
 # Windows 10 for Education
 
-![Windows 10 Education and Windows 10 Pro Education](images/windows-10-for-education-banner.png)
+![Windows 10 Education and Windows 10 Pro Education.](images/windows-10-for-education-banner.png)
 
-## ![Learn more about Windows](images/education.png) Learn
+## ![Learn more about Windows.](images/education.png) Learn
 
-
                    Windows 10 editions for education customers
                    Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: Windows 10 Pro Education and Windows 10 Education. These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
                    
-
                    Compare each Windows edition
                    Find out more about the features and functionality we support in each edition of Windows.
                    
-
                    Get Windows 10 Education or Windows 10 Pro Education
                    When you've made your decision, find out how to buy Windows for your school.
                    
+**[Windows 10 editions for education customers](windows-editions-for-education-customers.md)**
 
-## ![Plan for Windows 10 in your school](images/clipboard.png) Plan
+Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: Windows 10 Pro Education and Windows 10 Education. These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
 
-
                    Windows 10 configuration recommendations for education customers
                    Provides guidance on ways to customize the OS diagnostic data, consumer experiences, Cortana, search, as well as some of the preinstalled apps, so that Windows is ready for your school.
                    
-
                    Deployment recommendations for school IT administrators
                    Learn how to customize the OS privacy settings, Skype, and Xbox for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.
                    
-Get Minecraft Education Edition
                    Minecraft Education Edition is built for learning. Learn how to get early access and add it to your Microsoft Store for Business for distribution.
                    
-
                    Take tests in Windows 10
                    Take a Test is a new app that lets you create the right environment for taking tests. Learn how to use and get it set up.
                    
-
                    Chromebook migration guide
                    Find out how you can migrate a Chromebook-based learning environment to a Windows 10-based learning environment.
                    
+**[Compare each Windows edition](https://www.microsoft.com/WindowsForBusiness/Compare)**
 
-## ![Deploy Windows 10 for Education](images/PCicon.png) Deploy
+Find out more about the features and functionality we support in each edition of Windows.
 
-
                    Set up Windows devices for education
                    Depending on your school's device management needs, you can use the Set up School PCs app or the Windows Configuration Designer tool to quickly set up student PCs.
                    
-
                    Deploy Windows 10 in a school
                    Get step-by-step guidance to help you deploy Windows 10 in a school environment.
                    
-
                    Deploy Windows 10 in a school district
                    Get step-by-step guidance on how to deploy Windows 10 to PCs and devices across a school district.
                    
-
                    Test Windows 10 S on existing Windows 10 education devices
                    Test Windows 10 S on a variety of Windows 10 devices (except Windows 10 Home) in your school and share your feedback with us.
                    
+**[Get Windows 10 Education or Windows 10 Pro Education](https://www.microsoft.com/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools)**
 
-## ![Switch to Windows 10 for Education](images/windows.png) Switch
+When you've made your decision, find out how to buy Windows for your school.
 
-
                    Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S
                    If you have an education tenant and use Windows 10 Pro or Windows 10 S in your schools, find out how you can opt-in to a free switch to Windows 10 Pro Education.
                    
+## ![Plan for Windows 10 in your school.](images/clipboard.png) Plan
 
+**[Windows 10 configuration recommendations for education customers](configure-windows-for-education.md)**
+
+Provides guidance on ways to customize the OS diagnostic data, consumer experiences, Cortana, search, and some of the preinstalled apps, so that Windows is ready for your school.
+
+**[Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)**
+
+Learn how to customize the OS privacy settings, Skype, and Xbox for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.
+
+**[Get Minecraft Education Edition](get-minecraft-for-education.md)**
+
+Minecraft Education Edition is built for learning. Learn how to get early access and add it to your Microsoft Store for Business for distribution.
+
+**[Take tests in Windows 10](take-tests-in-windows-10.md)**
+
+Take a Test is a new app that lets you create the right environment for taking tests. Learn how to use and get it set up.
+
+**[Chromebook migration guide](chromebook-migration-guide.md)**
+
+Find out how you can migrate a Chromebook-based learning environment to a Windows 10-based learning environment.
+
+## ![Deploy Windows 10 for Education.](images/PCicon.png) Deploy
+
+**[Set up Windows devices for education](set-up-windows-10.md)**
+
+Depending on your school's device management needs, you can use the Set up School PCs app or the Windows Configuration Designer tool to quickly set up student PCs.
+
+**[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)**
+
+Get step-by-step guidance to help you deploy Windows 10 in a school environment.
+
+**[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)**
+
+Get step-by-step guidance on how to deploy Windows 10 to PCs and devices across a school district.
+
+**[Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md)**
+
+Test Windows 10 S on various Windows 10 devices (except Windows 10 Home) in your school and share your feedback with us.
+
+## ![Switch to Windows 10 for Education.](images/windows.png) Switch
+
+**[Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md)**
+
+If you have an education tenant and use Windows 10 Pro or Windows 10 S in your schools, find out how you can opt-in to a free switch to Windows 10 Pro Education.
 
 ## Windows 8.1
 
@@ -54,9 +88,11 @@ Follow these links to find step-by-step guidance on how to deploy Windows 8.1 in
 
                    Microsoft Store apps
                    Explore Microsoft Store app deployment strategies and considerations for educational institutions running Windows 8.1.
                    
 
                    Windows To Go
                    Learn about the benefits, limitations, and processes involved in deploying Windows To Go.
                    
 
-## Related topics
+## Related articles
+
 - [Microsoft Education documentation and resources](/education)
-- [Windows 10 and Windows 10 Mobile](/windows/windows-10/)
+- [Windows for business](https://www.microsoft.com/windows/business)
+- [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business)
 
  
+     
 
 2. Enter your email address, and select Educator, Administrator, or Student. 
                     If your email address isn't associated to an Azure AD or Office 365 Education tenant, you'll be asked to create one.
 
-    
+    
     
 3. Select **Get the app**. This will take you to the Microsoft Store for Education to download the app. You will also receive an email with instructions and a link to the Store.
 
-    
+    
 
 4. Sign in to Microsoft Store for Education with your email address.
 
@@ -66,13 +69,14 @@ If you’ve been approved and are part of the Enrollment for Education Solutions
 
 6. **Minecraft: Education Edition** opens in the Microsoft Store for Education. Select **Get the app**. This places **Minecraft: Education Edition** in your Store inventory.
 
-    
+    
 
 Now that the app is in your Microsoft Store for Education inventory, you can choose how to distribute Minecraft. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft).
 
-If you need additional licenses for **Minecraft: Education Edition**, see [Purchase additional licenses](./education-scenarios-store-for-business.md#purchase-additional-licenses).
+If you need additional licenses for **Minecraft: Education Edition**, see [Purchase additional licenses](./education-scenarios-store-for-business.md#purchase-more-licenses).
 
 ### Minecraft: Education Edition - volume licensing
+
 Qualified education institutions can purchase Minecraft: Education Edition licenses through their Microsoft channel partner. Schools need to be part of the Enrollment for Education Solutions (EES) volume licensing program. Educational institutions should work with their channel partner to determine which Minecraft: Education Edition licensing offer is best for their institution. The process looks like this: 
 
 - Your channel partner will submit and process your volume license order, your licenses will be shown on [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx), and the licenses will be available in your [Microsoft Store for Education](https://www.microsoft.com/business-store) inventory. 
@@ -80,13 +84,17 @@ Qualified education institutions can purchase Minecraft: Education Edition licen
 - Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com) to distribute and manage the Minecraft: Education Edition licenses. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft)
 
 ## Minecraft: Education Edition payment options
+
 You can pay for Minecraft: Education Edition with a debit or credit card, or with an invoice. 
 
 ### Debit or credit cards
+
 During the purchase, click **Get started! Add a way to pay.** Provide the info needed for your debit or credit card.
 
 ### Invoices
+
 Invoices are now a supported payment method for Minecraft: Education Edition. There are a few requirements:
+
 - Admins only (not supported for Teachers)
 - $500 invoice minimum for your initial purchase
 - $15,000 invoice maximum (for all invoices within your organization)
@@ -109,15 +117,16 @@ After you've finished the purchase, you can find your invoice by checking **Mine
 > After you complete a purchase, it can take up to twenty-four hours for the app to appear in **Apps & software**.
 
 **To view your invoice**
+
 1. In Microsoft Store for Education, click **Manage** and then click **Apps & software**. 
 2. Click **Minecraft: Education Edition** in the list of apps. 
 3. On **Minecraft: Education Edition**, click **View Bills**.
 
-    ![Minecraft: Education Edition app details page with view bills link highlighted](images/mcee-view-bills.png) 
+    ![Minecraft: Education Edition app details page with view bills link highlighted.](images/mcee-view-bills.png) 
 
 4. On **Invoice Bills**, click the invoice number to view and download your invoice. It downloads as a .pdf.
 
-   ![Minecraft: Education Edition app details page with view bills link highlighted](images/mcee-invoice-bills.png)
+   ![Minecraft: The page displaying details of the Education Edition app with view bills link highlighted.](images/mcee-invoice-bills.png)
 
 The **Payment Instructions** section on the first page of the invoice has information on invoice amount, due date, and how to pay with electronic funds transfer, or with a check. 
 
@@ -133,11 +142,11 @@ Admins can also add Minecraft: Education Edition to the private store. This allo
 
 
 ### Configure automatic subscription assignment
@@ -151,62 +160,62 @@ For Minecraft: Education Edition, you can use auto assign subscription to contro
 
 1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com)
 2. Click Manage.
-    
+
     You'll see Minecraft: Education Edition product page.
-     
+
     ![Minecraft Education Edition product page with auto assign control highlighted.](images/mcee-auto-assign-legacy.png)
- 
+
    -Or-
  
-    ![Minecraft Education Edition product page with auto assign control highlighted.](images/mcee-auto-assign-bd.png)
+    ![The page of the Minecraft Education Edition product with auto assign control highlighted.](images/mcee-auto-assign-bd.png)
     
-3. Slide the **Auto assign subscription** or click **Turn off auto assign subscription**.     
+3. Slide the **Auto assign subscription** or select **Turn off auto assign subscription**.     
 
 ### Install for me
-You can install the app on your PC. This gives you a chance to test the app and know how you might help others in your organization use the app.   
 
-1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com). 
+You can install the app on your PC. This gives you a chance to test the app and know how you might help others in your organization use the app.
+
+1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com).
 2. Click **Manage**, and then click **Install**.
 
-    
+    
 
 3. Click **Install**.  
 
 ### Assign to others
-Enter email addresses for your students, and each student will get an email with a link to install the app. This option is best for older, more tech-savvy students who will always use the same PC at school. You can assign the app to individuals, groups, or add it to your private store, where students and teachers in your organization can download the app. 
 
+Enter email addresses for your students, and each student will get an email with a link to install the app. This option is best for older, more tech-savvy students who will always use the same PC at school. You can assign the app to individuals, groups, or add it to your private store, where students and teachers in your organization can download the app.
 
 **To assign to others**
-1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com). 
+
+1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com).
 2. Click **Manage**.
 
-    ![Minecraft Education Edition product page](images/mc-install-for-me-teacher.png)
-3. Click **Invite people**.
- 
+    ![Minecraft Education Edition product page.](images/mc-install-for-me-teacher.png)
+3. Click **Invite people**. 
 4. Type the name, or email address of the student or group you want to assign the app to, and then click **Assign**. 
 
-    You can only assign the app to students with work or school accounts. If you don't find the student, you might need to add a work or school account for the student.    
-   
-    ![Assign to people showing student name](images/minecraft-assign-to-people-name.png)
+    You can only assign the app to students with work or school accounts. If you don't find the student, you might need to add a work or school account for the student.
+    ![Assign to people showing student name.](images/minecraft-assign-to-people-name.png)
 
 **To finish Minecraft install (for students)**
 
 1. Students will receive an email with a link that will install the app on their PC.
                    
 
-    ![Email with Get the app link](images/minecraft-student-install-email.png)
+    ![Email with Get the app link.](images/minecraft-student-install-email.png)
 
 2. Click **Get the app** to start the app install in Microsoft Store app. 
 3. In Microsoft Store app, click **Install**. 
 
-    ![Microsoft Store app with Minecraft page](images/minecraft-in-windows-store-app.png)
+    ![Microsoft Store app with Minecraft page.](images/minecraft-in-windows-store-app.png)
 
     After installing the app, students can find Minecraft: Education Edition in Microsoft Store app under **My Library**. Microsoft Store app is preinstalled with Windows 10.
 
-    ![Microsoft Store app showing access to My Library](images/minecraft-private-store.png) 
+    ![Microsoft Store app showing access to My Library.](images/minecraft-private-store.png) 
 
     When students click **My Library** they'll find apps assigned to them.
 
-    ![My Library for example student](images/minecraft-my-library.png) 
+    ![My Library for example student.](images/minecraft-my-library.png) 
 
 ### Download for others
 Download for others allows teachers or IT admins to download an app that they can install on PCs. This will install Minecraft: Education Edition on the PC, and allows anyone with a Windows account to use the app on that PC. This option is best for students, and for shared computers. Choose this option when:
@@ -222,14 +231,15 @@ Download for others allows teachers or IT admins to download an app that they ca
 Minecraft: Education Edition will not install if there are updates pending for other apps on the PC. Before installing Minecraft, check to see if there are pending updates for Microsoft Store apps. 
 
 **To check for app updates**
+
 1. Start Microsoft Store app on the PC (click **Start**, and type **Store**).
 2. Click the account button, and then click **Downloads and updates**.
 
-      ![Microsoft Store app showing access to My Library](images/minecraft-private-store.png)
+      ![Microsoft Store app showing Downloads and updates](images/minecraft-private-store.png)
       
 3. Click **Check for updates**, and install all available updates. 
 
-      ![Microsoft Store app showing access to My Library](images/mc-check-for-updates.png)
+      ![Microsoft Store app displaying Check for updates.](images/mc-check-for-updates.png)
       
 4. Restart the computer before installing Minecraft: Education Edition.  
 
@@ -238,8 +248,8 @@ You'll download a .zip file, extract the files, and then use one of the files to
 
 1. **Download Minecraft Education Edition.zip**. From the **Minecraft: Education Edition** page, click **Download for others** tab, and then click **Download**.
 
-    ![Microsoft Store app showing access to My Library](images/mc-dnld-others-teacher.png)
- 
+    ![Microsoft Store app showing the Download.](images/mc-dnld-others-teacher.png)
+
 2. **Extract files**. Find the .zip file that you downloaded and extract the files. This is usually your **Downloads** folder, unless you chose to save the .zip file to a different location. Right-click the file and choose **Extract all**.
 3. **Save to USB drive**. After you've extracted the files, save the Minecraft: Education Edition folder to a USB drive, or to a network location that you can access from each PC.  
 4. **Install app**. Use the USB drive to copy the Minecraft folder to each Windows 10 PC where you want to install Minecraft: Education Edition. Open Minecraft: Education Edition folder, right-click **InstallMinecraftEducationEdition.bat** and click **Run as administrator**. 
@@ -250,14 +260,14 @@ You'll download a .zip file, extract the files, and then use one of the files to
 
 
 
 
diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md
index 6d62b6bb55..f1a4be1df2 100644
--- a/education/windows/set-up-school-pcs-azure-ad-join.md
+++ b/education/windows/set-up-school-pcs-azure-ad-join.md
@@ -48,9 +48,9 @@ Active Directory** \> **Devices** \> **Device settings**.
 for Azure AD by selecting **All** or **Selected**. If you choose the latter
 option, select the teachers and IT staff to allow them to connect to Azure AD.  
 
-![Select the users you want to let join devices to Azure AD](images/suspc-enable-shared-pc-1807.png)  
+![Select the users you want to let join devices to Azure AD.](images/suspc-enable-shared-pc-1807.png)  
 
-You can also create an account that holds the exclusive rights to join devices. When a student PC needs to be set up, provide the account credentials to the appropriate teachers or staff.
+You can also create an account that holds the exclusive rights to join devices. When a student PC has to be set up, provide the account credentials to the appropriate teachers or staff.
 
 ## All Device Settings  
 
@@ -59,10 +59,10 @@ The following table describes each setting within **Device Settings**.
 | Setting                                                    | Description                                                                                                                                                                                                                                                                                                            |
 |------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Users may join devices to Azure AD                         | Choose the scope of people in your organization that are allowed to join devices to Azure AD. **All** allows all users and groups within your tenant to join devices. **Selected** prompts you to choose specific users or groups to allow. **None** allows no one in your tenant to join devices to Azure AD. |  
-| Additional local administrators on Azure AD joined devices | Only applicable to Azure AD Premium tenants. Grant additional local administrator rights on devices, to selected users. Global administrators and the device owner are granted local administrator rights by default.                                                                                                  |
-| Users may register their devices with Azure AD             | Allow all or none of your users to register their devices with Azure AD (Workplace Join). If you are enrolled in Microsoft Intune or Mobile Device Management for Office 365, your devices are required to be registered. In this case, **All** is automatically selected for you.                                     |
+| More local administrators on Azure AD joined devices | Only applicable to Azure AD Premium tenants. Grant extra local administrator rights on devices, to selected users. Global administrators and the device owner are granted local administrator rights by default.                                                                                                  |
+| Users may register their devices with Azure AD             | Allow all or none of your users to register their devices with Azure AD (Workplace Join). If you're enrolled in Microsoft Intune or Mobile Device Management for Office 365, your devices are required to be registered. In this case, **All** is automatically selected for you.                                     |
 | Require Multi-Factor Authentication to join devices                  | Recommended when adding devices to Azure AD. When set to **Yes**, users that are setting up devices must enter a second method of authentication.                                                                                                             |
-| Maximum number of devices per user                         | Set the maximum number of devices a user is allowed to have in Azure AD. If the maximum is exceeded, the user must remove one or more existing devices before additional ones are added.                                                                                                                               |
+| Maximum number of devices per user                         | Set the maximum number of devices a user is allowed to have in Azure AD. If the maximum is exceeded, the user must remove one or more existing devices before more devices are added.                                                                                                                               |
 | Users may sync settings and enterprise app data            | Allow all or none of your users to sync settings and app data across multiple devices. Tenants with Azure AD Premium are permitted to select specific users to allow.                                                                                                                                                  |
 
 ## Clear Azure AD tokens  
diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md
index adc21bf1b4..328e6c3c68 100644
--- a/education/windows/set-up-school-pcs-provisioning-package.md
+++ b/education/windows/set-up-school-pcs-provisioning-package.md
@@ -31,17 +31,17 @@ For a more detailed look at the policies, see the Windows article [Set up shared
 
 |Policy name|Default value|Description|  
 |---------|---------|---------|  
-|Enable Shared PC mode|True| Configures the PCs so they are in shared PC mode.|  
-|Set education policies    | True      | School-optimized settings are applied to the PCs so that they are appropriate for an educational environment. To see all recommended and enabled policies, see [Windows 10 configuration recommendation for education customers](./configure-windows-for-education.md).       |  
+|Enable Shared PC mode|True| Configures the PCs so they're in shared PC mode.|  
+|Set education policies    | True      | School-optimized settings are applied to the PCs so that they're appropriate for an educational environment. To see all recommended and enabled policies, see [Windows 10 configuration recommendation for education customers](./configure-windows-for-education.md).       |  
 |Account Model| Only guest, Domain-joined only, or Domain-joined and guest  |Controls how users can sign in on the PC. Configurable from the Set up School PCs app. Choosing domain-joined will enable any user in the domain to sign in. Specifying the guest option will add the Guest option to the sign-in screen and enable anonymous guest access to the PC. |  
-|Deletion policy  |   Delete at disk space threshold and inactive threshold     | Delete at disk space threshold will start deleting accounts when available disk space falls below the threshold you set for disk level deletion. It will stop deleting accounts when the available disk space reaches the threshold you set for disk level caching. Accounts are deleted in order of oldest accessed to most recently accessed. Also deletes accounts if they have not signed in within the number of days specified by inactive threshold policy.        |  
+|Deletion policy  |   Delete at disk space threshold and inactive threshold     | Delete at disk space threshold will start deleting accounts when available disk space falls below the threshold you set for disk level deletion. It will stop deleting accounts when the available disk space reaches the threshold you set for disk level caching. Accounts are deleted in order of oldest accessed to most recently accessed. Also deletes accounts if they haven't signed in within the number of days specified by inactive threshold policy.        |  
 |Disk level caching  |   50%     | Sets 50% of total disk space to be used as the disk space threshold for account caching.       |  
-|Disk level deletion    |   For shared device setup, 25%; for single device-student setup, 0%.   |  When your devices are optimized for shared use across multiple PCs, this policy sets 25% of total disk space to be used as the disk space threshold for account caching. When your devices are optimized for use by a single student, this policy sets the value to 0% and does not delete accounts.   |  
+|Disk level deletion    |   For shared device setup, 25%; for single device-student setup, 0%.   |  When your devices are optimized for shared use across multiple PCs, this policy sets 25% of total disk space to be used as the disk space threshold for account caching. When your devices are optimized for use by a single student, this policy sets the value to 0% and doesn't delete accounts.   |  
 |Enable account manager    |  True      |  Enables automatic account management.       |  
-|Inactive threshold| For shared device setup, 30 days; for single device-student setup, 180 days.| After 30 or 180 days, respectively, if an account has not signed in, it will be deleted.
+|Inactive threshold| For shared device setup, 30 days; for single device-student setup, 180 days.| After 30 or 180 days, respectively, if an account hasn't signed in, it will be deleted.
 |Kiosk Mode AMUID   | Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App  | Configures the kiosk account on student devices to only run the Take a Test secure assessment browser.    |  
 |Kiosk Mode User Tile Display Text | Take a Test | Displays "Take a Test" as the name of the kiosk account on student devices.     |  
-|Restrict local storage    |   For shared device setup, True; for single device-student setup, False.     |   When devices are optimized for shared use across multiple PCs, this policy forces students to save to the cloud to prevent data loss. When your devices are optimized for use by a single student, this policy does not prevent students from saving on the PCs local hard drive.  |  
+|Restrict local storage    |   For shared device setup, True; for single device-student setup, False.     |   When devices are optimized for shared use across multiple PCs, this policy forces students to save to the cloud to prevent data loss. When your devices are optimized for use by a single student, this policy doesn't prevent students from saving on the PCs local hard drive.  |  
 |Maintenance start time     | 0 - midnight       | The maintenance start time when automatic maintenance tasks, such as Windows Update, run on student devices.  |  
 |Max page file size in MB| 1024| Sets the maximum size of the paging file to 1024 MB. Applies only to systems with less than 32-GB storage and at least 3 GB of RAM.|  
 |Set power policies     |  True      |  Prevents users from changing power settings and turns off hibernate. Also overrides all power state transitions to sleep, such as lid close.       |  
@@ -67,12 +67,12 @@ For a more detailed look of each policy listed, see [Policy CSP](/windows/client
 |            Update power policy for cart restarts            |                                 1 - Configured                                 |                                            Skips all restart checks to ensure that the reboot will happen at the scheduled install time.                                            |
 | Select when Preview Builds and Feature Updates are received |                                    365 days                                    |                                         Defers Feature Updates for the specified number of days. When not specified, defaults to 365 days.                                          |
 |                   Allow all trusted apps                    |                                    Disabled                                    |                                                               Prevents untrusted apps from being installed to device                                                                |
-|                   Allow developer unlock                    |                                    Disabled                                    |                                                             Students cannot unlock the PC and use it in developer mode                                                              |
-|                        Allow Cortana                        |                                    Disabled                                    |                                                                        Cortana is not allowed on the device.                                                                        |
-|                Allow manual MDM unenrollment                |                                    Disabled                                    |                                                         Students cannot remove the mobile device manager from their device.                                                         |
-|                  Settings page visibility                   |                                    Enabled                                     |                                                Specific pages in the System Settings app are not visible or accessible to students.                                                 |
-|               Allow add provisioning package                |                                    Disabled                                    |                                                      Students cannot add and upload new provisioning packages to their device.                                                      |
-|              Allow remove provisioning package              |                                    Disabled                                    |                                      Students cannot remove packages that you've uploaded to their device, including the Set up School PCs app                                      |
+|                   Allow developer unlock                    |                                    Disabled                                    |                                                             Students can't unlock the PC and use it in developer mode                                                              |
+|                        Allow Cortana                        |                                    Disabled                                    |                                                                        Cortana isn't allowed on the device.                                                                        |
+|                Allow manual MDM unenrollment                |                                    Disabled                                    |                                                         Students can't remove the mobile device manager from their device.                                                         |
+|                  Settings page visibility                   |                                    Enabled                                     |                                                Specific pages in the System Settings app aren't visible or accessible to students.                                                 |
+|               Allow add provisioning package                |                                    Disabled                                    |                                                      Students can't add and upload new provisioning packages to their device.                                                      |
+|              Allow remove provisioning package              |                                    Disabled                                    |                                      Students can't remove packages that you've uploaded to their device, including the Set up School PCs app                                      |
 |                        Start Layout                         |                                    Enabled                                     |                                           Lets you specify the Start layout for users and prevents them from changing the configuration.                                            |
 |                     Import Edge Assets                      |                                    Enabled                                     | Import Microsoft Edge assets, such as PNG and JPG files, for secondary tiles on the Start layout. Tiles will appear as weblinks and will be tied to the relevant image asset files. |
 |                Allow pinned folder downloads                |    1 - The shortcut is visible and disables the setting in the Settings app    |                                                         Makes the Downloads shortcut on the Start menu visible to students.                                                         |
@@ -84,7 +84,7 @@ For a more detailed look of each policy listed, see [Policy CSP](/windows/client
 |                       Updates Windows                       |                                    Nightly                                     |                                                                     Sets Windows to update on a nightly basis.                                                                      |
 
 ## Apps uninstalled from Windows 10 devices
-Set up School PCs app uses the Universal app uninstall policy. This policy identifies default apps that are not relevant to the classroom experience, and uninstalls them from each device.  ALl apps uninstalled from Windows 10 devices include:  
+Set up School PCs app uses the Universal app uninstall policy. This policy identifies default apps that aren't relevant to the classroom experience, and uninstalls them from each device.  ALl apps uninstalled from Windows 10 devices include:  
 
 
 * Mixed Reality Viewer 
@@ -111,7 +111,7 @@ The time it takes to install a package on a device depends on the:
 
 * Strength of network connection 
 * Number of policies and apps within the package
-* Additional configurations made to the device  
+* Other configurations made to the device  
 
 Review the table below to estimate your expected provisioning time. A package that only applies Set Up School PC's default configurations will provision the fastest. A package that removes pre-installed apps, through CleanPC, will take much longer to provision.
 
diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index bcd978887a..de0bc50602 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -14,8 +14,8 @@ ms.reviewer:
 manager: dansimp
 ---
 
-What is Set up School PCs?
-=================================================
+# What is Set up School PCs?
+
 
 **Applies to:**
 
diff --git a/education/windows/set-up-students-pcs-to-join-domain.md b/education/windows/set-up-students-pcs-to-join-domain.md
index 22d45b09fc..cbad40867b 100644
--- a/education/windows/set-up-students-pcs-to-join-domain.md
+++ b/education/windows/set-up-students-pcs-to-join-domain.md
@@ -1,6 +1,6 @@
 ---
 title: Set up student PCs to join domain
-description: Learn how to use Configuration Designer to easily provision student devices to join Active Directory.
+description: Learn how to use Configuration Designer to provision student devices to join Active Directory.
 keywords: school, student PC setup, Windows Configuration Designer
 ms.prod: w10
 ms.mktglfcycl: plan
@@ -29,12 +29,12 @@ Follow the steps in [Provision PCs with common settings for initial deployment (
 1. In the **Account Management** step:
 
     > [!WARNING] 
-    > If you don't create a local administrator account and the device fails to enroll in Active Directory for any reason, you will have to reimage the device and start over. As a best practice, we recommend:
+    > If you don't create a local administrator account and the device fails to enroll in Active Directory for any reason, you'll have to reimage the device and start over. As a best practice, we recommend:
     >   - Use a least-privileged domain account to join the device to the domain.
     >   - Create a temporary administrator account to use for debugging or reprovisioning if the device fails to enroll successfully.
     >   - [Use Group Policy to delete the temporary administrator account](/archive/blogs/canitpro/group-policy-creating-a-standard-local-admin-account) after the device is enrolled in Active Directory.
 
-2. After you're done with the wizard, do not click **Create**. Instead, click the **Switch to advanced editor** to switch the project to the advanced editor to see all the available **Runtine settings**.
+2. After you're done with the wizard, don't click **Create**. Instead, click the **Switch to advanced editor** to switch the project to the advanced editor to see all the available **Runtime settings**.
 3. Find the **SharedPC** settings group.
     - Set **EnableSharedPCMode** to **TRUE** to configure the PC for shared use.
 4. (Optional) To configure the PC for secure testing, follow these steps.
@@ -43,7 +43,7 @@ Follow the steps in [Provision PCs with common settings for initial deployment (
 
       **Figure 7** - Add the account to use for test-taking
 
-      ![Add the account to use for test-taking](images/wcd_settings_assignedaccess.png)
+      ![Add the account to use for test-taking.](images/wcd_settings_assignedaccess.png)
 
       The account can be in one of the following formats:
       - username
@@ -58,7 +58,7 @@ Follow the steps in [Provision PCs with common settings for initial deployment (
 5. To configure other settings to make Windows education ready, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md) and follow the guidance on what settings you can set using Windows Configuration Designer.
 
 6. Follow the steps to [build a package](/windows/configuration/provisioning-packages/provisioning-create-package#build-package). 
-   - You will see the file path for your provisioning package. By default, this is set to %windir%\Users\*your_username\Windows Imaging and Configuration Designer (WICD)\*Project name). 
+   - You'll see the file path for your provisioning package. By default, this path is set to %windir%\Users\*your_username\Windows Imaging and Configuration Designer (WICD)\*Project name). 
    - Copy the provisioning package to a USB drive.
 
      > [!IMPORTANT]
diff --git a/education/windows/set-up-students-pcs-with-apps.md b/education/windows/set-up-students-pcs-with-apps.md
index 7d803777e5..30b657f9b6 100644
--- a/education/windows/set-up-students-pcs-with-apps.md
+++ b/education/windows/set-up-students-pcs-with-apps.md
@@ -35,7 +35,7 @@ You can apply a provisioning package on a USB drive to off-the-shelf devices dur
 2. 
 2. On the **Finish** page, select **Switch to advanced editor**.
 
-  ![Switch to advanced editor](images/icd-school-adv-edit.png)
+  ![Switch to advanced editor.](images/icd-school-adv-edit.png)
 
 **Next steps**
 - [Add a desktop app to your package](#add-a-desktop-app-to-your-package)
@@ -52,7 +52,7 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
 
 2. Click **Advanced provisioning**.
 
-  ![ICD start options](images/icdstart-option.png)  
+  ![ICD start options.](images/icdstart-option.png)  
   
 3. Name your project and click **Next**.
 
@@ -89,17 +89,17 @@ Universal apps that you can distribute in the provisioning package can be line-o
 
 2. For **DeviceContextApp**, specify the **PackageFamilyName** for the app. In Microsoft Store for Business, the package family name is listed in the **Package details** section of the download page.
 
-    ![details for offline app package](images/uwp-family.png)
+    ![details for offline app package.](images/uwp-family.png)
 
 3. For **ApplicationFile**, click **Browse** to find and select the target app (either an \*.appx or \*.appxbundle).
 
 4. For **DependencyAppxFiles**, click **Browse** to find and add any dependencies for the app. In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. 
 
-    ![required frameworks for offline app package](images/uwp-dependencies.png)
+    ![required frameworks for offline app package.](images/uwp-dependencies.png)
 
 5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. In Microsoft Store for Business, you generate the license for the app on the app's download page.
 
-    ![generate license for offline app](images/uwp-license.png)
+    ![generate license for offline app.](images/uwp-license.png)
 
 [Learn more about distributing offline apps from the Microsoft Store for Business.](/microsoft-store/distribute-offline-apps)
 
@@ -168,7 +168,7 @@ If your build is successful, the name of the provisioning package, output direct
 **During initial setup, from a USB drive**
 1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
 
-    ![The first screen to set up a new PC](images/oobe.jpg)
+    ![The first screen to set up a new PC.](images/oobe.jpg)
 
 2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
 
@@ -176,11 +176,11 @@ If your build is successful, the name of the provisioning package, output direct
 
 3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
 
-    ![Provision this device](images/prov.jpg)
+    ![Provision this device.](images/prov.jpg)
     
 4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**.
 
-    ![Choose a package](images/choose-package.png)
+    ![Choose a package.](images/choose-package.png)
 
 5. Select **Yes, add it**.
 
@@ -188,11 +188,11 @@ If your build is successful, the name of the provisioning package, output direct
     
 6. Read and accept the Microsoft Software License Terms.  
 
-    ![Sign in](images/license-terms.png)
+    ![Sign in.](images/license-terms.png)
     
 7. Select **Use Express settings**.
 
-    ![Get going fast](images/express-settings.png)
+    ![Get going fast.](images/express-settings.png)
 
 8. If the PC doesn't use a volume license, you'll see the **Who owns this PC?** screen. Select **My work or school owns it** and tap **Next**.
 
@@ -200,18 +200,18 @@ If your build is successful, the name of the provisioning package, output direct
 
 9. On the **Choose how you'll connect** screen, select **Join Azure AD** or **Join a domain** and tap **Next**.
 
-    ![Connect to Azure AD](images/connect-aad.png)
+    ![Connect to Azure AD.](images/connect-aad.png)
 
 10. Sign in with  your domain, Azure AD,  or Office 365 account and password. When you see the progress ring, you can remove the USB drive.
 
-    ![Sign in](images/sign-in-prov.png)
+    ![Sign in.](images/sign-in-prov.png)
 
     
 **After setup, from a USB drive, network folder, or SharePoint site**
 
 On a desktop computer, navigate to **Settings** > **Accounts** > **Work access** > **Add or remove a management package** > **Add a package**, and select the package to install. 
 
-![add a package option](images/package.png)
+![add a package option.](images/package.png)
 
 -->
 
@@ -223,5 +223,5 @@ On a desktop computer, navigate to **Settings** > **Accounts** > **Work ac
 
 -   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
+-   Watch the video: [Windows 10 for Mobile Devices: Provisioning Isn't Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
  
\ No newline at end of file
diff --git a/education/windows/set-up-windows-10.md b/education/windows/set-up-windows-10.md
index b401df97ef..e1acdf9f1d 100644
--- a/education/windows/set-up-windows-10.md
+++ b/education/windows/set-up-windows-10.md
@@ -27,7 +27,7 @@ Choose the tool that is appropriate for how your students will sign in (Active D
 
 You can use the following diagram to compare the tools.
 
-![Which tool to use to set up Windows 10](images/suspc_wcd_featureslist.png)
+![Which tool to use to set up Windows 10.](images/suspc_wcd_featureslist.png)
 
 
 ## In this section
diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md
index b20485075a..3e83e12653 100644
--- a/education/windows/take-a-test-app-technical.md
+++ b/education/windows/take-a-test-app-technical.md
@@ -23,13 +23,13 @@ manager: dansimp
 
 Take a Test is an app that locks down the PC and displays an online assessment web page.   
 
-Whether you are a teacher or IT administrator, you can easily configure Take a Test to meet your testing needs. For high-stakes tests, the app creates a browser-based, locked-down environment for more secure online assessments. This means that students taking the tests that don’t have copy/paste privileges, can’t access to files and applications, and are free from distractions. For simple tests and quizzes, Take a Test can be configured to use the teacher’s preferred assessment website to deliver digital assessments
+Whether you're a teacher or IT administrator, you can easily configure Take a Test to meet your testing needs. For high-stakes tests, the app creates a browser-based, locked-down environment for more secure online assessments. This environment means that students taking the tests that don’t have copy/paste privileges, can’t access to files and applications, and are free from distractions. For simple tests and quizzes, Take a Test can be configured to use the teacher’s preferred assessment website to deliver digital assessments
 
 Assessment vendors can use Take a Test as a platform to lock down the operating system. Take a Test supports the [SBAC browser API standard](https://www.smarterapp.org/documents/SecureBrowserRequirementsSpecifications_0-3.pdf) for high stakes common core testing. For more information, see [Take a Test Javascript API](/windows/uwp/apps-for-education/take-a-test-api).
 
 ## PC lockdown for assessment
 
- When the assessment page initiates lock down, the student’s desktop will be locked and the app will be launched above the Windows lock screen to provide a sandbox that ensures the student can only interact with the Take a Test app . After transitioning to the lock screen, Take a Test will apply local MDM policies to further lock down the device. The whole process of going above the lock screen and applying policies is what defines lockdown. The lockdown process is atomic, which means that if any part of the lockdown operation fails, the app will not be above lock and won't have any of the policies applied.  
+ When the assessment page initiates lock down, the student’s desktop will be locked and the app will be launched above the Windows lock screen to provide a sandbox that ensures the student can only interact with the Take a Test app . After transitioning to the lock screen, Take a Test will apply local MDM policies to further lock down the device. The whole process of going above the lock screen and applying policies is what defines lockdown. The lockdown process is atomic, which means that if any part of the lockdown operation fails, the app won't be above lock and won't have any of the policies applied.  
 
 When running above the lock screen:
 - The app runs full screen with no chrome 
@@ -49,19 +49,19 @@ When Take a Test is running, the following MDM policies are applied to lock down
 | AllowToasts | Disables toast notifications from being shown | 0 |
 | AllowAppStoreAutoUpdate | Disables automatic updates for Microsoft Store apps that are installed on the PC | 0 |
 | AllowDeviceDiscovery | Disables UI for screen sharing | 0 |
-| AllowInput Panel | Disables the onscreen keyboard which will disable auto-fill | 0 |
+| AllowInput Panel | Disables the onscreen keyboard, which will disable auto-fill | 0 |
 | AllowCortana | Disables Cortana functionality | 0 |
 | AllowAutoupdate | Disables Windows Update from starting OS updates | 5 |
 
 ## Group Policy
 
-To ensure Take a Test activates correctly, make sure the following Group Policy are not configured on the PC.
+To ensure Take a Test activates correctly, make sure the following Group Policy aren't configured on the PC.
 
 | Functionality | Group Policy path | Policy |
 | --- | --- | --- |
-| Require Ctrl+Alt+Del | Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options | Interactive logon: Do not Require CTRL+ALT+DEL |
+| Require Ctrl+Alt+Del | Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options | Interactive logon: Don't Require CTRL+ALT+DEL |
 | Disable lock screen notifications | Computer Configuration\Administrative Templates\System\Logon | Turn off app notifications on the lock screen |
-| Disable lock screen | Computer Configuration\Administrative Templates\Control Panel\Personalization | Do not display the lock screen |
+| Disable lock screen | Computer Configuration\Administrative Templates\Control Panel\Personalization | Don't display the lock screen |
 | Disable UAC | Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options | User Account Control: Run all administrators in Admin Approval Mode |
 | Disable local workstation | User Configuration\Administrative Templates\System\Ctrl+Alt+Del Options | Remove Lock Computer |
 
@@ -75,7 +75,7 @@ When Take a Test is running, the following functionality is available to student
 
     - Full screen mode is compatible  
 
-- The student can press Alt+Tab when locked down. This results in the student being able to switch between the following:
+- The student can press Alt+Tab when locked down. This key press results in the student being able to switch between the following elements:
 
     - Take a Test 
     - Assistive technology that may be running 
@@ -101,12 +101,10 @@ Starting with Windows 10, version 1709 (Fall Creators Update), assessments can n
 
 When permissive mode is triggered in lockdown mode, Take a Test transitions from lockdown mode to running windows mode on the user's desktop. The student can then run allowed apps during the test.
 
-When running tests in this mode, keep the following in mind:
-- Permissive mode is not supported in kiosk mode (dedicated test account).
+When running tests in this mode, keep the following points in mind:
+- Permissive mode isn't supported in kiosk mode (dedicated test account).
 - Permissive mode can be triggered from the web app running within Take a Test. Alternatively, you can create a link or shortcut without "#enforcelockdown" and it will launch in permissive mode.
 
-See [Secure Browser API Specification](https://github.com/SmarterApp/SB_BIRT/blob/master/irp/doc/req/SecureBrowserAPIspecification.md) for more info.
-
 ## Learn more
 
 [Take a Test API](/windows/uwp/apps-for-education/take-a-test-api)
\ No newline at end of file
diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md
index 3044c770e5..fe484ddf82 100644
--- a/education/windows/take-a-test-multiple-pcs.md
+++ b/education/windows/take-a-test-multiple-pcs.md
@@ -30,16 +30,16 @@ To configure a dedicated test account on multiple PCs, select any of the followi
 - [Configuration in Intune for Education](#set-up-a-test-account-in-intune-for-education)
 - [Mobile device management (MDM) or Microsoft Endpoint Configuration Manager](#set-up-a-test-account-in-mdm-or-configuration-manager)
 - [Provisioning package created through Windows Configuration Designer](#set-up-a-test-account-through-windows-configuration-designer)
-- [Group Policy to deploy a scheduled task that runs a Powershell script](#create-a-scheduled-task-in-group-policy) 
+- [Group Policy to deploy a scheduled task that runs a PowerShell script](#create-a-scheduled-task-in-group-policy) 
 
 ### Set up a test account in the Set up School PCs app 
 If you want to set up a test account using the Set up School PCs app, configure the settings in the **Set up the Take a Test app** page in the Set up School PCs app. Follow the instructions in [Use the Set up School PCs app](use-set-up-school-pcs-app.md) to configure the test-taking account and create a provisioning package. 
 
-If you set up Take a Test, this adds a **Take a Test** button on the student PC's sign-in screen. Windows will also lock down the student PC so that students can't access anything else while taking the test.
+If you set up Take a Test, the **Take a Test** button is added on the student PC's sign-in screen. Windows will also lock down the student PC so that students can't access anything else while taking the test.
 
 **Figure 1** - Configure Take a Test in the Set up School PCs app
 
-![Configure Take a Test in the Set up School PCs app](images/suspc_choosesettings_setuptakeatest.png)
+![Configure Take a Test in the Set up School PCs app.](images/suspc_choosesettings_setuptakeatest.png)
 
 ### Set up a test account in Intune for Education
 You can set up a test-taking account in Intune for Education. To do this, follow these steps:
@@ -49,7 +49,7 @@ You can set up a test-taking account in Intune for Education. To do this, follow
 
     **Figure 2** - Add a test profile in Intune for Education
 
-    ![Add a test profile in Intune for Education](images/i4e_takeatestprofile_addnewprofile.png)
+    ![Add a test profile in Intune for Education.](images/i4e_takeatestprofile_addnewprofile.png)
 
 3. In the new profile page:
    1. Enter a name for the profile.
@@ -60,21 +60,21 @@ You can set up a test-taking account in Intune for Education. To do this, follow
 
       **Figure 3** - Add information about the test profile
 
-      ![Add information about the test profile](images/i4e_takeatestprofile_newtestaccount.png)
+      ![Add information about the test profile.](images/i4e_takeatestprofile_newtestaccount.png)
 
-      After you save the test profile, you will see a summary of the settings that you configured for Take a Test. Next, you'll need to assign the test profile to a group that will be using the test account.
+      After you save the test profile, you'll see a summary of the settings that you configured for Take a Test. Next, you'll need to assign the test profile to a group that will be using the test account.
     
 4. In the test account page, click **Groups**.
 
    **Figure 4** - Assign the test account to a group
 
-   ![Assign the test account to a group](images/i4e_takeatestprofile_accountsummary.png)
+   ![Assign the test account to a group.](images/i4e_takeatestprofile_accountsummary.png)
 
 5. In the **Groups** page, click **Change group assignments**.
 
     **Figure 5** - Change group assignments
 
-    ![Change group assignments](images/i4e_takeatestprofile_groups_changegroupassignments.png)
+    ![Change group assignments.](images/i4e_takeatestprofile_groups_changegroupassignments.png)
 
 6. In the **Change group assignments** page:
    1. Select a group from the right column and click **Add Members** to select the group and assign the test-taking account to that group. You can select more than one group. 
@@ -82,7 +82,7 @@ You can set up a test-taking account in Intune for Education. To do this, follow
 
       **Figure 6** - Select the group(s) that will use the test account
 
-      ![Select the groups that will use the test account](images/i4e_takeatestprofile_groupassignment_selected.png)
+      ![Select the groups that will use the test account.](images/i4e_takeatestprofile_groupassignment_selected.png)
 
 And that's it! When the students from the selected group sign in to the student PCs using the Take a Test user name that you selected, the PC will be locked down and Take a Test will open the assessment URL and students can start taking tests.
 
@@ -130,13 +130,13 @@ To set up a test account through Windows Configuration Designer, follow these st
 
 1. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
 2. Create a provisioning package by following the steps in [Provision PCs with common settings for initial deployment (desktop wizard)](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment). However, make a note of these other settings to customize the test account.
-   1. After you're done with the wizard, do not click **Create**. Instead, click the **Switch to advanced editor** to switch the project to the advanced editor to see all the available **Runtime settings**.
+   1. After you're done with the wizard, don't click **Create**. Instead, click the **Switch to advanced editor** to switch the project to the advanced editor to see all the available **Runtime settings**.
    2. Under **Runtime settings**, go to **AssignedAccess > AssignedAccessSettings**.
    3. Enter **{"Account":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}**, using the account that you want to set up.
 
       **Figure 7** - Add the account to use for test-taking
 
-      ![Add the account to use for test-taking](images/wcd_settings_assignedaccess.png)
+      ![Add the account to use for test-taking.](images/wcd_settings_assignedaccess.png)
 
       The account can be in one of the following formats:
       - username
@@ -150,13 +150,13 @@ To set up a test account through Windows Configuration Designer, follow these st
 
 3. Follow the steps to [build a package](/windows/configuration/provisioning-packages/provisioning-create-package#build-package). 
 
-   - You will see the file path for your provisioning package. By default, this is set to %windir%\Users\*your_username\Windows Imaging and Configuration Designer (WICD)\*Project name). 
+   - You'll see the file path for your provisioning package. By default, this is set to %windir%\Users\*your_username\Windows Imaging and Configuration Designer (WICD)\*Project name). 
    - Copy the provisioning package to a USB drive.
 
 4. Follow the steps in [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) to apply the package that you created.
 
 ### Set up a tester account in Group Policy
-To set up a tester account using Group Policy, first create a Powershell script that configures the tester account and assessment URL, and then create a scheduled task to run the script.
+To set up a tester account using Group Policy, first create a PowerShell script that configures the tester account and assessment URL, and then create a scheduled task to run the script.
 
 #### Create a PowerShell script
 This sample PowerShell script configures the tester account and the assessment URL. Edit the sample to:
@@ -209,9 +209,9 @@ Anything hosted on the web can be presented in a locked down manner, not just as
 1. Create the link to the test using schema activation.
    - Create a link using a web UI
 
-     For this option, you can just copy the assessment URL, select the options you want to allow during the test, and click a button to create the link. We recommend this for option for teachers.
+     For this option, you can just copy the assessment URL, select the options you want to allow during the test, and click a button to create the link. We recommend this option for teachers.
 
-     To get started, go here: [Create a link using a web UI](https://aka.ms/create-a-take-a-test-link).
+     To get started, navigate to: [Create a link using a web UI](https://aka.ms/create-a-take-a-test-link).
 
    - Create a link using schema activation
 
@@ -245,17 +245,17 @@ One of the ways you can present content in a locked down manner is by embedding
 
    If you exclude these parameters, the default behavior is disabled.
 
-   For tests that utilizes the Windows lockdown API, which checks for running processes before locking down, remove `enforceLockdown`. Removing `enforceLockdown` will result in the app not locking down immediately, which allows you to close apps that are not allowed to run during lockdown. The test web application may lock down the device once you have closed the apps.
+   For tests that utilize the Windows lockdown API, which checks for running processes before locking down, remove `enforceLockdown`. Removing `enforceLockdown` will result in the app not locking down immediately, which allows you to close apps that aren't allowed to run during lockdown. The test web application may lock down the device once you've closed the apps.
 
     > [!NOTE] 
     > The Windows 10, version 1607 legacy configuration, `ms-edu-secureassessment:!enforcelockdown` is still supported, but not in combination with the new parameters.
 
-3. To enable permissive mode, do not include `enforceLockdown` in the schema parameters.
+3. To enable permissive mode, don't include `enforceLockdown` in the schema parameters.
 
-   See [Permissive mode](take-a-test-app-technical.md#permissive-mode) and [Secure Browser API Specification](https://github.com/SmarterApp/SB_BIRT/blob/master/irp/doc/req/SecureBrowserAPIspecification.md) for more info.
+   For more information, see [Permissive mode](take-a-test-app-technical.md#permissive-mode).
 
 ### Create a shortcut for the test link
-You can also distribute the test link by creating a shortcut. To do this, create the link to the test by either using the [web UI](https://aka.ms/create-a-take-a-test-link) or using [schema activation](#create-a-link-using-schema-activation). After you have the link, follow these steps:
+You can also distribute the test link by creating a shortcut. To create the shortcut, create the link to the test by either using the [web UI](https://aka.ms/create-a-take-a-test-link) or using [schema activation](#create-a-link-using-schema-activation). After you have the link, follow these steps:
 
 1. On a device running Windows, right-click on the desktop and then select **New > Shortcut**.
 2. In the **Create Shortcut** window, paste the assessment URL in the field under **Type the location of the item**.
diff --git a/education/windows/take-a-test-single-pc.md b/education/windows/take-a-test-single-pc.md
index 1286a5aec8..1ebd02e090 100644
--- a/education/windows/take-a-test-single-pc.md
+++ b/education/windows/take-a-test-single-pc.md
@@ -30,13 +30,13 @@ To configure the assessment URL and a dedicated testing account on a single PC,
 
    **Figure 1** - Use the Settings app to set up a test-taking account
 
-   ![Use the Settings app to set up a test-taking account](images/tat_settingsapp_workorschoolaccess_setuptestaccount.png)
+   ![Use the Settings app to set up a test-taking account.](images/tat_settingsapp_workorschoolaccess_setuptestaccount.png)
 
 4. In the **Set up an account for taking tests** window, choose an existing account to use as the dedicated testing account.
 
    **Figure 2** - Choose the test-taking account
 
-   ![Choose the test-taking account](images/tat_settingsapp_setuptesttakingaccount_1703.png) 
+   ![Choose the test-taking account.](images/tat_settingsapp_setuptesttakingaccount_1703.png) 
 
     > [!NOTE]  
     > If you don't have an account on the device, you can create a new account. To do this, go to **Settings > Accounts > Other people > Add someone else to this PC > I don’t have this person’s sign-in information > Add a user without a Microsoft account**.
@@ -113,7 +113,7 @@ One of the ways you can present content in a locked down manner is by embedding
 
 3. To enable permissive mode, do not include `enforceLockdown` in the schema parameters.
 
-   See [Permissive mode](take-a-test-app-technical.md#permissive-mode) and [Secure Browser API Specification](https://github.com/SmarterApp/SB_BIRT/blob/master/irp/doc/req/SecureBrowserAPIspecification.md) for more info.
+   For more information, see [Permissive mode](take-a-test-app-technical.md#permissive-mode).
 
 
 ### Create a shortcut for the test link
diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md
index 7e016c22c0..50853a9e67 100644
--- a/education/windows/take-tests-in-windows-10.md
+++ b/education/windows/take-tests-in-windows-10.md
@@ -32,7 +32,7 @@ Many schools use online testing for formative and summative assessments. It's cr
 
 ## How to use Take a Test
 
-![Set up and user flow for the Take a Test app](images/take_a_test_flow_dark.png)
+![Set up and user flow for the Take a Test app.](images/take_a_test_flow_dark.png)
 
 There are several ways to configure devices for assessments, depending on your use case:
 
@@ -74,5 +74,5 @@ To exit the Take a Test app at any time, press Ctrl+Alt+Delete.
 
 
 ## Get more info
-- Teachers can use Microsoft Forms to create tests. See [Create tests using Microsoft Forms](https://support.microsoft.com/help/4000711/windows-10-create-tests-using-microsoft-forms) to find out how.
+- Teachers can use Microsoft Forms to create tests. See [Create tests using Microsoft Forms](https://support.microsoft.com/office/create-a-quiz-with-microsoft-forms-a082a018-24a1-48c1-b176-4b3616cdc83d) to find out how.
 - To learn more about the policies and settings set by the Take a Test app, see [Take a Test app technical reference](take-a-test-app-technical.md).
diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md
index 136499ee4c..8d9850ce64 100644
--- a/education/windows/teacher-get-minecraft.md
+++ b/education/windows/teacher-get-minecraft.md
@@ -29,7 +29,7 @@ To get started, go to https://education.minecraft.net/ and select **GET STARTED*
 
 ## Try Minecraft: Education Edition for Free 
 
-Minecraft: Education Edition is available for anyone to try for free! The free trial is fully-functional but limited by the number of logins (25 for teachers and 10 for students) before a paid license will be required to continue playing.
+Minecraft: Education Edition is available for anyone to try for free! The free trial is fully functional but limited by the number of logins (25 for teachers and 10 for students) before a paid license will be required to continue playing.
 
 To learn more and get started, go to https://education.minecraft.net/ and select **GET STARTED**.
 
@@ -47,7 +47,7 @@ As a teacher, you may purchase subscription licenses for you and your students d
 
 You can purchase individual Minecraft: Education Edition subscriptions for you and other teachers and students directly in the Microsoft Store for Education.
 
-To purchase individual Minecraft: Education Edition subscriptions (i.e. direct purchase):
+To purchase individual Minecraft: Education Edition subscriptions (that is, direct purchase):
 
 1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your Office 365 account.
 2. Click on [Minecraft: Education Edition](https://educationstore.microsoft.com/en-us/store/details/minecraft-education-edition/9nblggh4r2r6) (or use Search the Store to find it)
@@ -65,7 +65,7 @@ After Minecraft: Education Edition licenses have been purchased, either directly
 - You can assign the app to others.  
 - You can download the app to distribute. 
 
-
+
 
 ### Install for me
 You can install the app on your PC. This gives you a chance to work with the app before using it with your students.   
@@ -73,7 +73,7 @@ You can install the app on your PC. This gives you a chance to work with the app
 1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com). 
 2. Click **Manage**, and then click **Install**.
 
-    
+    
 
 3. Click **Install**. 
 
@@ -84,13 +84,13 @@ Enter email addresses for your students, and each student will get an email with
 1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com). 
 2. Click **Manage**.
 
-    
+    
 
 3. Click **Invite people**.
     
 4. Type the name, or email address of the student or group you want to assign the app to, and then click **Assign**.
 
-   ![Assign to people showing student name](images/minecraft-assign-to-people-name.png)
+   ![Assign to people showing student name.](images/minecraft-assign-to-people-name.png)
    
    You can assign the app to students with work or school accounts. 
                    
    If you don't find the student, you can still assign the app to them if self-service sign up is supported for your domain. Students will receive an email with a link to Microsoft 365 admin center where they can create an account, and then install **Minecraft: Education Edition**. Questions about self-service sign up? Check with your admin. 
@@ -100,23 +100,23 @@ Enter email addresses for your students, and each student will get an email with
 
 Students will receive an email with a link that will install the app on their PC.
 
-![Email with Get the app link](images/minecraft-student-install-email.png)
+![Email with Get the app link.](images/minecraft-student-install-email.png)
 
 1. Click **Get the app** to start the app install in Microsoft Store app. 
 2. In Microsoft Store app, click **Install**. 
 
-     ![Microsoft Store app with Minecraft page](images/minecraft-in-windows-store-app.png)
+     ![Microsoft Store app with Minecraft page.](images/minecraft-in-windows-store-app.png)
 
       After installing the app, students can find Minecraft: Education Edition in Microsoft Store app under **My Library**.
 
-    ![Microsoft Store app showing access to My Library](images/minecraft-private-store.png) 
+    ![Microsoft Store app directing the navigation to My Library.](images/minecraft-private-store.png) 
 
       When students click **My Library** they'll find apps assigned to them.
 
-    ![My Library for example student](images/minecraft-my-library.png)  
+    ![My Library for example student.](images/minecraft-my-library.png)  
 
 ### Download for others
-Download for others allows teachers or IT admins to download a packages that they can install on student PCs. This will install Minecraft: Education Edition on the PC, and allows anyone with a Windows account to use the app on that PC. This option is best for students, and for shared computers. Choose this option when:
+Download for others allows teachers or IT admins to download packages that they can install on student PCs. This option will install Minecraft: Education Edition on the PC, and allows anyone with a Windows account to use the app on that PC. This option is best for students, and for shared computers. Choose this option when:
 - You have administrative permissions to install apps on the PC. 
 - You want to install this app on each of your student's Windows 10 (at least version 1511) PCs. 
 - Your students share Windows 10 computers, but sign in with their own Windows account. 
@@ -126,17 +126,17 @@ Download for others allows teachers or IT admins to download a packages that the
 - Windows 10 (at least version 1511) is required for PCs running Minecraft: Education Edition.
 
 #### Check for updates
-Minecraft: Education Edition will not install if there are updates pending for other apps on the PC. Before installing Minecraft, check to see if there are pending updates for Microsoft Store apps. 
+Minecraft: Education Edition won't install if there are updates pending for other apps on the PC. Before installing Minecraft, check to see if there are pending updates for Microsoft Store apps. 
 
 **To check for app updates**
 1. Start Microsoft Store app on the PC (click **Start**, and type **Store**).
 2. Click the account button, and then click **Downloads and updates**.
 
-      ![Microsoft Store app showing access to My Library](images/minecraft-private-store.png)
+      ![Microsoft Store app displaying the navigation to the My Library option.](images/minecraft-private-store.png)
       
 3. Click **Check for updates**, and install all available updates. 
 
-      ![Microsoft Store app showing access to My Library](images/mc-check-for-updates.png)
+      ![Microsoft Store app directing the navigation to the My Library submenu item.](images/mc-check-for-updates.png)
       
 4. Restart the computer before installing Minecraft: Education Edition. 
    
@@ -145,9 +145,9 @@ You'll download a .zip file, extract the files, and then use one of the files to
 
 1. **Download Minecraft Education Edition.zip**. From the **Minecraft: Education Edition** page, click **Download for others** tab, and then click **Download**.
 
-    ![Microsoft Store app showing access to My Library](images/mc-dnld-others-teacher.png)
+    ![Microsoft Store app depicting the navigation path to the My Library option.](images/mc-dnld-others-teacher.png)
  
-2. **Extract files**. Find the .zip file that you downloaded and extract the files. This is usually your **Downloads** folder, unless you chose to save the .zip file to a different location. Right-click the file and choose **Extract all**.
+2. **Extract files**. Find the .zip file that you downloaded and extract the files. This downloaded location is usually your **Downloads** folder, unless you chose to save the .zip file to a different location. Right-click the file and choose **Extract all**.
 3. **Save to USB drive**. After you've extracted the files, save the Minecraft: Education Edition folder to a USB drive, or to a network location that you can access from each PC.  
 4. **Install app**. Use the USB drive to copy the Minecraft folder to each Windows 10 PC where you want to install Minecraft: Education Edition. Open Minecraft: Education Edition folder, right-click **InstallMinecraftEducationEdition.bat** and click **Run as administrator**. 
 5. **Quick check**. The install program checks the PC to make sure it can run Minecraft: Education Edition. If your PC passes this test, the app will automatically install.
@@ -163,10 +163,10 @@ If you ran **InstallMinecraftEducationEdition.bat** and Minecraft: Education Edi
 | App won't install. | AppLocker is configured and preventing app installs.  |      Contact IT Admin.  | 
 | App won't install. | Policy prevents users from installing apps on the PC. |  Contact IT Admin. | 
 | Script starts, but stops quickly. | Policy prevents scripts from running on the PC.  | Contact IT Admin. |
-| App isn't available for other users. | No restart after install. If you don't restart the PC, and just switch users the app will not be available.| Restart PC. 
                     Run **InstallMinecraftEducationEdition.bat** again. 
                     If a restart doesn't work, contact your IT Admin.  | 
+| App isn't available for other users. | No restart after install. If you don't restart the PC, and just switch users the app won't be available.| Restart PC. 
                     Run **InstallMinecraftEducationEdition.bat** again. 
                     If a restart doesn't work, contact your IT Admin.  | 
 
 
-If you are still having trouble installing the app, you can get more help on our [Support page](https://go.microsoft.com/fwlink/?LinkID=799757). 
+If you're still having trouble installing the app, you can get more help on our [Support page](https://go.microsoft.com/fwlink/?LinkID=799757). 
 
 ## Related topics
 
diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md
index d313477bd1..87443100ce 100644
--- a/education/windows/test-windows10s-for-edu.md
+++ b/education/windows/test-windows10s-for-edu.md
@@ -19,23 +19,23 @@ manager: dansimp
 **Applies to:**
 - Devices running Windows 10, version 1709: Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, Windows 10 Enterprise
 
-The Windows 10 in S mode self-installer will allow you to test Windows 10 in S mode on a variety of individual Windows 10 devices (except Windows 10 Home) with a genuine, activated license[1](#footnote1). Please test Windows 10 in S mode on a variety of devices in your school and share your feedback with us.
+The Windows 10 in S mode self-installer will allow you to test Windows 10 in S mode on various individual Windows 10 devices (except Windows 10 Home) with a genuine, activated license[1](#footnote1). Test Windows 10 in S mode on various devices in your school and share your feedback with us.
 
 Windows 10 in S mode is built to give schools the familiar, robust, and productive experiences you count on from Windows in an experience that's been streamlined for security and performance in the classroom, and built to work with Microsoft Education[2](#footnote2).
 
-Windows 10 in S mode is different from other editions of Windows 10 as everything that runs on the device is verified by Microsoft for security and performance. Therefore, Windows 10 in S mode works exclusively with apps from the Microsoft Store. Some accessories and apps compatible with Windows 10 may not work and performance may vary. Certain default settings, features, and apps cannot be changed. When you install Windows 10 in S mode, your existing applications and settings will be deleted and you will only be able to install apps from the Microsoft Store.
+Windows 10 in S mode is different from other editions of Windows 10 as everything that runs on the device is verified by Microsoft for security and performance. Therefore, Windows 10 in S mode works exclusively with apps from the Microsoft Store. Some accessories and apps compatible with Windows 10 may not work and performance may vary. Certain default settings, features, and apps can't be changed. When you install Windows 10 in S mode, your existing applications and settings will be deleted and you'll only be able to install apps from the Microsoft Store.
 
-**Configuring Windows 10 in S mode for school use is easy:** Education customers must configure **SetEduPolicies** for use in K-12 schools. For more information on how to do these, see [Use the Set up School PCs app](use-set-up-school-pcs-app.md) and [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md). 
+**Configuring Windows 10 in S mode for school use is easy:** Education customers must configure **SetEduPolicies** for use in K-12 schools. For more information on how to do these configurations, see [Use the Set up School PCs app](use-set-up-school-pcs-app.md) and [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md). 
 
 **Installing Office 365 for Windows 10 in S mode (Education preview)**: To install the Office applications in a school environment, you must use the free Set up School PCs app, which is available on the Microsoft Store for Education and from the Microsoft Store. 
 
-As we finalize development of Office 365 for Windows 10 in S mode (Education preview), the applications will be updated automatically. You must have an Office license to activate the applications once they are installed.To learn more about Office 365 for Education plans, see [FAQ: Office on Windows 10 in S mode](https://support.office.com/article/717193b5-ff9f-4388-84c0-277ddf07fe3f).
+As we finalize development of Office 365 for Windows 10 in S mode (Education preview), the applications will be updated automatically. You must have an Office license to activate the applications once they're installed.To learn more about Office 365 for Education plans, see [FAQ: Office on Windows 10 in S mode](https://support.office.com/article/717193b5-ff9f-4388-84c0-277ddf07fe3f).
 
 ## Before you install Windows 10 in S mode
 
 ### Important information
 
-Before you install Windows 10 in S mode, be aware that non-Microsoft Store apps will not work, peripherals that require custom drivers may not work, and other errors may occur. In particular, this release of Windows 10 in S mode:
+Before you install Windows 10 in S mode, be aware that non-Microsoft Store apps won't work, peripherals that require custom drivers may not work, and other errors may occur. In particular, this release of Windows 10 in S mode:
 * Is intended for education customers to test compatibility with existing hardware
 * May not work with some device drivers, which may not yet be ready for Windows 10 in S mode and may cause some loss in functionality
 * May not be compatible with all peripherals that require custom drivers and, even if compatible, may cause aspects of the peripheral to not function
@@ -44,7 +44,7 @@ Before you install Windows 10 in S mode, be aware that non-Microsoft Store apps
     > [!WARNING]
     > You can install Windows 10 in S mode on devices running other editions of Windows 10. For more information, see [Supported devices](#supported-devices). However, we don't recommend installing Windows 10 in S mode on Windows 10 Home devices as you won't be able to activate it.
 
-* Will not run current Win32 software and might result in the loss of any data associated with that software, which might include software already purchased
+* Won't run current Win32 software and might result in the loss of any data associated with that software, which might include software already purchased
 
 Due to these reasons, we recommend that you use the installation tool and avoid doing a clean install from an ISO media.
 
@@ -55,11 +55,11 @@ Before you install Windows 10 in S mode on your existing Windows 10 Pro, Windows
 
 * Install the latest Windows Update.
 
-    To do this, go to **Settings > Update & security > Windows Update**.
+    To do this task, go to **Settings > Update & security > Windows Update**.
 
 * Create a system backup in case you would like to return to your previously installed version of Windows 10 after trying Windows 10 in S mode.
 
-    See [Create a recovery drive](#create-a-recovery-drive) for information on how to do this.
+  For more information on how to create the system backup, see [Create a recovery drive](#create-a-recovery-drive).
 
 ## Supported devices
 
@@ -69,7 +69,7 @@ The Windows 10 in S mode install will install and activate on the following edit
 * Windows 10 Education
 * Windows 10 Enterprise
 
-Other Windows 10 editions cannot be activated and are not supported. If your device is not running one of these supported Windows 10 editions, do not proceed with using the Windows 10 in S mode installer. Windows 10 N editions and running in virtual machines are not supported by the Windows 10 in S mode installer. 
+Other Windows 10 editions can't be activated and aren't supported. If your device isn't running one of these supported Windows 10 editions, don't proceed with using the Windows 10 in S mode installer. Windows 10-N editions and running in virtual machines aren't supported by the Windows 10 in S mode installer. 
 
 ### Preparing your device to install drivers
 
@@ -79,7 +79,7 @@ Make sure all drivers are installed and working properly on your device running
 
 Check with your device manufacturer before trying Windows 10 in S mode on your device to see if the drivers are available and supported by the device manufacturer. 
 
-|   |   |   |
+|    |    |    |
 | - | - | - |
 | Acer | Alldocube | American Future Tech | 
 | ASBISC | Asus | Atec | 
@@ -109,23 +109,23 @@ Back up all your data before installing Windows 10 in S mode. Only personal file
 
 ## Domain join
 
-Windows 10 in S mode does not support non-Azure Active Directory domain accounts. Before installing Windows 10 in S mode, you must have at least one of these administrator accounts:
+Windows 10 in S mode doesn't support non-Azure Active Directory domain accounts. Before installing Windows 10 in S mode, you must have at least one of these administrator accounts:
 - Local administrator
 - Microsoft Account (MSA) administrator
 - Azure Active Directory administrator 
 
 > [!WARNING]
-> If you don't have one of these administrator accounts accessible before migration, you will not be able to log in to your device after migrating to Windows 10 in S mode. 
+> If you don't have one of these administrator accounts accessible before migration, you'll not be able to log in to your device after migrating to Windows 10 in S mode. 
 
 We recommend [creating a recovery drive](#create-a-recovery-drive) before migrating to Windows 10 in S mode in case you run into this issue.
 
 ## Installing Office applications
 
-After installing Windows 10 in S mode, use the free [Set up School PCs app](use-set-up-school-pcs-app.md) to install Office 365 for Windows 10 in S mode (Education preview). You must have an Office license to activate the applications once they are installed.
+After installing Windows 10 in S mode, use the free [Set up School PCs app](use-set-up-school-pcs-app.md) to install Office 365 for Windows 10 in S mode (Education preview). You must have an Office license to activate the applications once they're installed.
 
 ## Switch to previously installed Windows 10 editions
 
-If Windows 10 in S mode is not right for you, you can switch to the Windows 10 edition previously installed on your device(s).
+If Windows 10 in S mode isn't right for you, you can switch to the Windows 10 edition previously installed on your device(s).
 * Education customers can switch devices to Windows 10 Pro Education using the Microsoft Store for Education. For more information, see [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 in S mode](change-to-pro-education.md).
 * If you try Windows 10 in S mode and decide to switch back to the previously installed edition within 10 days, you can go back to the previously installed edition using the Windows Recovery option in Settings. For more info, see [Go back to your previous edition of Windows 10](#go-back-to-your-previous-edition-of-windows-10).
 
@@ -140,21 +140,21 @@ To create a recovery drive, follow these steps.
 2. In the **Recovery drive** tool, make sure **Back up system files to the recovery drive** is selected and then click **Next**.
 3. Connect a USB drive to your PC, select it, and then select **Next > Create**. 
 
-    A lot of files need to be copied to the recovery drive so this might take a while.
+    Many files need to be copied to the recovery drive; so this process might take a while.
 
 4. When it's done, you might see a **Delete the recovery partition from your PC** link on the final screen. If you want to free up drive space on your PC, select the link and then select **Delete**. If not, select **Finish**.
 
 ### Go back to your previous edition of Windows 10
 
-Alternatively, for a period of 10 days after you install Windows 10 in S mode, you have the option to go back to your previous edition of Windows 10 from **Settings > Update & security > Recovery**. This will keep your personal files, but it will remove installed apps as well as any changes you made to **Settings**.
+Alternatively, for 10 days after you install Windows 10 in S mode, you've the option to go back to your previous edition of Windows 10 from **Settings > Update & security > Recovery**. This revert operation will keep your personal files, but it will remove installed apps and any changes you made to **Settings**.
 
 To go back, you need to:
 * Keep everything in the windows.old and $windows.~bt folders after the upgrade.
 * Remove any user accounts you added after the upgrade.
 
-If going back is not available:
-* Check if you can restore your PC to factory settings. This will reinstall the version of Windows that came with your PC and remove personal files, apps, and drivers you installed and any changes you made to **Settings**. Go to **Settings > Update & security > Recovery > Reset this PC > Get started** and look for **Restore factory settings**.
-* If you have a product key for your previous version of Windows, use the media creation tool to create installation media of your previous Windows 10 edition and use it to do a clean install.
+If going back isn't available:
+* Check if you can restore your PC to factory settings. This restoration will reinstall the version of Windows that came with your PC and remove personal files, apps, and drivers you installed and any changes you made to **Settings**. Go to **Settings > Update & security > Recovery > Reset this PC > Get started** and look for **Restore factory settings**.
+* If you've a product key for your previous version of Windows, use the media creation tool to create installation media of your previous Windows 10 edition and use it to do a clean install.
 
 After going back to your previous edition of Windows 10, you may receive the following message when launching Win32 apps:
 
@@ -162,7 +162,7 @@ After going back to your previous edition of Windows 10, you may receive the fol
 
 If you see this message, follow these steps to stop receiving the message:
 
-1. If you have BitLocker enabled, disable it first in the Control Panel. Go to **Manage BitLocker** and select **Turn off BitLocker**.
+1. If you've BitLocker enabled, disable it first in the Control Panel. Go to **Manage BitLocker** and select **Turn off BitLocker**.
 2. Open Windows **Settings** and go to **Update & security > Recovery**.
 3. In the **Recovery** page, find **Advanced startup** and select **Restart now** to start your PC.
 4. After restarting, in the **Choose an option** page, select **Troubleshoot**.
@@ -171,7 +171,7 @@ If you see this message, follow these steps to stop receiving the message:
 7. Once you've accessed UEFI, look for the menu item labeled **Security** or **Security Settings** and navigate to it.
 8. Look for an option called **Secure boot configuration**, **Secure boot**, or **UEFI Boot**. If you can't find one of these options, check the **Boot** menu.
 9. Disable the secure boot/UEFI boot option.
-10. Save your settings and then exit UEFI. This will restart your PC.
+10. Save your settings and then exit UEFI. This exit action will restart your PC.
 11. After Windows is done booting up, confirm that you no longer see the message. 
 
     > [!NOTE]
@@ -195,7 +195,7 @@ To use an installation media to reinstall Windows 10, follow these steps.
     If you're not seeing the setup screen, your PC might not be set up to boot from a drive. Check your PC manufacturer's website for information on how to change your PC's boot order, and then try again.
 
 8. Select **Install now**.
-9. On the **Enter the product key to active Windows** page, enter a product key if you have one. If you upgraded to Windows 10 for free, or bought and activated Windows 10 from the Microsoft Store, select **Skip** and Windows will automatically activate later. For more information, see [Activation in Windows 10](https://support.microsoft.com/help/12440/windows-10-activation).
+9. On the **Enter the product key to active Windows** page, enter a product key if you've one. If you upgraded to Windows 10 for free, or bought and activated Windows 10 from the Microsoft Store, select **Skip** and Windows will automatically activate later. For more information, see [Activation in Windows 10](https://support.microsoft.com/help/12440/windows-10-activation).
 10. On the **License terms** page, select **I accept the license terms** if you agree, and then select **Next**.
 11. On the **Which type of installation do you want?** page, select **Custom**.
 12. On the **where do you want to install Windows?** page, select a partition, select a formatting option (if necessary), and then follow the instructions.
@@ -213,16 +213,16 @@ When you're ready, you can download the Windows 10 in S mode installer by clicki
 After you install Windows 10 in S mode, the OS defaults to the English version. To change the UI and show the localized UI, go to **Settings > Time & language > Region & language >** in **Languages** select **Add a language** to add a new language or select an existing language and set it as the default.
 
 ## Terms and Conditions
-Because you’re installing Windows 10 in S mode on a running version of Windows 10, you have already accepted the Windows 10 Terms and Conditions. You are not required to accept it again and the Windows 10 installer doesn’t show a Terms and Conditions page during installation.
+Because you’re installing Windows 10 in S mode on a running version of Windows 10, you've already accepted the Windows 10 Terms and Conditions. you'ren't required to accept it again and the Windows 10 installer doesn’t show a Terms and Conditions page during installation.
 
 ## Support 
-Thank you for testing Windows 10 in S mode. Your best experience will be running on a supported device as mentioned above. However, we invite you to try Windows 10 in S mode on existing devices with an eligible operating system. If you are having difficulty installing or running Windows 10 in S mode, use the Windows **Feedback Hub** to report your experience to Microsoft. This is the best way to help improve Windows 10 in S mode with your feedback. 
+Thank you for testing Windows 10 in S mode. Your best experience will be running on a supported device as mentioned above. However, we invite you to try Windows 10 in S mode on existing devices with an eligible operating system. If you're having difficulty installing or running Windows 10 in S mode, use the Windows **Feedback Hub** to report your experience to Microsoft. This feedback is the best way to help improve Windows 10 in S mode with your feedback. 
 
 Common support questions for the Windows 10 in S mode test program:
 
 * **How do I activate if I don't have a Windows 10 in S mode product key?**
 
-    As stated above, devices running Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, or Windows 10 Enterprise can install and run Windows 10 in S mode and it will automatically activate. Testing Windows 10 in S mode on a device running Windows 10 Home is not recommended and supported at this time.
+    As stated above, devices running Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, or Windows 10 Enterprise can install and run Windows 10 in S mode and it will automatically activate. Testing Windows 10 in S mode on a device running Windows 10 Home isn't recommended and supported at this time.
 
 * **Will my OEM help me run Windows 10 in S mode?**
 
@@ -234,11 +234,11 @@ Common support questions for the Windows 10 in S mode test program:
 
 * **What if I want to move from Windows 10 in S mode to Windows 10 Pro?**
 
-    If you want to discontinue using Windows 10 in S mode, follow the instructions to return to your previous installation of Windows 10. If you already had Windows 10 Pro or Windows 10 Pro Education on the device you are testing on, you should be able to move to Windows 10 Pro or Windows 10 Pro Education at no charge with the instructions in this document. Otherwise, there may be a cost to acquire a Windows 10 Pro license in the Store.
+    If you want to discontinue using Windows 10 in S mode, follow the instructions to return to your previous installation of Windows 10. If you already had Windows 10 Pro or Windows 10 Pro Education on the device you're testing on, you should be able to move to Windows 10 Pro or Windows 10 Pro Education at no charge with the instructions in this document. Otherwise, there may be a cost to acquire a Windows 10 Pro license in the Store.
 
 For help with activation issues, click on the appropriate link below for support options.
-* For Volume Licensing Agreement or Shape the Future program customers, go to the [Microsoft Commercial Support](https://support.microsoft.com/gp/commercialsupport) website and select the country/region in which you are seeking commercial support to contact our commercial support team.
-* If you do not have a Volume Licensing Agreement, go to the [Microsoft Support](https://support.microsoft.com/contactus/) website and choose a support option.
+* For Volume Licensing Agreement or Shape the Future program customers, go to the [Microsoft Commercial Support](https://support.microsoft.com/gp/commercialsupport) website and select the country/region in which you're seeking commercial support to contact our commercial support team.
+* If you don't have a Volume Licensing Agreement, go to the [Microsoft Support](https://support.microsoft.com/contactus/) website and choose a support option.
 
 
                    
 1 Internet access fees may apply.
                    
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index 3f31119391..ca36e12e5a 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -103,7 +103,7 @@ We strongly recommend that you avoid changing preset policies. Changes can slow
 
 The **Set up School PCs** app guides you through the configuration choices for the student PCs.  To begin, open the app on your PC and click **Get started**.   
     
-   ![Launch the Set up School PCs app](images/suspc_getstarted_050817.png)  
+   ![Launch the Set up School PCs app.](images/suspc_getstarted_050817.png)  
 
 ### Package name  
 Type a unique name to help distinguish your school's provisioning packages. The name appears:  
diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
new file mode 100644
index 0000000000..445f9c1e89
--- /dev/null
+++ b/education/windows/windows-11-se-overview.md
@@ -0,0 +1,122 @@
+---
+title: What is Windows 11 SE
+description: Learn more about Windows 11 SE, and the apps that are included with the operating system. Read about the features IT professionals and administrators should know about Windows 11 SE. Add and deploy your apps using Microsoft Intune for Education.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mobile
+author: aczechowski
+ms.author: aaroncz
+manager: dougeby
+ms.reviewer: 
+ms.localizationpriority: medium
+ms.topic: article
+---
+
+# Windows 11 SE for Education
+
+**Applies to**:
+
+- Windows 11 SE
+- Microsoft Intune for Education
+
+Windows 11 SE is a new edition of Windows that's designed for education. It runs on web-first devices that use essential education apps. Microsoft Office 365 is preinstalled (subscription sold separately).
+
+For education customers seeking cost-effective devices, Microsoft Windows 11 SE is a great choice. Windows 11 SE includes the following benefits:
+
+- A simplified and secure experience for students. Student privacy is prioritized.
+- Admins remotely manage Windows 11 SE devices using [Microsoft Intune for Education](/intune-education/what-is-intune-for-education).
+- It's built for low-cost devices.
+- It has a curated app experience, and is designed to only run essential education apps.
+
+## Get Windows 11 SE
+
+Windows 11 SE is only available preinstalled on devices from OEMs. The OEM installs Windows 11 SE, and makes the devices available for you to purchase. For example, you'll be able to purchase Microsoft Surface devices with Windows 11 SE already installed.
+
+## Available apps
+
+Windows 11 SE comes with some preinstalled apps. The following apps can also run on Windows 11 SE, and are deployed using the [Intune for Education portal](https://intuneeducation.portal.azure.com). For more information, see [Manage devices running Windows 11 SE](/intune-education/windows-11-se-overview).
+
+
+| Application | Supported version | Vendor |
+| --- | --- | --- |
+|Blub Digital Portoflio                 |0.0.7.0         |bulb|
+|CA Secure Browser                      |14.0.0          |Cambium Development|
+|Cisco Umbrella                         |3.0.110.0       |Cisco|
+|Dragon Professional Individual         |15.00.100       |Nuance Communications|
+|DRC INSIGHT Online Assessments         |12.0.0.0        |DRC|
+|e-Speaking Voice and Speech recognition|4.4.0.8         |e-speaking|
+|Free NaturalReader                     |16.1.2          |Natural Soft|
+|GoGuardian                             |1.4.4           |GoGuardian|
+|Google Chrome                          |97.0.4692.71    |Google|
+|JAWS for Windows                       |2022.2112.24    |Freedom Scientific|
+|Kite Student Portal                    |8.0.1|Dynamic Learning Maps|
+|Kortext                                |2.3.418.0       |Kortext|
+|LanSchool                              |9.1.0.46        |Stoneware|
+|Lightspeed Smart Agent                 |1.9.1           |Lightspeed Systems|
+|Mozilla Firefox                        |96.0.2          |Mozilla|
+|NextUp Talker                          |1.0.49          |NextUp Technologies|
+|NonVisual Desktop Access               |2021.3.1        |NV Access|
+|NWEA Secure Testing Browser            |5.4.300.0       |NEWA|
+|Read&Write for Windows (US English)    |12.0.60.0       |Texthelp Ltd.|
+|Safe Exam Broswer                      |3.3.1           |Safe Exam Broswer|
+|Secure Browser                         |4.8.3.376       |Questar, Inc|
+|SuperNova Magnifier & Screen Reader    | 20.03          |Dolphin Computer Access|
+|SuperNova Magnifier & Speech           | 20.03          |Dolphin Computer Access|
+|Respondus Lockdown Browser             |2.0.8.03        |Respondus|
+|TestNav                                |1.10.2.0        |Pearson Education Inc|
+|SecureBrowser                          |14.0.0          |Cambium Development|
+|Zoom                                   |5.9.1 (2581)    |Zoom|
+|ZoomText Fusion              |2022.2109.10 |Freedom Scientific| 
+|ZoomText Magnifier/Reader              |2022.2109.25 |Freedom Scientific| 
+
+### Enabled apps
+
+| App type | Enabled |
+| --- | --- |
+| Apps that run in a browser | ✔️ Apps that run in a browser, like Progressive Web Apps (PWA) and Web apps, can run on Windows 11 SE without any changes or limitations. |
+| Apps that require installation | ❌ Apps that require an installation, including Microsoft Store apps and Win32 apps can't be installed. If students try to install these apps, the installation fails. 

                    ✔️ If there are specific installation-type of apps you want to enable, then work with Microsoft to get them enabled. For more information, see [Add your own apps](#add-your-own-apps) (in this article). |
+
+### Add your own apps
+
+If the apps you need aren't shown in the [available apps list](#available-apps) (in this article), then you can submit an application request at [aka.ms/eduapprequest](https://aka.ms/eduapprequest). Anyone from a school district can submit the request. In the form, sign in with your school account, such as `user@contoso.edu`. We'll update you using this email account.
+
+Microsoft reviews every app request to make sure each app meets the following requirements:
+
+- Apps can be any native Windows app type, such as a Microsoft Store app, Win32 app, `.MSIX`, `.APPX`, and more.
+
+- Apps must be in one of the following app categories:​
+  - Content Filtering apps​
+  - Test Taking solutions​
+  - Assistive technologies
+  - Classroom communication apps​
+  - Essential diagnostics, management, and supportability apps
+
+- Apps must meet the performance [requirements of Windows 11](/windows/whats-new/windows-11-requirements).
+
+- Apps must meet the following security requirements:
+  - All app binaries are code-signed​.
+  - All files include the `OriginalFileName` in the resource file header​.
+  - All kernel drivers are WHQL-signed.
+
+- Apps don't have an equivalent web application​.
+
+- Apps can't invoke any processes that can be used to jailbreak a device, automate jailbreaks, or present a security risk. For example, processes such as Reg.exe, CBE.exe, CMD.exe, and KD.exe are blocked on Windows 11 SE.
+
+If the app meets the requirements, Microsoft works with the Independent Software Vendor (ISV) to test the app, and make sure the app works as expected on Windows 11 SE.
+
+When the app is ready, Microsoft will update you. Then, you add the app to the [Intune for Education portal](https://intuneeducation.portal.azure.com), and [assign](/intune-education/assign-apps) it to your Windows 11 SE devices.
+
+For more information on Intune requirements for adding education apps, see [Manage devices running Windows 11 SE](/intune-education/windows-11-se-overview).
+
+### 0x87D300D9 error with an app
+
+When you deploy an app using Intune for Education, you may get a `0x87D300D9` error code with a `Failed` state in the [Intune for Education portal](https://intuneeducation.portal.azure.com). If you have an app that fails with this error, then:
+
+- Make sure the app is on the [available apps list](#available-apps) (in this article). Or, make sure your app is [approved for Windows 11 SE](#add-your-own-apps) (in this article).
+- If the app is approved, then it's possible the app is packaged wrong. For more information, see [Add your own apps](#add-your-own-apps) (in this article) and [Manage devices running Windows 11 SE](/intune-education/windows-11-se-overview).
+- If the app isn't approved, then it won't run on Windows 11 SE. To get apps approved, see [Add your own apps](#add-your-own-apps) (in this article). Or, use an app that runs in a web browser, such as a web app or PWA.
+
+## Related articles
+
+- [Use Intune for Education to manage devices running Windows 11 SE](/intune-education/windows-11-se-overview)
diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md
new file mode 100644
index 0000000000..0e70e1cad2
--- /dev/null
+++ b/education/windows/windows-11-se-settings-list.md
@@ -0,0 +1,106 @@
+---
+title: Windows 11 SE settings list
+description: Windows 11 SE automatically configures settings in the operating system. Learn more about the settings you can control and manage, and the settings you can't change.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mobile
+author: aczechowski
+ms.author: aaroncz
+manager: dougeby
+ms.reviewer: 
+ms.localizationpriority: medium
+ms.topic: article
+---
+
+# Windows 11 SE for Education settings list
+
+**Applies to**:
+
+- Windows 11 SE
+- Microsoft Intune for Education
+
+Windows 11 SE automatically configures settings and features in the operating system. These settings use the Configuration Service Provider (CSPs) provided by Microsoft. You can use an MDM provider to configure these settings.
+
+This article lists the settings automatically configured. For more information on Windows 11 SE, see [Windows 11 SE for Education overview](windows-11-se-overview.md).
+
+## Settings that can be changed
+
+The following table lists and describes the settings that can be changed by administrators.
+
+| Setting  | Description |
+| --- | --- |
+| Block manual unenrollment  | Default: Blocked

                    Users can't unenroll their devices from device management services. 

                    [Experience/AllowManualMDMUnenrollment CSP](/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment)|
+| Allow option to Show Network  | Default: Allowed

                    Gives users the option to see the **Show Network** folder in File Explorer. |
+| Allow option to Show This PC  | Default: Allowed

                    Gives user the option to see the **Show This PC** folder in File Explorer. |
+| Set Allowed Folder location  | Default folders: Documents, Desktop, Pictures, and Downloads

                    Gives user access to these folders. |
+| Set Allowed Storage Locations  | Default: Blocks Local Drives and Network Drives

                    Blocks user access to these storage locations. |
+| Allow News and Interests | Default: Hide

                    Hides Widgets. |
+| Disable advertising ID  | Default: Disabled

                    Blocks apps from using usage data to tailor advertisements. 

                    [Privacy/DisableAdvertisingId CSP](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) |
+| Visible settings pages  | Default: 

                     | 
+| Enable App Install Control  | Default: Turned On

                    Users can’t download apps from the internet.

                    [SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)|
+| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days

                    If a file hasn’t been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again. 

                    [Storage/ConfigStorageSenseCloudContentDehydrationThreshold CSP](/windows/client-management/mdm/policy-csp-storage#storage-configstoragesensecloudcontentdehydrationthreshold) |
+| Allow Telemetry  | Default: Required Telemetry Only

                    Sends only basic device info, including quality-related data, app compatibility, and similar data to keep the device secure and up-to-date. 

                    [System/AllowTelemetry CSP](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |
+| Allow Experimentation  | Default: Disabled

                    Microsoft can't experiment with the product to study user preferences or device behavior. 

                    [System/AllowExperimentation CSP](/windows/client-management/mdm/policy-csp-system#system-allowexperimentation) |
+| Block external extensions  | Default: Blocked

                    In Microsoft Edge, users can't install external extensions. 

                    [BlockExternalExtensions](/DeployEdge/microsoft-edge-policies#blockexternalextensions)|
+| Configure new tab page  | Default: `Office.com`

                    In Microsoft Edge, the new tab page defaults to `office.com`. 

                    [Configure the new tab page URL](/DeployEdge/microsoft-edge-policies#configure-the-new-tab-page-url)|
+| Configure homepage  | Default: `Office.com`

                    In Microsoft Edge, the homepage defaults to `office.com`. 

                    [HomepageIsNewTabPage](/DeployEdge/microsoft-edge-policies#homepageisnewtabpage)|
+| Prevent SmartScreen prompt override  | Default: Enabled

                    In Microsoft Edge, users can't override Windows Defender SmartScreen warnings. 

                    [PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride)|
+
+## Settings that can't be changed
+
+The following settings can't be changed.
+
+| Category  | Description |
+| --- | --- |
+| Visible Folders in File Explorer | By default, the Desktop, Downloads, Documents, and Pictures folders are visible to users in File Explorer. Users can make other folders, like **This PC**, visible in **View** > **Options**. |
+| Launch Windows Maximized  | All Windows are opened in the maximized view.  |
+| Windows Snapping  | Windows snapping is limited to two Windows.  |
+| Allowed Account Types  | Microsoft accounts and Azure AD accounts are allowed. |
+| Virtual Desktops  | Virtual Desktops are blocked. |
+| Microsoft Store  | The Microsoft Store is blocked. |
+| Administrative tools  | Administrative tools, such as the command prompt and Windows PowerShell, can't be opened. Windows PowerShell scripts deployed using Microsoft Endpoint Manager can run. |
+| Apps  | Only certain apps are allowed to run on Windows 11 SE. For more info on what apps can run on Windows 11 SE, see [Windows 11 SE for Education overview](windows-11-se-overview.md).  |
+
+## What's available in the Settings app
+
+On Windows 11 SE devices, the Settings app shows the following setting pages. Depending on the hardware, some setting pages might not be shown.
+
+- Accessibility
+
+- Accounts
+  - Email & accounts
+
+- Apps
+
+- Bluetooth & devices
+  - Bluetooth
+  - Printers & scanners
+  - Mouse
+  - Touchpad
+  - Typing
+  - Pen
+  - AutoPlay
+
+- Network & internet
+  - WiFi
+  - VPN
+
+- Personalization
+  - Taskbar
+
+- Privacy & security
+
+- System
+  - Display
+  - Notifications
+  - Tablet mode
+  - Multitasking
+  - Projecting to this PC
+
+- Time & Language
+  - Language & region
+
+## Next steps
+
+[Windows 11 SE for Education overview](windows-11-se-overview.md)
diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md
index f64a279787..759d485046 100644
--- a/education/windows/windows-editions-for-education-customers.md
+++ b/education/windows/windows-editions-for-education-customers.md
@@ -20,9 +20,9 @@ manager: dansimp
 -   Windows 10
 
 
-Windows 10, version 1607 (Anniversary Update) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](https://go.microsoft.com/fwlink/?LinkId=822619) and [privacy](https://go.microsoft.com/fwlink/?LinkId=822620).
+Windows 10, version 1607 (Anniversary Update) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](/windows/security/security-foundations) and [privacy](https://go.microsoft.com/fwlink/?LinkId=822620).
 
-Beginning with version 1607, Windows 10 offers a variety of new features and functionality, such as simplified provisioning with the [Set up School PCs app](./use-set-up-school-pcs-app.md) or [Windows Configuration Designer](./set-up-students-pcs-to-join-domain.md), easier delivery of digital assessments with [Take a Test](./take-tests-in-windows-10.md), and faster log in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](https://www.windows.com/).
+Beginning with version 1607, Windows 10 offers various new features and functionality, such as simplified provisioning with the [Set up School PCs app](./use-set-up-school-pcs-app.md) or [Windows Configuration Designer](./set-up-students-pcs-to-join-domain.md), easier delivery of digital assessments with [Take a Test](./take-tests-in-windows-10.md), and faster sign-in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](https://www.windows.com/).
 
 Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: [Windows 10 Pro Education](#windows-10-pro-education) and [Windows 10 Education](#windows-10-education). These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
 
@@ -35,7 +35,7 @@ For Cortana[1](#footnote1):
 - If you're using new devices with version 1703 or later, Cortana is turned on by default.
 - If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
 
-You can use the **AllowCortana** policy to turn Cortana off. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
+You can use the **AllowCortana** policy to turn off Cortana. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
 
 Windows 10 Pro Education is available on new devices pre-installed with Windows 10, version 1607 or newer versions that are purchased with discounted K-12 academic licenses through OEM partners (these discounted licenses are sometimes referred to as National Academic or Shape the Future).
 
@@ -54,9 +54,9 @@ For Cortana1:
 - If you're using new devices with version 1703 or later, Cortana is turned on by default.
 - If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
 
-You can use the **AllowCortana** policy to turn Cortana off. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
+You can use the **AllowCortana** policy to turn off Cortana. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
 
-Windows 10 Education is available through Microsoft Volume Licensing. Customers who are already running Windows 10 Education can upgrade to Windows 10, version 1607 or newer versions through Windows Update or from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). We recommend Windows 10 Education to all K-12 customers as it provides the most complete and secure edition for education environments. If you do not have access to Windows 10 Education, contact your Microsoft representative or see more information [here](https://go.microsoft.com/fwlink/?LinkId=822628).
+Windows 10 Education is available through Microsoft Volume Licensing. Customers who are already running Windows 10 Education can upgrade to Windows 10, version 1607 or newer versions through Windows Update or from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). We recommend Windows 10 Education to all K-12 customers as it provides the most complete and secure edition for education environments. If you don't have access to Windows 10 Education, contact your Microsoft representative or see more information [here](https://go.microsoft.com/fwlink/?LinkId=822628).
 
 Customers who deploy Windows 10 Enterprise are able to configure the product to have similar feature settings to Windows 10 Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions). We recommend that K-12 customers using commercial Windows 10 Enterprise read the [document](/windows/configuration/manage-tips-and-suggestions) and apply desired settings for your environment.
 
diff --git a/gdpr/docfx.json b/gdpr/docfx.json
index 1d092a902e..eaa6eba4eb 100644
--- a/gdpr/docfx.json
+++ b/gdpr/docfx.json
@@ -31,6 +31,7 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
+      "recommendations": true,
     "author": "eross-msft",
 		"ms.author": "lizross",
 		"feedback_system": "GitHub",
diff --git a/mdop/docfx.json b/mdop/docfx.json
index abcead924c..dfa58fa007 100644
--- a/mdop/docfx.json
+++ b/mdop/docfx.json
@@ -22,6 +22,7 @@
       }
     ],
     "globalMetadata": {
+      "recommendations": true,
       "breadcrumb_path": "/microsoft-desktop-optimization-pack/breadcrumb/toc.json",
       "ROBOTS": "INDEX, FOLLOW",
       "ms.technology": "windows",
diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md
index 4294d7199e..7da2e85c29 100644
--- a/smb/cloud-mode-business-setup.md
+++ b/smb/cloud-mode-business-setup.md
@@ -18,7 +18,7 @@ ms.topic: conceptual
 
 # Get started: Deploy and manage a full cloud IT solution for your business
 
-![Learn how to set up a full cloud infrastructure for your business](images/business-cloud-mode.png)
+![Learn how to set up a full cloud infrastructure for your business.](images/business-cloud-mode.png)
 
 **Applies to:**
 
@@ -27,46 +27,49 @@ ms.topic: conceptual
 Are you ready to move your business to the cloud or wondering what it takes to make this happen with Microsoft cloud services and tools?
 
 In this walkthrough, we'll show you how to deploy and manage a full cloud IT solution for your small to medium business using Microsoft 365 Business Standard, Microsoft Azure AD, Intune, Microsoft Store for Business, and Windows 10. We'll show you the basics on how to:
-- Acquire an Microsoft 365 for business domain
+- Acquire a Microsoft 365 for business domain
 - Add Microsoft Intune and Azure Active Directory (AD) Premium licenses to your business tenant
 - Set up Microsoft Store for Business and manage app deployment and sync with Intune
 - Add users and groups in Azure AD and Intune
 - Create policies and app deployment rules
 - Log in as a user and start using your Windows device
 
-Go to the Microsoft Business site and select **Products** to learn more about pricing and purchasing options for your business.
+Go to [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business) to learn more about pricing and purchasing options for your business.
 
 ## Prerequisites
+
 Here's a few things to keep in mind before you get started:
+
 - You'll need a registered domain to successfully go through the walkthrough.
   - If you already own a domain, you can add this during the Office 365 setup.
-  - If you don't already own a domain, you'll have the option to purchase a domain from the Microsoft 365 admin center. We'll show how to do this as part of the walkthrough.
+  - If you don't already own a domain, you can purchase a domain from the Microsoft 365 admin center. This walkthrough includes the steps.
 - You'll need an email address to create your Office 365 tenant.
-- We recommend that you use Internet Explorer for the entire walkthrough. Right click on Internet Explorer and then choose **Start InPrivate Browsing**.
+- We recommend that you use Internet Explorer for the entire walkthrough. Right select on Internet Explorer > **Start InPrivate Browsing**.
 
 ## 1. Set up your cloud infrastructure
 To set up a cloud infrastructure for your organization, follow the steps in this section.
 
 ### 1.1 Set up Office 365 for business
-See Set up Office 365 for business to learn more about the setup steps for businesses and nonprofits who have Office 365. You can watch video and learn how to:
+
+See [Microsoft 365 admin center for business](/microsoft-365/admin) and [Microsoft 365 resources for nonprofits](https://www.microsoft.com/nonprofits/microsoft-365) to learn more about the setup steps for businesses and nonprofits who have Office 365. You can learn how to:
 - Plan your setup
 - Create Office 365 accounts and how to add your domain.
 - Install Office
 
-To set up your Microsoft 365 for business tenant, see Get Started with Microsoft 365 for business.
+To set up your Microsoft 365 for business tenant, see [Get Started with Microsoft 365 for business](/microsoft-365/business-video/what-is-microsoft-365).
 
-If this is the first time you're setting this up, and you'd like to see how it's done, you can follow these steps to get started:
+If you're new at setting up Office 365, and you'd like to see how it's done, you can follow these steps to get started:
 
-1. Go to the Office 365 page in the Microsoft Business site. Select **Try now** to use the Microsoft 365 Business Standard Trial or select **Buy now** to sign up for Microsoft 365 Business Standard. In this walkthrough, we'll select **Try now**.
+1. Go to [Try or buy a Microsoft 365 for business subscription](/microsoft-365/commerce/try-or-buy-microsoft-365). In this walkthrough, we'll select **Try now**.
 
    **Figure 1** - Try or buy Office 365
 
-   ![Office 365 for business sign up](images/office365_tryorbuy_now.png)
+   ![Office 365 for business sign up.](images/office365_tryorbuy_now.png)
 
 2. Fill out the sign up form and provide information about you and your company.
 3. Create a user ID and password to use to sign into your account.
 
-   This step creates an onmicrosoft.com email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into https://portal.office.com (the admin portal).
+   This step creates an `onmicrosoft.com` email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into [https://portal.office.com](https://portal.office.com) (the admin portal).
 
 4. Select **Create my account** and then enter the phone number you used in step 2 to verify your identity. You'll be asked to enter your verification code.
 5. Select **You're ready to go...** which will take you to the Microsoft 365 admin center.
@@ -76,32 +79,32 @@ If this is the first time you're setting this up, and you'd like to see how it's
 
    **Figure 2** - Microsoft 365 admin center
 
-   ![Microsoft 365 admin center](images/office365_portal.png)
+   :::image type="content" alt-text="Opens the Microsoft 365 admin center." source="images/office365_portal.png":::
 
 
 6. Select the **Admin** tile to go to the admin center.
 7. In the admin center, click **Next** to see the highlights and welcome info for the admin center. When you're done, click **Go to setup** to complete the Office 365 setup.
 
-   This may take up to a half hour to complete.
+   This step can take up to a half hour to complete.
   
    **Figure 3** - Admin center
 
-   ![Microsoft 365 admin center](images/office365_admin_portal.png)
+   :::image type="content" alt-text="Complete the Office 365 setup in the Microsoft 365 admin center." source="images/office365_admin_portal.png":::
 
 
-8. Go back to the admin center to add or buy a domain.
+8. Go back to the [admin center](https://portal.office.com/adminportal/home#/homepage) to add or buy a domain.
    1. Select the **Domains** option.
 
       **Figure 4** - Option to add or buy a domain
 
-      ![Add or buy a domain in admin center](images/office365_buy_domain.png)
+      :::image type="content" alt-text="Add or buy a domain in admin center." source="images/office365_buy_domain.png":::
     
 
-   2. In the **Home > Domains** page, you will see the Microsoft-provided domain, such as *fabrikamdesign.onmicrosoft.com*.
+   2. In the **Home > Domains** page, you will see the Microsoft-provided domain, such as `fabrikamdesign.onmicrosoft.com`.
 
       **Figure 5** - Microsoft-provided domain
 
-      ![Microsoft-provided domain](images/office365_ms_provided_domain.png)
+      :::image type="content" alt-text="Microsoft-provided domain." source="images/office365_ms_provided_domain.png":::
 
       - If you already have a domain, select **+ Add domain** to add your existing domain. If you select this option, you'll be required to verify that you own the domain. Follow the steps in the wizard to verify your domain.
       - If you don't already own a domain, select **+ Buy domain**. If you're using a trial plan, you'll be required to upgrade your trial plan in order to buy a domain. Choose the subscription plan to use for your business and provide the details to complete your order.
@@ -110,7 +113,7 @@ If this is the first time you're setting this up, and you'd like to see how it's
 
       **Figure 6** - Domains
 
-      ![Verify your domains in the admin center](images/office365_additional_domain.png)
+      :::image type="content" alt-text="Verify your domains in the admin center." source="images/office365_additional_domain.png":::
 
 ### 1.2 Add users and assign product licenses
 Once you've set up Office and added your domain, it's time to add users so they have access to Office 365. People in your organization need an account before they can sign in and access Office 365. The easiest way to add users is to add them one at a time in the Microsoft 365 admin center.
@@ -119,55 +122,55 @@ When adding users, you can also assign admin privileges to certain users in your
 
 **To add users and assign product licenses**
 
-1. In the admin center, select **Users > Active users**.
+1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Users > Active users**.
 
    **Figure 7** - Add users
 
-   ![Add Office 365 users](images/office365_users.png)
+   :::image type="content" alt-text="Add Office 365 users." source="images/office365_users.png":::
 
 2. In the **Home > Active users** page, add users individually or in bulk.
    - To add users one at a time, select **+ Add a user**.
 
-     If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see *Add a user account in the admin center* in Add users individually or in bulk to Office 365 - Admin Help.
+     If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users).
 
      **Figure 8** - Add an individual user
 
-     ![Add an individual user](images/office365_add_individual_user.png)
+     :::image type="content" alt-text="Add an individual user." source="images/office365_add_individual_user.png":::
 
    - To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users.
 
-     The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see Add several users at the same time to Office 365 - Admin Help. Once you've added all the users, don't forget to assign **Product licenses** to the new users.
+     The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users). Once you've added all the users, don't forget to assign **Product licenses** to the new users.
 
      **Figure 9** - Import multiple users
 
-     ![Import multiple users](images/office365_import_multiple_users.png)
+     :::image type="content" alt-text="Import multiple users." source="images/office365_import_multiple_users.png":::
 
 3. Verify that all the users you added appear in the list of **Active users**. The **Status** should indicate the product licenses that were assigned to them.
 
    **Figure 10** - List of active users
 
-   ![Verify users and assigned product licenses](images/o365_active_users.png)
+   :::image type="content" alt-text="Verify users and assigned product licenses." source="images/o365_active_users.png":::
 
 ### 1.3 Add Microsoft Intune
-Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see What is Intune?
+Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see [Microsoft Intune is an MDM and MAM provider](/mem/intune/fundamentals/what-is-intune).
 
 **To add Microsoft Intune to your tenant**
 
-1. In the admin center, select **Billing > Purchase services**.
+1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Billing > Purchase services**.
 2. In the **Home > Purchase services** screen, search for **Microsoft Intune**. Hover over **Microsoft Intune** to see the options to start a free 30-day trial or to buy now.
 3. Confirm your order to enable access to Microsoft Intune.
 4. In the admin center, the Intune licenses will show as available and ready to be assigned to users. Select **Users > Active users** and then edit the product licenses assigned to the users to turn on **Intune A Direct**.
 
    **Figure 11** - Assign Intune licenses
 
-   ![Assign Microsoft Intune licenses to users](images/o365_assign_intune_license.png)
+   :::image type="content" alt-text="Assign Microsoft Intune licenses to users." source="images/o365_assign_intune_license.png":::
 
 5. In the admin center, confirm that **Intune** shows up in the list under **Admin centers**. If it doesn't, sign out and then sign back in and then check again.
-6. Select **Intune**. This will take you to the Intune management portal.
+6. Select **Intune**. This step opens the Endpoint Manager admin center.
 
    **Figure 12** - Microsoft Intune management portal
 
-   ![Microsoft Intune management portal](images/intune_portal_home.png)
+   :::image type="content" alt-text="Microsoft Intune management portal." source="images/intune_portal_home.png":::
 
 Intune should now be added to your tenant. We'll come back to Intune later when we [Configure Microsoft Store for Business for app distribution](#17-configure-microsoft-store-for-business-for-app-distribution).
 
@@ -176,7 +179,7 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick
 
 **To add Azure AD to your domain**
 
-1. In the admin center, select **Admin centers > Azure AD**.
+1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Admin centers > Azure AD**.
 
    > [!NOTE]
    > You will need Azure AD Premium to configure automatic MDM enrollment with Intune.
@@ -185,57 +188,57 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick
 
    **Figure 13** - Access to Azure AD is not available
 
-   ![Access to Azure AD not available](images/azure_ad_access_not_available.png)
+   :::image type="content" alt-text="Access to Azure AD not available." source="images/azure_ad_access_not_available.png":::
 
-3. From the error message, select the country/region for your business. This should match with the location you specified when you signed up for Office 365.
-4. Click **Azure subscription**. This will take you to a free trial sign up screen.
+3. From the error message, select the country/region for your business. The region should match with the location you specified when you signed up for Office 365.
+4. Select **Azure subscription**. This step will take you to a free trial sign up screen.
 
    **Figure 14** - Sign up for Microsoft Azure
 
-   ![Sign up for Microsoft Azure](images/azure_ad_sign_up_screen.png)
+   :::image type="content" alt-text="Sign up for Microsoft Azure." source="images/azure_ad_sign_up_screen.png":::
 
 5. In the **Free trial sign up** screen, fill in the required information and then click **Sign up**.
 6. After you sign up, you should see the message that your subscription is ready. Click **Start managing my service**.
 
    **Figure 15** - Start managing your Azure subscription
 
-   ![Start managing your Azure subscription](images/azure_ad_successful_signup.png)
+   :::image type="content" alt-text="Start managing your Azure subscription." source="images/azure_ad_successful_signup.png":::
 
-   This will take you to the Microsoft Azure portal.
+   This step will take you to the [Microsoft Azure portal](https://portal.azure.com).
 
 ### 1.5 Add groups in Azure AD
-This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see Managing access to resources with Azure Active Directory groups.
+This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see [Managing access to resources with Azure Active Directory groups](/azure/active-directory/active-directory-manage-groups.
 
-To add Azure AD group(s), we will use the classic Azure portal (https://manage.windowsazure.com). See Managing groups in Azure Active Directory for more information about managing groups.
+To add Azure AD group(s), use the [Microsoft Azure portal](https://portal.azure.com). See [Managing groups in Azure Active Directory](/azure/active-directory/active-directory-accessmanagement-manage-groups) for more information about managing groups.
 
 **To add groups in Azure AD**
 
-1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node in the classic Azure portal, you will see a screen informing you that your directory is ready for use.
+1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node, you will see a screen informing you that your directory is ready for use.
 
    Afterwards, you should see a list of active directories. In the following example, **Fabrikam Design** is the active directory.
 
    **Figure 16** - Azure first sign-in screen
 
-   ![Select Azure AD](images/azure_portal_classic_configure_directory.png)
+   :::image type="content" alt-text="Select Azure AD." source="images/azure_portal_classic_configure_directory.png":::
 
 2. Select the directory (such as Fabrikam Design) to go to the directory's home page.
 
    **Figure 17** - Directory home page
 
-   ![Directory home page](images/azure_portal_classic_directory_ready.png)
+   :::image type="content" alt-text="Directory home page." source="images/azure_portal_classic_directory_ready.png":::
 
 3. From the menu options on top, select **Groups**.
 
    **Figure 18** - Azure AD groups
 
-   ![Add groups in Azure AD](images/azure_portal_classic_groups.png)
+   :::image type="content" alt-text="Add groups in Azure AD." source="images/azure_portal_classic_groups.png":::
 
 4. Select **Add a group** (from the top) or **Add group** at the bottom.
 5. In the **Add Group** window, add a name, group type, and description for the group and click the checkmark to save your changes. The new group will appear on the groups list.
 
    **Figure 19** - Newly added group in Azure AD
 
-   ![Verify the new group appears on the list](images/azure_portal_classic_all_users_group.png)
+   :::image type="content" alt-text="Verify the new group appears on the list." source="images/azure_portal_classic_all_users_group.png":::
 
 6. In the **Groups** tab, select the arrow next to the group (such as **All users**), add members to the group, and then save your changes.
 
@@ -243,34 +246,34 @@ To add Azure AD group(s), we will use the this blog post to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough.
+You can read the [Windows 10, Azure AD and Microsoft Intune blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/) to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough.
 
 > [!IMPORTANT]
 > We will use the classic Azure portal instead of the new portal to configure automatic MDM enrollment with Intune.
 
 **To enable automatic MDM enrollment**
 
-1. In to the classic Azure portal, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options. 
+1. In the Azure portal, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options. 
 
    The list of applications for your company will appear. **Microsoft Intune** will be one of the applications on the list.
 
    **Figure 21** - List of applications for your company
 
-   ![List of applications for your company](images/azure_portal_classic_applications.png)
+   :::image type="content" alt-text="List of applications for your company." source="images/azure_portal_classic_applications.png":::
 
 2. Select **Microsoft Intune** to configure the application.
 3. In the Microsoft Intune configuration page, click **Configure** to start automatic MDM enrollment configuration with Intune.
 
    **Figure 22** - Configure Microsoft Intune in Azure
 
-   ![Configure Microsoft Intune in Azure](images/azure_portal_classic_configure_intune_app.png)
+   :::image type="content" alt-text="Configure Microsoft Intune in Azure." source="images/azure_portal_classic_configure_intune_app.png":::
 
 4. In the Microsoft Intune configuration page:
    - In the **Properties** section, you should see a list of URLs for MDM discovery, MDM terms of use, and MDM compliance.
@@ -289,66 +292,66 @@ You can read Microsoft Intune management portal and Microsoft Store for Business.
+In this part of the walkthrough, use the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps).
 
 **To associate your Store account with Intune and configure synchronization**
 
-1. From the Microsoft Intune management portal, select **Admin**.
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first item you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**.
 
    **Figure 24** - Mobile device management
 
-   ![Set up mobile device management in Intune](images/intune_admin_mdm_configure.png)
+   :::image type="content" alt-text="Set up mobile device management in Intune." source="images/intune_admin_mdm_configure.png":::
 
-3. Sign into Microsoft Store for Business using the same tenant account that you used to sign into Intune.
+3. Sign into [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps) using the same tenant account that you used to sign into Intune.
 4. Accept the EULA.
 5. In the Store portal, select **Settings > Management tools** to go to the management tools page.
 6. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune ready to use with Microsoft Store for Business.
 
    **Figure 25** - Activate Intune as the Store management tool
 
-   ![Activate Intune from the Store portal](images/wsfb_management_tools_activate.png)
+   :::image type="content" alt-text="Activate Intune from the Store portal." source="images/wsfb_management_tools_activate.png":::
 
-7. Go back to the Intune management portal, select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**.
+7. Go back to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**.
 8. In the **Microsoft Store for Business** page, select **Configure Sync** to sync your Store for Business volume-purchased apps with Intune.
 
    **Figure 26** - Configure Store for Business sync in Intune
 
-   ![Configure Store for Business sync in Intune](images/intune_admin_mdm_store_sync.png)
+   :::image type="content" alt-text="Configure Store for Business sync in Intune." source="images/intune_admin_mdm_store_sync.png":::
 
 9. In the **Configure Microsoft Store for Business app sync** dialog box, check **Enable Microsoft Store for Business sync**. In the **Language** dropdown list, choose the language in which you want apps from the Store to be displayed in the Intune console and then click **OK**.
 
    **Figure 27** - Enable Microsoft Store for Business sync in Intune
 
-   ![Enable Store for Business sync in Intune](images/intune_configure_store_app_sync_dialog.png)
+   :::image type="content" alt-text="Enable Store for Business sync in Intune." source="images/intune_configure_store_app_sync_dialog.png":::
 
    The **Microsoft Store for Business** page will refresh and it will show the details from the sync.
 
 **To buy apps from the Store**
 
-In your Microsoft Store for Business portal, you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory:
+In your [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory:
 - Sway
 - OneNote
 - PowerPoint Mobile
 - Excel Mobile
 - Word Mobile
 
-In the Intune management portal, select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune.
+In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune.
 
 In the following example, we'll show you how to buy apps through the Microsoft Store for Business and then make sure the apps appear on Intune.
 
 **Example 1 - Add other apps like Reader and InstaNote**
 
-1. In the Microsoft Store for Business portal, click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list.
+1. In the [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list.
 
    **Figure 28** - Shop for Store apps
 
-   ![Shop for Store apps](images/wsfb_shop_microsoft_apps.png)
+   :::image type="content" alt-text="Shop for Store apps." source="images/wsfb_shop_microsoft_apps.png":::
 
 2. Click to select an app, such as **Reader**. This opens the app page.
 3. In the app's Store page, click **Get the app**. You should see a dialog that confirms your order. Click **Close**. This will refresh the app's Store page.
@@ -358,7 +361,7 @@ In the following example, we'll show you how to buy apps through the Microsoft S
 
    **Figure 29** - App inventory shows the purchased apps
 
-   ![Confirm that your inventory shows purchased apps](images/wsfb_manage_inventory_newapps.png)
+   :::image type="content" alt-text="Confirm that your inventory shows purchased apps." source="images/wsfb_manage_inventory_newapps.png":::
 
    > [!NOTE]
    > Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune to sync all your purchased apps. You can force a sync to make this process happen faster. For more info, see [To sync recently purchased apps](#forceappsync).
@@ -367,18 +370,18 @@ In the following example, we'll show you how to buy apps through the Microsoft S
 
 If you need to sync your most recently purchased apps and have it appear in your catalog, you can do this by forcing a sync.
 
-1. In the Intune management portal, select **Admin > Mobile Device Management > Windows > Store for Business**.
+1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management > Windows > Store for Business**.
 2. In the **Microsoft Store for Business** page, click **Sync now** to force a sync.
 
    **Figure 30** - Force a sync in Intune
 
-   ![Force a sync in Intune](images/intune_admin_mdm_forcesync.png)
+   :::image type="content" alt-text="Force a sync in Intune." source="images/intune_admin_mdm_forcesync.png":::
 
 **To view purchased apps**
-- In the Intune management portal, select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly.
+- In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly.
 
 **To add more apps**
-- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see Add apps for enrolled devices to Intune for more info on how to do this.
+- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see [Add apps to Microsoft Intune](/mem/intune/apps/apps-add) for more info on how to do this.
 
 ## 2. Set up devices
 
@@ -393,7 +396,7 @@ To set up new Windows devices, go through the Windows initial device setup or fi
 
    **Figure 31** - First screen in Windows device setup
 
-   ![First screen in Windows device setup](images/win10_hithere.png)
+   :::image type="content" alt-text="First screen in Windows device setup." source="images/win10_hithere.png":::
 
    > [!NOTE]  
    > During setup, if you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired/Ethernet connection.
@@ -403,13 +406,13 @@ To set up new Windows devices, go through the Windows initial device setup or fi
 
    **Figure 32** - Choose how you'll connect your Windows device
 
-   ![Choose how you'll connect the Windows device](images/win10_choosehowtoconnect.png)
+   :::image type="content" alt-text="Choose how you'll connect the Windows device." source="images/win10_choosehowtoconnect.png":::
 
-4. In the **Let's get you signed in** screen, sign in using one of the user accounts you added in section [1.2 Add users and assign product licenses](#12-add-users-and-assign-product-licenses). We suggest signing in as one of the global administrators. Later, sign in on another device using one of the non-admin accounts.
+4. In the **Let's get you signed in** screen, sign in using a user account you added in section [1.2 Add users and assign product licenses](#12-add-users-and-assign-product-licenses). We suggest signing in as one of the global administrators. Later, sign in on another device using one of the non-admin accounts.
 
    **Figure 33** - Sign in using one of the accounts you added
 
-   ![Sign in using one of the accounts you added](images/win10_signin_admin_account.png)
+   :::image type="content" alt-text="Sign in using one of the accounts you added." source="images/win10_signin_admin_account.png":::
 
 5. If this is the first time you're signing in, you will be asked to update your password. Update the password and continue with sign-in and setup.
 
@@ -419,20 +422,20 @@ To set up new Windows devices, go through the Windows initial device setup or fi
 Verify that the device is set up correctly and boots without any issues.
 
 **To verify that the device was set up correctly**
-1. Click on the **Start** menu and select some of the options to make sure everything launches properly.
+1. Click on the **Start** menu and select some of the options to make sure everything opens properly.
 2. Confirm that the Store and built-in apps are working.
 
 ### 2.3 Verify the device is Azure AD joined
-In the Intune management portal, verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune.
+In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune.
 
 **To verify if the device is joined to Azure AD**
-1. Check the device name on your PC. To do this, on your Windows PC, select **Settings > System > About** and then check **PC name**.
+1. Check the device name on your PC. On your Windows PC, select **Settings > System > About** and then check **PC name**.
 
    **Figure 34** - Check the PC name on your device
 
-   ![Check the PC name on your device](images/win10_settings_pcname.png)
+   :::image type="content" alt-text="Check the PC name on your device." source="images/win10_settings_pcname.png":::
   
-2. Log in to the Intune management portal.
+2. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 3. Select **Groups** and then go to **Devices**.
 4. In the **All Devices** page, look at the list of devices and select the entry that matches the name of your PC. 
    - Check that the device name appears in the list. Select the device and it will also show the current logged-in user in the **General Information** section.
@@ -441,10 +444,10 @@ In the Intune management
 
    **Figure 35** - Check that the device appears in Intune
 
-   ![Check that the device appears in Intune](images/intune_groups_devices_list.png)
+   :::image type="content" alt-text="Check that the device appears in Intune." source="images/intune_groups_devices_list.png":::
 
 ## 3. Manage device settings and features
-You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies).
+You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](/mem/intune/configuration/device-profiles).
 
 In this section, we'll show you how to reconfigure app deployment settings and add a new policy that will disable the camera for the Intune-managed devices and turn off Windows Hello and PINs during setup.
 
@@ -452,30 +455,30 @@ In this section, we'll show you how to reconfigure app deployment settings and a
 In some cases, if an app is missing from the device, you need to reconfigure the deployment settings for the app and set the app to require installation as soon as possible.
 
 **To reconfigure app deployment settings**
-1. In the Intune management portal, select **Apps** and go to **Apps > Volume-Purchased Apps**.
+1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps** and go to **Apps > Volume-Purchased Apps**.
 2. Select the app, right-click, then select **Manage Deployment...**.
 3. Select the group(s) whose apps will be managed, and then click **Add** to add the group.
 4. Click **Next** at the bottom of the app deployment settings window or select **Deployment Action** on the left column to check the deployment settings for the app.
-5. For each group that you selected, set **Approval** to **Required Install**. This automatically sets **Deadline** to **As soon as possible**. If **Deadline** is not automatically set, set it to **As soon as possible**.
+5. For each group that you selected, set **Approval** to **Required Install**. This step automatically sets **Deadline** to **As soon as possible**. If **Deadline** is not automatically set, set it to **As soon as possible**.
 
    **Figure 36** - Reconfigure an app's deployment setting in Intune
 
-   ![Reconfigure app deployment settings in Intune](images/intune_apps_deploymentaction.png)
+   :::image type="content" alt-text="Reconfigure app deployment settings in Intune." source="images/intune_apps_deploymentaction.png":::
 
 6. Click **Finish**.
 7. Repeat steps 2-6 for other apps that you want to deploy to the device(s) as soon as possible.
-8. Verify that the app shows up on the device. To do this:
+8. Verify that the app shows up on the device using the following steps:
    - Make sure you're logged in to the Windows device.
    - Click the **Start** button and check the apps that appear in the **Recently added** section. If you don't see the apps that you deployed in Intune, give it a few minutes. Only apps that aren't already deployed on the device will appear in the **Recently added** section.
 
      **Figure 37** - Confirm that additional apps were deployed to the device
 
-     ![Confirm that additional apps were deployed to the device](images/win10_deploy_apps_immediately.png)
+     :::image type="content" alt-text="Confirm that additional apps were deployed to the device." source="images/win10_deploy_apps_immediately.png":::
 
 ### 3.2 Configure other settings in Intune
 
 **To disable the camera**
-1. In the Intune management portal, select **Policy > Configuration Policies**.
+1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices > Configuration Policies**.
 2. In the **Policies** window, click **Add** to create a new policy.
 3. On the **Create a New Policy** page, click **Windows** to expand the group, select **General Configuration (Windows 10 Desktop and Mobile and later)**, choose **Create and Deploy a Custom Policy**, and then click **Create Policy**.
 4. On the **Create Policy** page, select **Device Capabilities**.
@@ -486,7 +489,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the
 
    **Figure 38** - Add a configuration policy
 
-   ![Add a configuration policy](images/intune_policy_disablecamera.png)
+   :::image type="content" alt-text="Add a configuration policy." source="images/intune_policy_disablecamera.png":::
 
 7. Click **Save Policy**. A confirmation window will pop up.
 8. On the **Deploy Policy** confirmation window, select **Yes** to deploy the policy now.
@@ -495,16 +498,16 @@ In some cases, if an app is missing from the device, you need to reconfigure the
 
     **Figure 39** - The new policy should appear in the **Policies** list.
 
-    ![New policy appears on the list](images/intune_policies_newpolicy_deployed.png)
+    :::image type="content" alt-text="New policy appears on the list." source="images/intune_policies_newpolicy_deployed.png":::
 
 **To turn off Windows Hello and PINs during device setup**
-1. In the Intune management portal, select **Admin**.
+1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Go to **Mobile Device Management > Windows > Windows Hello for Business**.
 3. In the **Windows Hello for Business** page, select **Disable Windows Hello for Business on enrolled devices**.
 
    **Figure 40** - Policy to disable Windows Hello for Business
 
-   ![Disable Windows Hello for Business](images/intune_policy_disable_windowshello.png)
+   :::image type="content" alt-text="Disable Windows Hello for Business." source="images/intune_policy_disable_windowshello.png":::
 
 4. Click **Save**.
 
@@ -531,55 +534,57 @@ For other devices, such as those personally-owned by employees who need to conne
 
    **Figure 41** - Add an Azure AD account to the device
 
-   ![Add an Azure AD account to the device](images/win10_add_new_user_join_aad.png)
+   :::image type="content" alt-text="Add an Azure AD account to the device." source="images/win10_add_new_user_join_aad.png":::
 
 4. In the **Let's get you signed in** window, enter the work credentials for the account and then click **Sign in** to authenticate the user.
 
    **Figure 42** - Enter the account details
 
-   ![Enter the account details](images/win10_add_new_user_account_aadwork.png)
+   :::image type="content" alt-text="Enter the account details." source="images/win10_add_new_user_account_aadwork.png":::
 
 5. You will be asked to update the password so enter a new password.
 6. Verify the details to make sure you're connecting to the right organization and then click **Join**.
 
    **Figure 43** - Make sure this is your organization
 
-   ![Make sure this is your organization](images/win10_confirm_organization_details.png)
+   :::image type="content" alt-text="Make sure this is your organization." source="images/win10_confirm_organization_details.png":::
 
 7. You will see a confirmation window that says the device is now connected to your organization. Click **Done**.
 
    **Figure 44** - Confirmation that the device is now connected
 
-   ![Confirmation that the device is now connected](images/win10_confirm_device_connected_to_org.png)
+   :::image type="content" alt-text="Confirmation that the device is now connected." source="images/win10_confirm_device_connected_to_org.png":::
 
 8. The **Connect to work or school** window will refresh and will now include an entry that shows you're connected to your organization's Azure AD. This means the device is now registered in Azure AD and enrolled in MDM and the account should have access to the organization's resources.
 
    **Figure 45** - Device is now enrolled in Azure AD
 
-   ![Device is enrolled in Azure AD](images/win10_device_enrolled_in_aad.png)
+   :::image type="content" alt-text="Device is enrolled in Azure AD." source="images/win10_device_enrolled_in_aad.png":::
 
-9. You can confirm that the new device and user are showing up as Intune-managed by going to the Intune management portal and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
+9. You can confirm that the new device and user are showing up as Intune-managed by going to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
 
 ### 4.2 Add a new user
 You can add new users to your tenant simply by adding them to the Microsoft 365 groups. Adding new users to Microsoft 365 groups automatically adds them to the corresponding groups in Microsoft Intune.
 
-See [Add users to Office 365](https://support.office.com/en-us/article/Add-users-to-Office-365-for-business-435ccec3-09dd-4587-9ebd-2f3cad6bc2bc?ui=en-US&rs=en-US&ad=US&fromAR=1) to learn more. Once you're done adding new users, go to the Intune management portal and verify that the same users were added to the Intune groups as well.
+See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn more. Once you're done adding new users, go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and verify that the same users were added to the Intune groups as well.
 
 ## Get more info
 
 ### For IT admins
 To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links:
-- Set up Office 365 for business
-- Common admin tasks in Office 365 including email and OneDrive in Manage Office 365
-- More info about managing devices, apps, data, troubleshooting, and more in Intune documentation
-- Learn more about Windows 10 in Windows 10 guide for IT pros
-- Info about distributing apps to your employees, managing apps, managing settings, and more in Microsoft Store for Business
+- [Set up Office 365 for business](/microsoft-365/admin/setup)
+- Common admin tasks in Office 365 including email and OneDrive in [Manage Office 365](/microsoft-365/admin/)
+- More info about managing devices, apps, data, troubleshooting, and more in the [/mem/intune/](/mem/intune/)
+- Learn more about Windows client in the [Windows client documentation for IT Pros](/windows/resources/).
+- Info about distributing apps to your employees, managing apps, managing settings, and more in [Microsoft Store for Business](/microsoft-store/)
 
 ### For information workers
 Whether it's in the classroom, getting the most out of your devices, or learning some of the cool things you can do, we've got teachers covered. Follow these links for more info:
-- Office help and training
-- Windows 10 help
+
+- [Office Help & Training](https://support.microsoft.com/office)
+- [Windows help & learning](https://support.microsoft.com/windows)
 
 ## Related topics
 
-- [Windows 10 and Windows 10 Mobile](/windows/windows-10/)
\ No newline at end of file
+- [Windows for business](https://www.microsoft.com/windows/business)
+- [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business)
diff --git a/smb/docfx.json b/smb/docfx.json
index 379f9d6f3e..9b63f81cad 100644
--- a/smb/docfx.json
+++ b/smb/docfx.json
@@ -29,6 +29,7 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
+      "recommendations": true,
       "breadcrumb_path": "/windows/smb/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
       "feedback_system": "None",
diff --git a/smb/includes/smb-content-updates.md b/smb/includes/smb-content-updates.md
index 1f83558533..e8f13c7d35 100644
--- a/smb/includes/smb-content-updates.md
+++ b/smb/includes/smb-content-updates.md
@@ -2,8 +2,9 @@
 

 
 
-## Week of April 26, 2021
+## Week of December 13, 2021
 
 
 | Published On |Topic title | Change |
 |------|------------|--------|
+| 12/14/2021 | [Deploy and manage a full cloud IT solution for your business](/windows/smb/cloud-mode-business-setup) | modified |
diff --git a/smb/index.md b/smb/index.md
index cc4c596a1c..fb9fbc6fc9 100644
--- a/smb/index.md
+++ b/smb/index.md
@@ -1,7 +1,7 @@
 ---
-title: Windows 10 for small to midsize businesses
+title: Windows 10/11 for small to midsize businesses
 description: Microsoft products and devices to transform and grow your businessLearn how to use Windows 10 for your small to midsize business.
-keywords: Windows 10, SMB, small business, midsize business, business
+keywords: Windows 10, Windows 11, SMB, small business, midsize business, business
 ms.prod: w10
 ms.technology: 
 ms.topic: article
@@ -15,22 +15,39 @@ manager: dansimp
 audience: itpro
 ---
 
-# Windows 10 for SMB
+# Windows 10/11 for Small and Medium Business (SMB)
 
-![Windows 10 for SMB](images/smb_portal_banner.png)
+![Windows 10 for SMB.](images/smb_portal_banner.png)
 
-## ![Learn more about Windows and other resources for SMBs](images/learn.png) Learn
+## ![Learn more about Windows and other resources for SMBs.](images/learn.png) Learn
 
-
                    Windows 10 for business
                    Learn how Windows 10 and Windows devices can help your business.
                    
-
                    SMB blog
                    Read about the latest stories, technology insights, and business strategies for SMBs.
                    
-
                    How to buy
                    Go here when you're ready to buy or want to learn more about Microsoft products you can use to help transform your business.
                    
+**[Windows for business](https://www.microsoft.com/windows/business)**
 
+Learn how Windows can help your business be more productive, collaborate better, and be more secure.
 
-## ![Deploy a Microsoft solution for your business](images/deploy.png) Deploy
+**[Bing Pages](https://www.microsoft.com/bing/bing-pages-overview)**
 
-
                    Get started: Deploy and manage a full cloud IT solution for your business
                    Find out how easy it is to deploy and manage a full cloud IT solution for your small to midsize business using Microsoft cloud services and tools.
                    
+Use Bing to grow your business and enhance your brand online.
 
+**[Customer stories](https://customers.microsoft.com/)**
 
- ## Related topics
+Read about the latest stories and technology insights.
 
-- [Windows 10 and Windows 10 Mobile](/windows/windows-10/)
\ No newline at end of file
+**[SMB Blog](https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/bg-p/Microsoft365BusinessBlog)**
+
+Read about business strategies and collaborations with SMBs.
+
+**[Business Solutions and Technology](https://www.microsoft.com/store/b/business)**
+
+Learn more about Microsoft products, or when you're ready to buy products and services to help transform your business.
+
+## ![Deploy a Microsoft solution for your business.](images/deploy.png) Deploy
+
+**[Get started: Deploy and manage a full cloud IT solution for your business](cloud-mode-business-setup.md)**
+
+Using Microsoft cloud services and tools, it can be easy to deploy and manage a full cloud IT solution for your small to midsize business.
+
+## Related articles
+
+- [Windows for business](https://www.microsoft.com/windows/business)
+- [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business)
diff --git a/store-for-business/TOC.yml b/store-for-business/TOC.yml
index c3379274a8..03ce31fa9e 100644
--- a/store-for-business/TOC.yml
+++ b/store-for-business/TOC.yml
@@ -51,8 +51,6 @@
           href: add-profile-to-devices.md
         - name: Microsoft Store for Business and Education PowerShell module - preview
           href: microsoft-store-for-business-education-powershell-module.md
-        - name: Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business
-          href: manage-mpsa-software-microsoft-store-for-business.md
         - name: Working with solution providers
           href: /microsoft-365/commerce/manage-partners
     - name: Billing and payments
diff --git a/store-for-business/acquire-apps-microsoft-store-for-business.md b/store-for-business/acquire-apps-microsoft-store-for-business.md
index 9c3ddd79ad..882b7e57ba 100644
--- a/store-for-business/acquire-apps-microsoft-store-for-business.md
+++ b/store-for-business/acquire-apps-microsoft-store-for-business.md
@@ -11,11 +11,14 @@ manager: scotv
 ms.reviewer: 
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 03/10/2021
+ms.date: 07/21/2021
 ---
 
 # Acquire apps in Microsoft Store for Business and Education
 
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
 > [!IMPORTANT]
 > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
 
@@ -52,7 +55,7 @@ There are a couple of things we need to know when you pay for apps. You can add
 2. Select **Manage**, and then select **Settings**. 
 3. On **Shop**, , under **Shopping behavior**, turn on or turn off **Allow users to shop**.
 
-![manage settings to control Basic Purchaser role assignment](images/sfb-allow-shop-setting.png)
+![manage settings to control Basic Purchaser role assignment.](images/sfb-allow-shop-setting.png)
 
 ## Allow app requests
 
diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 24f8b9ac6c..2ee659bb6b 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
 ms.author: TrudyHa
-ms.date: 2/9/2018
+ms.date: 07/21/2021
 ms.reviewer: 
 manager: dansimp
 ms.topic: conceptual
@@ -19,6 +19,9 @@ ms.localizationpriority: medium
 **Applies to**
 -   Windows 10
 
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
 Windows Autopilot simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows Autopilot](/windows/deployment/windows-autopilot/windows-10-autopilot).
 
 Watch this video to learn more about Windows Autopilot in Microsoft Store for Business. 
                    
diff --git a/store-for-business/add-unsigned-app-to-code-integrity-policy.md b/store-for-business/add-unsigned-app-to-code-integrity-policy.md
index 454b74a767..d96d350d9d 100644
--- a/store-for-business/add-unsigned-app-to-code-integrity-policy.md
+++ b/store-for-business/add-unsigned-app-to-code-integrity-policy.md
@@ -12,16 +12,19 @@ author: cmcatee-MSFT
 manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 03/10/2021
+ms.date: 07/21/2021
 ---
 
 # Add unsigned app to code integrity policy
 
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
 > [!IMPORTANT]
 > We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
 >
 > Following are the major changes we are making to the service: 
-> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
+> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download at [https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/](https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/).
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
 > -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
 >
@@ -38,7 +41,6 @@ ms.date: 03/10/2021
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
 
 When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device. Then, create the catalog files for your unsigned app, sign the catalog files, and then merge the default policy that includes your signing certificate with existing code integrity policies.
 
diff --git a/store-for-business/app-inventory-management-microsoft-store-for-business.md b/store-for-business/app-inventory-management-microsoft-store-for-business.md
index 08efbce3ad..3eb99b3802 100644
--- a/store-for-business/app-inventory-management-microsoft-store-for-business.md
+++ b/store-for-business/app-inventory-management-microsoft-store-for-business.md
@@ -11,7 +11,7 @@ ms.pagetype: store
 author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
-ms.date: 10/23/2018
+ms.date: 07/21/2021
 ---
 
 # App inventory management for Microsoft Store for Business and Education
@@ -19,7 +19,9 @@ ms.date: 10/23/2018
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 You can manage all apps that you've acquired on your **Apps & software** page. This page shows all of the content you've acquired, including apps that from Microsoft Store, and line-of-business (LOB) apps that you've accepted into your inventory. After LOB apps are submitted to your organization, you'll see a notification on your **Apps & software** page. On the **New LOB apps** tab, you can accept, or reject the LOB apps. For more information on LOB apps, see [Working with line-of-business apps](working-with-line-of-business-apps.md). The inventory page includes apps acquired by all people in your organization with the Store for Business Admin role. 
 
@@ -61,12 +63,12 @@ Each app in the Store for Business has an online, or an offline license. For mor
 
 | Action | Online-licensed app | Offline-licensed app |
 | ------ | ------------------- | -------------------- |
-| Assign to employees | X |  |
-| Add to private store | X |  |
-| Remove from private store | X |  |
-| View license details | X |  |
-| View product details | X | X |
-| Download for offline use | | X |
+| Assign to employees | ✔️ |  |
+| Add to private store | ✔️ |  |
+| Remove from private store | ✔️ |  |
+| View license details | ✔️ |  |
+| View product details | ✔️ | ✔️ |
+| Download for offline use | | ✔️ |
 
 The actions in the table are how you distribute apps, and manage app licenses. We'll cover those in the next sections. Working with offline-licensed apps has different steps. For more information on distributing offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md).
 
diff --git a/store-for-business/apps-in-microsoft-store-for-business.md b/store-for-business/apps-in-microsoft-store-for-business.md
index 1d6558570e..4e4499a673 100644
--- a/store-for-business/apps-in-microsoft-store-for-business.md
+++ b/store-for-business/apps-in-microsoft-store-for-business.md
@@ -12,7 +12,7 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 10/17/2017
+ms.date: 07/21/2021
 ---
 
 # Apps in Microsoft Store for Business and Education
@@ -21,7 +21,9 @@ ms.date: 10/17/2017
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 Microsoft Store for Business and Education has thousands of apps from many different categories.
 
diff --git a/store-for-business/assign-apps-to-employees.md b/store-for-business/assign-apps-to-employees.md
index 5e7a6fcb96..a718684e7e 100644
--- a/store-for-business/assign-apps-to-employees.md
+++ b/store-for-business/assign-apps-to-employees.md
@@ -12,7 +12,7 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 10/13/2017
+ms.date: 07/21/2021
 ---
 
 # Assign apps to employees
@@ -21,7 +21,9 @@ ms.date: 10/13/2017
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 Admins, Purchasers, and Basic Purchasers can assign online-licensed apps to employees or students in their organization.
 
diff --git a/store-for-business/billing-payments-overview.md b/store-for-business/billing-payments-overview.md
index 9176f1da3d..add114e633 100644
--- a/store-for-business/billing-payments-overview.md
+++ b/store-for-business/billing-payments-overview.md
@@ -10,13 +10,16 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 03/01/2019
+ms.date: 07/21/2021
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Billing and payments
 
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
 Access invoices and managed your payment methods.
 
 ## In this section
diff --git a/store-for-business/billing-profile.md b/store-for-business/billing-profile.md
index 9dc8364aff..284e5f8a87 100644
--- a/store-for-business/billing-profile.md
+++ b/store-for-business/billing-profile.md
@@ -10,12 +10,16 @@ author: trudyha
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 03/01/2019
+ms.date: 07/21/2021
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Understand billing profiles
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
 For commercial customers purchasing software or hardware products from Microsoft using a Microsoft customer agreement, billing profiles let you customize what products are included on your invoice, and how you pay your invoices. 
 
 Billing profiles include:
diff --git a/store-for-business/billing-understand-your-invoice-msfb.md b/store-for-business/billing-understand-your-invoice-msfb.md
index ace1ea2092..725ba3bd9f 100644
--- a/store-for-business/billing-understand-your-invoice-msfb.md
+++ b/store-for-business/billing-understand-your-invoice-msfb.md
@@ -9,13 +9,16 @@ author: trudyha
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 03/01/2019
+ms.date: 07/21/2021
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Understand your Microsoft Customer Agreement invoice
 
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
 The invoice provides a summary of your charges and provides instructions for payment. It’s available for
 download in the Portable Document Format (.pdf) for commercial customers from Microsoft Store for Business [Microsoft Store for Business - Invoice](https://businessstore.microsoft.com/manage/payments-billing/invoices) or can be sent via email. This article applies to invoices generated for a Microsoft Customer Agreement billing account. Check if you have a [Microsoft Customer Agreement](https://businessstore.microsoft.com/manage/organization/agreements).
 
@@ -48,7 +51,7 @@ invoice and descriptions for each term.
 
 The **Invoice Summary** is on the top of the first page and shows information about your billing profile and how you pay.
 
-![Invoice summary section](images/invoicesummary.png)
+![Invoice summary section.](images/invoicesummary.png)
 
 
 | Term | Description |
@@ -65,7 +68,7 @@ The **Invoice Summary** is on the top of the first page and shows information ab
 The **Billing Summary**  shows the charges against the billing profile since the previous billing period, any credits that were applied, tax, and the total amount due.
 
 
-![Billing summary section](images/billingsummary.png)
+![Billing summary section.](images/billingsummary.png)
 
 | Term | Description |
 | --- | --- |
@@ -88,7 +91,7 @@ The total amount due for each service family is calculated by subtracting Azure
 
 `Total = Charges/Credits - Azure Credit + Tax`
 
-![Details by invoice section](images/invoicesectiondetails.png)
+![Details by invoice section.](images/invoicesectiondetails.png)
 
 | Term |Description |
 | --- | --- |
@@ -107,10 +110,10 @@ At the bottom of the invoice, there are instructions for paying your bill. You c
 If you have third-party services in your bill, the name and address of each publisher is listed at the bottom of your invoice.
 
 ## Next steps
-If there are Azure charges on your invoice that you would like more details on, see [Understand the Azure charges on your Microsoft Customer Agreement invoice](/azure/billing/billing-understand-your-invoice-mca).
+If there are Azure charges on your invoice that you would like more details on, see [Understand the Azure charges on your Microsoft Customer Agreement invoice](/azure/cost-management-billing/understand/mca-understand-your-invoice).
 
 ## Need help? Contact us.
 
 If you have questions or need help with your Azure charges, [create a support request with Azure support](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest).
 
-If you have questions or need help with your invoice in Microsoft Store for Business, [create a support request with Store for Business support](https://businessstore.microsoft.com/manage/support/summary).
\ No newline at end of file
+If you have questions or need help with your invoice in Microsoft Store for Business, [create a support request with Store for Business support](https://businessstore.microsoft.com/manage/support/summary).
diff --git a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
index d88fc241aa..0249a8b606 100644
--- a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
+++ b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
@@ -12,14 +12,17 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 1/6/2018
+ms.date: 07/21/2021
 ---
 
 # Configure an MDM provider
 
 **Applies to**
+
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses. Store for Business management tool services work with your third-party management tool to manage content.
 
@@ -42,7 +45,7 @@ After your management tool is added to your Azure AD directory, you can configur
 3. From the list of MDM tools, select the one you want to synchronize with Microsoft Store, and then click **Activate.**
 
 Your MDM tool is ready to use with Microsoft Store. To learn how to configure synchronization and deploy apps, see these topics:
-- [Manage apps you purchased from Microsoft Store for Business with Microsoft Intune](/intune-classic/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)
+- [Manage apps you purchased from Microsoft Store for Business with Microsoft Intune](/mem/intune/apps/windows-store-for-business)
 - [Manage apps from Microsoft Store for Business with Microsoft Endpoint Configuration Manager](/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
 
 For third-party MDM providers or management servers, check your product documentation.
\ No newline at end of file
diff --git a/store-for-business/device-guard-signing-portal.md b/store-for-business/device-guard-signing-portal.md
index 6ad01e0f88..dbccbf3bae 100644
--- a/store-for-business/device-guard-signing-portal.md
+++ b/store-for-business/device-guard-signing-portal.md
@@ -12,11 +12,18 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 10/17/2017
+ms.date: 07/21/2021
 ---
 
 # Device Guard signing
 
+**Applies to**
+
+-   Windows 10
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
 > [!IMPORTANT]
 > We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
 >
@@ -34,13 +41,7 @@ ms.date: 10/17/2017
 >
 > For any questions, please contact us at DGSSMigration@microsoft.com. 
 
-
-**Applies to**
-
--   Windows 10
--   Windows 10 Mobile
-
-Device Guard signing is a Device Guard feature that is available in Microsoft Store for Business and Education. It gives admins a single place to sign catalog files and code integrity policies. After admins have created catalog files for unsigned apps and signed the catalog files, they can add the signers to a code integrity policy. You can merge the code integrity policy with your existing policy to include your custom signing certificate. This allows you to trust the catalog files.
+Device Guard signing is a Device Guard feature that gives admins a single place to sign catalog files and code integrity policies. After admins have created catalog files for unsigned apps and signed the catalog files, they can add the signers to a code integrity policy. You can merge the code integrity policy with your existing policy to include your custom signing certificate. This allows you to trust the catalog files.
 
 Device Guard is a feature set that consists of both hardware and software system integrity hardening features. These features use new virtualization-based security options and the trust-nothing mobile device operating system model. A key feature in this model is called configurable code integrity, which allows your organization to choose exactly which software or trusted software publishers are allowed to run code on your client machines. Also, Device Guard offers organizations a way to sign existing line-of-business (LOB) applications so that they can trust their own code, without the requirement that the application be repackaged. Also, this same method of signing allows organizations to trust individual third-party applications. For more information, see [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
 
@@ -51,6 +52,132 @@ Device Guard is a feature set that consists of both hardware and software system
 | [Add unsigned app to code integrity policy](add-unsigned-app-to-code-integrity-policy.md) | When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device. Then, create the catalog files for your unsigned app, sign the catalog files, and then merge the default policy that includes your signing certificate with existing code integrity policies. |
 | [Sign code integrity policy with Device Guard signing](sign-code-integrity-policy-with-device-guard-signing.md) | Signing code integrity policies prevents policies from being tampered with after they're deployed. You can sign code integrity policies with the Device Guard signing portal. |
 
+## Device Guard Signing Service (v2) PowerShell Commands
+
+> [!NOTE]
+> [.. common ..] are parameters common across all commands that are documented below the command definitions.
+
+**Get-DefaultPolicy** Gets the default .xml policy file associated with the current tenant.
+
+- Usage:
+
+  ```powershell
+  Get-DefaultPolicy -OutFile filename [-PassThru] [.. common ..]
+  ```
+
+- Parameters:
+
+  **OutFile** - string, mandatory - The filename where the default policy file should be persisted to disk. The file name should be an .xml file. If the file already            exists, it will be overwritten (note: create the folder first).
+      
+  **PassThru** - switch, optional - If present, returns an XmlDocument object returning the default policy file.
+      
+- Command running time: 
+
+  The average running time is under 20 seconds but may be up to 3 minutes.
+      
+**Get-RootCertificate** Gets the root certificate for the current tenant. All Authenticode and policy signing certificates will eventually chain up to this root certificate.
+
+- Usage:
+
+  ```powershell
+  Get-RootCertificate -OutFile filename [-PassThru] [.. common ..]
+  ```
+     
+- Parameters:
+
+  **OutFile** - string, mandatory - The filename where the root certificate file should be persisted to disk. The file name should be a .cer file. If the file already          exists, it will be overwritten (note: create the folder first).
+     
+  **PassThru** - switch, optional - If present, returns an X509Certificate2 object returning the default policy file.
+
+- Command running time: 
+
+  The average running time is under 20 seconds but may be up to 3 minutes.
+
+**Get-SigningHistory** Gets information for the latest 100 files signed by the current tenant. Results are returned as a collection with elements in reverse chronological order (most recent to least recent).
+
+- Usage:
+
+  ```powershell
+  Get-SigningHistory -OutFile filename [-PassThru] [.. common ..]
+  ```
+
+- Parameters:
+
+  **OutFile** - string, mandatory - The filename where the signing history file should be persisted to disk. The file name should be a .xml file. If the file already exists,  it will be overwritten (note: create the folder first).
+
+  **PassThru** - switch, optional - If present, returns XML objects returning the XML file.
+
+- Command running time: 
+
+  The average running time is under 10 seconds.
+
+**Submit-SigningJob** Submits a file to the service for signing and timestamping. The module supports valid file type for Authenticode signing is Catalog file (.cat). Valid    file type for policy signing is binary policy files with the extension (.bin) that have been created via the ConvertFrom-CiPolicy cmdlet. Otherwise, binary policy file may not be deployed properly. 
+
+- Usage: 
+
+  ```powershell
+  Submit-SigningJob -InFile filename -OutFile filename [-NoTimestamp][- TimeStamperUrl "timestamper url"] [-JobDescription "description"] [.. common ..]
+  ```
+
+- Parameters:
+
+  **InFile** - string, mandatory - The file to be signed. This should be a file of the types described in description above (.cat or .bin).
+
+  **OutFile** - string, mandatory - The output file that should be generated by the signing process. If this file already exists, it will be overwritten. (note: create the     folder first)
+
+  **NoTimestamp** - switch, optional - If present, the signing operation will skip timestamping the output file, and it will be signed only. If not present (default) and       TimeStamperUrl presents, the output file will be both signed and timestamped. If both NoTimestamp and TimeStamperUrl not present, the signing operation will skip             timestamping the output file, and it will be signed only.
+
+  **TimeStamperUrl** - string, optional - If this value is invalid Url (and NoTimestamp not present), the module will throw exception. To understand more about timestamping,   refer to [Timestamping](/windows/msix/package/signing-package-overview#timestamping).
+  
+  **JobDescription** - string, optional - A short (< 100 chars), human-readable description of this submission. If the script is being called as part of an automated build     rocess the agent may wish to pass a version number or changeset number for this field. This information will be provided as part of the results of the Get-SigningHistory     command.
+
+**Submit-SigningV1MigrationPolicy** Submits a file to the service for signing and timestamping. The only valid file type for policy 
+signing is binary policy files with the extension (.bin) that have been created via the [ConvertFromCiPolicy](/powershell/module/configci/convertfrom-cipolicy) cmdlet. Otherwise, binary policy file may not be deployed properly. Note: Only use for V1 migration.
+
+- Usage:
+
+  ```powershell
+  Submit-SigningV1MigrationPolicy -InFile filename -OutFile filename [-NoTimestamp][-TimeStamperUrl "timestamper url"] [-JobDescription "description"] [.. common ..]
+  ```
+
+- Parameters:
+
+  **InFile** - string, mandatory - The file to be signed. This should be a file of the types described in  description above (.bin).
+
+  **OutFile** - string, mandatory - The output file that should be generated by the signing process. If this file already exists, it will be overwritten.
+  
+  > [!NOTE]
+  > Create the folder first.
+
+  **NoTimestamp** - switch, optional - If present, the signing operation will skip timestamping the output file, and it will be signed only. If not present (default) and       TimeStamperUrl presents, the output file will be both signed and timestamped. If both NoTimestamp and TimeStamperUrl not present, the signing operation will skip             timestamping the output file, and it will be signed only.
+
+  **TimeStamperUrl** - string, optional - If this value is invalid Url (and NoTimestamp not present), the module will throw exception. To understand more about timestamping,   refer to [Timestamping](/windows/msix/package/signing-package-overview#timestamping).
+
+  **JobDescription** - string, optional - A short (< 100 chars), human-readable description of this submission. If the script is being called as part of an automated build     process the agent may wish to pass a version number or changeset number for this field. This information will be provided as part of the results of the Get-SigningHistory     command.
+
+- Command running time: 
+
+  The average running time is under 20 seconds but may be up to 3 minutes.
+
+**Common parameters [.. common ..]**
+
+In addition to cmdlet-specific parameters, each cmdlet understands the following common parameters.
+
+- Usage:
+
+  ```powershell
+  ... [-NoPrompt] [-Credential $creds] [-AppId AppId] [-Verbose]
+  ```
+
+- Parameters:
+
+  **NoPrompt** - switch, optional - If present, indicates that the script is running in a headless 
+  environment and that all UI should be suppressed. If UI must be displayed (e.g., for 
+  authentication) when the switch is set, the operation will instead fail.
+
+  **Credential + AppId** - PSCredential - A login credential (username and password) and AppId.
+
+
 ## File and size limits
 When you're uploading files for Device Guard signing, there are a few limits for files and file size:
 
@@ -60,7 +187,7 @@ When you're uploading files for Device Guard signing, there are a few limits for
 | Maximum size for multiple files (uploaded in a group) | 4 MB     |
 | Maximum number of files per upload                    | 15 files |
 
- ## File types
+## File types
 Catalog and policy files have required files types.
 
 | File          | Required file type |
@@ -68,7 +195,7 @@ Catalog and policy files have required files types.
 | catalog files | .cat               |
 | policy files  | .bin               |
 
- ## Store for Business roles and permissions
+## Store for Business roles and permissions
 Signing code integrity policies and access to Device Guard portal requires the Device Guard signer role.
 
 ## Device Guard signing certificates
diff --git a/store-for-business/distribute-apps-from-your-private-store.md b/store-for-business/distribute-apps-from-your-private-store.md
index d45e508ac3..c0ccce55a6 100644
--- a/store-for-business/distribute-apps-from-your-private-store.md
+++ b/store-for-business/distribute-apps-from-your-private-store.md
@@ -12,7 +12,7 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 10/31/2018
+ms.date: 07/21/2021
 ---
 
 # Distribute apps using your private store
@@ -20,7 +20,9 @@ ms.date: 10/31/2018
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 The private store is a feature in Microsoft Store for Business and Education that organizations receive during the signup process. When admins add apps to the private store, all employees in the organization can view and download the apps. Your private store is available as a tab in Microsoft Store app, and is usually named for your company or organization. Only apps with online licenses can be added to the private store.
 
diff --git a/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md b/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md
index dd349cde72..723648db24 100644
--- a/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md
+++ b/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md
@@ -12,7 +12,7 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 10/13/2017
+ms.date: 07/21/2021
 ---
 
 # Distribute apps to your employees from Microsoft Store for Business and Education
@@ -21,7 +21,9 @@ ms.date: 10/13/2017
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 Distribute apps to your employees from Microsoft Store for Business and Microsoft Store for Education. You can assign apps to employees, or let employees install them from your private store.
 
diff --git a/store-for-business/distribute-apps-with-management-tool.md b/store-for-business/distribute-apps-with-management-tool.md
index 25668ad815..38c26e9d99 100644
--- a/store-for-business/distribute-apps-with-management-tool.md
+++ b/store-for-business/distribute-apps-with-management-tool.md
@@ -12,7 +12,7 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 10/17/2017
+ms.date: 07/21/2021
 ---
 
 # Distribute apps with a management tool
@@ -21,13 +21,15 @@ ms.date: 10/17/2017
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 You can configure a mobile device management (MDM) tool to synchronize your Microsoft Store for Business or Microsoft Store for Education inventory. Microsoft Store management tool services work with MDM tools to manage content.
 
 Your MDM tool needs to be installed and configured in Azure AD, in the same Azure AD directory used with Microsoft Store.
 
-In Azure AD management portal, find the MDM application, and then add it to your directory. Once the MDM has been configured in Azure AD, you can authorize the tool to work with the Microsoft Store for Business or Microsoft Store for Education. This allows the MDM tool to call Microsoft Store management tool services. For more information, see [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md) and [Manage apps you purchased from the Microsoft Store for Business with Microsoft Intune](/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune).
+In Azure AD management portal, find the MDM application, and then add it to your directory. Once the MDM has been configured in Azure AD, you can authorize the tool to work with the Microsoft Store for Business or Microsoft Store for Education. This allows the MDM tool to call Microsoft Store management tool services. For more information, see [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md) and [Manage apps you purchased from the Microsoft Store for Business with Microsoft Intune](/mem/intune/apps/windows-store-for-business).
 
 Microsoft Store services provide:
 
@@ -59,4 +61,5 @@ This diagram shows how you can use a management tool to distribute an online-lic
 ## Related topics
 
 [Configure MDM Provider](configure-mdm-provider-microsoft-store-for-business.md)
-[Manage apps you purchased from the Microsoft Store for Business and Education with Microsoft Intune](/intune-classic/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)
\ No newline at end of file
+
+[Manage apps you purchased from the Microsoft Store for Business and Education with Microsoft Intune](/mem/intune/apps/windows-store-for-business)
diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md
index ef91d0dd74..5ee0219d23 100644
--- a/store-for-business/distribute-offline-apps.md
+++ b/store-for-business/distribute-offline-apps.md
@@ -12,7 +12,7 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 10/17/2017
+ms.date: 07/21/2021
 ---
 
 # Distribute offline apps
@@ -21,7 +21,9 @@ ms.date: 10/17/2017
 **Applies to:**
 
 - Windows 10
-- Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 Offline licensing is a new licensing option for Windows 10 with Microsoft Store for Business and Microsoft Store for Education. With offline licenses, organizations can download apps and their licenses to deploy within their network, or on devices that are not connected to the Internet. ISVs or devs can opt-in their apps for offline licensing when they submit them to the Windows Dev Center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store for Business and Microsoft Store for Education. This model allows organizations to deploy apps when users or devices do not have connectivity to the Store.
 
diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json
index 2a30faf3ef..bf0a63a161 100644
--- a/store-for-business/docfx.json
+++ b/store-for-business/docfx.json
@@ -31,6 +31,7 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
+      "recommendations": true,
       "breadcrumb_path": "/microsoft-store/breadcrumb/toc.json",
       "ms.author": "trudyha",
       "audience": "ITPro",
diff --git a/store-for-business/find-and-acquire-apps-overview.md b/store-for-business/find-and-acquire-apps-overview.md
index ef2a60a52a..9a624bd3c0 100644
--- a/store-for-business/find-and-acquire-apps-overview.md
+++ b/store-for-business/find-and-acquire-apps-overview.md
@@ -12,7 +12,7 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 10/17/2017
+ms.date: 07/21/2021
 ---
 
 # Find and acquire apps
@@ -21,7 +21,9 @@ ms.date: 10/17/2017
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 Use the Microsoft Store for Business and Education to find apps for your organization. You can also work with developers to create line-of-business apps that are only available to your organization.
 
diff --git a/store-for-business/includes/store-for-business-content-updates.md b/store-for-business/includes/store-for-business-content-updates.md
index 1f83558533..5555b333e4 100644
--- a/store-for-business/includes/store-for-business-content-updates.md
+++ b/store-for-business/includes/store-for-business-content-updates.md
@@ -2,8 +2,10 @@
 

 
 
-## Week of April 26, 2021
+## Week of April 25, 2022
 
 
 | Published On |Topic title | Change |
 |------|------------|--------|
+| 4/28/2022 | [Prerequisites for Microsoft Store for Business and Education (Windows 10)](/microsoft-store/prerequisites-microsoft-store-for-business) | modified |
+| 4/28/2022 | [Prerequisites for Microsoft Store for Business and Education (Windows 10)](/microsoft-store/prerequisites-microsoft-store-for-business) | modified |
diff --git a/store-for-business/index.md b/store-for-business/index.md
index ff6016354d..83186f8f8b 100644
--- a/store-for-business/index.md
+++ b/store-for-business/index.md
@@ -11,7 +11,7 @@ author: cmcatee-MSFT
 manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: high
-ms.date: 03/10/2021
+ms.date: 07/21/2021
 ---
 
 # Microsoft Store for Business and Education
@@ -19,7 +19,9 @@ ms.date: 03/10/2021
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 Welcome to the Microsoft Store for Business and Education! You can use Microsoft Store to find, acquire, distribute, and manage apps for your organization or school.
 
diff --git a/store-for-business/manage-access-to-private-store.md b/store-for-business/manage-access-to-private-store.md
index 101a3006be..35b33daedd 100644
--- a/store-for-business/manage-access-to-private-store.md
+++ b/store-for-business/manage-access-to-private-store.md
@@ -11,7 +11,7 @@ ms.pagetype: store
 author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
-ms.date: 10/17/2017
+ms.date: 07/21/2021
 ---
 
 # Manage access to private store
@@ -20,7 +20,9 @@ ms.date: 10/17/2017
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 You can manage access to your private store in Microsoft Store for Business and Microsoft Store for Education.
 
@@ -37,9 +39,9 @@ Organizations can use either an MDM policy, or Group Policy to show only their p
 Organizations using an MDM to manage apps can use a policy to show only the private store. When your MDM supports Microsoft Store for Business, the MDM can use the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider). More specifically, the [ApplicationManagement/RequirePrivateStoreOnly](/windows/client-management/mdm/policy-configuration-service-provider#ApplicationManagement_RequirePrivateStoreOnly) policy. 
 
 **ApplicationManagement/RequirePrivateStoreOnly** policy is supported on the following Windows 10 editions:
+
 - Enterprise
 - Education
-- Mobile
 
 For more information on configuring an MDM provider, see [Configure an MDM provider](./configure-mdm-provider-microsoft-store-for-business.md). 
 
@@ -48,6 +50,7 @@ For more information on configuring an MDM provider, see [Configure an MDM provi
 If you're using Microsoft Store and you want employees to only see apps you're managing in your private store, you can use Group Policy to show only the private store. Microsoft Store app will still be available, but employees can't view or purchase apps. Employees can view and install apps that the admin has added to your organization's private store.  
 
 **Only display the private store within Microsoft Store app** group policy is supported on the following Windows 10 editions:
+
 - Enterprise
 - Education
 
diff --git a/store-for-business/manage-apps-microsoft-store-for-business-overview.md b/store-for-business/manage-apps-microsoft-store-for-business-overview.md
index eb8e54c5f3..bc995342eb 100644
--- a/store-for-business/manage-apps-microsoft-store-for-business-overview.md
+++ b/store-for-business/manage-apps-microsoft-store-for-business-overview.md
@@ -12,7 +12,7 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 10/17/2017
+ms.date: 07/21/2021
 ---
 
 # Manage apps in Microsoft Store for Business and Education
@@ -20,7 +20,9 @@ ms.date: 10/17/2017
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 Manage products and services in Microsoft Store for Business and Microsoft Store for Education. This includes apps, software, products, devices, and services available under **Products & services**. 
 
diff --git a/store-for-business/manage-mpsa-software-microsoft-store-for-business.md b/store-for-business/manage-mpsa-software-microsoft-store-for-business.md
deleted file mode 100644
index be333e3e06..0000000000
--- a/store-for-business/manage-mpsa-software-microsoft-store-for-business.md
+++ /dev/null
@@ -1,63 +0,0 @@
----
-title: Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business
-description: Software purchased under Microsoft Products and Services Agreement (MPSA) can be managed in Microsoft Store for Business
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store
-author: TrudyHa
-ms.author: TrudyHa
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 3/20/2018
-ms.reviewer: 
-manager: dansimp
----
-
-# Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business
-
-**Applies to**
-
--   Windows 10
--   Windows 10 Mobile
-
-Software purchased with the Microsoft Products and Services Agreement (MPSA) can now be managed in Microsoft Store for Business. This allows customers to manage online software purchases in one location.
-
-There are a couple of things you might need to set up to manage MPSA software purchases in Store for Business.
-
-**To manage MPSA software in Microsoft Store for Business**
-1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com).
-2. Click **Manage**, and then click **My Organization**.
-3. Click **Connected tenants** to see purchasing accounts and the tenants that they are connected to.
-
-## Add tenant
-The tenant or tenants that are added to your purchasing account control how you can distribute software to people in your organization. If there isn't a tenant listed for your purchasing account, you'll need to add one before you can use or manage the software you've purchased. When we give you a list to choose from, tenants are grouped by domain.
-
-**To add a tenant to a purchasing account**
-1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com).
-2. Click **Manage**, and then click **My Organization**.
-3. Click **Connected tenants**, and then click the ellipses for a purchasing account without a tenant listed.
-4. Click **Choose a tenant**, and then click **Submit**.
-
-If you don't see your tenant in the list, you can add the name of your tenant
-
-**To add the name of your tenant**
-1. On **Add a tenant**, click **Don't see your tenant?**.
-2. Enter a domain name, and then click **Next**, and then click **Done**.
-
-You'll need to get permissions for the admin that manages the domain you want to add. We'll take you to Business Center Portal where you can manage permissions and roles. The admin will need to be the **Account Manager**.
-
-## Add global admin
-In some cases, we might not have info on who the global admin is for the tenant that you select. It might be that the tenant is unmanaged, and you'll need to identify a global admin. Or, you might only need to share account info for the global admin.
-
-If you need to nominate someone to be the global admin, they need sufficient permissions:
-- someone who can distribute software
-- in Business Center Portal (BCP), it should be someone with **Agreement Admin** role
-
-**To add a global admin to a tenant**
-
-We'll ask for a global admin if we need that info when you add a tenant to a purchasing account. You'd see the request for a global admin before returning to **Store for Business**.
-
--  On **Add a Global Admin**, click **Make me the Global Admin**, and then click **Submit**.
--or-
--  On **Add a Global Admin**, type a name in **Invite someone else**, and then click **Submit**.
diff --git a/store-for-business/manage-orders-microsoft-store-for-business.md b/store-for-business/manage-orders-microsoft-store-for-business.md
index 91a18494e2..14825fb5b5 100644
--- a/store-for-business/manage-orders-microsoft-store-for-business.md
+++ b/store-for-business/manage-orders-microsoft-store-for-business.md
@@ -9,13 +9,16 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 11/10/2017
+ms.date: 07/21/2021
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Manage app orders in Microsoft Store for Business and Education
 
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
 After you've acquired apps, you can review order information and invoices on **Order history**. On this page, you can view invoices, and request refunds.
 
 **Order history** lists orders in chronological order and shows:
diff --git a/store-for-business/manage-private-store-settings.md b/store-for-business/manage-private-store-settings.md
index 32c45c18ee..5ec635a24d 100644
--- a/store-for-business/manage-private-store-settings.md
+++ b/store-for-business/manage-private-store-settings.md
@@ -11,7 +11,7 @@ ms.pagetype: store
 author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
-ms.date: 3/29/2018
+ms.date: 07/21/2021
 ms.localizationpriority: medium
 ---
 
@@ -20,7 +20,9 @@ ms.localizationpriority: medium
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 The private store is a feature in Microsoft Store for Business and Education that organizations receive during the sign up process. When admins add apps to the private store, all people in the organization can view and download the apps. Only online-licensed apps can be distributed from your private store.
 
diff --git a/store-for-business/manage-settings-microsoft-store-for-business.md b/store-for-business/manage-settings-microsoft-store-for-business.md
index 351bc09205..f271481d73 100644
--- a/store-for-business/manage-settings-microsoft-store-for-business.md
+++ b/store-for-business/manage-settings-microsoft-store-for-business.md
@@ -12,7 +12,7 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 2/19/2018
+ms.date: 07/21/2021
 ---
 
 # Manage settings for Microsoft Store for Business and Education
@@ -20,7 +20,9 @@ ms.date: 2/19/2018
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 You can add users and groups, as well as update some of the settings associated with the Azure Active Directory (AD) tenant.
 
diff --git a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
index 41a52bfdf1..5253b14c06 100644
--- a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
+++ b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
@@ -12,7 +12,7 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 10/17/2017
+ms.date: 07/21/2021
 ---
 
 # Manage user accounts in Microsoft Store for Business and Education
@@ -21,7 +21,9 @@ ms.date: 10/17/2017
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 Microsoft Store for Business and Education manages permissions with a set of roles. Currently, you can [assign these roles to individuals in your organization](roles-and-permissions-microsoft-store-for-business.md), but not to groups.
 
@@ -39,8 +41,8 @@ For more information on Azure AD, see [About Office 365 and Azure Active Directo
 ## Add user accounts to your Azure AD directory
 If you created a new Azure AD directory when you signed up for Store for Business, you'll have a directory set up with one user account - the global administrator. That global administrator can add user accounts to your Azure AD directory. However, adding user accounts to your Azure AD directory will not give those employees access to Store for Business. You'll need to assign Store for Business roles to your employees. For more information, see [Roles and permissions in the Store for Business.](roles-and-permissions-microsoft-store-for-business.md)
 
-You can use the [Office 365 admin dashboard](https://portal.office.com/adminportal) or [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=691086) to add user accounts to your Azure AD directory. If you'll be using Azure management portal, you'll need an active subscription to [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=708617).
+You can use the [Office 365 admin dashboard](https://portal.office.com/adminportal) or [Azure management portal](https://portal.azure.com/) to add user accounts to your Azure AD directory. If you'll be using Azure management portal, you'll need an active subscription to [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=708617).
 
 For more information, see:
-- [Add user accounts using Office 365 admin dashboard](https://support.office.com/en-us/article/add-users-individually-or-in-bulk-to-office-365-admin-help-1970f7d6-03b5-442f-b385-5880b9c256ec)
+- [Add user accounts using Office 365 admin dashboard](/microsoft-365/admin/add-users)
 - [Add user accounts using Azure management portal](/azure/active-directory/fundamentals/add-users-azure-active-directory)
\ No newline at end of file
diff --git a/store-for-business/microsoft-store-for-business-education-powershell-module.md b/store-for-business/microsoft-store-for-business-education-powershell-module.md
index 04c86ceb64..fd4d4e8c20 100644
--- a/store-for-business/microsoft-store-for-business-education-powershell-module.md
+++ b/store-for-business/microsoft-store-for-business-education-powershell-module.md
@@ -9,7 +9,7 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 10/22/2017
+ms.date: 07/21/2021
 ms.reviewer: 
 manager: dansimp
 ---
@@ -19,6 +19,9 @@ manager: dansimp
 **Applies to**
 -   Windows 10
 
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
 Microsoft Store for Business and Education PowerShell module (preview) is now available on [PowerShell Gallery](https://go.microsoft.com/fwlink/?linkid=853459).
 
 > [!NOTE]
@@ -43,7 +46,7 @@ All of the **Microsoft Store for Business and Education** PowerShell cmdlets fol
 
 ## Install Microsoft Store for Business and Education PowerShell module
 > [!NOTE]
-> Installing **Microsoft Store for Business and Education** PowerShell model using **PowerShellGet** requires [Windows Management Framework 5.0](https://www.microsoft.com/download/details.aspx?id=48729). The framework is included with Windows 10 by default).
+> Installing **Microsoft Store for Business and Education** PowerShell model using **PowerShellGet** requires [Windows Management Framework 5.0](https://www.microsoft.com/download/details.aspx?id=54616). The framework is included with Windows 10 by default).
 
 To install **Microsoft Store for Business and Education PowerShell** with PowerShellGet, run this command:
 
@@ -88,7 +91,7 @@ Get-MSStoreInventory
 >1. Sign in to [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=691845) or [Microsoft Store for Education](https://businessstore.microsoft.com/).
 >2. Click **Manage** and then choose **Apps & software**.
 >3. Click the line-of-business app. The URL of the page will contain the product ID and SKU as part of the URL. For example:
->![Url after apps/ is product id and next is SKU](images/lob-sku.png)
+>![Url after apps/ is product id and next is SKU.](images/lob-sku.png)
 
 ## View people assigned to a product
 Most items in **Products and Services** in **Microsoft Store for Business and Education** need to be assigned to people in your org. You can view the people in your org assigned to a specific product by using these commands:
diff --git a/store-for-business/microsoft-store-for-business-overview.md b/store-for-business/microsoft-store-for-business-overview.md
index 8028bd2d6b..a3cab33039 100644
--- a/store-for-business/microsoft-store-for-business-overview.md
+++ b/store-for-business/microsoft-store-for-business-overview.md
@@ -4,7 +4,7 @@ description: With Microsoft Store for Business and Microsoft Store for Education
 ms.assetid: 9DA71F6B-654D-4121-9A40-D473CC654A1C
 ms.reviewer: 
 ms.prod: w10
-ms.pagetype: store, mobile
+ms.pagetype: store
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.author: cmcatee
@@ -12,7 +12,7 @@ author: cmcatee-MSFT
 manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 03/10/2021
+ms.date: 07/21/2021
 ---
 
 # Microsoft Store for Business and Microsoft Store for Education overview
@@ -20,12 +20,14 @@ ms.date: 03/10/2021
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 > [!IMPORTANT]
 > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
 
-Designed for organizations, Microsoft Store for Business and Microsoft Store for Education give IT decision makers and administrators in businesses or schools a flexible way to find, acquire, manage, and distribute free and paid apps in select markets to Windows 10 devices in volume. IT administrators can manage Microsoft Store apps and private line-of-business apps in one inventory, plus assign and re-use licenses as needed. You can choose the best distribution method for your organization: directly assign apps to individuals and teams, publish apps to private pages in Microsoft Store, or connect with management solutions for more options.
+Designed for organizations, Microsoft Store for Business and Microsoft Store for Education give IT decision makers and administrators in businesses or schools a flexible way to find, acquire, manage, and distribute free and paid apps in select markets to Windows 10 devices in volume. IT administrators can manage Microsoft Store apps and private line-of-business apps in one inventory, plus assign and re-use licenses as needed. You can choose the best distribution method for your organization: directly assign apps to individuals and teams, publish apps to private pages in Microsoft Store, or connect with management solutions for more options. There will be no support for Microsoft Store for Business and Education on Windows 11.
 
 > [!IMPORTANT]
 > Customers who are in the Office 365 GCC environment or are eligible to buy with government pricing cannot use Microsoft Store for Business.
@@ -89,10 +91,10 @@ After your admin signs up for the Store for Business and Education, they can ass
 
 | Permission | Account settings | Acquire apps | Distribute apps | Device Guard signing |
 | ---------- | ---------------- | ------------ | --------------- | -------------------- |
-| Admin | X | X | X |  |
-| Purchaser |  | X | X |  |
-| Device Guard signer |  |  |  | X |
-| Basic purchaser |  | X | X |  |
+| Admin | ✔️ | ✔️ | ✔️ |  |
+| Purchaser |  | ✔️ | ✔️ |  |
+| Device Guard signer |  |  |  | ✔️ |
+| Basic purchaser |  | ✔️ | ✔️ |  |
 
 > [!NOTE]
 > Currently, the Basic purchaser role is only available for schools using Microsoft Store for Education. For more information, see [Microsoft Store for Education permissions](/education/windows/education-scenarios-store-for-business?toc=%2fmicrosoft-store%2feducation%2ftoc.json#manage-domain-settings).
@@ -162,184 +164,164 @@ For more information, see [Manage settings in the Store for Business](manage-set
 Store for Business and Education is currently available in these markets.
 
 ### Support for free and paid products
-
-   
-        
-   
-   
-     
-     
-     
-    
-   
-
                    Supports all free and paid products
                    
-        
                      
-            
                    • Afghanistan
                      • 
-            
                    • Algeria
                      • 
-            
                    • Andorra
                      • 
-            
                    • Angola
                      • 
-            
                    • Anguilla
                      • 
-            
                    • Antigua and Barbuda
                      • 
-            
                    • Argentina
                      • 
-            
                    • Australia
                      • 
-            
                    • Austria
                      • 
-            
                    • Bahamas
                      • 
-            
                    • Bahrain
                      • 
-            
                    • Bangladesh
                      • 
-            
                    • Barbados
                      • 
-            
                    • Belgium
                      • 
-            
                    • Belize
                      • 
-            
                    • Bermuda
                      • 
-            
                    • Benin
                      • 
-            
                    • Bhutan
                      • 
-            
                    • Bolivia
                      • 
-            
                    • Bonaire
                      • 
-            
                    • Botswana
                      • 
-            
                    • Brunei Darussalam
                      • 
-            
                    • Bulgaria
                      • 
-            
                    • Burundi
                      • 
-            
                    • Cambodia
                      • 
-            
                    • Cameroon
                      • 
-            
                    • Canada
                      • 
-            
                    • Cayman Islands
                      • 
-            
                    • Chile
                      • 
-            
                    • Colombia
                      • 
-            
                    • Comoros
                      • 
-            
                    • Costa Rica
                      • 
-            
                    • Côte D'ivoire
                      • 
-            
                    • Croatia
                      • 
-            
                    • Curçao
                      • 
-            
                    • Cyprus
                      • 
-            
                    • Czech Republic
                      • 
-            
                    • Denmark
                      • 
-            
                    • Dominican Republic
                      • 
-            
                    • Ecuador
                      • 
-        
                    
-                         		
-        
                       
-            
                    • Egypt
                      • 
-            
                    • El Salvador
                      • 
-            
                    • Estonia
                      • 
-            
                    • Ethiopia
                      • 
-            
                    • Faroe Islands
                      • 
-            
                    • Fiji
                      • 
-            
                    • Finland
                      • 
-            
                    • France
                      • 
-            
                    • French Guiana
                      • 
-            
                    • French Polynesia
                      • 
-            
                    • Germany
                      • 
-            
                    • Ghana
                      • 
-            
                    • Greece
                      • 
-            
                    • Greenland
                      • 
-            
                    • Guadeloupe
                      • 
-            
                    • Guatemala
                      • 
-            
                    • Honduras
                      • 
-            
                    • Hong Kong SAR
                      • 
-            
                    • Hungary
                      • 
-            
                    • Iceland
                      • 
-            
                    • Indonesia
                      • 
-            
                    • Iraq
                      • 
-            
                    • Ireland
                      • 
-            
                    • Israel
                      • 
-            
                    • Italy
                      • 
-            
                    • Jamaica
                      • 
-            
                    • Japan
                      • 
-            
                    • Jersey
                      • 
-            
                    • Jordan
                      • 
-            
                    • Kenya
                      • 
-            
                    • Kuwait
                      • 
-            
                    • Laos
                      • 
-            
                    • Latvia
                      • 
-            
                    • Lebanon
                      • 
-            
                    • Libya
                      • 
-            
                    • Liechtenstein
                      • 
-            
                    • Lithuania
                      • 
-            
                    • Luxembourg
                      • 
-            
                    • Macedonia
                      • 
-            
                    • Madagascar
                      • 
-        
                    
-                        		
-        
                      
-            
                    • Malawi
                      • 
-            
                    • Malaysia
                      • 
-            
                    • Maldives
                      • 
-            
                    • Mali
                      • 
-            
                    • Malta
                      • 
-            
                    • Marshall Islands
                      • 
-            
                    • Martinique
                      • 
-            
                    • Mauritius
                      • 
-            
                    • Mayotte
                      • 
-            
                    • Mexico
                      • 
-            
                    • Mongolia
                      • 
-            
                    • Montenegro
                      • 
-            
                    • Morocco
                      • 
-            
                    • Mozambique
                      • 
-            
                    • Myanamar
                      • 
-            
                    • Namibia
                      • 
-            
                    • Nepal
                      • 
-            
                    • Netherlands
                      • 
-            
                    • New Caledonia
                      • 
-            
                    • New Zealand
                      • 
-            
                    • Nicaragua
                      • 
-            
                    • Nigeria
                      • 
-            
                    • Norway
                      • 
-            
                    • Oman
                      • 
-            
                    • Pakistan
                      • 
-            
                    • Palestinian Authority
                      • 
-            
                    • Panama
                      • 
-            
                    • Papua New Guinea
                      • 
-            
                    • Paraguay
                      • 
-            
                    • Peru
                      • 
-            
                    • Philippines
                      • 
-            
                    • Poland
                      • 
-            
                    • Portugal
                      • 
-            
                    • Qatar
                      • 
-            
                    • Republic of Cabo Verde
                      • 
-            
                    • Reunion
                      • 
-            
                    • Romania
                      • 
-            
                    • Rwanda
                      • 
-            
                    • Saint Kitts and Nevis
                      •  
-        
                    
-                        		
-        
                      
-            
                    • Saint Lucia
                      • 
-            
                    • Saint Martin
                      • 
-            
                    • Saint Vincent and the Grenadines
                      • 
-            
                    • San marino
                      • 
-            
                    • Saudi Arabia
                      • 
-            
                    • Senegal
                      • 
-            
                    • Serbia
                      • 
-            
                    • Seychelles
                      • 
-            
                    • Singapore
                      • 
-            
                    • Sint Maarten
                      • 
-            
                    • Slovakia
                      • 
-            
                    • Slovenia
                      • 
-            
                    • South Africa
                      • 
-            
                    • Spain
                      • 
-            
                    • Sri Lanka
                      • 
-            
                    • Suriname
                      • 
-            
                    • Sweden
                      • 
-            
                    • Switzerland
                      • 
-            
                    • Tanzania
                      • 
-            
                    • Thailand
                      • 
-            
                    • Timor-Leste
                      • 
-            
                    • Togo
                      • 
-            
                    • Tonga
                      • 
-            
                    • Trinidad and Tobago
                      • 
-            
                    • Tunisia
                      • 
-            
                    • Turkey
                      • 
-            
                    • Turks and Caicos Islands
                      • 
-            
                    • Uganda
                      • 
-            
                    • United Arab Emirates
                      • 
-            
                    • United Kingdom
                      • 
-            
                    • United States
                      • 
-            
                    • Uruguay
                      • 
-            
                    • Vatican City
                      • 
-            
                    • Viet Nam
                      • 
-            
                    • Virgin Islands, U.S.
                      • 
-            
                    • Zambia
                      • 
-            
                    • Zimbabwe
                         

                      •         
                    
-    
                    
+
+- Afghanistan
+- Algeria
+- Andorra
+- Angola
+- Anguilla
+- Antigua and Barbuda
+- Argentina
+- Australia
+- Austria
+- Bahamas
+- Bahrain
+- Bangladesh
+- Barbados
+- Belgium
+- Belize
+- Bermuda
+- Benin
+- Bhutan
+- Bolivia
+- Bonaire
+- Botswana
+- Brunei Darussalam
+- Bulgaria
+- Burundi
+- Cambodia
+- Cameroon
+- Canada
+- Cayman Islands
+- Chile
+- Colombia
+- Comoros
+- Costa Rica
+- Côte D'ivoire
+- Croatia
+- Curçao
+- Cyprus
+- Czech Republic
+- Denmark
+- Dominican Republic
+- Ecuador
+- Egypt
+- El Salvador
+- Estonia
+- Ethiopia
+- Faroe Islands
+- Fiji
+- Finland
+- France
+- French Guiana
+- French Polynesia
+- Germany
+- Ghana
+- Greece
+- Greenland
+- Guadeloupe
+- Guatemala
+- Honduras
+- Hong Kong SAR
+- Hungary
+- Iceland
+- Indonesia
+- Iraq
+- Ireland
+- Israel
+- Italy
+- Jamaica
+- Japan
+- Jersey
+- Jordan
+- Kenya
+- Kuwait
+- Laos
+- Latvia
+- Lebanon
+- Libya
+- Liechtenstein
+- Lithuania
+- Luxembourg
+- Macedonia
+- Madagascar
+- Malawi
+- Malaysia
+- Maldives
+- Mali
+- Malta
+- Marshall Islands
+- Martinique
+- Mauritius
+- Mayotte
+- Mexico
+- Mongolia
+- Montenegro
+- Morocco
+- Mozambique
+- Myanamar
+- Namibia
+- Nepal
+- Netherlands
+- New Caledonia
+- New Zealand
+- Nicaragua
+- Nigeria
+- Norway
+- Oman
+- Pakistan
+- Palestinian Authority
+- Panama
+- Papua New Guinea
+- Paraguay
+- Peru
+- Philippines
+- Poland
+- Portugal
+- Qatar
+- Republic of Cabo Verde
+- Reunion
+- Romania
+- Rwanda
+- Saint Kitts and Nevis
+- Saint Lucia
+- Saint Martin
+- Saint Vincent and the Grenadines
+- San marino
+- Saudi Arabia
+- Senegal
+- Serbia
+- Seychelles
+- Singapore
+- Sint Maarten
+- Slovakia
+- Slovenia
+- South Africa
+- Spain
+- Sri Lanka
+- Suriname
+- Sweden
+- Switzerland
+- Tanzania
+- Thailand
+- Timor-Leste
+- Togo
+- Tonga
+- Trinidad and Tobago
+- Tunisia
+- Turkey
+- Turks and Caicos Islands
+- Uganda
+- United Arab Emirates
+- United Kingdom
+- United States
+- Uruguay
+- Vatican City
+- Viet Nam
+- Virgin Islands, U.S.
+- Zambia
+- Zimbabwe
+
 
 ### Support for free apps
 Customers in these markets can use Microsoft Store for Business and Education to acquire free apps:
diff --git a/store-for-business/notifications-microsoft-store-business.md b/store-for-business/notifications-microsoft-store-business.md
index d360104140..dd8d1a7d29 100644
--- a/store-for-business/notifications-microsoft-store-business.md
+++ b/store-for-business/notifications-microsoft-store-business.md
@@ -13,7 +13,7 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 07/21/2021
 ---
 
 # Notifications in Microsoft Store for Business and Education
@@ -22,7 +22,9 @@ ms.date: 07/27/2017
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 Microsoft Store for Business and Microsoft Store for Education use a set of notifications to alert admins if there is an issue or outage with Microsoft Store. 
 
diff --git a/store-for-business/payment-methods.md b/store-for-business/payment-methods.md
index 83f20ebfd1..43f09a403e 100644
--- a/store-for-business/payment-methods.md
+++ b/store-for-business/payment-methods.md
@@ -10,12 +10,16 @@ author: trudyha
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 03/01/2019
+ms.date: 07/21/2021
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Payment methods
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
 You can purchase products and services from Microsoft Store for Business using your credit card. You can enter your credit card information on **Payment methods**, or when you purchase an app. We currently accept these credit cards:
 - VISA
 - MasterCard
diff --git a/store-for-business/prerequisites-microsoft-store-for-business.md b/store-for-business/prerequisites-microsoft-store-for-business.md
index 3931c1c513..2b8ea7784d 100644
--- a/store-for-business/prerequisites-microsoft-store-for-business.md
+++ b/store-for-business/prerequisites-microsoft-store-for-business.md
@@ -12,7 +12,7 @@ author: cmcatee-MSFT
 manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 03/10/2021
+ms.date: 07/21/2021
 ---
 
 # Prerequisites for Microsoft Store for Business and Education
@@ -20,7 +20,9 @@ ms.date: 03/10/2021
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 > [!IMPORTANT]
 > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
@@ -57,17 +59,17 @@ While not required, you can use a management tool to distribute and manage apps.
 
 If your organization restricts computers on your network from connecting to the Internet, there is a set of URLs that need to be available for devices to use Microsoft Store. Some of the Microsoft Store features use Store services. Devices using Microsoft Store – either to acquire, install, or update apps – will need access to these URLs. If you use a proxy server to block traffic, your configuration needs to allow these URLs:
 
-- login.live.com
-- login.windows.net
-- account.live.com
-- clientconfig.passport.net
-- windowsphone.com
-- \*.wns.windows.com
-- \*.microsoft.com
-- \*.s-microsoft.com
-- www.msftncsi.com (prior to Windows 10, version 1607)
-- www.msftconnecttest.com/connecttest.txt (replaces www.msftncsi.com
+- `login.live.com`
+- `login.windows.net`
+- `account.live.com`
+- `clientconfig.passport.net`
+- `windowsphone.com`
+- `\*.wns.windows.com`
+- `\*.microsoft.com`
+- `\*.s-microsoft.com`
+- `www.msftncsi.com` (prior to Windows 10, version 1607)
+- `www.msftconnecttest.com/connecttest.txt` (replaces `www.msftncsi.com`
   starting with Windows 10, version 1607)
  
 Store for Business requires Microsoft Windows HTTP Services (WinHTTP) to install, or update apps.
-For more information about how to configure WinHTTP proxy settings to devices, see [Use Group Policy to apply WinHTTP proxy settings to Windows clients](https://support.microsoft.com/help/4494447/use-group-policy-to-apply-winhttp-proxy-settings-to-clients).
+
diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md
index 2d5adf3e18..a4f1f93a78 100644
--- a/store-for-business/release-history-microsoft-store-business-education.md
+++ b/store-for-business/release-history-microsoft-store-business-education.md
@@ -1,6 +1,6 @@
 ---
-title: Whats new in Microsoft Store for Business and Education
-description: Learn about newest features in Microsoft Store for Business and Microsoft Store for Education.
+title: Microsoft Store for Business and Education release history
+description: Know the release history of Microsoft Store for Business and Microsoft Store for Education.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -8,19 +8,22 @@ ms.pagetype: store
 author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
-ms.date: 10/31/2018
+ms.date: 07/21/2021
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Microsoft Store for Business and Education release history
 
-Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases. 
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
+Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases.
 
 Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) 
 
 ## September 2018
-- **Performance improvements** - With updates and improvements in the private store, most changes, like adding an app, will take fifteen minutes or less. [Get more info](https://https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance)
+- **Performance improvements** - With updates and improvements in the private store, most changes, like adding an app, will take fifteen minutes or less. [Get more info](/microsoft-store/manage-private-store-settings#private-store-performance)
 
 ## August 2018
 - **App requests** - People in your organization can make requests for apps that they need. hey can also request them on behalf of other people. Admins review requests and can decide on purchases. [Get more info](./acquire-apps-microsoft-store-for-business.md#allow-app-requests)
diff --git a/store-for-business/roles-and-permissions-microsoft-store-for-business.md b/store-for-business/roles-and-permissions-microsoft-store-for-business.md
index 5bab3cb32a..d04d9e5277 100644
--- a/store-for-business/roles-and-permissions-microsoft-store-for-business.md
+++ b/store-for-business/roles-and-permissions-microsoft-store-for-business.md
@@ -13,7 +13,7 @@ author: cmcatee-MSFT
 manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 03/16/2021
+ms.date: 07/21/2021
 ---
 
 # Roles and permissions in Microsoft Store for Business and Education
@@ -21,7 +21,9 @@ ms.date: 03/16/2021
 **Applies to**
 
 - Windows 10
-- Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 > [!IMPORTANT]
 > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
@@ -34,13 +36,13 @@ Microsoft Store for Business and Education has a set of roles that help admins a
 
 This table lists the global user accounts and the permissions they have in Microsoft Store.
 
-|                                |  Global Administrator | Billing Administrator |
+|| Global Administrator | Billing Administrator |
 | ------------------------------ | --------------------- | --------------------- |
-| Sign up for Microsoft Store for Business and Education |  X       | X             |
-| Modify company profile settings | X                    | X                     |
-| Purchase apps                  |  X                    | X                     |
-| Distribute apps                |  X                    | X                     |
-| Purchase subscription-based software  |  X             | X                     |
+| **Sign up for Microsoft Store for Business and Education** |  ✔️       | ✔️             |
+| **Modify company profile settings** | ✔️                    | ✔️                     |
+| **Purchase apps**                  |  ✔️                    | ✔️                     |
+| **Distribute apps**                |  ✔️                    | ✔️                     |
+| **Purchase subscription-based software**  |  ✔️             | ✔️                     |
 
 - **Global Administrator** and **Billing Administrator** - IT Pros with these accounts have full access to Microsoft Store. They can do everything allowed in the Microsoft Store Admin role, plus they can sign up for Microsoft Store.
 
@@ -50,14 +52,14 @@ Microsoft Store for Business has a set of roles that help IT admins and employee
 
 This table lists the roles and their permissions.
 
-|                                |  Admin | Purchaser | Device Guard signer |
+|| Admin | Purchaser | Device Guard signer |
 | ------------------------------ | ------ | --------  | ------------------- |
-| Assign roles                   | X      |           |                     |
-| Manage Microsoft Store for Business and Education settings |  X |           |                     |
-| Acquire apps                   | X      | X         |                     |
-| Distribute apps                | X      | X         |                     |
-| Sign policies and catalogs     | X      |           |                     |
-| Sign Device Guard changes      | X      |           |  X                   |
+| **Assign roles**                   | ✔️      |           |                     |
+| **Manage Microsoft Store for Business and Education settings** |  ✔️ |           |                     |
+| **Acquire apps**                   | ✔️      | ✔️         |                     |
+| **Distribute apps**                | ✔️      | ✔️         |                     |
+| **Sign policies and catalogs**     | ✔️      |           |                     |
+| **Sign Device Guard changes**      | ✔️      |           |  ✔️                   |
 
 These permissions allow people to:
 
diff --git a/store-for-business/settings-reference-microsoft-store-for-business.md b/store-for-business/settings-reference-microsoft-store-for-business.md
index 5ef437537e..442ff303d1 100644
--- a/store-for-business/settings-reference-microsoft-store-for-business.md
+++ b/store-for-business/settings-reference-microsoft-store-for-business.md
@@ -12,11 +12,15 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 03/01/2019
+ms.date: 07/21/2021
 ---
 
 # Settings reference: Microsoft Store for Business and Education
 
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
+
 The Microsoft Store for Business and Education has a group of settings that admins use to manage the store.
 
 | Setting              | Description  | Location under **Manage** |
diff --git a/store-for-business/sfb-change-history.md b/store-for-business/sfb-change-history.md
index f57695f277..08e7950bb0 100644
--- a/store-for-business/sfb-change-history.md
+++ b/store-for-business/sfb-change-history.md
@@ -76,6 +76,7 @@ ms.localizationpriority: medium
 | --- | --- |
 | [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md) | New |
 | [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. |
+| [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | New. Information about Windows Autopilot Deployment Program and how it is used in Microsoft Store for Business and Education.  |
 
 ## June 2017
 
@@ -84,10 +85,3 @@ ms.localizationpriority: medium
 | [Notifications in Microsoft Store for Business and Education](notifications-microsoft-store-business.md) | New. Information about notification model in Microsoft Store for Business and Education. |
 | [Get Minecraft: Education Edition with Windows 10 device promotion](/education/windows/get-minecraft-device-promotion) | New. Information about redeeming Minecraft: Education Edition licenses with qualifying purchases of Windows 10 devices.  |
 | [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. |
-
-## July 2017
-
-| New or changed topic | Description |
-| -------------------- | ----------- |
-| [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | New. Information about Windows Autopilot Deployment Program and how it is used in Microsoft Store for Business and Education.  |
-| [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. |
\ No newline at end of file
diff --git a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
index ffdff3f7c1..d7f05fb986 100644
--- a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
+++ b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
@@ -12,11 +12,15 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 10/17/2017
+ms.date: 07/21/2021
 ---
 
 # Sign code integrity policy with Device Guard signing
 
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
+
 > [!IMPORTANT]
 > We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
 >
@@ -38,7 +42,6 @@ ms.date: 10/17/2017
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
 
 Signing code integrity policies prevents policies from being tampered with after they're deployed. You can sign code integrity policies with the Device Guard signing portal.
 
diff --git a/store-for-business/sign-up-microsoft-store-for-business-overview.md b/store-for-business/sign-up-microsoft-store-for-business-overview.md
index 7d200441c2..c51e8f7899 100644
--- a/store-for-business/sign-up-microsoft-store-for-business-overview.md
+++ b/store-for-business/sign-up-microsoft-store-for-business-overview.md
@@ -12,7 +12,7 @@ author: cmcatee-MSFT
 manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 03/10/2021
+ms.date: 07/21/2021
 ---
 
 # Sign up and get started
@@ -20,7 +20,9 @@ ms.date: 03/10/2021
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 IT admins can sign up for Microsoft Store for Business and Education, and get started working with apps.
 
@@ -32,6 +34,6 @@ IT admins can sign up for Microsoft Store for Business and Education, and get st
 | Topic | Description |
 | ----- | ----------- |
 | [Microsoft Store for Business and Education overview](./microsoft-store-for-business-overview.md) | Learn about Microsoft Store for Business. |
-| [Prerequisites for Microsoft Store for Business and Education](./prerequisites-microsoft-store-for-business.md) | There are a few prerequisites for using Microsoft Store for Business and Education.](https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business) |
+| [Prerequisites for Microsoft Store for Business and Education](./prerequisites-microsoft-store-for-business.md) | There are a few prerequisites for using [Microsoft Store for Business and Education.](/microsoft-store/prerequisites-microsoft-store-for-business) |
 | [Roles and permissions in Microsoft Store for Business and Education](./roles-and-permissions-microsoft-store-for-business.md)| The first person to sign in to Microsoft Store for Business and Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees. |
-| [Settings reference: Microsoft Store for Business and Education](./settings-reference-microsoft-store-for-business.md) | Microsoft Store for Business and Education has a group of settings that admins use to manage the store. |
\ No newline at end of file
+| [Settings reference: Microsoft Store for Business and Education](./settings-reference-microsoft-store-for-business.md) | Microsoft Store for Business and Education has a group of settings that admins use to manage the store. |
diff --git a/store-for-business/troubleshoot-microsoft-store-for-business.md b/store-for-business/troubleshoot-microsoft-store-for-business.md
index 0c9d5e23e1..febe7110b0 100644
--- a/store-for-business/troubleshoot-microsoft-store-for-business.md
+++ b/store-for-business/troubleshoot-microsoft-store-for-business.md
@@ -12,7 +12,7 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 10/13/2017
+ms.date: 07/21/2021
 ---
 
 # Troubleshoot Microsoft Store for Business
@@ -20,12 +20,15 @@ ms.date: 10/13/2017
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
 
 Troubleshooting topics for Microsoft Store for Business.
 
 ## Can't find apps in private store
 The private store for your organization is a page in Microsoft Store app that contains apps that are private to your organization. After your organization acquires an app, your Store for Business admin can add it to your organization's private store. Your private store usually has a name that is close to the name of your organization or company. If you can't see your private store, there are a couple of things to check:
+
 - **No apps in the private store** - The private store page is only available in Microsoft Store on Windows 10 if there are apps added to your private store. You won't see your private store page with no apps listed on it. If your Microsoft Store for Business admin has added an app to the private store, and the private store page is still not available, they can check the private store status for the app on **Product & services - Apps**. If the status under **Private store** is **Add in progress**, wait and check back.
 - **Signed in with the wrong account** - If you have multiple accounts that you use in your organization, you might be signed in with the wrong account. Or, you might not be signed in. Use this procedure to sign in with your organization account.
 
@@ -33,27 +36,27 @@ The private store for your organization is a page in Microsoft Store app that co
 
 1.  Click the people icon in Microsoft Store app, and click **Sign in**.
 
-    ![Sign in to Store app with a different account](images/wsfb-wsappsignin.png)
+    ![Sign in to Store app with a different account.](images/wsfb-wsappsignin.png)
 
 2.  Click **Add account**, and then click **Work or school account**.
 
-    ![Choose an account to use](images/wsfb-wsappaddacct.png)
+    ![Choose an account to use.](images/wsfb-wsappaddacct.png)
 
 3.  Type the email account and password, and click **Sign in**.
 
-    ![Sign in for work or school account](images/wsfb-wsappworkacct.png)
+    ![Sign in for work or school account.](images/wsfb-wsappworkacct.png)
 
 4.  You should see the private store for your organization. In our example, the page is named **Contoso publishing**.
 
-    ![Private store with name highlighted](images/wsfb-wsappprivatestore.png)
+    ![Private store with name highlighted.](images/wsfb-wsappprivatestore.png)
 
     Click the private store to see apps in your private store.
 
-    ![Private store for Contoso publishing](images/wsfb-privatestoreapps.png)
+    ![Private store for Contoso publishing.](images/wsfb-privatestoreapps.png)
 
 ## Troubleshooting Microsoft Store for Business integration with Microsoft Endpoint Configuration Manager
 
-If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](https://support.microsoft.com/help/4010214/understand-and-troubleshoot-microsoft-store-for-business-integration-w).
+If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](/troubleshoot/mem/configmgr/troubleshoot-microsoft-store-for-business-integration).
 
 ## Still having trouble?
 
@@ -61,5 +64,5 @@ If you are still having trouble using Microsoft Store or installing an app, Admi
    
 **To view Support page** 
 
-1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com)
+1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com).
 2.Choose **Manage**> **Support**. 
diff --git a/store-for-business/update-microsoft-store-for-business-account-settings.md b/store-for-business/update-microsoft-store-for-business-account-settings.md
index 6757550251..edc1a362da 100644
--- a/store-for-business/update-microsoft-store-for-business-account-settings.md
+++ b/store-for-business/update-microsoft-store-for-business-account-settings.md
@@ -10,12 +10,16 @@ author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 03/18/2019
+ms.date: 07/21/2021
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Update Billing account settings
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
 A billing account contains defining information about your organization. 
 
 >[!NOTE]
diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md
index 40a8600f07..4b0cd1e47d 100644
--- a/store-for-business/whats-new-microsoft-store-business-education.md
+++ b/store-for-business/whats-new-microsoft-store-business-education.md
@@ -8,28 +8,37 @@ ms.pagetype: store
 author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
-ms.date: 10/31/2018
+ms.date: 07/21/2021
 ms.reviewer: 
 manager: dansimp
 ---
 
 # What's new in Microsoft Store for Business and Education
 
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
 Microsoft Store for Business and Education regularly releases new and improved features.  
 
 ## Latest updates for Store for Business and Education
 
 **October 2018**
 
-|  |  |
-|-----------------------|---------------------------------|
-| ![Security groups](images/security-groups-icon.png) |**Use security groups with Private store apps**

                     On the details page for apps in your private store, you can set **Private store availability**. This allows you to choose which security groups can see an app in the private store. 

                    [Get more info](./app-inventory-management-microsoft-store-for-business.md#private-store-availability)

                    **Applies to**:
                     Microsoft Store for Business 
                     Microsoft Store for Education |
+:::row:::
+   :::column span="1":::
+   ![Security groups.](images/security-groups-icon.png)
+   :::column-end:::
+   :::column span="1":::
+   **Use security groups with Private store apps**

                     On the details page for apps in your private store, you can set **Private store availability**. This allows you to choose which security groups can see an app in the private store. 

                    [Get more info](./app-inventory-management-microsoft-store-for-business.md#private-store-availability)

                    **Applies to**:
                     Microsoft Store for Business 
                     Microsoft Store for Education
+   :::column-end:::
+:::row-end:::
+
 
  
 
 | Component  | What it does     | Where to find it     |
 |------------|--|------|
-| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For more details, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).

                    If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:

                     If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.

                     If you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/default.aspx).

                    See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.|
-| App-V client and App-V Remote Desktop Services (RDS) client | The App-V client is the component that runs virtualized applications on user devices, allowing users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10, version 1607. 

                    To learn how to enable the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).           |
-| App-V sequencer      | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must run the App-V client to allow users to interact with virtual applications.    | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).  |
+| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For more information, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).

                    If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:

                     If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.

                     If you're using [Windows client for Enterprise or Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/default.aspx).

                    For more information about installing and using the server components, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).|
+| App-V client and App-V Remote Desktop Services (RDS) client | The App-V client is the component that runs virtualized applications on user devices, allowing users to interact with icons and file names to start virtualized applications. | Starting with Windows 10 version 1607, the App-V client is automatically installed. 

                    To learn how to enable the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).           |
+| App-V sequencer      | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must run the App-V client to allow users to interact with virtual applications.    | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows client](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).  |
 
 For more information about these components, see [High Level Architecture for App-V](appv-high-level-architecture.md).
 
@@ -45,7 +48,7 @@ If you're new to App-V, it's a good idea to read the documentation thoroughly. B
 
 ## Getting started with App-V
 
-[What's new in App-V](appv-about-appv.md) provides a high-level overview of App-V and how it can be used in your organization.
+[What's new in App-V](appv-about-appv.md) provides a high-level overview of App-V and how it can be used in your organization?
 
 [Evaluating App-V](appv-evaluating-appv.md) provides information about how you can best evaluate App-V for use in your organization.
 
@@ -58,4 +61,4 @@ If you're new to App-V, it's a good idea to read the documentation thoroughly. B
 * [Deploying App-V](appv-deploying-appv.md)
 * [Operations for App-V](appv-operations.md)
 * [Troubleshooting App-V](appv-troubleshooting.md)
-* [Technical reference for App-V](appv-technical-reference.md)
\ No newline at end of file
+* [Technical reference for App-V](appv-technical-reference.md)
diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md
index 7c11b77a24..e9865ae8bb 100644
--- a/windows/application-management/app-v/appv-high-level-architecture.md
+++ b/windows/application-management/app-v/appv-high-level-architecture.md
@@ -1,20 +1,20 @@
 ---
-title: High-level architecture for App-V (Windows 10)
+title: High-level architecture for App-V (Windows 10/11)
 description: Use the information in this article to simplify your Microsoft Application Virtualization (App-V) deployment.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 # High-level architecture for App-V
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following information to simplify your Microsoft Application Virtualization (App-V) deployment.
 
@@ -24,9 +24,9 @@ A typical App-V implementation consists of the following elements.
 
 |Element|Description|
 |---|---|
-|App-V Management server|The App-V Management server provides overall management functionality for the App-V infrastructure. Additionally, you can install more than one instance of the management server in your environment which provides the following benefits:
                    **Fault tolerance and high availability**—installing and configuring the App-V Management server on two separate computers can help in situations when one of the servers is unavailable or offline. You can also help increase App-V availability by installing the Management server on multiple computers. In this scenario, consider using a network load balancer to keep server requests balanced.
                    **Scalability**—you can add additional management servers as necessary to support a high load. For example, you can install multiple servers behind a load balancer.|
-|App-V Publishing Server|The App-V publishing server provides functionality for virtual application hosting and streaming. The publishing server does not require a database connection and supports HTTP and HTTPS protocols.
                    You can also help increase App-V availability by installing the Publishing server on multiple computers. You should also consider having a network load balancer to keep server requests balanced.|
-|App-V Reporting Server|The App-V Reporting server lets authorized users run and view existing App-V reports and ad hoc reports for managing App-V infrastructure. The Reporting server requires a connection to the App-V reporting database. You can also help increase App-V availability by installing the Reporting server on multiple computers. You should also consider having a network load balancer to keep server requests balanced.|
+|App-V Management server|The App-V Management server provides overall management functionality for the App-V infrastructure. Additionally, you can install more than one instance of the management server in your environment, which provides the following benefits:
                    **Fault tolerance and high availability**—installing and configuring the App-V Management server on two separate computers can help in situations when one of the servers is unavailable or offline. You can also help increase App-V availability by installing the Management server on multiple computers. In this scenario, consider using a network load balancer to keep server requests balanced.
                    **Scalability**—you can add more management servers as necessary to support a high load. For example, you can install multiple servers behind a load balancer.|
+|App-V Publishing Server|The App-V publishing server provides functionality for virtual application hosting and streaming. The publishing server doesn't require a database connection and supports HTTP and HTTPS protocols.
                    You can also help increase App-V availability by installing the Publishing server on multiple computers. You should also consider having a network load balancer to keep server requests balanced.|
+|App-V Reporting Server|The App-V Reporting server lets authorized users run and view existing App-V reports and unplanned reports for managing App-V infrastructure. The Reporting server requires a connection to the App-V reporting database. You can also help increase App-V availability by installing the Reporting server on multiple computers. You should also consider having a network load balancer to keep server requests balanced.|
 |App-V Client|The App-V client enables packages created using App-V to run on target computers.|
 
 >[!NOTE]
diff --git a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
index b0daa8e5c6..ad8668ac96 100644
--- a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
+++ b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
@@ -1,15 +1,15 @@
 ---
-title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell (Windows 10)
+title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell (Windows 10/11)
 description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ---
 
 
@@ -22,7 +22,7 @@ Use the following Windows PowerShell procedure to convert any number of Active D
 
 Before attempting this procedure, you should read and understand the information and examples displayed in the following list:
 
--   **.INPUTS** – The account or accounts used to convert to SID format. This can be a single account name or an array of account names.
+-   **.INPUTS** – The account or accounts used to convert to SID format. This item can be a single account name or an array of account names.
 
 -   **.OUTPUTS** - A list of account names with the corresponding SID in standard and hexadecimal formats.
 
@@ -129,7 +129,7 @@ Before attempting this procedure, you should read and understand the information
     }
     ```
 
-3.  Run the script you saved in step one of this procedure passing the accounts to convert as arguments.
+3.  Run the script you saved in Step 1 of this procedure passing the accounts to convert as arguments.
 
     For example,
 
diff --git a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
index b48c88fe55..63b3cdcfd2 100644
--- a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
+++ b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
@@ -1,15 +1,15 @@
 ---
-title: How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services (Windows 10)
+title: How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services (Windows 10/11)
 description: How to install the Management and Reporting Databases on separate computers from the Management and Reporting Services.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 # How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services
diff --git a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
index 9a7bb5df47..6a735c487a 100644
--- a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
@@ -1,15 +1,15 @@
 ---
-title: How to install the Management Server on a Standalone Computer and Connect it to the Database (Windows 10)
+title: How to install the Management Server on a Standalone Computer and Connect it to the Database (Windows 10/11)
 description: How to install the Management Server on a Standalone Computer and Connect it to the Database
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 # How to install the Management Server on a Standalone Computer and Connect it to the Database
diff --git a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
index 3ac42e959a..a5d761bf80 100644
--- a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
+++ b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
@@ -1,15 +1,15 @@
 ---
-title: Install the Publishing Server on a Remote Computer (Windows 10)
+title: Install the Publishing Server on a Remote Computer (Windows 10/11)
 description: Use the procedures in this article to install the Microsoft Application Virtualization (App-V) publishing server on a separate computer.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 # How to install the publishing server on a remote computer
diff --git a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
index 41fb1e6ffa..40d6a0906b 100644
--- a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
@@ -1,15 +1,15 @@
 ---
-title: How to install the Reporting Server on a standalone computer and connect it to the database (Windows 10)
+title: How to install the Reporting Server on a standalone computer and connect it to the database (Windows 10/11)
 description: How to install the App-V Reporting Server on a Standalone Computer and Connect it to the Database
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 # How to install the reporting server on a standalone computer and connect it to the database
diff --git a/windows/application-management/app-v/appv-install-the-sequencer.md b/windows/application-management/app-v/appv-install-the-sequencer.md
index e8785b3d7f..f53702ace1 100644
--- a/windows/application-management/app-v/appv-install-the-sequencer.md
+++ b/windows/application-management/app-v/appv-install-the-sequencer.md
@@ -1,24 +1,24 @@
 ---
-title: Install the App-V Sequencer (Windows 10)
+title: Install the App-V Sequencer (Windows 10/11)
 description: Learn how to install the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 # Install the App-V Sequencer
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices. Those devices must be running the App-V client to allow users to interact with virtual applications.
 
-The App-V Sequencer is included in the Windows 10 Assessment and Deployment Kit (Windows ADK).
+The App-V Sequencer is included in the Windows client Assessment and Deployment Kit (Windows ADK).
 
 >[!NOTE]
 >The computer that will run the sequencer must not have the App-V client enabled. As a best practice, choose a computer with the same hardware and software configurations as the computers that will run the virtual applications. The sequencing process is resource-intensive, so make sure the computer that will run the Sequencer has plenty of memory, a fast processor, and a fast hard drive.
@@ -28,7 +28,7 @@ The App-V Sequencer is included in the Windows 10 Assessment and Deployment Kit
 1. Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
 2. Select the **Get Windows ADK for Windows 10** button on the page to start the ADK installer. Make sure that **Microsoft Application Virtualization (App-V) Sequencer** is selected during the installation.
 
-    ![Selecting APP-V features in ADK](images/app-v-in-adk.png)
+    ![Selecting APP-V features in ADK.](images/app-v-in-adk.png)
 3. To open the Sequencer, go to the **Start** menu and select **Microsoft Application Virtualization (App-V) Sequencer**.
 
 See [Creating and managing virtual applications](appv-creating-and-managing-virtualized-applications.md) and the [Application Virtualization Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V%205.0%20Sequencing%20Guide.docx) for information about creating virtual applications with the Sequencer.
diff --git a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
index 3f38081e58..a6d176cee5 100644
--- a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
+++ b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
@@ -1,20 +1,20 @@
 ---
-title: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help (Windows 10)
+title: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help (Windows 10/11)
 description: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/27/2018
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 # How to load the Windows PowerShell cmdlets for App-V and get cmdlet help
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 ## Requirements for using Windows PowerShell cmdlets
 
@@ -82,7 +82,7 @@ Starting in App-V 5.0 SP3, cmdlet help is available in two formats:
 |App-V Sequencer|**Update-Help -Module AppvSequencer**|
 |App-V Client|**Update-Help -Module AppvClient**|
 
-* Online in the [Microsoft Desktop Optimization Pack](/powershell/mdop/get-started?view=win-mdop2-ps).
+* Online in the [Microsoft Desktop Optimization Pack](/powershell/mdop/get-started).
 
 ## Displaying the help for a Windows PowerShell cmdlet
 
@@ -92,4 +92,4 @@ To display help for a specific Windows PowerShell cmdlet:
 2. Enter **Get-Help** followed by the cmdlet you need help with. For example:
    ```PowerShell
    Get-Help Publish-AppvClientPackage
-   ```
\ No newline at end of file
+   ```
diff --git a/windows/application-management/app-v/appv-maintaining-appv.md b/windows/application-management/app-v/appv-maintaining-appv.md
index 6375ae29ad..f09e745825 100644
--- a/windows/application-management/app-v/appv-maintaining-appv.md
+++ b/windows/application-management/app-v/appv-maintaining-appv.md
@@ -1,22 +1,22 @@
 ---
-title: Maintaining App-V (Windows 10)
-description: After you have deployed App-V for Windows 10, you can use the following information to maintain the App-V infrastructure.
-author: greg-lindsay
+title: Maintaining App-V (Windows 10/11)
+description: After you have deployed App-V for Windows 10/11, you can use the following information to maintain the App-V infrastructure.
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/27/2018
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 # Maintaining App-V
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
-After you have deployed App-V for Windows 10, you can use the following information to maintain the App-V infrastructure.
+After you have deployed App-V for Windows client, you can use the following information to maintain the App-V infrastructure.
 
 ## Moving the App-V server
 
diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
index 278b757481..c31e7e77f1 100644
--- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
@@ -1,20 +1,20 @@
 ---
-title: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell (Windows 10)
+title: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell (Windows 10/11)
 description: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 09/24/2018
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 # How to manage App-V packages running on a stand-alone computer by using Windows PowerShell
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 The following sections explain how to perform various management tasks on a stand-alone client computer with Windows PowerShell cmdlets.
 
@@ -172,4 +172,4 @@ For more information about pending tasks, see [Upgrading an in-use App-V package
 ## Related topics
 
 - [Operations for App-V](appv-operations.md)
-- [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md)
\ No newline at end of file
+- [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md)
diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
index 5333448a99..7a32f99f96 100644
--- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
@@ -1,22 +1,21 @@
 ---
-title: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell (Windows 10)
+title: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell (Windows 10/11)
 description: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ---
 
 
 # How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 An App-V connection group allows you to run all the virtual applications as a defined set of packages in a single virtual environment. For example, you can virtualize an application and its plug-ins by using separate packages, but run them together in a single connection group.
 
@@ -50,7 +49,7 @@ This topic explains the following procedures:
 
     Enable-AppvClientConnectionGroup –name "Financial Applications"
 
-    When any virtual applications that are in the member packages are run on the target computer, they will run inside the connection group’s virtual environment and will be available to all the virtual applications in the other packages in the connection group.
+    When any virtual applications that are in the member packages are run on the target computer, they'll run inside the connection group’s virtual environment and will be available to all the virtual applications in the other packages in the connection group.
 
 ## To enable or disable a connection group for a specific user
 
@@ -70,28 +69,10 @@ This topic explains the following procedures:
 
 2.  Use the following cmdlets, and add the optional **–UserSID** parameter, where **-UserSID** represents the end user’s security identifier (SID):
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
                    



                    CmdletExamples
                    Enable-AppVClientConnectionGroup
                    Enable-AppVClientConnectionGroup "ConnectionGroupA" -UserSID S-1-2-34-56789012-3456789012-345678901-2345
                    Disable-AppVClientConnectionGroup
                    Disable-AppVClientConnectionGroup "ConnectionGroupA" -UserSID S-1-2-34-56789012-3456789012-345678901-2345
                    
+    |Cmdlet|Examples|
+    |--- |--- |
+    |Enable-AppVClientConnectionGroup|Enable-AppVClientConnectionGroup "ConnectionGroupA" -UserSID S-1-2-34-56789012-3456789012-345678901-2345|
+    |Disable-AppVClientConnectionGroup|Disable-AppVClientConnectionGroup "ConnectionGroupA" -UserSID S-1-2-34-56789012-3456789012-345678901-2345|
 
 ## To allow only administrators to enable connection groups
 
@@ -103,33 +84,9 @@ This topic explains the following procedures:
 
 2.  Run the following cmdlet and parameter:
 
-    
-    -    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
                    




                    CmdletParameter and valuesExample
                    Set-AppvClientConfiguration
                    -RequirePublishAsAdmin
                    
-    
                      
-    
                    • 0 - False
                      • 
-    
                    • 1 - True
                      • 
-    
                    Set-AppvClientConfiguration -RequirePublishAsAdmin 1
                    
-
- 
+    |Cmdlet|Parameter and values|Example|
+    |--- |--- |--- |
+    |Set-AppvClientConfiguration|-RequirePublishAsAdmin
                  • 0 - False
                  • 1 - True|Set-AppvClientConfiguration -RequirePublishAsAdmin
                    1|
 
 
                    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
diff --git a/windows/application-management/app-v/appv-managing-connection-groups.md b/windows/application-management/app-v/appv-managing-connection-groups.md
index 1a1fed1187..a769395ffe 100644
--- a/windows/application-management/app-v/appv-managing-connection-groups.md
+++ b/windows/application-management/app-v/appv-managing-connection-groups.md
@@ -1,22 +1,21 @@
 ---
-title: Managing Connection Groups (Windows 10)
+title: Managing Connection Groups (Windows 10/11)
 description: Connection groups can allow administrators to manage packages independently and avoid having to add the same application multiple times to a client computer.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ---
 
 
 # Managing Connection Groups
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Connection groups enable the applications within a package to interact with each other in the virtual environment, while remaining isolated from the rest of the system. By using connection groups, administrators can manage packages independently and can avoid having to add the same application multiple times to a client computer.
 
@@ -25,50 +24,16 @@ In some previous versions of App-V, connection groups were referred to as Dynami
 
 **In this section:**
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    About the Connection Group Virtual Environment
                    Describes the connection group virtual environment.
                    About the Connection Group File
                    Describes the connection group file.
                    How to Create a Connection Group
                    Explains how to create a new connection group.
                    How to Create a Connection Group with User-Published and Globally Published Packages
                    Explains how to create a new connection group that contains a mix of packages that are published to the user and published globally.
                    How to Delete a Connection Group
                    Explains how to delete a connection group.
                    How to Publish a Connection Group
                    Explains how to publish a connection group.
                    How to Make a Connection Group Ignore the Package Version
                    Explains how to configure a connection group to accept any version of a package, which simplifies package upgrades and reduces the number of connection groups you need to create.
                    How to Allow Only Administrators to Enable Connection Groups
                    Explains how to configure the App-V client so that only administrators (not end users) can enable or disable connection groups.
                    
-
- 
-
-
-
+|Links|Description|
+|--- |--- |
+|[About the Connection Group Virtual Environment](appv-connection-group-virtual-environment.md)|Describes the connection group virtual environment.|
+|[About the Connection Group File](appv-connection-group-file.md)|Describes the connection group file.|
+|[How to Create a Connection Group](appv-create-a-connection-group.md)|Explains how to create a new connection group.|
+|[How to Create a Connection Group with User-Published and Globally Published Packages](appv-create-a-connection-group-with-user-published-and-globally-published-packages.md)|Explains how to create a new connection group that contains a mix of packages that are published to the user and published globally.|
+|[How to Delete a Connection Group](appv-delete-a-connection-group.md)|Explains how to delete a connection group.|
+|[How to Publish a Connection Group](appv-publish-a-connection-group.md)|Explains how to publish a connection group.|
+|[How to Make a Connection Group Ignore the Package Version](appv-configure-connection-groups-to-ignore-the-package-version.md)|Explains how to configure a connection group to accept any version of a package, which simplifies package upgrades and reduces the number of connection groups you need to create.|
+[How to Allow Only Administrators to Enable Connection Groups](appv-allow-administrators-to-enable-connection-groups.md)|Explains how to configure the App-V client so that only administrators (not end users) can enable or disable connection groups.|
 
 
                    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
diff --git a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
index da8bf8b6cc..45669bd33e 100644
--- a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
+++ b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
@@ -1,24 +1,23 @@
 ---
-title: Migrating to App-V from a Previous Version (Windows 10)
-description: Learn how to migrate to Microsoft Application Virtualization (App-V) for Windows 10 from a previous version.
-author: greg-lindsay
+title: Migrating to App-V from a Previous Version (Windows 10/11)
+description: Learn how to migrate to Microsoft Application Virtualization (App-V) for Windows 10/11 from a previous version.
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ---
 
 
 # Migrating to App-V from previous versions
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
-To migrate from App-V 4.x to App-V for Windows 10, you must upgrade to App-V 5.x first. 
+To migrate from App-V 4.x to App-V for Windows 10/11, you must upgrade to App-V 5.x first. 
 
 ## Improvements to the App-V Package Converter
 
@@ -27,35 +26,9 @@ You can now use the package converter to convert App-V 4.6 packages that contain
 
 You can also use the `–OSDsToIncludeInPackage` parameter with the `ConvertFrom-AppvLegacyPackage` cmdlet to specify which .osd files’ information is converted and placed within the new package.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    New in App-V for Windows 10Prior to App-V for Windows 10
                    New .xml files are created corresponding to the .osd files associated with a package; these files include the following information:
                    
-
                      
-
                    • environment variables
                      • 
-
                    • shortcuts
                      • 
-
                    • file type associations
                      • 
-
                    • registry information
                      • 
-
                    • scripts
                      • 
-
                    
-
                    You can now choose to add information from a subset of the .osd files in the source directory to the package using the -OSDsToIncludeInPackage parameter.
                    Registry information and scripts included in .osd files associated with a package were not included in package converter output.
                    
-
                    The package converter would populate the new package with information from all of the .osd files in the source directory.
                    
-
- 
+|New in App-V for Windows client|Prior to App-V for Windows 10|
+|--- |--- |
+|New .xml files are created corresponding to the .osd files associated with a package; these files include the following information:
                  • environment variables
                  • shortcuts
                  • file type associations
                  • registry information
                  • scripts
                     
                    You can now choose to add information from a subset of the .osd files in the source directory to the package using the -OSDsToIncludeInPackage parameter.|Registry information and scripts included in .osd files associated with a package weren't included in package converter output.
                     
                    The package converter would populate the new package with information from all of the .osd files in the source directory.|
 
 ### Example conversion statement
 
@@ -103,65 +76,10 @@ ConvertFrom-AppvLegacyPackage –SourcePath \\OldPkgStore\ContosoApp\
 
 **In the above example:**
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    These Source directory files……are converted to these Destination directory files……and will contain these itemsDescription
                      
-
                    • X.osd
                      • 
-
                    • Y.osd
                      • 
-
                    • Z.osd
                      • 
-
                      
-
                    • X_Config.xml
                      • 
-
                    • Y_Config.xml
                      • 
-
                    • Z_Config.xml
                      • 
-
                      
-
                    • Environment variables
                      • 
-
                    • Shortcuts
                      • 
-
                    • File type associations
                      • 
-
                    • Registry information
                      • 
-
                    • Scripts
                      • 
-
                    Each .osd file is converted to a separate, corresponding .xml file that contains the items listed here in App-V deployment configuration format. These items can then be copied from these .xml files and placed in the deployment configuration or user configuration files as desired.
                    
-
                    In this example, there are three .xml files, corresponding with the three .osd files in the source directory. Each .xml file contains the environment variables, shortcuts, file type associations, registry information, and scripts in its corresponding .osd file.
                      
-
                    • X.osd
                      • 
-
                    • Y.osd
                      • 
-
                      
-
                    • ContosoApp.appv
                      • 
-
                    • ContosoApp_DeploymentConfig.xml
                      • 
-
                    • ContosoApp_UserConfig.xml
                      • 
-
                      
-
                    • Environment variables
                      • 
-
                    • Shortcuts
                      • 
-
                    • File type associations
                      • 
-
                    The information from the .osd files specified in the -OSDsToIncludeInPackage parameter are converted and placed inside the package. The converter then populates the deployment configuration file and the user configuration file with the contents of the package, just as App-V Sequencer does when sequencing a new package.
                    
-
                    In this example, environment variables, shortcuts, and file type associations included in X.osd and Y.osd were converted and placed in the App-V package, and some of this information was also included in the deployment configuration and user configuration files. X.osd and Y.osd were used because they were included as arguments to the -OSDsToIncludeInPackage parameter. No information from Z.osd was included in the package, because it was not included as one of these arguments.
                    
-
- 
+|These Source directory files…|…are converted to these Destination directory files…|…and will contain these items|Description|
+|--- |--- |--- |--- |
+|
                  • X.osd
                  • Y.osd
                  • Z.osd|
                  • X_Config.xml
                  • Y_Config.xml
                  • Z_Config.xml|
                  • Environment variables:
                  • Shortcuts
                  • File type associations
                  • Registry information
                  • Scripts|Each .osd file is converted to a separate, corresponding .xml file that contains the items listed here in App-V deployment configuration format. These items can then be copied from these .xml files and placed in the deployment configuration or user configuration files as desired.
                    In this example, there are three .xml files, corresponding with the three .osd files in the source directory. Each .xml file contains the environment variables, shortcuts, file type associations, registry information, and scripts in its corresponding .osd file.|
+|
                  • X.osd
                  • Y.osd|
                  • ContosoApp.appv 
                  • ContosoApp_DeploymentConfig.xml  
                  • ContosoApp_UserConfig.xml|
                  • Environment variables
                  • Shortcuts
                  • File type associations|The information from the .osd files specified in the -OSDsToIncludeInPackage parameter is converted and placed inside the package. The converter then populates the deployment configuration file and the user configuration file with the contents of the package, just as App-V Sequencer does when sequencing a new package.
                    In this example, environment variables, shortcuts, and file type associations included in X.osd and Y.osd were converted and placed in the App-V package, and some of this information was also included in the deployment configuration and user configuration files. X.osd and Y.osd were used because they were included as arguments to the -OSDsToIncludeInPackage parameter. No information from Z.osd was included in the package, because it wasn't included as one of these arguments.|
 
 ## Converting packages created using a prior version of App-V
 
@@ -176,82 +94,32 @@ After you convert an existing package you should test the package prior to deplo
 
 **What to know before you convert existing packages**
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    IssueWorkaround
                    Virtual packages using DSC are not linked after conversion.
                    Link the packages using connection groups. See Managing Connection Groups.
                    Environment variable conflicts are detected during conversion.
                    Resolve any conflicts in the associated .osd file.
                    Hard-coded paths are detected during conversion.
                    Hard-coded paths are difficult to convert correctly. The package converter will detect and return packages with files that contain hard-coded paths. View the file with the hard-coded path, and determine whether the package requires the file. If so, it is recommended to re-sequence the package.
                    
-
- 
+|Issue|Workaround|
+|--- |--- |
+|Virtual packages using DSC aren't linked after conversion.|Link the packages using connection groups. See [Managing Connection Groups](appv-managing-connection-groups.md).|
+|Environment variable conflicts are detected during conversion.|Resolve any conflicts in the associated **.osd** file.|
+|Hard-coded paths are detected during conversion.|Hard-coded paths are difficult to convert correctly. The package converter will detect and return packages with files that contain hard-coded paths. View the file with the hard-coded path, and determine whether the package requires the file. If so, it's recommended to re-sequence the package.|
 
 When converting a package check for failing files or shortcuts, locate the item in App-V 4.6 package. It could possibly be a hard-coded path. Convert the path.
 
 **Note**  
-It is recommended that you use the App-V sequencer for converting critical applications or applications that need to take advantage of features. See [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md).
+It's recommended that you use the App-V sequencer for converting critical applications or applications that need to take advantage of features. See [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md).
 
-If a converted package does not open after you convert it, it is also recommended that you re-sequence the application using the App-V sequencer.
+If a converted package doesn't open after you convert it, it's also recommended that you resequence the application using the App-V sequencer.
 
 [How to Convert a Package Created in a Previous Version of App-V](appv-convert-a-package-created-in-a-previous-version-of-appv.md)
 
 ## Migrating the App-V Server Full Infrastructure
 
 
-There is no direct method to upgrade to a full App-V infrastructure. Use the information in the following section for information about upgrading the App-V server.
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    TaskMore Information
                    Review prerequisites.
                    App-V Server prerequisite software.
                    Enable the App-V client.
                    Enable the App-V desktop client.
                    Install App-V Server.
                    How to Deploy the App-V Server.
                    Migrate existing packages.
                    See Converting packages created using a prior version of App-V earlier in this topic.
                    
-
-
+There's no direct method to upgrade to a full App-V infrastructure. Use the information in the following section for information about upgrading the App-V server.
 
+|Task|More Information|
+|--- |--- |
+|Review prerequisites.|[App-V Server prerequisite software](appv-prerequisites.md#app-v-server-prerequisite-software)|
+|Enable the App-V client.|[Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)|
+|Install App-V Server.|[How to Deploy the App-V Server](appv-deploy-the-appv-server.md)|
+|Migrate existing packages.|See [Converting packages created using a prior version of App-V](#converting-packages-created-using-a-prior-version-of-app-v) earlier in this topic.|
 
 
                    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
@@ -259,4 +127,4 @@ There is no direct method to upgrade to a full App-V infrastructure. Use the inf
 
 - [Operations for App-V](appv-operations.md)
 
-- [A simplified Microsoft App-V 5.1 Management Server upgrade procedure](/archive/blogs/appv/a-simplified-microsoft-app-v-5-1-management-server-upgrade-procedure)
\ No newline at end of file
+- [A simplified Microsoft App-V 5.1 Management Server upgrade procedure](/archive/blogs/appv/a-simplified-microsoft-app-v-5-1-management-server-upgrade-procedure)
diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
index 0cc6df1e55..86dd8a2e20 100644
--- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
+++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
@@ -1,22 +1,21 @@
 ---
-title: How to Modify an Existing Virtual Application Package (Windows 10)
+title: How to Modify an Existing Virtual Application Package (Windows 10/11)
 description: Learn how to modify an existing virtual application package and add a new application to an existing virtual application package.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ---
 
 
 # How to Modify an Existing Virtual Application Package
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 This topic explains how to:
 
@@ -49,11 +48,11 @@ This topic explains how to:
 5.  On the **Prepare Computer** page, review the issues that could cause the application update to fail or cause the updated application to contain unnecessary data. Resolve all potential issues before you continue. After making any corrections and resolving all potential issues, click **Refresh** > **Next**.
 
     **Important**  
-    If you are required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files are added to the package.
+    If you're required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files are added to the package.
 
-6.  On the **Select Installer** page, click **Browse** and specify the update installation file for the application. If the update does not have an associated installer file, and if you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+6.  On the **Select Installer** page, click **Browse** and specify the update installation file for the application. If the update doesn't have an associated installer file, and if you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
 
-7.  On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application update so the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run**, and then locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**.
+7.  On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application update so the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run**, and then locate and run the additional installation files. When you're finished with the installation, select **I am finished installing**. Click **Next**.
 
     >**Note**  The sequencer monitors all changes and installations that occur on the computer that runs the sequencer. This includes any changes and installations that are performed outside of the sequencing wizard.
 
@@ -63,7 +62,7 @@ This topic explains how to:
 
     >**Note**  You can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop**, and then select either **Stop all applications** or **Stop this application only**.
 
-10. On the **Create Package** page, to modify the package without saving it, select the check box for **Continue to modify package without saving using the package editor**. When you select this option, the package opens in the App-V Sequencer console, where you can modify the package before it is saved. Click **Next**.
+10. On the **Create Package** page, to modify the package without saving it, select the check box for **Continue to modify package without saving using the package editor**. When you select this option, the package opens in the App-V Sequencer console, where you can modify the package before it's saved. Click **Next**.
 
     To save the package immediately, select the default **Save the package now**. Add optional **Comments** to associate with the package. Comments are useful to identify the application version and provide other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. Click **Create**.
 
@@ -98,7 +97,7 @@ This topic explains how to:
 
     -   Edit registry settings.
 
-    -   Review additional package settings (except operating system file properties).
+    -   Review the extra package settings (except operating system file properties).
 
     -   Set virtualized registry key state (override or merge).
 
@@ -118,15 +117,15 @@ This topic explains how to:
 
 3.  On the **Select Task** page, click **Add New Application** > **Next**.
 
-4.  On the **Select Package** page, click **Browse** to locate the virtual application package to which you will add the application, and then click **Next**.
+4.  On the **Select Package** page, click **Browse** to locate the virtual application package to which you'll add the application, and then click **Next**.
 
 5.  On the **Prepare Computer** page, review the issues that could cause the package creation to fail or cause the revised package to contain unnecessary data. Resolve all potential issues before you continue. After making any corrections and resolving all potential issues, click **Refresh** > **Next**.
 
-    >**Important**  If you are required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files can be added to the package.
+    >**Important**  If you're required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files can be added to the package.
 
-6.  On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+6.  On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application doesn't have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
 
-7.  On the **Installation** page, when the sequencer and application installer are ready, install the application so that the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run**, and locate and run the additional installation files. When you finish the installation, select **I am finished installing** > **Next**. In the **Browse for Folder** dialog box, specify the primary directory where the application will be installed. Ensure that this is a new location so that you don’t overwrite the existing version of the virtual application package.
+7.  On the **Installation** page, when the sequencer and application installer are ready, install the application so that the sequencer can monitor the installation process. If more installation files must be run as part of the installation, click **Run**, and locate and run those installation files. When you finish the installation, select **I am finished installing** > **Next**. In the **Browse for Folder** dialog box, specify the primary directory where the application will be installed. Ensure that this directory is a new location so that you don’t overwrite the existing version of the virtual application package.
 
     >**Note**  The sequencer monitors all changes and installations that occur on the computer that runs the sequencer. This includes any changes and installations that are performed outside of the sequencing wizard.
 
@@ -134,9 +133,9 @@ This topic explains how to:
 
 9.  On the **Installation Report** page, you can review information about the updated virtual application. In **Additional Information**, double-click the event to obtain more detailed information, and then click **Next** to open the **Customize** page.
 
-10. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 13 of this procedure. If you want to perform the following described customization, click **Customize**.
+10. If you're finished installing and configuring the virtual application, select **Stop now** and skip to step 13 of this procedure. If you want to perform the following described customization, click **Customize**.
 
-    If you are customizing, prepare the virtual package for streaming, and then click **Next**. Streaming improves the experience when the virtual application package is run on target computers.
+    If you're customizing, prepare the virtual package for streaming, and then click **Next**. Streaming improves the experience when the virtual application package is run on target computers.
 
 11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**.
 
diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
index ad99c8c0b2..e3d8c9c251 100644
--- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
+++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
@@ -1,22 +1,21 @@
 ---
-title: How to Modify Client Configuration by Using Windows PowerShell (Windows 10)
+title: How to Modify Client Configuration by Using Windows PowerShell (Windows 10/11)
 description: Learn how to modify the Application Virtualization (App-V) client configuration by using Windows PowerShell.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ---
 
 
 # How to Modify Client Configuration by Using Windows PowerShell
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following procedure to configure the App-V client configuration.
 
diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
index ea80b1f3c8..011db77850 100644
--- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
+++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
@@ -1,15 +1,15 @@
 ---
-title: How to Move the App-V Server to Another Computer (Windows 10)
+title: How to Move the App-V Server to Another Computer (Windows 10/11)
 description: Learn how to create a new management server console in your environment and learn how to connect it to the App-V database.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ---
 
 
@@ -25,9 +25,9 @@ Use the following information to create a new management server console in your
 
 Follow these steps to create a new management server console:
 
-1.  Install the management server on a computer in your environment. For more information about installing the management server see [Deploying the App-V server](appv-deploying-the-appv-server.md).
+1.  Install the management server on a computer in your environment. For more information about installing the management server, see [Deploying the App-V server](appv-deploying-the-appv-server.md).
 
-2.  After you have completed the installation, use the following link to connect it to the App-V database - [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md).
+2.  After you've completed the installation, use the following link to connect it to the App-V database - [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md).
 
 
 
diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md
index 91ddd5b656..80ba2f4fbd 100644
--- a/windows/application-management/app-v/appv-operations.md
+++ b/windows/application-management/app-v/appv-operations.md
@@ -1,20 +1,20 @@
 ---
-title: Operations for App-V (Windows 10)
+title: Operations for App-V (Windows 10/11)
 description: Learn about the various types of App-V administration and operating tasks that are typically performed by an administrator.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 # Operations for App-V
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 This section of the Microsoft Application Virtualization (App-V) Administrator’s Guide includes information about the various types of App-V administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks.
 
@@ -34,7 +34,7 @@ This section of the Microsoft Application Virtualization (App-V) Administrator
     Describes how to deploy App-V packages by using an ESD.
 - [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
 
-    Describes how perform client configuration tasks using the client management console.
+    Describes how to perform client configuration tasks using the client management console.
 - [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
 
     Provides instructions for migrating to App-V from a previous version.
diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md
index dba895b3b1..ee185b6c84 100644
--- a/windows/application-management/app-v/appv-performance-guidance.md
+++ b/windows/application-management/app-v/appv-performance-guidance.md
@@ -1,25 +1,27 @@
 ---
-title: Performance Guidance for Application Virtualization (Windows 10)
+title: Performance Guidance for Application Virtualization (Windows 10/11)
 description: Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ---
 
 
 # Performance Guidance for Application Virtualization
 
-**Applies to**
--   Windows 7 SP1
--   Windows 10 
--   Server 2012 R2
--   Server 2016
+**Applies to**:
+
+- Windows 7 SP1
+- Windows 10 
+- Windows 11
+- Server 2012 R2
+- Server 2016
 
 Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
 
@@ -33,24 +35,24 @@ You should read and understand the following information before reading this doc
 
 -   [App-V Sequencing Guide](https://www.microsoft.com/download/details.aspx?id=27760)
 
-**Note**  
-Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk * review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.
+> [!Note]
+> Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk `*`, review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.
 
 Finally, this document will provide you with the information to configure the computer running App-V client and the environment for optimal performance. Optimize your virtual application packages for performance using the sequencer, and to understand how to use User Experience Virtualization (UE-V) or other user environment management technologies to provide the optimal user experience with App-V in both Remote Desktop Services (RDS) and non-persistent virtual desktop infrastructure (VDI).
 
-To help determine what information is relevant to your environment you should review each section’s brief overview and applicability checklist.
+To help determine what information is relevant to your environment, you should review each section’s brief overview and applicability checklist.
 
 ##  App-V in stateful\* non-persistent deployments
 
-This section provides information about an approach that helps ensure a user will have access to all virtual applications within seconds after logging in. This is achieved by uniquely addressing the often long-running App-V publishing refresh. As you will discover the basis of the approach, the fastest publishing refresh, is one that doesn’t have to actually do anything. A number of conditions must be met and steps followed to provide the optimal user experience.
+This section provides information about an approach that helps ensure a user will have access to all virtual applications within seconds after logging in. This access is achieved by uniquely addressing the often long-running App-V publishing refresh. As you'll discover the basis of the approach, the fastest publishing refresh, is one that doesn’t have to actually do anything. Many conditions must be met and steps followed to provide the optimal user experience.
 
 Use the information in the following section for more information:
 
-[Usage Scenarios](#bkmk-us) - As you review the two scenarios, keep in mind that these are the approach extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users and/or virtual applications packages.
+[Usage Scenarios](#bkmk-us) - As you review the two scenarios, keep in mind that these scenarios are the approach extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users and/or virtual applications packages.
 
 -   Optimized for Performance – To provide the optimal experience, you can expect the base image to include some of the App-V virtual application package. This and other requirements are discussed.
 
--   Optimized for Storage – If you are concerned with the storage impact, following this scenario will help address those concerns.
+-   Optimized for Storage – If you're concerned with the storage impact, following this scenario will help address those concerns.
 
 [Preparing your Environment](#bkmk-pe)
 
@@ -60,9 +62,9 @@ Use the information in the following section for more information:
 
 [User Experience Walk-through](#bkmk-uewt)
 
--   Walk-through – This is a step-by-step walk-through of the App-V and UE-V operations and the expectations users should have.
+-   Walk-through – It's a step-by-step walk-through of the App-V and UE-V operations and the expectations users should have.
 
--   Outcome – This describes the expected results.
+-   Outcome – It describes the expected results.
 
 [Impact to Package Lifecycle](#bkmk-plc)
 
@@ -70,199 +72,97 @@ Use the information in the following section for more information:
 
 ### Applicability Checklist
 
-Deployment Environment
+|Checklist|Deployment Environment|
+|--- |--- |
+|![Checklist box](images/checklistbox.gif)|Non-Persistent VDI or RDSH.|
+|![Checklist box](images/checklistbox.gif)|User Experience Virtualization (UE-V), other UPM solutions or User Profile Disks (UPD).|
 
-
----
-
-
-
-
-
-
-
-
-
-
-
                    



                    Checklist box
                    Non-Persistent VDI or RDSH.
                    Checklist box
                    User Experience Virtualization (UE-V), other UPM solutions or User Profile Disks (UPD).
                    
+|Checklist|Expected Configuration|
+|--- |--- |
+|![Checklist box](images/checklistbox.gif)|User Experience Virtualization (UE-V) with the App-V user state template enabled or User Profile Management (UPM) software. Non-UE-V UPM software must be capable of triggering on Login or Process/Application Start and Logoff.|
+|![Checklist box](images/checklistbox.gif)|App-V Shared Content Store (SCS) is configured or can be configured.|
 
- 
 
-Expected Configuration
-
-
----
-
-
-
-
-
-
-
-
-
-
-
                    



                    Checklist box
                    User Experience Virtualization (UE-V) with the App-V user state template enabled or User Profile Management (UPM) software. Non-UE-V UPM software must be capable of triggering on Login or Process/Application Start and Logoff.
                    Checklist box
                    App-V Shared Content Store (SCS) is configured or can be configured.
                    
-
- 
-
-IT Administration
-
-
----
-
-
-
-
-
-
-
                    



                    Checklist box
                    Admin may need to update the VM base image regularly to ensure optimal performance or Admin may need to manage multiple images for different user groups.
                    
-
- 
+|Checklist|IT Administration|
+|--- |--- |
+|![Checklist box](images/checklistbox.gif)|Admin may need to update the VM base image regularly to ensure optimal performance or Admin may need to manage multiple images for different user groups.|
 
 ### Usage Scenarios
 
-As you review the two scenarios, keep in mind that these approach the extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users, virtual application packages, or both.
+As you review the two scenarios, keep in mind that these scenarios represent the extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users, virtual application packages, or both.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Optimized for PerformanceOptimized for Storage
                    To provide the most optimal user experience, this approach leverages the capabilities of a UPM solution and requires additional image preparation and can incur some additional image management overhead.
                    
-
                    The following describes many performance improvements in stateful non-persistent deployments. For more information, see Sequencing Steps to Optimize Packages for Publishing Performance later in this topic.
                    The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in very costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image.
                    
-
                    The impact of this alteration is detailed in the User Experience Walk-through section of this document.
                    
+- **Performance**: To provide the most optimal user experience, this approach uses the capabilities of a UPM solution and requires extra image preparation and can incur some more image management overhead.
 
- 
+  The following section describes many performance improvements in stateful non-persistent deployments. For more information, see [Sequencing Steps to Optimize Packages for Publishing Performance](#sequencing-steps-to-optimize-packages-for-publishing-performance) (in this article).
+
+- **Storage**: The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in costly arrays; a slight alteration has been made to the approach. Don't pre-configure user-targeted virtual application packages in the base image.
+
+  The impact of this alteration is detailed in the [User Experience Walk-through](#bkmk-uewt) (in this article).
 
 ### Preparing your Environment
 
-The following table displays the required steps to prepare the base image and the UE-V or another UPM solution for the approach.
+The following information displays the required steps to prepare the base image and the UE-V or another UPM solution for the approach.
 
-**Prepare the Base Image**
+#### Prepare the Base Image
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Optimized for PerformanceOptimized for Storage
                    
-
                      
-
                    • Enable the App-V client as described in Enable the App-V in-box client.
                      • 
-
                    • Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
                      • 
-
                    • Configure for Shared Content Store (SCS) mode. For more information see Deploying the App-V Sequencer and Configuring the Client.
                      • 
-
                    • Configure Preserve User Integrations on Login Registry DWORD.
                      • 
-
                    • Pre-configure all user- and global-targeted packages for example, Add-AppvClientPackage.
                      • 
-
                    • Pre-configure all user- and global-targeted connection groups for example, Add-AppvClientConnectionGroup.
                      • 
-
                    • Pre-publish all global-targeted packages.
                      
-
                      
-
                      Alternatively,
                      
-
                        
-
                      • Perform a global publishing/refresh.
                        • 
-
                      • Perform a user publishing/refresh.
                        • 
-
                      • Un-publish all user-targeted packages.
                        • 
-
                      • Delete the following user-Virtual File System (VFS) entries.
                        • 
-
                      
-
                      AppData\Local\Microsoft\AppV\Client\VFS
                      
-
                      AppData\Roaming\Microsoft\AppV\Client\VFS
                      • 
-
                    
-
                      
-
                    • Enable the App-V client as described in Enable the App-V in-box client.
                      • 
-
                    • Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
                      • 
-
                    • Configure for Shared Content Store (SCS) mode. For more information see Deploying the App-V Sequencer and Configuring the Client.
                      • 
-
                    • Configure Preserve User Integrations on Login Registry DWORD.
                      • 
-
                    • Pre-configure all global-targeted packages for example, Add-AppvClientPackage.
                      • 
-
                    • Pre-configure all global-targeted connection groups for example, Add-AppvClientConnectionGroup.
                      • 
-
                    • Pre-publish all global-targeted packages.
                      
-
                      • 
-
                    
+- **Performance**: 
 
- 
+  - Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).
+  - Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
+  - Configure for Shared Content Store (SCS) mode. For more information, see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
+  - Configure Preserve User Integrations on Login Registry DWORD.
+  - Pre-configure all user and global-targeted packages, for example, **Add-AppvClientPackage**.
+  - Pre-configure all user- and global-targeted connection groups, for example, **Add-AppvClientConnectionGroup**.
+  - Pre-publish all global-targeted packages. Or:
+    - Perform a global publishing/refresh.
+    - Perform a user publishing/refresh.
+    - Unpublish all user-targeted packages.
+    - Delete the following user-Virtual File System (VFS) entries:
 
-**Configurations** - For critical App-V Client configurations and for a little more context and how-to, review the following information:
+      - `AppData\Local\Microsoft\AppV\Client\VFS`
+      - `AppData\Roaming\Microsoft\AppV\Client\VFS`
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    Configuration SettingWhat does this do?How should I use it?
                    Shared Content Store (SCS) Mode
                    
-
                    When running the shared content store only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM).
                    
-
                    This helps to conserve local storage and minimize disk I/O per second (IOPS).
                    This is recommended when low-latency connections are available between the App-V Client endpoint and the SCS content server, SAN.
                    PreserveUserIntegrationsOnLogin
                    
-
                      
-
                    • Configure in the Registry under HKEY_LOCAL_MACHINE \ Software \ Microsoft \ AppV \ Client \ Integration.
                      • 
-
                    • Create the DWORD value PreserveUserIntegrationsOnLogin with a value of 1.
                      • 
-
                    • Restart the App-V client service or restart the computer running the App-V Client.
                      • 
-
                    If you have not pre-configured (Add-AppvClientPackage) a specific package and this setting is not configured, the App-V Client will de-integrate* the persisted user integrations, then re-integrate*.
                    
-
                    For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh.
                    If you don’t plan to pre-configure every available user package in the base image, use this setting.
                    MaxConcurrentPublishingRefresh
                    
-
                      
-
                    • Configure in the Registry under HKEY_LOCAL_MACHINE \ Software \ Microsoft \ AppV \ Client \ Publishing.
                      • 
-
                    • Create the DWORD value MaxConcurrentPublishingrefresh with the desired maximum number of concurrent publishing refreshes.
                      • 
-
                    • The App-V client service and computer do not need to be restarted.
                      • 
-
                    This setting determines the number of users that can perform a publishing refresh/sync at the same time. The default setting is no limit.
                    Limiting the number of concurrent publishing refreshes prevents excessive CPU usage that could impact computer performance. This limit is recommended in an RDS environment, where multiple users can log in to the same computer at the same time and perform a publishing refresh sync.
                    
-
                    If the concurrent publishing refresh threshold is reached, the time required to publish new applications and make them available to end users after they log in could take an indeterminate amount of time.
                    
+- **Storage**: 
 
- 
+  - Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).
+  - Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
+  - Configure for Shared Content Store (SCS) mode. For more information, see [Deploying the
+  App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
+  - Configure Preserve User Integrations on Login Registry DWORD.
+  - Pre-configure all global-targeted packages, for example, **Add-AppvClientPackage**.
+  - Pre-configure all global-targeted connection groups, for example, **Add-AppvClientConnectionGroup**.
+  - Pre-publish all global-targeted packages.
+
+#### Configurations
+
+For critical App-V Client configurations and for a little more context and how-to, review the following configuration settings:
+
+- **Shared Content Store (SCS) Mode**: When running the shared content store, only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM). Such a result helps to conserve local storage and minimize disk I/O per second (IOPS).
+
+  This setting is recommended when low-latency connections are available between the App-V Client endpoint and the SCS content server, SAN.
+
+  - Configurable in Windows PowerShell: `Set-AppvClientConfiguration -SharedContentStoreMode 1`
+  - Configurable with Group Policy: See [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
+
+- **PreserveUserIntegrationsOnLogin**: If you have not pre-configured (**Add-AppvClientPackage**) a specific package and this setting isn't configured, the App-V Client will de-integrate* the persisted user integrations, then reintegrate*.
+
+  For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh.
+  
+  If you don’t plan to pre-configure every available user package in the base image, use this setting.
+
+  - Configure in the Registry under `HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Integration`.
+  - Create the DWORD value **PreserveUserIntegrationsOnLogin** with a value of 1.
+  - Restart the App-V client service or restart the computer running the App-V Client.
+
+- **MaxConcurrentPublishingRefresh**: This setting determines the number of users that can perform a publishing refresh/sync at the same time. The default setting is no limit.
+
+  Limiting the number of concurrent publishing refreshes prevents excessive CPU usage that could impact computer performance. This limit is  recommended in an RDS environment, where multiple users can log in to the same computer at the same time and perform a publishing refresh sync.
+
+  If the concurrent publishing refresh threshold is reached, the time required to publish new applications and make them available to end users after they sign in could take an indeterminate amount of time.
+
+  - Configure in the Registry under `HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Publishing`.
+  - Create the DWORD value **MaxConcurrentPublishingrefresh** with the desired maximum number of concurrent publishing refreshes.
+  - The App-V client service and computer don't need to be restarted.
 
 ### Configure UE-V solution for App-V Approach
 
@@ -270,27 +170,25 @@ We recommend using User Experience Virtualization (UE-V) to capture and centrali
 
 For more information, see:
 
-- [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows)
+- [User Experience Virtualization (UE-V) for Windows client overview](/windows/configuration/ue-v/uev-for-windows)
 
 - [Get Started with UE-V](/windows/configuration/ue-v/uev-getting-started)
 
-In essence all that is required is to enable the UE-V service and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information about UE-V templates, see [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows).
+In essence all that is required is to enable the UE-V service and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information about UE-V templates, see [User Experience Virtualization (UE-V) for Windows client overview](/windows/configuration/ue-v/uev-for-windows).
 
-**Note**  
-Without performing an additional configuration step, User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default.
+> [!Note]
+> Without performing an additional configuration step, User Environment Virtualization (UE-V) won't be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default.
 
-UE-V will only support removing the .lnk file type from the exclusion list in the RDS and VDI scenarios, where every user’s device will have the same set of applications installed to the same location and every .lnk file is valid for all the users’ devices. For example, UE-V would not currently support the following two scenarios, because the net result will be that the shortcut will be valid on one but not all devices.
+UE-V will only support removing the .lnk file type from the exclusion list in the RDS and VDI scenarios, where every user’s device will have the same set of applications installed to the same location and every .lnk file is valid for all the users’ devices. For example, UE-V wouldn't currently support the following two scenarios, because the net result will be that the shortcut will be valid on one but not all devices.
 
 -   If a user has an application installed on one device with .lnk files enabled and the same native application installed on another device to a different installation root with .lnk files enabled.
 
 -   If a user has an application installed on one device but not another with .lnk files enabled.
 
-**Important**  
-This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
+> [!Important]
+> This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk. 
 
- 
-
-Using the Microsoft Registry Editor (regedit.exe), navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **UEV** \\ **Agent** \\ **Configuration** \\ **ExcludedFileTypes** and remove **.lnk** from the excluded file types.
+Using the Microsoft Registry Editor (regedit.exe), navigate to `HKEY\_LOCAL\_MACHINE\Software\Microsoft\UEV\Agent\Configuration\ExcludedFileTypes` and remove `.lnk` from the excluded file types.
 
 ## Configure other User Profile Management (UPM) solutions for App-V Approach
 
@@ -298,26 +196,25 @@ The expectation in a stateful environment is that a UPM solution is implemented
 
 The requirements for the UPM solution are as follows.
 
-To enable an optimized login experience, for example the App-V approach for the user, the solution must be capable of:
+To enable an optimized sign-in experience, for example the App-V approach for the user, the solution must be capable of:
 
 -   Persisting the below user integrations as part of the user profile/persona.
 
--   Triggering a user profile sync on login (or application start), which can guarantee that all user integrations are applied before publishing/refresh begin, or,
+-   Triggering a user profile sync on sign in (or application start), which can guarantee that all user integrations are applied before publishing/refresh begin, or,
 
 -   Attaching and detaching a user profile disk (UPD) or similar technology that contains the user integrations.
 
-    **Note**  
-    App-V is supported when using UPD only when the entire profile is stored on the user profile disk.
+  > [!Note]
+  > 
+  > App-V is supported when using UPD only when the entire profile is stored on the user profile disk.
+  > 
+  > App-V packages are not supported when using UPD with selected folders stored in the user profile disk. The Copy on Write driver doesn't handle UPD selected folders.     
 
-    App-V packages are not supported when using UPD with selected folders stored in the user profile disk. The Copy on Write driver does not handle UPD selected folders.
+-   Capturing changes to the locations, which constitute the user integrations, prior to session sign out.
 
-     
+With App-V when you add a publishing server (**Add-AppvPublishingServer**) you can configure synchronization, for example refresh during a sign in and/or after a specified refresh interval. In both cases, a scheduled task is created.
 
--   Capturing changes to the locations, which constitute the user integrations, prior to session logoff.
-
-With App-V when you add a publishing server (**Add-AppvPublishingServer**) you can configure synchronization, for example refresh during log on and/or after a specified refresh interval. In both cases a scheduled task is created.
-
-In previous versions of App-V, both scheduled tasks were configured using a VBScript that would initiate the user and global refresh. Starting with Hotfix Package 4 for Application Virtualization 5.0 SP2 the user refresh on log on was initiated by **SyncAppvPublishingServer.exe**. This change was introduced to provide UPM solutions a trigger process. This process delays the publish /refresh to allow the UPM solution to apply the user integrations. It will exit once the publishing/refresh is complete.
+In previous versions of App-V, both scheduled tasks were configured using a VBScript that would initiate the user and global refresh. Starting with Hotfix Package 4 for Application Virtualization 5.0 SP2, the user refresh on a sign in was initiated by **SyncAppvPublishingServer.exe**. This change was introduced to provide UPM solutions a trigger process. This process delays the publish /refresh to allow the UPM solution to apply the user integrations. It will exit once the publishing/refresh is complete.
 
 ### User Integrations
 
@@ -351,97 +248,75 @@ Registry – HKEY\_CURRENT\_USER
 
 ### User Experience Walk-through
 
-This following is a step-by-step walk-through of the App-V and UPM operations and the expectations users should expect.
+This following process is a step-by-step walk-through of the App-V and UPM operations, and the users' expectations.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Optimized for PerformanceOptimized for Storage
                    After implementing this approach in the VDI/RDSH environment, on first login,
                    
-
                      
-
                    • (Operation) A user-publishing/refresh is initiated. (Expectation) If this is the first time a user has published virtual applications (e.g. non-persistent), this will take the usual duration of a publishing/refresh.
                      • 
-
                    • (Operation) After the publishing/refresh, the UPM solution captures the user integrations. (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state.
                      • 
-
                    
-
                    On subsequent logins:
                    
-
                      
-
                    • (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.
                      
-
                      (Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (i.e., package entitlements change), some may go away.
                      • 
-
                    • (Operation) Publishing/refresh will process un-publish and publish operations for changes in user package entitlements. (Expectation) If there are no entitlement changes, publishing1 will complete in seconds. Otherwise, the publishing/refresh will increase relative to the number and complexity* of virtual applications
                      • 
-
                    • (Operation) UPM solution will capture user integrations again at logoff. (Expectation) Same as previous.
                      • 
-
                    
-
                    ¹ The publishing operation (Publish-AppVClientPackage) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps.
                    After implementing this approach in the VDI/RDSH environment, on first login,
                    
-
                      
-
                    • (Operation) A user-publishing/refresh is initiated. (Expectation)
                      
-
                        
-
                      • If this is the first time a user has published virtual applications (e.g., non-persistent), this will take the usual duration of a publishing/refresh.
                        • 
-
                      • First and subsequent logins will be impacted by pre-configuring of packages (add/refresh).
                        
-
                        • 
-
                      • 
-
                    • (Operation) After the publishing/refresh, the UPM solution captures the user integrations. (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state
                      • 
-
                    
-
                    On subsequent logins:
                    
-
                      
-
                    • (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.
                      • 
-
                    • (Operation) Add/refresh must pre-configure all user targeted applications. (Expectation)
                      
-
                        
-
                      • This may increase the time to application availability significantly (on the order of 10’s of seconds).
                        • 
-
                      • This will increase the publishing refresh time relative to the number and complexity* of virtual applications.
                        
-
                        • 
-
                      • 
-
                    • (Operation) Publishing/refresh will process un-publish and publish operations for changes to user package entitlements.
                      • 
-
                    
+- **Performance**: After implementing this approach in the VDI/RDSH environment, on first login,
+  - (Operation) A user-publishing/refresh is initiated. 
 
+    (Expectation) If it's the first time that a user has published virtual applications (for example, non-persistent), this operation will take the usual duration of a publishing/refresh.
+
+- (Operation) After the publishing/refresh, the UPM solution captures the user integrations.
+
+    (Expectation) Depending on how the UPM solution is configured, this capture may occur as part of the sign-out process. This result will incur the same/similar overhead as persisting the user state.
  
+  **On subsequent logins**:
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    OutcomeOutcome
                    
-
                      
-
                    • Because the user integrations are entirely preserved, there will be no work for example, integration for the publishing/refresh to complete. All virtual applications will be available within seconds of login.
                      • 
-
                    • The publishing/refresh will process changes to the users entitled virtual applications which impacts the experience.
                      • 
-
                    Because the add/refresh must re-configure all the virtual applications to the VM, the publishing refresh time on every login will be extended.
                    
+  - (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.
 
+    (Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (that is, package entitlements change), some may go away.
+
+  - (Operation) Publishing/refresh will process unpublish and publish operations for changes in user package entitlements. 
  
+    (Expectation) If there are no entitlement changes, publishing will complete in seconds. Otherwise, the publishing/refresh will increase relative to the number and complexity of virtual applications
 
+    The publishing operation (**Publish-AppVClientPackage**) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps.  
+  
+  - (Operation) UPM solution will capture user integrations again at sign off.
+ 
+     (Expectation) Same as previous.
+
+  **Outcome**: 
+
+  - Because the user integrations are entirely preserved, there will be no work for example, integration for the publishing/refresh to complete. All virtual applications will be available within seconds of sign in.
+  - The publishing/refresh will process changes to the users-entitled virtual applications, which impacts the experience.
+
+- **Storage**: After implementing this approach in the VDI/RDSH environment, on first login
+
+  - (Operation) A user-publishing/refresh is initiated. 
+
+    (Expectation):
+
+    - If this instance is the first time a user has published virtual applications (for example, non-persistent), this will take the usual duration of a publishing/refresh.
+    - First and subsequent logins will be impacted by pre-configuring of packages (add/refresh).
+ 
+  - (Operation) After the publishing/refresh, the UPM solution captures the user integrations.
+
+    (Expectation) Depending on how the UPM solution is configured, this capture may occur as part of the sign-off process. This result will incur the same/similar overhead as persisting the user state. 
+ 
+  **On subsequent logins**:
+ 
+  - (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.
+  - (Operation) Add/refresh must pre-configure all user targeted applications.
+
+    - (Expectation):
+      - This may increase the time to application availability significantly (on the order of 10s of seconds).
+      - This will increase the publishing refresh time relative to the number and complexity* of virtual applications.
+
+   - (Operation) Publishing/refresh will process unpublish and publish operations for changes to user package entitlements.
+
+  **Outcome**: Because the add/refresh must reconfigure all the virtual applications to the VM, the publishing refresh time on every login will be extended.
+ 
 ### Impact to Package Life Cycle
 
-Upgrading a package is a crucial aspect of the package lifecycle. To help guarantee users have access to the appropriate upgraded (published) or downgraded (un-published) virtual application packages, it is recommended you update the base image to reflect these changes. To understand why review the following section:
+Upgrading a package is a crucial aspect of the package lifecycle. To help guarantee users have access to the appropriate upgraded (published) or downgraded (unpublished) virtual application packages, it's recommended you update the base image to reflect these changes. To understand why review the following section:
 
 App-V 5.0 SP2 introduced the concept of pending states. In the past,
 
--   If an administrator changed entitlements or created a new version of a package (upgraded) and during a publishing/refresh that package was in-use, the un-publish or publish operation, respectively, would fail.
+-   If an administrator changed entitlements or created a new version of a package (upgraded) and during a publishing/refresh that package was in-use, the unpublish or publish operation, respectively, would fail.
 
--   Now, if a package is in-use the operation will be pended. The un-publish and publish-pend operations will be processed on service restart or if another publish or un-publish command is issued. In the latter case, if the virtual application is in-use otherwise, the virtual application will remain in a pending state. For globally published packages, a restart (or service restart) often needed.
+-   Now, if a package is in use, the operation will be pended. The unpublish and publish-pend operations will be processed on service restart or if another publish or unpublish command is issued. In the latter case, if the virtual application is in-use otherwise, the virtual application will remain in a pending state. For globally published packages, a restart (or service restart) often needed.
 
-In a non-persistent environment, it is unlikely these pended operations will be processed. The pended operations, for example tasks are captured under **HKEY\_CURRENT\_USER** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Client** \\ **PendingTasks**. Although this location is persisted by the UPM solution, if it is not applied to the environment prior to log on, it will not be processed.
+In a non-persistent environment, it's unlikely these pended operations will be processed. The pended operations, for example tasks are captured under **HKEY\_CURRENT\_USER** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Client** \\ **PendingTasks**. Although this location is persisted by the UPM solution, if it isn't applied to the environment prior to a sign in, it will not be processed.
 
 ### Enhancing the VDI Experience through Performance Optimization Tuning
 
@@ -475,8 +350,6 @@ Server Performance Tuning Guidelines for
 
 **Windows Client (Guest OS) Performance Tuning Guidance**
 
--   [Microsoft Windows 7](https://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx)
-
 -   [Optimization Script: (Provided by Microsoft Support)](/archive/blogs/jeff_stokes/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density)
 
 -   [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
@@ -487,46 +360,19 @@ Server Performance Tuning Guidelines for
 
 Several App-V features facilitate new scenarios or enable new customer deployment scenarios. These following features can impact the performance of the publishing and launch operations.
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    StepConsiderationBenefitsTradeoffs
                    No Feature Block 1 (FB1, also known as Primary FB)
                    No FB1 means the application will launch immediately and stream fault (application requires file, DLL and must pull down over the network) during launch. If there are network limitations, FB1 will:
                    
-
                      
-
                    • Reduce the number of stream faults and network bandwidth used when you launch an application for the first time.
                      • 
-
                    • Delay launch until the entire FB1 has been streamed.
                      • 
-
                    Stream faulting decreases the launch time.
                    Virtual application packages with FB1 configured will need to be re-sequenced.
                    
-
- 
+|Step|Consideration|Benefits|Tradeoffs|
+|--- |--- |--- |--- |
+|No Feature Block 1 (FB1, also known as Primary FB)|No FB1 means the application will launch immediately and stream fault (application requires file, DLL and must pull down over the network) during launch. If there are network limitations, FB1 will:
                  • Reduce the number of stream faults and network bandwidth used when you launch an application for the first time.
                  • Delay launch until the entire FB1 has been streamed.|Stream faulting decreases the launch time.|Virtual application packages with FB1 configured will need to be resequenced.|
 
 ### Removing FB1
 
-Removing FB1 does not require the original application installer. After completing the following steps, it is suggested that you revert the computer running the sequencer to a clean snapshot.
+Removing FB1 doesn't require the original application installer. After completing the following steps, it's suggested that you revert the computer running the sequencer to a clean snapshot.
 
 **Sequencer UI** - Create a New Virtual Application Package.
 
 1.  Complete the sequencing steps up to Customize -> Streaming.
 
-2.  At the Streaming step, do not select **Optimize the package for deployment over slow or unreliable network**.
+2.  At the Streaming step, don't select **Optimize the package for deployment over slow or unreliable network**.
 
 3.  If desired, move on to **Target OS**.
 
@@ -534,7 +380,7 @@ Removing FB1 does not require the original application installer. After completi
 
 1.  Complete the sequencing steps up to Streaming.
 
-2.  Do not select **Optimize the package for deployment over a slow or unreliable network**.
+2.  Don't select **Optimize the package for deployment over a slow or unreliable network**.
 
 3.  Move to **Create Package**.
 
@@ -552,37 +398,13 @@ Removing FB1 does not require the original application installer. After completi
 
     "C:\\UpgradedPackages"
 
-    **Note**  
-    This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file.
+    > [!Note]
+    > This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file.  
 
-     
+|Step|Considerations|Benefits|Tradeoffs|
+|--- |--- |--- |--- |
+|No SXS Install at Publish (Pre-Install SxS assemblies)|Virtual Application packages don't need to be resequenced. SxS Assemblies can remain in the virtual application package.|The SxS Assembly dependencies won't install at publishing time.|SxS Assembly dependencies must be pre-installed.|
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    StepConsiderationsBenefitsTradeoffs
                    No SXS Install at Publish (Pre-Install SxS assemblies)
                    Virtual Application packages do not need to be re-sequenced. SxS Assemblies can remain in the virtual application package.
                    The SxS Assembly dependencies will not install at publishing time.
                    SxS Assembly dependencies must be pre-installed.
                    
-
- 
 
 ### Creating a new virtual application package on the sequencer
 
@@ -590,35 +412,11 @@ If, during sequencer monitoring, an SxS Assembly (such as a VC++ Runtime) is ins
 
 **Client Side**:
 
-When publishing a virtual application package, the App-V Client will detect if a required SxS dependency is already installed. If the dependency is unavailable on the computer and it is included in the package, a traditional Windows Installer (.**msi**) installation of the SxS assembly will be initiated. As previously documented, simply install the dependency on the computer running the client to ensure that the Windows Installer (.msi) installation will not occur.
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    StepConsiderationsBenefitsTradeoffs
                    Selectively Employ Dynamic Configuration files
                    The App-V client must parse and process these Dynamic Configuration files.
                    
-
                    Be conscious of size and complexity (script execution, VREG inclusions/exclusions) of the file.
                    
-
                    Numerous virtual application packages may already have User- or computer–specific dynamic configurations files.
                    Publishing times will improve if these files are used selectively or not at all.
                    Virtual application packages would need to be reconfigured individually or via the App-V server management console to remove associated Dynamic Configuration files.
                    
+When publishing a virtual application package, the App-V Client will detect if a required SxS dependency is already installed. If the dependency is unavailable on the computer and it's included in the package, a traditional Windows Installer (.**msi**) installation of the SxS assembly will be initiated. As previously documented, simply install the dependency on the computer running the client to ensure that the Windows Installer (.msi) installation won't occur.
 
+|Step|Considerations|Benefits|Tradeoffs|
+|--- |--- |--- |--- |
+|Selectively Employ Dynamic Configuration files|The App-V client must parse and process these Dynamic Configuration files. 
                     
                    Be conscious of size and complexity (script execution, VREG inclusions/exclusions) of the file.
                     
                    Numerous virtual application packages may already have User- or computer–specific dynamic configurations files.|Publishing times will improve if these files are used selectively or not at all.|Virtual application packages would need to be reconfigured individually or via the App-V server management console to remove associated Dynamic Configuration files.|
  
 
 ### Disabling a Dynamic Configuration by using Windows PowerShell
@@ -627,7 +425,7 @@ When publishing a virtual application package, the App-V Client will detect if a
 
     **-DynamicDeploymentConfiguration** parameter
 
--   Similarly, when adding new packages using `Add-AppVClientPackage –Path c:\Packages\Apps\MyApp.appv`, do not use the
+-   Similarly, when adding new packages using `Add-AppVClientPackage –Path c:\Packages\Apps\MyApp.appv`, don't use the
 
     **-DynamicDeploymentConfiguration** parameter.
 
@@ -637,39 +435,10 @@ For documentation on How to Apply a Dynamic Configuration, see:
 
 -   [How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    StepConsiderationsBenefitsTradeoffs
                    Account for Synchronous Script Execution during Package Lifecycle.
                    If script collateral is embedded in the package, Add cmdlets may be significantly slower.
                    
-
                    Running of scripts during virtual application launch (StartVirtualEnvironment, StartProcess) and/or Add+Publish will impact the perceived performance during one or more of these lifecycle operations.
                    Use of Asynchronous (Non-Blocking) Scripts will ensure that the lifecycle operations complete efficiently.
                    This step requires working knowledge of all virtual application packages with embedded script collateral, which have associated dynamic configurations files and which reference and run scripts synchronously.
                    Remove Extraneous Virtual Fonts from Package.
                    The majority of applications investigated by the App-V product team contained a small number of fonts, typically fewer than 20.
                    Virtual Fonts impact publishing refresh performance.
                    Desired fonts will need to be enabled/installed natively. For instructions, see Install or uninstall fonts.
                    
-
- 
+|Step|Considerations|Benefits|Tradeoffs|
+|--- |--- |--- |--- |
+|Account for Synchronous Script Execution during Package Lifecycle.|If script collateral is embedded in the package, Add cmdlets may be slower.
                    Running of scripts during virtual application launch (StartVirtualEnvironment, StartProcess) and/or Add+Publish will impact the perceived performance during one or more of these lifecycle operations.|Use of Asynchronous (Non-Blocking) Scripts will ensure that the lifecycle operations complete efficiently.|This step requires working knowledge of all virtual application packages with embedded script collateral, which have associated dynamic configurations files and which reference and run scripts synchronously.|
+|Remove Extraneous Virtual Fonts from Package.|Most applications investigated by the App-V product team contained a few fonts, typically fewer than 20.|Virtual Fonts impact publishing refresh performance.|Desired fonts will need to be enabled/installed natively. For instructions, see Install or uninstall fonts.|
 
 ### Determining what virtual fonts exist in the package
 
@@ -677,17 +446,17 @@ For documentation on How to Apply a Dynamic Configuration, see:
 
 -   Rename Package\_copy.appv to Package\_copy.zip
 
--   Open AppxManifest.xml and locate the following:
+-   Open AppxManifest.xml and locate the following syntax:
 
-    ```
+    ```xml
     
     
     
     
     ```
 
-    **Note**  If there are fonts marked as **DelayLoad**, those will not impact first launch.
-
+  > [!Note]
+  > If there are fonts marked as **DelayLoad**, those won't impact first launch.
 
 ### Excluding virtual fonts from the package
 
@@ -697,7 +466,7 @@ Use the dynamic configuration file that best suits the user scope – deployment
 
 Fonts
 
-```
+```xml
 -->
 
  Ihv_Configuring --> Configuring --> Associating --> Authenticating --> Connected
+  Reset --> Ihv_Configuring --> Configuring --> Associating --> Authenticating --> Connected
 
-**Disconnecting**
+- Disconnecting
 
-Connected --> Roaming --> Wait_For_Disconnected --> Disconnected --> Reset
+  Connected --> Roaming --> Wait_For_Disconnected --> Disconnected --> Reset
 
->Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases) (TAT) is an easy first step to determine where a failed connection setup is breaking down.  A useful [wifi filter file](#wifi-filter-file) is included at the bottom of this article.
+Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases) (TAT) is an easy first step to determine where a failed connection setup is breaking down.  A useful [wifi filter file](#wifi-filter-file) is included at the bottom of this article.
 
 Use the **FSM transition** trace filter to see the connection state machine. You can see [an example](#textanalysistool-example) of this filter applied in the TAT at the bottom of this page.
 
-The following is an example of a good connection setup:
+An example of a good connection setup is:
 
-
                    +```console
 44676 [2]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
 45473 [1]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
 45597 [3]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
 46085 [2]0F24.17E0::‎2018‎-‎09‎-‎17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
 47393 [1]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
 49465 [2]0F24.17E0::‎2018‎-‎09‎-‎17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Connected
-
                    
+```
 
-The following is an example of a failed connection setup:
+An example of a failed connection setup is:
 
-
                    +```console
 44676 [2]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
 45473 [1]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
 45597 [3]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
 46085 [2]0F24.17E0::‎2018‎-‎09‎-‎17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
 47393 [1]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
 49465 [2]0F24.17E0::‎2018‎-‎09‎-‎17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Roaming
-
                    
+```
 
-By identifying the state at which the connection fails, one can focus more specifically in the trace on logs just prior to the last known good state. 
+By identifying the state at which the connection fails, one can focus more specifically in the trace on logs prior to the last known good state. 
 
-Examining **[Microsoft-Windows-WLAN-AutoConfig]** logs just prior to the bad state change should show evidence of error. Often, however, the error is propagated up through other wireless components.
+Examining **[Microsoft-Windows-WLAN-AutoConfig]** logs prior to the bad state change should show evidence of error. Often, however, the error is propagated up through other wireless components.
 In many cases the next component of interest will be the MSM, which lies just below Wlansvc.
 
 The important components of the MSM include:
 - Security Manager (SecMgr) - handles all pre and post-connection security operations.
 - Authentication Engine (AuthMgr) – Manages 802.1x auth requests
 
-    ![MSM details](images/msmdetails.png)
+    ![MSM details.](images/msmdetails.png)
 
-Each of these components has their own individual state machines which follow specific transitions.
+Each of these components has its own individual state machines that follow specific transitions.
 Enable the **FSM transition, SecMgr Transition,** and **AuthMgr Transition** filters in TextAnalysisTool for more detail.
 
-Continuing with the example above, the combined filters look like this:
+Further to the preceding example, the combined filters look like the following command example:
 
-
                    +```console
 [2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
 Reset to State: Ihv_Configuring
 [2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
@@ -177,16 +172,16 @@ Associating to State: Authenticating
 [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
 [2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
 Authenticating to State: Roaming
-
                    
+```
 
 > [!NOTE]
 > In the next to last line the SecMgr transition is suddenly deactivating:
                    
 >\[2\] 0C34.2FF0::08/28/17-13:24:29.7512788 \[Microsoft-Windows-WLAN-AutoConfig\]Port\[13\] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)

                    
->This transition is what eventually propagates to the main connection state machine and causes the Authenticating phase to devolve to Roaming state. As before, it makes sense to focus on tracing just prior to this SecMgr behavior to determine the reason for the deactivation.
+>This transition is what eventually propagates to the main connection state machine and causes the Authenticating phase to devolve to Roaming state. As before, it makes sense to focus on tracing prior to this SecMgr behavior to determine the reason for the deactivation.
 
 Enabling the **Microsoft-Windows-WLAN-AutoConfig** filter will show more detail leading to the DEACTIVATE transition:
 
-
                    +```console
 [3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
 Associating to State: Authenticating
 [1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
@@ -200,7 +195,7 @@ Associating to State: Authenticating
  [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
 [2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
 Authenticating to State: Roaming
-
                    
+```
 
 The trail backwards reveals a **Port Down** notification:
 
@@ -208,11 +203,11 @@ The trail backwards reveals a **Port Down** notification:
 
 Port events indicate changes closer to the wireless hardware. The trail can be followed by continuing to see the origin of this indication.
 
-Below, the MSM is the native wifi stack. These are Windows native wifi drivers which talk to the wifi miniport drivers. It is responsible for converting Wi-Fi (802.11) packets to 802.3 (Ethernet) so that TCPIP and other protocols and can use it.
+Below, the MSM is the native wifi stack. These drivers are Windows native wifi drivers that talk to the wifi miniport drivers. It's  responsible for converting Wi-Fi (802.11) packets to 802.3 (Ethernet) so that TCPIP and other protocols and can use it.
 
 Enable trace filter for **[Microsoft-Windows-NWifi]:**
 
-
                    +```console
 [3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
 Associating to State: Authenticating
 [1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
@@ -226,14 +221,16 @@ Associating to State: Authenticating
 [2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
  [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
 [2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
-Authenticating to State: Roaming
                    
+Authenticating to State: Roaming
+```
 
 In the trace above, we see the line:
 
-
                    -[0]0000.0000::‎08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4
                    
+```console
+[0]0000.0000::‎08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4
+```
 
-This is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disassociate coming from the Access Point (AP), as an indication to deny the connection. This could be due to invalid credentials, connection parameters, loss of signal/roaming, and various other reasons for aborting a connection. The action here would be to examine the reason for the disassociate sent from the indicated AP MAC (8A:15:14:B6:25:10). This would be done by examining internal logging/tracing from the AP.
+This line is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disassociate coming from the Access Point (AP), as an indication to deny the connection. This denail could be due to invalid credentials, connection parameters, loss of signal/roaming, and various other reasons for aborting a connection. The action here would be to examine the reason for the disassociate sent from the indicated AP MAC (8A:15:14:B6:25:10). This action would be done by examining internal logging/tracing from the AP.
 
 ### Resources
 
@@ -242,7 +239,7 @@ This is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disas
 
 ## Example ETW capture
 
-
                    +```console
 C:\tmp>netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl
 
 Trace configuration:
@@ -283,13 +280,13 @@ C:\tmp>dir
 01/09/2019  02:59 PM         2,786,540 wireless.txt
                3 File(s)     10,395,004 bytes
                2 Dir(s)  46,648,332,288 bytes free
-
                    
+```
 
 ## Wifi filter file
 
 Copy and paste all the lines below and save them into a text file named "wifi.tat." Load the filter file into the TextAnalysisTool by clicking **File > Load Filters**.
 
-```
+```xml
 
 
   
@@ -327,4 +324,4 @@ Copy and paste all the lines below and save them into a text file named "wifi.ta
 
 In the following example, the **View** settings are configured to **Show Only Filtered Lines**.
 
-![TAT filter example](images/tat.png)
\ No newline at end of file
+![TAT filter example.](images/tat.png)
diff --git a/windows/client-management/change-default-removal-policy-external-storage-media.md b/windows/client-management/change-default-removal-policy-external-storage-media.md
index 69fa51d4e4..8b0e587b74 100644
--- a/windows/client-management/change-default-removal-policy-external-storage-media.md
+++ b/windows/client-management/change-default-removal-policy-external-storage-media.md
@@ -3,7 +3,7 @@ title: Windows 10 default media removal policy
 description: In Windows 10, version 1809, the default removal policy for external storage media changed from "Better performance" to "Quick removal."
 ms.prod: w10
 author: Teresa-Motiv
-ms.author: v-tea
+ms.author: dougeby
 ms.date: 11/25/2020
 ms.topic: article
 ms.custom: 
@@ -54,4 +54,4 @@ To change the policy for an external storage device:
   
 7. Select the policy that you want to use.
   
-   ![Policy options for disk management](./images/change-def-rem-policy-2.png)
+   ![Policy options for disk management.](./images/change-def-rem-policy-2.png)
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index 89776f9222..cf0c18ee1d 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -1,5 +1,5 @@
 ---
-title: Connect to remote Azure Active Directory-joined PC (Windows 10)
+title: Connect to remote Azure Active Directory-joined PC (Windows)
 description: You can use Remote Desktop Connection to connect to an Azure AD-joined PC.
 keywords: ["MDM", "device management", "RDP", "AADJ"]
 ms.prod: w10
@@ -9,10 +9,11 @@ ms.pagetype: devices
 author: dansimp
 ms.localizationpriority: medium
 ms.author: dansimp
-ms.date: 08/02/2018
+ms.date: 01/18/2022
 ms.reviewer: 
 manager: dansimp
 ms.topic: article
+ms.collection: highpri
 ---
 
 # Connect to remote Azure Active Directory-joined PC
@@ -20,19 +21,21 @@ ms.topic: article
 
 **Applies to**
 
-- Windows 10
+- Windows 10
+- Windows 11
+
 
 From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](/azure/active-directory/devices/concept-azure-ad-join). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
 
-![Remote Desktop Connection client](images/rdp.png)
+![Remote Desktop Connection client.](images/rdp.png)
 
 ## Set up
 
-- Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported.
-- Your local PC (where you are connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device are not supported. 
-- The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests are not supported for Remote desktop. 
+- Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 aren't supported.
+- Your local PC (where you're connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device aren't supported. 
+- The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests aren't supported for Remote desktop. 
 
-Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you are using to connect to the remote PC.
+Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you're using to connect to the remote PC.
 
 - On the PC you want to connect to:
 
@@ -40,9 +43,9 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
   
   2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**.
 
-     ![Allow remote connections to this computer](images/allow-rdp.png)
+     ![Allow remote connections to this computer.](images/allow-rdp.png)
 
-  3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Users can be added either manually or through MDM policies:
+  3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no other configuration is needed. To allow more users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Users can be added either manually or through MDM policies:
      
       - Adding users manually
    
@@ -52,25 +55,24 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
         ```
         where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD.
 
-        This command only works for AADJ device users already added to any of the local groups (administrators).
-        Otherwise this command throws the below error. For example:
+        In order to execute this PowerShell command, you must be a member of the local Administrators group. Otherwise, you'll get an error like this example:
         - for cloud only user: "There is no such global user or group : *name*"
         - for synced user: "There is no such global user or group : *name*" 
                    
 
          > [!NOTE]
          > For devices running Windows 10, version 1703 or earlier, the user must sign in to the remote device first before attempting remote connections.
          >
-         > Starting in Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
+         > Starting in Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there's a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
 
       - Adding users using policy
      
-         Starting in Windows 10, version 2004, you can add users or Azure AD groups to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
+         Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
 
          > [!TIP]
          > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com.
 
          > [!NOTE]
-         > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).
+         > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this [support article](/troubleshoot/windows-server/remote/remote-desktop-connection-6-prompts-credentials).
 
 ## Supported configurations
 
@@ -87,4 +89,4 @@ The table below lists the supported configurations for remotely connecting to an
 
 ## Related topics
 
-[How to use Remote Desktop](https://support.microsoft.com/instantanswers/ff521c86-2803-4bc0-a5da-7df445788eb9/how-to-use-remote-desktop)
\ No newline at end of file
+[How to use Remote Desktop](https://support.microsoft.com/windows/how-to-use-remote-desktop-5fe128d5-8fb1-7a23-3b8a-41e636865e8c)
diff --git a/windows/client-management/data-collection-for-802-authentication.md b/windows/client-management/data-collection-for-802-authentication.md
index 58f94bd27e..8717d386a2 100644
--- a/windows/client-management/data-collection-for-802-authentication.md
+++ b/windows/client-management/data-collection-for-802-authentication.md
@@ -24,7 +24,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
 1. Create C:\MSLOG on the client machine to store captured logs.
 2. Launch an elevated command prompt on the client machine, and run the following commands to start a RAS trace log and a Wireless/Wired scenario log.
 
-   **Wireless Windows 8.1 and Windows 10:**
+   **Wireless Windows 8.1, Windows 10, and Windows 11:**
    ```
    netsh ras set tracing * enabled
    netsh trace start scenario=wlan,wlan_wpp,wlan_dbg,wireless_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl
@@ -42,7 +42,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
    netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_cli.etl
    ```
  
-3. Run the following command to enable CAPI2 logging and increase the size :
+3. Run the following command to enable CAPI2 logging and increase the size:
    ```
    wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true
    wevtutil sl Microsoft-Windows-CAPI2/Operational /ms:104857600
@@ -70,7 +70,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
    netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_nps.etl
    ```
  
-6. Run the following command to enable CAPI2 logging and increase the size :
+6. Run the following command to enable CAPI2 logging and increase the size:
    ```
     wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true
     wevtutil sl Microsoft-Windows-CAPI2/Operational /ms:104857600
@@ -241,7 +241,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
    wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx
    wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx
    ```
-   - Run the following 3 commands on Windows Server 2012 and later:
+   - Run the following commands on Windows Server 2012 and later:
    
    ```
    wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx
@@ -320,7 +320,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
    wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx
    wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx
    ```
-   - Run the following 3 lines on Windows 2012 and up
+   - Run the following lines on Windows 2012 and up
    
    ```
    wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx
@@ -371,9 +371,9 @@ Use the following steps to collect wireless and wired logs on Windows and Window
    reg export HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%_Cryptography.txt
    ```
 3. Copy the following files, if exist, to C:\MSLOG: %windir%\CAPolicy.inf
-4. Log on to a domain controller and create C:\MSLOG to store captured logs.
+4. Sign in to a domain controller and create C:\MSLOG to store captured logs.
 5. Launch Windows PowerShell as an administrator.
-6. Run the following PowerShell cmdlets. Replace the domain name in ";.. ,DC=test,DC=local"; with appropriate domain name. The example shows commands for ";test.local"; domain.
+6. Run the following PowerShell cmdlets. Replace the domain name in ";.. ,DC=test,DC=local"; with appropriate domain name. The example shows commands for "; test.local"; domain.
    
    ```powershell
    Import-Module ActiveDirectory
diff --git a/windows/client-management/determine-appropriate-page-file-size.md b/windows/client-management/determine-appropriate-page-file-size.md
index 8daf0f4ce4..6c0e959124 100644
--- a/windows/client-management/determine-appropriate-page-file-size.md
+++ b/windows/client-management/determine-appropriate-page-file-size.md
@@ -10,11 +10,12 @@ ms.author: delhan
 ms.date: 8/28/2019
 ms.reviewer: dcscontentpm
 manager: dansimp
+ms.collection: highpri
 ---
 
 # How to determine the appropriate page file size for 64-bit versions of Windows
 
-Page file sizing depends on the system crash dump setting requirements and the peak usage or expected peak usage of the system commit charge. Both considerations are unique to each system, even for systems that are identical. This means that page file sizing is also unique to each system and cannot be generalized.
+Page file sizing depends on the system crash dump setting requirements and the peak usage or expected peak usage of the system commit charge. Both considerations are unique to each system, even for systems that are identical. This uniqueness means that page file sizing is also unique to each system and can't be generalized.
 
 ## Determine the appropriate page file size
 
@@ -22,17 +23,17 @@ Use the following considerations for page file sizing for all versions of Window
 
 ### Crash dump setting
 
-If you want a crash dump file to be created during a system crash, a page file or a dedicated dump file must exist and be large enough to back up the system crash dump setting. Otherwise, a system memory dump file is not created.
+If you want a crash dump file to be created during a system crash, a page file or a dedicated dump file must exist and be large enough to back up the system crash dump setting. Otherwise, a system memory dump file isn't created.
 
 For more information, see [Support for system crash dumps](introduction-page-file.md#support-for-system-crash-dumps) section.
 
 ### Peak system commit charge
 
-The system commit charge cannot exceed the system commit limit. This limit is the sum of physical memory (RAM) and all page files combined. If no page files exist, the system commit limit is slightly less than the physical memory that is installed. Peak system-committed memory usage can vary greatly between systems. Therefore, physical memory and page file sizing also vary.
+The system commit charge can't exceed the system commit limit. This limit is the sum of physical memory (RAM) and all page files combined. If no page files exist, the system commit limit is slightly less than the physical memory that is installed. Peak system-committed memory usage can vary greatly between systems. Therefore, physical memory and page file sizing also vary.
 
 ### Quantity of infrequently accessed pages
 
-The purpose of a page file is to *back* (support) infrequently accessed modified pages so that they can be removed from physical memory. This provides more available space for more frequently accessed pages. The "\Memory\Modified Page List Bytes" performance counter measures, in part, the number of infrequently accessed modified pages that are destined for the hard disk. However, be aware that not all the memory on the modified page list is written out to disk. Typically, several hundred megabytes of memory remains resident on the modified list. Therefore, consider extending or adding a page file if all the following conditions are true:
+The purpose of a page file is to *back* (support) infrequently accessed modified pages so that they can be removed from physical memory. This removal provides more available space for more frequently accessed pages. The "\Memory\Modified Page List Bytes" performance counter measures, in part, the number of infrequently accessed modified pages that are destined for the hard disk. However, not all the memory on the modified page list is written out to disk. Typically, several hundred megabytes of memory remains resident on the modified list. Therefore, consider extending or adding a page file if all the following conditions are true:
 
 - More available physical memory (\Memory\Available MBytes) is required.
 
@@ -42,7 +43,7 @@ The purpose of a page file is to *back* (support) infrequently accessed modified
 
 ## Support for system crash dumps
 
-A system crash (also known as a “bug check” or a "Stop error") occurs when the system cannot run correctly. The dump file that is produced from this event is called a system crash dump. A page file or dedicated dump file is used to write a crash dump file (Memory.dmp) to disk. Therefore, a page file or a dedicated dump file must be large enough to support the kind of crash dump selected. Otherwise, the system cannot create the crash dump file.
+A system crash (also known as a “bug check” or a "Stop error") occurs when the system can't run correctly. The dump file that is produced from this event is called a system crash dump. A page file or dedicated dump file is used to write a crash dump file (Memory.dmp) to disk. Therefore, a page file or a dedicated dump file must be large enough to support the kind of crash dump selected. Otherwise, the system can't create the crash dump file.
 
 >[!Note]
 >During startup, system-managed page files are sized respective to the system crash dump settings. This assumes that enough free disk space exists.
@@ -56,29 +57,29 @@ A system crash (also known as a “bug check” or a "Stop error") occurs when t
 
 \* 1 MB of header data and device drivers can total 256 MB of secondary crash dump data.
 
-The **Automatic memory dump** setting is enabled by default. This is a setting instead of a kind of crash dump. This setting automatically selects the best page file size, depending on the frequency of system crashes. 
+The **Automatic memory dump** setting is enabled by default. This setting is an alternative to a kind of crash dump. This setting automatically selects the best page file size, depending on the frequency of system crashes. 
 
 The Automatic memory dump feature initially selects a small paging file size. It would accommodate the kernel memory most of the time. If the system crashes again within four weeks, the Automatic memory dump feature sets the page file size as either the RAM size or 32 GB, whichever is smaller. 
 
-Kernel memory crash dumps require enough page file space or dedicated dump file space to accommodate the kernel mode side of virtual memory usage. If the system crashes again within four weeks of the previous crash, a Complete memory dump is selected at restart. This requires a page file or dedicated dump file of at least the size of physical memory (RAM) plus 1 MB for header information plus 256 MB for potential driver data to support all the potential data that is dumped from memory. Again, the system-managed page file will be increased to back this kind of crash dump. If the system is configured to have a page file or a dedicated dump file of a specific size, make sure that the size is sufficient to back the crash dump setting that is listed in the table earlier in this section together with and the peak system commit charge.
+Kernel memory crash dumps require enough page file space or dedicated dump file space to accommodate the kernel mode side of virtual memory usage. If the system crashes again within four weeks of the previous crash, a Complete memory dump is selected at restart. This dump requires a page file or dedicated dump file of at least the size of physical memory (RAM) plus 1 MB for header information plus 256 MB for potential driver data to support all the potential data that is dumped from memory. Again, the system-managed page file will be increased to back this kind of crash dump. If the system is configured to have a page file or a dedicated dump file of a specific size, make sure that the size is sufficient to back the crash dump setting that is listed in the table earlier in this section together with and the peak system commit charge.
 
 ### Dedicated dump files
 
-Computers that are running Microsoft Windows or Microsoft Windows Server usually must have a page file to support a system crash dump. System administrators now have the option to create a dedicated dump file instead.
+Computers that are running Microsoft Windows or Microsoft Windows Server usually must have a page file to support a system crash dump. System administrators can now create a dedicated dump file instead.
 
-A dedicated dump file is a page file that is not used for paging. Instead, it is “dedicated” to back a system crash dump file (Memory.dmp) when a system crash occurs. Dedicated dump files can be put on any disk volume that can support a page file. We recommend that you use a dedicated dump file if you want a system crash dump but you do not want a page file.
+A dedicated dump file is a page file that isn't used for paging. Instead, it is “dedicated” to back a system crash dump file (Memory.dmp) when a system crash occurs. Dedicated dump files can be put on any disk volume that can support a page file. We recommend that you use a dedicated dump file if you want a system crash dump but you don't want a page file. To learn how to create it, see [Overview of memory dump file options for Windows](/troubleshoot/windows-server/performance/memory-dump-file-options).
 
 ## System-managed page files
 
-By default, page files are system-managed. This means that the page files increase and decrease based on many factors, such as the amount of physical memory installed, the process of accommodating the system commit charge, and the process of accommodating a system crash dump.
+By default, page files are system-managed. This system management means that the page files increase and decrease based on many factors, such as the amount of physical memory installed, the process of accommodating the system commit charge, and the process of accommodating a system crash dump.
 
-For example, when the system commit charge is more than 90 percent of the system commit limit, the page file is increased to back it. This continues to occur until the page file reaches three times the size of physical memory or 4 GB, whichever is larger. This all assumes that the logical disk that is hosting the page file is large enough to accommodate the growth.
+For example, when the system commit charge is more than 90 percent of the system commit limit, the page file is increased to back it. This surge continues to occur until the page file reaches three times the size of physical memory or 4 GB, whichever is larger. Therefore, it's assumes that the logical disk that is hosting the page file is large enough to accommodate the growth.
 
-The following table lists the minimum and maximum page file sizes of system-managed page files in Windows 10.
+The following table lists the minimum and maximum page file sizes of system-managed page files in Windows 10 and Windows 11.
 
 |Minimum page file size	|Maximum page file size|
 |---------------|------------------|
-|Varies based on page file usage history, amount of RAM (RAM ÷ 8, max 32 GB) and crash dump settings.	|3 × RAM or 4 GB, whichever is larger. This is then limited to the volume size ÷ 8. However, it can grow to within 1 GB of free space on the volume if required for crash dump settings.|
+|Varies based on page file usage history, amount of RAM (RAM ÷ 8, max 32 GB) and crash dump settings.	|3 × RAM or 4 GB, whichever is larger. This size is then limited to the volume size ÷ 8. However, it can grow to within 1 GB of free space on the volume if necessary for crash dump settings.|
 
 ## Performance counters
 
@@ -86,7 +87,7 @@ Several performance counters are related to page files. This section describes t
 
 ### \Memory\Page/sec and other hard page fault counters
 
-The following performance counters measure hard page faults (which include, but are not limited to, page file reads):
+The following performance counters measure hard page faults (which include, but aren't limited to, page file reads):
 
 - \Memory\Page/sec
 
@@ -102,7 +103,7 @@ The following performance counters measure page file writes:
 
 Hard page faults are faults that must be resolved by retrieving the data from disk. Such data can include portions of DLLs, .exe files, memory-mapped files, and page files. These faults might or might not be related to a page file or to a low-memory condition. Hard page faults are a standard function of the operating system. They occur when the following items are read:
 
-- Parts of image files (.dll and .exe files) as they are used
+- Parts of image files (.dll and .exe files) as they're used
 
 - Memory-mapped files
 
@@ -110,11 +111,11 @@ Hard page faults are faults that must be resolved by retrieving the data from di
 
 High values for these counters (excessive paging) indicate disk access of generally 4 KB per page fault on x86 and x64 versions of Windows and Windows Server. This disk access might or might not be related to page file activity but may contribute to poor disk performance that can cause system-wide delays if the related disks are overwhelmed.
 
-Therefore, we recommend that you monitor the disk performance of the logical disks that host a page file in correlation with these counters. Be aware that a system that has a sustained 100 hard page faults per second experiences 400 KB per second disk transfers. Most 7,200 RPM disk drives can handle about 5 MB per second at an IO size of 16 KB or 800 KB per second at an IO size of 4 KB. No performance counter directly measures which logical disk the hard page faults are resolved for.
+Therefore, we recommend that you monitor the disk performance of the logical disks that host a page file in correlation with these counters. A system that has a sustained 100 hard page faults per second experiences 400 KB per second disk transfers. Most 7,200-RPM disk drives can handle about 5 MB per second at an IO size of 16 KB or 800 KB per second at an IO size of 4 KB. No performance counter directly measures which logical disk the hard page faults are resolved for.
 
 ### \Paging File(*)\% Usage
 
-The \Paging File(*)\% Usage performance counter measures the percentage of usage of each page file. 100 percent usage of a page file does not indicate a performance problem as long as the system commit limit is not reached by the system commit charge, and if a significant amount of memory is not waiting to be written to a page file.
+The \Paging File(*)\% Usage performance counter measures the percentage of usage of each page file. 100 percent usage of a page file doesn't indicate a performance problem as long as the system commit limit isn't reached by the system commit charge, and if a significant amount of memory isn't waiting to be written to a page file.
 
 >[!Note]
 >The size of the Modified Page List (\Memory\Modified Page List Bytes) is the total of modified data that is waiting to be written to disk.
@@ -126,4 +127,4 @@ If the Modified Page List (a list of physical memory pages that are the least fr
 
 ## Multiple page files and disk considerations
 
-If a system is configured to have more than one page files, the page file that responds first is the one that is used. This means that page files that are on faster disks are used more frequently. Also, whether you put a page file on a “fast” or “slow” disk is important only if the page file is frequently accessed and if the disk that is hosting the respective page file is overwhelmed. Be aware that actual page file usage depends greatly on the amount of modified memory that the system is managing. This means that files that already exist on disk (such as .txt, .doc, .dll, and .exe) are not written to a page file. Only modified data that does not already exist on disk (for example, unsaved text in Notepad) is memory that could potentially be backed by a page file. After the unsaved data is saved to disk as a file, it is backed by the disk and not by a page file.
+If a system is configured to have more than one page files, the page file that responds first is the one that is used. This customized configuration means that page files that are on faster disks are used more frequently. Also, whether you put a page file on a “fast” or “slow” disk is important only if the page file is frequently accessed and if the disk that is hosting the respective page file is overwhelmed. Actual page file usage depends greatly on the amount of modified memory that the system is managing. This dependency means that files that already exist on disk (such as .txt, .doc, .dll, and .exe) aren't written to a page file. Only modified data that doesn't already exist on disk (for example, unsaved text in Notepad) is memory that could potentially be backed by a page file. After the unsaved data is saved to disk as a file, it's backed by the disk and not by a page file.
diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json
index eb3917a794..85c108b97e 100644
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@@ -32,7 +32,8 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
-      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "recommendations": true,
+      "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",
diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md
index e0a26c9402..b3c3a0f026 100644
--- a/windows/client-management/generate-kernel-or-complete-crash-dump.md
+++ b/windows/client-management/generate-kernel-or-complete-crash-dump.md
@@ -10,6 +10,7 @@ ms.author: delhan
 ms.date: 8/28/2019
 ms.reviewer: 
 manager: willchen
+ms.collection: highpri
 ---
 
 # Generate a kernel or complete crash dump 
@@ -45,7 +46,7 @@ To enable memory dump setting, follow these steps:
 
 When the computer crashes and restarts, the contents of physical RAM are written to the paging file that is located on the partition on which the operating system is installed.
 
-Depending on the speed of the hard disk on which Windows is installed, dumping more than 2 gigabytes (GB) of memory may take a long time. Even in a best case scenario, if the dump file is configured to reside on another local hard drive, a significant amount of data will be read and written to the hard disks. This can cause a prolonged server outage.
+Depending on the speed of the hard disk on which Windows is installed, dumping more than 2 gigabytes (GB) of memory may take a long time. Even in a best-case scenario, if the dump file is configured to reside on another local hard drive, a significant amount of data will be read and written to the hard disks. This read-and-write process can cause a prolonged server outage.
 
 >[!Note]
 >Use this method to generate complete memory dump files with caution. Ideally, you should do this only when you are explicitly requested to by the Microsoft Support engineer. Any kernel or complete memory dump file debugging should be the last resort after all standard troubleshooting methods have been completely exhausted.
@@ -54,7 +55,7 @@ Depending on the speed of the hard disk on which Windows is installed, dumping m
 
 ### Use the NotMyFault tool
 
-If you can log on while the problem is occurring, you can use the Microsoft Sysinternals NotMyFault tool. To do this, follow these steps:
+If you can sign in while the problem is occurring, you can use the Microsoft Sysinternals NotMyFault tool by following these steps:
 
 1. Download the [NotMyFault](https://download.sysinternals.com/files/NotMyFault.zip) tool.
 
@@ -70,17 +71,17 @@ If you can log on while the problem is occurring, you can use the Microsoft Sysi
 
 ### Use NMI
 
-On some computers, you cannot use keyboard to generate a crash dump file. For example, Hewlett-Packard (HP) BladeSystem servers from the Hewlett-Packard Development Company are managed through a browser-based graphical user interface (GUI). A keyboard is not attached to the HP BladeSystem server.
+On some computers, you can't use keyboard to generate a crash dump file. For example, Hewlett-Packard (HP) BladeSystem servers from the Hewlett-Packard Development Company are managed through a browser-based graphical user interface (GUI). A keyboard isn't attached to the HP BladeSystem server.
 
 In these cases, you must generate a complete crash dump file or a kernel crash dump file by using the Non-Maskable Interrupt (NMI) switch that causes an NMI on the system processor. 
 
-To do this, follow these steps:
+To implement this process, follow these steps:
 
 > [!IMPORTANT]  
 > Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.
  
 > [!NOTE]
-> This registry key is not required for clients running Windows 8 and later, or servers running Windows Server 2012 and later. Setting this registry key on later versions of Windows has no effect.
+> This registry key isn't required for clients running Windows 8 and later, or servers running Windows Server 2012 and later. Setting this registry key on later versions of Windows has no effect.
 
 1. In Registry Editor, locate the following registry subkey:
 
@@ -103,7 +104,7 @@ To do this, follow these steps:
    >[!Note]
    >For the exact steps, see the BIOS reference manual or contact your hardware vendor.
 
-9. Test this method on the server by using the NMI switch to generate a dump file. You will see a STOP 0x00000080 hardware malfunction.
+9. Test this method on the server by using the NMI switch to generate a dump file. You'll see a STOP 0x00000080 hardware malfunction.
 
 If you want to run NMI in Microsoft Azure using Serial Console, see [Use Serial Console for SysRq and NMI calls](/azure/virtual-machines/linux/serial-console-nmi-sysrq).
 
diff --git a/windows/client-management/group-policies-for-enterprise-and-education-editions.md b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
index 8b2eb55f2f..3d50f1d30a 100644
--- a/windows/client-management/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 10/13/2017
+ms.date: 09/14/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,8 +16,9 @@ ms.topic: troubleshooting
 # Group Policy settings that apply only to Windows 10 Enterprise and Education Editions
 
 **Applies to**
-
 -   Windows 10
+-   Windows 11
+
 
 In Windows 10, version 1607, the following Group Policy settings apply only to Windows 10 Enterprise and Windows 10 Education.
 
@@ -31,7 +32,7 @@ In Windows 10, version 1607, the following Group Policy settings apply only to W
 | **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](/windows/configuration/windows-spotlight) |
 | **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](/windows/configuration/windows-spotlight) |
 | **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | In Windows 10, version 1703, this policy setting can be applied to Windows 10 Pro. For more info, see [Manage Windows 10 Start layout options and policies](/windows/configuration/windows-10-start-layout-options-and-policies)  |
-| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application

                    User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). |
+| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application

                    User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store). |
 | **Only display the private store within the Microsoft Store app** | Computer Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Microsoft Store app

                    User Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Microsoft Store app | For more info, see [Manage access to private store](/microsoft-store/manage-access-to-private-store) |
 | **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](/windows/configuration/cortana-at-work/cortana-at-work-overview) |
 
diff --git a/windows/client-management/images/device-installation-apply-layered-policy-2.png b/windows/client-management/images/device-installation-apply-layered-policy-2.png
new file mode 100644
index 0000000000..8cf3edaff4
Binary files /dev/null and b/windows/client-management/images/device-installation-apply-layered-policy-2.png differ
diff --git a/windows/client-management/images/device-installation-apply-layered_policy-1.png b/windows/client-management/images/device-installation-apply-layered_policy-1.png
new file mode 100644
index 0000000000..0d2fc8db83
Binary files /dev/null and b/windows/client-management/images/device-installation-apply-layered_policy-1.png differ
diff --git a/windows/client-management/images/device-installation-dm-printer-by-device.png b/windows/client-management/images/device-installation-dm-printer-by-device.png
new file mode 100644
index 0000000000..0fe74fbf2d
Binary files /dev/null and b/windows/client-management/images/device-installation-dm-printer-by-device.png differ
diff --git a/windows/client-management/images/device-installation-dm-printer-compatible-ids.png b/windows/client-management/images/device-installation-dm-printer-compatible-ids.png
new file mode 100644
index 0000000000..2cf226b674
Binary files /dev/null and b/windows/client-management/images/device-installation-dm-printer-compatible-ids.png differ
diff --git a/windows/client-management/images/device-installation-dm-printer-details-screen.png b/windows/client-management/images/device-installation-dm-printer-details-screen.png
new file mode 100644
index 0000000000..70388a8a4a
Binary files /dev/null and b/windows/client-management/images/device-installation-dm-printer-details-screen.png differ
diff --git a/windows/client-management/images/device-installation-dm-printer-hardware-ids.png b/windows/client-management/images/device-installation-dm-printer-hardware-ids.png
new file mode 100644
index 0000000000..87c1498807
Binary files /dev/null and b/windows/client-management/images/device-installation-dm-printer-hardware-ids.png differ
diff --git a/windows/client-management/images/device-installation-dm-usb-by-connection-blocked.png b/windows/client-management/images/device-installation-dm-usb-by-connection-blocked.png
new file mode 100644
index 0000000000..505a1fd179
Binary files /dev/null and b/windows/client-management/images/device-installation-dm-usb-by-connection-blocked.png differ
diff --git a/windows/client-management/images/device-installation-dm-usb-by-connection-layering.png b/windows/client-management/images/device-installation-dm-usb-by-connection-layering.png
new file mode 100644
index 0000000000..538e19a495
Binary files /dev/null and b/windows/client-management/images/device-installation-dm-usb-by-connection-layering.png differ
diff --git a/windows/client-management/images/device-installation-dm-usb-by-connection.png b/windows/client-management/images/device-installation-dm-usb-by-connection.png
new file mode 100644
index 0000000000..aa0144a33f
Binary files /dev/null and b/windows/client-management/images/device-installation-dm-usb-by-connection.png differ
diff --git a/windows/client-management/images/device-installation-dm-usb-by-device.png b/windows/client-management/images/device-installation-dm-usb-by-device.png
new file mode 100644
index 0000000000..8ed222ded9
Binary files /dev/null and b/windows/client-management/images/device-installation-dm-usb-by-device.png differ
diff --git a/windows/client-management/images/device-installation-dm-usb-hwid.png b/windows/client-management/images/device-installation-dm-usb-hwid.png
new file mode 100644
index 0000000000..0a86b2254b
Binary files /dev/null and b/windows/client-management/images/device-installation-dm-usb-hwid.png differ
diff --git a/windows/client-management/images/device-installation-flowchart.png b/windows/client-management/images/device-installation-flowchart.png
new file mode 100644
index 0000000000..51572af5b6
Binary files /dev/null and b/windows/client-management/images/device-installation-flowchart.png differ
diff --git a/windows/client-management/images/device-installation-gpo-allow-device-id-list-printer.png b/windows/client-management/images/device-installation-gpo-allow-device-id-list-printer.png
new file mode 100644
index 0000000000..c17491aa6d
Binary files /dev/null and b/windows/client-management/images/device-installation-gpo-allow-device-id-list-printer.png differ
diff --git a/windows/client-management/images/device-installation-gpo-allow-device-id-list-usb.png b/windows/client-management/images/device-installation-gpo-allow-device-id-list-usb.png
new file mode 100644
index 0000000000..3afc21746e
Binary files /dev/null and b/windows/client-management/images/device-installation-gpo-allow-device-id-list-usb.png differ
diff --git a/windows/client-management/images/device-installation-gpo-prevent-class-list.png b/windows/client-management/images/device-installation-gpo-prevent-class-list.png
new file mode 100644
index 0000000000..ff5b998919
Binary files /dev/null and b/windows/client-management/images/device-installation-gpo-prevent-class-list.png differ
diff --git a/windows/client-management/images/device-installation-gpo-prevent-device-id-list-printer.png b/windows/client-management/images/device-installation-gpo-prevent-device-id-list-printer.png
new file mode 100644
index 0000000000..f18be4a8e8
Binary files /dev/null and b/windows/client-management/images/device-installation-gpo-prevent-device-id-list-printer.png differ
diff --git a/windows/client-management/images/device-installation-gpo-prevent-device-id-list-usb.png b/windows/client-management/images/device-installation-gpo-prevent-device-id-list-usb.png
new file mode 100644
index 0000000000..1465ce5507
Binary files /dev/null and b/windows/client-management/images/device-installation-gpo-prevent-device-id-list-usb.png differ
diff --git a/windows/client-management/images/device-installation-usb-properties.png b/windows/client-management/images/device-installation-usb-properties.png
new file mode 100644
index 0000000000..823294fd95
Binary files /dev/null and b/windows/client-management/images/device-installation-usb-properties.png differ
diff --git a/windows/client-management/img-boot-sequence.md b/windows/client-management/img-boot-sequence.md
index b1077e5be6..6ce343dade 100644
--- a/windows/client-management/img-boot-sequence.md
+++ b/windows/client-management/img-boot-sequence.md
@@ -14,4 +14,4 @@ ms.prod: w10
 
 Return to: [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
                    
 
-![Full-sized boot sequence flowchart](images/boot-sequence.png)
+![Full-sized boot sequence flowchart.](images/boot-sequence.png)
diff --git a/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md b/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md
index ecfa4c5ca0..9b1d7821f3 100644
--- a/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md
+++ b/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md
@@ -9,4 +9,4 @@ ms.prod: edge
 ms.topic: include
 ---
 
-Microsoft Edge does not use a shared folder by default but downloads book files to a per-user folder for each user. With this policy, you can configure Microsoft Edge to store books from the Books Library to a default, shared folder in Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads books to a shared folder after user action to download the book to their device, which allows them to remove downloaded books at any time. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy.  Also, the users must be signed in with a school or work account.
+Microsoft Edge doesn't use a shared folder by default but downloads book files to a per-user folder for each user. With this policy, you can configure Microsoft Edge to store books from the Books Library to a default, shared folder in Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads books to a shared folder after user action to download the book to their device, which allows them to remove downloaded books at any time. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy.  Also, the users must be signed in with a school or work account.
diff --git a/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md b/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md
index 9d39c7e091..6fa1849707 100644
--- a/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md
+++ b/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, and depending on the device configuration, Microsoft Edge gathers basic diagnostic data about the books in the Books Library and sends it to Microsoft. Enabling this policy gathers and sends both basic and additional diagnostic data, such as usage data.
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, and depending on the device configuration, Microsoft Edge gathers basic diagnostic data about the books in the Books Library and sends it to Microsoft. Enabling this policy gathers and sends both basic and more diagnostic data, such as usage data.
diff --git a/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md b/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md
index 1aca979b7e..06b4e1eb02 100644
--- a/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md
+++ b/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge allows fullscreen mode by default, which shows only the web content and hides the Microsoft Edge UI. When allowing fullscreen mode, users and extensions must have the proper permissions. Disabling this policy prevents fullscreen mode in Microsoft Edge. 
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows fullscreen mode by default, which shows only the web content and hides the Microsoft Edge UI. To use fullscreen mode, users and extensions must have the proper permissions. Disabling this policy prevents fullscreen mode in Microsoft Edge. 
diff --git a/windows/client-management/includes/allow-saving-history-shortdesc.md b/windows/client-management/includes/allow-saving-history-shortdesc.md
index 9acffb1e18..822a8f9b81 100644
--- a/windows/client-management/includes/allow-saving-history-shortdesc.md
+++ b/windows/client-management/includes/allow-saving-history-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge saves the browsing history of visited websites and shows them in the History pane by default. Disabling this policy prevents Microsoft Edge from saving the browsing history. If browsing history existed before disabling this policy, the previous browsing history remains in the History pane.  Disabling this policy does not stop roaming of existing browsing history or browsing history from other devices.
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge saves the browsing history of visited websites and shows them in the History pane by default. Disabling this policy prevents Microsoft Edge from saving the browsing history. If browsing history existed before disabling this policy, the previous browsing history remains in the History pane.  Disabling this policy doesn't stop roaming of existing browsing history or browsing history from other devices.
diff --git a/windows/client-management/includes/allow-search-engine-customization-shortdesc.md b/windows/client-management/includes/allow-search-engine-customization-shortdesc.md
index 4992a19eab..1ecba430cb 100644
--- a/windows/client-management/includes/allow-search-engine-customization-shortdesc.md
+++ b/windows/client-management/includes/allow-search-engine-customization-shortdesc.md
@@ -1,11 +1,16 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, users can add new search engines or change the default search engine, in Settings. With this policy, you can prevent users from customizing the search engine in Microsoft Edge. 
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can execute the following tasks in Settings:
+- Add new search engines
+- Change the default search engine
+
+With this policy, you can prevent users from customizing the search engine in the Microsoft Edge browser.
diff --git a/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md b/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md
index e16dbdc2db..985741be58 100644
--- a/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md
+++ b/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions.  Disabling this policy prevents sideloading of extensions but does not prevent sideloading using Add-AppxPackage via PowerShell.  You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage).  
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions.  Disabling this policy prevents sideloading of extensions but doesn't prevent sideloading using Add-AppxPackage via PowerShell.  You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage).  
diff --git a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md
index f4a61c024c..cd9e9d9751 100644
--- a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md
+++ b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md
@@ -1,11 +1,18 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. However, with this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines.
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+The Set default search engine policy enables the users to:
+
+- Set a default search engine
+- Configure up to five more search engines, and set any one of them as the default
+
+If you previously enabled this policy and now want to disable it, doing so results in deletion of all the configured search engines
+
diff --git a/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md b/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md
index 75a3631a95..90eddc5182 100644
--- a/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md
+++ b/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge does not send browsing history data to Microsoft 365 Analytics by default.  With this policy though, you can configure Microsoft Edge to send intranet history only, internet history only, or both to Microsoft 365 Analytics for enterprise devices with a configured Commercial ID.
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge doesn't send browsing history data to Microsoft 365 Analytics by default.  With this policy though, you can configure Microsoft Edge to send intranet history only, internet history only, or both to Microsoft 365 Analytics for enterprise devices with a configured Commercial ID.
diff --git a/windows/client-management/includes/configure-do-not-track-shortdesc.md b/windows/client-management/includes/configure-do-not-track-shortdesc.md
index dd27fad917..c5253680b3 100644
--- a/windows/client-management/includes/configure-do-not-track-shortdesc.md
+++ b/windows/client-management/includes/configure-do-not-track-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge does not send ‘Do Not Track’ requests to websites asking for tracking information, but users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information.
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge doesn't send ‘Do Not Track’ requests to websites that ask for tracking information. However, users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information.
diff --git a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md
index 0247b490e6..8397ff7c18 100644
--- a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md
+++ b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md
@@ -1,11 +1,22 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single-app or as one of many apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with a tailored experience for kiosks, or normal browsing in Microsoft Edge.
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+You can define a behavior for the Microsoft Edge browser, which it shall display when part of many applications running on a kiosk device.
+
+> [!NOTE]
+> You can define the browser's behavior only if you have the assigned access privileges.
+
+You can also define a behavior when Microsoft Edge serves as a single application.
+
+You can facilitate the following functionalities in the Microsoft Edge browser:
+- Execution of InPrivate full screen
+- Execution of InPrivate multi-tab with a tailored experience for kiosks
+- Provision for normal browsing
diff --git a/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md b/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md
index 8d1cc4f603..97d9c264c0 100644
--- a/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md
+++ b/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New Tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy.
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allows users to make changes. With this policy, you can configure Microsoft Edge to load the Start page, New Tab page, or the previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy.
diff --git a/windows/client-management/includes/configure-start-pages-shortdesc.md b/windows/client-management/includes/configure-start-pages-shortdesc.md
index 146511b737..e8c18a3d8b 100644
--- a/windows/client-management/includes/configure-start-pages-shortdesc.md
+++ b/windows/client-management/includes/configure-start-pages-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge loads the pages specified in App settings as the default Start pages.  With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users cannot make changes. 
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge loads the pages specified in App settings as the default Start pages.  With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users can't make changes. 
diff --git a/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md b/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md
index 62547e8955..8eeb1e44a5 100644
--- a/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md
+++ b/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default.  Also, by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns on Windows Defender SmartScreen and prevent users from turning it off.  Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off. 
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default.  Also, by default, users can't disable (turn off) Windows Defender SmartScreen. Enabling this policy turns on Windows Defender SmartScreen and prevent users from turning it off.  Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off. 
diff --git a/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md b/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md
index 37ff4011ad..37156ee3a7 100644
--- a/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md
+++ b/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies cannot be changed and remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start page or any Start page configured with the Configure Start pages policy.
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies can't be changed, and they remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start pages or any Start page configured with the Configure Start pages policy.
diff --git a/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md b/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md
index 5bf46ea949..f4acce9ce0 100644
--- a/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md
+++ b/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, users can access the about:flags page in Microsoft Edge, which is used to change developer settings and enable experimental features. Enabling this policy prevents users from accessing the about:flags page.
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can access the about:flags page in Microsoft Edge that is used to change developer settings and enable experimental features. Enabling this policy prevents users from accessing the about:flags page.
diff --git a/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md b/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md
index 7264330137..b7331dd725 100644
--- a/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md
+++ b/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge allows users to uninstall extensions by default. Enabling this policy prevents users from uninstalling extensions but lets them configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. If you enabled this policy and now you want to disable it, the list of extension package family names (PFNs) defined in this policy get ignored after disabling this policy.
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+The Microsoft Edge browser allows users to uninstall extensions, by default. When the users work with extensions that come under a policy that is enabled, they can configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any extra permissions requested by future updates of the extension get granted automatically. If - at this stage - you disable the policy, the list of extension package family names (PFNs) defined in this policy get ignored.
diff --git a/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md b/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
index 5ef4bbdeca..b7b66d315b 100644
--- a/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
+++ b/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge shows localhost IP address while making calls using the WebRTC protocol. Enabling this policy hides the localhost IP addresses. 
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge shows localhost IP address while making calls through usage of the WebRTC protocol. Enabling this policy hides the localhost IP addresses. 
diff --git a/windows/client-management/includes/provision-favorites-shortdesc.md b/windows/client-management/includes/provision-favorites-shortdesc.md
index 30b9677f92..2ddbc5c6d7 100644
--- a/windows/client-management/includes/provision-favorites-shortdesc.md
+++ b/windows/client-management/includes/provision-favorites-shortdesc.md
@@ -1,11 +1,21 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date:  10/02/2018
-ms.reviewer: 
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, users can customize the Favorites list in Microsoft Edge. With this policy though, you provision a standard list of favorites, which can include folders, to appear in the Favorites list in addition to the user’s favorites. Edge. Once you provision the Favorites list, users cannot customize it, such as adding folders for organizing, and adding or removing any of the favorites configured. 
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+You can customize the Favorites list in the Microsoft Edge browser. Customization of the favorites list includes:
+
+- Creating a standard list
+    - This standard list includes:
+        - Folders (which you can add)
+        - the list of favorites that you manually add, after creating the standard list
+
+This customized favorite is the final version. 
+
+
diff --git a/windows/client-management/index.yml b/windows/client-management/index.yml
index 3731f3f13d..2bb8db6fd8 100644
--- a/windows/client-management/index.yml
+++ b/windows/client-management/index.yml
@@ -1,19 +1,22 @@
 ### YamlMime:Landing
 
 title: Client management # < 60 chars
-summary: Find out how to apply custom configurations to Windows client devices. Windows provides a number of features and methods to help you configure or lock down specific parts of the Windows interface.  # < 160 chars
+summary: Find out how to apply custom configurations to Windows client devices. Windows provides many features and methods to help you configure or lock down specific parts of the Windows interface.  # < 160 chars
 
 metadata:
-  title: Configure Windows 10 # Required; page title displayed in search results. Include the brand. < 60 chars.
-  description: Learn about the administrative tools, tasks and best practices for managing Windows clients across your enterprise. # Required; article description that is displayed in search results. < 160 chars.
+  title: Manage Windows client # Required; page title displayed in search results. Include the brand. < 60 chars.
+  description: Learn about the administrative tools, tasks, and best practices for managing Windows clients across your enterprise. # Required; article description that is displayed in search results. < 160 chars.
   services: windows-10
   ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
   ms.subservice: subservice
   ms.topic: landing-page # Required
-  ms.collection: windows-10
-  author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
-  ms.author: greglin #Required; microsoft alias of author; optional team alias.
-  ms.date: 04/30/2021 #Required; mm/dd/yyyy format.
+  ms.collection:
+    - windows-10
+    - highpri
+  author: aczechowski
+  ms.author: aaroncz
+  manager: dougeby
+  ms.date: 03/28/2022 #Required; mm/dd/yyyy format.
   localization_priority: medium
     
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@@ -26,7 +29,7 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-          - text: Administrative Tools in Windows 10
+          - text: Windows Tools/Administrative Tools
             url: administrative-tools-in-windows-10.md
           - text: Create mandatory user profiles
             url: mandatory-user-profile.md
diff --git a/windows/client-management/introduction-page-file.md b/windows/client-management/introduction-page-file.md
index 376916c1d3..be5ce9c487 100644
--- a/windows/client-management/introduction-page-file.md
+++ b/windows/client-management/introduction-page-file.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.author: delhan
 ms.reviewer: dcscontentpm
 manager: dansimp
+ms.collection: highpri
 ---
 
 # Introduction to page files
@@ -27,20 +28,20 @@ Page files enable the system to remove infrequently accessed modified pages from
 
 Some products or services require a page file for various reasons. For specific information, check the product documentation.
 
-For example, the following Windows servers requires page files:
+For example, the following Windows servers require page files:
 
 - Windows Server domain controllers (DCs)
 - DFS Replication (DFS-R) servers
 - Certificate servers
 - ADAM/LDS servers
 
-This is because the algorithm of the database cache for Extensible Storage Engine (ESENT, or ESE in Microsoft Exchange Server) depends on the "\Memory\Transition Pages RePurposed/sec" performance monitor counter. A page file is required to make sure that the database cache can release memory if other services or applications request memory.
+This requirement is because the algorithm of the database cache for Extensible Storage Engine (ESENT, or ESE for Microsoft Exchange Server) depends on the "\Memory\Transition Pages RePurposed/sec" performance monitor counter. A page file is required to ensure that the database cache can release memory if other services or applications request memory.
 
-For Windows Server 2012 Hyper-V and Windows Server 2012 R2 Hyper-V, the page file of the management OS (commonly called the host OS) should be left at the default of setting of "System Managed" .
+For Windows Server 2012 Hyper-V and Windows Server 2012 R2 Hyper-V, the page file of the management OS (commonly called the host OS) should be left at the default of setting of "System Managed".
 
 ### Support for system crash dumps
 
-Page files can be used to "back" (or support) system crash dumps and extend how much system-committed memory (also known as “virtual memory”) a system can support. 
+Page files can be used to "back" (or support) system crash dumps and extend how much system-committed memory (also known as "virtual memory") a system can support.
 
 For more information about system crash dumps, see [system crash dump options](system-failure-recovery-options.md#under-write-debugging-information).
 
@@ -48,7 +49,7 @@ For more information about system crash dumps, see [system crash dump options](s
 
 When large physical memory is installed, a page file might not be required to support the system commit charge during peak usage. For example, 64-bit versions of Windows and Windows Server support more physical memory (RAM) than 32-bit versions support. The available physical memory alone might be large enough. 
 
-However, the reason to configure the page file size has not changed. It has always been about supporting a system crash dump, if it is necessary, or extending the system commit limit, if it is necessary. For example, when a lot of physical memory is installed, a page file might not be required to back the system commit charge during peak usage. The available physical memory alone might be large enough to do this. However, a page file or a dedicated dump file might still be required to back a system crash dump.
+However, the reason to configure the page file size hasn't changed. It has always been about supporting a system crash dump, if it's necessary, or extending the system commit limit, if it's necessary. For example, when a lot of physical memory is installed, a page file might not be required to back the system commit charge during peak usage. The available physical memory alone might be large enough to do this. However, a page file or a dedicated dump file might still be required to back a system crash dump.
 
 ## System committed memory
 
@@ -56,15 +57,15 @@ Page files extend how much "committed memory" (also known as "virtual memory") i
 
 The system commit memory limit is the sum of physical memory and all page files combined. It represents the maximum system-committed memory (also known as the "system commit charge") that the system can support.
 
-![Task manager](images/task-manager.png)
+![Task manager.](images/task-manager.png)
  
 The system commit charge is the total committed or "promised" memory of all committed virtual memory in the system. If the system commit charge reaches the system commit limit, the system and processes might not get committed memory. This condition can cause freezing, crashing, and other malfunctions. Therefore, make sure that you set the system commit limit high enough to support the system commit charge during peak usage.
 
-![Out of memory](images/out-of-memory.png)
+![Out of memory.](images/out-of-memory.png)
 
-![Task Manager](images/task-manager-commit.png)
+![Task Manager.](images/task-manager-commit.png)
 
-The system committed charge and system committed limit can be measured on the **Performance** tab in Task Manager or by using the "\Memory\Committed Bytes" and "\Memory\Commit Limit" performance counters. The \Memory\% Committed Bytes In Use counter is a ratio of \Memory\Committed Bytes to \Memory\Commit Limit values.
+The system committed charge and system committed limit can be measured on the **Performance** tab in Task Manager or by using the "\Memory\Committed Bytes" and "\Memory\Commit Limit" performance counters. The **\Memory\% Committed Bytes In Use** counter is a ratio of \Memory\Committed Bytes to \Memory\Commit Limit values.
 
 > [!NOTE]
 > System-managed page files automatically grow up to three times the physical memory or 4 GB (whichever is larger, but no more than one-eighth of the volume size) when the system commit charge reaches 90 percent of the system commit limit. This assumes that enough free disk space is available to accommodate the growth.
diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md
index 4fc41d68c1..100a615574 100644
--- a/windows/client-management/manage-corporate-devices.md
+++ b/windows/client-management/manage-corporate-devices.md
@@ -1,6 +1,6 @@
 ---
-title: Manage corporate devices (Windows 10)
-description: You can use the same management tools to manage all device types running Windows 10 desktops, laptops, tablets, and phones.
+title: Manage corporate devices
+description: You can use the same management tools to manage all device types running Windows 10 or Windows 11 desktops, laptops, tablets, and phones.
 ms.assetid: 62D6710C-E59C-4077-9C7E-CE0A92DFC05D
 ms.reviewer: 
 manager: dansimp
@@ -12,7 +12,7 @@ ms.sitesec: library
 ms.pagetype: devices
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 09/21/2017
+ms.date: 09/14/2021
 ms.topic: article
 ---
 
@@ -21,22 +21,22 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10
--   Windows 10 Mobile
+- Windows 10
+- Windows 11
 
-You can use the same management tools to manage all device types running Windows 10 : desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, System Center tools, and so on, will continue to work for Windows 10.
+You can use the same management tools to manage all device types running Windows 10 or Windows 11 desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, System Center tools, and so on, will continue to work for Windows 10 and Windows 11.
 
 ## In this section
 
 | Topic | Description |
 | --- | --- |
-| [Manage Windows 10 in your organization - transitioning to modern management](manage-windows-10-in-your-organization-modern-management.md) | Strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment | 
+| [Manage Windows 10 (and Windows 11) in your organization - transitioning to modern management](manage-windows-10-in-your-organization-modern-management.md) | Strategies for deploying and managing Windows 10 (and Windows 11), including deploying Windows 10 (and Windows 11) in a mixed environment | 
 | [Connect to remote Azure Active Directory-joined PC](connect-to-remote-aadj-pc.md) | How to use Remote Desktop Connection to connect to an Azure AD-joined PC |
-| [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions) | Options to manage user experiences to provide a consistent and predictable experience for employees |
-| [New policies for Windows 10](new-policies-for-windows-10.md) | New Group Policy settings added in Windows 10 |
-| [Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education](group-policies-for-enterprise-and-education-editions.md) | Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education |
-| [Changes to Group Policy settings for Start in Windows 10](/windows/configuration/changes-to-start-policies-in-windows-10) | Changes to the Group Policy settings that you use to manage Start |
-| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 10 Mobile in their organizations |
+| [Manage Windows 10 (and Windows 11) and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions) | Options to manage user experiences to provide a consistent and predictable experience for employees |
+| [New policies for Windows 10 (and Windows 11)](new-policies-for-windows-10.md) | New Group Policy settings added in Windows 10 |
+| [Group Policies that apply only to Windows Enterprise and Windows Education](group-policies-for-enterprise-and-education-editions.md) | Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education |
+| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 (and Windows 11) in their organizations |
+
 
 
 ## Learn more
@@ -47,15 +47,7 @@ You can use the same management tools to manage all device types running Windows
 
 [Microsoft Intune End User Enrollment Guide](/samples/browse/?redirectedfrom=TechNet-Gallery)
 
-[Azure AD Join on Windows 10 devices](https://go.microsoft.com/fwlink/p/?LinkId=616791)
-
-[Azure AD support for Windows 10](https://go.microsoft.com/fwlink/p/?LinkID=615765)
-
-[Windows 10 and Azure Active Directory: Embracing the Cloud](https://go.microsoft.com/fwlink/p/?LinkId=615768)
-
-[How to manage Windows 10 devices using Intune](https://go.microsoft.com/fwlink/p/?LinkId=613620)
-
-[Using Intune alone and with Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=613207)
+[Windows 10 (and Windows 11) and Azure Active Directory: Embracing the Cloud](https://go.microsoft.com/fwlink/p/?LinkId=615768)
 
 Microsoft Virtual Academy course: [System Center 2012 R2 Configuration Manager & Windows Intune](/learn/)
 
diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md
new file mode 100644
index 0000000000..29a9358bf0
--- /dev/null
+++ b/windows/client-management/manage-device-installation-with-group-policy.md
@@ -0,0 +1,685 @@
+---
+title: Manage Device Installation with Group Policy (Windows 10 and Windows 11)
+description: Find out how to manage Device Installation Restrictions with Group Policy.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: aczechowski
+ms.date: 09/14/2021
+ms.reviewer: 
+manager: dougeby
+ms.author: aaroncz
+ms.topic: article
+---
+
+# Manage Device Installation with Group Policy
+
+**Applies to**
+
+- Windows 10
+- Windows 11
+- Windows Server 2022
+
+
+## Summary
+By using Windows operating systems, administrators can determine what devices can be installed on computers they manage. This guide summarizes the device installation process and demonstrates several techniques for controlling device installation by using Group Policy.
+
+## Introduction
+
+### General
+This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and can't install. This guide applies to all Windows versions starting with RS5 (1809). The guide includes the following scenarios:
+
+- Prevent users from installing devices that are on a "prohibited" list. If a device isn't on the list, then the user can install it.
+- Allow users to install only devices that are on an "approved" list. If a device isn't on the list, then the user can't install it.
+
+This guide describes the device installation process and introduces the device identification strings that Windows uses to match a device with the device-driver packages available on a machine. The guide also illustrates two methods of controlling device installation. Each scenario shows, step by step, one method you can use to allow or prevent the installation of a specific device or a class of devices.
+
+The example device used in the scenarios is a USB storage device. You can perform the steps in this guide using a different device. However, if you use a different device, then the instructions in the guide won't exactly match the user interface that appears on the computer.
+
+It's important to understand that the Group Policies that are presented in this guide are only applied to machines/machine-groups, not to users/user-groups.
+
+> [!IMPORTANT]
+> The steps provided in this guide are intended for use in a test lab environment. This step-by-step guide isn't meant to be used to deploy Windows Server features without accompanying documentation and should be used with discretion as a stand-alone document.
+
+### Who Should Use This Guide?
+
+This guide is targeted at the following audiences:
+
+- Information technology planners and analysts who are evaluating Windows 10, Windows 11 or Windows Server 2022
+- Enterprise information technology planners and designers
+- Security architects who are responsible for implementing trustworthy computing in their organization
+- Administrators who want to become familiar with the technology
+
+### Benefits of Controlling Device Installation Using Group Policy
+
+Restricting the devices that users can install reduces the risk of data theft and reduces the cost of support.
+
+#### Reduce the risk of data theft
+
+It's more difficult for users to make unauthorized copies of company data if users' computers can't install unapproved devices that support removable media. For example, if users can't install a USB thumb-drive device, they can't download copies of company data onto a removable storage. This benefit can't eliminate data theft, but it creates another barrier to unauthorized removal of data.
+
+#### Reduce support costs
+
+You can ensure that users install only those devices that your technical support team is trained and equipped to support. This benefit reduces support costs and user confusion.
+
+
+## Scenario Overview
+
+The scenarios presented in this guide illustrate how you can control device installation and usage on the computers that you manage. The scenarios use Group Policy on a local machine to simplify using the procedures in a lab environment. In an environment where you manage multiple client computers, you should apply these settings using Group Policy.. With Group Policy deployed by Active Directory, you can apply settings to all computers that are members of a domain or an organizational unit in a domain. For more information about how to use Group Policy to manage your client computers, see Group Policy at the Microsoft Web site.
+
+Group Policy guides:
+
+- [Create a Group Policy Object (Windows 10) - Windows Security](/windows/security/threat-protection/windows-firewall/create-a-group-policy-object)
+- [Advanced Group Policy Management - Microsoft Desktop Optimization Pack](/microsoft-desktop-optimization-pack/agpm)
+
+### Scenario #1: Prevent installation of all printers
+
+In this scenario, the administrator wants to prevent users from installing any printers. Thus is a basic scenario to introduce you to the ‘prevent/allow’ functionality of Device Installation policies in Group Policy.
+
+### Scenario #2: Prevent installation of a specific printer
+
+In this scenario, the administrator allows standard users to install all printers while but preventing them from installing a specific one.
+
+### Scenario #3: Prevent installation of all printers while allowing a specific printer to be installed
+
+In this scenario, you'll combine what you learned from both scenario #1 and scenario #2. The administrator wants to allow standard users to install only a specific printer while preventing the installation of all other printers. This scenario is a more realistic one and brings you a step farther in understanding of the Device Installation Restrictions policies.
+
+### Scenario #4: Prevent installation of a specific USB device
+
+This scenario, although similar to scenario #2, brings another layer of complexity – how does device connectivity work in the PnP tree. The administrator wants to prevent standard users from installing a specific USB device. By the end of the scenario, you should understand the way devices are nested in layers under the PnP device connectivity tree.
+
+### Scenario #5: Prevent installation of all USB devices while allowing an installation of only an authorized USB thumb drive
+
+In this scenario, combining all previous four scenarios, you'll learn how to protect a machine from all unauthorized USB devices. The administrator wants to allow users to install only a small set of authorized USB devices while preventing any other USB device from being installed. In addition, this scenario includes an explanation of how to apply the ‘prevent’ functionality to existing USB devices that have already been installed on the machine, and the administrator likes to prevent any farther interaction with them (blocking them all together). This scenario builds on the policies and structure we introduced in the first four scenarios and therefore it's preferred to go over them first before attempting this scenario.
+
+
+## Technology Review
+
+The following sections provide a brief overview of the core technologies discussed in this guide and give background information that is necessary to understand the scenarios.
+
+### Device Installation in Windows
+
+A device is a piece of hardware with which Windows interacts to perform some function, or in a more technical definition - it's a single instance of a hardware component with a unique representation in the Windows Plug and Play subsystem. Windows can communicate with a device only through a piece of software called a device-driver (also known as a _driver_). To install a driver, Windows detects the device, recognizes its type, and then finds the driver that matches that type.
+
+When Windows detects a device that has never been installed on the computer, the operating system queries the device to retrieve its list of device identification strings. A device usually has multiple device identification strings, which the device manufacturer assigns. The same device identification strings are included in the .inf file (also known as an _INF_) that is part of the driver package. Windows chooses which driver package to install by matching the device identification strings retrieved from the device to those strings included with the driver packages.
+
+Windows uses four types of identifiers to control device installation and configuration. You can use the Group Policy settings in Windows to specify which of these identifiers to allow or block.
+
+The four types of identifiers are:
+
+- Device Instance ID
+- Device ID
+- Device setup classes
+- ‘Removable Devices’ device type
+
+#### Device Instance ID
+
+A device instance ID is a system-supplied device identification string that uniquely identifies a device in the system. The Plug and Play (PnP) manager assigns a device instance ID to each device node (devnode) in a system's device tree.
+
+#### Device ID
+
+Windows can use each string to match a device to a driver package. The strings range from the specific, matching a single make and model of a device, to the general, possibly applying to an entire class of devices. There are two types of device identification strings: hardware IDs and compatible IDs.
+
+##### Hardware IDs
+
+Hardware IDs are the identifiers that provide the exact match between a device and a driver package. The first string in the list of hardware IDs is referred to as the device ID, because it matches the exact make, model, and revision of the device. The other hardware IDs in the list match the details of the device less exactly. For example, a hardware ID might identify the make and model of the device but not the specific revision. This scheme allows Windows to use a driver for a different revision of the device if the driver for the correct revision isn't available.
+
+##### Compatible IDs
+
+Windows uses these identifiers to select a driver if the operating system can't find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are optional, and, when provided, they're generic, such as Disk. When a match is made using a compatible ID, you can typically use only the most basic functions of the device.
+
+When you install a device, such as a printer, a USB storage device, or a keyboard, Windows searches for driver packages that match the device you are attempting to install. During this search, Windows assigns a "rank" to each driver package it discovers with at least one match to a hardware or compatible ID. The rank indicates how well the driver matches the device. Lower rank numbers indicate better matches between the driver and the device. A rank of zero represents the best possible match. A match with the device ID to one in the driver package results in a lower (better) rank than a match to one of the other hardware IDs. Similarly, a match to a hardware ID results in a better rank than a match to any of the compatible IDs. After Windows ranks all of the driver packages, it installs the one with the lowest overall rank. For more information about the process of ranking and selecting driver packages, see How Setup Selects Drivers in the Microsoft Docs library.
+
+> [!NOTE]
+> For more information about the driver installation process, see the "Technology review" section of the Step-by-Step Guide to Driver Signing and Staging.
+
+Some physical devices create one or more logical devices when they're installed. Each logical device might handle part of the functionality of the physical device. For example, a multi-function device, such as an all-in-one scanner/fax/printer, might have a different device identification string for each function.
+
+When you use Device Installation policies to allow or prevent the installation of a device that uses logical devices, you must allow or prevent all of the device identification strings for that device. For example, if a user attempts to install a multifunction device and you didn't allow or prevent all of the identification strings for both physical and logical devices, you could get unexpected results from the installation attempt. For more detailed information about hardware IDs, see Device Identification Strings in Microsoft Docs.
+
+#### Device setup classes
+
+Device setup classes (also known as _Class_) are another type of identification string. The manufacturer assigns the Class to a device in the driver package. The Class groups devices that are installed and configured in the same way. For example, all Biometric devices belong to the Biometric Class (ClassGuid = {53D29EF7-377C-4D14-864B-EB3A85769359}), and they use the same co-installer when installed. A long number called a globally unique identifier (GUID) represents each device setup class. When Windows starts, it builds an in-memory tree structure with the GUIDs for all of the detected devices. Along with the GUID for the Class of the device itself, Windows may need to insert into the tree the GUID for the Class of the bus to which the device is attached.
+
+When you use device Classes to allow or prevent users from installing drivers, you must specify the GUIDs for all of the device's device setup classes, or you might not achieve the results you want. The installation might fail (if you want it to succeed) or it might succeed (if you want it to fail).
+
+For example, a multi-function device, such as an all-in-one scanner/fax/printer, has a GUID for a generic multi-function device, a GUID for the printer function, a GUID for the scanner function, and so on. The GUIDs for the individual functions are "child nodes" under the multi-function device GUID. To install a child node, Windows must also be able to install the parent node. You must allow installation of the device setup class of the parent GUID for the multi-function device in addition to any child GUIDs for the printer and scanner functions.
+
+For more information, see [Device Setup Classes](/windows-hardware/drivers/install/overview-of-device-setup-classes) in Microsoft Docs.
+
+This guide doesn't depict any scenarios that use device setup classes. However, the basic principles demonstrated with device identification strings in this guide also apply to device setup classes. After you discover the device setup class for a specific device, you can then use it in a policy to either allow or prevent installation of drivers for that class of devices.
+
+The following two links provide the complete list of Device Setup Classes. ‘System Use’ classes are mostly referred to devices that come with a computer/machine from the factory, while ‘Vendor’ classes are mostly referred to devices that could be connected to an existing computer/machine:
+
+- [System-Defined Device Setup Classes Available to Vendors - Windows drivers](/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors)
+- [System-Defined Device Setup Classes Reserved for System Use - Windows drivers](/windows-hardware/drivers/install/system-defined-device-setup-classes-reserved-for-system-use)
+
+#### ‘Removable Device’ Device type
+
+Some devices could be classified as _Removable Device_. A device is considered _removable_ when the driver for the device to which it's connected indicates that the device is removable. For example, a USB device is reported to be removable by the drivers for the USB hub to which the device is connected. 
+
+
+### Group Policy Settings for Device Installation
+
+Group Policy is an infrastructure that allows you to specify managed configurations for users and computers through Group Policy settings and Group Policy Preferences.
+
+Device Installation section in Group Policy is a set of policies that control which device could or couldn't be installed on a machine. Whether you want to apply the settings to a stand-alone computer or to many computers in an Active Directory domain, you use the Group Policy Object Editor to configure and apply the policy settings. For more information, see Group Policy Object Editor Technical Reference.
+
+The following passages are brief descriptions of the Device Installation policies that are used in this guide.
+
+> [!NOTE]
+> Device Installation control is applied only to machines (‘computer configuration’) and not users (‘user configuration’) by the nature of the Windows OS design. These policy settings affect all users who log on to the computer where the policy settings are applied. You can't apply these policies to specific users or groups except for the policy Allow administrators to override device installation policy. This policy exempts members of the local Administrators group from any of the device installation restrictions that you apply to the computer by configuring other policy settings as described in this section.
+
+#### Allow administrators to override Device Installation Restriction policies
+
+This policy setting allows members of the local Administrators group to install and update the drivers for any device, regardless of other policy settings. If you enable this policy setting, administrators can use the Add Hardware Wizard or the Update Driver Wizard to install and update the drivers for any device. If you disable or don't configure this policy setting, administrators are subject to all policy settings that restrict device installation.
+
+#### Allow installation of devices that match any of these device IDs
+
+This policy setting specifies a list of Plug and Play hardware IDs and compatible IDs that describe devices that users can install. This setting is intended to be used only when the Prevent installation of devices not described by other policy settings policy setting is enabled and doesn't take precedence over any policy setting that would prevent users from installing a device. If you enable this policy setting, users can install and update any device with a hardware ID or compatible ID that matches an ID in this list if that installation hasn't been prevented by the Prevent installation of devices that match these device IDs policy setting, the Prevent installation of devices for these device classes policy setting, or the Prevent installation of removable devices policy setting. If another policy setting prevents users from installing a device, users can't install it even if the device is also described by a value in this policy setting. If you disable or don't configure this policy setting and no other policy describes the device, the Prevent installation of devices not described by other policy settings policy setting determines whether users can install the device.
+
+#### Allow installation of devices that match any of these device instance IDs
+
+This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is allowed to install. Use this policy setting only when the "Prevent installation of devices not described by other policy settings" policy setting is enabled. Other policy settings that prevent device installation take precedence over this one. If you enable this policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting specifically prevents that installation (for example, the "Prevent installation of devices that match any of these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, the "Prevent installation of devices that match any of these device instance IDs" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
+
+#### Allow installation of devices using drivers that match these device setup classes
+
+This policy setting specifies a list of device setup class GUIDs that describe devices that users can install. This setting is intended to be used only when the Prevent installation of devices not described by other policy settings policy setting is enabled and doesn't take precedence over any policy setting that would prevent users from installing a device. If you enable this setting, users can install and update any device with a hardware ID or compatible ID that matches one of the IDs in this list if that installation hasn't been prevented by the Prevent installation of devices that match these device IDs policy setting, the Prevent installation of devices for these device classes policy setting, or the Prevent installation of removable devices policy setting. If another policy setting prevents users from installing a device, users can't install it even if the device is also described by a value in this policy setting. If you disable or don't configure this policy setting and no other policy setting describes the device, the Prevent installation of devices not described by other policy settings policy setting determines whether users can install the device.
+
+#### Prevent installation of devices that match these device IDs
+
+This policy setting specifies a list of Plug and Play hardware IDs and compatible IDs for devices that users can't  install. If you enable this policy setting, users can't install or update the driver for a device if its hardware ID or compatible ID matches one in this list. If you disable or don't configure this policy setting, users can install devices and update their drivers, as permitted by other policy settings for device installation.
+Note: This policy setting takes precedence over any other policy settings that allow users to install a device. This policy setting prevents users from installing a device even if it matches another policy setting that would allow installation of that device.
+
+#### Prevent installation of devices that match any of these device instance IDs
+
+This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. If you enable this policy setting, Windows is prevented from installing a device whose device instance ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or don't configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.
+
+#### Prevent installation of devices using drivers that match these device setup classes
+
+This policy setting specifies a list of Plug and Play device setup class GUIDs for devices that users can't install. If you enable this policy setting, users can't install or update devices that belong to any of the listed device setup classes. If you disable or don't configure this policy setting, users can install and update devices as permitted by other policy settings for device installation.
+Note: This policy setting takes precedence over any other policy settings that allow users to install a device. This policy setting prevents users from installing a device from being installed even if it matches another policy setting that would allow installation of that device.
+
+### Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria
+
+This policy setting will change the evaluation order in which Allow and Prevent policy settings are applied when more than one install policy setting is applicable for a given device. Enable this policy setting to ensure that overlapping device match criteria is applied based on an established hierarchy where more specific match criteria supersedes less specific match criteria. The hierarchical order of evaluation for policy settings that specify device match criteria is as follows:
+
+> **Device instance IDs** > **Device IDs** > **Device setup class** > **Removable devices**
+
+> [!NOTE]
+> This policy setting provides more granular control than the "Prevent installation of devices not described by other policy settings" policy setting. If these conflicting policy settings are enabled at the same time, the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting will be enabled and the other policy setting will be ignored.
+>
+> If you disable or don't configure this policy setting, the default evaluation is used. By default, all "Prevent installation..." policy settings have precedence over any other policy setting that allows Windows to install a device.
+
+Some of these policies take precedence over other policies. The flowchart shown below illustrates how Windows processes them to determine whether a user can install a device or not, as shown in Figure below.
+ 			
+![Device Installation policies flow chart.](images/device-installation-flowchart.png)
                    _Device Installation policies flow chart_
+
+
+
+
+## Requirements for completing the scenarios
+
+### General
+
+To complete each of the scenarios, ensure your have:
+
+- A client computer running Windows.
+
+- A USB thumb drive. The scenarios described in this guide use a USB thumb drive as the example device (also known as a “removable disk drive”, "memory drive," a "flash drive," or a "keyring drive"). Most USB thumb drives don't require any manufacturer-provided drivers, and these devices work with the inbox drivers provided with the Windows build.
+
+- A USB/network printer pre-installed on the machine.
+
+- Access to the administrator account on the testing machine. The procedures in this guide require administrator privileges for most steps.
+
+### Understanding implications of applying ‘Prevent’ policies retroactive
+
+All ‘Prevent’ policies can apply the block functionality to already installed devices—devices that have been installed on the machine before the policy took effect. Using this option is recommended when the administrator isn't sure of the installation history of devices on the machine and would like to make sure the policy applies to all devices.
+
+For example: A printer is already installed on the machine, preventing the installation of all printers will block any future printer from being installed while keeping only the installed printer usable. To apply the block retroactive, the administrator should check mark the “apply this policy to already installed devices” option. Marking this option will prevent access to already installed devices in addition to any future ones.
+
+This option is a powerful tool, but as such it has to be used carefully.
+
+> [!IMPORTANT]
+> Applying the ‘Prevent retroactive’ option to crucial devices could render the machine useless/unacceptable! For example: Preventing retroactive all ‘Disk Drives’ could block the access to the disk on which the OS boots with; Preventing retroactive all ‘Net’ could block this machine from accessing network and to fix the issue the admin will have to have a direct connection.
+
+## Determine device identification strings
+
+By following these steps, you can determine the device identification strings for your device. If the hardware IDs and compatible IDs for your device don't match those IDs shown in this guide, use the IDs that are appropriate to your device (this policy applies to Instance IDs and Classes, but we aren't going to give an example for them in this guide).
+
+You can determine the hardware IDs and compatible IDs for your device in two ways. You can use Device Manager, a graphical tool included with the operating system, or PnPUtil, a command-line tool available for all Windows versions. Use the following procedure to view the device identification strings for your device.
+
+> [!NOTE]
+> These procedures are specific to a Canon printer. If you are using a different type of device, you must adjust the steps accordingly. The significant difference will be the location of the device in the Device Manager hierarchy. Instead of being located in the Printers node, you must locate your device in the appropriate node.
+
+To find device identification strings using Device Manager
+
+1. Make sure your printer is plugged in and installed.
+
+2. To open Device Manager, click the Start button, type mmc devmgmt.msc in the Start Search box, and then press ENTER; or search for Device Manager as application.
+
+3. Device Manager starts and displays a tree representing all of the devices detected on your computer. At the top of the tree is a node with your computers name next to it. Lower nodes represent the various categories of hardware into which your computers devices are grouped.
+
+4. Find the “Printers” section and find the target printer
+ 
+    ![Selecting the printer in Device Manager.](images/device-installation-dm-printer-by-device.png)
                    _Selecting the printer in Device Manager_
+
+5. Double-click the printer and move to the ‘Details’ tab.
+
+    ![‘Details’ tab.](images/device-installation-dm-printer-details-screen.png)
                    _Open the ‘Details’ tab to look for the device identifiers_
+
+6. From the ‘Value’ window, copy the most detailed Hardware ID – we'll use this value in the policies.
+
+    ![HWID.](images/device-installation-dm-printer-hardware-ids.png)
+
+    ![Compatible ID.](images/device-installation-dm-printer-compatible-ids.png)
                    _HWID and Compatible ID_
+
+    > [!TIP]
+    > You can also determine your device identification strings by using the PnPUtil command-line utility. For more information, see [PnPUtil - Windows drivers](/windows-hardware/drivers/devtest/pnputil) in Microsoft Docs.
+
+### Getting device identifiers using PnPUtil
+
+```console
+pnputil /enum-devices /ids
+```
+
+Here's an example of an output for a single device on a machine:
+
+```console
+
+Instance ID:                PCI\VEN_8086&DEV_2F34&SUBSYS_2F348086&REV_02\3&103a9d54&0&81
+Device Description:         Intel(R) Xeon(R) E7 v3/Xeon(R) E5 v3/Core i7 PCIe Ring Interface - 2F34
+Class Name:                 System
+Class GUID:                 {4d36e97d-e325-11ce-bfc1-08002be10318}
+Manufacturer Name:          INTEL
+Status:                     Stopped
+Driver Name:                oem6.inf
+Hardware IDs:               PCI\VEN_8086&DEV_2F34&SUBSYS_2F348086&REV_02
+                            PCI\VEN_8086&DEV_2F34&SUBSYS_2F348086
+                            PCI\VEN_8086&DEV_2F34&CC_110100
+                            PCI\VEN_8086&DEV_2F34&CC_1101
+Compatible IDs:             PCI\VEN_8086&DEV_2F34&REV_02
+                            PCI\VEN_8086&DEV_2F34
+                            PCI\VEN_8086&CC_110100
+                            PCI\VEN_8086&CC_1101
+                            PCI\VEN_8086
+                            PCI\CC_110100
+                            PCI\CC_1101
+
+```
+
+## Scenario #1: Prevent installation of all printers
+
+In this simple scenario, you'll learn how to prevent the installation of an entire Class of devices.
+
+### Setting up the environment
+
+Setting up the environment for the scenario with the following steps:
+
+1. Open Group Policy Editor and navigate to the Device Installation Restriction section.
+
+2. Disable all previous Device Installation policies, except ‘Apply layered order of evaluation’—although the policy is disabled in default, this policy is recommended to be enabled in most practical applications. 
+
+3. If there are any enabled policies, changing their status to ‘disabled’, would clear them from all parameters
+
+4. Have a USB/network printer available to test the policy with
+
+### Scenario steps – preventing installation of prohibited devices
+
+Getting the right device identifier to prevent it from being installed:
+
+1. If you have on your system a device from the class you want to block, you could follow the steps in the previous section to find the Device Class identifier through Device Manager or PnPUtil (Class GUID).
+
+2. If you don’t have such device installed on your system or know the name of the class, you can check the following two links:
+
+    - [System-Defined Device Setup Classes Available to Vendors - Windows drivers](/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors)
+    - [System-Defined Device Setup Classes Reserved for System Use - Windows drivers](/windows-hardware/drivers/install/system-defined-device-setup-classes-reserved-for-system-use)
+
+3. Our current scenario is focused on preventing all printers from being installed, as such here's the Class GUID for most of printers in the market: 
+
+    > Printers\
+    > Class = Printer\
+    > ClassGuid = {4d36e979-e325-11ce-bfc1-08002be10318}\
+    > This class includes printers.
+
+    > [!NOTE]
+    > As mentioned before, preventing an entire Class could block you from using your system completely. Please make sure you understand which devices are going to be blocked when specifying a Class. For our scenario, there are other classes that relate to printers but before you apply them, make sure they're not blocking any other existing device that is crucial to your system.
+
+Creating the policy to prevent all printers from being installed:
+
+1. Open Group Policy Object Editor—either click the Start button, type mmc gpedit.msc in the Start Search box, and then press ENTER; or type in the Windows search “Group Policy Editor” and open the UI.
+
+2. Navigate to the Device Installation Restriction page: 
+
+    > Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions
+
+3. Make sure all policies are disabled (recommended to keep ‘applied layered order of evaluation’ policy enabled).
+
+4. Open **Prevent installation of devices using drivers that match these device setup classes** policy and select the ‘Enable’ radio button.
+
+5. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This option will take you to a table where you can enter the class identifier to block.
+
+6. Enter the printer class GUID you found above with the curly braces (this convention is important! Otherwise, it won’t work): {4d36e979-e325-11ce-bfc1-08002be10318}
+
+    ![List of prevent Class GUIDs.](images/device-installation-gpo-prevent-class-list.png)
                    _List of prevent Class GUIDs_
+
+7. Click ‘OK’.
+
+8. Click ‘Apply’ on the bottom right of the policy’s window – this option pushes the policy and blocks all future printer installations, but doesn’t apply to existing installs.
+
+9. Optional – if you would like to apply the policy to existing installs: Open the **Prevent installation of devices using drivers that match these device setup classes** policy again; in the ‘Options’ window mark the checkbox that says ‘also apply to matching devices that are already installed’
+
+> [!IMPORTANT]
+> Using a Prevent policy (like the one we used in scenario #1 above) and applying it to all previously installed devices (see step #9) could render crucial devices unusable; hence, use with caution. For example: If an IT admin wants to prevent all removable storage devices from being installed on the machine, using ‘Disk Drive’ class for blocking and applying it retroactive could render the internal hard-drive unusable and to break the machine.
+
+### Testing the scenario
+
+1. If you haven't completed step #9 – follow these steps:
+
+   1. Uninstall your printer: Device Manager > Printers > right click the Canon Printer > click “Uninstall device”.
+   1. For USB printer – unplug and plug back the cable; for network device – make a search for the printer in the Windows Settings app.
+   1. You shouldn't be able to reinstall the printer.
+
+2. If you completed step #9 above and restarted the machine, look for your printer under Device Manager or the Windows Settings app and see that it's no-longer available for you to use.
+
+## Scenario #2: Prevent installation of a specific printer
+
+This scenario builds upon scenario #1, Prevent installation of all printers. In this scenario, you target a specific printer to prevent from being installed on the machine.
+
+### Setting up the environment
+
+Setting up the environment for the scenario with the following steps:
+
+1. Open Group Policy Editor and navigate to the Device Installation Restriction section.
+
+2. Ensure all previous Device Installation policies are disabled except ‘Apply layered order of evaluation’ (this prerequisite is optional to be On/Off this scenario). Although the policy is disabled in default, it's recommended to be enabled in most practical applications. For scenario #2, it's optional.
+
+### Scenario steps – preventing installation of a specific device
+
+Getting the right device identifier to prevent it from being installed:
+
+1. Get your printer’s Hardware ID – in this example we'll use the identifier we found previously
+
+    ![Printer Hardware ID identifier.](images/device-installation-dm-printer-hardware-ids.png)
                    _Printer Hardware ID_
+
+2. Write down the device ID (in this case Hardware ID) – WSDPRINT\CanonMX920_seriesC1A0; Take the more specific identifier to make sure you block a specific printer and not a family of printers
+
+Creating the policy to prevent a single printer from being installed:
+
+1. Open Group Policy Object Editor – either click the Start button, type mmc gpedit.msc in the Start Search box, and then press ENTER; or type in the Windows search “Group Policy Editor” and open the UI.
+
+2. Navigate to the Device Installation Restriction page: 
+
+    > Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions
+
+3. Open **Prevent installation of devices that match any of these device IDs** policy and select the ‘Enable’ radio button.
+
+4. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This option will take you to a table where you can enter the device identifier to block.
+
+5. Enter the printer device ID you found above – WSDPRINT\CanonMX920_seriesC1A0
+
+    ![Prevent Device ID list.](images/device-installation-gpo-prevent-device-id-list-printer.png)
                    _Prevent Device ID list_
+
+6. Click ‘OK’.
+
+7. Click ‘Apply’ on the bottom right of the policy’s window. This option pushes the policy and blocks the target printer in future installations, but doesn’t apply to an existing install.
+
+8. Optional – if you would like to apply the policy to an existing install: Open the **Prevent installation of devices that match any of these device IDs** policy again; in the ‘Options’ window mark the checkbox that says ‘also apply to matching devices that are already installed’.
+
+###	Testing the scenario
+
+If you completed step #8 above and restarted the machine, look for your printer under Device Manager or the Windows Settings app and see that it's no-longer available for you to use.
+
+If you haven't completed step #8, follow these steps:
+
+1. Uninstall your printer: Device Manager > Printers > right click the Canon Printer > click “Uninstall device”.
+
+2. For USB printer – unplug and plug back the cable; for network device – make a search for the printer in the Windows Settings app.
+
+3. You shouldn't be able to reinstall the printer.
+
+
+## Scenario #3: Prevent installation of all printers while allowing a specific printer to be installed
+
+Now, using the knowledge from both previous scenarios, you'll learn how to prevent the installation of an entire Class of devices while allowing a single printer to be installed.
+
+### Setting up the environment
+
+Setting up the environment for the scenario with the following steps:
+
+1. Open Group Policy Editor and navigate to the Device Installation Restriction section.
+
+2. Disable all previous Device Installation policies, and enable ‘Apply layered order of evaluation’.
+
+3. If there are any enabled policies, changing their status to ‘disabled’, would clear them from all parameters.
+
+4. Have a USB/network printer available to test the policy with.
+
+### Scenario steps – preventing installation of an entire class while allowing a specific printer
+
+Getting the device identifier for both the Printer Class and a specific printer – following the steps in scenario #1 to find Class identifier and scenario #2 to find Device identifier you could get the identifiers you need for this scenario:
+
+- ClassGuid = {4d36e979-e325-11ce-bfc1-08002be10318}
+- Hardware ID = WSDPRINT\CanonMX920_seriesC1A0
+
+First create a ‘Prevent Class’ policy and then create ‘Allow Device’ one:
+
+1. Open Group Policy Object Editor – either click the Start button, type mmc gpedit.msc in the Start Search box, and then press ENTER; or type in the Windows search “Group Policy Editor” and open the UI.
+
+2. Navigate to the Device Installation Restriction page: 
+
+    > Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions
+
+3. Make sure all policies are disabled
+
+4. Open **Prevent installation of devices using drivers that match these device setup classes** policy and select the ‘Enable’ radio button.
+
+5. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This option will take you to a table where you can enter the class identifier to block.
+
+6. Enter the printer class GUID you found above with the curly braces (this value is important! Otherwise, it won’t work): {4d36e979-e325-11ce-bfc1-08002be10318}
+
+    ![List of prevent Class GUIDs.](images/device-installation-gpo-prevent-class-list.png)
                    _List of prevent Class GUIDs_
+
+7. Click ‘OK’.
+
+8. Click ‘Apply’ on the bottom right of the policy’s window – this option pushes the policy and blocks all future printer installations, but doesn’t apply to existing installs.
+
+9. To complete the coverage of all future and existing printers – Open the **Prevent installation of devices using drivers that match these device setup classes** policy again; in the ‘Options’ window mark the checkbox that says ‘also apply to matching devices that are already installed’ and click ‘OK’
+
+10. Open the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy and enable it – this policy will enable you to override the wide coverage of the ‘Prevent’ policy with a specific device.
+
+    ![Image of Local Group Policy Editor that shows the policies under "Device Installation Restrictions" and the policy named in this step.](images/device-installation-apply-layered_policy-1.png)
+
+    ![Image that shows the current settings of the policy named in this step, "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria.".](images/device-installation-apply-layered-policy-2.png)
                    _Apply layered order of evaluation policy_
+
+9. Now Open **Allow installation of devices that match any of these device IDs** policy and select the ‘Enable’ radio button.
+
+10. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This option will take you to a table where you can enter the device identifier to allow.
+
+11. Enter the printer device ID you found above: WSDPRINT\CanonMX920_seriesC1A0.
+
+    ![Allow Printer Hardware ID.](images/device-installation-gpo-allow-device-id-list-printer.png)
                    _Allow Printer Hardware ID_
+
+12. Click ‘OK’.
+
+13. Click ‘Apply’ on the bottom right of the policy’s window – this option pushes the policy and allows the target printer to be installed (or stayed installed).
+
+## Testing the scenario
+
+1. Look for your printer under Device Manager or the Windows Settings app and see that it's still there and accessible. Or just print a test document.
+
+2. Go back to the Group Policy Editor, disable **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy and test again your printer – you shouldn't be bale to print anything or able to access the printer at all.
+
+
+## Scenario #4: Prevent installation of a specific USB device
+
+The scenario builds upon the knowledge from scenario #2, Prevent installation of a specific printer. In this scenario, you'll gain an understanding of how some devices are built into the PnP (Plug and Play) device tree.
+
+### Setting up the environment
+
+Setting up the environment for the scenario with the following steps:
+
+1. Open Group Policy Editor and navigate to the Device Installation Restriction section
+
+2. Ensure all previous Device Installation policies are disabled except ‘Apply layered order of evaluation’ (this prerequisite is optional to be On/Off this scenario) – although the policy is disabled in default, it's recommended to be enabled in most practical applications.
+
+### Scenario steps – preventing installation of a specific device
+
+Getting the right device identifier to prevent it from being installed and its location in the PnP tree:
+
+1. Connect a USB thumb drive to the machine
+
+2. Open Device Manager
+
+3. Find the USB thumb-drive and select it.
+ 
+    ![Selecting the usb thumb-drive in Device Manager.](images/device-installation-dm-usb-by-device.png)
                    _Selecting the usb thumb-drive in Device Manager_
+
+4. Change View (in the top menu) to ‘Devices by connections’. This view represents the way devices are installed in the PnP tree.
+
+    ![Changing view in Device Manager to see the PnP connection tree.](images/device-installation-dm-usb-by-connection.png)
                    _Changing view in Device Manager to see the PnP connection tree_
+
+    > [!NOTE]
+    > When blocking\Preventing a device that sits higher in the PnP tree, all the devices that sit under it will be blocked. For example: Preventing a “Generic USB Hub” from being installed, all the devices that lay below a “Generic USB Hub” will be blocked.
+ 
+    ![Blocking nested devices from the root.](images/device-installation-dm-usb-by-connection-blocked.png)
                    _When blocking one device, all the devices that are nested below it will be blocked as well_
+
+5. Double-click the USB thumb-drive and move to the ‘Details’ tab.
+
+6. From the ‘Value’ window, copy the most detailed Hardware ID—we'll use this value in the policies. In this case Device ID = USBSTOR\DiskGeneric_Flash_Disk______8.07
+ 
+    ![USB device hardware IDs.](images/device-installation-dm-usb-hwid.png)
                    _USB device hardware IDs_
+
+Creating the policy to prevent a single USB thumb-drive from being installed:
+
+1. Open Group Policy Object Editor – either click the Start button, type mmc gpedit.msc in the Start Search box, and then press ENTER; or type in the Windows search “Group Policy Editor” and open the UI.
+
+2. Navigate to the Device Installation Restriction page: 
+
+    > Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions
+
+3. Open **Prevent installation of devices that match any of these device IDs** policy and select the ‘Enable’ radio button.
+
+4. In the lower left side, in the ‘Options’ window, click the ‘Show’ box. This option will take you to a table where you can enter the device identifier to block.
+
+5. Enter the USB thumb-drive device ID you found above – USBSTOR\DiskGeneric_Flash_Disk______8.07
+ 
+    ![Prevent Device IDs list.](images/device-installation-gpo-prevent-device-id-list-usb.png)
                    _Prevent Device IDs list_
+
+6. Click ‘OK’.
+
+7. Click ‘Apply’ on the bottom right of the policy’s window – this option pushes the policy and blocks the target USB thumb-drive in future installations, but doesn’t apply to an existing install.
+
+8. Optional – if you would like to apply the policy to an existing install: Open the **Prevent installation of devices that match any of these device IDs** policy again; in the ‘Options’ window, mark the checkbox that says ‘also apply to matching devices that are already installed’
+
+
+### Testing the scenario
+
+1. If you haven't completed step #8 – follow these steps:
+
+    - Uninstall your USB thumb-drive: Device Manager > Disk drives > right click the target USB thumb-drive > click “Uninstall device”.
+    - You shouldn't be able to reinstall the device.
+
+2. If you completed step #8 above and restarted the machine, look for your Disk drives under Device Manager and see that it's no-longer available for you to use.
+
+
+## Scenario #5: Prevent installation of all USB devices while allowing an installation of only an authorized USB thumb-drive
+
+Now, using the knowledge from all the previous four scenarios, you'll learn how to prevent the installation of an entire Class of devices while allowing a single authorized USB thumb-drive to be installed.
+
+### Setting up the environment
+
+Setting up the environment for the scenario with the following steps:
+
+1. Open Group Policy Editor and navigate to the Device Installation Restriction section.
+
+2. Disable all previous Device Installation policies, and **enable** ‘Apply layered order of evaluation’.
+
+3. If there are any enabled policies, changing their status to ‘disabled’, would clear them from all parameters.
+
+4. Have a USB thumb-drive available to test the policy with.
+
+### Scenario steps – preventing installation of all USB devices while allowing only an authorized USB thumb-drive
+
+Getting the device identifier for both the USB Classes and a specific USB thumb-drive – following the steps in scenario #1 to find Class identifier and scenario #4 to find Device identifier you could get the identifiers you need for this scenario:
+
+- USB Bus Devices (hubs and host controllers)
+  - Class = USB
+  - ClassGuid = {36fc9e60-c465-11cf-8056-444553540000}
+  - This class includes USB host controllers and USB hubs, but not USB peripherals. Drivers for this class are system-supplied.
+
+- USB Device
+  - Class = USBDevice
+  - ClassGuid = {88BAE032-5A81-49f0-BC3D-A4FF138216D6}
+  - USBDevice includes all USB devices that don't belong to another class. This class isn't used for USB host controllers and hubs.
+
+- Hardware ID = USBSTOR\DiskGeneric_Flash_Disk______8.07
+
+As mentioned in scenario #4, it's not enough to enable only a single hardware ID in order to enable a single USB thumb-drive. The IT admin has to ensure all the USB devices that preceding the target one aren't blocked (allowed) as well. In Our case the following devices has to be allowed so the target USB thumb-drive could be allowed as well:
+
+- “Intel(R) USB 3.0 eXtensible Host Controller – 1.0 (Microsoft)” -> PCI\CC_0C03
+- “USB Root Hub (USB 3.0)” -> USB\ROOT_HUB30
+- “Generic USB Hub” -> USB\USB20_HUB
+ 
+![USB devices nested in the PnP tree.](images/device-installation-dm-usb-by-connection-layering.png)
                    _USB devices nested under each other in the PnP tree_
+
+These devices are internal devices on the machine that define the USB port connection to the outside world. Enabling them shouldn't enable any external/peripheral device from being installed on the machine.
+
+> [!IMPORTANT]
+> Some device in the system have several layers of connectivity to define their installation on the system. USB thumb-drives are such devices. Thus, when looking to either block or allow them on a system, it's important to understand the path of connectivity for each device. There are several generic Device IDs that are commonly used in systems and could provide a good start to build an ‘Allow list’ in such cases. See below for the list:
+> 
+> 	PCI\CC_0C03; PCI\CC_0C0330; PCI\VEN_8086; PNP0CA1; PNP0CA1&HOST (for Host Controllers)/
+> USB\ROOT_HUB30; USB\ROOT_HUB20 (for USB Root Hubs)/
+> USB\USB20_HUB (for Generic USB Hubs)/
+> 
+> Specifically for desktop machines, it's very important to list all the USB devices that your keyboards and mice are connected through in the above list. Failing to do so could block a user from accessing its machine through HID devices. 
+>
+> Different PC manufacturers sometimes have different ways to nest USB devices in the PnP tree, but in general this is how it's done.
+
+First create a ‘Prevent Class’ policy and then create ‘Allow Device’ one:
+
+1. Open Group Policy Object Editor – either click the Start button, type mmc gpedit.msc in the Start Search box, and then press ENTER; or type in the Windows search “Group Policy Editor” and open the UI.
+
+2. Navigate to the Device Installation Restriction page: 
+
+    > Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions
+
+3. Make sure all policies are disabled
+
+4. Open **Prevent installation of devices using drivers that match these device setup classes** policy and select the ‘Enable’ radio button.
+
+5. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This option will take you to a table where you can enter the class identifier to block.
+
+6. Enter both USB classes GUID you found above with the curly braces:
+
+    > {36fc9e60-c465-11cf-8056-444553540000}/
+    > {88BAE032-5A81-49f0-BC3D-A4FF138216D6} 
+
+7. Click ‘OK’.
+
+8. Click ‘Apply’ on the bottom right of the policy’s window – this option pushes the policy and blocks all future USB device installations, but doesn’t apply to existing installs.
+
+    > [!IMPORTANT]
+    > The previous step prevents all future USB devices from being installed. Before you move to the next step make sure you have as complete list as possible of all the USB Host Controllers, USB Root Hubs and Generic USB Hubs Device IDs available to prevent blocking you from interacting with your system through keyboards and mice.
+
+9. Open the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy and enable it – this policy will enable you to override the wide coverage of the ‘Prevent’ policy with a specific device.
+
+    ![Apply layered order of evaluation policy.](images/device-installation-apply-layered_policy-1.png)
                    _Apply layered order of evaluation policy_
+
+10. Now Open **Allow installation of devices that match any of these device IDs** policy and select the ‘Enable’ radio button.
+
+11. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This option will take you to a table where you can enter the device identifier to allow.
+
+12. Enter the full list of USB device IDs you found above including the specific USB Thumb-drive you would like to authorize for installation – USBSTOR\DiskGeneric_Flash_Disk______8.07
+
+    ![Image of an example list of devices that have been configured for the policy "Allow installation of devices that match any of these Device IDs.".](images/device-installation-gpo-allow-device-id-list-usb.png)
                    _Allowed USB Device IDs list_
+
+13. Click ‘OK’.
+
+14. Click ‘Apply’ on the bottom right of the policy’s window.
+
+15. To apply the ‘Prevent’ coverage of all currently installed USB devices – Open the **Prevent installation of devices using drivers that match these device setup classes** policy again; in the ‘Options’ window mark the checkbox that says ‘also apply to matching devices that are already installed’ and click ‘OK’.
+
+### Testing the scenario
+
+You shouldn't be able to install any USB thumb-drive, except the one you authorized for usage
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index a177277d07..56a3adc040 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -1,11 +1,11 @@
 ---
-title: Manage the Settings app with Group Policy (Windows 10)
+title: Manage the Settings app with Group Policy (Windows 10 and Windows 11)
 description: Find out how to manage the Settings app with Group Policy so you can hide specific pages from users.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/14/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -14,10 +14,11 @@ ms.topic: article
 
 # Manage the Settings app with Group Policy
 
-
 **Applies to**
 
--   Windows 10, Windows Server 2016
+-   Windows 10
+-   Windows 11
+-   Windows Server 2016
 
 You can now manage the pages that are shown in the Settings app by using Group Policy. When you use Group Policy to manage pages, you can hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
 To make use of the Settings App group policies on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update. 
@@ -25,7 +26,7 @@ To make use of the Settings App group policies on Windows server 2016, install f
 >[!Note]
 >Each server that you want to manage access to the Settings App must be patched.
 
-If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra).
+If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store).
 
 This policy is available for both User and Computer depending on the version of the OS. Windows Server 2016 with KB 4457127 applied will have both User and Computer policy. Windows 10, version 1703, added Computer policy for the Settings app. Windows 10, version 1809, added User policy for the Settings app.
 
@@ -35,7 +36,7 @@ Policy paths:
 
 **User Configuration** > **Administrative Templates** > **Control Panel** > **Settings Page Visibility**.
 
-![Settings page visibility policy](images/settings-page-visibility-gp.png)
+![Settings page visibility policy.](images/settings-page-visibility-gp.png)
 
 ## Configuring the Group Policy
 
diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
index 22ba2d74a8..cc38c493dd 100644
--- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
+++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
@@ -17,9 +17,9 @@ ms.topic: article
 
 # Manage Windows 10 in your organization - transitioning to modern management
 
-Use of personal devices for work, as well as employees working outside the office, may be changing how your organization manages devices. Certain parts of your organization might require deep, granular control over devices, while other parts might seek lighter, scenario-based management that empowers the modern workforce. Windows 10 offers the flexibility to respond to these changing requirements, and can easily be deployed in a mixed environment. You can shift the percentage of Windows 10 devices gradually, following the normal upgrade schedules used in your organization.
+Use of personal devices for work, and employees working outside the office, may be changing how your organization manages devices. Certain parts of your organization might require deep, granular control over devices, while other parts might seek lighter, scenario-based management that empowers the modern workforce. Windows 10 offers the flexibility to respond to these changing requirements, and can easily be deployed in a mixed environment. You can shift the percentage of Windows 10 devices gradually, following the normal upgrade schedules used in your organization.
 
-Your organization might have considered bringing in Windows 10 devices and downgrading them to Windows 7 until everything is in place for a formal upgrade process. While this may appear to save costs due to standardization, greater savings can come from avoiding the downgrade and immediately taking advantage of the cost reductions Windows 10 can provide. Because Windows 10 devices can be managed using the same processes and technology as other previous Windows versions, it’s easy for versions to coexist.
+Your organization might have considered bringing in Windows 10 devices and downgrading them to Windows 7 until everything is in place for a formal upgrade process. While this downgrade may appear to save costs due to standardization, greater savings can come from avoiding the downgrade and immediately taking advantage of the cost reductions Windows 10 can provide. Because Windows 10 devices can be managed using the same processes and technology as other previous Windows versions, it’s easy for versions to coexist.
 
 Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as Microsoft Endpoint Configuration Manager, Microsoft Intune, or other third-party products. This “managed diversity” enables you to empower your users to benefit from the productivity enhancements available on their new Windows 10 devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows 10 much faster.
 
@@ -50,7 +50,7 @@ As indicated in the diagram, Microsoft continues to provide support for deep man
 
 ## Deployment and Provisioning
 
-With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully-configured, fully-managed devices, you can:
+With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully configured, fully managed devices, you can:
 
 
 -   Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](/mem/intune/fundamentals/).
@@ -59,7 +59,7 @@ With Windows 10, you can continue to use traditional OS deployment, but you can
 
 -   Use traditional imaging techniques such as deploying custom images using [Microsoft Endpoint Configuration Manager](/configmgr/core/understand/introduction).
 
-You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 7 or Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This can mean significantly lower deployment costs, as well as improved productivity as end users can be immediately productive – everything is right where they left it. Of course, you can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today with Windows 7.
+You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 7 or Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive – everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today with Windows 7.
 
 ## Identity and Authentication
 
@@ -73,8 +73,8 @@ You can envision user and device management as falling into these two categories
 
     -   Likewise, for personal devices, employees can use a new, simplified [BYOD experience](/azure/active-directory/devices/overview) to add their work account to Windows, then access work resources on the device.
 
--   **Domain joined PCs and tablets used for traditional applications and access to important resources.** These may be traditional applications and resources that require authentication or accessing highly sensitive or classified resources on-premises.
-    With Windows 10, if you have an on-premises [Active Directory](/windows-server/identity/whats-new-active-directory-domain-services) domain that’s [integrated with Azure AD](/azure/active-directory/devices/hybrid-azuread-join-plan), when employee devices are joined, they automatically register with Azure AD. This provides:
+-   **Domain joined PCs and tablets used for traditional applications and access to important resources.** These applications and resources may be traditional ones that require authentication or accessing highly sensitive or classified resources on-premises.
+    With Windows 10, if you have an on-premises [Active Directory](/windows-server/identity/whats-new-active-directory-domain-services) domain that’s [integrated with Azure AD](/azure/active-directory/devices/hybrid-azuread-join-plan), when employee devices are joined, they automatically register with Azure AD. This registration provides:
 
     -   Single sign-on to cloud and on-premises resources from everywhere
 
@@ -92,13 +92,13 @@ For more information about how Windows 10 and Azure AD optimize access to work r
 
 As you review the roles in your organization, you can use the following generalized decision tree to begin to identify users or devices that require domain join. Consider switching the remaining users to Azure AD.
 
-![Decision tree for device authentication options](images/windows-10-management-cyod-byod-flow.png)
+![Decision tree for device authentication options.](images/windows-10-management-cyod-byod-flow.png)
 
 ## Settings and Configuration
 
 Your configuration requirements are defined by multiple factors, including the level of management needed, the devices and data managed, and your industry requirements. Meanwhile, employees are frequently concerned about IT applying strict policies to their personal devices, but they still want access to corporate email and documents. With Windows 10, you can create a consistent set of configurations across PCs, tablets, and phones through the common MDM layer. 
 
-**MDM**: [MDM](https://www.microsoft.com/cloud-platform/mobile-device-management) gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, Group Policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using GP that requires on-premises domain-joined devices. This makes MDM the best choice for devices that are constantly on the go.
+**MDM**: [MDM](https://www.microsoft.com/cloud-platform/mobile-device-management) gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, Group Policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using GP that requires on-premises domain-joined devices. This provision makes MDM the best choice for devices that are constantly on the go.
 
 **Group Policy** and **Microsoft Endpoint Configuration Manager**: Your organization might still need to manage domain joined computers at a granular level such as Internet Explorer’s 1,500 configurable Group Policy settings. If so, Group Policy and Configuration Manager continue to be excellent management choices:
 
@@ -115,7 +115,7 @@ MDM with Intune provide tools for applying Windows updates to client computers i
 
 ## Next steps
 
-There are a variety of steps you can take to begin the process of modernizing device management in your organization:
+There are various steps you can take to begin the process of modernizing device management in your organization:
 
 **Assess current management practices, and look for investments you might make today.** Which of your current practices need to stay the same, and which can you change? Specifically, what elements of traditional management do you need to retain and where can you modernize? Whether you take steps to minimize custom imaging, re-evaluate settings management, or reassesses authentication and compliance, the benefits can be immediate. You can use the [MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat) to help determine which Group Policies are set for a target user/computer and cross-reference them against the list of available MDM policies.
 
@@ -123,10 +123,10 @@ There are a variety of steps you can take to begin the process of modernizing de
 
 **Review the decision trees in this article.** With the different options in Windows 10, plus Configuration Manager and Enterprise Mobility + Security, you have the flexibility to handle imaging, authentication, settings, and management tools for any scenario.
 
-**Take incremental steps.** Moving towards modern device management doesn’t have to be an overnight transformation. New operating systems and devices can be brought in while older ones remain. With this “managed diversity,” users can benefit from productivity enhancements on new Windows 10 devices, while you continue to maintain older devices according to your standards for security and manageability. Starting with Windows 10, version 1803, the new policy [MDMWinsOverGP](./mdm/policy-csp-controlpolicyconflict.md#controlpolicyconflict-mdmwinsovergp) was added to allow MDM policies to take precedence over GP when both GP and its equivalent MDM policies are set on the device. You can start implementing MDM policies while keeping your GP environment. Here is the list of MDM policies with equivalent GP - [Policies supported by GP](./mdm/policy-configuration-service-provider.md)
+**Take incremental steps.** Moving towards modern device management doesn’t have to be an overnight transformation. New operating systems and devices can be brought in while older ones remain. With this “managed diversity,” users can benefit from productivity enhancements on new Windows 10 devices, while you continue to maintain older devices according to your standards for security and manageability. Starting with Windows 10, version 1803, the new policy [MDMWinsOverGP](./mdm/policy-csp-controlpolicyconflict.md#controlpolicyconflict-mdmwinsovergp) was added to allow MDM policies to take precedence over GP when both GP and its equivalent MDM policies are set on the device. You can start implementing MDM policies while keeping your GP environment. Here's the list of MDM policies with equivalent GP - [Policies supported by GP](./mdm/policy-configuration-service-provider.md)
 
 
-**Optimize your existing investments**. On the road from traditional on-premises management to modern cloud-based management, take advantage of the flexible, hybrid architecture of Configuration Manager and Intune. Starting with Configuration Manager 1710, co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Intune. See these topics for details:
+**Optimize your existing investments**. On the road from traditional on-premises management to modern cloud-based management, take advantage of the flexible, hybrid architecture of Configuration Manager and Intune. Configuration Manager 1710 onward, co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Intune. See these topics for details:
 
 -   [Co-management for Windows 10 devices](/configmgr/core/clients/manage/co-management-overview)
 -   [Prepare Windows 10 devices for co-management](/configmgr/core/clients/manage/co-management-prepare)
@@ -135,6 +135,6 @@ There are a variety of steps you can take to begin the process of modernizing de
 
 ## Related topics
 
--   [What is Intune?](//mem/intune/fundamentals/what-is-intune)
+-   [What is Intune?](/mem/intune/fundamentals/what-is-intune)
 -   [Windows 10 Policy CSP](./mdm/policy-configuration-service-provider.md)
 -   [Windows 10 Configuration service Providers](./mdm/configuration-service-provider-reference.md)
diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index b5b30659d6..d45e85d719 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -1,5 +1,5 @@
 ---
-title: Create mandatory user profiles (Windows 10)
+title: Create mandatory user profiles (Windows 10 and Windows 11)
 description: A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users.
 keywords: [".man","ntuser"]
 ms.prod: w10
@@ -7,16 +7,19 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: dansimp
 ms.author: dansimp
-ms.date: 10/02/2018
+ms.date: 09/14/2021
 ms.reviewer: 
 manager: dansimp
 ms.topic: article
+ms.collection: highpri
 ---
 
 # Create mandatory user profiles
 
 **Applies to**
+
 - Windows 10
+- Windows 11
 
 A mandatory user profile is a roaming user profile that has been pre-configured by an administrator to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned.
 
@@ -39,7 +42,7 @@ The name of the folder in which you store the mandatory profile must use the cor
 | Windows 10, versions 1507 and 1511 | N/A | v5 |
 | Windows 10, versions 1607, 1703, 1709, 1803, 1809, 1903 and 1909 |  Windows Server 2016 and Windows Server 2019 | v6 |
 
-For more information, see [Deploy Roaming User Profiles, Appendix B](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#appendix-b-profile-version-reference-information) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/kb/3056198).
+For more information, see [Deploy Roaming User Profiles, Appendix B](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#appendix-b-profile-version-reference-information) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](/troubleshoot/windows-server/user-profiles-and-logon/roaming-user-profiles-versioning).
 
 ## Mandatory user profile
 
@@ -66,7 +69,7 @@ First, you create a default user profile with the customizations that you want,
 
 1. At a command prompt, type the following command and press **ENTER**.
 
-   ```dos
+   ```console
    sysprep /oobe /reboot /generalize /unattend:unattend.xml
    ```
 
@@ -75,7 +78,7 @@ First, you create a default user profile with the customizations that you want,
    > [!TIP]
    > If you receive an error message that says "Sysprep was not able to validate your Windows installation", open %WINDIR%\\System32\\Sysprep\\Panther\\setupact.log and look for an entry like the following:
    >
-   > ![Microsoft Bing Translator package error](images/sysprep-error.png)
+   > ![Microsoft Bing Translator package error.](images/sysprep-error.png)
    >
    > Use the [Remove-AppxProvisionedPackage](/powershell/module/dism/remove-appxprovisionedpackage?view=win10-ps&preserve-view=true) and [Remove-AppxPackage -AllUsers](/powershell/module/appx/remove-appxpackage?view=win10-ps&preserve-view=true) cmdlet in Windows PowerShell to uninstall the app that is listed in the log.
 
@@ -86,11 +89,11 @@ First, you create a default user profile with the customizations that you want,
 1. In **User Profiles**, click **Default Profile**, and then click **Copy To**.
 
 
-   ![Example of User Profiles UI](images/copy-to.png)
+   ![Example of User Profiles UI.](images/copy-to.png)
 
 1. In **Copy To**, under **Permitted to use**, click **Change**.
 
-   ![Example of Copy To UI](images/copy-to-change.png)
+   ![Example of Copy To UI.](images/copy-to-change.png)
 
 1. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone`, click **Check Names**, and then click **OK**.
 
@@ -98,11 +101,11 @@ First, you create a default user profile with the customizations that you want,
 
    - If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path.
 
-   ![Example of Copy profile to](images/copy-to-path.png)
+     ![Example of Copy profile to.](images/copy-to-path.png)
 
    - If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location.
 
-   ![Example of Copy To UI with UNC path](images/copy-to-path.png)
+     ![Example of Copy To UI with UNC path.](images/copy-to-path.png)
 
 1. Click **OK** to copy the default user profile.
 
@@ -139,9 +142,9 @@ When a user is configured with a mandatory profile, Windows 10 starts as though
 
 | Group Policy setting | Windows 10 | Windows Server 2016 | Windows 8.1 | Windows Server 2012 |
 | --- | --- | --- | --- | --- |
-| Computer Configuration > Administrative Templates > System > Logon > **Show first sign-in animation** = Disabled | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) |
-| Computer Configuration > Administrative Templates > Windows Components > Search > **Allow Cortana** = Disabled | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) | ![not supported](images/crossmark.png)  | ![not supported](images/crossmark.png)  |
-| Computer Configuration > Administrative Templates > Windows Components > Cloud Content > **Turn off Microsoft consumer experience** = Enabled | ![supported](images/checkmark.png) | ![not supported](images/crossmark.png) | ![not supported](images/crossmark.png) | ![not supported](images/crossmark.png) |
+| Computer Configuration > Administrative Templates > System > Logon > **Show first sign-in animation** = Disabled | ![supported.](images/checkmark.png) | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) |
+| Computer Configuration > Administrative Templates > Windows Components > Search > **Allow Cortana** = Disabled | ![supported.](images/checkmark.png) | ![supported](images/checkmark.png) | ![not supported](images/crossmark.png)  | ![not supported](images/crossmark.png)  |
+| Computer Configuration > Administrative Templates > Windows Components > Cloud Content > **Turn off Microsoft consumer experience** = Enabled | ![supported.](images/checkmark.png) | ![not supported](images/crossmark.png) | ![not supported](images/crossmark.png) | ![not supported](images/crossmark.png) |
 
 > [!NOTE]
 > The Group Policy settings above can be applied in Windows 10 Professional edition.
diff --git a/windows/client-management/mdm/Language-pack-management-csp.md b/windows/client-management/mdm/Language-pack-management-csp.md
index 0a1e9f72a4..4c10dc0ad9 100644
--- a/windows/client-management/mdm/Language-pack-management-csp.md
+++ b/windows/client-management/mdm/Language-pack-management-csp.md
@@ -13,41 +13,71 @@ ms.date: 06/22/2021
 
 # Language Pack Management CSP
 
+The Language Pack Management CSP allows a direct way to provision languages remotely in Windows. MDMs like Intune can use management commands remotely to devices to configure language-related settings for System and new users.
 
-The Language Pack Management CSP allows a direct way to provision language packs remotely in Windows 10 and Windows 10 X. A separate CSP exists to allow provisioning of "optional FODs" (Handwriting recognition, Text-to-speech, and so on) associated with a language. MDMs like Intune can use management commands remotely to devices to configure language related settings.
+1. Enumerate installed languages and features with GET command on the "InstalledLanguages" node. Below are the samples:
 
-1. Enumerate installed languages with GET command on the "InstalledLanguages" node
- 
     **GET./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages**
     **GET./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages/zh-CN/Providers**
-    **GET./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages/ja-JP/Providers** 
+    **GET./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages/zh-CN/LanguageFeatures**
+    **GET./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages/ja-JP/Providers**
+    **GET./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages/ja-JP/LanguageFeatures**
 
-   The nodes under **InstalledLanguages** are the language tags of the installed languages. The **providers** node under language tag is the bit map representation of either "language pack (feature)" or [LXPs](https://www.microsoft.com/store/collections/localexperiencepacks?cat0=devices&rtc=1). 
-    - Indicates the language pack installed is a System Language Pack (non-LXP)
-    - Indicates that the LXP is installed.
-    - Indicates that both are installed.
+   The nodes under **InstalledLanguages** are the language tags of the installed languages. The **providers** node under language tag is an integer representation of either [language pack](/windows-hardware/manufacture/desktop/available-language-packs-for-windows?view=windows-11&preserve-view=true) or [LXPs](https://www.microsoft.com/store/collections/localexperiencepacks?cat0=devices&rtc=1).
 
-2. Install language pack features with the EXECUTE command on the **StartInstall** node of the language. For example, 
+    - **1**- Indicates that only the Language Pack cab is installed.
+    - **2**- Indicates that only the LXP is installed.
+    - **3**- Indicates that both are installed.
 
-    **ADD./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/**
-    **EXECUTE./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/StartInstallation**
+    The **LanguageFeatures** node is a bitmap representation of what [Language Features](/windows-hardware/manufacture/desktop/features-on-demand-language-fod?view=windows-11&preserve-view=true) are installed for a language on a device:
 
-    The installation is an asynchronous operation. You can query the **Status** node by using the following commands: 
+    - Basic Typing = 0x1
+    - Fonts = 0x2
+    - Handwriting = 0x4
+    - Speech = 0x8
+    - TextToSpeech = 0x10
+    - OCR = 0x20
+    - LocaleData = 0x40
+    - SupplementFonts = 0x80
+
+2. Install language pack and features with the EXECUTE command on the **StartInstallation** node of the language. The language installation will try to install the best matched language packs and features for the provided language.
+
+    > [!NOTE]
+    > If not previously set, installation will set the policy to block cleanup of unused language packs and features on the device to prevent unexpected deletion.
+
+    - Admins can optionally copy the language to the device’s international settings immediately after installation by using the REPLACE command on the "CopyToDeviceInternationalSettings" node of the language. false (default)- will take no action; true- will set the following international settings to reflect the newly installed language:
+        - System Preferred UI Language
+        - System Locale
+        - Default settings for new users
+             - Input Method (keyboard)
+             - Locale
+             - Speech Recognizer
+             - User Preferred Language List
+    - Admins can optionally configure whether they want to install all available language features during installation using the REPLACE command on the "EnableLanguageFeatureInstallations" node of the language. false- will install only required features; true (default)- will install all available features.
+
+    Here are the sample commands to install French language with required features and copy to the device's international settings:
+
+    1. **ADD ./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/**
+    2. **REPLACE ./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/CopyToDeviceInternationalSettings (true)**
+    3. **REPLACE ./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/EnableLanguageFeatureInstallations (false)**
+    4. **EXECUTE ./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/StartInstallation**
+
+    The installation is an asynchronous operation. You can query the **Status** or **ErrorCode** nodes by using the following commands:
 
     **GET./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/Status**
     **GET./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/ErrorCode**
 
-    Status: 0 – not started; 1 – in process; 2 – succeeded; 3 – failed. ErrorCode is a HRESULT that could help diagnosis if the installation failed.
+    Status: 0 – not started; 1 – in progress; 2 – succeeded; 3 – failed; 4 - partial success (A partial success indicates not all the provisioning operations succeeded, for example, there was an error installing the language pack or features).
 
-    > [!NOTE]
-    > If IT admin has NOT set the policy of blocking cleanup of unused language packs, this command will fail.  
+    ErrorCode: An HRESULT that could help diagnosis if the installation failed or partially failed.
 
-3. Delete installed Language with the DELETE command on the installed language tag. The delete command is a fire and forget operation. The deletion will run in background. IT admin can query the installed language later and resend the command if needed.
+3. Delete installed Language with the DELETE command on the installed language tag. The delete command is a fire and forget operation. The deletion will run in background. IT admin can query the installed language later and resend the command if needed. Below is a sample command to delete the zh-CN language.
 
+   **DELETE./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages/zh-CN**
 
-   **DELETE./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages/zh-CN(Delete command)**
+   > [!NOTE]
+   > The deletion will ignore the policy of block cleanup of unused language packs.
 
 4. Get/Set System Preferred UI Language with GET or REPLACE command on the "SystemPreferredUILanguages" Node
 
-
    **./Device/Vendor/MSFT/LanguagePackManagement/LanguageSettings/SystemPreferredUILanguages**
diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md
index 930343209f..7be2cf47f8 100644
--- a/windows/client-management/mdm/accountmanagement-csp.md
+++ b/windows/client-management/mdm/accountmanagement-csp.md
@@ -19,10 +19,18 @@ AccountManagement CSP is used to configure setting in the Account Manager servic
 > [!NOTE]
 > The AccountManagement CSP is only supported in Windows Holographic for Business edition.
 
+The following syntax shows the AccountManagement configuration service provider in tree format.
 
-The following diagram shows the AccountManagement configuration service provider in tree format.
-
-![accountmanagement csp](images/provisioning-csp-accountmanagement.png)
+```console
+./Vendor/MSFT
+AccountManagement
+----UserProfileManagement
+--------EnableProfileManager
+--------DeletionPolicy
+--------StorageCapacityStartDeletion
+--------StorageCapacityStopDeletion
+--------ProfileInactivityThreshold
+```
 
 **./Vendor/MSFT/AccountManagement**  
 Root node for the AccountManagement configuration service provider.
@@ -33,7 +41,7 @@ Interior node.
 **UserProfileManagement/EnableProfileManager**  
 Enable profile lifetime management for shared or communal device scenarios. Default value is false.
 
-Supported operations are Add, Get,Replace, and Delete. Value type is bool.
+Supported operations are Add, Get, Replace, and Delete. Value type is bool.
 
 **UserProfileManagement/DeletionPolicy**  
 Configures when profiles will be deleted. Default value is 1.
@@ -44,19 +52,19 @@ Valid values:
 -  1 - delete at storage capacity threshold
 -  2 - delete at both storage capacity threshold and profile inactivity threshold
 
-Supported operations are Add, Get,Replace, and Delete. Value type is integer.
+Supported operations are Add, Get, Replace, and Delete. Value type is integer.
 
 **UserProfileManagement/StorageCapacityStartDeletion**  
 Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first. Default value is 25.
 
-Supported operations are Add, Get,Replace, and Delete. Value type is integer.
+Supported operations are Add, Get, Replace, and Delete. Value type is integer.
 
 **UserProfileManagement/StorageCapacityStopDeletion**  
 Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles. Default value is 50.
 
-Supported operations are Add, Get,Replace, and Delete. Value type is integer.
+Supported operations are Add, Get, Replace, and Delete. Value type is integer.
 
 **UserProfileManagement/ProfileInactivityThreshold**  
-Start deleting profiles when they have not been logged on during the specified period, given as number of days. Default value is 30.
+Start deleting profiles when they haven't been logged on during the specified period, given as number of days. Default value is 30.
 
-Supported operations are Add, Get,Replace, and Delete. Value type is integer.
+Supported operations are Add, Get, Replace, and Delete. Value type is integer.
diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md
index 1269c2797e..badfb5ccd9 100644
--- a/windows/client-management/mdm/accounts-csp.md
+++ b/windows/client-management/mdm/accounts-csp.md
@@ -1,6 +1,6 @@
 ---
 title: Accounts CSP
-description: The Accounts configuration service provider (CSP) is used by the enterprise to rename devices, as well as create local Windows accounts & joint them to a group.
+description: The Accounts configuration service provider (CSP) is used by the enterprise to rename devices, and create local Windows accounts & join them to a group.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
@@ -17,7 +17,7 @@ manager: dansimp
 The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and join it to a local user group. This CSP was added in Windows 10, version 1803.
 
 
-The following shows the Accounts configuration service provider in tree format.
+The following syntax shows the Accounts configuration service provider in tree format.
 
 ```
 ./Device/Vendor/MSFT
@@ -37,7 +37,7 @@ Root node.
 Interior node for the account domain information.
 
 **Domain/ComputerName**  
-This node specifies the DNS hostname for a device. This setting can be managed remotely, but note that this not supported for devices hybrid joined to Azure Active Directory and an on-premises Active directory. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 15 characters.
+This node specifies the DNS hostname for a device. This setting can be managed remotely, but this remote management isn't supported for devices hybrid joined to Azure Active Directory and an on-premises Active directory. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 15 characters.
 
 Available naming macros:
 
@@ -61,9 +61,9 @@ This node specifies the username for a new local user account.  This setting can
 This node specifies the password for a new local user account.  This setting can be managed remotely. 
 
 Supported operation is Add.
-GET operation is not supported.  This setting will report as failed when deployed from the Endpoint Manager.
+GET operation isn't supported.  This setting will report as failed when deployed from the Endpoint Manager.
 
 **Users/_UserName_/LocalUserGroup**  
-This optional node specifies the local user group that a local user account should be joined to.  If the node is not set, the new local user account is joined just to the Standard Users group.  Set the value to 2 for Administrators group. This setting can be managed remotely.
+This optional node specifies the local user group that a local user account should be joined to.  If the node isn't set, the new local user account is joined just to the Standard Users group.  Set the value to 2 for Administrators group. This setting can be managed remotely.
 
 Supported operation is Add.
diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md
index e69eef0c44..307391743a 100644
--- a/windows/client-management/mdm/activesync-csp.md
+++ b/windows/client-management/mdm/activesync-csp.md
@@ -17,7 +17,7 @@ ms.date: 06/26/2017
 
 The ActiveSync configuration service provider is used to set up and change settings for Exchange ActiveSync. After an Exchange account has been updated over-the-air by the ActiveSync configuration service provider, the device must be powered off and then powered back on to see sync status.
 
-Configuring Windows Live ActiveSync accounts through this configuration service provider is not supported.
+Configuring Windows Live ActiveSync accounts through this configuration service provider isn't supported.
 
 > [!NOTE]
 > The target user must be logged in for the CSP to succeed. The correct way to configure an account is to use the ./User/Vendor/MSFT/ActiveSync path.
@@ -28,7 +28,7 @@ The ./Vendor/MSFT/ActiveSync path is deprecated, but will continue to work in th
 
  
 
-The following shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
+The following example shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
 
 ```
 ./Vendor/MSFT
@@ -86,7 +86,7 @@ Defines a specific ActiveSync account. A globally unique identifier (GUID) must
 
 Supported operations are Get, Add, and Delete.
 
-When managing over OMA DM, make sure to always use a unique GUID. Provisioning with an account that has the same GUID as an existing one deletes the existing account and does not create the new account.
+When managing over OMA DM, make sure to always use a unique GUID. Provisioning with an account that has the same GUID as an existing one deletes the existing account and doesn't create the new account.
 
 Braces { } are required around the GUID. In OMA Client Provisioning, you can type the braces. For example:
 
@@ -107,7 +107,7 @@ For OMA DM, you must use the ASCII values of %7B and %7D for the opening and clo
 ***Account GUID*/EmailAddress**  
 Required. A character string that specifies the email address associated with the Exchange ActiveSync account.
 
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
 
 This email address is entered by the user during setup and must be in the fully qualified email address format, for example, "someone@example.com".
 
@@ -119,21 +119,21 @@ Supported operations are Get, Replace, Add, and Delete.
 ***Account GUID*/AccountIcon**  
 Required. A character string that specifies the location of the icon associated with the account.
 
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
 
 The account icon can be used as a tile in the **Start** list or an icon in the applications list under **Settings > email & accounts**. Some icons are already provided on the device. The suggested icon for POP/IMAP or generic ActiveSync accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.genericmail.png. The suggested icon for Exchange Accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.office.outlook.png. Custom icons can be added if desired.
 
 ***Account GUID*/AccountType**  
 Required. A character string that specifies the account type.
 
-Supported operations are Get and Add (cannot Add after the account is created).
+Supported operations are Get and Add (can't Add after the account is created).
 
-This value is entered during setup and cannot be modified once entered. An Exchange account is indicated by the string value "Exchange".
+This value is entered during setup and can't be modified once entered. An Exchange account is indicated by the string value "Exchange".
 
 ***Account GUID*/AccountName**  
 Required. A character string that specifies the name that refers to the account on the device.
 
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
 
 ***Account GUID*/Password**  
 Required. A character string that specifies the password for the account.
@@ -145,14 +145,14 @@ For the Get command, only asterisks are returned.
 ***Account GUID*/ServerName**  
 Required. A character string that specifies the server name used by the account.
 
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
 
 ***Account GUID*/UserName**  
 Required. A character string that specifies the user name for the account.
 
-Supported operations are Get, and Add (cannot Add after the account is created).
+Supported operations are Get, and Add (can't Add after the account is created).
 
-The user name cannot be changed after a sync has been successfully performed. The user name can be in the fully qualified format "someone@example.com", or just "username", depending on the type of account created. For most Exchange accounts, the user name format is just "username", whereas for Microsoft, Google, Yahoo, and most POP/IMAP accounts, the user name format is "someone@example.com".
+The user name can't be changed after a sync has been successfully performed. The user name can be in the fully qualified format "someone@example.com", or just "username", depending on the type of account created. For most Exchange accounts, the user name format is just "username", whereas for Microsoft, Google, Yahoo, and most POP/IMAP accounts, the user name format is "someone@example.com".
 
 **Options**  
 Node for other parameters.
@@ -163,9 +163,9 @@ Specifies the time window used for syncing calendar items to the device. Value t
 **Options/Logging**  
 Required. A character string that specifies whether diagnostic logging is enabled and at what level. The default is 0 (disabled).
 
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
 
-Valid values are one of the following:
+Valid values are any of the following values:
 
 -   0 (default) - Logging is off.
 
@@ -173,7 +173,7 @@ Valid values are one of the following:
 
 -   2 - Advanced logging is enabled.
 
-Logging is set to off by default. The user might be asked to set this to Basic or Advanced when having a sync issue that customer support is investigating. Setting the logging level to Advanced has more of a performance impact than Basic.
+Logging is set to off by default. The user might be asked to set this logging to Basic or Advanced when having a sync issue that customer support is investigating. Setting the logging level to Advanced has more of a performance impact than Basic.
 
 **Options/MailBodyType**  
 Indicates the email format. Valid values:
@@ -185,19 +185,19 @@ Indicates the email format. Valid values:
 -   4 - MIME
 
 **Options/MailHTMLTruncation**  
-Specifies the size beyond which HTML-formatted email messages are truncated when they are synchronized to the mobile device. The value is specified in KB. A value of -1 disables truncation.
+Specifies the size beyond which HTML-formatted email messages are truncated when they're synchronized to the mobile device. The value is specified in KB. A value of -1 disables truncation.
 
 **Options/MailPlainTextTruncation**  
-This setting specifies the size beyond which text-formatted e-mail messages are truncated when they are synchronized to the mobile phone. The value is specified in KB. A value of -1 disables truncation.
+This setting specifies the size beyond which text-formatted e-mail messages are truncated when they're synchronized to the mobile phone. The value is specified in KB. A value of -1 disables truncation.
 
 **Options/UseSSL**  
 Optional. A character string that specifies whether SSL is used.
 
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
 
 Valid values are:
 
--   0 - SSL is not used.
+-   0 - SSL isn't used.
 
 -   1 (default) - SSL is used.
 
@@ -206,7 +206,7 @@ Required. A character string that specifies the time until the next sync is perf
 
 Supported operations are Get and Replace.
 
-Valid values are one of the following:
+Valid values are any of the following values:
 
 -   -1 (default) - A sync will occur as items are received
 
@@ -223,7 +223,7 @@ Required. A character string that specifies the time window used for syncing ema
 
 Supported operations are Get and Replace.
 
-Valid values are one of the following:
+Valid values are any of the following values:
 
 -   0 – No age filter is used, and all email items are synced to the device.
 
@@ -238,7 +238,7 @@ Valid values are one of the following:
 **Options/ContentTypes/***Content Type GUID*  
 Defines the type of content to be individually enabled/disabled for sync.
 
-The *GUID* values allowed are one of the following:
+The *GUID* values allowed are any of the following values:
 
 -   Email: "{c6d47067-6e92-480e-b0fc-4ba82182fac7}"
 
@@ -251,11 +251,11 @@ The *GUID* values allowed are one of the following:
 **Options/ContentTypes/*Content Type GUID*/Enabled**  
 Required. A character string that specifies whether sync is enabled or disabled for the selected content type. The default is "1" (enabled).
 
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
 
-Valid values are one of the following:
+Valid values are any of the following values:
 
--   0 - Sync for email, contacts, calendar, or tasks is disabled.
+-   0 - Sync for email, contacts, calendar, or tasks are disabled.
 -   1 (default) - Sync is enabled.
 
 **Options/ContentTypes/*Content Type GUID*/Name**  
@@ -265,7 +265,7 @@ Required. A character string that specifies the name of the content type.
 > In Windows 10, this node is currently not working.
 
  
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
 
 When you use Add or Replace inside an atomic block in the SyncML, the CSP returns an error and provisioning fails. When you use Add or Replace outside of the atomic block, the error is ignored and the account is provisioned as expected.
 
diff --git a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
index 34f60116f4..3328f5ca2a 100644
--- a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
+++ b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
@@ -21,19 +21,19 @@ Here's a step-by-step guide to adding an Azure Active Directory tenant, adding a
 
 1. Sign up for Azure AD tenant from [this website](https://account.windowsazure.com/organization) by creating an administrator account for your organization.
 
-   ![sign up for azure ad tenant](images/azure-ad-add-tenant1.png)
+   ![sign up for azure ad tenant.](images/azure-ad-add-tenant1.png)
 
 2. Enter the information for your organization. Select **check availability** to verify that domain name that you selected is available.
 
-   ![sign up for azure ad](images/azure-ad-add-tenant2.png)
+   ![sign up for azure ad.](images/azure-ad-add-tenant2.png)
 
 3. Complete the login and country information. Enter a valid phone number, then select **Send text message** or **Call me**.
 
-   ![create azure account](images/azure-ad-add-tenant3.png)
+   ![create azure account.](images/azure-ad-add-tenant3.png)
 
 4. Enter the code that you receive and then select **Verify code**. After the code is verified and the continue button turns green, select **continue**.
 
-   ![add aad tenant](images/azure-ad-add-tenant3-b.png)
+   ![add aad tenant.](images/azure-ad-add-tenant3-b.png)
 
 5. After you finish creating your Azure account, you can add an Azure AD subscription.
 
@@ -43,23 +43,23 @@ Here's a step-by-step guide to adding an Azure Active Directory tenant, adding a
 
 6. Select **Install software**.
 
-   ![login to office 365](images/azure-ad-add-tenant5.png)
+   ![login to office 365 portal](images/azure-ad-add-tenant5.png)
 
 7. In the Microsoft 365 admin center, select **Purchase Services** from the left navigation.
 
-   ![purchase service option in admin center menu](images/azure-ad-add-tenant6.png)
+   ![purchase service option in admin center menu.](images/azure-ad-add-tenant6.png)
 
 8. On the **Purchase services** page, scroll down until you see **Azure Active Directory Premium**, then select to purchase.
 
-   ![azure active directory option in purchase services page](images/azure-ad-add-tenant7.png)
+   ![azure active directory option in purchase services page.](images/azure-ad-add-tenant7.png)
 
 9. Continue with your purchase.
 
-   ![azure active directory premium payment page](images/azure-ad-add-tenant8.png)
+   ![azure active directory premium payment page.](images/azure-ad-add-tenant8.png)
 
-10. After the purchase is completed, you can log in to your Office 365 Admin Portal and you will see the **Azure AD** option from the Admin drop-down menu along with other services (SharePoint, Exchange, etc....).
+10. After the purchase is completed, you can log on to your Office 365 Admin Portal and you'll see the **Azure AD** option from the Admin drop-down menu along with other services (SharePoint and Exchange).
 
-    ![admin center left navigation menu](images/azure-ad-add-tenant9.png)
+    ![admin center left navigation menu.](images/azure-ad-add-tenant9.png)
 
     When you choose Azure AD, it will take you to the Azure AD portal where you can manage your Azure AD applications.
 
@@ -69,27 +69,27 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent
 
 1.  Sign in to the Microsoft 365 admin center at  using your organization's account.
 
-    ![register azuread](images/azure-ad-add-tenant10.png)
+    ![register in azuread.](images/azure-ad-add-tenant10.png)
 
 2.  On the **Home** page, select on the Admin tools icon.
 
-    ![register azuread](images/azure-ad-add-tenant11.png)
+    ![register in azure-ad.](images/azure-ad-add-tenant11.png)
 
-3.  On the **Admin center** page, hover your mouse over the Admin tools icon on the left and then click **Azure AD**. This will take you to the Azure Active Directory sign-up page and brings up your existing Office 365 organization account information.
+3.  On the **Admin center** page, hover your mouse over the Admin tools icon on the left and then click **Azure AD**. This option will take you to the Azure Active Directory sign-up page and brings up your existing Office 365 organization account information.
 
     ![register azuread](images/azure-ad-add-tenant12.png)
 
 4.  On the **Sign up** page, make sure to enter a valid phone number and then click **Sign up**.
 
-    ![register azuread](images/azure-ad-add-tenant13.png)
+    ![registration in azure-ad](images/azure-ad-add-tenant13.png)
 
 5.  It may take a few minutes to process the request.
 
-    ![register azuread](images/azure-ad-add-tenant14.png)
+    ![registration in azuread.](images/azure-ad-add-tenant14.png)
 
-6.  You will see a welcome page when the process completes.
+6.  You'll see a welcome page when the process completes.
 
-    ![register azuread](images/azure-ad-add-tenant15.png)
+    ![register screen of azuread](images/azure-ad-add-tenant15.png)
 
  
 
diff --git a/windows/client-management/mdm/alljoynmanagement-csp.md b/windows/client-management/mdm/alljoynmanagement-csp.md
index 26bcc2dda6..de7482b72d 100644
--- a/windows/client-management/mdm/alljoynmanagement-csp.md
+++ b/windows/client-management/mdm/alljoynmanagement-csp.md
@@ -24,9 +24,9 @@ This CSP was added in Windows 10, version 1511.
 
  
 
-For the firewall settings, note that PublicProfile and PrivateProfile are mutually exclusive. The Private Profile must be set on the directly on the device itself, and the only supported operation is Get. For PublicProfile, both Add and Get are supported. This CSP is intended to be used in conjunction with the AllJoyn Device System Bridge, and an understanding of the bridge will help when determining when and how to use this CSP. For more information, see [Device System Bridge (DSB) Project](https://go.microsoft.com/fwlink/p/?LinkId=615876) and [AllJoyn Device System Bridge](https://go.microsoft.com/fwlink/p/?LinkId=615877).
+For the firewall settings, note that PublicProfile and PrivateProfile are mutually exclusive. The Private Profile must be set on the directly on the device itself, and the only supported operation is Get. For PublicProfile, both Add and Get are supported. This CSP is intended to be used in conjunction with the AllJoyn Device System Bridge, and an understanding of the bridge will help when determining when and how to use this CSP. For more information, see [Device System Bridge (DSB)](https://wikipedia.org/wiki/AllJoyn). For more information, see [AllJoyn - Wikipedia](https://wikipedia.org/wiki/AllJoyn).
 
-The following shows the AllJoynManagement configuration service provider in tree format
+The following example shows the AllJoynManagement configuration service provider in tree format
 
 ```
 ./Vendor/MSFT
@@ -70,10 +70,10 @@ List of all AllJoyn objects that are discovered on the AllJoyn bus. All AllJoyn
 The unique AllJoyn device ID (a GUID) that hosts one or more configurable objects.
 
 **Services/*Node name*/Port**
-The set of ports that the AllJoyn object uses to communicate configuration settings. Typically only one port is used for communication, but it is possible to specify additional ports.
+The set of ports that the AllJoyn object uses to communicate configuration settings. Typically only one port is used for communication, but it's possible to specify more ports.
 
 **Services/*Node name*/Port/***Node name*
-Port number used for communication. This is specified by the configurable AllJoyn object and reflected here.
+Port number used for communication. This value is specified by the configurable AllJoyn object and reflected here.
 
 **Services/*Node name*/Port/*Node name*/CfgObject**
 The set of configurable interfaces that are available on the port of the AllJoyn object.
@@ -89,7 +89,7 @@ This is the credential store. An administrator can set credentials for each AllJ
 When a SyncML request arrives in the CSP to replace or query a configuration item on an AllJoyn object that requires authentication, then the CSP uses the credentials stored here during the authentication phase.
 
 **Credentials/***Node name*
-This is the same service ID specified in \\AllJoynManagement\\Services\\ServiceID URI. It is typically implemented as a GUID.
+This is the same service ID specified in \\AllJoynManagement\\Services\\ServiceID URI. It's typically implemented as a GUID.
 
 **Credentials/*Node name*/Key**
 An alphanumeric key value that conforms to the AllJoyn SRP KEYX authentication standard.
@@ -128,7 +128,7 @@ SyncML xmlns="SYNCML:SYNCML1.2">
 
 ```
 
-You should replace \_ALLJOYN\_DEVICE\_ID\_ with an actual device ID. Note that the data is base-64 encoded representation of the configuration file that you are setting.
+You should replace \_ALLJOYN\_DEVICE\_ID\_ with an actual device ID. The data is base-64 encoded representation of the configuration file that you're setting.
 
 Get PIN data
 
diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
index f6d3ef7a2f..5c44ba2dc1 100644
--- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md
+++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: ManikaDhiman
+author: dansimp
 ms.date: 07/10/2019
 ---
 
diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md
index 4a4b41b531..d18a0ebd70 100644
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@@ -6,17 +6,17 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: ManikaDhiman
+author: dansimp
 ms.reviewer: jsuther1974
 ms.date: 09/10/2020
 ---
 
 # ApplicationControl CSP
 
-Windows Defender Application Control (WDAC) policies can be managed from an MDM server or locally using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot.
+Windows Defender Application Control (WDAC) policies can be managed from an MDM server or locally using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and hence doesn't schedule a reboot.
 Existing WDAC policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
 
-The following shows the ApplicationControl CSP in tree format.
+The following example shows the ApplicationControl CSP in tree format.
 
 ```
 ./Vendor/MSFT
@@ -80,14 +80,14 @@ Scope is dynamic. Supported operation is Get.
 Value type is char.
 
 **ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective**  
-This node specifies whether a policy is actually loaded by the enforcement engine and is in effect on a system.
+This node specifies whether a policy is loaded by the enforcement engine and is in effect on a system.
 
 Scope is dynamic. Supported operation is Get.
 
 Value type is bool. Supported values are as follows:
 
-- True — Indicates that the policy is actually loaded by the enforcement engine and is in effect on a system.
-- False — Indicates that the policy is not loaded by the enforcement engine and is not in effect on a system. This is the default.
+- True—Indicates that the policy is loaded by the enforcement engine and is in effect on a system.
+- False—Indicates that the policy isn't loaded by the enforcement engine and isn't in effect on a system. This value is the default value.
 
 **ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed**  
 This node specifies whether a policy is deployed on the system and is present on the physical machine.
@@ -96,18 +96,18 @@ Scope is dynamic. Supported operation is Get.
 
 Value type is bool. Supported values are as follows:
 
-- True — Indicates that the policy is deployed on the system and is present on the physical machine.
-- False — Indicates that the policy is not deployed on the system and is not present on the physical machine. This is the default.
+- True—Indicates that the policy is deployed on the system and is present on the physical machine.
+- False—Indicates that the policy isn't deployed on the system and isn't present on the physical machine. This value is the default value.
 
 **ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized**  
-This node specifies whether the policy is authorized to be loaded by the enforcement engine on the system. If not authorized, a policy cannot take effect on the system.
+This node specifies whether the policy is authorized to be loaded by the enforcement engine on the system. If not authorized, a policy can't take effect on the system.
 
 Scope is dynamic. Supported operation is Get.
 
 Value type is bool. Supported values are as follows:
 
-- True — Indicates that the policy is authorized to be loaded by the enforcement engine on the system.
-- False — Indicates that the policy is not authorized to be loaded by the enforcement engine on the system. This is the default.
+- True—Indicates that the policy is authorized to be loaded by the enforcement engine on the system.
+- False—Indicates that the policy isn't authorized to be loaded by the enforcement engine on the system. This value is the default value.
 
 The following table provides the result of this policy based on different values of IsAuthorized, IsDeployed, and IsEffective nodes:
 
@@ -144,7 +144,7 @@ For customers using Intune standalone or hybrid management with Configuration Ma
 
 ## Generic MDM Server Usage Guidance
 
-In order to leverage the ApplicationControl CSP without using Intune, you must:
+In order to use the ApplicationControl CSP without using Intune, you must:
 
 1. Know a generated policy's GUID, which can be found in the policy xml as `` or `` for pre-1903 systems.
 2. Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
@@ -171,7 +171,7 @@ To deploy base policy and supplemental policies:
 1. Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy.
 2. Repeat for each base or supplemental policy (with its own GUID and data).
 
-The following example shows the deployment of two base policies and a supplemental policy (which already specifies the base policy it supplements and does not need that reflected in the ADD).
+The following example shows the deployment of two base policies and a supplemental policy (which already specifies the base policy it supplements and doesn't need that reflected in the ADD).
 
 #### Example 1: Add first base policy
 
@@ -240,7 +240,7 @@ The following table displays the result of Get operation on different nodes:
 |./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status|Was the deployment successful|
 |./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName|Friendly name per the policy|
 
-The following is an example of Get command:
+An example of Get command is:
 
 ```xml
  
@@ -257,7 +257,7 @@ The following is an example of Get command:
 
 #### Rebootless Deletion
 
-Upon deletion, policies deployed via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to functionally do a rebootless delete, first replace the existing policy with an Allow All policy (found at C:\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml) and then delete the updated policy. This will immediately prevent anything from being blocked and fully deactive the policy on the next reboot.
+Upon deletion, policies deployed via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to functionally do a rebootless delete, first replace the existing policy with an Allow All policy (found at C:\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml) and then delete the updated policy. This sequence will immediately prevent anything from being blocked and fully deactive the policy on the next reboot.
 
 #### Unsigned Policies
 
@@ -266,7 +266,7 @@ To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationCon
 #### Signed Policies
 
 > [!NOTE]
-> A signed policy by default can only be replaced by another signed policy. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy.
+> A signed policy by default can only be replaced by another signed policy. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** isn't sufficient to delete a signed policy.
 
 To delete a signed policy:
 
@@ -274,7 +274,7 @@ To delete a signed policy:
 2. Deploy another update with unsigned Allow All policy.
 3. Perform delete.
 
-The following is an example of Delete command:
+An example of Delete command is:
 
 ```xml
    
@@ -289,7 +289,7 @@ The following is an example of Delete command:
 
 ## PowerShell and WMI Bridge Usage Guidance
 
-The ApplicationControl CSP can also be managed locally from PowerShell or via Microsoft Endpoint Manager Configuration Manager's (MEMCM, formerly known as SCCM) task sequence scripting by leveraging the [WMI Bridge Provider](./using-powershell-scripting-with-the-wmi-bridge-provider.md).
+The ApplicationControl CSP can also be managed locally from PowerShell or via Microsoft Endpoint Manager Configuration Manager's (MEMCM, formerly known as SCCM) task sequence scripting by using the [WMI Bridge Provider](./using-powershell-scripting-with-the-wmi-bridge-provider.md).
 
 ### Setup for using the WMI Bridge
 
@@ -305,7 +305,7 @@ The ApplicationControl CSP can also be managed locally from PowerShell or via Mi
 
 ### Deploying a policy via WMI Bridge
 
-Run the following command. PolicyID is a GUID which can be found in the policy xml, and should be used here without braces.
+Run the following command. PolicyID is a GUID that can be found in the policy xml, and should be used here without braces.
 
 ```powershell
 New-CimInstance -Namespace $namespace -ClassName $policyClassName -Property @{ParentID="./Vendor/MSFT/ApplicationControl/Policies";InstanceID="";Policy=$policyBase64}
diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index 68f4b045a0..4d6a2a787f 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -15,10 +15,11 @@ ms.date: 11/19/2019
 # AppLocker CSP
 
 
-The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. There is no user interface shown for apps that are blocked.
+The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. There's no user interface shown for apps that are blocked.
 
-The following shows the AppLocker configuration service provider in tree format.
-```
+The following example shows the AppLocker configuration service provider in tree format.
+
+```console
 ./Vendor/MSFT
 AppLocker
 ----ApplicationLaunchRestrictions
@@ -74,7 +75,7 @@ Defines restrictions for applications.
 > [!NOTE]
 > When you create a list of allowed apps, all [inbox apps](#inboxappsandcomponents) are also blocked, and you must include them in your list of allowed apps. Don't forget to add the inbox apps for Phone, Messaging, Settings, Start, Email and accounts, Work and school, and other apps that you need.
 
-> Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. To prevent this problem, the Grouping value should include some randomness. The best practice is to use a randomly generated GUID. However, there is no requirement on the exact value of the node.
+> Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. To prevent this problem, the Grouping value should include some randomness. The best practice is to use a randomly generated GUID. However, there's no requirement on the exact value of the node.
 
 > [!NOTE]
 > The AppLocker CSP will schedule a reboot when a policy is applied or a deletion occurs using the AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/Policy URI.
@@ -82,7 +83,7 @@ Defines restrictions for applications.
 Additional information:
 
 **AppLocker/ApplicationLaunchRestrictions/_Grouping_**  
-Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define.
+Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it's to determine what their purpose is, and to not conflict with other identifiers that they define.
 Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.
 
 Supported operations are Get, Add, Delete, and Replace.
@@ -100,7 +101,7 @@ Data type is string.
 Supported operations are Get, Add, Delete, and Replace.
 
 **AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/EnforcementMode**  
-The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
 
 The data type is a string. 
 
@@ -124,7 +125,7 @@ Data type is string.
 Supported operations are Get, Add, Delete, and Replace.
 
 **AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/EnforcementMode**  
-The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
 
 The data type is a string. 
 
@@ -143,7 +144,7 @@ Data type is string.
 Supported operations are Get, Add, Delete, and Replace.
 
 **AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/EnforcementMode**  
-The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
 
 The data type is a string.
 
@@ -162,7 +163,7 @@ Data type is string.
 Supported operations are Get, Add, Delete, and Replace.
 
 **AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/EnforcementMode**  
-The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
 
 The data type is a string.
 
@@ -181,7 +182,7 @@ Data type is string.
 Supported operations are Get, Add, Delete, and Replace.
 
 **AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/EnforcementMode**  
-The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
 
 The data type is a string.
 
@@ -210,7 +211,7 @@ Supported operations are Get, Add, Delete, and Replace.
 **AppLocker/EnterpriseDataProtection**  
 Captures the list of apps that are allowed to handle enterprise data. Should be used in conjunction with the settings in **./Device/Vendor/MSFT/EnterpriseDataProtection** in [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md).
 
-In Windows 10, version 1607 the Windows Information Protection has a concept for allowed and exempt applications. Allowed applications can access enterprise data and the data handled by those applications are protected with encryption. Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data.
+In Windows 10, version 1607 the Windows Information Protection has a concept for allowed and exempt applications. Allowed applications can access enterprise data and the data handled by those applications are protected with encryption. Exempt applications can also access enterprise data, but the data handled by those applications aren't protected. This is because some critical enterprise applications may have compatibility problems with encrypted data.
 
 You can set the allowed list using the following URI:
 - ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/_Grouping_/EXE/Policy
@@ -226,10 +227,10 @@ Exempt examples:
 
 Additional information:
 
-- [Recommended deny list for Windows Information Protection](#recommended-deny-list-for-windows-information-protection) - example for Windows 10, version 1607 that denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.
+- [Recommended blocklist for Windows Information Protection](#recommended-blocklist-for-windows-information-protection) - example for Windows 10, version 1607 that denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. This prevention ensures an administrator doesn't accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.
 
 **AppLocker/EnterpriseDataProtection/_Grouping_**  
-Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define.
+Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it's to determine what their purpose is, and to not conflict with other identifiers that they define.
 Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.
 
 Supported operations are Get, Add, Delete, and Replace.
@@ -258,56 +259,31 @@ Data type is string.
 
 Supported operations are Get, Add, Delete, and Replace.
 
-6.  On your phone under **Device discovery**, tap **Pair**. You will get a code (case sensitive).
-7.  On the browser on the **Set up access page**, enter the code (case sensitive) into the text box and click **Submit**.
+1.  On your phone under **Device discovery**, tap **Pair**. You'll get a code (case sensitive).
+2.  On the browser on the **Set up access page**, enter the code (case sensitive) into the text box and click **Submit**.
 
     The **Device Portal** page opens on your browser.
 
-    ![device portal screenshot](images/applocker-screenshot1.png)
+    ![device portal screenshot.](images/applocker-screenshot1.png)
 
-8.  On the desktop **Device Portal** page, click **Apps** to open the **App Manager**.
-9.  On the **App Manager** page under **Running apps**, you will see the **Publisher** and **PackageFullName** of apps.
+3.  On the desktop **Device Portal** page, click **Apps** to open the **App Manager**.
+4.  On the **App Manager** page under **Running apps**, you'll see the **Publisher** and **PackageFullName** of apps.
 
-    ![device portal app manager](images/applocker-screenshot3.png)
+    ![device portal app manager.](images/applocker-screenshot3.png)
 
-10. If you do not see the app that you want, look under **Installed apps**. Using the drop- down menu, click on the application and you get the Version, Publisher, and PackageFullName displayed.
+5. If you don't see the app that you want, look under **Installed apps**. Using the drop- down menu, click on the application and you get the Version, Publisher, and PackageFullName displayed.
 
-    ![app manager](images/applocker-screenshot2.png)
+    ![app manager.](images/applocker-screenshot2.png)
 
 The following table shows the mapping of information to the AppLocker publisher rule field.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Device portal dataAppLocker publisher rule field
                    PackageFullName
                    ProductName
                    
-
                    The product name is first part of the PackageFullName followed by the version number. In the Windows Camera example, the ProductName is Microsoft.WindowsCamera.
                    Publisher
                    Publisher
                    Version
                    Version
                    
-
                    This can be used either in the HighSection or LowSection of the BinaryVersionRange.
                    
-
                    HighSection defines the highest version number and LowSection defines the lowest version number that should be trusted. You can use a wildcard for both versions to make a version- independent rule. Using a wildcard for one of the values will provide higher than or lower than a specific version semantics.
                    
+|Device portal data|AppLocker publisher rule field|
+|--- |--- |
+|PackageFullName|ProductName

                     The product name is first part of the PackageFullName followed by the version number. In the Windows Camera example, the ProductName is Microsoft.WindowsCamera.|
+|Publisher|Publisher|
+|Version|Version
                     
                    The version can be used either in the HighSection or LowSection of the BinaryVersionRange.
                     
                    HighSection defines the highest version number and LowSection defines the lowest version number that should be trusted. You can use a wildcard for both versions to make a version- independent rule. Using a wildcard for one of the values will provide higher than or lower than a specific version semantics.|
 
-
-Here is an example AppLocker publisher rule:
+Here's an example AppLocker publisher rule:
 
 ```xml
 
@@ -325,23 +301,13 @@ You can get the publisher name and product name of apps using a web API.
 
 3.  In your browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values.
 
-    
-    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
                    


                    Request URI
                    https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/{app ID}/applockerdata
                    
+Request URI:
 
-Here is the example for Microsoft OneNote:
+```http
+https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/{app ID}/applockerdata
+```
+
+Here's the example for Microsoft OneNote:
 
 Request
 
@@ -360,41 +326,17 @@ Result
 }
 ```
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Result dataAppLocker publisher rule field
                    packageIdentityName
                    ProductName
                    publisherCertificateName
                    Publisher
                    windowsPhoneLegacyId
                    Same value maps to the ProductName and Publisher name
                    
-
                    This value will only be present if there is a XAP package associated with the app in the Store.
                    
-
                    If this value is populated then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. One rule for AppX using the packageIdentityName and publisherCertificateName value and another one using the windowsPhoneLegacyId value.
                    
-
+|Result data|AppLocker publisher rule field|
+|--- |--- |
+|packageIdentityName|ProductName|
+|publisherCertificateName|Publisher|
+|windowsPhoneLegacyId|Same value maps to the ProductName and Publisher name. 
                     
                     This value will only be present if there's a XAP package associated with the app in the Store. 
                     
                    If this value is populated, then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. One rule for AppX using the packageIdentityName and publisherCertificateName value and another one using the windowsPhoneLegacyId value.|
 
 
 ## Settings apps that rely on splash apps
 
 
-These apps are blocked unless they are explicitly added to the list of allowed apps. The following table shows the subset of Settings apps that rely on splash apps.
+These apps are blocked unless they're explicitly added to the list of allowed apps. The following table shows the subset of Settings apps that rely on splash apps.
 
 The product name is first part of the PackageFullName followed by the version number.
 
@@ -428,466 +370,98 @@ The following list shows the apps that may be included in the inbox.
 
 
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    AppProduct IDProduct name
                    3D Viewerf41647c9-d567-4378-b2ab-7924e5a152f3Microsoft.Microsoft3DViewer 
                    (Added in Windows 10, version 1703)
                    Advanced infob6e3e590-9fa5-40c0-86ac-ef475de98e88b6e3e590-9fa5-40c0-86ac-ef475de98e88
                    Age out worker09296e27-c9f3-4ab9-aa76-ecc4497d94bb
                    Alarms and clock44f7d2b4-553d-4bec-a8b7-634ce897ed5fMicrosoft.WindowsAlarms
                    App downloads20bf77a0-19c7-4daa-8db5-bc3dfdfa44ac
                    Assigned access lock appb84f4722-313e-4f85-8f41-cf5417c9c5cb
                    Bing lock images5f28c179-2780-41df-b966-27807b8de02c
                    Block and filter59553c14-5701-49a2-9909-264d034deb3d
                    Broker plug-in (same as Work or school account)Microsoft.AAD.BrokerPlugin
                    Calculatorb58171c6-c70c-4266-a2e8-8f9c994f4456Microsoft.WindowsCalculator
                    Cameraf0d8fefd-31cd-43a1-a45a-d0276db069f1Microsoft.WindowsCamera
                    CertInstaller4c4ad968-7100-49de-8cd1-402e198d869e
                    Color profileb08997ca-60ab-4dce-b088-f92e9c7994f3
                    Connectaf7d2801-56c0-4eb1-824b-dd91cdf7ece5Microsoft.DevicesFlow
                    Contact Support0db5fcff-4544-458a-b320-e352dfd9ca2bWindows.ContactSupport
                    Cortanafd68dcf4-166f-4c55-a4ca-348020f71b94Microsoft.Windows.Cortana
                    Cortana Listen UICortanaListenUI
                    Credentials Dialog HostMicrosoft.CredDialogHost
                    Device Portal PIN UXholopairingapp
                    Email and accounts39cf127b-8c67-c149-539a-c02271d07060Microsoft.AccountsControl
                    Enterprise installs appda52fa01-ac0f-479d-957f-bfe4595941cb
                    Equalizer373cb76e-7f6c-45aa-8633-b00e85c73261
                    Excelead3e7c0-fae6-4603-8699-6a448138f4dcMicrosoft.Office.Excel
                    Facebook82a23635-5bd9-df11-a844-00237de2db9eMicrosoft.MSFacebook
                    Field Medic73c58570-d5a7-46f8-b1b2-2a90024fc29c
                    File Explorerc5e2524a-ea46-4f67-841f-6a9465d9d515c5e2524a-ea46-4f67-841f-6a9465d9d515
                    FM Radiof725010e-455d-4c09-ac48-bcdef0d4b626f725010e-455d-4c09-ac48-bcdef0d4b626
                    Get Startedb3726308-3d74-4a14-a84c-867c8c735c3cMicrosoft.Getstarted
                    Glance106e0a97-8b19-42cf-8879-a8ed2598fcbb
                    Groove Musicd2b6a184-da39-4c9a-9e0a-8b589b03dec0Microsoft.ZuneMusic
                    Hands-Free Activationdf6c9621-e873-4e86-bb56-93e9f21b1d6f
                    Hands-Free Activation72803bd5-4f36-41a4-a349-e83e027c4722
                    HAP update background worker73c73cdd-4dea-462c-bd83-fa983056a4ef
                    Holographic ShellHoloShell
                    Lumia motion data8fc25fd2-4e2e-4873-be44-20e57f6ec52b
                    Mapsed27a07e-af57-416b-bc0c-2596b622ef7dMicrosoft.WindowsMaps
                    Messaging27e26f40-e031-48a6-b130-d1f20388991aMicrosoft.Messaging
                    Microsoft account3a4fae89-7b7e-44b4-867b-f7e2772b8253Microsoft.CloudExperienceHost
                    Microsoft Edge395589fb-5884-4709-b9df-f7d558663ffdMicrosoft.MicrosoftEdge
                    Microsoft FrameworksProductID = 00000000-0000-0000-0000-000000000000
-
                    PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
                    Migration UIMigrationUIApp
                    MiracastView906beeda-b7e6-4ddc-ba8d-ad5031223ef9906beeda-b7e6-4ddc-ba8d-ad5031223ef9
                    Mixed Reality PortalMicrosoft.Windows.HolographicFirstRun
                    Money1e0440f1-7abf-4b9a-863d-177970eefb5eMicrosoft.BingFinance
                    Movies and TV6affe59e-0467-4701-851f-7ac026e21665Microsoft.ZuneVideo
                    Music downloads3da8a0c1-f7e5-47c0-a680-be8fd013f747
                    Navigation bar2cd23676-8f68-4d07-8dd2-e693d4b01279
                    Network services62f172d1-f552-4749-871c-2afd1c95c245
                    News9c3e8cad-6702-4842-8f61-b8b33cc9caf1Microsoft.BingNews
                    OneDrivead543082-80ec-45bb-aa02-ffe7f4182ba8Microsoft.MicrosoftSkydrive
                    OneNoteca05b3ab-f157-450c-8c49-a1f127f5e71dMicrosoft.Office.OneNote
                    Outlook Calendar and Maila558feba-85d7-4665-b5d8-a2ff9c19799bMicrosoft.WindowsCommunicationsApps
                    People60be1fb8-3291-4b21-bd39-2221ab166481Microsoft.People
                    Phone5b04b775-356b-4aa0-aaf8-6491ffea56115b04b775-356b-4aa0-aaf8-6491ffea5611
                    Phone (dialer)f41b5d0e-ee94-4f47-9cfe-3d3934c5a2c7Microsoft.CommsPhone
                    Phone reset dialog2864278d-09b5-46f7-b502-1c24139ecbdd
                    Photosfca55e1b-b9a4-4289-882f-084ef4145005Microsoft.Windows.Photos
                    Podcastsc3215724-b279-4206-8c3e-61d1a9d63ed3Microsoft.MSPodcast
                    Podcast downloads063773e7-f26f-4a92-81f0-aa71a1161e30
                    PowerPointb50483c4-8046-4e1b-81ba-590b24935798Microsoft.Office.PowerPoint
                    PrintDialog0d32eeb1-32f0-40da-8558-cea6fcbec4a4Microsoft.PrintDialog
                    Purchase dialogc60e79ca-063b-4e5d-9177-1309357b2c3f
                    Rate your deviceaec3bfad-e38c-4994-9c32-50bd030730ec
                    RingtoneApp.WindowsPhone3e962450-486b-406b-abb5-d38b4ee7e6feMicrosoft.Tonepicker
                    Save ringtoned8cf8ec7-ec6d-4892-aab9-1e3a4b5fa24b
                    Settings2a4e62d8-8809-4787-89f8-69d0f01654fb2a4e62d8-8809-4787-89f8-69d0f01654fb
                    SettingsSystemSettings
                    Setup wizard07d87655-e4f0-474b-895a-773790ad4a32
                    Sharingb0894dfd-4671-4bb9-bc17-a8b39947ffb6
                    Sign in for Windows 10 HolographicWebAuthBridgeInternetSso, WebAuthBridgeInternet, WebAuthBridgeIntranetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternet, WebAuthBrokerIntranetSso, SignIn
                    Skypec3f8e570-68b3-4d6a-bdbb-c0a3f4360a51Microsoft.SkypeApp
                    Skype Video27e26f40-e031-48a6-b130-d1f20388991aMicrosoft.Messaging
                    Sports0f4c8c7e-7114-4e1e-a84c-50664db13b17Microsoft.BingSports
                    SSMHoste232aa77-2b6d-442c-b0c3-f3bb9788af2a
                    Start5b04b775-356b-4aa0-aaf8-6491ffea56025b04b775-356b-4aa0-aaf8-6491ffea5602
                    Storage5b04b775-356b-4aa0-aaf8-6491ffea564d5b04b775-356b-4aa0-aaf8-6491ffea564d
                    Store7d47d89a-7900-47c5-93f2-46eb6d94c159Microsoft.WindowsStore
                    Touch (gestures and touch)bbc57c87-46af-4c2c-824e-ac8104cceb38
                    Voice recorder7311b9c5-a4e9-4c74-bc3c-55b06ba95ad0Microsoft.WindowsSoundRecorder
                    Wallet587a4577-7868-4745-a29e-f996203f1462Microsoft.MicrosoftWallet
                    Wallet12ae577e-f8d1-4197-a207-4d24c309ff8fMicrosoft.Wallet
                    Weather63c2a117-8604-44e7-8cef-df10be3a57c8Microsoft.BingWeather
                    Windows default lock screencdd63e31-9307-4ccb-ab62-1ffa5721b503
                    Windows Feedback7604089d-d13f-4a2d-9998-33fc02b63ce3Microsoft.WindowsFeedback
                    Word258f115c-48f4-4adb-9a68-1387e634459bMicrosoft.Office.Word
                    Work or school accounte5f8b2c4-75ae-45ee-9be8-212e34f77747Microsoft.AAD.BrokerPlugin
                    Xboxb806836f-eebe-41c9-8669-19e243b81b83Microsoft.XboxApp
                    Xbox identity providerba88225b-059a-45a2-a8eb-d3580283e49dMicrosoft.XboxIdentityProvider
                    
+|App|Product ID|Product name|
+|--- |--- |--- |
+|3D Viewer|f41647c9-d567-4378-b2ab-7924e5a152f3|Microsoft.Microsoft3DViewer (Added in Windows 10, version 1703)|
+|Advanced info|b6e3e590-9fa5-40c0-86ac-ef475de98e88|b6e3e590-9fa5-40c0-86ac-ef475de98e88|
+|Age out worker|09296e27-c9f3-4ab9-aa76-ecc4497d94bb||
+|Alarms and clock|44f7d2b4-553d-4bec-a8b7-634ce897ed5f|Microsoft.WindowsAlarms|
+|App downloads|20bf77a0-19c7-4daa-8db5-bc3dfdfa44ac||
+|Assigned access lock app|b84f4722-313e-4f85-8f41-cf5417c9c5cb||
+|Bing lock images|5f28c179-2780-41df-b966-27807b8de02c||
+|Block and filter|59553c14-5701-49a2-9909-264d034deb3d||
+|Broker plug-in (same as Work or school account)||Microsoft.AAD.BrokerPlugin|
+|Calculator|b58171c6-c70c-4266-a2e8-8f9c994f4456|Microsoft.WindowsCalculator|
+|Camera|f0d8fefd-31cd-43a1-a45a-d0276db069f1|Microsoft.WindowsCamera|
+|CertInstaller|4c4ad968-7100-49de-8cd1-402e198d869e||
+|Color profile|b08997ca-60ab-4dce-b088-f92e9c7994f3||
+|Connect|af7d2801-56c0-4eb1-824b-dd91cdf7ece5|Microsoft.DevicesFlow|
+|Contact Support|0db5fcff-4544-458a-b320-e352dfd9ca2b|Windows.ContactSupport|
+|Cortana|fd68dcf4-166f-4c55-a4ca-348020f71b94|Microsoft.Windows.Cortana|
+|Cortana Listen UI||CortanaListenUI|
+|Credentials Dialog Host||Microsoft.CredDialogHost|
+|Device Portal PIN UX||holopairingapp|
+|Email and accounts|39cf127b-8c67-c149-539a-c02271d07060|Microsoft.AccountsControl|
+|Enterprise installs app|da52fa01-ac0f-479d-957f-bfe4595941cb||
+|Equalizer|373cb76e-7f6c-45aa-8633-b00e85c73261||
+|Excel|ead3e7c0-fae6-4603-8699-6a448138f4dc|Microsoft.Office.Excel|
+|Facebook|82a23635-5bd9-df11-a844-00237de2db9e|Microsoft.MSFacebook|
+|Field Medic|73c58570-d5a7-46f8-b1b2-2a90024fc29c||
+|File Explorer|c5e2524a-ea46-4f67-841f-6a9465d9d515|c5e2524a-ea46-4f67-841f-6a9465d9d515|
+|FM Radio|f725010e-455d-4c09-ac48-bcdef0d4b626|f725010e-455d-4c09-ac48-bcdef0d4b626|
+|Get Started|b3726308-3d74-4a14-a84c-867c8c735c3c|Microsoft.Getstarted|
+|Glance|106e0a97-8b19-42cf-8879-a8ed2598fcbb||
+|Groove Music|d2b6a184-da39-4c9a-9e0a-8b589b03dec0|Microsoft.ZuneMusic|
+|Hands-Free Activation|df6c9621-e873-4e86-bb56-93e9f21b1d6f||
+|Hands-Free Activation|72803bd5-4f36-41a4-a349-e83e027c4722||
+|HAP update background worker|73c73cdd-4dea-462c-bd83-fa983056a4ef||
+|Holographic Shell||HoloShell|
+|Lumia motion data|8fc25fd2-4e2e-4873-be44-20e57f6ec52b||
+|Maps|ed27a07e-af57-416b-bc0c-2596b622ef7d|Microsoft.WindowsMaps|
+|Messaging|27e26f40-e031-48a6-b130-d1f20388991a|Microsoft.Messaging|
+|Microsoft account|3a4fae89-7b7e-44b4-867b-f7e2772b8253|Microsoft.CloudExperienceHost|
+|Microsoft Edge|395589fb-5884-4709-b9df-f7d558663ffd|Microsoft.MicrosoftEdge|
+|Microsoft Frameworks|ProductID = 00000000-0000-0000-0000-000000000000 PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"||
+|Migration UI||MigrationUIApp|
+|MiracastView|906beeda-b7e6-4ddc-ba8d-ad5031223ef9|906beeda-b7e6-4ddc-ba8d-ad5031223ef9|
+|Mixed Reality Portal||Microsoft.Windows.HolographicFirstRun|
+|Money|1e0440f1-7abf-4b9a-863d-177970eefb5e|Microsoft.BingFinance|
+|Movies and TV|6affe59e-0467-4701-851f-7ac026e21665|Microsoft.ZuneVideo|
+|Music downloads|3da8a0c1-f7e5-47c0-a680-be8fd013f747||
+|Navigation bar|2cd23676-8f68-4d07-8dd2-e693d4b01279||
+|Network services|62f172d1-f552-4749-871c-2afd1c95c245||
+|News|9c3e8cad-6702-4842-8f61-b8b33cc9caf1|Microsoft.BingNews|
+|OneDrive|ad543082-80ec-45bb-aa02-ffe7f4182ba8|Microsoft.MicrosoftSkydrive|
+|OneNote|ca05b3ab-f157-450c-8c49-a1f127f5e71d|Microsoft.Office.OneNote|
+|Outlook Calendar and Mail|a558feba-85d7-4665-b5d8-a2ff9c19799b|Microsoft.WindowsCommunicationsApps|
+|People|60be1fb8-3291-4b21-bd39-2221ab166481|Microsoft.People|
+|Phone|5b04b775-356b-4aa0-aaf8-6491ffea5611|5b04b775-356b-4aa0-aaf8-6491ffea5611|
+|Phone (dialer)|f41b5d0e-ee94-4f47-9cfe-3d3934c5a2c7|Microsoft.CommsPhone|
+|Phone reset dialog|2864278d-09b5-46f7-b502-1c24139ecbdd||
+|Photos|fca55e1b-b9a4-4289-882f-084ef4145005|Microsoft.Windows.Photos|
+|Podcasts|c3215724-b279-4206-8c3e-61d1a9d63ed3|Microsoft.MSPodcast|
+|Podcast downloads|063773e7-f26f-4a92-81f0-aa71a1161e30||
+|PowerPoint|b50483c4-8046-4e1b-81ba-590b24935798|Microsoft.Office.PowerPoint|
+|PrintDialog|0d32eeb1-32f0-40da-8558-cea6fcbec4a4|Microsoft.PrintDialog|
+|Purchase dialog|c60e79ca-063b-4e5d-9177-1309357b2c3f||
+|Rate your device|aec3bfad-e38c-4994-9c32-50bd030730ec||
+|RingtoneApp.WindowsPhone|3e962450-486b-406b-abb5-d38b4ee7e6fe|Microsoft.Tonepicker|
+|Save ringtone|d8cf8ec7-ec6d-4892-aab9-1e3a4b5fa24b||
+|Settings|2a4e62d8-8809-4787-89f8-69d0f01654fb|2a4e62d8-8809-4787-89f8-69d0f01654fb|
+|Settings||SystemSettings|
+|Setup wizard|07d87655-e4f0-474b-895a-773790ad4a32||
+|Sharing|b0894dfd-4671-4bb9-bc17-a8b39947ffb6||
+|Sign in for Windows 10 Holographic||WebAuthBridgeInternetSso, WebAuthBridgeInternet, WebAuthBridgeIntranetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternet, WebAuthBrokerIntranetSso, SignIn|
+|Skype|c3f8e570-68b3-4d6a-bdbb-c0a3f4360a51|Microsoft.SkypeApp|
+|Skype Video|27e26f40-e031-48a6-b130-d1f20388991a|Microsoft.Messaging|
+|Sports|0f4c8c7e-7114-4e1e-a84c-50664db13b17|Microsoft.BingSports|
+|SSMHost|e232aa77-2b6d-442c-b0c3-f3bb9788af2a||
+|Start|5b04b775-356b-4aa0-aaf8-6491ffea5602|5b04b775-356b-4aa0-aaf8-6491ffea5602|
+|Storage|5b04b775-356b-4aa0-aaf8-6491ffea564d|5b04b775-356b-4aa0-aaf8-6491ffea564d|
+|Store|7d47d89a-7900-47c5-93f2-46eb6d94c159|Microsoft.WindowsStore|
+|Touch (gestures and touch)|bbc57c87-46af-4c2c-824e-ac8104cceb38||
+|Voice recorder|7311b9c5-a4e9-4c74-bc3c-55b06ba95ad0|Microsoft.WindowsSoundRecorder|
+|Wallet|587a4577-7868-4745-a29e-f996203f1462|Microsoft.MicrosoftWallet|
+|Wallet|12ae577e-f8d1-4197-a207-4d24c309ff8f|Microsoft.Wallet|
+|Weather|63c2a117-8604-44e7-8cef-df10be3a57c8|Microsoft.BingWeather|
+|Windows default lock screen|cdd63e31-9307-4ccb-ab62-1ffa5721b503||
+|Windows Feedback|7604089d-d13f-4a2d-9998-33fc02b63ce3|Microsoft.WindowsFeedback|
+|Word|258f115c-48f4-4adb-9a68-1387e634459b|Microsoft.Office.Word|
+|Work or school account|e5f8b2c4-75ae-45ee-9be8-212e34f77747|Microsoft.AAD.BrokerPlugin|
+|Xbox|b806836f-eebe-41c9-8669-19e243b81b83|Microsoft.XboxApp|
+|Xbox identity provider|ba88225b-059a-45a2-a8eb-d3580283e49d|Microsoft.XboxIdentityProvider|
 
-
-
-## Allow list examples
+## Allowlist examples
 
 The following example disables the calendar application.
 
@@ -952,7 +526,7 @@ The following example blocks the usage of the map application.
 
 ```
 
-The following example disables the Mixed Reality Portal. In the example, the **Id** can be any generated GUID and the **Name** can be any name you choose. Note that `BinaryName="*"` allows you to block any app executable in the Mixed Reality Portal package. **Binary/VersionRange**, as shown in the example, will block all versions of the Mixed Reality Portal app.
+The following example disables the Mixed Reality Portal. In the example, the **Id** can be any generated GUID and the **Name** can be any name you choose. `BinaryName="*"` allows you to block any app executable in the Mixed Reality Portal package. **Binary/VersionRange**, as shown in the example, will block all versions of the Mixed Reality Portal app.
 
 ```xml
 
@@ -1034,7 +608,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1042,7 +616,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1050,7 +624,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1058,7 +632,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1066,7 +640,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1074,7 +648,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1082,7 +656,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1090,7 +664,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1098,7 +672,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1106,7 +680,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1114,7 +688,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1122,7 +696,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1130,7 +704,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1138,7 +712,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1146,7 +720,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1154,7 +728,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
         
             
                 
@@ -1162,277 +736,277 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
         
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
         
             
         
     
 
-    
+    
         
             
         
     
 
-    
+    
         
             
         
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
     
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
     
 
-    
+    
       
         
       
@@ -1448,12 +1022,12 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
 ```
 
 ## Example for Windows 10 Holographic for Business
-The following example for Windows 10 Holographic for Business denies all apps and allows the minimum set of [inbox apps](#inboxappsandcomponents) to enable a working device, as well as Settings.
+The following example for Windows 10 Holographic for Business denies all apps and allows the minimum set of [inbox apps](#inboxappsandcomponents) to enable a working device, and Settings.
 
 ```xml
 
     
@@ -1466,7 +1040,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1479,7 +1053,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1492,7 +1066,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1505,7 +1079,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1518,7 +1092,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1531,7 +1105,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1544,7 +1118,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1557,7 +1131,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1570,7 +1144,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1583,7 +1157,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1596,7 +1170,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1609,7 +1183,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1622,7 +1196,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1635,7 +1209,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1648,7 +1222,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1661,7 +1235,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1674,7 +1248,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1687,7 +1261,7 @@ The following example for Windows 10 Holographic for Business denies all apps an
     
   
   
@@ -1702,8 +1276,8 @@ The following example for Windows 10 Holographic for Business denies all apps an
 
 ```
 
-## Recommended deny list for Windows Information Protection
-The following example for Windows 10, version 1607 denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. (An administrator might still use an exempt rule, instead.) This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.
+## Recommended blocklist for Windows Information Protection
+The following example for Windows 10, version 1607 denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. (An administrator might still use an exempt rule, instead.) This prevention ensures an administrator doesn't accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.
 
 In this example, Contoso is the node name. We recommend using a GUID for this node.
 
@@ -1887,4 +1461,4 @@ In this example, Contoso is the node name. We recommend using a GUID for this no
 ## Related topics
 
 
-[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/appv-deploy-and-config.md b/windows/client-management/mdm/appv-deploy-and-config.md
index 157bf6f4d0..79bb949ff1 100644
--- a/windows/client-management/mdm/appv-deploy-and-config.md
+++ b/windows/client-management/mdm/appv-deploy-and-config.md
@@ -23,9 +23,38 @@ manager: dansimp
 
 [EnterpriseAppVManagement CSP reference](./enterpriseappvmanagement-csp.md)
 
-![enterpriseappvmanagement csp](images/provisioning-csp-enterpriseappvmanagement.png)
+The following example shows the EnterpriseAppVManagement configuration service provider in tree format.
 
-
                    (./User/Vendor/MSFT/EnterpriseAppVManagement) contains the following sub-nodes.
                    
+```console
+./Vendor/MSFT
+EnterpriseAppVManagement
+----AppVPackageManagement
+--------EnterpriseID
+------------PackageFamilyName
+---------------PackageFullName
+------------------Name
+------------------Version
+------------------Publisher
+------------------InstallLocation
+------------------InstallDate
+------------------Users
+------------------AppVPackageID
+------------------AppVVersionId
+------------------AppVPackageUri
+----AppVPublishing
+--------LastSync
+------------LastError
+------------LastErrorDescription
+------------SyncStatusDescription
+------------SyncProgress
+--------Sync
+------------PublishXML
+----AppVDynamicPolicy
+--------ConfigurationId
+------------Policy
+```
+
+
                    (./User/Vendor/MSFT/EnterpriseAppVManagement) contains the following subnodes.
                    
 
 
                    AppVPublishing - An exec action node that contains the App-V publishing configuration for an MDM device (applied globally to all users for that device) or a specific MDM user.
                    
 
@@ -115,7 +144,7 @@ manager: dansimp
 
 #### Configure App-V client
 
-
                    This example shows how to allow package scripts to run during package operations (publish, run, and unpublish).  Allowing package scripts assists in package deployments (add and publish of App-V apps).
                    
+
                    This example shows how to allow package scripts to run during package operations (publish, run, and unpublish). Allowing package scripts helps package deployments (add and publish of App-V apps).
                    
 
 ```xml
  
diff --git a/windows/client-management/mdm/assign-seats.md b/windows/client-management/mdm/assign-seats.md
index 74ea36df77..e99f6fb7de 100644
--- a/windows/client-management/mdm/assign-seats.md
+++ b/windows/client-management/mdm/assign-seats.md
@@ -18,62 +18,21 @@ The **Assign seat** operation assigns seat for a specified user in the Microsoft
 
 ## Request
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    MethodRequest URI
                    POST
                    https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}
                    
+**POST:**
+
+```http
+https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}
+```
 
- 
 ### URI parameters
 
 The following parameters may be specified in the request URI.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    ParameterTypeDescription
                    productId
                    string
                    Required. Product identifier for an application that is used by the Store for Business.
                    skuId
                    string
                    Required. Product identifier that specifies a specific SKU of an application.
                    username
                    string
                    Requires UserPrincipalName (UPN). User name of the target user account.
                    
-
+|Parameter|Type|Description|
+|--- |--- |--- |
+|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
+|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
+|username|string|Requires UserPrincipalName (UPN). User name of the target user account.|
 
 ## Response
 
@@ -81,58 +40,9 @@ The following parameters may be specified in the request URI.
 
 The response body contains [SeatDetails](data-structures-windows-store-for-business.md#seatdetails).
 
-
-------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    






                    Error codeDescriptionRetryData fieldDetails
                    400
                    Invalid parameters
                    No
                    Parameter name
                    
-
                    Reason: Invalid parameter
                    
-
                    Details: String
                    Invalid can include productId, skuId or userName
                    404
                    Not found
                    Item type: Inventory, User, Seat
                    
-
                    Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName
                    ItemType: Inventory User Seat
                    
-
                    Values: ProductId/SkuId UserName ProductId/SkuId/UserName
                    409
                    Conflict
                    Reason: Not online
                    
-
- 
-
- 
-
-
-
-
-
+|Error code|Description|Retry|Data field|Details|
+|--- |--- |--- |--- |--- |
+|400|Invalid parameters|No|Parameter name 
                    Reason: Invalid parameter
                    Details: String|Invalid can include productId, skuId or userName|
+|404|Not found||Item type: Inventory, User, Seat
                     
                    Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName|ItemType: Inventory User Seat
                     
                    Values: ProductId/SkuId UserName ProductId/SkuId/UserName|
+|409|Conflict||Reason: Not online||
 
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index 15f4ca1e01..0276189379 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -1,7 +1,6 @@
 ---
 title: AssignedAccess CSP
 description: The AssignedAccess configuration service provider (CSP) is used set the device to run in kiosk mode.
-ms.assetid: 421CC07D-6000-48D9-B6A3-C638AAF83984
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -9,27 +8,27 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: dansimp
-ms.date: 09/18/2018
+ms.date: 05/03/2022
 ---
 
 # AssignedAccess CSP
 
-The AssignedAccess configuration service provider (CSP) is used to set the device to run in kiosk mode. Once the CSP has been executed, then the next user login that is associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration.
+The AssignedAccess configuration service provider (CSP) is used to set the device to run in kiosk mode. Once the CSP has been executed, then the next user sign in that is associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration.
 
 For a step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](/windows/configuration/kiosk-single-app)
 
- In Windows 10, version 1709, the AssignedAccess configuration service provider (CSP) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package. For a step-by-step guide, see [Create a Windows 10 kiosk that runs multiple apps](/windows/configuration/lock-down-windows-10-to-specific-apps).
+In Windows 10, version 1709, the AssignedAccess configuration service provider (CSP) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package. For a step-by-step guide, see [Create a Windows 10 kiosk that runs multiple apps](/windows/configuration/lock-down-windows-10-to-specific-apps).
 
 > [!Warning]
 > You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.
 
 > [!Note]
-> If the application calls KeyCredentialManager.IsSupportedAsync when it is running in assigned access mode and it returns false on the first run, invoke the settings screen and select a convenience PIN to use with Windows Hello. This is the settings screen that is hidden by the application running in assigned access mode. You can only use Windows Hello if you first leave assigned access mode, select your convenience pin, and then go back into assigned access mode again. 
+> If the application calls KeyCredentialManager.IsSupportedAsync when it is running in assigned access mode and it returns false on the first run, invoke the settings screen and select a appropriate PIN to use with Windows Hello. This is the settings screen that is hidden by the application running in assigned access mode. You can only use Windows Hello if you first leave assigned access mode, select your convenience pin, and then go back into assigned access mode again.
 
 > [!Note]
-> The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S. Starting in Windows 10, version 1803, it is also supported in Windows Holographic for Business edition.
+> The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709, it is supported in Windows 10 Pro and Windows 10 S. Starting from Windows 10, version 1803, it is also supported in Windows Holographic for Business edition.
 
-The following shows the AssignedAccess configuration service provider in tree format
+The following example shows the AssignedAccess configuration service provider in tree format
 
 ```
 ./Vendor/MSFT
@@ -40,13 +39,14 @@ AssignedAccess
 ----ShellLauncher (Added in Windows 10, version 1803)
 ----StatusConfiguration (Added in Windows 10, version 1803)
 ```
+
 **./Device/Vendor/MSFT/AssignedAccess**
 Root node for the CSP.
 
 **./Device/Vendor/MSFT/AssignedAccess/KioskModeApp**
 A JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app. For more information about how to get the AUMID, see [Find the Application User Model ID of an installed app](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app).
 
-For a step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](/windows/configuration/kiosk-single-app)
+For more information, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](/windows/configuration/kiosk-single-app)
 
 > [!Note]
 > In Windows 10, version 1803 the Configuration node introduces single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in config xml for Configuration node to configure public-facing single app Kiosk.
@@ -54,7 +54,7 @@ For a step-by-step guide for setting up devices to run in kiosk mode, see [Set u
 > Starting in Windows 10, version 1803 the KioskModeApp node becomes No-Op if Configuration node is configured on the device. That Add/Replace/Delete command on KioskModeApp node always returns SUCCESS to the MDM server if Configuration node is set, but the data of KioskModeApp will not take any effect on the device. Get command on KioskModeApp will return the configured JSON string even it’s not effective.
 
 > [!Note]
-> You cannot set both KioskModeApp and ShellLauncher at the same time on the device.
+> You can't set both KioskModeApp and ShellLauncher at the same time on the device.
 
 Starting in Windows 10, version 1607, you can use a provisioned app to configure the kiosk mode. For more information about how to remotely provision an app, see [Enterprise app management](enterprise-app-management.md).
 
@@ -66,43 +66,37 @@ Here's an example:
 
 > [!Tip]
 > In this example the double \\\ is required because it's in JSON and JSON escapes \ into \\\\. If an MDM server uses JSON parser\composer, they should ask customers to type only one \\, which will be \\\ in the JSON. If user types \\\\, it'll become \\\\\\\ in JSON, which will cause erroneous results. For the same reason, domain\account used in Configuration xml does not need \\\ but only one \\, because xml does not (need to) escape \\.
-> 
-> This applies to both domain\account, AzureAD\someone@contoso.onmicrosoft.com, i.e. as long as a \ used in JSON string. 
+>
+> This applies to both domain\account, AzureAD\someone@contoso.onmicrosoft.com, i.e. as long as a \ used in JSON string.
 
-When configuring the kiosk mode app, the account name will be used to find the target user. The account name includes domain name and user name.
+When the kiosk mode app is being configured, the account name will be used to find the target user. The account name includes domain name and user name.
 
 > [!Note]
-> The domain name can be optional if the user name is unique across the system.
+> The domain name can be optional, if the user name is unique across the system.
 
 For a local account, the domain name should be the device name. When Get is executed on this node, the domain name is always returned in the output.
 
-
 The supported operations are Add, Delete, Get and Replace. When there's no configuration, the Get and Delete methods fail. When there's already a configuration for kiosk mode app, the Add method fails. The data pattern for Add and Replace is the same.
 
 **./Device/Vendor/MSFT/AssignedAccess/Configuration**
-Added in Windows 10, version 1709. Specifies the settings that you can configure in the kiosk or device. This node accepts an AssignedAccessConfiguration xml as input to configure the device experience. For details about the configuration settings in the XML, see [Create a Windows 10 kiosk that runs multiple apps](/windows/configuration/lock-down-windows-10-to-specific-apps). Here is the schema for the [AssignedAccessConfiguration](#assignedaccessconfiguration-xsd).
-
-> [!Note]
-> In Windows 10, version 1803 the Configuration node introduces single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in config xml for Configuration node to configure public-facing single app Kiosk.
->
-> Starting in Windows 10, version 1803 the KioskModeApp node becomes No-Op if Configuration node is configured on the device. That Add/Replace/Delete command on KioskModeApp node always returns SUCCESS to the MDM server if Configuration node is set, but the data of KioskModeApp will not take any effect on the device. Get command on KioskModeApp will return the configured JSON string even it’s not effective.
+Added in Windows 10, version 1709. Specifies the settings that you can configure in the kiosk or device. This node accepts an AssignedAccessConfiguration xml as input to configure the device experience. For details about the configuration settings in the XML, see [Create a Windows 10 kiosk that runs multiple apps](/windows/configuration/lock-down-windows-10-to-specific-apps). Here's the schema for the [AssignedAccessConfiguration](#assignedaccessconfiguration-xsd).
 
 Enterprises can use this to easily configure and manage the curated lockdown experience.
 
 Supported operations are Add, Get, Delete, and Replace.
 
-Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies back (e.g. Start Layout).
+Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it can't revert all the enforced policies back (for example, Start Layout).
 
 **./Device/Vendor/MSFT/AssignedAccess/Status**
 Added in Windows 10, version 1803. This read only polling node allows MDM server to query the current KioskModeAppRuntimeStatus as long as the StatusConfiguration node is set to “On” or “OnWithAlerts”. If the StatusConfiguration is “Off”, a node not found error will be reported to the MDM server. Click [link](#status-example) to see an example SyncML. [Here](#assignedaccessalert-xsd) is the schema for the Status payload.
 
-In Windows 10, version 1803, Assigned Access runtime status only supports monitoring single app kiosk mode. Here are the possible status available for single app kiosk mode.
+In Windows 10, version 1803, Assigned Access runtime status only supports monitoring single app kiosk mode. Here are the possible statuses available for single app kiosk mode.
 
 |Status  |Description  |
 |---------|---------|---------|
-| KioskModeAppRunning | This means the kiosk app is running normally. |
-| KioskModeAppNotFound | This occurs when the kiosk app is not deployed to the machine. |
-| KioskModeAppActivationFailure | This happens when the assigned access controller detects the process terminated unexpectedly after exceeding the max retry. |
+| KioskModeAppRunning | This status means the kiosk app is running normally. |
+| KioskModeAppNotFound | This state occurs when the kiosk app isn't deployed to the machine. |
+| KioskModeAppActivationFailure | This state occurs when the assigned access controller detects the process terminated unexpectedly after exceeding the max retry. |
 
 > [!NOTE]
 > Status codes available in the Status payload correspond to a specific KioskModeAppRuntimeStatus.
@@ -113,7 +107,7 @@ In Windows 10, version 1803, Assigned Access runtime status only supports monito
 | 2     | KioskModeAppNotFound          |
 | 3     | KioskModeAppActivationFailure         |
 
-Additionally, the status payload includes a profileId that can be used by the MDM server to correlate which kiosk app caused the error.
+Additionally, the status payload includes a profileId that can be used by the MDM server to correlate as to which kiosk app caused the error.
 
 In Windows 10, version 1809, Assigned Access runtime status supports monitoring single-app kiosk and multi-app modes. Here are the possible status codes.
 
@@ -136,27 +130,27 @@ In Windows 10, version 1809, Assigned Access runtime status supports monitoring
 
 Additionally, the Status payload includes the following fields:
 
-- profileId: can be used by the MDM server to correlate which account caused the error.
-- OperationList: list of failed operations that occurred while applying the assigned access CSP, if any exist.
+- profileId: It can be used by the MDM server to correlate which account caused the error.
+- OperationList: It gives the list of failed operations that occurred while applying the assigned access CSP, if any exist.
 
 Supported operation is Get.
 
 **./Device/Vendor/MSFT/AssignedAccess/ShellLauncher**
-Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema. Shell Launcher V2 is introduced in Windows 10, version 1903 to support both UWP and Win32 apps as the custom shell. For more information, see [Shell Launcher](/windows/configuration/kiosk-shelllauncher).
+Added in Windows 10, version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema. Shell Launcher V2 is introduced in Windows 10, version 1903 to support both UWP and Win32 apps as the custom shell. For more information, see [Shell Launcher](/windows/configuration/kiosk-shelllauncher).
 
 > [!Note]
-> You cannot set both ShellLauncher and KioskModeApp at the same time on the device.
+> You can't set both ShellLauncher and KioskModeApp at the same time on the device.
 >
-> Configuring Shell Launcher using the ShellLauncher node automatically enables the Shell Launcher feature if it is available within the SKU. I. Shell Launcher as a feature and the ShellLauncher node both require Windows Enterprise or Windows Education to function.
+> Configuring Shell Launcher using the ShellLauncher node automatically enables the Shell Launcher feature, if it is available within the SKU. I. Shell Launcher as a feature and the ShellLauncher node both require Windows Enterprise or Windows Education to function.
 >
 >The ShellLauncher node is not supported in Windows 10 Pro.
 
 **./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration**
 Added in Windows 10, version 1803. This node accepts a StatusConfiguration xml as input to configure the Kiosk App Health monitoring. There are three possible values for StatusEnabled node inside StatusConfiguration xml: On, OnWithAlerts, and Off. Click [link](#statusconfiguration-xsd) to see the StatusConfiguration schema.
 
-By default the StatusConfiguration node does not exist, and it implies this feature is off. Once enabled via CSP, Assigned Access will check kiosk app status and wait for MDM server to query the latest status from the Status node.
+By default, the StatusConfiguration node doesn't exist, and it implies this feature is off. Once enabled via CSP, Assigned Access will check kiosk app status and wait for MDM server to query the latest status from the Status node.
 
-Optionally, the MDM server can opt-in to the MDM alert so a MDM alert will be generated and sent immediately to the MDM server when the assigned access runtime status is changed. This MDM alert will contain the status payload that is available via the Status node.
+Optionally, the MDM server can opt in to the MDM alert so that an MDM alert will be generated and sent immediately to the MDM server when the assigned access runtime status is changed. This MDM alert will contain the status payload that is available via the Status node.
 
 This MDM alert header is defined as follows:
 
@@ -431,7 +425,8 @@ Below schema is for AssignedAccess Configuration up to Windows 10 1803 release.
 
 ```
 
-Here is the schema for new features introduced in Windows 10 1809 release
+Here's the schema for new features introduced in Windows 10 1809 release
+
 ```xml
 
 
 ```
 
-To authorize a compatible configuration XML that includes 1809 or prerelease elements and attributes, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. e.g. to configure auto-launch feature which is added in 1809 release, use below sample, notice an alias r1809 is given to the 201810 namespace for 1809 release, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
+To authorize a compatible configuration XML that includes 1809 or prerelease elements and attributes, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. For example, to configure auto-launch feature that is added in 1809 release, use below sample, notice an alias r1809 is given to the 201810 namespace for 1809 release, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
+
 ```xml
 
 ```
 
-
 StatusConfiguration Delete
+
 ```xml
 
    
@@ -962,6 +958,7 @@ StatusConfiguration Replace On
 ## Status example
 
 Status Get
+
 ```xml
 
    
@@ -1237,6 +1234,11 @@ ShellLauncherConfiguration Add
 
 ShellLauncherConfiguration Add AutoLogon
 
+This function creates an autologon account on your behalf. It's a standard user with no password. The autologon account is managed by AssignedAccessCSP, so the account name isn't exposed.
+
+> [!Note]
+> The autologon function is designed to be used after OOBE with provisioning packages.
+
 ```xml
 
   
@@ -1478,4 +1480,8 @@ This example configures the following apps: Skype, Learning, Feedback Hub, and C
         
     
 
-```
\ No newline at end of file
+```
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md
index 1adb451c1c..c6d84bf203 100644
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@@ -66,7 +66,7 @@ The XML below is for Windows 10, version 1803.
 
 Example: {"User":"domain\\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"}.
 
-When configuring kiosk mode app, account name will be used to find the target user. Account name includes domain name and user name. Domain name can be optional if user name is unique across the system. For a local account, domain name should be machine name. When "Get" is executed on this node, domain name is always returned in the output.
+When configuring kiosk mode app, account name will be used to find the target user. Account name includes domain name and user name. Domain name can be optional, if user name is unique across the system. For a local account, domain name should be machine name. When "Get" is executed on this node, domain name is always returned in the output.
 
 This node supports Add, Delete, Replace and Get methods. When there's no configuration, "Get" and "Delete" methods fail. When there's already a configuration for kiosk mode app, "Add" method fails. The data pattern for "Add" and "Replace" is the same.
                 
@@ -119,7 +119,7 @@ This node supports Add, Delete, Replace and Get methods. When there's no configu
                 
                     
                 
-                This read only node contains kiosk health event xml
+                This read only node contains kiosk health event in xml
                 
                     
                 
diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
index 82a11f3eb6..a0a4883d44 100644
--- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
@@ -9,13 +9,20 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: dansimp
+ms.collection: highpri
 ---
 
 # Azure Active Directory integration with MDM
 
-Azure Active Directory is the world largest enterprise cloud identity management service. It’s used by millions of organizations to access Office 365 and thousands of business applications from Microsoft and third-party software as a service (SaaS) vendors. Many of the rich Windows 10 experiences for organizational users (such as store access or OS state roaming) use Azure AD as the underlying identity infrastructure. Windows 10 provides an integrated configuration experience with Azure AD, allowing devices to be registered in Azure AD and enrolled into MDM in a smooth integrated flow.
+Azure Active Directory is the world largest enterprise cloud identity management service. It’s used by organizations to access Office 365 and business applications from Microsoft and third-party software as a service (SaaS) vendors. Many of the rich Windows 10 experiences for organizational users (such as store access or OS state roaming) use Azure AD as the underlying identity infrastructure. Windows integrates with Azure AD, allowing devices to be registered in Azure AD and enrolled into MDM in an integrated flow.
 
-Once a device is enrolled in MDM, the MDM can enforce compliance with corporate policies, add or remove apps, and more. Additionally, the MDM can report a device’s compliance Azure AD. This enables Azure AD to allow access to corporate resources or applications secured by Azure AD only to devices that comply with policies. To support these rich experiences with their MDM product, MDM vendors can integrate with Azure AD. This topic describes the steps involved.
+Once a device is enrolled in MDM, the MDM:
+
+- Can enforce compliance with organization policies, add or remove apps, and more.
+- Can report a device’s compliance in Azure AD.
+- Azure AD can allow access to organization resources or applications secured by Azure AD to devices that comply with policies.
+
+To support these rich experiences with their MDM product, MDM vendors can integrate with Azure AD. This article describes the steps involved.
 
 ## Connect to Azure AD
 
@@ -32,9 +39,9 @@ For personal devices (BYOD):
 
 Company owned devices are traditionally joined to the on-premises Active Directory domain of the organization. These devices can be managed using Group Policy or computer management software such as Microsoft Endpoint Configuration Manager. In Windows 10, it’s also possible to manage domain joined devices with an MDM.
 
-Windows 10 introduces a new way to configure and deploy corporate owned Windows devices. This mechanism is called Azure AD Join. Like traditional domain join, Azure AD Join allows devices to become known and managed by an organization. However, with Azure AD Join, Windows authenticates to Azure AD instead of authenticating to a domain controller.
+Windows 10 introduces a new way to configure and deploy organization owned Windows devices. This mechanism is called Azure AD Join. Like traditional domain join, Azure AD Join allows devices to become known and managed by an organization. However, with Azure AD Join, Windows authenticates to Azure AD instead of authenticating to a domain controller.
 
-Azure AD Join also enables company owned devices to be automatically enrolled in, and managed by an MDM. Furthermore, Azure AD Join can be performed on a store-bought PC, in the out-of-box experience (OOBE), which helps organizations streamline their device deployment. An administrator can require that users belonging to one or more groups enroll their devices for management with an MDM. If a user is configured to require automatic enrollment during Azure AD Join, this enrollment becomes a mandatory step to configure Windows. If the MDM enrollment fails, then the device will not be joined to Azure AD.
+Azure AD Join also enables company owned devices to be automatically enrolled in, and managed by an MDM. Furthermore, Azure AD Join can be performed on a store-bought PC, in the out-of-box experience (OOBE), which helps organizations streamline their device deployment. An administrator can require that users belonging to one or more groups enroll their devices for management with an MDM. If a user is configured to require automatic enrollment during Azure AD Join, this enrollment becomes a mandatory step to configure Windows. If the MDM enrollment fails, then the device won't be joined to Azure AD.
 
 > [!IMPORTANT]
 > Every user enabled for automatic MDM enrollment with Azure AD Join must be assigned a valid [Azure Active Directory Premium](/previous-versions/azure/dn499825(v=azure.100)) license.
@@ -42,7 +49,7 @@ Azure AD Join also enables company owned devices to be automatically enrolled in
  
 ### BYOD scenario
 
-Windows 10 also introduces a simpler way to configure personal devices to access work apps and resources. Users can add their Microsoft work account to Windows and enjoy simpler and safer access to the apps and resources of the organization. During this process, Azure AD detects if the organization has configured an MDM. If that’s the case, Windows attempts to enroll the device in MDM as part of the “add account” flow. It’s important to note that in the BYOD case, users can reject the MDM Terms of Use—in which case the device is not enrolled in MDM and access to corporate resources is typically restricted.
+Windows 10 also introduces a simpler way to configure personal devices to access work apps and resources. Users can add their Microsoft work account to Windows and enjoy simpler and safer access to the apps and resources of the organization. During this process, Azure AD detects if the organization has configured an MDM. If that’s the case, Windows attempts to enroll the device in MDM as part of the “add account” flow. In the BYOD case, users can reject the MDM Terms of Use. The device isn't enrolled in MDM and access to organization resources is typically restricted.
 
 ## Integrated MDM enrollment and UX
 
@@ -50,18 +57,18 @@ Two Azure AD MDM enrollment scenarios:
 -   Joining a device to Azure AD for company-owned devices
 -   Adding a work account to a personal device (BYOD)
 
-In both scenarios, Azure AD is responsible for authenticating the user and the device, which provides a verified unique device identifier that can be used for MDM enrollment.
+In both scenarios, Azure AD authenticates the user and the device. It provides a verified unique device identifier that can be used for MDM enrollment.
 
-In both scenarios, the enrollment flow provides an opportunity for the MDM service to render its own UI, using a web view. MDM vendors should use this to render the Terms of Use (TOU), which can be different for company-owned and BYOD devices. MDM vendors can also use the web view to render additional UI elements, such as asking for a one-time PIN, if this is part of the business process of the organization.
+In both scenarios, the enrollment flow provides an opportunity for the MDM service to render its own UI, using a web view. MDM vendors should use the UI to render the Terms of Use (TOU), which can be different for company-owned and BYOD devices. MDM vendors can also use the web view to render more UI elements, such as asking for a one-time PIN.
 
-In the out-of-the-box scenario, the web view is 100% full screen, which gives the MDM vendor the ability to paint an edge-to-edge experience. With great power comes great responsibility! It is important that MDM vendors who chose to integrate with Azure AD respect the Windows 10 design guidelines to the letter. This includes using a responsive web design and respecting the Windows accessibility guidelines, which includes the forward and back buttons that are properly wired to the navigation logic. Additional details are provided later in this topic.
+In the out-of-the-box scenario, the web view is 100% full screen, which gives the MDM vendor the ability to paint an edge-to-edge experience. With great power comes great responsibility! It's important that MDM vendors who integrate with Azure AD respect the Windows design guidelines. This step includes using a responsive web design and respecting the Windows accessibility guidelines. For example, include the forward and back buttons that are properly wired to the navigation logic. More details are provided later in this article.
 
-For Azure AD enrollment to work for an Active Directory Federated Services (AD FS) backed Azure AD account, you must enable password authentication for the intranet on the ADFS service as described in solution \#2 in [Configure Azure MFA as authentication provider with AD FS](/windows-server/identity/ad-fs/operations/configure-ad-fs-and-azure-mfa).
+For Azure AD enrollment to work for an Active Directory Federated Services (AD FS) backed Azure AD account, you must enable password authentication for the intranet on the ADFS service. For more information, see solution \#2 in [Configure Azure MFA as authentication provider with AD FS](/windows-server/identity/ad-fs/operations/configure-ad-fs-and-azure-mfa).
 
-Once a user has an Azure AD account added to Windows 10 and enrolled in MDM, the enrollment can be managed through **Settings** > **Accounts** > **Work access**. Device management of either Azure AD Join for corporate scenarios or BYOD scenarios is similar.
+Once a user has an Azure AD account added to Windows and enrolled in MDM, the enrollment can be managed through **Settings** > **Accounts** > **Work access**. Device management of either Azure AD Join for organization scenarios or BYOD scenarios is similar.
 
 > [!NOTE]
-> Users cannot remove the device enrollment through the **Work access** user interface because management is tied to the Azure AD or work account.
+> Users can't remove the device enrollment through the **Work access** user interface because management is tied to the Azure AD or work account.
 
  
 ### MDM endpoints involved in Azure AD–integrated enrollment
@@ -70,87 +77,89 @@ Azure AD MDM enrollment is a two-step process:
 
 1.  Display the Terms of Use and gather user consent.
 
-    This is a passive flow where the user is redirected in a browser control (webview) to the URL of the Terms of Use of the MDM.
+    This consent is a passive flow where the user is redirected in a browser control (webview) to the URL of the Terms of Use of the MDM.
 
 2.  Enroll the device.
 
-    This is an active flow where Windows OMA DM agent calls the MDM service to enroll the device.
+    This step is an active flow where Windows OMA DM agent calls the MDM service to enroll the device.
 
 To support Azure AD enrollment, MDM vendors must host and expose a Terms of Use endpoint and an MDM enrollment endpoint.
 
 **Terms of Use endpoint**
 Use this endpoint to inform users of the ways in which their device can be controlled by their organization. The Terms of Use page is responsible for collecting user’s consent before the actual enrollment phase begins.
 
-It’s important to understand that the Terms of Use flow is an "opaque box" to Windows and Azure AD. The whole web view is redirected to the Terms of Use URL, and the user is expected to be redirected back after approving (or in some cases rejecting) the Terms. This design allows the MDM vendor to customize their Terms of Use for different scenarios (e.g., different levels of control are applied on BYOD vs. company-owned devices) or implement user/group based targeting (e.g., users in certain geographies may be subject to stricter device management policies).
+It’s important to understand the Terms of Use flow is an "opaque box" to Windows and Azure AD. The whole web view is redirected to the Terms of Use URL. The user should be redirected back after approving or rejecting the Terms. This design allows the MDM vendor to customize their Terms of Use for different scenarios. For example, different levels of control are applied on BYOD vs. organization-owned devices. Or, implement user/group based targeting, like users in certain geographies may have stricter device management policies.
 
-The Terms of Use endpoint can be used to implement additional business logic, such as collecting a one-time PIN provided by IT to control device enrollment. However, MDM vendors must not use the Terms of Use flow to collect user credentials, which could lead to a highly degraded user experience. It’s not needed, since part of the MDM integration ensures that the MDM service can understand tokens issued by Azure AD.
+The Terms of Use endpoint can implement more business logic, such as collecting a one-time PIN provided by IT to control device enrollment. However, MDM vendors must not use the Terms of Use flow to collect user credentials, which can be a degraded user experience. It’s not needed, since part of the MDM integration ensures that the MDM service can understand tokens issued by Azure AD.
 
 **MDM enrollment endpoint**
-After the users accepts the Terms of Use, the device is registered in Azure AD and the automatic MDM enrollment begins.
+After the users accepts the Terms of Use, the device is registered in Azure AD. Automatic MDM enrollment begins.
 
-The following diagram illustrates the high-level flow involved in the actual enrollment process. The device is first registered with Azure AD. This process assigns a unique device identifier to the device and presents the device with the ability to authenticate itself with Azure AD (device authentication). Subsequently, the device is enrolled for management with the MDM. This is done by calling the enrollment endpoint and requesting enrollment for the user and device. At this point, the user has been authenticated and device has been registered and authenticated with Azure AD. This information is made available to the MDM in the form of claims within an access token presented at the enrollment endpoint.
+The following diagram illustrates the high-level flow involved in the actual enrollment process. The device is first registered with Azure AD. This process assigns a unique device identifier to the device and presents the device with the ability to authenticate itself with Azure AD (device authentication). Then, the device is enrolled for management with the MDM. This step calls the enrollment endpoint and requests enrollment for the user and device. At this point, the user has been authenticated and device has been registered and authenticated with Azure AD. This information is available to the MDM in the form of claims within an access token presented at the enrollment endpoint.
 
-![azure ad enrollment flow](images/azure-ad-enrollment-flow.png)
+![azure ad enrollment flow.](images/azure-ad-enrollment-flow.png)
 
-The MDM is expected to use this information about the device (Device ID) when reporting device compliance back to Azure AD using the [Azure AD Graph API](/azure/active-directory/develop/active-directory-graph-api). A sample for reporting device compliance is provided later in this topic.
+The MDM is expected to use this information about the device (Device ID) when reporting device compliance back to Azure AD using the [Microsoft Graph API](/azure/active-directory/develop/active-directory-graph-api). A sample for reporting device compliance is provided later in this article.
 
 ## Make the MDM a reliable party of Azure AD
 
-To participate in the integrated enrollment flow outlined in the previous section, the MDM must be able to consume access tokens issued by Azure AD. To report compliance to Azure AD, the MDM must be able to authenticate itself to Azure AD and obtain authorization in the form of an access token that allows it to invoke the [Azure AD Graph API](/azure/active-directory/develop/active-directory-graph-api).
+To participate in the integrated enrollment flow outlined in the previous section, the MDM must consume access tokens issued by Azure AD. To report compliance with Azure AD, the MDM must authenticate itself to Azure AD and obtain authorization in the form of an access token that allows it to invoke the [Microsoft Graph API](/azure/active-directory/develop/active-directory-graph-api).
 
 ### Add a cloud-based MDM
 
-A cloud-based MDM is a SaaS application that provides device management capabilities in the cloud. It is a multi-tenant application. This application is registered with Azure AD in the home tenant of the MDM vendor. When an IT admin decides to use this MDM solution, an instance of this application is made visible in the tenant of the customer.
+A cloud-based MDM is a SaaS application that provides device management capabilities in the cloud. It's a multi-tenant application. This application is registered with Azure AD in the home tenant of the MDM vendor. When an IT admin decides to use this MDM solution, an instance of this application is made visible in the tenant of the customer.
 
 The MDM vendor must first register the application in their home tenant and mark it as a multi-tenant application. Here a code sample from GitHub that explains how to add multi-tenant applications to Azure AD, [WepApp-WebAPI-MultiTenant-OpenIdConnect-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613661).
 
 > [!NOTE]
-> For the MDM provider, if you don't have an existing Azure AD tentant with an Azure AD subscription that you manage, follow the step-by-step guide in [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md) to set up a tenant, add a subscription, and manage it via the Azure Portal.
+> For the MDM provider, if you don't have an existing Azure AD tenant with an Azure AD subscription that you manage, follow the step-by-step guide in [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md) to set up a tenant, add a subscription, and manage it via the Azure Portal.
 
- 
-The keys used by the MDM application to request access tokens from Azure AD are managed within the tenant of the MDM vendor and not visible to individual customers. The same key is used by the multi-tenant MDM application to authenticate itself with Azure AD, regardless of the customer tenent to which the device being managed belongs.
+The MDM application uses keys to request access tokens from Azure AD. These keys are managed within the tenant of the MDM provider and not visible to individual customers. The same key is used by the multi-tenant MDM application to authenticate itself with Azure AD, whatever the customer tenant the managed device belongs.
+
+> [!NOTE]
+> All MDM apps must implement Azure AD V2 tokens before we certify that integration works. Due to changes in the Azure AD app platform, using Azure AD V2 tokens is a hard requirement. For more information, see [Microsoft identity platform access tokens](/azure/active-directory/develop/access-tokens#token-formats-and-ownership).
 
 Use the following steps to register a cloud-based MDM application with Azure AD. At this time, you need to work with the Azure AD engineering team to expose this application through the Azure AD app gallery.
 
-1.  Log in to the Azure Management Portal using an admin account in your home tenant.
+1.  Log on to the Azure Management Portal using an admin account in your home tenant.
 
-2.  In the left navigation, click on the **Active Directory**.
+2.  In the left navigation, select **Active Directory**.
 
-3.  Click the directory tenant where you want to register the application.
+3.  Select the directory tenant where you want to register the application.
 
-    Ensure that you are logged into your home tenant.
+    Ensure you're logged into your home tenant.
 
-4.  Click the **Applications** tab.
+4.  Select the **Applications** tab.
 
-5.  In the drawer, click **Add**.
+5.  In the drawer, select **Add**.
 
-6.  Click **Add an application my organization is developing**.
+6.  Select **Add an application my organization is developing**.
 
-7.  Enter a friendly name for the application, such as ContosoMDM, select **Web Application and or Web API**, then click **Next**.
+7.  Enter a friendly name for the application, such as ContosoMDM, select **Web Application and or Web API**, then select **Next**.
 
-8.  Enter the login URL for your MDM service.
+8.  Enter the logon URL for your MDM service.
 
-9.  For the App ID, enter **https://<your\_tenant\_name>/ContosoMDM**, then click OK.
+9.  For the App ID, enter `https:///ContosoMDM`, then select OK.
 
-10. While still in the Azure portal, click the **Configure** tab of your application.
+10. While still in the Azure portal, select the **Configure** tab of your application.
 
 11. Mark your application as **multi-tenant**.
 
 12. Find the client ID value and copy it.
 
-    You will need this later when configuring your application. This client ID is used when obtaining access tokens and adding applications to the Azure AD app gallery.
+    You'll need this ID later when configuring your application. This client ID is used when obtaining access tokens and adding applications to the Azure AD app gallery.
 
 13. Generate a key for your application and copy it.
 
-    You will need this to call the Azure AD Graph API to report device compliance. This is covered in the subsequent section.
+    You need this key to call the Microsoft Graph API to report device compliance. This information is covered in the next section.
 
 For more information about how to register a sample application with Azure AD, see the steps to register the **TodoListService Web API** in [NativeClient-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613667).
 
 ### Add an on-premises MDM
 
-An on-premises MDM application is inherently different that a cloud MDM. It is a single-tenant application that is present uniquely within the tenant of the customer. Therefore, customers must add the application directly within their own tenant. Additionally, each instance of an on-premises MDM application must be registered separately and has a separate key for authentication with Azure AD.
+An on-premises MDM application is different than a cloud MDM. It's a single-tenant application that is present uniquely within the tenant of the customer. Customers must add the application directly within their own tenant. Also, each instance of an on-premises MDM application must be registered separately and has a separate key for authentication with Azure AD.
 
-To add an on-premises MDM application to the tenant, there is an entry under the Azure AD service, specifically under **Mobility (MDM and MAM)** > **Add application**. Administrators can configure the required URLs for enrollment and Terms of Use.
+To add an on-premises MDM application to the tenant, use the Azure AD service, specifically under **Mobility (MDM and MAM)** > **Add application**. Administrators can configure the required URLs for enrollment and Terms of Use.
 
 Your on-premises MDM product must expose a configuration experience where administrators can provide the client ID, app ID, and the key configured in their directory for that MDM application. You can use this client ID and key to request tokens from Azure AD when reporting device compliance.
 
@@ -158,22 +167,22 @@ For more information about registering applications with Azure AD, see [Basics o
 
 ### Key management and security guidelines
 
-The application keys used by your MDM service are a sensitive resource. They should be protected and rolled over periodically for greater security. Access tokens obtained by your MDM service to call the Azure AD Graph API are bearer tokens and should be protected to avoid unauthorized disclosure.
+The application keys used by your MDM service are a sensitive resource. They should be protected and rolled over periodically for greater security. Access tokens obtained by your MDM service to call the Microsoft Graph API are bearer tokens and should be protected to avoid unauthorized disclosure.
 
-For security best practices, see [Windows Azure Security Essentials](https://go.microsoft.com/fwlink/p/?LinkId=613715).
+For security best practices, see [Windows Azure Security Essentials](/dotnet/api/system.identitymodel.tokens.jwt.jwtsecuritytokenhandler).
 
-You can rollover the application keys used by a cloud-based MDM service without requiring a customer interaction. There is a single set of keys across all customer tenants that are managed by the MDM vendor in their Azure AD tenant.
+You can roll over the application keys used by a cloud-based MDM service without requiring a customer interaction. There's a single set of keys across all customer tenants that are managed by the MDM vendor in their Azure AD tenant.
 
-For the on-premises MDM, the keys used to authenticate with Azure AD are within the tenant of the customer and must be rolled over by the customer's administrator. In this case, you should provide guidance to the customers about rolling over and protecting the keys to improved security.
+For the on-premises MDM, the Azure AD authentication keys are within the customer tenant and must be rolled over by the customer's administrator. To improve security, provide guidance to customers about rolling over and protecting the keys.
 
 ## Publish your MDM app to Azure AD app gallery
 
 
 IT administrators use the Azure AD app gallery to add an MDM for their organization to use. The app gallery is a rich store with over 2400 SaaS applications that are integrated with Azure AD.
 
-The following image illustrates how MDM applications will show up in the Azure app gallery in a category dedicated to MDM software.
+The following image show how MDM applications show up in the Azure app gallery.
 
-![azure ad add an app for mdm](images/azure-ad-app-gallery.png)
+![azure ad add an app for mdm.](images/azure-ad-app-gallery.png)
 
 ### Add cloud-based MDM to the app gallery
 
@@ -182,189 +191,85 @@ The following image illustrates how MDM applications will show up in the Azure a
 
 The following table shows the required information to create an entry in the Azure AD app gallery.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    ItemDescription
                    Application ID
                    The client ID of your MDM app that is configured within your tenant. This is the unique identifier for your multi-tenant app.
                    Publisher
                    A string that identifies the publisher of the app.
                    Application URL
                    A URL to the landing page of your app where your administrators can get more information about the MDM app and contains a link to the landing page of your app. This URL is not used for the actual enrollment.
                    Description
                    A brief description of your MDM app, which must be under 255 characters.
                    Icons
                    A set of logo icons for the MDM app. Dimensions: 45 X 45, 150 X 122, 214 X 215
                    
+|Item|Description|
+|--- |--- |
+|**Application ID**|The client ID of your MDM app that is configured within your tenant. This ID is the unique identifier for your multi-tenant app.|
+|**Publisher**|A string that identifies the publisher of the app.|
+|**Application URL**|A URL to the landing page of your app where your administrators can get more information about the MDM app and contains a link to the landing page of your app. This URL isn't used for the actual enrollment.|
+|**Description**|A brief description of your MDM app, which must be under 255 characters.|
+|**Icons**|A set of logo icons for the MDM app. Dimensions: 45 X 45, 150 X 122, 214 X 215|
+
 
  
 ### Add on-premises MDM to the app gallery
 
-There are no special requirements for adding on-premises MDM to the app gallery. There is a generic entry for administrator to add an app to their tenant.
+There are no special requirements for adding on-premises MDM to the app gallery. There's a generic entry for administrator to add an app to their tenant.
 
-However, key management is different for on-premises MDM. You must obtain the client ID (app ID) and key assigned to the MDM app within the customer's tenant. These are used to obtain authorization to access the Azure AD Graph API and for reporting device compliance.
+However, key management is different for on-premises MDM. You must obtain the client ID (app ID) and key assigned to the MDM app within the customer's tenant. Thee ID and key obtain authorization to access the Microsoft Graph API and for reporting device compliance.
 
 ## Themes
 
-The pages rendered by the MDM as part of the integrated enrollment process must use Windows 10 templates ([Download the Windows 10 templates and CSS files](https://download.microsoft.com/download/3/E/5/3E535D52-6432-47F6-B460-4E685C5D543A/MDM-ISV_1.1.3.zip)). This is important for enrollment during the Azure AD Join experience in OOBE where all of the pages are edge-to-edge HTML pages. Don't try to copy the templates because you'll never get the button placement right. Using the shared Windows 10 templates ensure a seamless experience for the customers.
+The pages rendered by the MDM in the integrated enrollment process must use Windows templates ([Download the Windows templates and CSS files (1.1.4)](https://download.microsoft.com/download/0/7/0/0702afe3-dc1e-48f6-943e-886a4876f6ca/MDM-ISV_1.1.4.zip)). These templates are important for enrollment during the Azure AD Join experience in OOBE where all of the pages are edge-to-edge HTML pages. Don't try to copy the templates because you'll never get the button placement right.
 
-There are 3 distinct scenarios:
+There are three distinct scenarios:
 
 1.  MDM enrollment as part of Azure AD Join in Windows OOBE.
 2.  MDM enrollment as part of Azure AD Join, after Windows OOBE from **Settings**.
 3.  MDM enrollment as part of adding a Microsoft work account on a personal device (BYOD).
 
-Scenarios 1, 2, and 3 are available in Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. Scenarios 1 and 3 are available in Windows 10 Mobile. Support for scenario 1 was added in Windows 10 Mobile, version 1511.
+These scenarios support Windows client Pro, Enterprise, and Education.
 
-The CSS files provided by Microsoft contains version information and we recommend that you use the latest version. There are separate CSS files for desktop and mobile devices, OOBE, and post-OOBE experiences. [Download the Windows 10 templates and CSS files](https://download.microsoft.com/download/3/E/5/3E535D52-6432-47F6-B460-4E685C5D543A/MDM-ISV_1.1.3.zip).
+The CSS files provided by Microsoft contain version information and we recommend that you use the latest version. There are separate CSS files for Windows client devices, OOBE, and post-OOBE experiences. [Download the Windows templates and CSS files (1.1.4)](https://download.microsoft.com/download/0/7/0/0702afe3-dc1e-48f6-943e-886a4876f6ca/MDM-ISV_1.1.4.zip).
+
+- For Windows 10, use **oobe-desktop.css**
+- For Windows 11, use **oobe-light.css**
 
 ### Using themes
 
-An MDM page must adhere to a predefined theme depending on the scenario that is displayed. For example, if the CXH-HOSTHTTP header is FRX, which is the OOBE scenario, the page must support a dark theme with blue background color, which uses WinJS file Ui-dark.css ver 4.0 and oobe-desktop.css ver 1.0.4.
-
-
-------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    






                    CXH-HOST (HTTP HEADER)ScenarioBackground ThemeWinJSScenario CSS
                    FRXOOBEDark theme + blue background colorFilename: Ui-dark.cssFilename: oobe-dekstop.css
                    MOSETSettings/
-
                    Post OOBE
                    		Light themeFilename: Ui-light.cssFilename: settings-desktop.css
                    
+An MDM page must adhere to a predefined theme depending on the scenario that is displayed. For example, if the CXH-HOSTHTTP header is FRX, which is the OOBE scenario, then the page must support a dark theme with blue background color, which uses WinJS file Ui-dark.css ver 4.0 and oobe-desktop.css ver 1.0.4.
 
+|CXH-HOST (HTTP HEADER)|Scenario|Background Theme|WinJS|Scenario CSS|
+|--- |--- |--- |--- |--- |
+|FRX|OOBE|Dark theme + blue background color|Filename: Ui-dark.css|Filename: oobe-dekstop.css|
+|MOSET|Settings/Post OOBE|Light theme|Filename: Ui-light.css|Filename: settings-desktop.css|
  
 ## Terms of Use protocol semantics
 
-The Terms of Use endpoint is hosted by the MDM server. During the Azure AD Join protocol flow, Windows performs a full-page redirect to this endpoint. This enables the MDM to display the terms and conditions that apply and allows the user to accept or reject the terms associated with enrollment. After the user accepts the terms, the MDM redirects back to Windows for the enrollment process to continue.
+The Terms of Use endpoint is hosted by the MDM server. During the Azure AD Join protocol flow, Windows does a full-page redirect to this endpoint. This redirect enables the MDM to display the terms and conditions that apply. It allows the user to accept or reject the terms associated with enrollment. After the user accepts the terms, the MDM redirects back to Windows for the enrollment process to continue.
 
 ### Redirect to the Terms of Use endpoint
 
-This is a full page redirect to the Terms of User endpoint hosted by the MDM. Here is an example URL, https://fabrikam.contosomdm.com/TermsOfUse.
+This redirect is a full page redirect to the Terms of User endpoint hosted by the MDM. Here's an example URL, `https://fabrikam.contosomdm.com/TermsOfUse`.
 
 The following parameters are passed in the query string:
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    ItemDescription
                    redirect_uri
                    After the user accepts or rejects the Terms of Use, the user is redirected to this URL.
                    client-request-id
                    A GUID that is used to correlate logs for diagnostic and debugging purposes. You use this parameter to log or trace the state of the enrollment request to help find the root cause in case of failures.
                    api-version
                    Specifies the version of the protocol requested by the client. This provides a mechanism to support version revisions of the protocol.
                    mode
                    Specifies that the device is corporate owned when mode=azureadjoin. This parameter is not present for BYOD devices.
                    
+|Item|Description|
+|--- |--- |
+|redirect_uri|After the user accepts or rejects the Terms of Use, the user is redirected to this URL.|
+|client-request-id|A GUID that is used to correlate logs for diagnostic and debugging purposes. Use this parameter to log or trace the state of the enrollment request to help find the root cause of failures.|
+|api-version|Specifies the version of the protocol requested by the client. This value provides a mechanism to support version revisions of the protocol.|
+|mode|Specifies that the device is organization owned when mode=azureadjoin. This parameter isn't present for BYOD devices.|
 
- 
 ### Access token
 
-A bearer access token is issued by Azure AD is passed in the authorization header of the HTTP request. Here is a typical format:
+Azure AD issues a bearer access token. The token is passed in the authorization header of the HTTP request. Here's a typical format:
 
 **Authorization: Bearer** CI6MTQxmCF5xgu6yYcmV9ng6vhQfaJYw…
 
 The following claims are expected in the access token passed by Windows to the Terms of Use endpoint:
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    ItemDescription
                    Object ID
                    Identifier of the user object corresponding to the authenticated user.
                    UPN
                    A claim containing the user principal name (UPN) of the authenticated user.
                    TID
                    A claim representing the tenant ID of the tenant. In the example above, it's Fabrikam.
                    Resource
                    A sanitized URL representing the MDM application. Example, https://fabrikam.contosomdm.com.
                    
-
                    
+|Item|Description|
+|--- |--- |
+|Object ID|Identifier of the user object corresponding to the authenticated user.|
+|UPN|A claim containing the user principal name (UPN) of the authenticated user.|
+|TID|A claim representing the tenant ID of the tenant. In the example above, it's Fabrikam.|
+|Resource|A sanitized URL representing the MDM application. Example: `https://fabrikam.contosomdm.com` |
+
 
 > [!NOTE]
-> There is no device ID claim in the access token because the device may not yet be enrolled at this time.
+> There's no device ID claim in the access token because the device may not yet be enrolled at this time.
 
-To retrieve the list of group memberships for the user, you can use the [Azure AD Graph API](/azure/active-directory/develop/active-directory-graph-api).
+To retrieve the list of group memberships for the user, you can use the [Microsoft Graph API](/azure/active-directory/develop/active-directory-graph-api).
 
 Here's an example URL.
 
@@ -377,7 +282,7 @@ The MDM is expected to validate the signature of the access token to ensure it w
 
 ### Terms of Use content
 
-The MDM may perform other additional redirects as necessary before displaying the Terms of Use content to the user. The appropriate Terms of Use content should be returned to the caller (Windows) so it can be displayed to the end user in the browser control.
+The MDM may do other more redirects as necessary before displaying the Terms of Use content to the user. The appropriate Terms of Use content should be returned to the caller (Windows) so it can be displayed to the end user in the browser control.
 
 The Terms of Use content should contain the following buttons:
 
@@ -391,29 +296,28 @@ The Terms of Use content must be consistent with the theme used for the other pa
 At this point, the user is on the Terms of Use page shown during the OOBE or from the Setting experiences. The user has the following options on the page:
 
 -   **User clicks on the Accept button** - The MDM must redirect to the URI specified by the redirect\_uri parameter in the incoming request. The following query string parameters are expected:
-    -   **IsAccepted** - This mandatory Boolean must be set to true.
-    -   **OpaqueBlob** - Required parameter if the user accepts. The MDM may use this make some information available to the enrollment endpoint. The value persisted here is made available unchanged at the enrollment endpoint. The MDM may use this parameter for correlation purposes.
-    -   Here is an example redirect - ms-appx-web://MyApp1/ToUResponse?OpaqueBlob=value&IsAccepted=true
+    -   **IsAccepted** - This Boolean value is required, and must be set to true.
+    -   **OpaqueBlob** - Required parameter if the user accepts. The MDM may use this blob to make some information available to the enrollment endpoint. The value persisted here is made available unchanged at the enrollment endpoint. The MDM may use this parameter for correlation purposes.
+    -   Here's an example redirect - `ms-appx-web://MyApp1/ToUResponse?OpaqueBlob=value&IsAccepted=true`
 -   **User clicks on the Decline button** - The MDM must redirect to the URI specified in redirect\_uri in the incoming request. The following query string parameters are expected:
-    -   **IsAccepted** - This mandatory Boolean must be set to false. This also applies if the user skipped the Terms of Use.
-    -   **OpaqueBlob** - This parameter is not expected to be used because the enrollment is stopped with an error message displayed to the user.
+    -   **IsAccepted** - This Boolean value is required, and must be set to false. This option also applies if the user skipped the Terms of Use.
+    -   **OpaqueBlob** - This parameter isn't expected to be used. The enrollment is stopped with an error message shown to the user.
 
-Users skip the Terms of Use when they are adding a Microsoft work account to their device. However, then cannot skip it during the Azure AD Join process. The decline button must not be shown in the Azure AD Join process because MDM enrollment cannot be declined by the user if configured by the administrator for the Azure AD Join.
+Users skip the Terms of Use when they're adding a Microsoft work account to their device. However, they can't skip it during the Azure AD Join process. Don't show the decline button in the Azure AD Join process. MDM enrollment can't be declined by the user if configured by the administrator for the Azure AD Join.
 
 We recommend that you send the client-request-id parameters in the query string as part of this redirect response.
 
 ### Terms Of Use Error handling
 
-If an error was encountered during the terms of use processing, the MDM can return two parameters – an error and error\_description parameter in its redirect request back to Windows. Note that the URL should be encoded and the contents of the error\_description should be in English plain text. This text is not visible to the end-user and therefore localization of the error description text is not a concern.
+If an error occurs during the terms of use processing, the MDM can return two parameters – an error and error\_description parameter in its redirect request back to Windows. The URL should be encoded, and the contents of the error\_description should be in English plain text. This text isn't visible to the end-user. So, localization of the error description text isn't a concern.
 
-Here is the URL format:
+Here's the URL format:
 
 ```console
 HTTP/1.1 302
 Location:
 ?error=access_denied&error_description=Access%20is%20denied%2E
 
-
 Example:
 HTTP/1.1 302
 Location: ms-appx-web://App1/ToUResponse?error=access_denied&error_description=Access%20is%20denied%2E
@@ -421,200 +325,45 @@ Location: ms-appx-web://App1/ToUResponse?error=access_denied&error_description=A
 
 The following table shows the error codes.
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    CauseHTTP statusErrorDescription
                    api-version
                    302
                    invalid_request
                    unsupported version
                    Tenant or user data are missing or other required prerequisites for device enrollment are not met
                    302
                    unauthorized_client
                    unauthorized user or tenant
                    Azure AD token validation failed
                    302
                    unauthorized_client
                    unauthorized_client
                    internal service error
                    302
                    server_error
                    internal service error
                    
+|Cause|HTTP status|Error|Description|
+|--- |--- |--- |--- |
+|api-version|302|invalid_request|unsupported version|
+|Tenant or user data are missing or other required prerequisites for device enrollment aren't met|302|unauthorized_client|unauthorized user or tenant|
+|Azure AD token validation failed|302|unauthorized_client|unauthorized_client|
+|internal service error|302|server_error|internal service error|
 
  
 ## Enrollment protocol with Azure AD
 
-With Azure integrated MDM enrollment, there is no discovery phase and the discovery URL is directly passed down to the system from Azure. The following table shows the comparison between the traditional and Azure enrollments.
+With Azure integrated MDM enrollment, there's no discovery phase and the discovery URL is directly passed down to the system from Azure. The following table shows the comparison between the traditional and Azure enrollments.
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    DetailTraditional MDM enrollmentAzure AD Join (corporate-owned device)Azure AD add a work account (user-owned device)
                    MDM auto-discovery using email address to retrieve MDM discovery URL
                    Enrollment
                    Not applicable
                    
-
                    Discovery URL provisioned in Azure
                    Uses MDM discovery URL
                    Enrollment
                    
-
                    Enrollment renewal
                    
-
                    ROBO
                    Enrollment
                    
-
                    Enrollment renewal
                    
-
                    ROBO
                    Enrollment
                    
-
                    Enrollment renewal
                    
-
                    ROBO
                    Is MDM enrollment required?
                    Yes
                    Yes
                    No
                    
-
                    User can decline.
                    Authentication type
                    OnPremise
                    
-
                    Federated
                    
-
                    Certificate
                    Federated
                    Federated
                    EnrollmentPolicyServiceURL
                    Optional (all auth)
                    Optional (all auth)
                    
-
                    Optional (all auth)
                    
-
                    EnrollmentServiceURL
                    Required (all auth)
                    Used (all auth)
                    Used (all auth)
                    EnrollmentServiceURL includes OS Version, OS Platform, and other attributes provided by MDM discovery URL
                    Highly recommended
                    Highly recommended
                    Highly recommended
                    AuthenticationServiceURL used
                    Used (Federated auth)
                    Skipped
                    Skipped
                    BinarySecurityToken
                    Custom per MDM
                    Azure AD issued token
                    Azure AD issued token
                    EnrollmentType
                    Full
                    Device
                    Full
                    Enrolled certificate type
                    User certificate
                    Device certificate
                    User certificate
                    Enrolled certificate store
                    My/User
                    My/System
                    My/User
                    CSR subject name
                    User Principal Name
                    Device ID
                    User Principal Name
                    EnrollmentData Terms of Use binary blob as AdditionalContext for EnrollmentServiceURL
                    Not supported
                    Supported
                    Supported
                    CSPs accessible during enrollment
                    Windows 10 support:
                    
-
                      
-
                    • DMClient
                      • 
-
                    • CertificateStore
                      • 
-
                    • RootCATrustedCertificates
                      • 
-
                    • ClientCertificateInstall
                      • 
-
                    • EnterpriseModernAppManagement
                      • 
-
                    • PassportForWork
                      • 
-
                    • Policy
                      • 
-
                    • w7 APPLICATION
                      • 
-
                    
-
                    Legacy support:
                    
-
                      
-
                    • EnterpriseAppManagement (Windows Phone 8.1)
                      • 
-
                    same as traditional MDM enrollment
                    same as traditional MDM enrollment
                    
-
- 
+|Detail|Traditional MDM enrollment|Azure AD Join (organization-owned device)|Azure AD adds a work account (user-owned device)|
+|--- |--- |--- |--- |
+|MDM auto-discovery using email address to retrieve MDM discovery URL|Enrollment|Not applicable
                    Discovery URL provisioned in Azure||
+|Uses MDM discovery URL|Enrollment
                    Enrollment renewal
                    ROBO|Enrollment
                    Enrollment renewal
                    ROBO|Enrollment
                    Enrollment renewal
                    ROBO|
+|Is MDM enrollment required?|Yes|Yes|No
                    User can decline.|
+|Authentication type|OnPremise
                    Federated
                    Certificate|Federated|Federated|
+|EnrollmentPolicyServiceURL|Optional (all auth)|Optional (all auth)|Optional (all auth)|
+|EnrollmentServiceURL|Required (all auth)|Used (all auth)|Used (all auth)|
+|EnrollmentServiceURL includes OS Version, OS Platform, and other attributes provided by MDM discovery URL|Highly recommended|Highly recommended|Highly recommended|
+|AuthenticationServiceURL used|Used (Federated auth)|Skipped|Skipped|
+|BinarySecurityToken|Custom per MDM|Azure AD issued token|Azure AD issued token|
+|EnrollmentType|Full|Device|Full|
+|Enrolled certificate type|User certificate|Device certificate|User certificate|
+|Enrolled certificate store|My/User|My/System|My/User|
+|CSR subject name|User Principal Name|Device ID|User Principal Name|
+|EnrollmentData Terms of Use binary blob as AdditionalContext for EnrollmentServiceURL|Not supported|Supported|Supported|
+|CSPs accessible during enrollment|Windows 10 support: 
                    - DMClient 
                    - CertificateStore 
                    - RootCATrustedCertificates 
                     - ClientCertificateInstall 
                    - EnterpriseModernAppManagement 
                     - PassportForWork 
                     - Policy 
                     - w7 APPLICATION|||
 
 ## Management protocol with Azure AD
 
-There are two different MDM enrollment types that take advantage of integration with Azure AD and therefore make use of Azure AD user and device identities. Depending on the enrollment type, the MDM service may need to manage a single user or multiple users.
+There are two different MDM enrollment types that integrate with Azure AD, and use Azure AD user and device identities. Depending on the enrollment type, the MDM service may need to manage a single user or multiple users.
 
 **Multiple user management for Azure AD joined devices**
-In this scenario the MDM enrollment applies to every Azure AD user who logs on to the Azure AD joined device - call this enrollment type a device enrollment or a multi-user enrollment. The management server can determine the user identity, conclude what policies are targeted for this user, and send corresponding policies to the device. To allow management server to identify current user that is logged on to the device, the OMA DM client uses the Azure AD user tokens. Each management session contains an additional HTTP header that contains an Azure AD user token. This information is provided in the DM package sent to the management server. However, in some circumstances Azure AD user token is not sent over to the management server. One such scenario happens immediately after MDM enrollments completes during Azure AD join process. Until Azure AD join process is finished and Azure AD user logs on to the machine, Azure AD user token is not available to OMA-DM process. Typically MDM enrollment completes before Azure AD user logs on to machine and the initial management session does not contain an Azure AD user token. The management server should check if the token is missing and only send device policies in such case. Another possible reason for a missing Azure AD token in the OMA-DM payload is when a guest user is logged on to the device.
+In this scenario the MDM enrollment applies to every Azure AD user who signs in to the Azure AD joined device - call this enrollment type a device enrollment or a multi-user enrollment. The management server can determine the user identity, determine what policies are targeted for this user, and send corresponding policies to the device. To allow management server to identify current user that is logged on to the device, the OMA DM client uses the Azure AD user tokens. Each management session contains an extra HTTP header that contains an Azure AD user token. This information is provided in the DM package sent to the management server. However, in some circumstances Azure AD user token isn't sent over to the management server. One such scenario happens immediately after MDM enrollments completes during Azure AD join process. Until Azure AD join process is finished and Azure AD user signs on to the machine, Azure AD user token isn't available to OMA-DM process. Typically, MDM enrollment completes before Azure AD user sign in to machine and the initial management session doesn't contain an Azure AD user token. The management server should check if the token is missing and only send device policies in such case. Another possible reason for a missing Azure AD token in the OMA-DM payload is when a guest user is logged on to the device.
 
 **Adding a work account and MDM enrollment to a device**
-In this scenario, the MDM enrollment applies to a single user who initially added his work account and enrolled the device. In this enrollment type the management server can ignore Azure AD tokens that may be sent over during management session. Whether Azure AD token is present or missing, the management server sends both user and device policies to the device.
+In this scenario, the MDM enrollment applies to a single user who initially added their work account and enrolled the device. In this enrollment type, the management server can ignore Azure AD tokens that may be sent over during management session. Whether Azure AD token is present or missing, the management server sends both user and device policies to the device.
 
 **Evaluating Azure AD user tokens**
 The Azure AD token is in the HTTP Authorization header in the following format:
@@ -623,21 +372,22 @@ The Azure AD token is in the HTTP Authorization header in the following format:
 Authorization:Bearer 
 ```
 
-Additional claims may be present in the Azure AD token, such as:
+More claims may be present in the Azure AD token, such as:
 
 -   User - user currently logged in
 -   Device compliance - value set the MDM service into Azure
 -   Device ID - identifies the device that is checking in
 -   Tenant ID
 
-Access token issued by Azure AD are JSON web tokens (JWTs). A valid JWT token is presented by Windows at the MDM enrollment endpoint to initiate the enrollment process. There are a couple of options to evaluate the tokens:
+Access tokens issued by Azure AD are JSON web tokens (JWTs). A valid JWT token is presented by Windows at the MDM enrollment endpoint to start the enrollment process. There are a couple of options to evaluate the tokens:
 
--   Use the JWT Token Handler extension for WIF to validate the contents of the access token and extract claims required for use. For more information, see [JSON Web Token Handler](/previous-versions/dotnet/framework/security/json-web-token-handler).
+-   Use the JWT Token Handler extension for WIF to validate the contents of the access token and extract claims required for use. For more information, see [JwtSecurityTokenHandler Class](/dotnet/api/system.identitymodel.tokens.jwt.jwtsecuritytokenhandler).
 -   Refer to the Azure AD authentication code samples to get a sample for working with access tokens. For an example, see [NativeClient-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613667).
 
+
 ## Device Alert 1224 for Azure AD user token
 
-An alert is sent when the DM session starts and there is an Azure AD user logged in. The alert is sent in OMA DM pkg\#1. Here's an example:
+An alert is sent when the DM session starts and there's an Azure AD user logged in. The alert is sent in OMA DM pkg\#1. Here's an example:
 
 ```xml
 Alert Type: com.microsoft/MDM/AADUserToken
@@ -664,9 +414,9 @@ An alert is sent to the MDM server in DM package\#1.
 
 -   Alert type - com.microsoft/MDM/LoginStatus
 -   Alert format - chr
--   Alert data - provide login status information for the current active logged in user.
-    -   Logged in user who has an Azure AD account - predefined text: user.
-    -   Logged in user without an Azure AD account- predefined text: others.
+-   Alert data - provide sign-in status information for the current active logged in user.
+    -   Signed-in user who has an Azure AD account - predefined text: user.
+    -   Signed-in user without an Azure AD account- predefined text: others.
     -   No active user - predefined text:none
 
 Here's an example.
@@ -689,19 +439,19 @@ Here's an example.
 
 ## Report device compliance to Azure AD
 
-Once a device is enrolled with the MDM for management, corporate policies configured by the IT administrator are enforced on the device. The device compliance with configured policies is evaluated by the MDM and then reported to Azure AD. This section covers the Graph API call you can use to report a device compliance status to Azure AD.
+Once a device is enrolled with the MDM for management, organization policies configured by the IT administrator are enforced on the device. The device compliance with configured policies is evaluated by the MDM and then reported to Azure AD. This section covers the Graph API call you can use to report a device compliance status to Azure AD.
 
 For a sample that illustrates how an MDM can obtain an access token using OAuth 2.0 client\_credentials grant type, see [Daemon\_CertificateCredential-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613822).
 
--   **Cloud-based MDM** - If your product is a cloud-based multi-tenant MDM service, you have a single key configured for your service within your tenant. Use this key to authenticate the MDM service with Azure AD, in order to obtain authorization.
--   **On-premises MDM** - If your product is an on-premises MDM, customers must configure your product with the key used to authenticate with Azure AD. This is because each on-premises instance of your MDM product has a different tenant-specific key. For this purpose, you may need to expose a configuration experience in your MDM product that enables administrators to specify the key to be used to authenticate with Azure AD.
+-   **Cloud-based MDM** - If your product is a cloud-based multi-tenant MDM service, you have a single key configured for your service within your tenant. To obtain authorization, use this key to authenticate the MDM service with Azure AD.
+-   **On-premises MDM** - If your product is an on-premises MDM, customers must configure your product with the key used to authenticate with Azure AD. This key configuration is because each on-premises instance of your MDM product has a different tenant-specific key. So, you may need to expose a configuration experience in your MDM product that enables administrators to specify the key to be used to authenticate with Azure AD.
 
-### Use Azure AD Graph API
+### Use Microsoft Graph API
 
-The following sample REST API call illustrates how an MDM can use the Azure AD Graph API to report compliance status of a device currently being managed by it.
+The following sample REST API call illustrates how an MDM can use the Microsoft Graph API to report compliance status of a device being managed by it.
 
 > [!NOTE]
-> This is only applicable for approved MDM apps on Windows 10 devices.
+> This API is only applicable for approved MDM apps on Windows 10 devices.
 
 ```console
 Sample Graph API Request:
@@ -717,221 +467,60 @@ Content-Type: application/json
 
 Where:
 
--   **contoso.com** – This is the name of the Azure AD tenant to whose directory the device has been joined.
--   **db7ab579-3759-4492-a03f-655ca7f52ae1** – This is the device identifier for the device whose compliance information is being reported to Azure AD.
--   **eyJ0eXAiO**……… – This is the bearer access token issued by Azure AD to the MDM that authorizes the MDM to call the Azure AD Graph API. The access token is placed in the HTTP authorization header of the request.
+-   **contoso.com** – This value is the name of the Azure AD tenant to whose directory the device has been joined.
+-   **db7ab579-3759-4492-a03f-655ca7f52ae1** – This value is the device identifier for the device whose compliance information is being reported to Azure AD.
+-   **eyJ0eXAiO**……… – This value is the bearer access token issued by Azure AD to the MDM that authorizes the MDM to call the Microsoft Graph API. The access token is placed in the HTTP authorization header of the request.
 -   **isManaged** and **isCompliant** - These Boolean attributes indicates compliance status.
 -   **api-version** - Use this parameter to specify which version of the graph API is being requested.
 
 Response:
 
 -   Success - HTTP 204 with No Content.
--   Failure/Error - HTTP 404 Not Found. This error may be returned if the specified device or tenant cannot be found.
+-   Failure/Error - HTTP 404 Not Found. This error may be returned if the specified device or tenant can't be found.
 
 ## Data loss during unenrollment from Azure Active Directory Join
 
-When a user is enrolled into MDM through Azure Active Directory Join and then disconnects the enrollment, there is no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message does not indicate the loss of WIP data.
+When a user is enrolled into MDM through Azure Active Directory Join and then disconnects the enrollment, there's no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message doesn't indicate the loss of WIP data.
 
-![aadj unenrollment](images/azure-ad-unenrollment.png)
+![aadj unenrollment.](images/azure-ad-unenrollment.png)
 
 ## Error codes
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    CodeIDError message
                    0x80180001"idErrorServerConnectivity", // MENROLL_E_DEVICE_MESSAGE_FORMAT_ERROR
                    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}
                    0x80180002"idErrorAuthenticationFailure", // MENROLL_E_DEVICE_AUTHENTICATION_ERROR
                    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.
                    0x80180003"idErrorAuthorizationFailure", // MENROLL_E_DEVICE_AUTHORIZATION_ERROR
                    This user is not authorized to enroll. You can try to do this again or contact your system administrator with the error code {0}.
                    0x80180004"idErrorMDMCertificateError", // MENROLL_E_DEVICE_CERTIFCATEREQUEST_ERROR
                    There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.
                    0x80180005"idErrorServerConnectivity", // MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR
                    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}
                    0x80180006"idErrorServerConnectivity", // MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR
                    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}
                    0x80180007"idErrorAuthenticationFailure", // MENROLL_E_DEVICE_INVALIDSECURITY_ERROR
                    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.
                    0x80180008"idErrorServerConnectivity", // MENROLL_E_DEVICE_UNKNOWN_ERROR
                    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}
                    0x80180009"idErrorAlreadyInProgress", // MENROLL_E_ENROLLMENT_IN_PROGRESS
                    Another enrollment is in progress. You can try to do this again or contact your system administrator with the error code {0}.
                    0x8018000A"idErrorMDMAlreadyEnrolled", // MENROLL_E_DEVICE_ALREADY_ENROLLED
                    This device is already enrolled. You can contact your system administrator with the error code {0}.
                    0x8018000D"idErrorMDMCertificateError", // MENROLL_E_DISCOVERY_SEC_CERT_DATE_INVALID
                    There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.
                    0x8018000E"idErrorAuthenticationFailure", // MENROLL_E_PASSWORD_NEEDED
                    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.
                    0x8018000F"idErrorAuthenticationFailure", // MENROLL_E_WAB_ERROR
                    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.
                    0x80180010"idErrorServerConnectivity", // MENROLL_E_CONNECTIVITY
                    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}
                    0x80180012"idErrorMDMCertificateError", // MENROLL_E_INVALIDSSLCERT
                    There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.
                    0x80180013"idErrorDeviceLimit", // MENROLL_E_DEVICECAPREACHED
                    Looks like there are too many devices or users for this account. Contact your system administrator with the error code {0}.
                    0x80180014"idErrorMDMNotSupported", // MENROLL_E_DEVICENOTSUPPORTED
                    This feature is not supported. Contact your system administrator with the error code {0}.
                    0x80180015"idErrorMDMNotSupported", // MENROLL_E_NOTSUPPORTED
                    This feature is not supported. Contact your system administrator with the error code {0}.
                    0x80180016"idErrorMDMRenewalRejected", // MENROLL_E_NOTELIGIBLETORENEW
                    The server did not accept the request. You can try to do this again or contact your system administrator with the error code {0}.
                    0x80180017"idErrorMDMAccountMaintenance", // MENROLL_E_INMAINTENANCE
                    The service is in maintenance. You can try to do this again later or contact your system administrator with the error code {0}.
                    0x80180018"idErrorMDMLicenseError", // MENROLL_E_USERLICENSE
                    There was an error with your license. You can try to do this again or contact your system administrator with the error code {0}.
                    0x80180019"idErrorInvalidServerConfig", // MENROLL_E_ENROLLMENTDATAINVALID
                    Looks like the server is not correctly configured. You can try to do this again or contact your system administrator with the error code {0}.
                    "rejectedTermsOfUse""idErrorRejectedTermsOfUse"
                    Your organization requires that you agree to the Terms of Use. Please try again or ask your support person for more information.
                    0x801c0001"idErrorServerConnectivity", // DSREG_E_DEVICE_MESSAGE_FORMAT_ERROR
                    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}
                    0x801c0002"idErrorAuthenticationFailure", // DSREG_E_DEVICE_AUTHENTICATION_ERROR
                    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.
                    0x801c0003"idErrorAuthorizationFailure", // DSREG_E_DEVICE_AUTHORIZATION_ERROR
                    This user is not authorized to enroll. You can try to do this again or contact your system administrator with the error code {0}.
                    0x801c0006"idErrorServerConnectivity", // DSREG_E_DEVICE_INTERNALSERVICE_ERROR
                    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}
                    0x801c000B"idErrorUntrustedServer", // DSREG_E_DISCOVERY_REDIRECTION_NOT_TRUSTEDThe server being contacted is not trusted. Contact your system administrator with the error code {0}.
                    0x801c000C"idErrorServerConnectivity", // DSREG_E_DISCOVERY_FAILED
                    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}
                    0x801c000E"idErrorDeviceLimit", // DSREG_E_DEVICE_REGISTRATION_QUOTA_EXCCEEDED
                    Looks like there are too many devices or users for this account. Contact your system administrator with the error code {0}.
                    0x801c000F"idErrorDeviceRequiresReboot", // DSREG_E_DEVICE_REQUIRES_REBOOT
                    A reboot is required to complete device registration.
                    0x801c0010"idErrorInvalidCertificate", // DSREG_E_DEVICE_AIK_VALIDATION_ERROR
                    Looks like you have an invalid certificate. Contact your system administrator with the error code {0}.
                    0x801c0011"idErrorAuthenticationFailure", // DSREG_E_DEVICE_ATTESTATION_ERROR
                    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.
                    0x801c0012"idErrorServerConnectivity", // DSREG_E_DISCOVERY_BAD_MESSAGE_ERROR
                    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}
                    0x801c0013"idErrorAuthenticationFailure", // DSREG_E_TENANTID_NOT_FOUND
                    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.
                    0x801c0014"idErrorAuthenticationFailure", // DSREG_E_USERSID_NOT_FOUND
                    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.
                    
-
- 
-
+|Code|ID|Error message|
+|--- |--- |--- |
+|0x80180001|"idErrorServerConnectivity", // MENROLL_E_DEVICE_MESSAGE_FORMAT_ERROR|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}|
+|0x80180002|"idErrorAuthenticationFailure", // MENROLL_E_DEVICE_AUTHENTICATION_ERROR|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.|
+|0x80180003|"idErrorAuthorizationFailure", // MENROLL_E_DEVICE_AUTHORIZATION_ERROR|This user isn't authorized to enroll. You can try to do this again or contact your system administrator with the error code {0}.|
+|0x80180004|"idErrorMDMCertificateError", // MENROLL_E_DEVICE_CERTIFCATEREQUEST_ERROR|There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.|
+|0x80180005|"idErrorServerConnectivity", // MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}|
+|0x80180006|"idErrorServerConnectivity", // MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}|
+|0x80180007|"idErrorAuthenticationFailure", // MENROLL_E_DEVICE_INVALIDSECURITY_ERROR|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.|
+|0x80180008|"idErrorServerConnectivity", // MENROLL_E_DEVICE_UNKNOWN_ERROR|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}|
+|0x80180009|"idErrorAlreadyInProgress", // MENROLL_E_ENROLLMENT_IN_PROGRESS|Another enrollment is in progress. You can try to do this again or contact your system administrator with the error code {0}.|
+|0x8018000A|"idErrorMDMAlreadyEnrolled", // MENROLL_E_DEVICE_ALREADY_ENROLLED|This device is already enrolled. You can contact your system administrator with the error code {0}.|
+|0x8018000D|"idErrorMDMCertificateError", // MENROLL_E_DISCOVERY_SEC_CERT_DATE_INVALID|There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.|
+|0x8018000E|"idErrorAuthenticationFailure", // MENROLL_E_PASSWORD_NEEDED|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.|
+|0x8018000F|"idErrorAuthenticationFailure", // MENROLL_E_WAB_ERROR|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.|
+|0x80180010|"idErrorServerConnectivity", // MENROLL_E_CONNECTIVITY|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}|
+|0x80180012|"idErrorMDMCertificateError", // MENROLL_E_INVALIDSSLCERT|There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.|
+|0x80180013|"idErrorDeviceLimit", // MENROLL_E_DEVICECAPREACHED|Looks like there are too many devices or users for this account. Contact your system administrator with the error code {0}.|
+|0x80180014|"idErrorMDMNotSupported", // MENROLL_E_DEVICENOTSUPPORTED|This feature isn't supported. Contact your system administrator with the error code {0}.|
+|0x80180015|"idErrorMDMNotSupported", // MENROLL_E_NOTSUPPORTED|This feature isn't supported. Contact your system administrator with the error code {0}.|
+|0x80180016|"idErrorMDMRenewalRejected", // MENROLL_E_NOTELIGIBLETORENEW|The server did not accept the request. You can try to do this again or contact your system administrator with the error code {0}.|
+|0x80180017|"idErrorMDMAccountMaintenance", // MENROLL_E_INMAINTENANCE|The service is in maintenance. You can try to do this again later or contact your system administrator with the error code {0}.|
+|0x80180018|"idErrorMDMLicenseError", // MENROLL_E_USERLICENSE|There was an error with your license. You can try to do this again or contact your system administrator with the error code {0}.|
+|0x80180019|"idErrorInvalidServerConfig", // MENROLL_E_ENROLLMENTDATAINVALID|Looks like the server isn't correctly configured. You can try to do this again or contact your system administrator with the error code {0}.|
+|"rejectedTermsOfUse"|"idErrorRejectedTermsOfUse"|Your organization requires that you agree to the Terms of Use. Please try again or ask your support person for more information.|
+|0x801c0001|"idErrorServerConnectivity", // DSREG_E_DEVICE_MESSAGE_FORMAT_ERROR|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}|
+|0x801c0002|"idErrorAuthenticationFailure", // DSREG_E_DEVICE_AUTHENTICATION_ERROR|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.|
+|0x801c0003|"idErrorAuthorizationFailure", // DSREG_E_DEVICE_AUTHORIZATION_ERROR|This user isn't authorized to enroll. You can try to do this again or contact your system administrator with the error code {0}.|
+|0x801c0006|"idErrorServerConnectivity", // DSREG_E_DEVICE_INTERNALSERVICE_ERROR|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}|
+|0x801c000B|"idErrorUntrustedServer", // DSREG_E_DISCOVERY_REDIRECTION_NOT_TRUSTED|The server being contacted isn't trusted. Contact your system administrator with the error code {0}.|
+|0x801c000C|"idErrorServerConnectivity", // DSREG_E_DISCOVERY_FAILED|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}|
+|0x801c000E|"idErrorDeviceLimit", // DSREG_E_DEVICE_REGISTRATION_QUOTA_EXCCEEDED|Looks like there are too many devices or users for this account. Contact your system administrator with the error code {0}.|
+|0x801c000F|"idErrorDeviceRequiresReboot", // DSREG_E_DEVICE_REQUIRES_REBOOT|A reboot is required to complete device registration.|
+|0x801c0010|"idErrorInvalidCertificate", // DSREG_E_DEVICE_AIK_VALIDATION_ERROR|Looks like you have an invalid certificate. Contact your system administrator with the error code {0}.|
+|0x801c0011|"idErrorAuthenticationFailure", // DSREG_E_DEVICE_ATTESTATION_ERROR|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.|
+|0x801c0012|"idErrorServerConnectivity", // DSREG_E_DISCOVERY_BAD_MESSAGE_ERROR|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}|
+|0x801c0013|"idErrorAuthenticationFailure", // DSREG_E_TENANTID_NOT_FOUND|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.|
+|0x801c0014|"idErrorAuthenticationFailure", // DSREG_E_USERSID_NOT_FOUND|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.|
diff --git a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md b/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
index 21499425a9..ce25592491 100644
--- a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
+++ b/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
@@ -20,10 +20,10 @@ manager: dansimp
 2. Select **Mobility (MDM and MAM)**, and find the Microsoft Intune app.
 3. Select **Microsoft Intune** and configure the blade. 
 
-![How to get to the Blade](images/azure-mdm-intune.png) 
+![How to get to the Blade.](images/azure-mdm-intune.png) 
 
 Configure the blade                                                                      
 
-![Configure the Blade](images/azure-intune-configure-scope.png) 
+![Configure the Blade.](images/azure-intune-configure-scope.png) 
 
 You can specify settings to allow all users to enroll a device and make it Intune ready, or choose to allow some users (and then add a group of users). 
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index f19bba4d59..b4564bd96c 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -7,38 +7,48 @@ ms.prod: w10
 ms.technology: windows
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 04/16/2020
+ms.date: 02/04/2022
 ms.reviewer: 
 manager: dansimp
+ms.collection: highpri
 ---
 # BitLocker CSP
 
-The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it is also supported in Windows 10 Pro.
+The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it's also supported in Windows 10 Pro.
 
 > [!NOTE]
-> Settings are enforced only at the time encryption is started. Encryption is not restarted with settings changes.
+> Settings are enforced only at the time encryption is started. Encryption isn't restarted with settings changes.
 > 
 > You must send all the settings together in a single SyncML to be effective.
 
-A Get operation on any of the settings, except for RequireDeviceEncryption and RequireStorageCardEncryption, returns
-the setting configured by the admin.
+A `Get` operation on any of the settings, except for `RequireDeviceEncryption` and `RequireStorageCardEncryption`, returns the setting configured by the admin.
 
-For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation returns the actual status of enforcement to the admin, such as if Trusted Platform Module (TPM) protection is required and if encryption is required. And if the device has BitLocker enabled but with password protector, the status reported is 0. A Get operation on RequireDeviceEncryption does not verify that a minimum PIN length is enforced (SystemDrivesMinimumPINLength).
+For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation returns the actual status of enforcement to the admin, such as if Trusted Platform Module (TPM) protection is required and if encryption is required. And if the device has BitLocker enabled but with password protector, the status reported is 0. A Get operation on RequireDeviceEncryption doesn't verify that a minimum PIN length is enforced (SystemDrivesMinimumPINLength).
 
-The following shows the BitLocker configuration service provider in tree format.
-```
+The following example shows the BitLocker configuration service provider in tree format.
+
+```console
 ./Device/Vendor/MSFT
 BitLocker
 ----RequireStorageCardEncryption
 ----RequireDeviceEncryption
 ----EncryptionMethodByDriveType
+----IdentificationField
+----SystemDrivesEnablePreBootPinExceptionOnDECapableDevice
+----SystemDrivesEnhancedPIN
+----SystemDrivesDisallowStandardUsersCanChangePIN
+----SystemDrivesEnablePrebootInputProtectorsOnSlates
+----SystemDrivesEncryptionType
 ----SystemDrivesRequireStartupAuthentication
 ----SystemDrivesMinimumPINLength
 ----SystemDrivesRecoveryMessage
 ----SystemDrivesRecoveryOptions
 ----FixedDrivesRecoveryOptions
 ----FixedDrivesRequireEncryption
+----FixedDrivesEncryptionType
 ----RemovableDrivesRequireEncryption
+----RemovableDrivesEncryptionType
+----RemovableDrivesConfigureBDE
 ----AllowWarningForOtherDiskEncryption
 ----AllowStandardUserEncryption
 ----ConfigureRecoveryPasswordRotation
@@ -48,97 +58,35 @@ BitLocker
 --------RotateRecoveryPasswordsStatus
 --------RotateRecoveryPasswordsRequestID
 ```
+
+> [!TIP]
+> Some of the policies here are ADMX-backed policies. For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+
 **./Device/Vendor/MSFT/BitLocker**  
 Defines the root node for the BitLocker configuration service provider.
 
-**RequireStorageCardEncryption**  
-
-Allows the administrator to require storage card encryption on the device. This policy is valid only for a mobile SKU.
-
-
-
-
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck markcheck mark
                     
-
 
-Data type is integer. Sample value for this node to enable this policy: 1. Disabling this policy will not turn off the encryption on the storage card, but the user will no longer be prompted to turn it on.
-
-- 0 (default) – Storage cards do not need to be encrypted.
-- 1 – Require storage cards to be encrypted.  
-
-Disabling this policy will not turn off the encryption on the system card, but the user will no longer be prompted to turn it on.
-
-If you want to disable this policy use the following SyncML:
-
-```xml
-
-    
-        
-            $CmdID$
-            
-                
-                    ./Device/Vendor/MSFT/BitLocker/RequireStorageCardEncryption
-                
-                
-                    int
-                
-                0
-                
-        
-    
-
-```
-
-Data type is integer. Supported operations are Add, Get, Replace, and Delete.
-
-
 **RequireDeviceEncryption**  
 
-Allows the administrator to require encryption to be turned on by using BitLocker\Device Encryption.
+Allows the administrator to require encryption that needs to be turned on by using BitLocker\Device Encryption.
 
 
-
-
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcheck markcheck mark
                     
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 Data type is integer. Sample value for this node to enable this policy: 1.
 Supported operations are Add, Get, Replace, and Delete.
 
-Status of OS volumes and encryptable fixed data volumes are checked with a Get operation. Typically, BitLocker/Device Encryption will follow whichever value [EncryptionMethodByDriveType](#encryptionmethodbydrivetype) policy is set to. However, this policy setting will be ignored for self-encrypting fixed drives and self-encrypting OS drives.
+The status of OS volumes and encryptable fixed data volumes is checked with a Get operation. Typically, BitLocker/Device Encryption will follow whichever value [EncryptionMethodByDriveType](#encryptionmethodbydrivetype) policy is set to. However, this policy setting will be ignored for self-encrypting fixed drives and self-encrypting OS drives.
 
-Encryptable fixed data volumes are treated similarly to OS volumes. However, fixed data volumes must meet additional criteria to be considered encryptable:
+Encryptable fixed data volumes are treated similarly to OS volumes. However, fixed data volumes must meet other criteria to be considered encryptable:
 
 - It must not be a dynamic volume.
 - It must not be a recovery partition.
@@ -149,8 +97,8 @@ Encryptable fixed data volumes are treated similarly to OS volumes. However, fix
 
 The following list shows the supported values:
 
--   0 (default) — Disable. If the policy setting is not set or is set to 0, the device's enforcement status is not checked. The policy does not enforce encryption and it does not decrypt encrypted volumes.
--   1 – Enable. The device's enforcement status is checked. Setting this policy to 1 triggers encryption of all drives (silently or non-silently based on [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption) policy).  
+- 0 (default): Disable. If the policy setting isn't set or is set to 0, the device's enforcement status isn't checked. The policy doesn't enforce encryption and it doesn't decrypt encrypted volumes.
+- 1: Enable. The device's enforcement status is checked. Setting this policy to 1 triggers encryption of all drives (silently or non-silently based on [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption) policy).  
 
 If you want to disable this policy, use the following SyncML:
 
@@ -172,51 +120,42 @@ If you want to disable this policy, use the following SyncML:
     
                             
 ```
+
+> [!NOTE]
+> Currently only full disk encryption is supported when using this CSP for silent encryption. For non-silent encryption, encryption type will depend on `SystemDrivesEncryptionType` and `FixedDrivesEncryptionType` configured on the device.
+
 
 
 **EncryptionMethodByDriveType**
 
-Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".
+Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the BitLocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".
 
 
-
-
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross markcross mark
                     
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 ADMX Info:
-
                      
-
                    • GP English name: Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
                      • 
-
                    • GP name: EncryptionMethodWithXts_Name
                      • 
-
                    • GP path: Windows Components/Bitlocker Drive Encryption
                      • 
-
                    • GP ADMX file name: VolumeEncryption.admx
                      • 
-
                    
-
 
-> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+- GP Friendly name: *Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)*
+- GP name: *EncryptionMethodWithXts_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption*
+- GP ADMX file name: *VolumeEncryption.admx*
+
+
 
 This setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted, or if encryption is in progress.
 
-If you enable this setting you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually. For fixed and operating system drives, we recommend that you use the XTS-AES algorithm. For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10, version 1511.
+If you enable this setting, you'll be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually. For fixed and operating system drives, we recommend that you use the XTS-AES algorithm. For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that aren't running Windows 10, version 1511.
 
-If you disable or do not configure this policy setting, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption method specified by any setup script.
+If you disable or don't configure this policy setting, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption method specified by any setup script.
 
  Sample value for this node to enable this policy and set the encryption methods is:
 
@@ -224,9 +163,9 @@ If you disable or do not configure this policy setting, BitLocker will use the d
  
 ```
 
-EncryptionMethodWithXtsOsDropDown_Name = Select the encryption method for operating system drives
-EncryptionMethodWithXtsFdvDropDown_Name = Select the encryption method for fixed data drives.
-EncryptionMethodWithXtsRdvDropDown_Name = Select the encryption method for removable data drives.
+- EncryptionMethodWithXtsOsDropDown_Name = Select the encryption method for operating system drives.
+- EncryptionMethodWithXtsFdvDropDown_Name = Select the encryption method for fixed data drives.
+- EncryptionMethodWithXtsRdvDropDown_Name = Select the encryption method for removable data drives.
 
  The possible values for 'xx' are:
 
@@ -238,7 +177,7 @@ EncryptionMethodWithXtsRdvDropDown_Name = Select the encryption method for remov
 > [!NOTE]
 > When you enable EncryptionMethodByDriveType, you must specify values for all three drives (operating system, fixed data, and removable data), otherwise it will fail (500 return status). For example, if you only set the encrytion method for the OS and removable drives, you will get a 500 return status.  
 
-  If you want to disable this policy use the following SyncML: 
+  If you want to disable this policy, use the following SyncML: 
 
 ```xml
 
@@ -255,54 +194,318 @@ EncryptionMethodWithXtsRdvDropDown_Name = Select the encryption method for remov
 
 ```
 
-Data type is string. Supported operations are Add, Get, Replace, and Delete.
+Data type is string.
+
+Supported operations are Add, Get, Replace, and Delete.
+
+
+**IdentificationField**  
+
+Allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+- GP Friendly name: *Provide the unique identifiers for your organization*
+- GP name: *IdentificationField_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption*
+- GP ADMX file name: *VolumeEncryption.admx*
+
+
+
+This setting is used to establish an identifier that is applied to all encrypted drives in your organization.
+
+Identifiers are stored as the identification field and the allowed identification field. You can configure the following identification fields on existing drives by using the [Manage-bde](/windows-server/administration/windows-commands/manage-bde):
+
+- **BitLocker identification field**: It allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. This identifier is automatically added to new BitLocker-protected drives, and it can be updated on existing BitLocker-protected drives by using the Manage-bde command-line tool. For more information about the tool to manage BitLocker, see [Manage-bde](/windows-server/administration/windows-commands/manage-bde). An identification field is required to manage certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To Go Reader. BitLocker manages and updates data recovery agents only when the identification field on the drive matches the value that is configured in the identification field. In a similar manner, BitLocker updates the BitLocker To Go Reader only when the identification field on the drive matches the value that is configured for the identification field.
+
+- **Allowed BitLocker identification field**: The allowed identification field is used in combination with the 'Deny write access to removable drives not protected by BitLocker' policy setting to help control the use of removable drives in your organization. It's a comma-separated list of identification fields from your organization or external organizations.
+
+>[!Note]
+>When a BitLocker-protected drive is mounted on another BitLocker-enabled computer, the identification field and the allowed identification field are used to determine whether the drive is from an outside organization.
+
+If you enable this policy setting, you can configure the identification field on the BitLocker-protected drive and any allowed identification field that is used by your organization.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+
+Data ID:
+
+- IdentificationField: This is a BitLocker identification field.
+- SecIdentificationField: This is an allowed BitLocker identification field.
+
+If you disable or don't configure this setting, the identification field isn't required.
+
+>[!Note]
+>Multiple values separated by commas can be entered in the identification and allowed identification fields. The identification field can be any value up to 260 characters.
+
+
+
+
+**SystemDrivesEnablePreBootPinExceptionOnDECapableDevice**  
+
+Allows users on devices that are compliant with InstantGo or the Microsoft Hardware Security Test Interface (HSTI) to not have a PIN for preboot authentication.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+- GP Friendly name: *Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN*
+- GP name: *EnablePreBootPinExceptionOnDECapableDevice_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption/Operating System Drives*
+- GP ADMX file name: *VolumeEncryption.admx*
+
+
+
+This setting allows users on devices that are compliant with InstantGo or Microsoft Hardware Security Test Interface (HSTI) to not have a PIN for pre-boot authentication. This setting overrides the "Require startup PIN with TPM" option of the "Require additional authentication at startup" policy on compliant hardware.
+
+If you enable this policy setting, users on InstantGo and HSTI compliant devices will have the choice to turn on BitLocker without pre-boot authentication.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+
+If this policy is disabled, the options of "Require additional authentication at startup" policy apply.
+
+
+
+**SystemDrivesEnhancedPIN**  
+
+Allows users to configure whether or not enhanced startup PINs are used with BitLocker.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+- GP Friendly name: *Allow enhanced PINs for startup*
+- GP name: *EnhancedPIN_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption/Operating System Drives*
+- GP ADMX file name: *VolumeEncryption.admx*
+
+
+
+This setting permits the use of enhanced PINs when you use an unlock method that includes a PIN. Enhanced startup PINs permit the usage of characters (including uppercase and lowercase letters, symbols, numbers, and spaces). This policy setting is applied when you turn on BitLocker.
+
+>[!Note]
+>Not all computers support enhanced PIN characters in the preboot environment. It's strongly recommended that users perform a system check during the BitLocker setup to verify that enhanced PIN characters can be used.
+
+If you enable this policy setting, all new BitLocker startup PINs that are set will be enhanced PINs. Existing drives that were protected by using standard startup PINs aren't affected.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+
+If you disable or don't configure this policy setting, enhanced PINs won't be used.
+
+
+
+**SystemDrivesDisallowStandardUsersCanChangePIN**  
+
+Allows you to configure whether standard users are allowed to change BitLocker PIN or password that is used to protect the operating system drive.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+- GP Friendly name: *Disallow standard users from changing the PIN or password*
+- GP name: *DisallowStandardUsersCanChangePIN_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption/Operating System Drives*
+- GP ADMX file name: *VolumeEncryption.admx*
+
+
+
+This policy setting allows you to configure whether or not standard users are allowed to change the PIN or password, that is used to protect the operating system drive.
+
+>[!Note]
+>To change the PIN or password, the user must be able to provide the current PIN or password. This policy setting is applied when you turn on BitLocker.
+
+If you enable this policy setting, standard users won't be allowed to change BitLocker PINs or passwords.
+
+If you disable or don't configure this policy setting, standard users will be permitted to change BitLocker PINs or passwords.
+
+Sample value for this node to disable this policy is:
+
+```xml
+
+```
+
+
+
+**SystemDrivesEnablePrebootInputProtectorsOnSlates**  
+
+Allows users to enable authentication options that require user input from the preboot environment, even if the platform indicates a lack of preboot input capability.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+- GP Friendly name: *Enable use of BitLocker authentication requiring preboot keyboard input on slates*
+- GP name: *EnablePrebootInputProtectorsOnSlates_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption/Operating System Drives*
+- GP ADMX file name: *VolumeEncryption.admx*
+
+
+
+The Windows touch keyboard (such as used by tablets) isn't available in the preboot environment where BitLocker requires additional information, such as a PIN or password.
+
+It's recommended that administrators enable this policy only for devices that are verified to have an alternative means of preboot input, such as attaching a USB keyboard.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+
+If this policy is disabled, the Windows Recovery Environment must be enabled on tablets to support entering the BitLocker recovery password.
+
+When the Windows Recovery Environment isn't enabled and this policy isn't enabled, you can't turn on BitLocker on a device that uses the Windows touch keyboard.
+
+>[!Note]
+>If you don't enable this policy setting, the following options in the **Require additional authentication at startup policy** might not be available:
+>
+>- Configure TPM startup PIN: Required and Allowed
+>- Configure TPM startup key and PIN: Required and Allowed
+>- Configure use of passwords for operating system drives
+
+
+
+
+**SystemDrivesEncryptionType**  
+
+Allows you to configure the encryption type that is used by BitLocker.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+- GP Friendly name: *Enforce drive encryption type on operating system drives*
+- GP name: *OSEncryptionType_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption/Operating System Drives*
+- GP ADMX file name: *VolumeEncryption.admx*
+
+
+
+This policy setting is applied when you turn on BitLocker. Changing the encryption type will have no effect if the drive is already encrypted or if encryption is in progress.
+
+Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on.
+
+If you enable this policy setting, the encryption type that BitLocker uses to encrypt drives is defined by this policy, and the encryption type option isn't presented in the BitLocker Setup Wizard.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+
+If this policy is disabled, the BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.
+
+>[!Note]
+>This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method. 
+>For example, when a drive that's using Used Space Only encryption is expanded, the new free space isn't wiped as it would be for a drive that uses Full encryption. The user could wipe the free space on a Used Space Only drive by using the following command: `manage-bde -w`. If the volume is shrunk, no action is taken for the new free space.
+
+For more information about the tool to manage BitLocker, see [Manage-bde](/windows-server/administration/windows-commands/manage-bde).
+
 
 
 **SystemDrivesRequireStartupAuthentication**  
 
-This setting is a direct mapping to the Bitlocker Group Policy "Require additional authentication at startup".
+This setting is a direct mapping to the BitLocker Group Policy "Require additional authentication at startup".
 
 
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross mark
                     
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 ADMX Info:
-
                      
-
                    • GP English name: Require additional authentication at startup
                      • 
-
                    • GP name: ConfigureAdvancedStartup_Name
                      • 
-
                    • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
                      • 
-
                    • GP ADMX file name: VolumeEncryption.admx
                      • 
-
                    
+
+- GP Friendly name: *Require additional authentication at startup*
+- GP name: *ConfigureAdvancedStartup_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption/Operating System Drives*
+- GP ADMX file name: *VolumeEncryption.admx*
+
 
 
-> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
-
-This setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a TPM. This setting is applied when you turn on BitLocker.
+This setting allows you to configure whether BitLocker requires more authentication each time the computer starts and whether you're using BitLocker with or without a TPM. This setting is applied when you turn on BitLocker.
 
 > [!NOTE]
-> Only one of the additional authentication options can be required at startup, otherwise an error occurs.
+> Only one of the additional authentication options is required at startup, otherwise an error occurs.
 
-If you want to use BitLocker on a computer without a TPM, set the "ConfigureNonTPMStartupKeyUsage_Name" data. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the password then you will need to use one of the BitLocker recovery options to access the drive.
+If you want to use BitLocker on a computer without a TPM, set the "ConfigureNonTPMStartupKeyUsage_Name" data. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted, the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable, or if you have forgotten the password, then you'll need to use one of the BitLocker recovery options to access the drive.
 
 On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.
 
@@ -311,43 +514,42 @@ On a computer with a compatible TPM, four types of authentication methods can be
 
 If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.
 
-If you disable or do not configure this setting, users can configure only basic options on computers with a TPM.
+If you disable or don't configure this setting, users can configure only basic options on computers with a TPM.
 
 > [!NOTE]
 > If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.
 
 > [!NOTE] 
-> Devices that pass Hardware Security Testability Specification (HSTI) validation or Modern 
-> Standby devices will not be able to configure a Startup PIN using this CSP. Users are required to manually configure the PIN.
+> Devices that pass Hardware Security Testability Specification (HSTI) validation or Modern Standby devices won't be able to configure a Startup PIN using this CSP. Users are required to manually configure the PIN.
 
 Sample value for this node to enable this policy is:
 
 ```xml
 
 ```
-Data id:
-
                      
-
                    • ConfigureNonTPMStartupKeyUsage_Name = Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive).
                      • 
-
                    • ConfigureTPMStartupKeyUsageDropDown_Name = (for computer with TPM) Configure TPM startup key.
                      • 
-
                    • ConfigurePINUsageDropDown_Name = (for computer with TPM) Configure TPM startup PIN.
                      • 
-
                    • ConfigureTPMPINKeyUsageDropDown_Name = (for computer with TPM) Configure TPM startup key and PIN.
                      • 
-
                    • ConfigureTPMUsageDropDown_Name = (for computer with TPM) Configure TPM startup.
                      • 
-
                    
+
+Data ID:
+
+- ConfigureNonTPMStartupKeyUsage_Name = Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive).
+- ConfigureTPMStartupKeyUsageDropDown_Name = (for computer with TPM) Configure TPM startup key.
+- ConfigurePINUsageDropDown_Name = (for computer with TPM) Configure TPM startup PIN.
+- ConfigureTPMPINKeyUsageDropDown_Name = (for computer with TPM) Configure TPM startup key and PIN.
+- ConfigureTPMUsageDropDown_Name = (for computer with TPM) Configure TPM startup.
+
 
 The possible values for 'xx' are:
-
                      
-
                    • true = Explicitly allow
                      • 
-
                    • false = Policy not set
                      • 
-
                    
+
+- true = Explicitly allow
+- false = Policy not set
 
 The possible values for 'yy' are:
-
                      
-
                    • 2 = Optional
                      • 
-
                    • 1 = Required
                      • 
-
                    • 0 = Disallowed
                      • 
-
                    
+
+- 2 = Optional
+- 1 = Required
+- 0 = Disallowed
+
 
-Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
+Disabling the policy will let the system choose the default behaviors. If you want to disable this policy, use the following SyncML:
 
 ```xml
  
@@ -363,58 +565,48 @@ Disabling the policy will let the system choose the default behaviors. If you wa
    
  
 ```
-Data type is string. Supported operations are Add, Get, Replace, and Delete.
+
+Data type is string. 
+
+Supported operations are Add, Get, Replace, and Delete.
 
+
 
 **SystemDrivesMinimumPINLength**  
 
-This setting is a direct mapping to the Bitlocker Group Policy "Configure minimum PIN length for startup".
+This setting is a direct mapping to the BitLocker Group Policy "Configure minimum PIN length for startup".
 
 
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross mark
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 ADMX Info:
-
                      
-
                    • GP English name:Configure minimum PIN length for startup
                      • 
-
                    • GP name: MinimumPINLength_Name
                      • 
-
                    • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
                      • 
-
                    • GP ADMX file name: VolumeEncryption.admx
                      • 
-
                    
+
+- GP Friendly name: *Configure minimum PIN length for startup*
+- GP name: *MinimumPINLength_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption/Operating System Drives*
+- GP ADMX file name: *VolumeEncryption.admx*
+
 
 
-> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
-
-This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.
+This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of six digits and can have a maximum length of 20 digits.
 
 > [!NOTE]
 > In Windows 10, version 1703 release B, you can use a minimum PIN length of 4 digits. 
 >
->In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This does not apply to TPM 1.2.
+>In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This doesn't apply to TPM 1.2.
 
-If you enable this setting, you can require a minimum number of digits to be used when setting the startup PIN.
+If you enable this setting, you will require a minimum number of digits to set the startup PIN.
 
-If you disable or do not configure this setting, users can configure a startup PIN of any length between 6 and 20 digits.
+If you disable or don't configure this setting, users can configure a startup PIN of any length between 6 and 20 digits.
 
 Sample value for this node to enable this policy is:
 
@@ -422,7 +614,7 @@ Sample value for this node to enable this policy is:
 
 ```
 
-Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
+Disabling the policy will let the system choose the default behaviors. If you want to disable this policy, use the following SyncML:
 
 ```xml
  
@@ -439,53 +631,41 @@ Disabling the policy will let the system choose the default behaviors. If you wa
  
 ```
 
-Data type is string. Supported operations are Add, Get, Replace, and Delete.
+Data type is string. 
+
+Supported operations are Add, Get, Replace, and Delete.
 
+
 
 **SystemDrivesRecoveryMessage** 
 
-This setting is a direct mapping to the Bitlocker Group Policy "Configure pre-boot recovery message and URL"
+This setting is a direct mapping to the BitLocker Group Policy "Configure pre-boot recovery message and URL"
 (PrebootRecoveryInfo_Name).
 
 
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross mark
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 ADMX Info:
-
                      
-
                    • GP English name: Configure pre-boot recovery message and URL
                      • 
-
                    • GP name: PrebootRecoveryInfo_Name
                      • 
-
                    • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
                      • 
-
                    • GP ADMX file name: VolumeEncryption.admx
                      • 
-
                    
-
 
-> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+- GP Friendly name: *Configure pre-boot recovery message and URL*
+- GP name: *PrebootRecoveryInfo_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption/Operating System Drives*
+- GP ADMX file name: *VolumeEncryption.admx*
+
+
 
 This setting lets you configure the entire recovery message or replace the existing URL that is displayed on the pre-boot key recovery screen when the OS drive is locked.
 
-
-If you set the value to "1" (Use default recovery message and URL), the default BitLocker recovery message and URL will be displayed in the pre-boot key recovery screen. If you have previously configured a custom recovery message or URL and want to revert to the default message, you must keep the policy enabled and set the value "1" (Use default recovery message and URL).
+If you set the value to "1" (Use default recovery message and URL), the default BitLocker recovery message and URL will be displayed in the pre-boot key recovery screen. If you've previously configured a custom recovery message or URL and want to revert to the default message, you must keep the policy enabled and set the value "1" (Use default recovery message and URL).
 
 If you set the value to "2" (Use custom recovery message), the message you set in the "RecoveryMessage_Input" data field will be displayed in the pre-boot key recovery screen. If a recovery URL is available, include it in the message.
 
@@ -509,7 +689,7 @@ The possible values for 'xx' are:
 > [!NOTE]
 > When you enable SystemDrivesRecoveryMessage, you must specify values for all three settings (pre-boot recovery screen, recovery message, and recovery URL), otherwise it will fail (500 return status). For example, if you only specify values for message and URL, you will get a 500 return status.
 
-Disabling the policy will let the system choose the default behaviors.  If you want to disable this policy use the following SyncML:
+Disabling the policy will let the system choose the default behaviors.  If you want to disable this policy, use the following SyncML:
 
 ```xml
 
@@ -527,68 +707,56 @@ Disabling the policy will let the system choose the default behaviors.  If you w
 ```
 
 > [!NOTE]
-> Not all characters and languages are supported in pre-boot. It is strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen.
+> Not all characters and languages are supported in pre-boot. It's strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen.
 
-Data type is string. Supported operations are Add, Get, Replace, and Delete.
+Data type is string. 
+
+Supported operations are Add, Get, Replace, and Delete.
 
 
 **SystemDrivesRecoveryOptions**  
 
-This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name).
+This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name).
 
 
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross mark
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 ADMX Info:
-
                      
-
                    • GP English name: Choose how BitLocker-protected operating system drives can be recovered
                      • 
-
                    • GP name: OSRecoveryUsage_Name
                      • 
-
                    • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
                      • 
-
                    • GP ADMX file name: VolumeEncryption.admx
                      • 
-
                    
+
+- GP Friendly name: *Choose how BitLocker-protected operating system drives can be recovered*
+- GP name: *OSRecoveryUsage_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption/Operating System Drives*
+- GP ADMX file name: *VolumeEncryption.admx*
+
 
 
-> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+This setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of required startup key information. This setting is applied when you turn on BitLocker.
 
-This setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This setting is applied when you turn on BitLocker.
-
-The "OSAllowDRA_Name" (Allow certificate-based data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.
+The "OSAllowDRA_Name" (Allow certificate-based data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used, it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. For more information about adding data recovery agents, see the BitLocker Drive Encryption Deployment Guide on Microsoft Docs.
 
 In "OSRecoveryPasswordUsageDropDown_Name" and "OSRecoveryKeyUsageDropDown_Name" (Configure user storage of BitLocker recovery information) set whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.
 
-Set "OSHideRecoveryPage_Name" (Omit recovery options from the BitLocker setup wizard) to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.
+Set "OSHideRecoveryPage_Name" (Omit recovery options from the BitLocker setup wizard) to prevent users from specifying recovery options when they turn on BitLocker on a drive. This setting means that you won't be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.
 
 Set "OSActiveDirectoryBackup_Name" (Save BitLocker recovery information to Active Directory Domain Services), to choose which BitLocker recovery information to store in AD DS for operating system drives (OSActiveDirectoryBackupDropDown_Name). If you set "1" (Backup recovery password and key package), both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you set "2" (Backup recovery password only), only the recovery password is stored in AD DS.
 
 Set the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
 
 > [!NOTE]
-> If the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field is set, a recovery password is automatically generated.
+> If the "OSRequireActiveDirectoryBackup_Name" (Don't enable BitLocker until recovery information is stored in AD DS for operating system drives) data field is set, a recovery password is automatically generated.
 
 If you enable this setting, you can control the methods available to users to recover data from BitLocker-protected operating system drives.
 
-If this setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.
+If this setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information isn't backed up to AD DS.
 
 Sample value for this node to enable this policy is:
 
@@ -597,19 +765,22 @@ Sample value for this node to enable this policy is:
 ```
 
 The possible values for 'xx' are:  
+
 - true = Explicitly allow
 - false = Policy not set
 
 The possible values for 'yy' are:  
+
 - 2 = Allowed
 - 1 = Required
 - 0 = Disallowed
 
 The possible values for 'zz' are:  
-- 2 = Store recovery passwords only
-- 1 = Store recovery passwords and key packages
+
+- 2 = Store recovery passwords only.
+- 1 = Store recovery passwords and key packages.
 
-Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
+Disabling the policy will let the system choose the default behaviors. If you want to disable this policy, use the following SyncML:
 
 ```xml
  
@@ -626,68 +797,56 @@ Disabling the policy will let the system choose the default behaviors. If you wa
  
 ```
 
-Data type is string. Supported operations are Add, Get, Replace, and Delete.
+Data type is string. 
+
+Supported operations are Add, Get, Replace, and Delete.
 
 
 **FixedDrivesRecoveryOptions**  
 
-This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" ().
+This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" ().
 
 
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross mark
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 ADMX Info:
-
                      
-
                    • GP English name: Choose how BitLocker-protected fixed drives can be recovered
                      • 
-
                    • GP name: FDVRecoveryUsage_Name
                      • 
-
                    • GP path: Windows Components/Bitlocker Drive Encryption/Fixed Drives
                      • 
-
                    • GP ADMX file name: VolumeEncryption.admx
                      • 
-
                    
-
 
-> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+- GP Friendly name: *Choose how BitLocker-protected fixed drives can be recovered*
+- GP name: *FDVRecoveryUsage_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption/Fixed Drives*
+- GP ADMX file name: *VolumeEncryption.admx*
+
+
 
 This setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This setting is applied when you turn on BitLocker.
 
-The "FDVAllowDRA_Name" (Allow data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.
+The "FDVAllowDRA_Name" (Allow data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives. Before a data recovery agent can be used, it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. For more information about adding data recovery agents, see the BitLocker Drive Encryption Deployment Guide on Microsoft Docs.
 
 In "FDVRecoveryPasswordUsageDropDown_Name" (Configure user storage of BitLocker recovery information) set whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.
 
-Set "FDVHideRecoveryPage_Name" (Omit recovery options from the BitLocker setup wizard) to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.
+Set "FDVHideRecoveryPage_Name" (Omit recovery options from the BitLocker setup wizard) to prevent users from specifying recovery options when they turn on BitLocker on a drive. This setting means that you won't be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.
 
 Set "FDVActiveDirectoryBackup_Name" (Save BitLocker recovery information to Active Directory Domain Services) to enable saving the recovery key to AD.
 
-Set the "FDVRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives) data field if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
+Set the "FDVRequireActiveDirectoryBackup_Name" (Don't enable BitLocker until recovery information is stored in AD DS for fixed data drives) data field if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
 
 Set the "FDVActiveDirectoryBackupDropDown_Name" (Configure storage of BitLocker recovery information to AD DS) to choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select "1" (Backup recovery password and key package), both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select "2" (Backup recovery password only) only the recovery password is stored in AD DS.
 
 > [!NOTE]
-> If the "FDVRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives) data field is set, a recovery password is automatically generated.
+> If the "FDVRequireActiveDirectoryBackup_Name" (Don't enable BitLocker until recovery information is stored in AD DS for fixed data drives) data field is set, a recovery password is automatically generated.
 
 If you enable this setting, you can control the methods available to users to recover data from BitLocker-protected fixed data drives.
 
-If this setting is not configured or disabled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.
+If this setting isn't configured or disabled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information isn't backed up to AD DS.
 
 Sample value for this node to enable this policy is:
 
@@ -696,26 +855,23 @@ Sample value for this node to enable this policy is:
 ```
 
 The possible values for 'xx' are:
-
                      
-
                    • true = Explicitly allow
                      • 
-
                    • false = Policy not set
                      • 
-
                    
+
+- true = Explicitly allow
+- false = Policy not set
 
 The possible values for 'yy' are:
-
                      
-
                    • 2 = Allowed
                      • 
-
                    • 1 = Required
                      • 
-
                    • 0 = Disallowed
                      • 
 
-
                    
+- 2 = Allowed
+- 1 = Required
+- 0 = Disallowed
 
 The possible values for 'zz' are:
-
                      
-
                    • 2 = Store recovery passwords only
                      • 
-
                    • 1 = Store recovery passwords and key packages
                      • 
-
                    
+
+- 2 = Store recovery passwords only
+- 1 = Store recovery passwords and key packages
+
 
-Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
+Disabling the policy will let the system choose the default behaviors. If you want to disable this policy, use the following SyncML:
 
 ```xml
  
@@ -732,51 +888,39 @@ Disabling the policy will let the system choose the default behaviors. If you wa
  
 ```
 
-Data type is string. Supported operations are Add, Get, Replace, and Delete.
+Data type is string. 
+
+Supported operations are Add, Get, Replace, and Delete.
 
 
 **FixedDrivesRequireEncryption**  
 
-This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name).
+This setting is a direct mapping to the BitLocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name).
 
 
-
-
-    
-    
-    
-    
-    
-    
-   
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross mark
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 ADMX Info:
-
                      
-
                    • GP English name: Deny write access to fixed drives not protected by BitLocker
                      • 
-
                    • GP name: FDVDenyWriteAccess_Name
                      • 
-
                    • GP path: Windows Components/Bitlocker Drive Encryption/Fixed Drives
                      • 
-
                    • GP ADMX file name: VolumeEncryption.admx
                      • 
-
                    
-
 
-> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+- GP Friendly name: *Deny write access to fixed drives not protected by BitLocker*
+- GP name: *FDVDenyWriteAccess_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption/Fixed Drives*
+- GP ADMX file name: *VolumeEncryption.admx*
+
+
 
 This setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer.
 
-If you enable this setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.
+If you enable this setting, all fixed data drives that aren't BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.
 
 Sample value for this node to enable this policy is:
 
@@ -784,7 +928,7 @@ Sample value for this node to enable this policy is:
 
 ```
 
-If you disable or do not configure this setting, all fixed data drives on the computer will be mounted with read and write access. If you want to disable this policy use the following SyncML:
+If you disable or don't configure this setting, all fixed data drives on the computer will be mounted with read and write access. If you want to disable this policy, use the following SyncML:
 
 ```xml
  
@@ -801,55 +945,90 @@ If you disable or do not configure this setting, all fixed data drives on the co
  
 ```
 
-Data type is string. Supported operations are Add, Get, Replace, and Delete.
+Data type is string. 
+
+Supported operations are Add, Get, Replace, and Delete.
+
+
+**FixedDrivesEncryptionType**  
+
+Allows you to configure the encryption type on fixed data drives that is used by BitLocker.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+- GP Friendly name: *Enforce drive encryption type on fixed data drives*
+- GP name: *FDVEncryptionType_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption/Fixed Data Drives*
+- GP ADMX file name: *VolumeEncryption.admx*
+
+
+
+This policy setting is applied when you turn on BitLocker and controls whether fixed data drives utilize Used Space Only encryption or Full encryption. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page, so no encryption selection is displayed to the user.
+
+Changing the encryption type will have no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require only a portion of the drive that is used to store data is encrypted when BitLocker is turned on.
+
+If you enable this policy setting, the encryption type that BitLocker uses to encrypt drives, and the encryption type option isn't presented in the BitLocker Setup Wizard.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+
+If this policy is disabled, the BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.
+
+>[!Note]
+>This policy is ignored when you're shrinking or expanding a volume and the BitLocker driver uses the current encryption method. 
+>For example, when a drive that's using Used Space Only encryption is expanded, the new free space isn't wiped as it would be for a drive that's using Full encryption. The user could wipe the free space on a Used Space Only drive by using the following command: `manage-bde -w`. If the volume is shrunk, no action is taken for the new free space.
+
+For more information about the tool to manage BitLocker, see [Manage-bde](/windows-server/administration/windows-commands/manage-bde).
+
 
 
 **RemovableDrivesRequireEncryption**  
 
-This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name).
+This setting is a direct mapping to the BitLocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name).
 
 
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross mark
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 ADMX Info:
-
                      
-
                    • GP English name: Deny write access to removable drives not protected by BitLocker
                      • 
-
                    • GP name: RDVDenyWriteAccess_Name
                      • 
-
                    • GP path: Windows Components/Bitlocker Drive Encryption/Removeable Drives
                      • 
-
                    • GP ADMX file name: VolumeEncryption.admx
                      • 
-
                    
-
 
-> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+- GP Friendly name: *Deny write access to removable drives not protected by BitLocker*
+- GP name: *RDVDenyWriteAccess_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption/Removeable Drives*
+- GP ADMX file name: *VolumeEncryption.admx*
+
+
 
 This setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive.
 
-If you enable this setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.
+If you enable this setting, all removable data drives that aren't BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.
 
-If the "RDVCrossOrg" (Deny write access to devices configured in another organization) option is set, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" group policy setting.
+If the "RDVCrossOrg" (Deny write access to devices configured in another organization) option is set, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed, it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" group policy setting.
 
-If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access.
+If you disable or don't configure this policy setting, all removable data drives on the computer will be mounted with read and write access.
 
 > [!NOTE]
 > This policy setting can be overridden by the group policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" group policy setting is enabled this policy setting will be ignored.
@@ -861,12 +1040,12 @@ Sample value for this node to enable this policy is:
 ```
 
 The possible values for 'xx' are:
-
                      
-
                    • true = Explicitly allow
                      • 
-
                    • false = Policy not set
                      • 
-
                    
+
+- true = Explicitly allow
+- false = Policy not set
+
 
-Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
+Disabling the policy will let the system choose the default behaviors. If you want to disable this policy, use the following SyncML:
 
 ```xml
  
@@ -882,11 +1061,103 @@ Disabling the policy will let the system choose the default behaviors. If you wa
    
  
 ```
+
+
+**RemovableDrivesEncryptionType**  
+
+Allows you to configure the encryption type that is used by BitLocker.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+- GP Friendly name: *Enforce drive encryption type on removable data drives*
+- GP name: *RDVEncryptionType_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption/Removable Data Drives*
+- GP ADMX file name: *VolumeEncryption.admx*
+
+
+
+This policy controls whether removed data drives utilize Full encryption or Used Space Only encryption, and is applied when you turn on BitLocker. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page, so no encryption selection displays to the user.
+
+Changing the encryption type will no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require only the portion of the drive that is used to store data is encrypted when BitLocker is turned on.
+
+If you enable this policy setting, the encryption type that BitLocker uses to encrypt drives is defined by this policy, and the encryption type option isn't presented in the BitLocker Setup Wizard.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+
+If this policy is disabled or not configured, the BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.
+
+
+
+**RemovableDrivesConfigureBDE**  
+
+Allows you to control the use of BitLocker on removable data drives.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+- GP Friendly name: *Control use of BitLocker on removable drives*
+- GP name: *RDVConfigureBDE_Name*
+- GP path: *Windows Components/BitLocker Drive Encryption/Removable Data Drives*
+- GP ADMX file name: *VolumeEncryption.admx*
+
+
+This policy setting is used to prevent users from turning BitLocker on or off on removable data drives, and is applied when you turn on BitLocker.
+
+For information about suspending BitLocker protection, see [BitLocker Basic Deployment](/windows/security/information-protection/bitlocker/bitlocker-basic-deployment) .
+
+The options for choosing property settings that control how users can configure BitLocker are:
+
+- **Allow users to apply BitLocker protection on removable data drives**: Enables the user to enable BitLocker on removable data drives.
+- **Allow users to suspend and decrypt BitLocker on removable data drives**: Enables the user to remove BitLocker from the drive or to suspend the encryption while performing maintenance.
+
+If you enable this policy setting, you can select property settings that control how users can configure BitLocker.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+Data ID:
+
+- RDVAllowBDE_Name: Allow users to apply BitLocker protection on removable data drives
+- RDVDisableBDE_Name: Allow users to suspend and decrypt BitLocker on removable data drives
+
+If this policy is disabled, users can't use BitLocker on removable disk drives.
+
+If you don't configure this policy setting, users can use BitLocker on removable disk drives.
+
 
 
 **AllowWarningForOtherDiskEncryption**  
 
-Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is also set to 1.
+Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is set to 1.
 
 > [!IMPORTANT]
 > Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. When RequireDeviceEncryption is set to 1 and AllowWarningForOtherDiskEncryption is set to 0, Windows will attempt to silently enable [BitLocker](/windows/device-security/bitlocker/bitlocker-overview).
@@ -894,26 +1165,15 @@ Allows the admin to disable the warning prompt for other disk encryption on the
 > [!Warning]
 > When you enable BitLocker on a device with third-party encryption, it may render the device unusable and require you to reinstall Windows.
 
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross mark
                     
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 The following list shows the supported values:
@@ -939,6 +1199,7 @@ The following list shows the supported values:
 >When you disable the warning prompt, the OS drive's recovery key will back up to the user's Azure Active Directory account. When you allow the warning prompt, the user who receives the prompt can select where to back up the OS drive's recovery key.
 >
 >The endpoint for a fixed data drive's backup is chosen in the following order:
+>
   >1. The user's Windows Server Active Directory Domain Services account.
   >2. The user's Azure Active Directory account.
   >3. The user's personal OneDrive (MDM/MAM only).
@@ -948,7 +1209,7 @@ The following list shows the supported values:
 
 **AllowStandardUserEncryption**
 
-Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user Azure AD account.
+Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user of Azure AD account.
 
 
 > [!NOTE]
@@ -956,36 +1217,25 @@ Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where pol
 
 "AllowStandardUserEncryption" policy is tied to "AllowWarningForOtherDiskEncryption" policy  being set to "0", i.e, silent encryption is enforced.
 
-If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user is the current logged on user in the system.
+If "AllowWarningForOtherDiskEncryption" isn't set, or is set to "1", "RequireDeviceEncryption" policy won't try to encrypt drive(s) if a standard user is the current logged on user in the system.
 
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross mark
                     
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 The expected values for this policy are:
 
 - 1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user.
-- 0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy will not try to enable encryption on any drive.
+- 0 = This value is the default value, when the policy isn't set. If the current logged on user is a standard user, "RequireDeviceEncryption" policy won't try to enable encryption on any drive.
 
-If you want to disable this policy use the following SyncML:
+If you want to disable this policy, use the following SyncML:
 
 ```xml
  
@@ -1013,36 +1263,28 @@ This setting initiates a client-driven recovery password refresh after an OS dri
 
 
 
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross mark
                     
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
-Value type is int. Supported operations are Add, Delete, Get, and Replace.
+Value type is int. 
+
+Supported operations are Add, Delete, Get, and Replace.
 
 
 
 Supported values are:
-- 0 – Refresh off (default)
-- 1 – Refresh on for Azure AD-joined devices 
-- 2 – Refresh on for both Azure AD-joined and hybrid-joined devices 
+
+- 0 – Refresh off (default).
+- 1 – Refresh on for Azure AD-joined devices. 
+- 2 – Refresh on for both Azure AD-joined and hybrid-joined devices.
 
 
 
@@ -1053,57 +1295,50 @@ Supported values are:
 
 
 
-This setting refreshes all recovery passwords for OS and fixed drives (removable drives are not included so they can be shared between users). All recovery passwords for all drives will be refreshed and only one password per volume is retained. In case of errors, an error code will be returned so that server can take appropriate action to remediate.
+This setting refreshes all recovery passwords for OS and fixed drives (removable drives aren't included so they can be shared between users). All recovery passwords for all drives will be refreshed and only one password per volume is retained. If errors occur, an error code will be returned so that server can take appropriate action to remediate.
 
 
 The client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure.  
 
-Policy type is Execute. When “Execute Policy” is pushed, the client sets the status as Pending and initiates an asynchronous rotation operation. After refresh is complete, pass or fail status is updated. The client will not retry, but if needed, the server can re-issue the execute request. 
+Policy type is Execute. When “Execute Policy” is pushed, the client sets the status as Pending and initiates an asynchronous rotation operation. After refresh is complete, pass or fail status is updated. The client won't retry, but if needed, the server can reissue the execute request. 
 
 Server can call Get on the RotateRecoveryPasswordsRotationStatus node to query the status of the refresh. 
 
-Recovery password refresh will only occur for devices that are joined to Azure AD or joined to both Azure AD and on-premises (hybrid Azure AD-joined) that run a Windows 10 edition with the BitLocker CSP (Pro/Enterprise). Devices cannot refresh recovery passwords if they are only registered in Azure AD (also known as workplace-joined) or signed in with a Microsoft account. 
+Recovery password refresh will only occur for devices that are joined to Azure AD or joined to both Azure AD and on-premises (hybrid Azure AD-joined) that run a Windows 10 edition with the BitLocker CSP (Pro/Enterprise). Devices can't refresh recovery passwords if they're only registered in Azure AD (also known as workplace-joined) or signed in with a Microsoft account. 
 
 Each server-side recovery key rotation is represented by a request ID. The server can query the following nodes to make sure it reads status/result for same rotation request.
 - RotateRecoveryPasswordsRequestID: Returns request ID of last request processed.
 - RotateRecoveryPasswordsRotationStatus: Returns status of last request processed.
 
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross mark
                     
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
-Value type is string. Supported operation is Execute. Request ID is expected as a parameter.
+Value type is string.
+
+Supported operation is Execute. Request ID is expected as a parameter.
 
 > [!TIP]
 > Key rotation feature will only work when:
 >
 > - For Operating system drives:
->    - OSRequireActiveDirectoryBackup_Name is set to 1 ("Required")
->    - OSActiveDirectoryBackup_Name is set to true
+>    - OSRequireActiveDirectoryBackup_Name is set to 1 ("Required").
+>    - OSActiveDirectoryBackup_Name is set to true.
 > - For Fixed data drives:
->    - FDVRequireActiveDirectoryBackup_Name is set to 1 = ("Required")
->    - FDVActiveDirectoryBackup_Name is set to true
+>    - FDVRequireActiveDirectoryBackup_Name is set to 1 = ("Required").
+>    - FDVActiveDirectoryBackup_Name is set to true.
 
 **Status**  
-Interior node. Supported operation is Get.
+Interior node.
+
+Supported operation is Get.
 
 
 
@@ -1113,49 +1348,41 @@ Interior node. Supported operation is Get.
 This node reports compliance state of device encryption on the system. 
 
 
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross mark
                     
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
-Value type is int. Supported operation is Get.
+Value type is int. 
+
+Supported operation is Get.
 
 Supported values:  
+
 - 0 - Indicates that the device is compliant.
-- Any non-zero value - Indicates that the device is not compliant. This value represents a bitmask with each bit and the corresponding error code described in the following table:
+- Any non-zero value - Indicates that the device isn't compliant. This value represents a bitmask with each bit and the corresponding error code described in the following table:
 
 | Bit | Error Code |
 |-----|------------|
-| 0 |The BitLocker policy requires user consent to launch the BitLocker Drive Encryption Wizard to start encryption of the OS volume but the user didn't consent.|
+| 0 |The BitLocker policy requires user consent to launch the BitLocker Drive Encryption Wizard to start encryption of the OS volume, but the user didn't consent.|
 | 1 |The encryption method of the OS volume doesn't match the BitLocker policy.|
 | 2 |The OS volume is unprotected.|
-| 3 |The BitLocker policy requires a TPM-only protector for the OS volume, but TPM protection isn't used.|
-| 4 |The BitLocker policy requires TPM+PIN protection for the OS volume, but a TPM+PIN protector isn't used.|
-| 5 |The BitLocker policy requires TPM+startup key protection for the OS volume, but a TPM+startup key protector isn't used.|
-| 6 |The BitLocker policy requires TPM+PIN+startup key protection for the OS volume, but a TPM+PIN+startup key protector isn't used.|
-| 7 |The BitLocker policy requires a TPM protector to protect the OS volume, but a TPM isn't used.|
+| 3 |The BitLocker policy requires a TPM-only protector for the OS volume, but TPM protection is not used.|
+| 4 |The BitLocker policy requires TPM+PIN protection for the OS volume, but a TPM+PIN protector is not used.|
+| 5 |The BitLocker policy requires TPM+startup key protection for the OS volume, but a TPM+startup key protector is not used.|
+| 6 |The BitLocker policy requires TPM+PIN+startup key protection for the OS volume, but a TPM+PIN+startup key protector is not used.|
+| 7 |The BitLocker policy requires a TPM protector to protect the OS volume, but a TPM is not used.|
 | 8 |Recovery key backup failed.|
 | 9 |A fixed drive is unprotected.|
 | 10 |The encryption method of the fixed drive doesn't match the BitLocker policy.|
-| 11 |To encrypt drives, the BitLocker policy requires either the user to sign in as an Administrator or, if the device is joined to Azure AD, the AllowStandardUserEncryption policy must be set to 1.|
+| 11 |To encrypt drives, the BitLocker policy requires either the user to sign in as an Administrator or if the device is joined to Azure AD, the AllowStandardUserEncryption policy must be set to 1.|
 | 12 |Windows Recovery Environment (WinRE) isn't configured.|
 | 13 |A TPM isn't available for BitLocker, either because it isn't present, it has been made unavailable in the Registry, or the OS is on a removable drive. |
 | 14 |The TPM isn't ready for BitLocker.|
@@ -1174,36 +1401,27 @@ Supported values:
 This node reports the status of RotateRecoveryPasswords request. 
 
 
-Status code can be one of the following:  
+Status code can be one of the following values:  
 
 - 2 – Not started
 - 1 - Pending
 - 0 - Pass
 - Any other code - Failure HRESULT
 
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross mark
                     
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
-Value type is int. Supported operation is Get.
+Value type is int. 
+
+Supported operation is Get.
 
 
 
@@ -1216,34 +1434,24 @@ This node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
 This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus to ensure the status is correctly matched to the request ID.
 
 
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
-    
-    
-    
-    
-    
-    
-    
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross mark
                     
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
-Value type is string. Supported operation is Get.
+Value type is string. 
+
+Supported operation is Get.
 
 ### SyncML example
 
-The following example is provided to show proper format and should not be taken as a recommendation.
+The following example is provided to show proper format and shouldn't be taken as a recommendation.
 
 ```xml
 
@@ -1405,4 +1613,8 @@ The following example is provided to show proper format and should not be taken
 
 ```
 
-
\ No newline at end of file
+
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/bootstrap-csp.md b/windows/client-management/mdm/bootstrap-csp.md
deleted file mode 100644
index 0bb9326924..0000000000
--- a/windows/client-management/mdm/bootstrap-csp.md
+++ /dev/null
@@ -1,51 +0,0 @@
----
-title: BOOTSTRAP CSP
-description: Use the BOOTSTRAP configuration service provider to set the Trusted Provisioning Server (TPS) for the device.
-ms.assetid: b8acbddc-347f-4543-a45b-ad2ffae3ffd0
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.date: 06/26/2017
----
-
-# BOOTSTRAP CSP
-
-
-The BOOTSTRAP configuration service provider sets the Trusted Provisioning Server (TPS) for the device.
-
-> **Note**  BOOTSTRAP CSP is only supported in Windows 10 Mobile.
-> 
-> 
-> 
-> **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application.
-
- 
-
-The following image shows the BOOTSTRAP configuration service provider in tree format as used by Open Mobile Alliance (OMA) Client Provisioning. The OMA Device Management protocol is not supported with this configuration service provider.
-
-![bootstrap csp (cp)](images/provisioning-csp-bootstrap-cp.png)
-
-**CONTEXT-ALLOW**  
-Optional. Specifies a context for the TPS. Only one context is supported, so this parameter is ignored and "0" is assumed for its value.
-
-**PROVURL**  
-Required. Specifies the location of a Trusted Provisioning Server (TPS). The PROVURL value must be a complete URL string with a maximum length of 256 characters.
-
-## Related topics
-
-
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/browserfavorite-csp.md b/windows/client-management/mdm/browserfavorite-csp.md
deleted file mode 100644
index 46ee3a5e98..0000000000
--- a/windows/client-management/mdm/browserfavorite-csp.md
+++ /dev/null
@@ -1,116 +0,0 @@
----
-title: BrowserFavorite CSP
-description: Learn how the BrowserFavorite configuration service provider is used to add and remove URLs from the favorites list on a device.
-ms.assetid: 5d2351ff-2d6a-4273-9b09-224623723cbf
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.date: 06/26/2017
----
-
-# BrowserFavorite CSP
-
-
-The BrowserFavorite configuration service provider is used to add and remove URLs from the favorites list on a device.
-
-> **Note**  BrowserFavorite CSP is only supported in Windows Phone 8.1.
-
- 
-
-The BrowserFavorite configuration service provider manages only the favorites at the root favorite folder level. It does not manage subfolders under the root favorite folder nor does it manage favorites under a subfolder.
-
-> **Note**  
-This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_INTERNET\_EXPLORER\_FAVORITES capabilities to be accessed from a network configuration application.
-
- 
-
-The following diagram shows the BrowserFavorite configuration service provider in tree format as used by Open Mobile Alliance Device (OMA) Client Provisioning. The OMA Device Management protocol is not supported with this configuration service provider.
-
-![browserfavorite csp (cp)](images/provisioning-csp-browserfavorite-cp.png)
-
-***favorite name***   
-Required. Specifies the user-friendly name of the favorite URL that is displayed in the Favorites list of Internet Explorer.
-
-> **Note**  The *favorite name* should contain only characters that are valid in the Windows file system. The invalid characters are: \\ / : \* ? " < > |
-
- 
-
-Adding the same favorite twice adds only one occurrence to the Favorites list. If a favorite is added when another favorite with the same name but a different URL is already in the Favorites list, the existing favorite is replaced with the new favorite.
-
-**URL**  
-Optional. Specifies the complete URL for the favorite.
-
-## OMA client provisioning examples
-
-
-Adding a new browser favorite.
-
-```xml
-
-
-  
-    
-      
-    
-  
-
-```
-
-## Microsoft Custom Elements
-
-
-The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    ElementsAvailable
                    parm-query
                    Yes
                    noparm
                    Yes
                    nocharacteristic
                    Yes
                    characteristic-query
                    Yes
                    
-
                    Recursive query: Yes
                    
-
                    Top-level query: Yes
                    
-
- 
-
-## Related topics
-
-
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
index 03804b98b6..a47e4f4613 100644
--- a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
+++ b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
@@ -18,66 +18,22 @@ The **Bulk assign and reclaim seats from users** operation returns reclaimed or
 
 ## Request
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    MethodRequest URI
                    POST
                    https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats
                    
+**POST**:
 
+```http
+https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats
+```
  
 ### URI parameters
 
 The following parameters may be specified in the request URI.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    ParameterTypeDescription
                    productId
                    string
                    Required. Product identifier for an application that is used by the Store for Business.
                    skuId
                    string
                    Required. Product identifier that specifies a specific SKU of an application.
                    username
                    string
                    Requires UserPrincipalName (UPN). User name of the target user account.
                    seatAction
                    SeatAction
                    
+|Parameter|Type|Description|
+|--- |--- |--- |
+|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
+|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
+|username|string|Requires UserPrincipalName (UPN). User name of the target user account.|
+|seatAction|[SeatAction](data-structures-windows-store-for-business.md#seataction) ||
 
  
 ## Response
@@ -86,37 +42,8 @@ The following parameters may be specified in the request URI.
 
 The response body contains [BulkSeatOperationResultSet](data-structures-windows-store-for-business.md#bulkseatoperationresultset).
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Error codeDescriptionRetryData field
                    404
                    Not found
                    Item type: Inventory
                    
-
                    Values: ProductId/SkuId
                    
+|Error code|Description|Retry|Data field|
+|--- |--- |--- |--- |
+|404|Not found||Item type: Inventory
                     Values: ProductId/SkuId|
 
  
-
- 
-
-
-
-
-
diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
index b9f88dc916..0309b24aad 100644
--- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
+++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
@@ -1,6 +1,6 @@
 ---
 title: Bulk enrollment
-description: Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices. In Windows 10.
+description: Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to reimage the devices. In Windows 10 and Windows 11.
 MS-HAID: 
   - 'p\_phdevicemgmt.bulk\_enrollment'
   - 'p\_phDeviceMgmt.bulk\_enrollment\_using\_Windows\_provisioning\_tool'
@@ -18,7 +18,7 @@ ms.date: 06/26/2017
 
 # Bulk enrollment
 
-Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices. In Windows 10 desktop and mobile devices, you can use the [Provisioning CSP](provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join (Cloud Domain Join) enrollment scenario.
+Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to reimage the devices. In Windows 10 and 11 desktop devices, you can use the [Provisioning CSP](provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join (Cloud Domain Join) enrollment scenario.
 
 ## Typical use cases
 
@@ -28,7 +28,7 @@ Bulk enrollment is an efficient way to set up a large number of devices to be ma
 -   Set up industrial machinery.
 -   Set handheld POS devices.
 
-On the desktop, you can create an Active Directory account, such as "enrollment@contoso.com" and give it only the ability to join the domain. Once the desktop is joined with that admin account, then standard users in the domain can log in to use it. This is especially useful in getting a large number of desktop ready to use within a domain.
+On the desktop, you can create an Active Directory account, such as "enrollment@contoso.com" and give it only the ability to join the domain. Once the desktop is joined with that admin account, then standard users in the domain can sign in to use it. This account is especially useful in getting a large number of desktop ready to use within a domain.
 
 On the desktop and mobile devices, you can use an enrollment certificate or enrollment username and password, such as "enroll@contoso.com" and "enrollmentpassword." These credentials are used in the provisioning package, which you can use to enroll multiple devices to the MDM service. Once the devices are joined, many users can use them.
 
@@ -37,65 +37,68 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro
 > -   Bulk enrollment does not work in Intune standalone environment.
 > -   Bulk enrollment works in Microsoft Endpoint Manager where the ppkg is generated from the Configuration Manager console.
 > -   To change bulk enrollment settings, login to **AAD**, then **Devices**, and then click **Device Settings**. Change the number under **Maximum number of devices per user**.
+> -   Bulk Token creation is not supported with federated accounts.
 
 ## What you need
 
--   Windows 10 devices
--   Windows Imaging and Configuration Designer (ICD) tool
-    To get the ICD tool, download the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). For more information about the ICD tool, see [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd) and [Getting started with Windows ICD](/windows/configuration/provisioning-packages/provisioning-install-icd).
--   Enrollment credentials (domain account for enrollment, generic enrollment credentials for MDM, enrollment certificate for MDM.)
+-   Windows 10 devices.
+-   Windows Configuration Designer (WCD) tool.
+
+    To get the WCD tool, download from the [Microsoft Store](https://www.microsoft.com/store/productId/9NBLGGH4TX22). For more information about the WCD tool, see [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd) and [Getting started with Windows WCD](/windows/configuration/provisioning-packages/provisioning-install-icd).
+-   Enrollment credentials (domain account for enrollment, generic enrollment credentials for MDM, enrollment certificate for MDM.).
 -   Wi-Fi credentials, computer name scheme, and anything else required by your organization.
 
     Some organizations require custom APNs to be provisioned before talking to the enrollment endpoint or custom VPN to join a domain.
 
 ## Create and apply a provisioning package for on-premises authentication
 
-Using the ICD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings.
+Using the WCD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings.
 
-1. Open the Windows ICD tool (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
+1. Open the WCD tool.
 2. Click **Advanced Provisioning**.
 
-   ![icd start page](images/bulk-enrollment7.png)
+   ![icd start page.](images/bulk-enrollment7.png)
 3. Enter a project name and click **Next**.
-4. Select **All Windows editions**, since Provisioning CSP is common to all Windows 10 editions, then click **Next**.
+4. Select **All Windows editions**, since Provisioning CSP is common to all Windows editions, then click **Next**.
 5. Skip **Import a provisioning package (optional)** and click **Finish**.
 6. Expand **Runtime settings** > **Workplace**.
 7. Click **Enrollments**, enter a value in **UPN**, and then click **Add**.
-   The UPN is a unique identifier for the enrollment. For bulk enrollment, this must be a service account that is allowed to enroll multiple users, such as "enrollment@contoso.com".
+   The UPN is a unique identifier for the enrollment. For bulk enrollment, this UPN must be a service account that is allowed to enroll multiple users, such as "enrollment@contoso.com".
 8. On the left navigation pane, expand the **UPN** and then enter the information for the rest of the settings for enrollment process.
-   Here is the list of available settings:
+   Here's the list of available settings:
    -   **AuthPolicy** - Select **OnPremise**.
    -   **DiscoveryServiceFullUrl** - specify the full URL for the discovery service.
    -   **EnrollmentServiceFullUrl** - Optional and in most cases, it should be left blank.
    -   **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank.
    -   **Secret** - Password
    For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md).
-   Here is the screenshot of the ICD at this point.
-   ![bulk enrollment screenshot](images/bulk-enrollment.png)
-9. Configure the other settings, such as the Wi-Fi connections so that the device can join a network before joining MDM (e.g., **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**).
-10. When you are done adding all the settings, on the **File** menu, click **Save**.
-11. On the main menu click **Export** > **Provisioning package**.
+   Here's the screenshot of the WCD at this point.
+   
+    ![bulk enrollment screenshot.](images/bulk-enrollment.png)
+9. Configure the other settings, such as the Wi-Fi connections so that the device can join a network before joining MDM (for example, **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**).
+10. When you're done adding all the settings, on the **File** menu, click **Save**.
+11. On the main menu, click **Export** > **Provisioning package**.
 
-    ![icd menu for export](images/bulk-enrollment2.png)
+    ![icd menu for export.](images/bulk-enrollment2.png)
 12. Enter the values for your package and specify the package output location.
 
-    ![enter package information](images/bulk-enrollment3.png)
-    ![enter additional information for package information](images/bulk-enrollment4.png)
-    ![specify file location](images/bulk-enrollment6.png)
+    ![enter package information.](images/bulk-enrollment3.png)
+    ![enter additional information for package information.](images/bulk-enrollment4.png)
+    ![specify file location.](images/bulk-enrollment6.png)
 13. Click **Build**.
 
-    ![icb build window](images/bulk-enrollment5.png)
+    ![icb build window.](images/bulk-enrollment5.png)
 14. Apply the package to some test devices and verify that they work. For more information, see [Apply a provisioning package](#apply-a-provisioning-package).
 15. Apply the package to your devices.
 
 ## Create and apply a provisioning package for certificate authentication
 
-Using the ICD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings.
+Using the WCD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings.
 
-1. Open the Windows ICD tool (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
+1. Open the WCD tool.
 2. Click **Advanced Provisioning**.
 3. Enter a project name and click **Next**.
-4. Select **Common to all Windows editions**, since Provisioning CSP is common to all Windows 10 editions.
+4. Select **Common to all Windows editions**, since Provisioning CSP is common to all Windows editions.
 5. Skip **Import a provisioning package (optional)** and click **Finish**.
 6. Specify the certificate.
    1.  Go to **Runtime settings** > **Certificates** > **ClientCertificates**.
@@ -105,21 +108,21 @@ Using the ICD, create a provisioning package using the enrollment information re
    5.  Set **ExportCertificate** to False.
    6.  For **KeyLocation**, select **Software only**.
 
-   ![icd certificates section](images/bulk-enrollment8.png)
+   ![icd certificates section.](images/bulk-enrollment8.png)
 7. Specify the workplace settings.
    1. Got to **Workplace** > **Enrollments**.
    2. Enter the **UPN** for the enrollment and then click **Add**.
-      The UPN is a unique identifier for the enrollment. For bulk enrollment, this must be a service account that is allowed to enroll multiple users, such as "enrollment@contoso.com".
+      The UPN is a unique identifier for the enrollment. For bulk enrollment, this UPN must be a service account that is allowed to enroll multiple users, such as "enrollment@contoso.com".
    3. On the left column, expand the **UPN** and then enter the information for the rest of the settings for enrollment process.
-      Here is the list of available settings:
+      Here's the list of available settings:
       -   **AuthPolicy** - Select **Certificate**.
       -   **DiscoveryServiceFullUrl** - specify the full URL for the discovery service.
       -   **EnrollmentServiceFullUrl** - Optional and in most cases, it should be left blank.
       -   **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank.
       -   **Secret** - the certificate thumbprint.
       For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md).
-8. Configure the other settings, such as the Wi-Fi connection so that the device can join a network before joining MDM (e.g., **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**).
-9. When you are done adding all the settings, on the **File** menu, click **Save**.
+8. Configure the other settings, such as the Wi-Fi connection so that the device can join a network before joining MDM (for example, **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**).
+9. When you're done adding all the settings, on the **File** menu, click **Save**.
 10. Export and build the package (steps 10-13 in the procedure above).
 11. Apply the package to some test devices and verify that they work. For more information, see [Apply a provisioning package](#apply-a-provisioning-package).
 12. Apply the package to your devices.
@@ -129,8 +132,7 @@ Using the ICD, create a provisioning package using the enrollment information re
 Here's the list of topics about applying a provisioning package:
 
 -   [Apply a package on the first-run setup screen (out-of-the-box experience)](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment#apply-package) - topic in Technet.
--   [Apply a package to a Windows 10 desktop edition image](/windows/configuration/provisioning-packages/provisioning-create-package#to_apply_a_provisioning_package_to_a_desktop_image) - topic in MSDN
--   [Apply a package to a Windows 10 Mobile image](/windows/configuration/provisioning-packages/provisioning-create-package#to_apply_a_provisioning_package_to_a_mobile_image) - topic in MSDN.
+-   [Apply a package to a Windows desktop edition image](/windows/configuration/provisioning-packages/provisioning-create-package#to_apply_a_provisioning_package_to_a_desktop_image) - topic in MSDN
 -   [Apply a package from the Settings menu](#apply-a-package-from-the-settings-menu) - topic below
 
 ## Apply a package from the Settings menu
@@ -143,17 +145,17 @@ Here's the list of topics about applying a provisioning package:
 
 1.  Go to **Settings** > **Accounts** > **Access work or school**.
 2.  Click **Add or remove a provisioning package**.
-    You should see the your package listed.
+    You should see your package listed.
 
 ## Retry logic in case of a failure
 
-If the provisioning engine receives a failure from a CSP it will retry to provision 3 times in a row.
+If the provisioning engine receives a failure from a CSP, it will retry to provision three times in a row.
 
-If all immediate attempts fail, a delayed task is launched to try provisioning again later. It will retry 4 times at a decaying rate of 15 minutes -> 1 hr -> 4 hr -> "Next System Start". These attempts will be run from a SYSTEM context.
+If all immediate attempts fail, a delayed task is launched to try provisioning again later. It will retry four times at a decaying rate of 15 minutes -> 1 hr -> 4 hr -> "Next System Start". These attempts will be run from a SYSTEM context.
 
-It will also retry to apply the provisioning each time it is launched, if started from somewhere else as well.
+It will also retry to apply the provisioning each time it's launched, if started from somewhere else as well.
 
-In addition, provisioning will be restarted in a SYSTEM context after a login and the system has been idle ([details on idle conditions](/windows/win32/taskschd/task-idle-conditions)).
+In addition, provisioning will be restarted in a SYSTEM context after a sign in and the system has been idle ([details on idle conditions](/windows/win32/taskschd/task-idle-conditions)).
 
 ## Other provisioning topics
 
diff --git a/windows/client-management/mdm/cellularsettings-csp.md b/windows/client-management/mdm/cellularsettings-csp.md
index 64372f26a8..5605ebe1f4 100644
--- a/windows/client-management/mdm/cellularsettings-csp.md
+++ b/windows/client-management/mdm/cellularsettings-csp.md
@@ -19,40 +19,23 @@ The CellularSettings configuration service provider is used to configure cellula
 > [!Note]
 > Starting in Windows 10, version 1703 the CellularSettings CSP is supported in Windows 10 Home, Pro, Enterprise, and Education editions.
 
-The following image shows the CellularSettings CSP in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP). The OMA DM protocol is not supported with this configuration service provider.
+The following example shows the CellularSettings CSP in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP). The OMA DM protocol isn't supported with this configuration service provider.
 
-![provisioning for cellular settings](images/provisioning-csp-cellularsettings.png)
+```console
+./Vendor/MSFT
+CellularSettings
+----DataRoam
+```
 
 **DataRoam**  
-
                     Optional. Integer. Specifies the default roaming value. Valid values are:
                    
+
                     Optional. Integer. Specifies the default roaming value. Valid values are:
                    
 
-
                    
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    ValueSetting
                    0
                    Don’t roam
                    1
                    Don’t roam (or Domestic roaming if applicable)
                    2
                    Roam
                    
+|Value|Setting|
+|--- |--- |
+|0|Don’t roam|
+|1|Don’t roam (or Domestic roaming if applicable)|
+|2|Roam|
 
- ## Related topics
+## Related topics
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/certificate-renewal-windows-mdm.md b/windows/client-management/mdm/certificate-renewal-windows-mdm.md
index a2df800805..758b284713 100644
--- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md
+++ b/windows/client-management/mdm/certificate-renewal-windows-mdm.md
@@ -17,39 +17,31 @@ ms.date: 06/26/2017
 
 # Certificate Renewal
 
-The enrolled client certificate expires after a period of use. The expiration date of the certificate is specified by the server. To ensure continuous access to enterprise applications, Windows supports a user-triggered certificate renewal process. The user is prompted to provide the current password for the corporate account, and the enrollment client gets a new client certificate from the enrollment server and deletes the old certificate. The client generates a new private/public key pair, generates a PKCS\#7 request, and signs the PKCS\#7 request with the existing certificate. In Windows, automatic MDM client certificate renewal is also supported.
+The enrolled client certificate expires after a period of use. The expiration date of the certificate is specified by the server. To ensure continuous access to enterprise applications, Windows supports a user-triggered certificate renewal process. The user is prompted to provide the current password for the corporate account. The enrollment client gets a new client certificate from the enrollment server, and deletes the old certificate. The client generates a new private/public key pair, generates a PKCS\#7 request, and signs the PKCS\#7 request with the existing certificate. In Windows, automatic MDM client certificate renewal is also supported.
 
 > [!Note]
 > Make sure that the EntDMID in the DMClient configuration service provider is set before the certificate renewal request is triggered.
 
-## In this topic
-
--   [Automatic certificate renewal request](#automatic-certificate-renewal-request)
--   [Certificate renewal schedule configuration](#certificate-renewal-schedule-configuration)
--   [Certificate renewal response](#certificate-renewal-response)
--   [Configuration service providers supported during MDM enrollment and certificate renewal](#configuration-service-providers-supported-during-mdm-enrollment-and-certificate-renewal)
-
-
 ## Automatic certificate renewal request
 
-In addition to manual certificate renewal, Windows includes support for automatic certificate renewal, also known as Renew On Behalf Of (ROBO), that does not require any user interaction. For auto renewal, the enrollment client uses the existing MDM client certificate to perform client Transport Layer Security (TLS). The user security token is not needed in the SOAP header. As a result, the MDM certificate enrollment server is required to support client TLS for certificate based client authentication for automatic certificate renewal.
+Windows supports automatic certificate renewal, also known as Renew On Behalf Of (ROBO), that doesn't require any user interaction. For auto renewal, the enrollment client uses the existing MDM client certificate to do client Transport Layer Security (TLS). The user security token isn't needed in the SOAP header. As a result, the MDM certificate enrollment server is required to support client TLS for certificate-based client authentication for automatic certificate renewal.
 
 > [!Note]
 > Certificate renewal of the enrollment certificate through ROBO is only supported with Microsoft PKI.
 
-Auto certificate renewal is the only supported MDM client certificate renewal method for the device that is enrolled using WAB authentication (meaning that the AuthPolicy is set to Federated). It also means if the server supports WAB authentication, the MDM certificate enrollment server MUST also support client TLS in order to renew the MDM client certificate.
+Auto certificate renewal is the only supported MDM client certificate renewal method for the device that's enrolled using WAB authentication. Meaning, the AuthPolicy is set to Federated. It also means if the server supports WAB authentication, then the MDM certificate enrollment server MUST also support client TLS to renew the MDM client certificate.
 
-For the device that is enrolled with the OnPremise authentication method, for backward compatibility, the default renewal method is user manual certificate renewal. However, for Windows devices, during the MDM client certificate enrollment phase or during MDM management section, the enrollment server or MDM server could configure the device to support automatic MDM client certificate renewal via CertificateStore CSP’s ROBOSupport node under CertificateStore/My/WSTEP/Renew URL. For more information about Renew related configuration settings, refer to the CertificateStore configuration service provider.
+For Windows devices, during the MDM client certificate enrollment phase or during MDM management section, the enrollment server or MDM server could configure the device to support automatic MDM client certificate renewal using [CertificateStore CSP’s](certificatestore-csp.md) ROBOSupport node under CertificateStore/My/WSTEP/Renew URL.
 
-Unlike manual certificate renewal where there is an additional b64 encoding for PKCS\#7 message content, with automatic renewal, the PKCS\#7 message content isn’t b64 encoded separately.
+With automatic renewal, the PKCS\#7 message content isn’t b64 encoded separately. With manual certificate renewal, there's an additional b64 encoding for PKCS\#7 message content.
 
-During the automatic certificate renewal process, if the root certificate isn’t trusted by the device, the authentication will fail. Make sure using one of device pre-installed root certificates or provision the root cert over a DM session via CertificateStore Configuration Service Provider.
+During the automatic certificate renewal process, if the root certificate isn’t trusted by the device, the authentication will fail. Use one of device pre-installed root certificates, or configure the root cert over a DM session using the [CertificateStore CSP](certificatestore-csp.md).
 
-During the automatic certificate renew process, the device will deny HTTP redirect request from the server unless it is the same redirect URL that the user explicitly accepted during the initial MDM enrollment process.
+During the automatic certificate renew process, the device will deny HTTP redirect request from the server. It won't deny the request if the same redirect URL that the user accepted during the initial MDM enrollment process is used.
 
 The following example shows the details of an automatic renewal request.
 
-``` xml
+```xml
 
@@ -101,18 +93,16 @@ The following example shows the details of an automatic renewal request.
 
 ```
 
-
 ## Certificate renewal schedule configuration
 
-In Windows, the renewal period can only be set during the MDM enrollment phase. Windows supports a certificate renewal period and renewal failure retry to be configurable by both MDM enrollment server and later by the MDM management server using CertificateStore CSP’s RenewPeriod and RenewInterval nodes. The device could retry automatic certificate renewal multiple times until the certificate expires. For manual certificate renewal, instead of only reminding the user once, the Windows device will remind the user with a prompt dialog at every renewal retry time until the certificate is expired.
+In Windows, the renewal period can only be set during the MDM enrollment phase. Windows supports a certificate renewal period and renewal failure retry. They're configurable by both MDM enrollment server and later by the MDM management server using CertificateStore CSP’s RenewPeriod and RenewInterval nodes. The device could retry automatic certificate renewal multiple times until the certificate expires. For manual certificate renewal, the Windows device reminds the user with a dialog at every renewal retry time until the certificate is expired.
 
 For more information about the parameters, see the CertificateStore configuration service provider.
 
-Unlike manual certificate renewal, the device will not perform an automatic MDM client certificate renewal if the certificate is already expired. To make sure that the device has enough time to perform an automatic renewal, we recommend that you set a renewal period a couple months (40-60 days) before the certificate expires and set the renewal retry interval to be every few days such as every 4-5 days instead every 7 days (weekly) to increase the chance that the device will a connectivity at different days of the week.
+Unlike manual certificate renewal, the device will not do an automatic MDM client certificate renewal if the certificate is already expired. To make sure the device has enough time to automatically renew, we recommend you set a renewal period a couple months (40-60 days) before the certificate expires. And, set the renewal retry interval to every few days, like every 4-5 days instead every 7 days (weekly). This change increases the chance that the device will try to connect at different days of the week.
 
 > [!Note]
 > For PCs that were previously enrolled in MDM in Windows 8.1 and then upgraded to Windows 10, renewal will be triggered for the enrollment certificate. Thereafter, renewal will happen at the configured ROBO interval.
-> For Windows Phone 8.1 devices upgraded to Windows 10 Mobile, renewal will happen at the configured ROBO internal. This is expected and by design.
 
 ## Certificate renewal response
 
@@ -129,9 +119,9 @@ After validation is completed, the web service retrieves the PKCS\#10 content fr
 > [!Note]
 > The HTTP server response must not be chunked; it must be sent as one message.
 
-The following example shows the details of an certificate renewal response.
+The following example shows the details of a certificate renewal response.
 
-``` xml
+```xml
 
    
       
@@ -157,9 +147,8 @@ The following example shows the details of an certificate renewal response.
 ```
 
 > [!Note]
-The client receives a new certificate, instead of renewing the initial certificate. The administrator controls which certificate template the client should use. The templates may be different at renewal time than the initial enrollment time.
+> The client receives a new certificate, instead of renewing the initial certificate. The administrator controls which certificate template the client should use. The templates may be different at renewal time than the initial enrollment time.
 
-
 ## Configuration service providers supported during MDM enrollment and certificate renewal
 
 The following configuration service providers are supported during MDM enrollment and certificate renewal process. See Configuration service provider reference for detailed descriptions of each configuration service provider.
diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md
index aa562a1b58..0ef7d8606c 100644
--- a/windows/client-management/mdm/certificatestore-csp.md
+++ b/windows/client-management/mdm/certificatestore-csp.md
@@ -1,6 +1,6 @@
 ---
 title: CertificateStore CSP
-description: Use the The CertificateStore configuration service provider (CSP) to add secure socket layers (SSL), intermediate, and self-signed certificates.
+description: Use the CertificateStore configuration service provider (CSP) to add secure socket layers (SSL), intermediate, and self-signed certificates.
 ms.assetid: 0fe28629-3cc3-42a0-91b3-3624c8462fd3
 ms.reviewer: 
 manager: dansimp
@@ -14,18 +14,15 @@ ms.date: 02/28/2020
 
 # CertificateStore CSP
 
-
 The CertificateStore configuration service provider is used to add secure socket layers (SSL), intermediate, and self-signed certificates.
 
 > [!Note]
 > The CertificateStore configuration service provider does not support installing client certificates.
 > The Microsoft protocol version of Open Mobile Alliance (OMA) is case insensitive.
 
- 
+For the CertificateStore CSP, you can't use the Replace command unless the node already exists.
 
-For the CertificateStore CSP, you cannot use the Replace command unless the node already exists.
-
-The following shows the CertificateStore configuration service provider management object in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
+The following example shows the CertificateStore configuration service provider management object in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
 
 ```
 ./Vendor/MSFT
@@ -106,6 +103,7 @@ CertificateStore
 ----------------ValidTo
 ----------------TemplateName
 ```
+
 **Root/System**  
 Defines the certificate store that contains root, or self-signed, certificates.
 
@@ -114,8 +112,6 @@ Supported operation is Get.
 > [!NOTE]
 > Root/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing root certificates.
 
- 
-
 **CA/System**  
 Defines the certificate store that contains cryptographic information, including intermediary certification authorities.
 
@@ -124,55 +120,49 @@ Supported operation is Get.
 > [!NOTE]
 > CA/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing CA certificates.
 
- 
-
 **My/User**  
-Defines the certificate store that contains public keys for client certificates. This is only used by enterprise servers to push down the public key of a client certificate. The client certificate is used by the device client to authenticate itself to the enterprise server for device management and downloading enterprise applications.
+Defines the certificate store that contains public keys for client certificates. This certificate store is only used by enterprise servers to push down the public key of a client certificate. The client certificate is used by the device client to authenticate itself to the enterprise server for device management and downloading enterprise applications.
 
 Supported operation is Get.
 
 > [!NOTE]
 > My/User is case sensitive.
 
- 
-
 **My/System**  
-Defines the certificate store that contains public key for client certificate. This is only used by enterprise server to push down the public key of the client cert. The client cert is used by the device to authenticate itself to the enterprise server for device management and enterprise app downloading.
+Defines the certificate store that contains public key for client certificate. This certificate store is only used by enterprise server to push down the public key of the client cert. The client cert is used by the device to authenticate itself to the enterprise server for device management and enterprise app downloading.
 
 Supported operation is Get.
 
 > [!NOTE]
 > My/System is case sensitive.
 
- 
-
 ***CertHash***  
 Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
 
 Supported operations are Get, Delete, and Replace.
 
 ***CertHash*/EncodedCertificate**  
-Required. Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
+Required. Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc.
 
 Supported operations are Get, Add, Delete, and Replace.
 
 ***CertHash*/IssuedBy**  
-Required. Returns the name of the certificate issuer. This is equivalent to the *Issuer* member in the CERT\_INFO data structure.
+Required. Returns the name of the certificate issuer. This name is equivalent to the *Issuer* member in the CERT\_INFO data structure.
 
 Supported operation is Get.
 
 ***CertHash*/IssuedTo**  
-Required. Returns the name of the certificate subject. This is equivalent to the *Subject* member in the CERT\_INFO data structure.
+Required. Returns the name of the certificate subject. This name is equivalent to the *Subject* member in the CERT\_INFO data structure.
 
 Supported operation is Get.
 
 ***CertHash*/ValidFrom**  
-Required. Returns the starting date of the certificate's validity. This is equivalent to the *NotBefore* member in the CERT\_INFO structure.
+Required. Returns the starting date of the certificate's validity. This date is equivalent to the *NotBefore* member in the CERT\_INFO structure.
 
 Supported operation is Get.
 
 ***CertHash*/ValidTo**  
-Required. Returns the expiration date of the certificate. This is equivalent to the *NotAfter* member in the CERT\_INFO structure.
+Required. Returns the expiration date of the certificate. This expiration date is equivalent to the *NotAfter* member in the CERT\_INFO structure.
 
 Supported operation is Get.
 
@@ -189,23 +179,19 @@ Supported operation is Get.
 > [!NOTE]
 > Please use the ClientCertificateInstall CSP to install SCEP certificates moving forward. All enhancements to SCEP will happen in that CSP.
 
- 
-
 **My/SCEP/***UniqueID*  
 Required for SCEP certificate enrollment. A unique ID to differentiate certificate enrollment requests. Format is node.
 
 Supported operations are Get, Add, Replace, and Delete.
 
 **My/SCEP/*UniqueID*/Install**  
-Required for SCEP certificate enrollment. Parent node to group SCEP certificate install related request. Format is node.
+Required for SCEP certificate enrollment. Parent node to group SCEP certificate installs related request. Format is node.
 
 Supported operations are Add, Replace, and Delete.
 
 > [!NOTE]
 > Though the children nodes under Install support Replace commands, after the Exec command is sent to the device, the device takes the values that are set when the Exec command is accepted. You should not expect the node value change that occurs after the Exec command is accepted to impact the current undergoing enrollment. You should check the Status node value and make sure that the device is not at an unknown stage before changing the children node values.
 
- 
-
 **My/SCEP/*UniqueID*/Install/ServerURL**  
 Required for SCEP certificate enrollment. Specifies the certificate enrollment server. The server could specify multiple server URLs separated by a semicolon. Value type is string.
 
@@ -219,36 +205,36 @@ Supported operations are Get, Add, Replace, and Delete.
 Challenge will be deleted shortly after the Exec command is accepted.
 
 **My/SCEP/*UniqueID*/Install/EKUMapping**  
-Required. Specifies the extended key usages and subject to SCEP server configuration. The list of OIDs are separated by a plus sign **+**, such as OID1+OID2+OID3. Value type is chr.
+Required. Specifies the extended key usages and subject to SCEP server configuration. The list of OIDs is separated by a plus sign **+**, such as OID1+OID2+OID3. Value type is chr.
 
 Supported operations are Get, Add, Delete, and Replace.
 
 **My/SCEP/*UniqueID*/Install/KeyUsage**  
-Required for enrollment. Specifies the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have second (0x20) or fourth (0x80) or both bits set. If the value does not have those bits set, configuration will fail. Value type is an integer.
+Required for enrollment. Specifies the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have second (0x20) or fourth (0x80) or both bits set. If the value doesn't have those bits set, configuration will fail. Value type is an integer.
 
 Supported operations are Get, Add, Delete, and Replace.
 
 **My/SCEP/*UniqueID*/Install/SubjectName**  
 Required. Specifies the subject name. 
 
-The SubjectName value is quoted if it contains leading or trailing white space or one of the following characters: (“,” “=” “+” “;”  ).
+The SubjectName value is quoted if it contains leading or trailing white space or one of the following characters: (“,” “=” “+” “;”).
 
-For more details, see [CertNameToStrA function](/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#remarks).
+For more information, see [CertNameToStrA function](/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#remarks).
 
 Value type is chr.
 
 Supported operations are Get, Add, Delete, and Replace.
 
 **My/SCEP/*UniqueID*/Install/KeyProtection**  
-Optional. Specifies the location of the private key. Although the private key is protected by TPM, it is not protected with TPM PIN. SCEP enrolled certificate does not support TPM PIN protection.
+Optional. Specifies the location of the private key. Although the private key is protected by TPM, it isn't protected with TPM PIN. SCEP enrolled certificate doesn't support TPM PIN protection.
 
-Supported values are one of the following:
+Supported values are one of the following values:
 
--   1 – Private key is protected by device TPM.
+- 1 – Private key is protected by device TPM.
 
--   2 – Private key is protected by device TPM if the device supports TPM.
+- 2 – Private key is protected by device TPM if the device supports TPM.
 
--   3 (default) – Private key is only saved in the software KSP.
+- 3 (default) – Private key is only saved in the software KSP.
 
 Value type is an integer.
 
@@ -260,12 +246,15 @@ Optional. Specifies the device retry waiting time in minutes when the SCEP serve
 Supported operations are Get, Add, and Delete.
 
 **My/SCEP/*UniqueID*/Install/RetryCount**  
-Optional. Special to SCEP. Specifies the device retry times when the SCEP server sends pending status. Value type is an integer. Default value is 3. Max value cannot be larger than 30. If it is larger than 30, the device will use 30. The min value is 0, which means no retry.
+Optional. Special to SCEP. Specifies the device retry times when the SCEP server sends pending status. Value type is an integer. Default value is 3. Max value can't be larger than 30. If it's larger than 30, the device will use 30. The min value is 0, which means no retry.
 
 Supported operations are Get, Add, Delete, and Replace.
 
 **My/SCEP/*UniqueID*/Install/TemplateName**  
-Optional. OID of certificate template name. Note that this name is typically ignored by the SCEP server; therefore, the MDM server typically does not need to provide it. Value type is chr.
+Optional. OID of certificate template name.
+
+> [!Note]
+> Template name is typically ignored by the SCEP server, so the MDM server typically doesn't need to provide it. Value type is `chr`.
 
 Supported operations are Get, Add, and Delete.
 
@@ -282,7 +271,7 @@ Value type is chr.
 Supported operations are Get, Add, Delete, and Replace.
 
 **My/SCEP/*UniqueID*/Install/CAThumbprint**  
-Required. Specifies the root CA thumbprint. It is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates the SCEP server, it checks CA certificate from SCEP server for a match with this certificate. If it does not match, the authentication fails. Value type is chr.
+Required. Specifies the root CA thumbprint. It's a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates the SCEP server, it checks CA certificate from SCEP server for a match with this certificate. If it doesn't match, the authentication fails. Value type is chr.
 
 Supported operations are Get, Add, Delete, and Replace.
 
@@ -296,17 +285,15 @@ Optional. Specifies the units for the valid period. Value type is chr.
 
 Supported operations are Get, Add, Delete, and Replace.
 
-Valid values are one of the following:
+Valid values are one of the following values:
 
--   Days (default)
--   Months
--   Years
+- Days (default)
+- Months
+- Years
 
 > [!NOTE]
 > The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server.
 
- 
-
 **My/SCEP/*UniqueID*/Install/ValidPeriodUnits**  
 Optional. Specifies desired number of units used in validity period and subject to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. The valid period specified by MDM overwrites the valid period specified in the certificate template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. Value type is an integer.
 
@@ -315,10 +302,8 @@ Supported operations are Get, Add, Delete, and Replace.
 > [!NOTE]
 > The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server.
 
- 
-
 **My/SCEP/*UniqueID*/Install/Enroll**  
-Required. Triggers the device to start the certificate enrollment. The MDM server can later query the device to find out whether the new certificate is added. Value type is null, which means that this node does not contain a value.
+Required. Triggers the device to start the certificate enrollment. The MDM server can later query the device to find out whether the new certificate is added. Value type is null, which means that this node doesn't contain a value.
 
 Supported operation is Exec.
 
@@ -332,11 +317,11 @@ Required. Specifies the latest status for the certificate due to enrollment requ
 
 Supported operation is Get.
 
-Valid values are one of the following:
+Valid values are one of the following values:
 
 -   1 – Finished successfully.
 
--   2 – Pending. The device has not finished the action, but has received the SCEP server pending response.
+-   2 – Pending. The device hasn't finished the action, but has received the SCEP server pending response.
 
 -   16 - Action failed.
 
@@ -348,7 +333,7 @@ Optional. The integer value that indicates the HRESULT of the last enrollment er
 Supported operation is Get.
 
 **My/SCEP/*UniqueID*/CertThumbprint**  
-Optional. Specifies the current certificate thumbprint if certificate enrollment succeeds. It is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. Value type is chr.
+Optional. Specifies the current certificate thumbprint if certificate enrollment succeeds. It's a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. Value type is chr.
 
 Supported operation is Get.
 
@@ -358,7 +343,7 @@ Required. Returns the URL of the SCEP server that responded to the enrollment re
 Supported operation is Get.
 
 **My/WSTEP**  
-Required for MDM enrolled device. The parent node that hosts the MDM enrollment client certificate related settings that is enrolled via WSTEP. The nodes under WSTEP are mostly for MDM client certificate renew requests. Value type is node.
+Required for MDM enrolled device. The parent node that hosts the MDM enrollment client certificate related settings that are enrolled via WSTEP. The nodes under WSTEP are mostly for MDM client certificate renew requests. Value type is node.
 
 Supported operation is Get.
 
@@ -368,7 +353,7 @@ Optional. The parent node to group renewal related settings.
 Supported operation is Get.
 
 **My/WSTEP/Renew/ServerURL**  
-Optional. Specifies the URL of certificate renewal server. If this node does not exist, the client uses the initial certificate enrollment URL.
+Optional. Specifies the URL of certificate renewal server. If this node doesn't exist, the client uses the initial certificate enrollment URL.
 
 > [!NOTE]
 > The renewal process follows the same steps as device enrollment, which means that it starts with Discovery service, followed by Enrollment policy service, and then Enrollment web service.
@@ -378,7 +363,7 @@ Optional. Specifies the URL of certificate renewal server. If this node does not
 Supported operations are Add, Get, Delete, and Replace.
 
 **My/WSTEP/Renew/RenewalPeriod**  
-Optional. The time (in days) to trigger the client to initiate the MDM client certificate renew process before the MDM certificate expires. The MDM server cannot set and update the renewal period. This parameter applies to both manual certificate renewal and request on behalf of (ROBO) certificate renewal. It is recommended that the renew period is set a couple of months before the certificate expires to ensure that the certificate gets renewed successfully with data connectivity.
+Optional. The time (in days) to trigger the client to initiate the MDM client certificate renew process before the MDM certificate expires. The MDM server can't set and update the renewal period. This parameter applies to both manual certificate renewal and request on behalf of (ROBO) certificate renewal. It's recommended that the renew period is set a couple of months before the certificate expires to ensure that the certificate gets renewed successfully with data connectivity.
 
 The default value is 42 and the valid values are 1 – 1000. Value type is an integer.
 
@@ -387,8 +372,6 @@ Supported operations are Add, Get, Delete, and Replace.
 > [!NOTE]
 > When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands.
 
- 
-
 **My/WSTEP/Renew/RetryInterval**  
 Optional. Specifies the retry interval (in days) when the previous renewal failed. It applies to both manual certificate renewal and ROBO automatic certificate renewal. The retry schedule stops at the certificate expiration date.
 
@@ -403,8 +386,6 @@ Supported operations are Add, Get, Delete, and Replace.
 > [!NOTE]
 > When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands.
 
- 
-
 **My/WSTEP/Renew/ROBOSupport**  
 Optional. Notifies the client if the MDM enrollment server supports ROBO auto certificate renewal. Value type is bool.
 
@@ -415,22 +396,17 @@ Supported operations are Add, Get, Delete, and Replace.
 > [!NOTE]
 > When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands.
 
- 
-
 **My/WSTEP/Renew/Status**  
 Required. Shows the latest action status for this certificate. Value type is an integer.
 
 Supported operation is Get.
 
-Supported values are one of the following:
+Supported values are one of the following values:
 
--   0 – Not started.
-
--   1 – Renewal in progress.
-
--   2 – Renewal succeeded.
-
--   3 – Renewal failed.
+- 0 – Not started.
+- 1 – Renewal in progress.
+- 2 – Renewal succeeded.
+- 3 – Renewal failed.
 
 **My/WSTEP/Renew/ErrorCode**  
 Optional. If certificate renewal fails, this integer value indicates the HRESULT of the last error code during the renewal process. Value type is an integer.
@@ -454,7 +430,6 @@ Supported operations are Add, Get, and Replace.
 
 ## Examples
 
-
 Add a root certificate to the MDM server.
 
 ```xml
diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md
index 5f319c9900..ef943cbe35 100644
--- a/windows/client-management/mdm/change-history-for-mdm-documentation.md
+++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md
@@ -7,14 +7,14 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 10/19/2020
 ---
 
 # Change history for Mobile Device Management documentation
 
-This article lists new and updated articles for the Mobile Device Management (MDM) documentation. Updated articles are those that had content addition, removal, or corrections—minor fixes, such as correction of typos, style, or formatting issues are not listed.
+This article lists new and updated articles for the Mobile Device Management (MDM) documentation. Updated articles are those articles that had content addition, removal, or corrections—minor fixes, such as correction of typos, style, or formatting issues aren't listed.
 
 ## November 2020
 
@@ -60,7 +60,7 @@ This article lists new and updated articles for the Mobile Device Management (MD
 |New or updated article | Description|
 |--- | ---|
 |[BitLocker CSP](bitlocker-csp.md)|Added the bitmask table for the Status/DeviceEncryptionStatus node.|
-|[Policy CSP - RestrictedGroups](policy-csp-restrictedgroups.md)| Updated the topic with additional details. Added policy timeline table. 
+|[Policy CSP - RestrictedGroups](policy-csp-restrictedgroups.md)| Updated the topic with more details. Added policy timeline table. 
 
 ## February 2020
 
@@ -101,7 +101,7 @@ This article lists new and updated articles for the Mobile Device Management (MD
 |New or updated article | Description|
 |--- | ---|
 |[DiagnosticLog CSP](diagnosticlog-csp.md)
                    [DiagnosticLog DDF](diagnosticlog-ddf.md)|Added version 1.4 of the CSP in Windows 10, version 1903. Added the new 1.4 version of the DDF. Added the following new nodes:
                    Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelName/MaximumFileSize, Policy/Channels/ChannelName/SDDL, Policy/Channels/ChannelName/ActionWhenFull, Policy/Channels/ChannelName/Enabled, DiagnosticArchive, DiagnosticArchive/ArchiveDefinition, DiagnosticArchive/ArchiveResults.|
-|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Enhanced the article to include additional reference links and the following two topics:
                    Verify auto-enrollment requirements and settings, Troubleshoot auto-enrollment of devices.|
+|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Enhanced the article to include more reference links and the following two topics:
                    Verify auto-enrollment requirements and settings, Troubleshoot auto-enrollment of devices.|
 
 ## July 2019
 
@@ -111,7 +111,7 @@ This article lists new and updated articles for the Mobile Device Management (MD
 |[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.|
 |[PassportForWork CSP](passportforwork-csp.md)|Added the following new nodes in Windows 10, version 1903:
                    SecurityKey, SecurityKey/UseSecurityKeyForSignin|
 |[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies:
                    LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock|
-|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:
                    Create a custom configuration service provider
                    Design a custom configuration service provider
                    IConfigServiceProvider2
                    IConfigServiceProvider2::ConfigManagerNotification
                    IConfigServiceProvider2::GetNode
                    ICSPNode
                    ICSPNode::Add
                    ICSPNode::Clear
                    ICSPNode::Copy
                    ICSPNode::DeleteChild
                    ICSPNode::DeleteProperty
                    ICSPNode::Execute
                    ICSPNode::GetChildNodeNames
                    ICSPNode::GetProperty
                    ICSPNode::GetPropertyIdentifiers
                    ICSPNode::GetValue
                    ICSPNode::Move
                    ICSPNode::SetProperty
                    ICSPNode::SetValue
                    ICSPNodeTransactioning
                    ICSPValidate
                    Samples for writing a custom configuration service provider.|
+|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs isn't currently supported:
                    Create a custom configuration service provider
                    Design a custom configuration service provider
                    IConfigServiceProvider2
                    IConfigServiceProvider2::ConfigManagerNotification
                    IConfigServiceProvider2::GetNode
                    ICSPNode
                    ICSPNode::Add
                    ICSPNode::Clear
                    ICSPNode::Copy
                    ICSPNode::DeleteChild
                    ICSPNode::DeleteProperty
                    ICSPNode::Execute
                    ICSPNode::GetChildNodeNames
                    ICSPNode::GetProperty
                    ICSPNode::GetPropertyIdentifiers
                    ICSPNode::GetValue
                    ICSPNode::Move
                    ICSPNode::SetProperty
                    ICSPNode::SetValue
                    ICSPNodeTransactioning
                    ICSPValidate
                    Samples for writing a custom configuration service provider.|
 
 ## June 2019
 
@@ -141,7 +141,7 @@ This article lists new and updated articles for the Mobile Device Management (MD
 
 |                                         New or updated article                                          |                                                                                                                                                                                                          Description                                                                                                                                                                                                          |
 |-------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) | Added the following warning at the end of the Overview section:
                    Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined. |
+| [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) | Added the following warning at the end of the Overview section:
                    Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it doesn't. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined. |
 |                          [Policy CSP - UserRights](policy-csp-userrights.md)                          |                                                                                                                                  Added a note stating if you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag () to wrap the data fields.                                                                                                                                  |
 
 ## March 2019
@@ -179,907 +179,141 @@ This article lists new and updated articles for the Mobile Device Management (MD
 
 ## August 2018
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    New or updated articleDescription
                    BitLocker CSP
                    Added support for Windows 10 Pro starting in the version 1809.
                    
-
                    Office CSP
                    Added FinalStatus setting in Windows 10, version 1809.
                    
-
                    RemoteWipe CSP
                    Added new settings in Windows 10, version 1809.
                    
-
                    TenantLockdown CSP
                    Added new CSP in Windows 10, version 1809.
                    
-
                    WindowsDefenderApplicationGuard CSP
                    Added new settings in Windows 10, version 1809.
                    
-
                    Policy DDF file
                    Posted an updated version of the Policy DDF for Windows 10, version 1809.
                    
-
                    Policy CSP
                    Added the following new policies in Windows 10, version 1809:
                    
-
                      
-
                    • Browser/AllowFullScreenMode
                      • 
-
                    • Browser/AllowPrelaunch
                      • 
-
                    • Browser/AllowPrinting
                      • 
-
                    • Browser/AllowSavingHistory
                      • 
-
                    • Browser/AllowSideloadingOfExtensions
                      • 
-
                    • Browser/AllowTabPreloading
                      • 
-
                    • Browser/AllowWebContentOnNewTabPage
                      • 
-
                    • Browser/ConfigureFavoritesBar
                      • 
-
                    • Browser/ConfigureHomeButton
                      • 
-
                    • Browser/ConfigureKioskMode
                      • 
-
                    • Browser/ConfigureKioskResetAfterIdleTimeout
                      • 
-
                    • Browser/ConfigureOpenMicrosoftEdgeWith
                      • 
-
                    • Browser/ConfigureTelemetryForMicrosoft365Analytics
                      • 
-
                    • Browser/PreventCertErrorOverrides
                      • 
-
                    • Browser/SetHomeButtonURL
                      • 
-
                    • Browser/SetNewTabPageURL
                      • 
-
                    • Browser/UnlockHomeButton
                      • 
-
                    • Experience/DoNotSyncBrowserSettings
                      • 
-
                    • Experience/PreventUsersFromTurningOnBrowserSyncing
                      • 
-
                    • Kerberos/UPNNameHints
                      • 
-
                    • Privacy/AllowCrossDeviceClipboard
                      • 
-
                    • Privacy/DisablePrivacyExperience
                      • 
-
                    • Privacy/UploadUserActivities
                      • 
-
                    • System/AllowDeviceNameInDiagnosticData
                      • 
-
                    • System/ConfigureMicrosoft365UploadEndpoint
                      • 
-
                    • System/DisableDeviceDelete
                      • 
-
                    • System/DisableDiagnosticDataViewer
                      • 
-
                    • Storage/RemovableDiskDenyWriteAccess
                      • 
-
                    • Update/UpdateNotificationLevel
                      • 
-
                    
-
                    Start/DisableContextMenus - added in Windows 10, version 1803.
                    
-
                    RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.
                    
-
                    
+|New or updated article|Description|
+|--- |--- |
+|[BitLocker CSP](bitlocker-csp.md)|Added support for Windows 10 Pro starting in the version 1809.|
+|[Office CSP](office-csp.md)|Added FinalStatus setting in Windows 10, version 1809.|
+|[RemoteWipe CSP](remotewipe-csp.md)|Added new settings in Windows 10, version 1809.|
+|[TenantLockdown CSP](tenantlockdown-csp.md)|Added new CSP in Windows 10, version 1809.|
+|[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added new settings in Windows 10, version 1809.|
+|[Policy DDF file](policy-ddf-file.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.|
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
                  • Browser/AllowFullScreenMode
                  • Browser/AllowPrelaunch
                  • Browser/AllowPrinting
                  • Browser/AllowSavingHistory
                  • Browser/AllowSideloadingOfExtensions
                  • Browser/AllowTabPreloading
                  • Browser/AllowWebContentOnNewTabPage
                  • Browser/ConfigureFavoritesBar
                  • Browser/ConfigureHomeButton
                  • Browser/ConfigureKioskMode
                  • Browser/ConfigureKioskResetAfterIdleTimeout
                  • Browser/ConfigureOpenMicrosoftEdgeWith
                  • Browser/ConfigureTelemetryForMicrosoft365Analytics
                  • Browser/PreventCertErrorOverrides
                  • Browser/SetHomeButtonURL
                  • Browser/SetNewTabPageURL
                  • Browser/UnlockHomeButton
                  • Experience/DoNotSyncBrowserSettings
                  • Experience/PreventUsersFromTurningOnBrowserSyncing
                  • Kerberos/UPNNameHints
                  • Privacy/AllowCrossDeviceClipboard
                  • Privacy
                  • DisablePrivacyExperience
                  • Privacy/UploadUserActivities
                  • System/AllowDeviceNameInDiagnosticData
                  • System/ConfigureMicrosoft365UploadEndpoint
                  • System/DisableDeviceDelete
                  • System/DisableDiagnosticDataViewer
                  • Storage/RemovableDiskDenyWriteAccess
                  • Update/UpdateNotificationLevel

                    Start/DisableContextMenus - added in Windows 10, version 1803.

                    RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.|
 
 ## July 2018
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    New or updated articleDescription
                    AssignedAccess CSP
                    Added the following note:
                    
-
                      
-
                    • You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.
                      • 
-
                    
-
                    PassportForWork  CSP
                    Added new settings in Windows 10, version 1809.
                    
-
                    EnterpriseModernAppManagement  CSP
                    Added NonRemovable setting under AppManagement node in Windows 10, version 1809.
                    
-
                    Win32CompatibilityAppraiser  CSP
                    Added new configuration service provider in Windows 10, version 1809.
                    
-
                    WindowsLicensing  CSP
                    Added S mode settings and SyncML examples in Windows 10, version 1809.
                    
-
                    SUPL CSP
                    Added 3 new certificate nodes in Windows 10, version 1809.
                    
-
                    Defender CSP
                    Added a new node Health/ProductStatus in Windows 10, version 1809.
                    
-
                    BitLocker CSP
                    Added a new node AllowStandardUserEncryption in Windows 10, version 1809.
                    
-
                    DevDetail CSP
                    Added a new node SMBIOSSerialNumber in Windows 10, version 1809.
                    
-
                    Policy CSP
                    Added the following new policies in Windows 10, version 1809:
                    
-
                      
-
                    • ApplicationManagement/LaunchAppAfterLogOn
                      • 
-
                    • ApplicationManagement/ScheduleForceRestartForUpdateFailures 
                      • 
-
                    • Authentication/EnableFastFirstSignIn (Preview mode only)
                      • 
-
                    • Authentication/EnableWebSignIn (Preview mode only)
                      • 
-
                    • Authentication/PreferredAadTenantDomainName
                      • 
-
                    • Defender/CheckForSignaturesBeforeRunningScan
                      • 
-
                    • Defender/DisableCatchupFullScan 
                      • 
-
                    • Defender/DisableCatchupQuickScan 
                      • 
-
                    • Defender/EnableLowCPUPriority
                      • 
-
                    • Defender/SignatureUpdateFallbackOrder
                      • 
-
                    • Defender/SignatureUpdateFileSharesSources
                      • 
-
                    • DeviceGuard/ConfigureSystemGuardLaunch
                      • 
-
                    • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
                      • 
-
                    • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
                      • 
-
                    • DeviceInstallation/PreventDeviceMetadataFromNetwork
                      • 
-
                    • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
                      • 
-
                    • DmaGuard/DeviceEnumerationPolicy
                      • 
-
                    • Experience/AllowClipboardHistory
                      • 
-
                    • Security/RecoveryEnvironmentAuthentication
                      • 
-
                    • TaskManager/AllowEndTask
                      • 
-
                    • WindowsDefenderSecurityCenter/DisableClearTpmButton
                      • 
-
                    • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
                      • 
-
                    • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
                      • 
-
                    • WindowsLogon/DontDisplayNetworkSelectionUI
                      • 
-
                    
-
                    Recent changes:
                    
-
                      
-
                    • DataUsage/SetCost3G - deprecated in Windows 10, version 1809.
                      • 
-
                    
-
                    
+|New or updated article|Description|
+|--- |--- |
+|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following note:

                    You can only assign one single app kiosk profile to an individual user account on a device. The single app profile doesn't support domain groups.|
+|[PassportForWork  CSP](passportforwork-csp.md)|Added new settings in Windows 10, version 1809.|
+|[EnterpriseModernAppManagement  CSP](enterprisemodernappmanagement-csp.md)|Added NonRemovable setting under AppManagement node in Windows 10, version 1809.|
+|[Win32CompatibilityAppraiser  CSP](win32compatibilityappraiser-csp.md)|Added new configuration service provider in Windows 10, version 1809.|
+|[WindowsLicensing  CSP](windowslicensing-csp.md)|Added S mode settings and SyncML examples in Windows 10, version 1809.|
+|[SUPL CSP](supl-csp.md)|Added three new certificate nodes in Windows 10, version 1809.|
+|[Defender CSP](defender-csp.md)|Added a new node Health/ProductStatus in Windows 10, version 1809.|
+|[BitLocker CSP](bitlocker-csp.md)|Added a new node AllowStandardUserEncryption in Windows 10, version 1809.|
+|[DevDetail CSP](devdetail-csp.md)|Added a new node SMBIOSSerialNumber in Windows 10, version 1809.|
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
                  • ApplicationManagement/LaunchAppAfterLogOn
                  • ApplicationManagement/ScheduleForceRestartForUpdateFailures 
                  • Authentication/EnableFastFirstSignIn (Preview mode only)
                  • Authentication/EnableWebSignIn (Preview mode only)
                  • Authentication/PreferredAadTenantDomainName
                  • Defender/CheckForSignaturesBeforeRunningScan
                  • Defender/DisableCatchupFullScan 
                  • Defender/DisableCatchupQuickScan 
                  • Defender/EnableLowCPUPriority
                  • Defender/SignatureUpdateFallbackOrder
                  • Defender/SignatureUpdateFileSharesSources
                  • DeviceGuard/ConfigureSystemGuardLaunch
                  • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
                  • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
                  • DeviceInstallation/PreventDeviceMetadataFromNetwork
                  • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
                  • DmaGuard/DeviceEnumerationPolicy
                  • Experience/AllowClipboardHistory
                  • Security/RecoveryEnvironmentAuthentication
                  • TaskManager/AllowEndTask
                  • WindowsDefenderSecurityCenter/DisableClearTpmButton
                  • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
                  • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
                  • WindowsLogon/DontDisplayNetworkSelectionUI

                    Recent changes:
                  • DataUsage/SetCost3G - deprecated in Windows 10, version 1809.|
 
 ## June 2018
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    New or updated articleDescription
                    Wifi CSP
                    Added a new node WifiCost in Windows 10, version 1809.
                    
-
                    Diagnose MDM failures in Windows 10
                    Recent changes:
                    
-
                      
-
                    • Added procedure for collecting logs remotely from Windows 10 Holographic.
                      • 
-
                    • Added procedure for downloading the MDM Diagnostic Information log.
                      • 
-
                    
-
                    BitLocker CSP
                    Added new node AllowStandardUserEncryption in Windows 10, version 1809.
                    
-
                    Policy CSP
                    Recent changes:
                    
-
                      
-
                    • AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration - removed from docs. Not supported.
                      • 
-
                    • AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.
                      • 
-
                    • AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.
                      • 
-
                    • LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.
                      • 
-
                    • System/AllowFontProviders is not supported in HoloLens (1st gen) Commercial Suite.
                      • 
-
                    • Security/RequireDeviceEncryption is supported in the Home SKU.
                      • 
-
                    • Start/StartLayout - added a table of SKU support information.
                      • 
-
                    • Start/ImportEdgeAssets - added a table of SKU support information.
                      • 
-
                    
-
                    Added the following new policies in Windows 10, version 1809:
                    
-
                      
-
                    • Update/EngagedRestartDeadlineForFeatureUpdates
                      • 
-
                    • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
                      • 
-
                    • Update/EngagedRestartTransitionScheduleForFeatureUpdates
                      • 
-
                    • Update/SetDisablePauseUXAccess
                      • 
-
                    • Update/SetDisableUXWUAccess
                      • 
-
                    
-
                    WiredNetwork CSPNew CSP added in Windows 10, version 1809.
-
                    
+|New or updated article|Description|
+|--- |--- |
+|[Wifi CSP](wifi-csp.md)|Added a new node WifiCost in Windows 10, version 1809.|
+|[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)|Recent changes:
                  • Added procedure for collecting logs remotely from Windows 10 Holographic.
                  • Added procedure for downloading the MDM Diagnostic Information log.|
+|[BitLocker CSP](bitlocker-csp.md)|Added new node AllowStandardUserEncryption in Windows 10, version 1809.|
+|[Policy CSP](policy-configuration-service-provider.md)|Recent changes:
                  • AccountPoliciesAccountLockoutPolicy
                  • AccountLockoutDuration - removed from docs. Not supported.
                  • AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.
                  • AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.
                  • LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.
                  • System/AllowFontProviders isn't supported in HoloLens (first gen) Commercial Suite.
                  • Security/RequireDeviceEncryption is supported in the Home SKU.
                  • Start/StartLayout - added a table of SKU support information.
                  • Start/ImportEdgeAssets - added a table of SKU support information.

                    Added the following new policies in Windows 10, version 1809:
                  • Update/EngagedRestartDeadlineForFeatureUpdates
                  • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
                  • Update/EngagedRestartTransitionScheduleForFeatureUpdates
                  • Update/SetDisablePauseUXAccess
                  • Update/SetDisableUXWUAccess|
+|[WiredNetwork CSP](wirednetwork-csp.md)|New CSP added in Windows 10, version 1809.|
 
 ## May 2018
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    New or updated articleDescription
                    Policy DDF file
                    Updated the DDF files in the Windows 10 version 1703 and 1709.
                    
-
-
                    
+|New or updated article|Description|
+|--- |--- |
+|[Policy DDF file](policy-ddf-file.md)|Updated the DDF files in the Windows 10 version 1703 and 1709.
                  • [Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
                  • [Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)|
 
 ## April 2018
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    New or updated articleDescription
                    WindowsDefenderApplicationGuard CSP
                    Added the following node in Windows 10, version 1803:
                    
-
                      
-
                    • Settings/AllowVirtualGPU
                      • 
-
                    • Settings/SaveFilesToHost
                      • 
-
                    
-
                    NetworkProxy CSP
                    Added the following node in Windows 10, version 1803:
                    
-
                      
-
                    • ProxySettingsPerUser
                      • 
-
                    
-
                    Accounts CSP
                    Added a new CSP in Windows 10, version 1803.
                    
-
                    MDM Migration Analysis Tool (MMAT)
                    Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.
                    
-
                    CSP DDF files download
                    Added the DDF download of Windows 10, version 1803 configuration service providers.
                    
-
                    Policy CSP
                    Added the following new policies for Windows 10, version 1803:
                    
-
                      
-
                    • Bluetooth/AllowPromptedProximalConnections
                      • 
-
                    • KioskBrowser/EnableEndSessionButton
                      • 
-
                    • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication
                      • 
-
                    • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic
                      • 
-
                    • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic
                      • 
-
                    • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers
                      • 
-
                    
-
                    
+|New or updated article|Description|
+|--- |--- |
+|[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added the following node in Windows 10, version 1803:
                  • Settings/AllowVirtualGPU
                  • Settings/SaveFilesToHost|
+|[NetworkProxy CSP](networkproxy-csp.md)|Added the following node in Windows 10, version 1803:
                  • ProxySettingsPerUser|
+|[Accounts CSP](accounts-csp.md)|Added a new CSP in Windows 10, version 1803.|
+|[MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat)|Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.|
+|[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)|Added the DDF download of Windows 10, version 1803 configuration service providers.|
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
                  • Bluetooth/AllowPromptedProximalConnections
                  • KioskBrowser/EnableEndSessionButton
                  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication
                  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic
                  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic
                  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers|
 
 ## March 2018
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    New or updated articleDescription
                    eUICCs CSP
                    Added the following node in Windows 10, version 1803:
                    
-
                      
-
                    • IsEnabled
                      • 
-
                    
-
                    DeviceStatus CSP
                    Added the following node in Windows 10, version 1803:
                    
-
                      
-
                    • OS/Mode
                      • 
-
                    
-
                    Understanding ADMX-backed policies
                    Added the following videos:
                    
-
-
                    AccountManagement CSP
                    Added a new CSP in Windows 10, version 1803.
                    
-
                    RootCATrustedCertificates CSP
                    Added the following node in Windows 10, version 1803:
                    
-
                      
-
                    • UntrustedCertificates
                      • 
-
                    
-
                    Policy CSP
                    Added the following new policies for Windows 10, version 1803:
                    
-
                      
-
                    • ApplicationDefaults/EnableAppUriHandlers
                      • 
-
                    • ApplicationManagement/MSIAllowUserControlOverInstall
                      • 
-
                    • ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
                      • 
-
                    • Connectivity/AllowPhonePCLinking
                      • 
-
                    • Notifications/DisallowCloudNotification
                      • 
-
                    • Notifications/DisallowTileNotification
                      • 
-
                    • RestrictedGroups/ConfigureGroupMembership
                      • 
-
                    
-
                    The following existing policies were updated:
                    
-
                      
-
                    • Browser/AllowCookies - updated the supported values. There are 3 values - 0, 1, 2.
                      • 
-
                    • InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
                      • 
-
                    • TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.
                      • 
-
                    
-
                    Added a new section:
                    
-
-
                    Policy CSP - Bluetooth
                    Added new section ServicesAllowedList usage guide.
                    
-
                    MultiSIM CSP
                    Added SyncML examples and updated the settings descriptions.
                    
-
                    RemoteWipe CSP
                    Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.
                    
-
                    
+|New or updated article|Description|
+|--- |--- |
+|[eUICCs CSP](euiccs-csp.md)|Added the following node in Windows 10, version 1803:
                  • IsEnabled|
+|[DeviceStatus CSP](devicestatus-csp.md)|Added the following node in Windows 10, version 1803:
                  • OS/Mode|
+|[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)|Added the following videos:
                  • [How to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune](https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121)
                  • [How to import a custom ADMX file to a device using Intune](https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73)|
+|[AccountManagement CSP](accountmanagement-csp.md)|Added a new CSP in Windows 10, version 1803.|
+|[RootCATrustedCertificates CSP](rootcacertificates-csp.md)|Added the following node in Windows 10, version 1803:
                  • UntrustedCertificates|
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
                  • ApplicationDefaults/EnableAppUriHandlers
                  • ApplicationManagement/MSIAllowUserControlOverInstall
                  • ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
                  • Connectivity/AllowPhonePCLinking
                  • Notifications/DisallowCloudNotification
                  • Notifications/DisallowTileNotification
                  • RestrictedGroups/ConfigureGroupMembership

                    The following existing policies were updated:
                  • Browser/AllowCookies - updated the supported values. There are three values - 0, 1, 2.
                  • InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
                  • TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.

                    Added a new section:
                  • [[Policies in Policy CSP supported by Group Policy](/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy) - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.|
+|[Policy CSP - Bluetooth](policy-csp-bluetooth.md)|Added new section [ServicesAllowedList usage guide](policy-csp-bluetooth.md#servicesallowedlist-usage-guide).|
+|[MultiSIM CSP](multisim-csp.md)|Added SyncML examples and updated the settings descriptions.|
+|[RemoteWipe CSP](remotewipe-csp.md)|Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.|
 
 ## February 2018
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    New or updated articleDescription
                    Policy CSP
                    Added the following new policies for Windows 10, version 1803:
                    
-
                      
-
                    • Display/DisablePerProcessDpiForApps
                      • 
-
                    • Display/EnablePerProcessDpi
                      • 
-
                    • Display/EnablePerProcessDpiForApps
                      • 
-
                    • Experience/AllowWindowsSpotlightOnSettings
                      • 
-
                    • TextInput/ForceTouchKeyboardDockedState
                      • 
-
                    • TextInput/TouchKeyboardDictationButtonAvailability
                      • 
-
                    • TextInput/TouchKeyboardEmojiButtonAvailability
                      • 
-
                    • TextInput/TouchKeyboardFullModeAvailability
                      • 
-
                    • TextInput/TouchKeyboardHandwritingModeAvailability
                      • 
-
                    • TextInput/TouchKeyboardNarrowModeAvailability
                      • 
-
                    • TextInput/TouchKeyboardSplitModeAvailability
                      • 
-
                    • TextInput/TouchKeyboardWideModeAvailability
                      • 
-
                        
-
                    VPNv2 ProfileXML XSD
                    Updated the XSD and Plug-in profile example for VPNv2 CSP.
                    
-
                    AssignedAccess CSP
                    Added the following nodes in Windows 10, version 1803:
                    
-
                      
-
                    • Status
                      • 
-
                    • ShellLauncher
                      • 
-
                    • StatusConfiguration
                      • 
-
                    
-
                    Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite.
                    
-
                    MultiSIM CSP
                    Added a new CSP in Windows 10, version 1803.
                    
-
                    EnterpriseModernAppManagement CSP
                    Added the following node in Windows 10, version 1803:
                    
-
                      
-
                    • MaintainProcessorArchitectureOnUpdate
                      • 
-
                    
-
                    
+|New or updated article|Description|
+|--- |--- |
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
                  • Display/DisablePerProcessDpiForApps
                  • Display/EnablePerProcessDpi
                  • Display/EnablePerProcessDpiForApps
                  • Experience/AllowWindowsSpotlightOnSettings
                  • TextInput/ForceTouchKeyboardDockedState
                  • TextInput/TouchKeyboardDictationButtonAvailability
                  • TextInput/TouchKeyboardEmojiButtonAvailability
                  • TextInput/TouchKeyboardFullModeAvailability
                  • TextInput/TouchKeyboardHandwritingModeAvailability
                  • TextInput/TouchKeyboardNarrowModeAvailability
                  • TextInput/TouchKeyboardSplitModeAvailability
                  • TextInput/TouchKeyboardWideModeAvailability|
+|[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)|Updated the XSD and Plug-in profile example for VPNv2 CSP.|
+|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following nodes in Windows 10, version 1803:
                  • Status
                  • ShellLauncher
                  • StatusConfiguration

                    Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (first gen) Commercial Suite. Added example for HoloLens (first gen) Commercial Suite.|
+|[MultiSIM CSP](multisim-csp.md)|Added a new CSP in Windows 10, version 1803.|
+|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following node in Windows 10, version 1803:
                  • MaintainProcessorArchitectureOnUpdate|
 
 ## January 2018
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    New or updated articleDescription
                    Policy CSP
                    Added the following new policies for Windows 10, version 1803:
                    
-
                      
-
                    • Browser/AllowConfigurationUpdateForBooksLibrary
                      • 
-
                    • Browser/AlwaysEnableBooksLibrary
                      • 
-
                    • Browser/EnableExtendedBooksTelemetry
                      • 
-
                    • Browser/UseSharedFolderForBooks
                      • 
-
                    • DeliveryOptimization/DODelayBackgroundDownloadFromHttp
                      • 
-
                    • DeliveryOptimization/DODelayForegroundDownloadFromHttp
                      • 
-
                    • DeliveryOptimization/DOGroupIdSource
                      • 
-
                    • DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth
                      • 
-
                    • DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth
                      • 
-
                    • DeliveryOptimization/DORestrictPeerSelectionBy
                      • 
-
                    • DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
                      • 
-
                    • DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
                      • 
-
                    • KioskBrowser/BlockedUrlExceptions
                      • 
-
                    • KioskBrowser/BlockedUrls
                      • 
-
                    • KioskBrowser/DefaultURL
                      • 
-
                    • KioskBrowser/EnableHomeButton
                      • 
-
                    • KioskBrowser/EnableNavigationButtons
                      • 
-
                    • KioskBrowser/RestartOnIdleTime
                      • 
-
                    • LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
                      • 
-
                    • LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
                      • 
-
                    • LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
                      • 
-
                    • LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
                      • 
-
                    • LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
                      • 
-
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
                      • 
-
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
                      • 
-
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
                      • 
-
                    • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
                      • 
-
                    • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
                      • 
-
                    • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
                      • 
-
                    • LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
                      • 
-
                    • LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
                      • 
-
                    • LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
                      • 
-
                    • LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
                      • 
-
                    • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients
                      • 
-
                    • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
                      • 
-
                    • LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
                      • 
-
                    • LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
                      • 
-
                    • LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
                      • 
-
                    • RestrictedGroups/ConfigureGroupMembership
                      • 
-
                    • Search/AllowCortanaInAAD
                      • 
-
                    • Search/DoNotUseWebResults
                      • 
-
                    • Security/ConfigureWindowsPasswords
                      • 
-
                    • System/FeedbackHubAlwaysSaveDiagnosticsLocally
                      • 
-
                    • SystemServices/ConfigureHomeGroupListenerServiceStartupMode
                      • 
-
                    • SystemServices/ConfigureHomeGroupProviderServiceStartupMode
                      • 
-
                    • SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
                      • 
-
                    • SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
                      • 
-
                    • SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
                      • 
-
                    • SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
                      • 
-
                    • TaskScheduler/EnableXboxGameSaveTask
                      • 
-
                    • TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
                      • 
-
                    • Update/ConfigureFeatureUpdateUninstallPeriod
                      • 
-
                    • UserRights/AccessCredentialManagerAsTrustedCaller
                      • 
-
                    • UserRights/AccessFromNetwork
                      • 
-
                    • UserRights/ActAsPartOfTheOperatingSystem
                      • 
-
                    • UserRights/AllowLocalLogOn
                      • 
-
                    • UserRights/BackupFilesAndDirectories
                      • 
-
                    • UserRights/ChangeSystemTime
                      • 
-
                    • UserRights/CreateGlobalObjects
                      • 
-
                    • UserRights/CreatePageFile
                      • 
-
                    • UserRights/CreatePermanentSharedObjects
                      • 
-
                    • UserRights/CreateSymbolicLinks
                      • 
-
                    • UserRights/CreateToken
                      • 
-
                    • UserRights/DebugPrograms
                      • 
-
                    • UserRights/DenyAccessFromNetwork
                      • 
-
                    • UserRights/DenyLocalLogOn
                      • 
-
                    • UserRights/DenyRemoteDesktopServicesLogOn
                      • 
-
                    • UserRights/EnableDelegation
                      • 
-
                    • UserRights/GenerateSecurityAudits
                      • 
-
                    • UserRights/ImpersonateClient
                      • 
-
                    • UserRights/IncreaseSchedulingPriority
                      • 
-
                    • UserRights/LoadUnloadDeviceDrivers
                      • 
-
                    • UserRights/LockMemory
                      • 
-
                    • UserRights/ManageAuditingAndSecurityLog
                      • 
-
                    • UserRights/ManageVolume
                      • 
-
                    • UserRights/ModifyFirmwareEnvironment
                      • 
-
                    • UserRights/ModifyObjectLabel
                      • 
-
                    • UserRights/ProfileSingleProcess
                      • 
-
                    • UserRights/RemoteShutdown
                      • 
-
                    • UserRights/RestoreFilesAndDirectories
                      • 
-
                    • UserRights/TakeOwnership
                      • 
-
                    • WindowsDefenderSecurityCenter/DisableAccountProtectionUI
                      • 
-
                    • WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
                      • 
-
                    • WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
                      • 
-
                    • WindowsDefenderSecurityCenter/HideSecureBoot
                      • 
-
                    • WindowsDefenderSecurityCenter/HideTPMTroubleshooting
                      • 
-
                    
-
                    Added the following policies the were added in Windows 10, version 1709
                    
-
                      
-
                    • DeviceLock/MinimumPasswordAge
                      • 
-
                    • Settings/AllowOnlineTips
                      • 
-
                    • System/DisableEnterpriseAuthProxy 
                      • 
-
                    
-
                    Security/RequireDeviceEncryption - updated to show it is supported in desktop.
                    
-
                    BitLocker CSP
                    Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.
                    
-
                    EnterpriseModernAppManagement CSP
                    Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.
                    
-
                    DMClient CSP
                    Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:
                    
-
                      
-
                    • AADSendDeviceToken
                      • 
-
                    • BlockInStatusPage
                      • 
-
                    • AllowCollectLogsButton
                      • 
-
                    • CustomErrorText
                      • 
-
                    • SkipDeviceStatusPage
                      • 
-
                    • SkipUserStatusPage
                      • 
-
                    
-
                    Defender CSP
                    Added new node (OfflineScan) in Windows 10, version 1803.
                    
-
                    UEFI CSP
                    Added a new CSP in Windows 10, version 1803.
                    
-
                    Update CSP
                    Added the following nodes in Windows 10, version 1803:
                    
-
                      
-
                    • Rollback
                      • 
-
                    • Rollback/FeatureUpdate
                      • 
-
                    • Rollback/QualityUpdateStatus
                      • 
-
                    • Rollback/FeatureUpdateStatus
                      • 
-
                    
-
                    
+|New or updated article|Description|
+|--- |--- |
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
                  • Browser/AllowConfigurationUpdateForBooksLibrary
                  • Browser/AlwaysEnableBooksLibrary
                  • Browser/EnableExtendedBooksTelemetry
                  • Browser/UseSharedFolderForBooks
                  • DeliveryOptimization/DODelayBackgroundDownloadFromHttp
                  • DeliveryOptimization/DODelayForegroundDownloadFromHttp
                  • DeliveryOptimization/DOGroupIdSource
                  • DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth
                  • DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth
                  • DeliveryOptimization/DORestrictPeerSelectionBy
                  • DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
                  • DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
                  • KioskBrowser/BlockedUrlExceptions
                  • KioskBrowser/BlockedUrls
                  • KioskBrowser/DefaultURL
                  • KioskBrowser/EnableHomeButton
                  • KioskBrowser/EnableNavigationButtons
                  • KioskBrowser/RestartOnIdleTime
                  • LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
                  • LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
                  • LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
                  • LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
                  • LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
                  • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
                  • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
                  • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
                  • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
                  • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
                  • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
                  • LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
                  • LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
                  • LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
                  • LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
                  • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients
                  • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
                  • LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
                  • LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
                  • LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
                  • RestrictedGroups/ConfigureGroupMembership
                  • Search/AllowCortanaInAAD
                  • Search/DoNotUseWebResults
                  • Security/ConfigureWindowsPasswords
                  • System/FeedbackHubAlwaysSaveDiagnosticsLocally
                  • SystemServices/ConfigureHomeGroupListenerServiceStartupMode
                  • SystemServices/ConfigureHomeGroupProviderServiceStartupMode
                  • SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
                  • SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
                  • SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
                  • SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
                  • TaskScheduler/EnableXboxGameSaveTask
                  • TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
                  • Update/ConfigureFeatureUpdateUninstallPeriod
                  • UserRights/AccessCredentialManagerAsTrustedCaller
                  • UserRights/AccessFromNetwork
                  • UserRights/ActAsPartOfTheOperatingSystem
                  • UserRights/AllowLocalLogOn
                  • UserRights/BackupFilesAndDirectories
                  • UserRights/ChangeSystemTime
                  • UserRights/CreateGlobalObjects
                  • UserRights/CreatePageFile
                  • UserRights/CreatePermanentSharedObjects
                  • UserRights/CreateSymbolicLinks
                  • UserRights/CreateToken
                  • UserRights/DebugPrograms
                  • UserRights/DenyAccessFromNetwork
                  • UserRights/DenyLocalLogOn
                  • UserRights/DenyRemoteDesktopServicesLogOn
                  • UserRights/EnableDelegation
                  • UserRights/GenerateSecurityAudits
                  • UserRights/ImpersonateClient
                  • UserRights/IncreaseSchedulingPriority
                  • UserRights/LoadUnloadDeviceDrivers
                  • UserRights/LockMemory
                  • UserRights/ManageAuditingAndSecurityLog
                  • UserRights/ManageVolume
                  • UserRights/ModifyFirmwareEnvironment
                  • UserRights/ModifyObjectLabel
                  • UserRights/ProfileSingleProcess
                  • UserRights/RemoteShutdown
                  • UserRights/RestoreFilesAndDirectories
                  • UserRights/TakeOwnership
                  • WindowsDefenderSecurityCenter/DisableAccountProtectionUI
                  • WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
                  • WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
                  • WindowsDefenderSecurityCenter/HideSecureBoot
                  • WindowsDefenderSecurityCenter/HideTPMTroubleshooting

                    Added the following policies in Windows 10, version 1709
                  • DeviceLock/MinimumPasswordAge
                  • Settings/AllowOnlineTips
                  • System/DisableEnterpriseAuthProxy

                    Security/RequireDeviceEncryption - updated to show it's supported in desktop.|
+|[BitLocker CSP](bitlocker-csp.md)|Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.|
+|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.|
+|[DMClient CSP](dmclient-csp.md)|Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:
                  • AADSendDeviceToken
                  • BlockInStatusPage
                  • AllowCollectLogsButton
                  • CustomErrorText
                  • SkipDeviceStatusPage
                  • SkipUserStatusPage|
+|[Defender CSP](defender-csp.md)|Added new node (OfflineScan) in Windows 10, version 1803.|
+|[UEFI CSP](uefi-csp.md)|Added a new CSP in Windows 10, version 1803.|
+|[Update CSP](update-csp.md)|Added the following nodes in Windows 10, version 1803:
                  • Rollback
                  • Rollback/FeatureUpdate
                  • Rollback/QualityUpdateStatus
                  • Rollback/FeatureUpdateStatus|
 
 ## December 2017
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    New or updated articleDescription
                    Configuration service provider reference
                    Added new section CSP DDF files download
                    
-
                    
+|New or updated article|Description|
+|--- |--- |
+|[Configuration service provider reference](configuration-service-provider-reference.md)|Added new section [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)|
 
 ## November 2017
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    New or updated articleDescription
                    Policy CSP
                    Added the following policies for Windows 10, version 1709:
                    
-
                      
-
                    • Authentication/AllowFidoDeviceSignon
                      • 
-
                    • Cellular/LetAppsAccessCellularData
                      • 
-
                    • Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
                      • 
-
                    • Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
                      • 
-
                    • Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
                      • 
-
                    • Start/HidePeopleBar
                      • 
-
                    • Storage/EnhancedStorageDevices
                      • 
-
                    • Update/ManagePreviewBuilds
                      • 
-
                    • WirelessDisplay/AllowMdnsAdvertisement
                      • 
-
                    • WirelessDisplay/AllowMdnsDiscovery
                      • 
-
                    
-
                    Added missing policies from previous releases:
                    
-
                      
-
                    • Connectivity/DisallowNetworkConnectivityActiveTest
                      • 
-
                    • Search/AllowWindowsIndexer
                      • 
-
                    
-
                    
+|New or updated article|Description|
+|--- |--- |
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following policies for Windows 10, version 1709:
                  • Authentication/AllowFidoDeviceSignon
                  • Cellular/LetAppsAccessCellularData
                  • Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
                  • Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
                  • Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
                  • Start/HidePeopleBar
                  • Storage/EnhancedStorageDevices
                  • Update/ManagePreviewBuilds
                  • WirelessDisplay/AllowMdnsAdvertisement
                  • WirelessDisplay/AllowMdnsDiscovery

                    Added missing policies from previous releases:
                  • Connectivity/DisallowNetworkConnectivityActiveTest
                  • Search/AllowWindowsIndexer|
 
 ## October 2017
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    New or updated articleDescription
                    Policy DDF file
                    Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709.
                    
-
                    Policy CSP
                    Updated the following policies:
                    
-
                      
-
                    • Defender/ControlledFolderAccessAllowedApplications - string separator is |.
                      • 
-
                    • Defender/ControlledFolderAccessProtectedFolders - string separator is |.
                      • 
-
                    
-
                    eUICCs CSP
                    Added new CSP in Windows 10, version 1709.
                    
-
                    AssignedAccess CSP
                    Added SyncML examples for the new Configuration node.
                    
-
                    DMClient CSP
                    Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.
                    
-
                    
+| New or updated article | Description |
+| --- | --- |
+| [Policy DDF file](policy-ddf-file.md) | Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. |
+| [Policy CSP](policy-configuration-service-provider.md) | Updated the following policies:

                    - Defender/ControlledFolderAccessAllowedApplications - string separator is `|`  
                    - Defender/ControlledFolderAccessProtectedFolders - string separator is `|` |
+| [eUICCs CSP](euiccs-csp.md) | Added new CSP in Windows 10, version 1709. |
+| [AssignedAccess CSP](assignedaccess-csp.md) | Added SyncML examples for the new Configuration node. |
+| [DMClient CSP](dmclient-csp.md) | Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics. |
 
 ## September 2017
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    New or updated articleDescription
                    Policy CSP
                    Added the following new policies for Windows 10, version 1709:
                    
-
                      
-
                    • Authentication/AllowAadPasswordReset
                      • 
-
                    • Handwriting/PanelDefaultModeDocked
                      • 
-
                    • Search/AllowCloudSearch
                      • 
-
                    • System/LimitEnhancedDiagnosticDataWindowsAnalytics
                      • 
-
                    
-
                    Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.
                    
-
                    AssignedAccess CSP
                    Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.
                    
-
                    Microsoft Store for Business and Microsoft Store
                    Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.
                    
-
                    The [MS-MDE2]: Mobile Device Enrollment Protocol Version 2
                    The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:
                    
-
                      
-
                    • UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page. 
                      • 
-
                    • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
                      • 
-
                    • DomainName - fully qualified domain name if the device is domain-joined.
                      • 
-
                    
-
                    For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.
                    
-
                    EnterpriseAPN CSP
                    Added a SyncML example.
                    
-
                    VPNv2 CSP
                    Added RegisterDNS setting in Windows 10, version 1709.
                    
-
                    Enroll a Windows 10 device automatically using Group Policy
                    Added new topic to introduce a new Group Policy for automatic MDM enrollment.
                    
-
                    MDM enrollment of Windows-based devices
                    New features in the Settings app:
                    
-
                      
-
                    • User sees installation progress of critical policies during MDM enrollment.
                      • 
-
                    • User knows what policies, profiles, apps MDM has configured
                      • 
-
                    • IT helpdesk can get detailed MDM diagnostic information using client tools
                      • 
-
                    
-
                    For details, see Managing connections and Collecting diagnostic logs
                    
-
                    
+|New or updated article|Description|
+|--- |--- |
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
                  • Authentication/AllowAadPasswordReset
                  • Handwriting/PanelDefaultModeDocked
                  • Search/AllowCloudSearch
                  • System/LimitEnhancedDiagnosticDataWindowsAnalytics

                    Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.|
+|[AssignedAccess CSP](assignedaccess-csp.md)|Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.|
+|Microsoft Store for Business and Microsoft Store|Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.|
+|The [[MS-MDE2]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)|The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:
                  • UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
                  • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
                  • DomainName - fully qualified domain name if the device is domain-joined.

                    For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.|
+|[EnterpriseAPN CSP](enterpriseapn-csp.md)|Added a SyncML example.|
+|[VPNv2 CSP](vpnv2-csp.md)|Added RegisterDNS setting in Windows 10, version 1709.|
+|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Added new topic to introduce a new Group Policy for automatic MDM enrollment.|
+|[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)|New features in the Settings app:
                  • User sees installation progress of critical policies during MDM enrollment.
                  • User knows what policies, profiles, apps MDM has configured
                  • IT helpdesk can get detailed MDM diagnostic information using client tools

                    For details, see [Managing connections](mdm-enrollment-of-windows-devices.md#manage-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)|
 
 ## August 2017
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    New or updated articleDescription
                    Enable ADMX-backed policies in MDM
                    Added new step-by-step guide to enable ADMX-backed policies.
                    
-
                    Mobile device enrollment
                    Added the following statement:
                    
-
                      
-
                    • Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.
                      • 
-
                    
-
                    CM_CellularEntries CSP
                    Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.
                    
-
                    EnterpriseDataProtection CSP
                    Updated the Settings/EDPEnforcementLevel values to the following:
                    
-
                      
-
                    •  0 (default) – Off / No protection (decrypts previously protected data).
                      • 
-
                    •   1 – Silent mode (encrypt and audit only).
                      • 
-
                    •   2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
                      • 
-
                    •   3 – Hides overrides (encrypt, prompt but hide overrides, and audit).
                      • 
-
                    
-
                    AppLocker CSP
                    Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in Allow list examples.
                    
-
                    DeviceManageability CSP
                    Added the following settings in Windows 10, version 1709:
                    
-
                      
-
                    • Provider/ProviderID/ConfigInfo
                      • 
-
                    •  Provider/ProviderID/EnrollmentInfo
                      • 
-
                    
-
                    Office CSP
                    Added the following setting in Windows 10, version 1709:
                    
-
                      
-
                    • Installation/CurrentStatus
                      • 
-
                    
-
                    BitLocker CSPAdded information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.
-
                    Firewall CSPUpdated the CSP and DDF topics. Here are the changes:
-
                      
-
                    • Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.
                      • 
-
                    • Changed some data types from integer to bool.
                      • 
-
                    • Updated the list of supported operations for some settings.
                      • 
-
                    • Added default values.
                      • 
-
                    
-
                    Policy DDF fileAdded another Policy DDF file download for the 8C release of Windows 10, version 1607, which added the following policies:
-
                      
-
                    • Browser/AllowMicrosoftCompatibilityList
                      • 
-
                    • Update/DisableDualScan
                      • 
-
                    • Update/FillEmptyContentUrls
                      • 
-
                    
-
                    Policy CSP
                    Added the following new policies for Windows 10, version 1709:
                    
-
                      
-
                    • Browser/ProvisionFavorites
                      • 
-
                    • Browser/LockdownFavorites
                      • 
-
                    • ExploitGuard/ExploitProtectionSettings
                      • 
-
                    • Games/AllowAdvancedGamingServices
                      • 
-
                    • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
                      • 
-
                    • LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
                      • 
-
                    • LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
                      • 
-
                    • LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
                      • 
-
                    • LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
                      • 
-
                    • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
                      • 
-
                    • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
                      • 
-
                    • LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
                      • 
-
                    • LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
                      • 
-
                    • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
                      • 
-
                    • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
                      • 
-
                    • LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
                      • 
-
                    • LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
                      • 
-
                    • LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
                      • 
-
                    • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
                      • 
-
                    • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
                      • 
-
                    • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
                      • 
-
                    • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
                      • 
-
                    • LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
                      • 
-
                    • LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
                      • 
-
                    • LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
                      • 
-
                    • Privacy/EnableActivityFeed
                      • 
-
                    • Privacy/PublishUserActivities
                      • 
-
                    • Update/DisableDualScan
                      • 
-
                    • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork
                      • 
-
                    
-
                    Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.
                    
-
                    Changed the names of the following policies:
                    
-
                      
-
                    • Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications
                      • 
-
                    • Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
                      • 
-
                    • Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess
                      • 
-
                    
-
                    Added links to the additional ADMX-backed BitLocker policies.
                    
-
                    There were issues reported with the previous release of the following policies. These issues were fixed in Window 10, version 1709:
                    
-
                      
-
                    • Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
                      • 
-
                    • Start/HideAppList
                      • 
-
                    
-
                    
\ No newline at end of file
+|New or updated article|Description|
+|--- |--- |
+|[Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md)|Added new step-by-step guide to enable ADMX-backed policies.|
+|[Mobile device enrollment](mobile-device-enrollment.md)|Added the following statement:

                    Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.|
+|[CM_CellularEntries CSP](cm-cellularentries-csp.md)|Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.|
+|[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)|Updated the Settings/EDPEnforcementLevel values to the following values:
                  •  0 (default) – Off / No protection (decrypts previously protected data).
                  •   1 – Silent mode (encrypt and audit only).
                  •   2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
                  •   3 – Hides overrides (encrypt, prompt but hide overrides, and audit).|
+|[AppLocker CSP](applocker-csp.md)|Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in [Allowlist examples](applocker-csp.md#allow-list-examples).|
+|[DeviceManageability CSP](devicemanageability-csp.md)|Added the following settings in Windows 10, version 1709:
                  • Provider/ProviderID/ConfigInfo
                  •  Provider/ProviderID/EnrollmentInfo|
+|[Office CSP](office-csp.md)|Added the following setting in Windows 10, version 1709:
                  • Installation/CurrentStatus|
+|[BitLocker CSP](bitlocker-csp.md)|Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to four digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.|
+|[Firewall CSP](firewall-csp.md)|Updated the CSP and DDF topics. Here are the changes:
                  • Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.
                  • Changed some data types from integer to bool.
                  • Updated the list of supported operations for some settings.
                  • Added default values.|
+|[Policy DDF file](policy-ddf-file.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:
                  • Browser/AllowMicrosoftCompatibilityList
                  • Update/DisableDualScan
                  • Update/FillEmptyContentUrls|
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
                  • Browser/ProvisionFavorites
                  • Browser/LockdownFavorites
                  • ExploitGuard/ExploitProtectionSettings
                  • Games/AllowAdvancedGamingServices
                  • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
                  • LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
                  • LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
                  • LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
                  • LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
                  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
                  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
                  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
                  • LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
                  • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
                  • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
                  • LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
                  • LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
                  • LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
                  • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
                  • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
                  • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
                  • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
                  • LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
                  • LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
                  • LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
                  • Privacy/EnableActivityFeed
                  • Privacy/PublishUserActivities
                  • Update/DisableDualScan
                  • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork

                    Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.

                    Changed the names of the following policies:
                  • Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications
                  • Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
                  • Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess

                    Added links to the extra [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).

                    There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:
                  • Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
                  • Start/HideAppList|
diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md
index a4433c6dcf..57298ac676 100644
--- a/windows/client-management/mdm/cleanpc-csp.md
+++ b/windows/client-management/mdm/cleanpc-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ms.reviewer: 
 manager: dansimp
@@ -16,21 +16,27 @@ manager: dansimp
 The CleanPC configuration service provider (CSP) allows removal of user-installed and pre-installed applications, with the option to persist user data. This CSP was added in Windows 10, version 1703.
 
 The following shows the CleanPC configuration service provider in tree format.
+
 ```
 ./Device/Vendor/MSFT
 CleanPC
 ----CleanPCWithoutRetainingUserData
 ----CleanPCRetainingUserData
 ```
+
 **./Device/Vendor/MSFT/CleanPC**  
-
                    The root node for the CleanPC configuration service provider.
                    
+
                    The root node for the CleanPC configuration service provider.
                    
 
 **CleanPCWithoutRetainingUserData**  
-
                    An integer specifying a CleanPC operation without any retention of user data.
+
                    An integer specifying a CleanPC operation without any retention of user data.
 
-
                    The only supported operation is Execute.
+
                    The only supported operation is Execute.
 
 **CleanPCRetainingUserData**  
-
                    An integer specifying a CleanPC operation with retention of user data. 
+
                    An integer specifying a CleanPC operation with retention of user data. 
 
-
                    The only supported operation is Execute.
+
                    The only supported operation is Execute.
+
+## Related topics
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/cleanpc-ddf.md b/windows/client-management/mdm/cleanpc-ddf.md
index 6b38990ac1..1f2c1fa3f7 100644
--- a/windows/client-management/mdm/cleanpc-ddf.md
+++ b/windows/client-management/mdm/cleanpc-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: CleanPC DDF
-description: This topic shows the OMA DM device description framework (DDF) for the CleanPC configuration service provider. DDF files are used only with OMA DM provisioning XML.
+description: Learn about the OMA DM device description framework (DDF) for the CleanPC configuration service provider. DDF files are used only with OMA DM provisioning XML.
 ms.assetid: A2182898-1577-4675-BAE5-2A3A9C2AAC9B
 ms.reviewer: 
 manager: dansimp
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md
index 1e66232f8b..de295098f3 100644
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@@ -8,22 +8,23 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
-ms.date: 02/28/2020
+author: dansimp
+ms.date: 07/30/2021
 ---
 
 # ClientCertificateInstall CSP
 
 The ClientCertificateInstall configuration service provider enables the enterprise to install client certificates. A client certificate has a unique ID, which is the *\[UniqueID\]* for this configuration. Each client certificate must have different UniqueIDs for the SCEP enrollment request.
 
-For PFX certificate installation and SCEP installation, the SyncML commands must be wrapped in atomic commands to ensure enrollment execution is not triggered until all settings are configured. The Enroll command must be the last item in the atomic block.
+For PFX certificate installation and SCEP installation, the SyncML commands must be wrapped in atomic commands to ensure that enrollment execution isn't triggered until all settings are configured. The Enroll command must be the last item in the atomic block.
 
 > [!Note]
 > Currently in Windows 10, version 1511, when using the ClientCertificateInstall to install certificates to the device store and the user store and both certificates are sent to the device in the same MDM payload, the certificate intended for the device store will also get installed in the user store. This may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We are working to fix this issue.
 
 You can only set PFXKeyExportable to true if KeyLocation=3. For any other KeyLocation value, the CSP will fail.
 
-The following shows the ClientCertificateInstall configuration service provider in tree format.
+The following example shows the ClientCertificateInstall configuration service provider in tree format.
+
 ```
 ./Vendor/MSFT
 ClientCertificateInstall
@@ -65,6 +66,7 @@ ClientCertificateInstall
 ------------ErrorCode
 ------------RespondentServerUrl
 ```
+
 **Device or User**  
 For device certificates, use ./Device/Vendor/MSFT path and for user certificates use ./User/Vendor/MSFT path.
 
@@ -95,19 +97,19 @@ The data type is an integer corresponding to one of the following values:
 | Value | Description                                                                                                   |
 |-------|---------------------------------------------------------------------------------------------------------------|
 | 1     | Install to TPM if present, fail if not present.                                                               |
-| 2     | Install to TPM if present. If not present, fallback to software.                                              |
+| 2     | Install to TPM if present. If not present, fall back to software.                                              |
 | 3     | Install to software.                                                                                          |
 | 4     | Install to Windows Hello for Business (formerly known as Microsoft Passport for Work) whose name is specified |
 
 **ClientCertificateInstall/PFXCertInstall/*UniqueID*/ContainerName**  
-Optional. Specifies the Windows Hello for Business (formerly known as Microsoft Passport for Work) container name (if Windows Hello for Business storage provider (KSP) is chosen for the KeyLocation). If this node is not specified when Windows Hello for Business KSP is chosen, enrollment will fail.
+Optional. Specifies the Windows Hello for Business (formerly known as Microsoft Passport for Work) container name (if Windows Hello for Business storage provider (KSP) is chosen for the KeyLocation). If this node isn't specified when Windows Hello for Business KSP is chosen, enrollment will fail.
 
 Date type is string.
 
 Supported operations are Get, Add, Delete, and Replace.
 
 **ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertBlob**  
-CRYPT_DATA_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. The Add operation triggers the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, KeyExportable) are present before this is called. This also sets the Status node to the current Status of the operation.
+CRYPT_DATA_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. The Add operation triggers the addition to the PFX certificate. This Add operation requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, KeyExportable) are present before the Add operation is called. This trigger for addition also sets the Status node to the current Status of the operation.
 
 The data type format is binary.
 
@@ -115,7 +117,7 @@ Supported operations are Get, Add, and Replace.
 
 If a blob already exists, the Add operation will fail. If Replace is called on this node, the existing certificates are overwritten.
 
-If Add is called on this node for a new PFX, the certificate will be added. When a certificate does not exist, Replace operation on this node will fail.
+If Add is called on this node for a new PFX, the certificate will be added. When a certificate doesn't exist, Replace operation on this node will fail.
 
 In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate CRYPT_DATA_BLOB, which can be found in CRYPT_INTEGER_BLOB.
 
@@ -131,7 +133,7 @@ Optional. Used to specify whether the PFX certificate password is encrypted with
 
 The data type is int. Valid values:
 
--   0 - Password is not encrypted.
+-   0 - Password isn't encrypted.
 -   1 - Password is encrypted with the MDM certificate.
 -   2 - Password is encrypted with custom certificate.
 
@@ -140,7 +142,7 @@ When PFXCertPasswordEncryptionType =2, you must specify the store name in PFXCer
 Supported operations are Get, Add, and Replace.
 
 **ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXKeyExportable**  
-Optional. Used to specify if the private key installed is exportable (and can be exported later). The PFX is not exportable when it is installed to TPM.
+Optional. Used to specify if the private key installed is exportable (and can be exported later). The PFX isn't exportable when it's installed to TPM.
 
 > [!Note]
 > You can only set PFXKeyExportable to true if KeyLocation=3. For any other KeyLocation value, the CSP will fail.
@@ -185,7 +187,7 @@ A node required for SCEP certificate enrollment. Parent node to group SCEP cert
 Supported operations are Get, Add, Replace, and Delete.
 
 > [!Note]
-> Although the child nodes under Install support Replace commands, once the Exec command is sent to the device, the device will take the values that are set when the Exec command is accepted. The server should not expect the node value change after Exec command is accepted, as it will impact the current enrollment underway. The server should check the Status node value and make sure the device is not at an unknown state before changing child node values.
+> Although the child nodes under Install support Replace commands, once the Exec command is sent to the device, the device will take the values that are set when the Exec command is accepted. The server should not expect the node value change after Exec command is accepted, as it will impact the current enrollment underway. The server should check the Status node value and ensure the device isn't at an unknown state before changing child node values.
 
 **ClientCertificateInstall/SCEP/*UniqueID*/Install/ServerURL**  
 Required for SCEP certificate enrollment. Specifies the certificate enrollment server. Multiple server URLs can be listed, separated by semicolons.
@@ -202,21 +204,18 @@ Data type is string.
 Supported operations are Add, Get, Delete, and Replace.
 
 **ClientCertificateInstall/SCEP/*UniqueID*/Install/EKUMapping**  
-Required. Specifies extended key usages. Subject to SCEP server configuration. The list of OIDs are separated by a plus +. For example, OID1+OID2+OID3.
+Required. Specifies extended key usages. Subject to SCEP server configuration. The list of OIDs is separated by a plus +. For example, OID1+OID2+OID3.
 
 Data type is string.
-Required for enrollment. Specifies the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have the second (0x20), fourth (0x80) or both bits set. If the value doesn’t have those bits set, the configuration will fail.
 
-Data type is int.
-
-Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Get, Add, Delete, and Replace.
 
 **ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectName**  
 Required. Specifies the subject name. 
 
-The SubjectName value is quoted if it contains leading or trailing white space or one of the following characters: (“,” “=” “+” “;”  ).
+The SubjectName value is quoted if it contains leading or trailing white space or one of the following characters: (“,” “=” “+” “;”).
 
-For more details, see [CertNameToStrA function](/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#remarks).
+For more information, see [CertNameToStrA function](/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#remarks).
 
 Data type is string.
 
@@ -226,15 +225,15 @@ Supported operations are Add, Get, and Replace.
 Optional. Specifies where to keep the private key.
 
 > [!Note]
-> Even if the private key is protected by TPM, it is not protected with a TPM PIN.
+> Even if the private key is protected by TPM, it isn't protected with a TPM PIN.
 
 The data type is an integer corresponding to one of the following values:  
 
-| Value | Description                                                                                                                                                                                           |
-|-------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 1     | Private key protected by TPM.                                                                                                                                                                         |
-| 2     | Private key protected by phone TPM if the device supports TPM. All Windows Phone 8.1 devices support TPM and will treat value 2 as 1.                                                                 |
-| 3     | (Default) Private key saved in software KSP.                                                                                                                                                          |
+| Value | Description  |
+|---|---|
+| 1     | Private key protected by TPM. |
+| 2     | Private key protected by phone TPM if the device supports TPM.  |
+| 3     | (Default) Private key saved in software KSP.  |
 | 4     | Private key protected by Windows Hello for Business (formerly known as Microsoft Passport for Work). If this option is specified, the ContainerName must be specified, otherwise enrollment will fail. |
 
 Supported operations are Add, Get, Delete, and Replace.
@@ -242,7 +241,9 @@ Supported operations are Add, Get, Delete, and Replace.
 **ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyUsage**  
 Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have second (0x20) or forth (0x80) or both bits set. If the value doesn’t have those bits set, configuration will fail.
 
- Supported operations are Add, Get, Delete, and Replace. Value type is integer.
+Data type is int.
+
+Supported operations are Add, Get, Delete, and Replace. 
 
 **ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryDelay**  
 Optional. When the SCEP server sends a pending status, this value specifies the device retry waiting time in minutes.
@@ -299,14 +300,14 @@ Data type is string.
 Supported operations are Add, Get, Delete, and Replace.
 
 **ClientCertificateInstall/SCEP/*UniqueID*/Install/CAThumbprint**  
-Required. Specifies Root CA thumbprint. This is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates the SCEP server, it checks the CA certificate from the SCEP server to verify a match with this certificate. If it is not a match, the authentication will fail.
+Required. Specifies Root CA thumbprint. This thumbprint is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates the SCEP server, it checks the CA certificate from the SCEP server to verify a match with this certificate. If it isn't a match, the authentication will fail.
 
 Data type is string.
 
 Supported operations are Add, Get, Delete, and Replace.
 
 **ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectAlternativeNames**  
-Optional. Specifies subject alternative names (SAN). Multiple alternative names can be specified by this node. Each name is the combination of name format+actual name. Refer to the name type definitions in MSDN for more information.
+Optional. Specifies subject alternative names (SAN). Multiple alternative names can be specified by this node. Each name is the combination of name format+actual name. For more information, see the name type definitions in MSDN.
 
 Each pair is separated by semicolon. For example, multiple SANs are presented in the format of [name format1]+[actual name1];[name format 2]+[actual name2].
 
@@ -331,7 +332,10 @@ Valid values are:
 Supported operations are Add, Get, Delete, and Replace.
 
 **ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriodUnits**  
-Optional. Specifies the desired number of units used in the validity period. This is subject to SCEP server configuration. Default value is 0. The unit type (days, months, or years) are defined in the ValidPeriod node. Note the valid period specified by MDM will overwrite the valid period specified in the certificate template. For example, if ValidPeriod is Days and ValidPeriodUnits is 30, it means the total valid duration is 30 days.
+Optional. Specifies the desired number of units used in the validity period. This number is subject to SCEP server configuration. Default value is 0. The unit type (days, months, or years) is defined in the ValidPeriod node. 
+
+> [!Note]
+> The valid period specified by MDM will overwrite the valid period specified in the certificate template. For example, if ValidPeriod is Days and ValidPeriodUnits is 30, it means the total valid duration is 30 days.
 
 Data type is string.
 
@@ -341,7 +345,7 @@ Data type is string.
 Supported operations are Add, Get, Delete, and Replace.
 
 **ClientCertificateInstall/SCEP/*UniqueID*/Install/ContainerName**  
-Optional. Specifies the Windows Hello for Business container name (if Windows Hello for Business KSP is chosen for the node). If this node is not specified when Windows Hello for Business KSP is chosen, the enrollment will fail.
+Optional. Specifies the Windows Hello for Business container name (if Windows Hello for Business KSP is chosen for the node). If this node isn't specified when Windows Hello for Business KSP is chosen, the enrollment will fail.
 
 Data type is string.
 
@@ -355,23 +359,23 @@ Data type is string.
 Supported operations are Add, Get, Delete, and Replace.
 
 **ClientCertificateInstall/SCEP/*UniqueID*/Install/Enroll**  
-Required. Triggers the device to start the certificate enrollment. The device will not notify MDM server after certificate enrollment is done. The MDM server could later query the device to find out whether new certificate is added.
+Required. Triggers the device to start the certificate enrollment. The device won't notify MDM server after certificate enrollment is done. The MDM server could later query the device to find out whether new certificate is added.
 
 The date type format is Null, meaning this node doesn’t contain a value.
 
 The only supported operation is Execute.
 
 **ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList**  
-Optional. Specify the AAD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the AAD Key present on the device. If no match is found, enrollment will fail.
+Optional. Specify the Azure AD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail.
 
 Data type is string.
 
 Supported operations are Add, Get, Delete, and Replace.
 
 **ClientCertificateInstall/SCEP/*UniqueID*/CertThumbprint**  
-Optional. Specifies the current certificate’s thumbprint if certificate enrollment succeeds. It is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value.
+Optional. Specifies the current certificate’s thumbprint if certificate enrollment succeeds. It's a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value.
 
-If the certificate on the device becomes invalid (Cert expired, Cert chain is not valid, private key deleted) then it will return an empty string.
+If the certificate on the device becomes invalid (Cert expired, Cert chain isn't valid, private key deleted) then it will return an empty string.
 
 Data type is string.
 
@@ -700,4 +704,4 @@ Add a PFX certificate. The PFX certificate password is encrypted with a custom c
 
 ## Related topics
 
-[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
index ed787a3b0f..46bb00affa 100644
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
@@ -556,21 +556,22 @@ Supported operations are Get, Add, Delete, Replace.
                             
                             3
                             Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN. 
-SCEP enrolled cert doesn’t support TPM PIN protection. 
-Supported values: 
+
+SCEP enrolled cert doesn’t support TPM PIN protection. Supported values: 
+
 1 – private key protected by TPM, 
 
 2 – private key protected by phone TPM if the device supports TPM. 
-All Windows Phone 8.1 devices support TPM and will treat value 2 as 1 
 
 3 (default) – private key saved in software KSP 
 
-4 – private key protected by NGC. If this option is specified, container name should be specifed, if not enrollment will fail
+4 – private key protected by NGC. If this option is specified, container name should be specified, if not enrollment will fail.
 
 
 Format is int. 
 
 Supported operations are Get, Add, Delete, Replace 
+
 
                             
                                 
diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md
index 5063181c3f..06562d8462 100644
--- a/windows/client-management/mdm/cm-cellularentries-csp.md
+++ b/windows/client-management/mdm/cm-cellularentries-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/02/2017
 ---
 
@@ -18,184 +18,179 @@ The CM\_CellularEntries configuration service provider is used to configure the
 
 This configuration service provider requires the ID\_CAP\_NETWORKING\_ADMIN capability to be accessed from a network configuration application.
 
-The following diagram shows the CM\_CellularEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP). The OMA DM protocol is not supported with this configuration service provider.
+The following example shows the CM\_CellularEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP). The OMA DM protocol isn't supported with this configuration service provider.
 
-![cm\-cellularentries csp](images/provisioning-csp-cm-cellularentries.png)
+```console
+CM_CellularEntries
+----entryname
+--------AlwaysOn
+--------AuthType
+--------ConnectionType
+--------Desc.langid
+--------Enabled
+--------IpHeaderCompression
+--------Password
+--------SwCompression
+--------UserName
+--------UseRequiresMappingPolicy
+--------Version
+--------DevSpecificCellular
+-----------GPRSInfoAccessPointName
+--------Roaming
+--------OEMConnectionID
+--------ApnId
+--------IPType
+--------ExemptFromDisablePolicy
+--------ExemptFromRoaming
+--------TetheringNAI
+--------IdleDisconnectTimeout
+--------SimIccId
+--------PurposeGroups
+```
 
 ***entryname***  
-
                    Defines the name of the connection.
                    
+Defines the name of the connection.
                    
 
-
                    The CMPolicy configuration service provider uses the value of entryname to identify the connection that is associated with a policy and CM_ProxyEntries configuration service provider uses the value of entryname to identify the connection that is associated with a proxy.
                    
+The [CMPolicy configuration service provider](cmpolicy-csp.md) uses the value of *entryname* to identify the connection that is associated with a policy and [CM\_ProxyEntries configuration service provider](cm-proxyentries-csp.md) uses the value of *entryname* to identify the connection that is associated with a proxy.
                    
 
 **AlwaysOn**  
-
                    Type: Int. Specifies if the Connection Manager will automatically attempt to connect to the APN when a connection is available.
+Type: Int. Specifies if the Connection Manager will automatically attempt to connect to the APN when a connection is available.
 
-
                    A value of "0" specifies that AlwaysOn is not supported, and the Connection Manager will only attempt to connect to the APN when an application requests the connection. This setting is recommended for applications that use a connection occasionally, for example, an APN that only controls MMS.
+A value of "0" specifies that AlwaysOn isn't supported, and the Connection Manager will only attempt to connect to the APN when an application requests the connection. This setting is recommended for applications that use a connection occasionally. For example, an APN that only controls MMS.
 
-
                    A value of "1" specifies that AlwaysOn is supported, and the Connection Manager will automatically attempt to connect to the APN when it is available. This setting is recommended for general purpose Internet APNs.
+A value of "1" specifies that AlwaysOn is supported, and the Connection Manager will automatically attempt to connect to the APN when it's available. This setting is recommended for general purpose internet APNs.
 
-
                    There must be at least one AlwaysOn Internet connection provisioned for the mobile operator.
+There must be at least one AlwaysOn Internet connection provisioned for the mobile operator.
 
 **AuthType**  
-
                    Optional. Type: String. Specifies the method of authentication used for a connection.
+Optional. Type: String. Specifies the method of authentication used for a connection.
 
-
                    A value of "CHAP" specifies the Challenge Handshake Application Protocol. A value of "PAP" specifies the Password Authentication Protocol. A value of "None" specifies that the UserName and Password parameters are ignored. The default value is "None".
+A value of "CHAP" specifies the Challenge Handshake Application Protocol. A value of "PAP" specifies the Password Authentication Protocol. A value of "None" specifies that the UserName and Password parameters are ignored. The default value is "None".
 
 **ConnectionType**  
-
                    Optional. Type: String. Specifies the type of connection used for the APN. The following connection types are available:
+Optional. Type: String. Specifies the type of connection used for the APN. The following connection types are available:
 
-
                    
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    gprs
                    Default. Used for GPRS type connections (GPRS + GSM + EDGE + UMTS + LTE).
                    cdma
                    Used for CDMA type connections (1XRTT + EVDO).
                    lte
                    Used for LTE type connections (eHRPD + LTE) when the device is registered HOME.
                    legacy
                    Used for GPRS + GSM + EDGE + UMTS connections.
                    lte_iwlan
                    Used for GPRS type connections that may be offloaded over WiFi
                    iwlan
                    Used for connections that are implemented over WiFi offload only
                    
-
- 
+|Connection type|Usage|
+|--- |--- |
+|Gprs|Default. Used for GPRS type connections (GPRS + GSM + EDGE + UMTS + LTE).|
+|Cdma|Used for CDMA type connections (1XRTT + EVDO).|
+|Lte|Used for LTE type connections (eHRPD + LTE) when the device is registered HOME.|
+|Legacy|Used for GPRS + GSM + EDGE + UMTS connections.|
+|Lte_iwlan|Used for GPRS type connections that may be offloaded over WiFi|
+|Iwlan|Used for connections that are implemented over WiFi offload only|
 
 **Desc.langid**  
-
                    Optional. Specifies the UI display string used by the defined language ID.
+Optional. Specifies the UI display string used by the defined language ID.
 
-
                     A parameter name in the format of Desc.langid will be used as the language-specific identifier for the specified entry. For example, a parameter defined as Desc.0409 with a value of "GPRS Connection" will force "GPRS Connection" to be displayed in the UI to represent this connection when the device is set to English language (language ID 0409). Descriptions for multiple languages may be provisioned using this mechanism, and the system will automatically switch among them if the user changes language preferences on the device. If no Desc parameter is provisioned for a given language, the system will default to the name used to create the entry.
+A parameter name in the format of Desc.langid will be used as the language-specific identifier for the specified entry. For example, a parameter defined as Desc.0409 with a value of "GPRS Connection" will force "GPRS Connection" to be displayed in the UI to represent this connection when the device is set to English language (language ID 0409). Descriptions for multiple languages may be provisioned using this mechanism, and the system will automatically switch among them if the user changes language preferences on the device. If no Desc parameter is provisioned for a given language, the system will default to the name used to create the entry.
 
 **Enabled**  
-
                     Specifies if the connection is enabled.
+Specifies if the connection is enabled.
 
-
                     A value of "0" specifies that the connection is disabled. A value of "1" specifies that the connection is enabled.
+A value of "0" specifies that the connection is disabled. A value of "1" specifies that the connection is enabled.
 
 **IpHeaderCompression**  
-
                     Optional. Specifies if IP header compression is enabled.
+Optional. Specifies if IP header compression is enabled.
 
-
                     A value of "0" specifies that IP header compression for the connection is disabled. A value of "1" specifies that IP header compression for the connection is enabled.
+A value of "0" specifies that IP header compression for the connection is disabled. A value of "1" specifies that IP header compression for the connection is enabled.
 
 **Password**  
-
                     Required if AuthType is set to a value other than "None". Specifies the password used to connect to the APN.
+Required if AuthType is set to a value other than "None". Specifies the password used to connect to the APN.
 
 **SwCompression**  
-
                     Optional. Specifies if software compression is enabled.
+Optional. Specifies if software compression is enabled.
 
-
                     A value of "0" specifies that software compression for the connection is disabled. A value of "1" specifies that software compression for the connection is enabled.
+A value of "0" specifies that software compression for the connection is disabled. A value of "1" specifies that software compression for the connection is enabled.
 
 **UserName**  
-
                     Required if AuthType is set to a value other than "None". Specifies the user name used to connect to the APN.
+Required if AuthType is set to a value other than "None". Specifies the user name used to connect to the APN.
 
 **UseRequiresMappingsPolicy**  
-
                     Optional. Specifies if the connection requires a corresponding mappings policy.
+Optional. Specifies if the connection requires a corresponding mappings policy.
 
-
                     A value of "0" specifies that the connection can be used for any general Internet communications. A value of "1" specifies that the connection is only used if a mapping policy is present.
+A value of "0" specifies that the connection can be used for any general Internet communications. A value of "1" specifies that the connection is only used if a mapping policy is present.
 
-
                     For example, if the multimedia messaging service (MMS) APN should not have any other traffic except MMS, you can configure a mapping policy that sends MMS traffic to this connection. Then, you set the value of UseRequiresMappingsPolicy to be equal to "1" and Connection Manager will only use the connection for MMS traffic. Without this, Connection Manager will try to use the connection for any general purpose Internet traffic.
+For example, if the multimedia messaging service (MMS) APN shouldn't have any other traffic except MMS, you can configure a mapping policy that sends MMS traffic to this connection. Then, you set the value of UseRequiresMappingsPolicy to be equal to "1" and Connection Manager will only use the connection for MMS traffic. Without this, Connection Manager will try to use the connection for any general purpose internet traffic.
 
 **Version**  
-
                     Type: Int. Specifies the XML version number and is used to verify that the XML is supported by Connection Manager's configuration service provider.
+Type: Int. Specifies the XML version number and is used to verify that the XML is supported by Connection Manager's configuration service provider.
 
-
                     This value must be "1" if included.
+This value must be "1" if included.
 
 **GPRSInfoAccessPointName**  
-
                     Specifies the logical name to select the GPRS gateway. For more information about allowable values, see GSM specification 07.07 "10.1.1 Define PDP Context +CGDCONT".
+Specifies the logical name to select the GPRS gateway. For more information about allowable values, see GSM specification 07.07 "10.1.1 Define PDP Context +CGDCONT".
 
 **Roaming**  
-
                     Optional. Type: Int. This parameter specifies the roaming conditions under which the connection should be activated. The following conditions are available:
+Optional. Type: Int. This parameter specifies the roaming conditions under which the connection should be activated. The following conditions are available:
 
--   0 - Home network only.
--   1 (default)- All roaming conditions (home and roaming).
--   2 - Home and domestic roaming only.
--   3 - Domestic roaming only.
--   4 - Non-domestic roaming only.
--   5 - Roaming only.
+- 0 - Home network only.
+- 1 (default)- All roaming conditions (home and roaming).
+- 2 - Home and domestic roaming only.
+- 3 - Domestic roaming only.
+- 4 - Non-domestic roaming only.
+- 5 - Roaming only.
 
 **OEMConnectionID**  
-
                     Optional. Type: GUID. Specifies a GUID to use to identify a specific connection in the modem. If a value is not specified, the default value is 00000000-0000-0000-0000-000000000000. This parameter is only used on LTE devices.
+Optional. Type: GUID. Specifies a GUID to use to identify a specific connection in the modem. If a value isn't specified, the default value is 00000000-0000-0000-0000-000000000000. This parameter is only used on LTE devices.
 
 **ApnId**  
-
                     Optional. Type: Int. Specifies the purpose of the APN. If a value is not specified, the default value is "0" (none). This parameter is only used on LTE devices.
+Optional. Type: Int. Specifies the purpose of the APN. If a value isn't specified, the default value is "0" (none). This parameter is only used on LTE devices.
 
 **IPType**  
-
                     Optional. Type: String. Specifies the network protocol of the connection. Available values are "IPv4", "IPv6", "IPv4v6", and "IPv4v6xlat". If a value is not specified, the default value is "IPv4".
+Optional. Type: String. Specifies the network protocol of the connection. Available values are "IPv4", "IPv6", "IPv4v6", and "IPv4v6xlat". If a value isn't specified, the default value is "IPv4".
 
 > [!WARNING]
 > Do not use IPv6 or IPv4v6xlat on a device or network that does not support IPv6. Data functionality will not work. In addition, the device will not be able to connect to a roaming network that does not support IPv6 unless you configure roaming connections with an IPType of IPv4v6.
 
- 
-
 **ExemptFromDisablePolicy**  
-
                     Added back in Windows 10, version 1511. Optional. Type: Int. This should only be specified for special purpose connections whose applications directly manage their disable state (such as MMS). A value of "0" specifies that the connection is subject to the disable policy used by general purpose connections (not exempt). A value of "1" specifies that the connection is exempt. If a value is not specified, the default value is "0" (not exempt).
+Added back in Windows 10, version 1511. Optional. Type: Int. This value should only be specified for special purpose connections whose applications directly manage their disable state (such as MMS). A value of "0" specifies that the connection is subject to the disable policy used by general purpose connections (not exempt). A value of "1" specifies that the connection is exempt. If a value isn't specified, the default value is "0" (not exempt).
 
-
                     To allow MMS when data is set to OFF, set both ExemptFromDisablePolicy and UseRequiresMappingsPolicy to "1". This indicates that the connection is a dedicated MMS connection and that it should not be disabled when all other connections are disabled. As a result, MMS can be sent and received when data is set to OFF. Note that sending MMS while roaming is still not allowed.
+To allow MMS when data is set to OFF, set both ExemptFromDisablePolicy and UseRequiresMappingsPolicy to "1". These settings indicate that the connection is a dedicated MMS connection and that it shouldn't be disabled when all other connections are disabled. As a result, MMS can be sent and received when data is set to OFF. 
+
+> [!Note]
+> Sending MMS while roaming is still not allowed.
 
 > [!IMPORTANT]
 > Do not set ExemptFromDisablePolicy to "1", ExemptFromRoaming to "1", or UseRequiresMappingsPolicy to "1" for general purpose connections.
 
-
                     To avoid UX inconsistency with certain value combinations of ExemptFromDisablePolicy and AllowMmsIfDataIsOff, when you do not set ExemptFromDisablePolicy to 1 (default is 0), you should:
+To avoid UX inconsistency with certain value combinations of ExemptFromDisablePolicy and AllowMmsIfDataIsOff, when you do not set ExemptFromDisablePolicy to 1 (default is 0), you should:
 
--   Hide the toggle for AllowMmsIfDataIsOff by setting AllowMmsIfDataIsOffEnabled to 0 (default is 1)
--   Set AllowMMSIfDataIsOff to 1 (default is 0)
-
- 
+- Hide the toggle for AllowMmsIfDataIsOff by setting AllowMmsIfDataIsOffEnabled to 0 (default is 1)
+- Set AllowMMSIfDataIsOff to 1 (default is 0)
 
 **ExemptFromRoaming**  
-
                     Added back in Windows 10, version 1511. Optional. Type: Int. This should be specified only for special purpose connections whose applications directly manage their roaming state. It should never be used with general purpose connections. A value of "0" specifies that the connection is subject to the roaming policy (not exempt). A value of "1" specifies that the connection is exempt (unaffected by the roaming policy). If a value is not specified, the default value is "0" (not exempt).
+Added back in Windows 10, version 1511. Optional. Type: Int. This value should be specified only for special purpose connections whose applications directly manage their roaming state. It should never be used with general purpose connections. A value of "0" specifies that the connection is subject to the roaming policy (not exempt). A value of "1" specifies that the connection is exempt (unaffected by the roaming policy). If a value isn't specified, the default value is "0" (not exempt).
 
 **TetheringNAI**  
-
                     Optional. Type: Int. CDMA only. Specifies if the connection is a tethering connection. A value of "0" specifies that the connection is not a tethering connection. A value of "1" specifies that the connection is a tethering connection. If a value is not specified, the default value is "0".
+Optional. Type: Int. CDMA only. Specifies if the connection is a tethering connection. A value of "0" specifies that the connection is not a tethering connection. A value of "1" specifies that the connection is a tethering connection. If a value isn't specified, the default value is "0".
 
 **IdleDisconnectTimeout**  
-
                     Optional. Type: Int. Specifies how long an on-demand connection can be unused before Connection Manager tears the connection down. This value is specified in seconds. Valid value range is 5 to 60 seconds. If not specified, the default is 30 seconds.
+Optional. Type: Int. Specifies how long an on-demand connection can be unused before Connection Manager tears the connection down. This value is specified in seconds. Valid value range is 5 to 60 seconds. If not specified, the default is 30 seconds.
 
 > [!IMPORTANT]
-> 
                     You must specify the IdleDisconnectTimeout value when updating an on-demand connection to ensure that the desired value is still configured. If it is not specified, the default value of 30 seconds may be used.
-
+> You must specify the IdleDisconnectTimeout value when updating an on-demand connection to ensure that the desired value is still configured. If it isn't specified, the default value of 30 seconds may be used.
 
 > [!NOTE]
 > If tear-down/activation requests occur too frequently, this value should be set to greater than 5 seconds.
 
- 
-
 **SimIccId**  
-
                     For single SIM phones, this parm is optional. However, it is highly recommended to include this value when creating future updates. For dual SIM phones, this parm is required. Type: String. Specifies the SIM ICCID that services the connection.
+For single SIM phones, this parm isOptional. However, it is highly recommended to include this value when creating future updates. For dual SIM phones, this parm is required. Type: String. Specifies the SIM ICCID that services the connection.
 
 **PurposeGroups**  
-
                     Required. Type: String. Specifies the purposes of the connection by a comma-separated list of GUIDs representing purpose values. The following purpose values are available:
+Required. Type: String. Specifies the purposes of the connection by a comma-separated list of GUIDs representing purpose values. The following purpose values are available:
 
--   Internet - 3E5545D2-1137-4DC8-A198-33F1C657515F
--   LTE attach - 11A6FE68-5B47-4859-9CB6-1EAC96A8F0BD
--   MMS - 53E2C5D3-D13C-4068-AA38-9C48FF2E55A8
--   IMS - 474D66ED-0E4B-476B-A455-19BB1239ED13
--   SUPL - 6D42669F-52A9-408E-9493-1071DCC437BD
--   Purchase - 95522B2B-A6D1-4E40-960B-05E6D3F962AB  
--   Administrative - 2FFD9261-C23C-4D27-8DCF-CDE4E14A3364  
--   Application - 52D7654A-00A8-4140-806C-087D66705306
--   eSIM provisioning - A36E171F-2377-4965-88FE-1F53EB4B47C0
+- Internet - 3E5545D2-1137-4DC8-A198-33F1C657515F
+- LTE attach - 11A6FE68-5B47-4859-9CB6-1EAC96A8F0BD
+- MMS - 53E2C5D3-D13C-4068-AA38-9C48FF2E55A8
+- IMS - 474D66ED-0E4B-476B-A455-19BB1239ED13
+- SUPL - 6D42669F-52A9-408E-9493-1071DCC437BD
+- Purchase - 95522B2B-A6D1-4E40-960B-05E6D3F962AB  
+- Administrative - 2FFD9261-C23C-4D27-8DCF-CDE4E14A3364  
+- Application - 52D7654A-00A8-4140-806C-087D66705306
+- eSIM provisioning - A36E171F-2377-4965-88FE-1F53EB4B47C0
 
 ## Additional information
 
-
 To delete a connection, you must first delete any associated proxies and then delete the connection. The following example shows how to delete the proxy and then the connection.
 
 ```xml
@@ -211,7 +206,6 @@ To delete a connection, you must first delete any associated proxies and then de
 
 ## OMA client provisioning examples
 
-
 Configuring a GPRS connection:
 
 ```xml
@@ -269,37 +263,14 @@ Configuring a CDMA connection:
 
 ## Microsoft Custom Elements
 
-
 The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    ElementAvailable
                    nocharacteristic
                    Yes
                    characteristic-query
                    Yes
                    parm-query
                    Yes
                    
+|Element|Available|
+|--- |--- |
+|Nocharacteristic|Yes|
+|Characteristic-query|Yes|
+|Parm-query|Yes|
 
- 
 
 ## Related topics
 
diff --git a/windows/client-management/mdm/cm-proxyentries-csp.md b/windows/client-management/mdm/cm-proxyentries-csp.md
deleted file mode 100644
index 5680e25242..0000000000
--- a/windows/client-management/mdm/cm-proxyentries-csp.md
+++ /dev/null
@@ -1,184 +0,0 @@
----
-title: CM\_ProxyEntries CSP
-description: Learn how the CM\_ProxyEntries configuration service provider is used to configure proxy connections on the mobile device.
-ms.assetid: f4c3dc71-c85a-4c68-9ce9-19f408ff7a0a
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# CM\_ProxyEntries CSP
-
-
-The CM\_ProxyEntries configuration service provider is used to configure proxy connections on the mobile device.
-
-> [!NOTE]
-> CM\_ProxyEntries CSP is only supported in Windows 10 Mobile.
-
-> [!IMPORTANT]
-> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
-
- 
-
-The following shows the CM\_ProxyEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP) and OMA Device Management(OMA DM). Support for OMA DM was added in Windows 10, version 1607.
-
-```
-./Vendor/MSFT
-CM_ProxyEntries
-----Entry
---------ConnectionName
---------BypassLocal
---------Enable
---------Exception
---------Password
---------Port
---------Server
---------Type
---------Username
-
-
-./Device/Vendor/MSFT
-Root
-
-
-./Vendor/MSFT
-./Device/Vendor/MSFT
-CM_ProxyEntries
-----Entry
---------ConnectionName
---------BypassLocal
---------Enable
---------Exception
---------Password
---------Port
---------Server
---------Type
---------Username
-```
-**entryname**  
-Defines the name of the connection proxy.
-
-Each cellular entry can have only one proxy entry. For example, an Internet connection can have no more than one HTTP proxy specified but it might also have a WAP proxy. If two applications need access to the same APN but one application needs a proxy and the other application cannot have a proxy, two entries can be created with different names for the same APN.
-
-**ConnectionName**  
-Specifies the name of the connection the proxy is associated with. This is the APN name of a connection configured using the [CM\_CellularEntries configuration service provider](cm-cellularentries-csp.md).
-
-**BypassLocal**  
-Specifies if the proxy should be bypassed when local hosts are accessed by the device.
-
-A value of "0" specifies that the proxy bypass for local hosts is disabled. A value of "1" specifies that the proxy bypass for local hosts is enabled.
-
-**Enable**  
-Specifies if the proxy is enabled.
-
-A value of "0" specifies that the proxy is disabled. A value of "1" specifies that the proxy is enabled.
-
-**Exception**  
-Specifies a list of external hosts which should bypass the proxy when accessed.
-
-The exception list is a semi-colon delimited list of host names. For example, to bypass the proxy when either MSN or Yahoo is accessed, the value for the Exception list would be "www.msn.com;www.yahoo.com".
-
-**Password**  
-Specifies the password used to connect to the proxy.
-
-Passwords are only required for WAP and SOCKS proxies and are not used for HTTP proxies. Queries of this parameter return a string composed of asterisks (\*).
-
-When setting the password, passing in the same string causes the new password to be ignored and does not change the existing password.
-
-**Port**  
-Specifies the port number of the proxy server.
-
-**Server**  
-Specifies the name of the proxy server.
-
-**Type**  
-Specifies the type of proxy connection for this entry.
-
-The following list enumerates the values allowed for the Type parameter.
-
--   "0" = Null proxy
-
--   "1" = HTTP proxy
-
--   "2" = WAP proxy
-
--   "4" = SOCKS4 proxy
-
--   "5" = SOCKS5 proxy
-
-The Null proxy can be used to allow Connection Manager to treat one network as a super set of another network by creating a null proxy from one network to the other.
-
-**UserName**  
-Specifies the username used to connect to the proxy.
-
-## Additional information
-
-
-To delete both a proxy and its associated connection, you must delete the proxy first, and then delete the connection. The following example shows how to delete the proxy and then the connection.
-
-```xml
-
-   
-      
-     
-   
-      
-   
-
-```
-
-## Microsoft Custom Elements
-
-
-The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    ElementAvailable
                    parm-query
                    Yes
                    nocharacteristic
                    Yes
                    characteristic-query
                    Yes
                    
-
                    Recursive query: Yes
                    
-
                    Top level query: Yes
                    
-
- 
-
-## Related topics
-
-
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md
index 1cac56d2f6..333377d822 100644
--- a/windows/client-management/mdm/cmpolicy-csp.md
+++ b/windows/client-management/mdm/cmpolicy-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -23,13 +23,13 @@ The CMPolicy configuration service provider defines rules that the Connection Ma
 
 Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicy configuration service provider can have multiple policies
 
-**Policy Ordering**: There is no explicit ordering of policies. The general rule is that the most concrete or specific policy mappings take a higher precedence.
+**Policy Ordering**: There's no explicit ordering of policies. The general rule is that the most concrete or specific policy mappings take a higher precedence.
 
 **Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
 
 The following shows the CMPolicy configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
 
-```
+```console
 ./Vendor/MSFT
 CMPolicy
 ----PolicyName
@@ -42,6 +42,7 @@ CMPolicy
 ----------------ConnectionID
 ----------------Type
 ```
+
 ***policyName***  
 Defines the name of the policy.
 
@@ -59,19 +60,19 @@ Specifies the mapping policy type.
 
 The following list describes the available mapping policy types:
 
--   Application-based mapping policies are applied to applications. To specify this mapping type, use the value `app`.
+- Application-based mapping policies are applied to applications. To specify this mapping type, use the value `app`.
 
--   Host-based mapping policies are applied to all types of clients requesting connections to specified host(s). To specify this mapping type, use the value `*`.
+- Host-based mapping policies are applied to all types of clients requesting connections to specified host(s). To specify this mapping type, use the value `*`.
 
 **Host**  
 Specifies the name of a host pattern. The host name is matched to the connection request to select the right policy to use.
 
-The host pattern can have two wild cards, "\*" and "+". The host pattern is not a URL pattern and there is no concept of transport or paths on the specific host. For example, the host pattern might be "\*.host\_name.com" to match any prefix to the host\_name.com domains. The host pattern will match "www.host\_name.com" and "mail.host\_name.com", but it will not match "host\_name.com".
+The host pattern can have two wild cards, `*` and `+`. The host pattern isn't a URL pattern and there's no concept of transport or paths on the specific host. For example, the host pattern might be `*.host_name.com` to match any prefix to the `host_name.com` domains. The host pattern will match `www.host_name.com` and `mail.host_name.com`, but it won't match `host_name.com`.
 
 **OrderedConnections**  
 Specifies whether the list of connections is in preference order.
 
-A value of "0" specifies that the connections are not listed in order of preference. A value of "1" indicates that the listed connections are in order of preference.
+A value of "0" specifies that the connections aren't listed in order of preference. A value of "1" indicates that the listed connections are in order of preference.
 
 **Conn***XXX*  
 Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits, which increment starting from "000". For example, a policy, which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
@@ -83,167 +84,53 @@ For `CMST_CONNECTION_NAME`, specify the connection name. For example, if you hav
 
 For `CMST_CONNECTION_TYPE`, specify the GUID for the desired connection type. The curly brackets {} around the GUID are required. The following connection types are available:
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Connection typeGUID
                    GSM
                    {A05DC613-E393-40ad-AA89-CCCE04277CD9}
                    CDMA
                    {274AD55A-4A70-4E35-93B3-AE2D2E6727FC}
                    Legacy 3GPP
                    {6DE4C04B-B74E-47FA-99E5-8F2097C06A92}
                    LTE
                    {2378E547-8312-46A5-905E-5C581E92693B}
                    Wi-Fi
                    {8568B401-858E-4B7B-B3DF-0FD4927F131B}
                    Wi-Fi hotspot
                    {072FC7DC-1D93-40D1-9BB0-2114D7D73434}
                    
-
- 
+|Connection type|GUID|
+|--- |--- |
+|GSM|{A05DC613-E393-40ad-AA89-CCCE04277CD9}|
+|CDMA|{274AD55A-4A70-4E35-93B3-AE2D2E6727FC}|
+|Legacy 3GPP|{6DE4C04B-B74E-47FA-99E5-8F2097C06A92}|
+|LTE|{2378E547-8312-46A5-905E-5C581E92693B}|
+|Wi-Fi|{8568B401-858E-4B7B-B3DF-0FD4927F131B}|
+|Wi-Fi hotspot|{072FC7DC-1D93-40D1-9BB0-2114D7D73434}|
 
 For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network type. The curly brackets {} around the GUID are required. The following network types are available:
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Network typeGUID
                    GPRS
                    {AFB7D659-FC1F-4EA5-BDD0-0FDA62676D96}
                    1XRTT
                    {B1E700AE-A62F-49FF-9BBE-B880C995F27D}
                    EDGE
                    {C347F8EC-7095-423D-B838-7C7A7F38CD03}
                    WCDMA UMTS
                    {A72F04C6-9BE6-4151-B5EF-15A53E12C482}
                    WCDMA FOMA
                    {B8326098-F845-42F3-804E-8CC3FF7B50B4}
                    1XEVDO
                    {DD42DF39-EBDF-407C-8146-1685416401B2}
                    1XEVDV
                    {61BF1BFD-5218-4CD4-949C-241CA3F326F6}
                    HSPA HSDPA
                    {047F7282-BABD-4893-AA77-B8B312657F8C}
                    HSPA HSUPA
                    {1536A1C6-A4AF-423C-8884-6BDDA3656F84}
                    LTE
                    {B41CBF43-6994-46FF-9C2F-D6CA6D45889B}
                    EHRPD
                    {7CFA04A5-0F3F-445C-88A4-C86ED2AD94EA}
                    Ethernet 10 Mbps
                    {97D3D1B3-854A-4C32-BD1C-C13069078370}
                    Ethernet 100 Mbps
                    {A8F4FE66-8D04-43F5-9DD2-2A85BD21029B}
                    Ethernet Gbps
                    {556C1E6B-B8D4-448E-836D-9451BA4CCE75}
                    
-
- 
+|Network type|GUID|
+|--- |--- |
+|GPRS|{AFB7D659-FC1F-4EA5-BDD0-0FDA62676D96}|
+|1XRTT|{B1E700AE-A62F-49FF-9BBE-B880C995F27D}|
+|EDGE|{C347F8EC-7095-423D-B838-7C7A7F38CD03}|
+|WCDMA UMTS|{A72F04C6-9BE6-4151-B5EF-15A53E12C482}|
+|WCDMA FOMA|{B8326098-F845-42F3-804E-8CC3FF7B50B4}|
+|1XEVDO|{DD42DF39-EBDF-407C-8146-1685416401B2}|
+|1XEVDV|{61BF1BFD-5218-4CD4-949C-241CA3F326F6}|
+|HSPA HSDPA|{047F7282-BABD-4893-AA77-B8B312657F8C}|
+|HSPA HSUPA|{1536A1C6-A4AF-423C-8884-6BDDA3656F84}|
+|LTE|{B41CBF43-6994-46FF-9C2F-D6CA6D45889B}|
+|EHRPD|{7CFA04A5-0F3F-445C-88A4-C86ED2AD94EA}|
+|Ethernet 10 Mbps|{97D3D1B3-854A-4C32-BD1C-C13069078370}|
+|Ethernet 100 Mbps|{A8F4FE66-8D04-43F5-9DD2-2A85BD21029B}|
+|Ethernet Gbps|{556C1E6B-B8D4-448E-836D-9451BA4CCE75}|
 
 For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type. The curly brackets {} around the GUID are required. The following device types are available:
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Device typeGUID
                    Cellular device
                    {F9A53167-4016-4198-9B41-86D9522DC019}
                    Ethernet
                    {97844272-00C7-4572-B20A-D8D861C095F2}
                    Bluetooth
                    {1D793123-701A-4fd0-B6AE-9C3C57E99C2C}
                    Virtual
                    {EAA02CE5-9C70-4E87-97FE-55C9DEC847D4}
                    
-
- 
+|Device type|GUID|
+|--- |--- |
+|Cellular device|{F9A53167-4016-4198-9B41-86D9522DC019}|
+|Ethernet|{97844272-00C7-4572-B20A-D8D861C095F2}|
+|Bluetooth|{1D793123-701A-4fd0-B6AE-9C3C57E99C2C}|
+|Virtual|{EAA02CE5-9C70-4E87-97FE-55C9DEC847D4}|
 
 **Type**  
 Specifies the type of connection being referenced. The following list describes the available connection types:
 
--   `CMST_CONNECTION_NAME` – A connection specified by name.
+- `CMST_CONNECTION_NAME` – A connection specified by name.
 
--   `CMST_CONNECTION_TYPE` – Any connection of a specified type.
+- `CMST_CONNECTION_TYPE` – Any connection of a specified type.
 
--   `CMST_CONNECTION_NETWORK_TYPE` – Any connection of a specified network type.
+- `CMST_CONNECTION_NETWORK_TYPE` – Any connection of a specified network type.
 
--   `CMST_CONNECTION_DEVICE_TYPE` – Any connection of the specified device type.
+- `CMST_CONNECTION_DEVICE_TYPE` – Any connection of the specified device type.
 
 ## OMA client provisioning examples
 
@@ -341,7 +228,6 @@ Adding a host-based mapping policy. In this example, the ConnectionId for type C
 
 ## OMA DM examples
 
-
 Adding an application-based mapping policy:
 
 ```xml
@@ -479,36 +365,11 @@ Adding a host-based mapping policy:
 ## Microsoft Custom Elements
 
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    ElementAvailable
                    parm-query
                    Yes
                    uncharacteristic
                    Yes
                    characteristic-query
                    Yes
                    
-
                    Recursive query: Yes
                    
-
                    Top-level query: Yes
                    
-
- 
+|Element|Available|
+|--- |--- |
+|parm-query|Yes|
+|uncharacteristic|Yes|
+|characteristic-query|Yes
                     
                    Recursive query: Yes
                     
                    Top-level query: Yes|
 
 ## Related topics
 
diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md
index 3a5cc913a6..e8f9de1f33 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-csp.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md
@@ -8,28 +8,26 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
 # CMPolicyEnterprise CSP
 
-
 The CMPolicyEnterprise configuration service provider is used by the enterprise to define rules that the Connection Manager uses to identify the correct connection for a connection request.
 
 > [!NOTE]
 > This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
 
- 
-
 Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicyEnterprise configuration service provider can have multiple policies
 
-**Policy Ordering**: There is no explicit ordering of policies. The general rule is that the most concrete or specific policy mappings take a higher precedence.
+**Policy Ordering**: There's no explicit ordering of policies. The general rule is that the most concrete or specific policy mappings take a higher precedence.
 
 **Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
 
 The following shows the CMPolicyEnterprise configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
-```
+
+```console
 ./Vendor/MSFT
 CMPolicy
 ----PolicyName
@@ -59,22 +57,22 @@ Specifies the mapping policy type.
 
 The following list describes the available mapping policy types:
 
--   Application-based mapping policies are applied to applications. To specify this mapping type, use the value `app`.
+- Application-based mapping policies are applied to applications. To specify this mapping type, use the value `app`.
 
--   Host-based mapping policies are applied to all types of clients requesting connections to specified host(s). To specify this mapping type, use the value `*`.
+- Host-based mapping policies are applied to all types of clients requesting connections to specified host(s). To specify this mapping type, use the value `*`.
 
 **Host**  
 Specifies the name of a host pattern. The host name is matched to the connection request to select the right policy to use.
 
-The host pattern can have two wild cards, "\*" and "+". The host pattern is not a URL pattern and there is no concept of transport or paths on the specific host. For example, the host pattern might be "\*.host\_name.com" to match any prefix to the host\_name.com domains. The host pattern will match "www.host\_name.com" and "mail.host\_name.com", but it will not match "host\_name.com".
+The host pattern can have two wild cards, "\*" and "+". The host pattern isn't a URL pattern and there's no concept of transport or paths on the specific host. For example, the host pattern might be "\*.host\_name.com" to match any prefix to the host\_name.com domains. The host pattern will match "www.host\_name.com" and "mail.host\_name.com", but it will not match "host\_name.com".
 
 **OrderedConnections**  
 Specifies whether the list of connections is in preference order.
 
-A value of "0" specifies that the connections are not listed in order of preference. A value of "1" indicates that the listed connections are in order of preference.
+A value of "0" specifies that the connections aren't listed in order of preference. A value of "1" indicates that the listed connections are in order of preference.
 
 **Conn***XXX*  
-Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
+Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits that increment starting from "000". For example, a policy applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
 
 **ConnectionID**  
 Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter.
@@ -83,167 +81,55 @@ For `CMST_CONNECTION_NAME`, specify the connection name. For example, if you hav
 
 For `CMST_CONNECTION_TYPE`, specify the GUID for the desired connection type. The curly brackets {} around the GUID are required. The following connection types are available:
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Connection typeGUID
                    GSM
                    {A05DC613-E393-40ad-AA89-CCCE04277CD9}
                    CDMA
                    {274AD55A-4A70-4E35-93B3-AE2D2E6727FC}
                    Legacy 3GPP
                    {6DE4C04B-B74E-47FA-99E5-8F2097C06A92}
                    LTE
                    {2378E547-8312-46A5-905E-5C581E92693B}
                    Wi-Fi
                    {8568B401-858E-4B7B-B3DF-0FD4927F131B}
                    Wi-Fi hotspot
                    {072FC7DC-1D93-40D1-9BB0-2114D7D73434}
                    
+|Connection type|GUID|
+|--- |--- |
+|GSM|{A05DC613-E393-40ad-AA89-CCCE04277CD9}|
+|CDMA|{274AD55A-4A70-4E35-93B3-AE2D2E6727FC}|
+|Legacy 3GPP|{6DE4C04B-B74E-47FA-99E5-8F2097C06A92}|
+|LTE|{2378E547-8312-46A5-905E-5C581E92693B}|
+|Wi-Fi|{8568B401-858E-4B7B-B3DF-0FD4927F131B}|
+|Wi-Fi hotspot|{072FC7DC-1D93-40D1-9BB0-2114D7D73434}|
 
  
 
 For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network type. The curly brackets {} around the GUID are required. The following network types are available:
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Network typeGUID
                    GPRS
                    {AFB7D659-FC1F-4EA5-BDD0-0FDA62676D96}
                    1XRTT
                    {B1E700AE-A62F-49FF-9BBE-B880C995F27D}
                    EDGE
                    {C347F8EC-7095-423D-B838-7C7A7F38CD03}
                    WCDMA UMTS
                    {A72F04C6-9BE6-4151-B5EF-15A53E12C482}
                    WCDMA FOMA
                    {B8326098-F845-42F3-804E-8CC3FF7B50B4}
                    1XEVDO
                    {DD42DF39-EBDF-407C-8146-1685416401B2}
                    1XEVDV
                    {61BF1BFD-5218-4CD4-949C-241CA3F326F6}
                    HSPA HSDPA
                    {047F7282-BABD-4893-AA77-B8B312657F8C}
                    HSPA HSUPA
                    {1536A1C6-A4AF-423C-8884-6BDDA3656F84}
                    LTE
                    {B41CBF43-6994-46FF-9C2F-D6CA6D45889B}
                    EHRPD
                    {7CFA04A5-0F3F-445C-88A4-C86ED2AD94EA}
                    Ethernet 10Mbps
                    {97D3D1B3-854A-4C32-BD1C-C13069078370}
                    Ethernet 100Mbps
                    {A8F4FE66-8D04-43F5-9DD2-2A85BD21029B}
                    Ethernet Gbps
                    {556C1E6B-B8D4-448E-836D-9451BA4CCE75}
                    
-
- 
+|Network type|GUID|
+|--- |--- |
+|GPRS|{AFB7D659-FC1F-4EA5-BDD0-0FDA62676D96}|
+|1XRTT|{B1E700AE-A62F-49FF-9BBE-B880C995F27D}|
+|EDGE|{C347F8EC-7095-423D-B838-7C7A7F38CD03}|
+|WCDMA UMTS|{A72F04C6-9BE6-4151-B5EF-15A53E12C482}|
+|WCDMA FOMA|{B8326098-F845-42F3-804E-8CC3FF7B50B4}|
+|1XEVDO|{DD42DF39-EBDF-407C-8146-1685416401B2}|
+|1XEVDV|{61BF1BFD-5218-4CD4-949C-241CA3F326F6}|
+|HSPA HSDPA|{047F7282-BABD-4893-AA77-B8B312657F8C}|
+|HSPA HSUPA|{1536A1C6-A4AF-423C-8884-6BDDA3656F84}|
+|LTE|{B41CBF43-6994-46FF-9C2F-D6CA6D45889B}|
+|EHRPD|{7CFA04A5-0F3F-445C-88A4-C86ED2AD94EA}|
+|Ethernet 10 Mbps|{97D3D1B3-854A-4C32-BD1C-C13069078370}|
+|Ethernet 100 Mbps|{A8F4FE66-8D04-43F5-9DD2-2A85BD21029B}|
+|Ethernet Gbps|{556C1E6B-B8D4-448E-836D-9451BA4CCE75}|
 
 For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type. The curly brackets {} around the GUID are required. The following device types are available:
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Device typeGUID
                    Cellular device
                    {F9A53167-4016-4198-9B41-86D9522DC019}
                    Ethernet
                    {97844272-00C7-4572-B20A-D8D861C095F2}
                    Bluetooth
                    {1D793123-701A-4fd0-B6AE-9C3C57E99C2C}
                    Virtual
                    {EAA02CE5-9C70-4E87-97FE-55C9DEC847D4}
                    
-
- 
+|Device type|GUID|
+|--- |--- |
+|Cellular device|{F9A53167-4016-4198-9B41-86D9522DC019}|
+|Ethernet|{97844272-00C7-4572-B20A-D8D861C095F2}|
+|Bluetooth|{1D793123-701A-4fd0-B6AE-9C3C57E99C2C}|
+|Virtual|{EAA02CE5-9C70-4E87-97FE-55C9DEC847D4}|
 
 **Type**  
 Specifies the type of connection being referenced. The following list describes the available connection types:
 
--   `CMST_CONNECTION_NAME` – A connection specified by name.
+- `CMST_CONNECTION_NAME` – A connection specified by name.
 
--   `CMST_CONNECTION_TYPE` – Any connection of a specified type.
+- `CMST_CONNECTION_TYPE` – Any connection of a specified type.
 
--   `CMST_CONNECTION_NETWORK_TYPE` – Any connection of a specified device type.
+- `CMST_CONNECTION_NETWORK_TYPE` – Any connection of a specified device type.
 
--   `CMST_CONNECTION_DEVICE_TYPE` – Any connection of the specified network type.
+- `CMST_CONNECTION_DEVICE_TYPE` – Any connection of the specified network type.
 
 ## OMA client provisioning examples
 
@@ -479,36 +365,11 @@ Adding a host-based mapping policy:
 ## Microsoft Custom Elements
 
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    ElementAvailable
                    parm-query
                    Yes
                    nocharacteristic
                    Yes
                    characteristic-query
                    Yes
                    
-
                    Recursive query: Yes
                    
-
                    Top level query: Yes
                    
-
- 
+|Element|Available|
+|--- |--- |
+|parm-query|Yes|
+|nocharacteristic|Yes|
+|characteristic-query|Yes
                     
                    Recursive query: Yes
                     
                    Top level query: Yes|
 
 ## Related topics
 
diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
index 5c1c136c23..d0ca95bb1d 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/config-lock.md b/windows/client-management/mdm/config-lock.md
new file mode 100644
index 0000000000..26a30c88a6
--- /dev/null
+++ b/windows/client-management/mdm/config-lock.md
@@ -0,0 +1,133 @@
+---
+title: Secured-Core Configuration Lock
+description: A Secured-Core PC (SCPC) feature that prevents configuration drift from Secured-Core PC features (shown below) caused by unintentional misconfiguration. 
+manager: dansimp
+keywords: mdm,management,administrator,config lock
+ms.author: v-lsaldanha
+ms.topic: article
+ms.prod: w11
+ms.technology: windows
+author: lovina-saldanha
+ms.date: 03/14/2022
+---
+
+# Secured-Core PC Configuration Lock 
+
+**Applies to**
+
+-   Windows 11
+
+In an enterprise organization, IT administrators enforce policies on their corporate devices to keep the devices in a compliant state and protect the OS by preventing users from changing configurations and creating config drift. Config drift occurs when users with local admin rights change settings and put the device out of sync with security policies. Devices in a non-compliant state can be vulnerable until the next sync and configuration reset with the MDM. Windows 11 with Config Lock enables IT administrators to prevent config drift and keep the OS configuration in the desired state. With config lock, the OS monitors the registry keys that configure each feature and when it detects a drift, reverts to the IT-desired state in seconds.
+
+Secured-Core Configuration Lock (Config Lock) is a new [Secured-Core PC (SCPC)](/windows-hardware/design/device-experiences/oem-highly-secure) feature that prevents configuration drift from Secured-Core PC features caused by unintentional misconfiguration. In short, it ensures a device intended to be a Secured-Core PC remains a Secured-Core PC.
+
+To summarize, Config Lock:
+
+- Enables IT to “lock” Secured-Core PC features when managed through MDM
+- Detects drift remediates within seconds
+- DOES NOT prevent malicious attacks
+
+## Configuration Flow
+
+After a Secured-Core PC reaches the desktop, Config Lock will prevent configuration drift by detecting if the device is a Secured-Core PC or not. When the device isn't a Secured-Core PC, the lock won't apply. If the device is a Secured-Core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies).
+
+## System Requirements
+
+Config Lock will be available for all Windows Professional and Enterprise Editions running on [Secured-Core PCs](/windows-hardware/design/device-experiences/oem-highly-secure).  
+
+## Enabling Config Lock using Microsoft Intune
+
+Config Lock isn't enabled by default (or turned on by the OS during boot). Rather, an IT Admin must intentionally turn it on.
+ 
+The steps to turn on Config Lock using Microsoft Endpoint Manager (Microsoft Intune) are as follows:
+
+1. Ensure that the device to turn on Config Lock is enrolled in Microsoft Intune.
+1. From the Microsoft Intune portal main page, select **Devices** > **Configuration Profiles** > **Create a profile**.
+1. Select the following and press **Create**:
+    - **Platform**: Windows 10 and later
+    - **Profile type**: Templates
+    - **Template name**: Custom
+
+    :::image type="content" source="images/configlock-mem-createprofile.png" alt-text="In Configuration profiles, the Create a profile page is showing, with the Platform set to Windows 10 and later, and a Profile Type of Templates":::
+
+1. Name your profile.
+1. When you reach the Configuration Settings step, select “Add” and add the following information:
+    - **OMA-URI**: ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/ConfigLock/Lock
+    - **Data type**: Integer
+    - **Value**: 1 
                    
+    To turn off Config Lock, change the value to 0.
+
+    :::image type="content" source="images/configlock-mem-editrow.png" alt-text="In the Configuration settings step, the Edit Row page is shown with a Name of Config Lock, a Description of Turn on Config Lock and the OMA-URI set as above, along with a Data type of Integer set to a Value of 1":::
+
+1. Select the devices to turn on Config Lock. If you're using a test tenant, you can select “+ Add all devices”.
+1. You'll not need to set any applicability rules for test purposes.
+1. Review the Configuration and select “Create” if everything is correct.
+1. After the device syncs with the Microsoft Intune server, you can confirm if the Config Lock was successfully enabled.
+
+    :::image type="content" source="images/configlock-mem-dev.png" alt-text="The Profile assignment status dashboard when viewing the Config Lock device configuration profile, showing one device has succeeded in having this profile applied":::
+
+    :::image type="content" source="images/configlock-mem-devstatus.png" alt-text="The Device Status for the Config Lock Device Configuration Profile, showing one device with a Deployment Status as Succeeded and two with Pending":::
+
+## Configuring Secured-Core PC features
+
+Config Lock is designed to ensure that a Secured-Core PC isn't unintentionally misconfigured.  IT Admins retain the ability to change (enable/disable) SCPC features (for example Firmware protection) via Group Policies and/or mobile device management (MDM) tools, such as Microsoft Intune.
+
+:::image type="content" source="images/configlock-mem-firmwareprotect.png" alt-text="The Defender Firmware protection setting, with a description of Windows Defender System Guard protects your device from compromised firmware. The setting is set to Off":::
+ 
+## FAQ
+
+**Can an IT admins disable Config Lock ?** 
                    
+	Yes. IT admins can use MDM to turn off Config Lock.
                    
+
+### List of locked policies
+
+|**CSPs**     |
+|-----|
+|[BitLocker ](bitlocker-csp.md)      |
+|[PassportForWork](passportforwork-csp.md)       |
+|[WindowsDefenderApplicationGuard](windowsdefenderapplicationguard-csp.md)       |
+|[ApplicationControl](applicationcontrol-csp.md) 
+
+
+|**MDM policies**     | **Supported by Group Policy** |
+|-----|-----|
+|[DataProtection/AllowDirectMemoryAccess](policy-csp-dataprotection.md)      | No |
+|[DataProtection/LegacySelectiveWipeID](policy-csp-dataprotection.md)      | No |
+|[DeviceGuard/ConfigureSystemGuardLaunch](policy-csp-deviceguard.md)      | Yes |
+|[DeviceGuard/EnableVirtualizationBasedSecurity](policy-csp-deviceguard.md)      | Yes |
+|[DeviceGuard/LsaCfgFlags](policy-csp-deviceguard.md)      | Yes |
+|[DeviceGuard/RequirePlatformSecurityFeatures](policy-csp-deviceguard.md)      | Yes |
+|[DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](policy-csp-deviceinstallation.md)      | Yes |
+|[DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md)      | Yes |
+|[DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/PreventDeviceMetadataFromNetwork](policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](policy-csp-deviceinstallation.md) | Yes |
+|[DmaGuard/DeviceEnumerationPolicy](policy-csp-dmaguard.md) | Yes |
+|[WindowsDefenderSecurityCenter/CompanyName](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableAccountProtectionUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableAppBrowserUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableClearTpmButton](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableEnhancedNotifications](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableFamilyUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableHealthUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableNetworkUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableNotifications](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning](policy-csp-windowsdefendersecuritycenter.md)| Yes |
+|[WindowsDefenderSecurityCenter/DisableVirusUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/Email](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/EnableCustomizedToasts](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/EnableInAppCustomization](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/HideSecureBoot](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/HideTPMTroubleshooting](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/Phone](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/URL](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[SmartScreen/EnableAppInstallControl](policy-csp-smartscreen.md)| Yes |
+|[SmartScreen/EnableSmartScreenInShell](policy-csp-smartscreen.md) | Yes |
+|[SmartScreen/PreventOverrideForFilesInShell](policy-csp-smartscreen.md) | Yes |
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 4f9dd3d9da..56bcf98029 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -8,13 +8,14 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/18/2020
+ms.collection: highpri
 ---
 
 # Configuration service provider reference
 
-A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the phone image as a .provxml file that is installed during boot.
+A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the device image as a `.provxml` file that is installed during boot.
 
 For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal). For CSP DDF files, see [CSP DDF files download](#csp-ddf-files-download).
 
@@ -33,24 +34,10 @@ Additional lists:
 [AccountManagement CSP](accountmanagement-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
 
 
 
@@ -59,24 +46,10 @@ Additional lists:
 [Accounts CSP](accounts-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck mark4check mark4check mark4check mark4cross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -85,24 +58,10 @@ Additional lists:
 [ActiveSync CSP](activesync-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -111,50 +70,22 @@ Additional lists:
 [AllJoynManagement CSP](alljoynmanagement-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
 
 
 
 
 
-[APPLICATION CSP](application-csp.md)
+[Application CSP](application-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -163,24 +94,10 @@ Additional lists:
 [ApplicationControl CSP](applicationcontrol-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check mark6check mark6check mark6check mark6check mark6check mark6
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -189,24 +106,10 @@ Additional lists:
 [AppLocker CSP](applocker-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -215,50 +118,22 @@ Additional lists:
 [AssignedAccess CSP](assignedaccess-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck mark3check markcheck markcheck markcross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
 
 
-[BOOTSTRAP CSP](bootstrap-csp.md)
+[Bootstrap CSP](bootstrap-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -267,50 +142,10 @@ Additional lists:
 [BitLocker CSP](bitlocker-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck mark5check mark2check mark2check mark2check mark2
                    
 
-
-
-
-
-[BrowserFavorite CSP](browserfavorite-csp.md)
-
-
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcross mark
                    
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -319,24 +154,10 @@ Additional lists:
 [CMPolicy CSP](cmpolicy-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check mark3check mark3check mark3check mark3check mark3check mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -345,25 +166,10 @@ Additional lists:
 [CMPolicyEnterprise CSP](cmpolicyenterprise-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
 
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark1
                    
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
 
 
 
@@ -372,24 +178,10 @@ Additional lists:
 [CM_CellularEntries CSP](cm-cellularentries-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check mark2check mark2check mark2check mark2check mark2check mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -398,24 +190,10 @@ Additional lists:
 [CM_ProxyEntries CSP](cm-proxyentries-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check mark3check mark3check mark3check mark3check mark3check mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -424,24 +202,10 @@ Additional lists:
 [CellularSettings CSP](cellularsettings-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check mark2check mark2check mark2check mark2check mark2check mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -450,24 +214,10 @@ Additional lists:
 [CertificateStore CSP](certificatestore-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -476,24 +226,10 @@ Additional lists:
 [CleanPC CSP](cleanpc-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcheck mark2check mark2check mark2cross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|Yes|Yes|Yes|
 
 
 
@@ -502,24 +238,10 @@ Additional lists:
 [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -528,24 +250,10 @@ Additional lists:
 [CustomDeviceUI CSP](customdeviceui-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
 
 
 
@@ -554,24 +262,10 @@ Additional lists:
 [DMAcc CSP](dmacc-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -580,24 +274,10 @@ Additional lists:
 [DMClient CSP](dmclient-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -606,24 +286,10 @@ Additional lists:
 [Defender CSP](defender-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -632,24 +298,10 @@ Additional lists:
 [DevDetail CSP](devdetail-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -658,24 +310,10 @@ Additional lists:
 [DevInfo CSP](devinfo-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -684,24 +322,10 @@ Additional lists:
 [DeveloperSetup CSP](developersetup-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
 
 
 
@@ -710,24 +334,10 @@ Additional lists:
 [DeviceInstanceService CSP](deviceinstanceservice-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
 
 
 
@@ -736,24 +346,10 @@ Additional lists:
 [DeviceLock CSP](devicelock-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
 
 
 
@@ -762,24 +358,10 @@ Additional lists:
 [DeviceManageability CSP](devicemanageability-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -788,25 +370,10 @@ Additional lists:
 [DeviceStatus CSP](devicestatus-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -815,24 +382,10 @@ Additional lists:
 [DiagnosticLog CSP](diagnosticlog-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-	
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -841,51 +394,22 @@ Additional lists:
 [DynamicManagement CSP](dynamicmanagement-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcheck mark2check mark2check mark3
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|Yes|Yes|
 
 
 
 
 
-[EMAIL2 CSP](email2-csp.md)
+[EMail2 CSP](email2-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -894,24 +418,10 @@ Additional lists:
 [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check mark6check mark6check mark6check mark6check mark6cross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -920,24 +430,10 @@ Additional lists:
 [EnterpriseAPN CSP](enterpriseapn-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check mark2check mark2check mark2check mark2check mark2check mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -946,24 +442,10 @@ Additional lists:
 [EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
 
 
 
@@ -971,51 +453,9 @@ Additional lists:
 
 [EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md)
 
-
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcheck mark2check mark2cross mark
                    
-
-
-
-
-
-[EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md)
-
-
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark
                    
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|Yes|Yes|
 
 
 
@@ -1024,25 +464,10 @@ Additional lists:
 [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check mark
-Only for mobile application management (MAM)check markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes
                     [Only for mobile application management (MAM)](/windows/client-management/mdm/implement-server-side-mobile-application-management#integration-with-windows-information-protection)|Yes|Yes|Yes|Yes|
 
 
 
@@ -1051,76 +476,10 @@ Additional lists:
 [EnterpriseDesktopAppManagement CSP](enterprisedesktopappmanagement-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcross mark
                    
 
-
-
-
-
-[EnterpriseExt CSP](enterpriseext-csp.md)
-
-
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark
                    
-
-
-
-
-
-[EnterpriseExtFileSystem CSP](enterpriseextfilessystem-csp.md)
-
-
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark
                    
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -1129,24 +488,10 @@ Additional lists:
 [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -1155,50 +500,10 @@ Additional lists:
 [eUICCs CSP](euiccs-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck mark3check mark3check mark3check mark3check mark3
                    
 
-
-
-
-
-[FileSystem CSP](filesystem-csp.md)
-
-
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck markB
                    
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -1207,24 +512,10 @@ Additional lists:
 [Firewall CSP](firewall-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck mark3check mark3check mark3check mark3cross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -1233,50 +524,10 @@ Additional lists:
 [HealthAttestation CSP](healthattestation-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
 
-
-
-
-
-[HotSpot CSP](hotspot-csp.md)
-
-
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark
                    
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -1285,51 +536,10 @@ Additional lists:
 [LanguagePackManagement CSP](language-pack-management-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-    
-
-
                    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
                    check markcheck markcross markcheck markcheck markcross markcross mark
                    
 
-
-
-
-[Maps CSP](maps-csp.md)
-
-
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark
                    
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|No|Yes|Yes|
 
 
 
@@ -1338,24 +548,10 @@ Additional lists:
 [Messaging CSP](messaging-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark2
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
 
 
 
@@ -1364,24 +560,10 @@ Additional lists:
 [MultiSIM CSP](multisim-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check mark4check mark4check mark4check mark4check mark4check mark4
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -1390,24 +572,10 @@ Additional lists:
 [NAP CSP](nap-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -1416,24 +584,10 @@ Additional lists:
 [NAPDEF CSP](napdef-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -1442,24 +596,10 @@ Additional lists:
 [NetworkProxy CSP](networkproxy-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck mark2check mark2check mark2check mark2check mark2
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -1468,24 +608,10 @@ Additional lists:
 [NetworkQoSPolicy CSP](networkqospolicy-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -1494,24 +620,10 @@ Additional lists:
 [NodeCache CSP](nodecache-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -1520,76 +632,34 @@ Additional lists:
 [Office CSP](office-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck mark2check mark2check mark2check mark2cross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
 
 
-[PROXY CSP](proxy-csp.md)
+[Proxy CSP](proxy-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
 
 
-[PXLOGICAL CSP](pxlogical-csp.md)
+[PXLogical CSP](pxlogical-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -1598,24 +668,10 @@ Additional lists:
 [PassportForWork CSP](passportforwork-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -1624,24 +680,10 @@ Additional lists:
 [Personalization CSP](personalization-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcheck mark2check mark2cross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|Yes|Yes|
 
 
 
@@ -1650,24 +692,10 @@ Additional lists:
 [Policy CSP](policy-configuration-service-provider.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -1676,24 +704,10 @@ Additional lists:
 [PolicyManager CSP](policymanager-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
 
 
 
@@ -1702,24 +716,10 @@ Additional lists:
 [Provisioning CSP](provisioning-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markBcheck markBcheck markBcheck markBcheck markBcheck markB
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -1728,50 +728,10 @@ Additional lists:
 [Reboot CSP](reboot-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcheck mark
                    
 
-
-
-
-
-[Registry CSP](registry-csp.md)
-
-
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark
                    
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -1780,50 +740,10 @@ Additional lists:
 [RemoteFind CSP](remotefind-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcheck mark
                    
 
-
-
-
-
-[RemoteLock](remotelock-csp.md)
-
-
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark
                    
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -1832,24 +752,10 @@ Additional lists:
 [RemoteRing CSP](remotering-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
 
 
 
@@ -1858,24 +764,10 @@ Additional lists:
 [RemoteWipe CSP](remotewipe-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -1884,24 +776,10 @@ Additional lists:
 [Reporting CSP](reporting-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -1910,24 +788,10 @@ Additional lists:
 [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -1936,24 +800,10 @@ Additional lists:
 [SUPL CSP](supl-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -1962,24 +812,10 @@ Additional lists:
 [SecureAssessment CSP](secureassessment-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck mark1check mark1check mark1check mark1cross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -1988,24 +824,10 @@ Additional lists:
 [SecurityPolicy CSP](securitypolicy-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -2014,24 +836,10 @@ Additional lists:
 [SharedPC CSP](sharedpc-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck mark1check mark1check mark1check mark1cross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -2040,24 +848,10 @@ Additional lists:
 [Storage CSP](storage-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -2066,25 +860,10 @@ Additional lists:
 [SurfaceHub](surfacehub-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+||||||
 
 
 
@@ -2093,24 +872,10 @@ Additional lists:
 [TenantLockdown CSP](tenantlockdown-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck mark5check mark5check mark5check mark5cross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -2119,24 +884,10 @@ Additional lists:
 [TPMPolicy CSP](tpmpolicy-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -2145,24 +896,10 @@ Additional lists:
 [UEFI CSP](uefi-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcheck mark4check mark4check mark4cross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -2171,24 +908,10 @@ Additional lists:
 [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcheck markcheck markcheck markcross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|Yes|Yes|Yes|
 
 
 
@@ -2197,24 +920,10 @@ Additional lists:
 [Update CSP](update-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -2223,24 +932,10 @@ Additional lists:
 [VPN CSP](vpn-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
 
 
 
@@ -2249,51 +944,22 @@ Additional lists:
 [VPNv2 CSP](vpnv2-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
 
 
-[W4 APPLICATION CSP](w4-application-csp.md)
+[W4 Application CSP](w4-application-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+||||||
 
 
 
@@ -2302,24 +968,10 @@ Additional lists:
 [WiFi CSP](wifi-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -2328,24 +980,10 @@ Additional lists:
 [Win32AppInventory CSP](win32appinventory-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck mark1check mark1check mark1check mark1cross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -2354,24 +992,10 @@ Additional lists:
 [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck mark5check mark5check mark5check mark5cross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -2380,24 +1004,10 @@ Additional lists:
 [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck mark1check mark1check mark1check mark1cross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -2406,24 +1016,10 @@ Additional lists:
 [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	>
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck mark3check mark3check mark3check mark3cross mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
@@ -2433,50 +1029,10 @@ Additional lists:
 [WindowsLicensing CSP](windowslicensing-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check markcheck markcheck markcheck markcheck markcheck mark
                    
 
-
-
-
-
-[WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md)
-
-
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcross markcross markcross markcross markcheck mark
                    
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
 
 
 
@@ -2485,50 +1041,22 @@ Additional lists:
 [WiredNetwork CSP](wirednetwork-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    cross markcheck mark5check mark5check mark5check mark5check mark5
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
 
 
 
 
 
-[w7 APPLICATION CSP](w7-application-csp.md)
+[w7 Application CSP](w7-application-csp.md)
 
 
-
-
-	
-	
-	
-	
-	
-	
-
-
-	
-	
-	
-	
-	
-	
-
-
                    HomeProBusinessEnterpriseEducationMobile
                    check mark
                    
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+||||||
 
 
 
@@ -2555,45 +1083,45 @@ The following list shows the CSPs supported in HoloLens devices:
 
 | Configuration service provider        | HoloLens (1st gen) Development Edition      | HoloLens (1st gen) Commercial Suite | HoloLens 2 |
 |------|--------|--------|--------|
-| [AccountManagement CSP](accountmanagement-csp.md)   | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) 4       | ![check mark](images/checkmark.png)
-| [Accounts CSP](accounts-csp.md)    | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) |
-| [ApplicationControl CSP](applicationcontrol-csp.md) | ![cross mark](images/crossmark.png) | ![cross mark](images/crossmark.png) |  ![check mark](images/checkmark.png) |
-| [AppLocker CSP](applocker-csp.md)      | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       | ![cross mark](images/crossmark.png) |
-| [AssignedAccess CSP](assignedaccess-csp.md)      | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) 4       | ![check mark](images/checkmark.png) |
-| [CertificateStore CSP](certificatestore-csp.md)    | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)| ![check mark](images/checkmark.png) |
-| [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)  | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
-| [DevDetail CSP](devdetail-csp.md)   | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
-| [DeveloperSetup CSP](developersetup-csp.md)   | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) 2   (runtime provisioning via provisioning packages only; no MDM support)| ![check mark](images/checkmark.png) |
-| [DeviceManageability CSP](devicemanageability-csp.md) | ![cross mark](images/crossmark.png) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) |
-| [DeviceStatus CSP](devicestatus-csp.md)  | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)  | ![check mark](images/checkmark.png) |
-| [DevInfo CSP](devinfo-csp.md)  | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
-| [DiagnosticLog CSP](diagnosticlog-csp.md)  | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
-| [DMAcc CSP](dmacc-csp.md)      | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
-| [DMClient CSP](dmclient-csp.md)    | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
-| [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) | ![cross mark](images/crossmark.png) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) 10  |
-| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
-| [NetworkProxy CSP](networkproxy-csp.md) | ![cross mark](images/crossmark.png) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) |
-| [NetworkQoSPolicy CSP](networkqospolicy-csp.md)  | ![cross mark](images/crossmark.png) | ![cross mark](images/crossmark.png)       | ![check mark](images/checkmark.png) 8|
-| [NodeCache CSP](nodecache-csp.md)  | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
-[PassportForWork CSP](passportforwork-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) |
-| [Policy CSP](policy-configuration-service-provider.md)    | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
-| [RemoteFind CSP](remotefind-csp.md)    | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) 4       | ![check mark](images/checkmark.png) |
-| [RemoteWipe CSP](remotewipe-csp.md) (**doWipe** and **doWipePersistProvisionedData** nodes only)  | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) 4       | ![check mark](images/checkmark.png) |
-| [RootCATrustedCertificates CSP](rootcacertificates-csp.md)   | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
-| [TenantLockdown CSP](tenantlockdown-csp.md) | ![cross mark](images/crossmark.png) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) 10  |
-| [Update CSP](update-csp.md)     | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
-| [VPNv2 CSP](vpnv2-csp.md)    | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
-| [WiFi CSP](wifi-csp.md)     | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       | ![check mark](images/checkmark.png) |
-| [WindowsLicensing CSP](windowslicensing-csp.md)   | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       | ![cross mark](images/crossmark.png) |
+| [AccountManagement CSP](accountmanagement-csp.md)   | No | Yes        | Yes
+| [Accounts CSP](accounts-csp.md)    | Yes | Yes | Yes |
+| [ApplicationControl CSP](applicationcontrol-csp.md) | No | No |  Yes |
+| [AppLocker CSP](applocker-csp.md)      | No | Yes       | No |
+| [AssignedAccess CSP](assignedaccess-csp.md)      | No | Yes        | Yes |
+| [CertificateStore CSP](certificatestore-csp.md)    | Yes | Yes| Yes |
+| [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)  | No | Yes       | Yes |
+| [DevDetail CSP](devdetail-csp.md)   | Yes | Yes       | Yes |
+| [DeveloperSetup CSP](developersetup-csp.md)   | No | Yes    (runtime provisioning via provisioning packages only; no MDM support)| Yes (runtime provisioning via provisioning packages only; no MDM support) |
+| [DeviceManageability CSP](devicemanageability-csp.md) | No | No | Yes |
+| [DeviceStatus CSP](devicestatus-csp.md)  | No | Yes  | Yes |
+| [DevInfo CSP](devinfo-csp.md)  | Yes | Yes       | Yes |
+| [DiagnosticLog CSP](diagnosticlog-csp.md)  | No | Yes       | Yes |
+| [DMAcc CSP](dmacc-csp.md)      | Yes | Yes       | Yes |
+| [DMClient CSP](dmclient-csp.md)    | Yes | Yes       | Yes |
+| [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) | No | No | Yes   |
+| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | No | Yes       | Yes |
+| [NetworkProxy CSP](networkproxy-csp.md) | No | No | Yes |
+| [NetworkQoSPolicy CSP](networkqospolicy-csp.md)  | No | No       | Yes |
+| [NodeCache CSP](nodecache-csp.md)  | Yes | Yes       | Yes |
+[PassportForWork CSP](passportforwork-csp.md) | No | Yes | Yes |
+| [Policy CSP](policy-configuration-service-provider.md)    | No | Yes       | Yes |
+| [RemoteFind CSP](remotefind-csp.md)    | No | Yes        | Yes |
+| [RemoteWipe CSP](remotewipe-csp.md) (**doWipe** and **doWipePersistProvisionedData** nodes only)  | No | Yes        | Yes |
+| [RootCATrustedCertificates CSP](rootcacertificates-csp.md)   | No | Yes       | Yes |
+| [TenantLockdown CSP](tenantlockdown-csp.md) | No | No | Yes   |
+| [Update CSP](update-csp.md)     | No | Yes       | Yes |
+| [VPNv2 CSP](vpnv2-csp.md)    | No | Yes       | Yes |
+| [WiFi CSP](wifi-csp.md)     | No | Yes       | Yes |
+| [WindowsLicensing CSP](windowslicensing-csp.md)   | Yes | Yes       | No |
 
  
 ## CSPs supported in Microsoft Surface Hub
 
--   [Accounts CSP](accounts-csp.md)9 
+-   [Accounts CSP](accounts-csp.md) 
     > [!NOTE]
     > Support in Surface Hub is limited to **Domain\ComputerName**.
 -   [AccountManagement CSP](accountmanagement-csp.md)
--   [APPLICATION CSP](application-csp.md)
+-   [Application CSP](application-csp.md)
 -   [CertificateStore CSP](certificatestore-csp.md)
 -   [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)
 -   [Defender CSP](defender-csp.md)
@@ -2605,27 +1133,28 @@ The following list shows the CSPs supported in HoloLens devices:
 -   [DMAcc CSP](dmacc-csp.md)
 -   [DMClient CSP](dmclient-csp.md)
 -   [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)
--   [Firewall-CSP](firewall-csp.md)9 
+-   [Firewall-CSP](firewall-csp.md) 
 -   [HealthAttestation CSP](healthattestation-csp.md)
+-   [NetworkProxy CSP](networkproxy-csp.md)
 -   [NetworkQoSPolicy CSP](networkqospolicy-csp.md)
 -   [NodeCache CSP](nodecache-csp.md)
 -   [PassportForWork CSP](passportforwork-csp.md)
 -   [Policy CSP](policy-configuration-service-provider.md)
 -   [Reboot CSP](reboot-csp.md)
--   [RemoteWipe CSP](remotewipe-csp.md)9 
+-   [RemoteWipe CSP](remotewipe-csp.md) 
 -   [Reporting CSP](reporting-csp.md)
 -   [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
 -   [SurfaceHub CSP](surfacehub-csp.md)
 -   [UEFI CSP](uefi-csp.md)
--   [Wifi-CSP](wifi-csp.md)9 
+-   [Wifi-CSP](wifi-csp.md) 
 -   [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
--   [Wirednetwork-CSP](wirednetwork-csp.md)9 
+-   [Wirednetwork-CSP](wirednetwork-csp.md) 
 
 
 ## CSPs supported in Windows 10 IoT Core
 
 - [AllJoynManagement CSP](alljoynmanagement-csp.md)
-- [APPLICATION CSP](application-csp.md)
+- [Application CSP](application-csp.md)
 - [CertificateStore CSP](certificatestore-csp.md)
 - [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)
 - [CustomDeviceUI CSP](customdeviceui-csp.md)
@@ -2640,7 +1169,7 @@ The following list shows the CSPs supported in HoloLens devices:
 - [Policy CSP](policy-configuration-service-provider.md)
 - [Provisioning CSP (Provisioning only)](provisioning-csp.md)
 - [Reboot CSP](reboot-csp.md)
-- [RemoteWipe CSP](remotewipe-csp.md)5
+- [RemoteWipe CSP](remotewipe-csp.md)
 - [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
 - [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)
 - [Update CSP](update-csp.md)
@@ -2649,17 +1178,3 @@ The following list shows the CSPs supported in HoloLens devices:
 
 
                    
 
- Footnotes:
-- A - Only for mobile application management (MAM).
-- B - Provisioning only.
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in Windows 10, version 1809.
-- 6 - Added in Windows 10, version 1903.
-- 7 - Added in Windows 10, version 1909.
-- 8 - Added in Windows 10, version 2004.
-- 9 - Added in Windows 10 Team 2020 Update
-- 10 - Added in [Windows Holographic, version 20H2](/hololens/hololens-release-notes#windows-holographic-version-20h2)
-
diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md
index 2645a75e3f..1a0f77c9ed 100644
--- a/windows/client-management/mdm/customdeviceui-csp.md
+++ b/windows/client-management/mdm/customdeviceui-csp.md
@@ -8,14 +8,14 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
 # CustomDeviceUI CSP
 
-The CustomDeviceUI configuration service provider allows OEMs to implement their custom foreground application, as well as the background tasks to run on an IoT device running IoT Core. Only one foreground application is supported per device. Multiple background tasks are supported.
-The following shows the CustomDeviceUI configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
+The CustomDeviceUI configuration service provider allows OEMs to implement their custom foreground application, and the background tasks to run on an IoT device running IoT Core. Only one foreground application is supported per device. Multiple background tasks are supported.
+The following example shows the CustomDeviceUI configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
 
 > [!NOTE]
 > This configuration service provider only applies to Windows 10 IoT Core (IoT Core).
@@ -38,7 +38,7 @@ AppID string value is the default appid/AUMID to launch during startup. The supp
 List of package names of background tasks that need to be launched on device startup. The supported operation is Get.
 
 **BackgroundTasksToLaunch/***BackgroundTaskPackageName*  
-Package Full Name of the App that needs be launched in the background. This can contain no entry points, a single entry point, or multiple entry points. The supported operations are Add, Delete, Get, and Replace.
+Package Full Name of the application that needs to be launched in the background. This application can contain no entry points, a single entry point, or multiple entry points. The supported operations are Add, Delete, Get, and Replace.
 
 ## SyncML examples
 
diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md
index 7623b155f2..40621f8a86 100644
--- a/windows/client-management/mdm/customdeviceui-ddf.md
+++ b/windows/client-management/mdm/customdeviceui-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md
index b1e8b42c40..4621e9a56d 100644
--- a/windows/client-management/mdm/data-structures-windows-store-for-business.md
+++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md
@@ -1,23 +1,22 @@
 ---
 title: Data structures for Microsoft Store for Business
+description: Learn about the various data structures for Microsoft Store for Business.
 MS-HAID:
 - 'p\_phdevicemgmt.business\_store\_data\_structures'
 - 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business'
 ms.assetid: ABE44EC8-CBE5-4775-BA8A-4564CB73531B
 ms.reviewer: 
 manager: dansimp
-description: 
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/18/2017
 ---
 
 # Data structures for Microsoft Store for Business
 
-
 Here's the list of data structures used in the Microsoft Store for Business REST APIs:
 
 -   [AlternateIdentifier](#alternateidentifier)
@@ -54,1067 +53,261 @@ Here's the list of data structures used in the Microsoft Store for Business REST
 
 Specifies the properties of the alternate identifier.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    NameTypeDescription
                    type
                    string
                    LegacyWindowStoreProductId, LegacyWindowsPhoneProductId, RedirectToThresholdProductId
                    value
                    string
                    
-
- 
+|Name|Type|Description|
+|--- |--- |--- |
+|Type|String|LegacyWindowStoreProductId, LegacyWindowsPhoneProductId, RedirectToThresholdProductId|
+|Value|String||
 
 ## BulkSeatOperationResultSet
 
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    NameType
                    seatDetails
                    collection of SeatDetails
                    failedSeatOperations
                    collection of FailedSeatRequest
                    
-
- 
+|Name|Type|
+|--- |--- |
+|seatDetails|Collection of [SeatDetails](#seatdetails)|
+|failedSeatOperations|Collection of [FailedSeatRequest](#failedseatrequest)|
 
 ## FailedSeatRequest
 
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    NameType
                    failureReason
                    string
                    productKey
                    ProductKey
                    userName
                    string
                    
-
- 
+|Name|Type|
+|--- |--- |
+|failureReason|String|
+|productKey|[ProductKey](#productkey)|
+|userName|String|
 
 ## FrameworkPackageDetails
 
-
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    NameTypeDescription
                    packageId
                    string
                    contentId
                    string
                    Identifies a specific application.
                    location
                    PackageLocation
                    packageFullName
                    string
                    packageIdentityName
                    string
                    architectures
                    collection of ProductArchitectures
                    packageFormat
                    ProductPackageFormat
                    platforms
                    collection of ProductPlatform
                    fileSize
                    integer-64
                    Size of the file.
                    packageRank
                    integer-32
                    Optional
                    
-
- 
+|Name|Type|Description|
+|--- |--- |--- |
+|packageId|String||
+|contentId|String|Identifies a specific application.|
+|Location|[PackageLocation](#packagelocation)||
+|packageFullName|String||
+|packageIdentityName|String||
+|Architectures|Collection of [ProductArchitectures](#productarchitectures)||
+|packageFormat|[ProductPackageFormat](#productpackageformat)||
+|Platforms|Collection of [ProductPlatform](#productplatform)||
+|fileSize|integer-64|Size of the file.|
+|packageRank|integer-32|Optional|
 
 ## InventoryDistributionPolicy
 
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    NameDescription
                    open
                    Open distribution policy - licenses/seats can be assigned/consumed without limit
                    restricted
                    Restricted distribution policy - licenses/seats must be assigned/consumed according to the available count
                    
-
- 
+|Name|Description|
+|--- |--- |
+|Open|Open distribution policy - licenses/seats can be assigned/consumed without limit|
+|Restricted|Restricted distribution policy - licenses/seats must be assigned/consumed according to the available count|
 
 ## InventoryEntryDetails
 
-
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    NameTypeDescription
                    productKey
                    ProductKey
                    Identifier used on subsequent requests to get additional content including product descriptions, offline license, and download URLs.
                    seatCapacity
                    integer-64
                    Total number of seats that have been purchased for an application.
                    availableSeats
                    integer-64
                    Number of available seats remaining for an application.
                    lastModified
                    dateTime
                    Specifies the last modified date for an application. Modifications for an application includes updated product details, updates to an application, and updates to the quantity of an application.
                    licenseType
                    LicenseType
                    Indicates whether the set of seats for a given application supports online or offline licensing.
                    distributionPolicy
                    InventoryDistributionPolicy
                    status
                    InventoryStatus
                    
-
- 
+|Name|Type|Description|
+|--- |--- |--- |
+|productKey|[ProductKey](#productkey)|Identifier used on subsequent requests to get more content including product descriptions, offline license, and download URLs.|
+|seatCapacity|integer-64|Total number of seats that have been purchased for an application.|
+|availableSeats|integer-64|Number of available seats remaining for an application.|
+|lastModified|dateTime|Specifies the last modified date for an application. Modifications for an application include updated product details, updates to an application, and updates to the quantity of an application.|
+|licenseType|[LicenseType](#licensetype)|Indicates whether the set of seats for a given application supports online or offline licensing.|
+|distributionPolicy|[InventoryDistributionPolicy](#inventorydistributionpolicy)||
+|status|[InventoryStatus](#inventorystatus)||
 
 ## InventoryResultSet
 
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    NameTypeDescription
                    continuationToken
                    string
                    Only available if there is a next page.
                    inventoryEntries
                    collection of InventoryEntryDetails
                    
-
+|Name|Type|Description|
+|--- |--- |--- |
+|continuationToken|String|Only available if there is a next page.|
+|inventoryEntries|Collection of [InventoryEntryDetails](#inventoryentrydetails)||
  
-
 ## InventoryStatus
 
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    NameDescription
                    active
                    Entry is available in the organization’s inventory.
                    removed
                    Entry has been removed from the organization’s inventory.
                    
-
- 
+|Name|Description|
+|--- |--- |
+|Active|Entry is available in the organization’s inventory.|
+|Removed|Entry has been removed from the organization’s inventory.|
 
 ## LicenseType
 
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    NameDescription
                    online
                    Online license application.
                    offline
                    Offline license application.
                    
-
- 
+|Name|Description|
+|--- |--- |
+|Online|Online license application.|
+|Offline|Offline license application.|
 
 ## LocalizedProductDetail
 
 
 Specifies the properties of the localized product.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    NameTypeDescription
                    language
                    string
                    Language or fallback language if the specified language is not available.
                    displayName
                    string
                    Display name of the application.
                    description
                    string
                    App description provided by developer can be up to 10,000 characters.
                    images
                    collection of ProductImage
                    Artwork and icon associated with the application.
                    publisher
                    PublisherDetails
                    Publisher of the application.
                    
-
- 
+|Name|Type|Description|
+|--- |--- |--- |
+|Language|String|Language or fallback language if the specified language is not available.|
+|displayName|String|Display name of the application.|
+|Description|String|App description provided by developer can be up to 10,000 characters.|
+|Images|Collection of [ProductImage](#productimage)|Artwork and icon associated with the application.|
+|Publisher|[PublisherDetails](#publisherdetails)|Publisher of the application.|
 
 ## OfflineLicense
 
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    NameTypeDescription
                    productKey
                    ProductKey
                    Identifies a set of seats associated with an application.
                    licenseBlob
                    string
                    Base-64 encoded offline license that can be installed via a CSP.
                    licenseInstanceId
                    string
                    Version of the license.
                    requestorId
                    string
                    Organization requesting the license.
                    contentId
                    string
                    Identifies the specific license required by an application.
                    
-
- 
+|Name|Type|Description|
+|--- |--- |--- |
+|productKey|[ProductKey](#productkey)|Identifies a set of seats associated with an application.|
+|licenseBlob|String|Base-64 encoded offline license that can be installed via a CSP.|
+|licenseInstanceId|String|Version of the license.|
+|requestorId|String|Organization requesting the license.|
+|contentId|String|Identifies the specific license required by an application.|
 
 ## PackageContentInfo
 
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    NameType
                    productPlatforms
                    collection of ProductPlatform
                    packageFormat
                    string
                    
-
- 
+|Name|Type|
+|--- |--- |
+|productPlatforms|Collection of ProductPlatform|
+|packageFormat|String|
 
 ## PackageLocation
 
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    NameTypeDescription
                    url
                    URI
                    CDN location of the packages. URL expiration is based on the estimated time to download the package.
                    
+|Name|Type|Description|
+|--- |--- |--- |
+|Url|URI|CDN location of the packages. URL expiration is based on the estimated time to download the package.|
 
- 
 
 ## ProductArchitectures
 
-
-
---
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    


                    Name
                    neutral
                    arm
                    x86
                    x64
                    
-
- 
+|Name|
+|--- |
+|Neutral|
+|Arm|
+|x86|
+|x64|
 
 ## ProductDetails
 
-
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    NameTypeDescription
                    productKey
                    ProductKey
                    Identifier used on subsequent requests to get additional content including product descriptions, offline license, and download URLs.
                    productType
                    string
                    Type of product.
                    supportedLanguages
                    collection of string
                    The set of localized languages for an application.
                    publisherId
                    string
                    Publisher identifier.
                    category
                    string
                    Application category.
                    alternateIds
                    collection of AlternateIdentifier
                    The identifiers that can be used to instantiate the installation of on online application.
                    packageFamilyName
                    string
                    supportedPlatforms
                    collection of ProductPlatform
                    
-
- 
+|Name|Type|Description|
+|--- |--- |--- |
+|productKey|[ProductKey](#productkey)|Identifier used on subsequent requests to get more content including product descriptions, offline license, and download URLs.|
+|productType|String|Type of product.|
+|supportedLanguages|Collection of string|The set of localized languages for an application.|
+|publisherId|String|Publisher identifier.|
+|Category|String|Application category.|
+|alternateIds|Collection of [AlternateIdentifier](#alternateidentifier)|The identifiers that can be used to instantiate the installation of on online application.|
+|packageFamilyName|String||
+|supportedPlatforms|Collection of [ProductPlatform](#productplatform)||
 
 ## ProductImage
 
-
 Specifies the properties of the product image.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    NameTypeDescription
                    location
                    URI
                    Location of the download image.
                    purpose
                    string
                    Tag for the purpose of the image, e.g. "screenshot" or "logo".
                    height
                    string
                    Height of the image in pixels.
                    width
                    string
                    Width of the image in pixels.
                    caption
                    string
                    Unlimited length.
                    backgroundColor
                    string
                    Format "#RRGGBB"
                    foregroundColor
                    string
                    Format "#RRGGBB"
                    fileSize
                    integer-64
                    Size of the file.
                    
-
- 
+|Name|Type|Description|
+|--- |--- |--- |
+|location|URI|Location of the download image.|
+|purpose|string|Tag for the image, for example "screenshot" or "logo".|
+|height|string|Height of the image in pixels.|
+|width|string|Width of the image in pixels.|
+|caption|string|Unlimited length.|
+|backgroundColor|string|Format "#RRGGBB"|
+|foregroundColor|string|Format "#RRGGBB"|
+|fileSize|integer-64|Size of the file.|
 
 ## ProductKey
 
-
 Specifies the properties of the product key.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    NameTypeDescription
                    productId
                    string
                    Product identifier for an application that is used by the Store for Business.
                    skuId
                    string
                    Product identifier that specifies a specific SKU of an application.
                    
-
- 
+|Name|Type|Description|
+|--- |--- |--- |
+|productId|String|Product identifier for an application that is used by the Store for Business.|
+|skuId|String|Product identifier that specifies a specific SKU of an application.|
 
 ## ProductPackageDetails
 
-
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    NameTypeDescription
                    frameworkDependencyPackages
                    collection of FrameworkPackageDetails
                    packageId
                    string
                    contentId
                    string
                    Identifies a specific application.
                    location
                    PackageLocation
                    packageFullName
                    string
                    example, Microsoft.BingTranslator_1.1.10917.2059_x86__8wekyb3d8bbwe
                    packageIdentityName
                    string
                    example, Microsoft.BingTranslator
                    architectures
                    collection of ProductArchitectures
                    Values {x86, x64, arm, neutral}
                    packageFormat
                    ProductPackageFormat
                    Extension of the package file.
                    platforms
                    collection of ProductPlatform
                    fileSize
                    integer-64
                    Size of the file.
                    packageRank
                    integer-32
                    Optional
                    
-
- 
+|Name|Type|Description|
+|--- |--- |--- |
+|frameworkDependencyPackages|Collection of [FrameworkPackageDetails](#frameworkpackagedetails)||
+|packageId|String||
+|contentId|String|Identifies a specific application.|
+|Location|[PackageLocation](#packagelocation)||
+|packageFullName|String|Example, Microsoft.BingTranslator_1.1.10917.2059_x86__8wekyb3d8bbwe|
+|packageIdentityName|String|Example, Microsoft.BingTranslator|
+|Architectures|Collection of [ProductArchitectures](#productarchitectures)|Values {x86, x64, arm, neutral}|
+|packageFormat|[ProductPackageFormat](#productpackageformat)|Extension of the package file.|
+|Platforms|Collection of [ProductPlatform](#productplatform)||
+|fileSize|integer-64|Size of the file.|
+|packageRank|integer-32|Optional|
 
 ## ProductPackageFormat
 
-
-
---
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    


                    Name
                    appx
                    appxBundle
                    xap
                    
-
- 
+|Name|
+|--- |
+|Appx|
+|appxBundle|
+|Xap|
 
 ## ProductPackageSet
 
-
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    NameTypeDescription
                    packageSetId
                    string
                    An identifier for the particular combination of application packages.
                    productPackages
                    collection of ProductPackageDetails
                    A collection of application packages.
                    
-
- 
+|Name|Type|Description|
+|--- |--- |--- |
+|packageSetId|String|An identifier for the particular combination of application packages.|
+|productPackages|Collection of [ProductPackageDetails](#productpackagedetails)|A collection of application packages.|
 
 ## ProductPlatform
 
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    NameType
                    platformName
                    string
                    minVersion
                    VersionInfo
                    maxTestedVersion
                    VersionInfo
                    
-
- 
+|Name|Type|
+|--- |--- |
+|platformName|String|
+|minVersion|[VersionInfo](#versioninfo)|
+|maxTestedVersion|[VersionInfo](#versioninfo)|
 
 ## PublisherDetails
 
-
 Specifies the properties of the publisher details.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    NameTypeDescription
                    publisherName
                    string
                    Name of the publisher.
                    publisherWebsite
                    string
                    Website of the publisher.
                    
-
- 
+|Name|Type|Description|
+|--- |--- |--- |
+|publisherName|String|Name of the publisher.|
+|publisherWebsite|String|Website of the publisher.|
 
 ## SeatAction
 
 
-
---
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    


                    Name
                    assign
                    reclaim
                    
-
- 
+|Name|
+|--- |
+|Assign|
+|Reclaim|
 
 ## SeatDetails
 
-
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    NameTypeDescription
                    assignedTo
                    string
                    Format = UPN (user@domain)
                    dateAssigned
                    datetime
                    state
                    SeatState
                    productKey
                    ProductKey
                    
-
- 
+|Name|Type|Description|
+|--- |--- |--- |
+|assignedTo|String|Format = UPN (user@domain)|
+|dateAssigned|Datetime||
+|State|[SeatState](#seatstate)||
+|productKey|[ProductKey](#productkey)||
 
 ## SeatDetailsResultSet
 
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    NameType
                    seats
                    collection of SeatDetails
                    continuationToken
                    string
                    
-
- 
+|Name|Type|
+|--- |--- |
+|Seats|Collection of [SeatDetails](#seatdetails)|
+|continuationToken|String|
 
 ## SeatState
 
-
-
---
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    


                    Name
                    active
                    revoked
                    
-
- 
+|Name|
+|--- |
+|Active|
+|Revoked|
 
 ## SupportedProductPlatform
 
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    NameType
                    platformName
                    string
                    minVersion
                    VersionInfo
                    maxTestedVersion
                    VersionInfo
                    architectures
                    collection of ProductArchitectures
                    
-
- 
+|Name|Type|
+|--- |--- |
+|platformName|String|
+|minVersion|[VersionInfo](#versioninfo)|
+|maxTestedVersion|[VersionInfo](#versioninfo)|
+|Architectures|Collection of [ProductArchitectures](#productarchitectures)|
 
 ## VersionInfo
 
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    NameType
                    major
                    integer-32
                    minor
                    integer-32
                    build
                    integer-32
                    revision
                    integer-32
                    
+|Name|Type|
+|--- |--- |
+|Major|integer-32|
+|Minor|integer-32|
+|Build|integer-32|
+|Revision|integer-32|
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 97561119e4..22ee682cf2 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -10,7 +10,7 @@ ms.prod: w10
 ms.technology: windows
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 06/23/2021
+ms.date: 02/22/2022
 ---
 
 # Defender CSP
@@ -20,7 +20,7 @@ ms.date: 06/23/2021
 
 The Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
 
-The following shows the Windows Defender configuration service provider in tree format.
+The following example shows the Windows Defender configuration service provider in tree format.
 ```
 ./Vendor/MSFT
 Defender
@@ -35,6 +35,18 @@ Defender
 ------------InitialDetectionTime
 ------------LastThreatStatusChangeTime
 ------------NumberOfDetections
+----EnableNetworkProtection
+--------AllowNetworkProtectionDownLevel
+--------AllowNetworkProtectionOnWinServer
+--------DisableNetworkProtectionPerfTelemetry
+--------DisableDatagramProcessing
+--------DisableInboundConnectionFiltering
+--------EnableDnsSinkhole
+--------DisableDnsOverTcpParsing
+--------DisableHttpParsing
+--------DisableRdpParsing
+--------DisableSshParsing
+--------DisableTlsParsing
 ----Health
 --------ProductStatus (Added in Windows 10 version 1809)
 --------ComputerState
@@ -61,7 +73,9 @@ Defender
 --------SupportLogLocation (Added in the next major release of Windows 10)
 --------PlatformUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
 --------EngineUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
---------SignaturesUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
+--------SecurityIntelligenceUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
+--------DisableGradualRelease (Added with the 4.18.2106.5 Defender platform release)
+--------PassiveRemediation (Added with the 4.18.2202.X Defender platform release)
 ----Scan
 ----UpdateSignature
 ----OfflineScan (Added in Windows 10 version 1803)
@@ -84,7 +98,7 @@ The data type is a string.
 Supported operation is Get.
 
 **Detections/*ThreatId*/URL**  
-URL link for additional threat information.
+URL link for more threat information.
 
 The data type is a string.
 
@@ -111,6 +125,7 @@ Threat category ID.
 The data type is integer.
 
 The following table describes the supported values:
+

                    
 
 | Value | Description                 |
 |-------|-----------------------------|
@@ -124,7 +139,7 @@ The following table describes the supported values:
 | 7     | Remote access Trojan        |
 | 8     | Trojan                      |
 | 9     | Email flooder               |
-| 10    | Keylogger                   |
+| 10    | Key logger                   |
 | 11    | Dialer                      |
 | 12    | Monitoring software         |
 | 13    | Browser modifier            |
@@ -184,7 +199,28 @@ The following list shows the supported values:
 - 7 = Removed
 - 8 = Cleaned
 - 9 = Allowed
-- 10 = No Status ( Cleared)
+- 10 = No Status (Cleared)
+
+Supported operation is Get.
+
+**Detections/*ThreatId*/CurrentStatus**  
+Information about the current status of the threat.
+
+The data type is integer.
+
+The following list shows the supported values:
+
+- 0 = Active
+- 1 = Action failed
+- 2 = Manual steps required
+- 3 = Full scan required
+- 4 = Reboot required
+- 5 = Remediated with noncritical failures
+- 6 = Quarantined
+- 7 = Removed
+- 8 = Cleaned
+- 9 = Allowed
+- 10 = No Status (Cleared)
 
 Supported operation is Get.
 
@@ -193,6 +229,14 @@ Information about the execution status of the threat.
 
 The data type is integer.
 
+The following list shows the supported values:
+
+- 0 = Unknown
+- 1 = Blocked
+- 2 = Allowed
+- 3 = Running
+- 4 = Not running
+
 Supported operation is Get.
 
 **Detections/*ThreatId*/InitialDetectionTime**  
@@ -216,13 +260,146 @@ The data type is integer.
 
 Supported operation is Get.
 
+**EnableNetworkProtection** 
+
+The Network Protection Service is a network filter that helps to protect you against web-based malicious threats, including phishing and malware. The Network Protection service contacts the SmartScreen URL reputation service to validate the safety of connections to web resources. 
+The acceptable values for this parameter are:
+- 0: Disabled. The Network Protection service won't block navigation to malicious websites, or contact the SmartScreen URL reputation service. It will still send connection metadata to the antimalware engine if behavior monitoring is enabled, to enhance AV Detections.
+- 1: Enabled. The Network Protection service will block connections to malicious websites based on URL Reputation from the SmartScreen URL reputation service.
+- 2: AuditMode. As above, but the Network Protection service won't block connections to malicious websites, but will instead log the access to the event log. 
+
+Accepted values: Disabled, Enabled, and AuditMode
+Position: Named
+Default value: Disabled
+Accept pipeline input: False
+Accept wildcard characters: False
+
+**EnableNetworkProtection/AllowNetworkProtectionDownLevel**
+
+By default, network protection isn't allowed to be enabled on Windows versions before 1709, regardless of the setting of the EnableNetworkProtection configuration. Set this configuration to "$true" to override that behavior and allow Network Protection to be set to Enabled or Audit Mode. 
+- Type: Boolean
+- Position: Named
+- Default value: False
+- Accept pipeline input: False
+- Accept wildcard characters: False
+
+**EnableNetworkProtection/AllowNetworkProtectionOnWinServer**
+
+By default, network protection isn't allowed to be enabled on Windows Server, regardless of the setting of the EnableNetworkProtection configuration. Set this configuration to "$true" to override that behavior and allow Network Protection to be set to Enabled or Audit Mode.
+
+- Type: Boolean
+- Position: Named
+- Default value: False
+- Accept pipeline input: False
+- Accept wildcard characters: False
+
+**EnableNetworkProtection/DisableNetworkProtectionPerfTelemetry**
+
+Network Protection sends up anonymized performance statistics about its connection monitoring to improve our product and help to find bugs. You can disable this behavior by setting this configuration to "$true".
+
+- Type: Boolean
+- Position: Named
+- Default value: False
+- Accept pipeline input: False
+- Accept wildcard characters: False
+
+**EnableNetworkProtection/DisableDatagramProcessing**
+
+Network Protection inspects UDP connections allowing us to find malicious DNS or other UDP Traffic. To disable this functionality, set this configuration to "$true".
+
+- Type: Boolean
+- Position: Named
+- Default value: False
+- Accept pipeline input: False
+- Accept wildcard characters: False
+
+**EnableNetworkProtection/DisableInboundConnectionFiltering**
+
+Network Protection inspects and can block both connections that originate from the host machine, and those connections that originate from outside the machine. To have network connection to inspect only outbound connections, set this configuration to "$true".
+
+- Type: Boolean
+- Position: Named
+- Default value: False
+- Accept pipeline input: False
+- Accept wildcard characters: False
+
+**EnableNetworkProtection/EnableDnsSinkhole**
+
+Network Protection can inspect the DNS traffic of a machine and, in conjunction with behavior monitoring, detect and sink hole DNS exfiltration attempts and other DNS-based malicious attacks. Set this configuration to "$true" to enable this feature.
+
+- Type: Boolean
+- Position: Named
+- Default value: False
+- Accept pipeline input: False
+- Accept wildcard characters: False
+
+**EnableNetworkProtection/DisableDnsOverTcpParsing**
+
+Network Protection inspects DNS traffic that occurs over a TCP channel, to provide metadata for Anti-malware Behavior Monitoring or to allow for DNS sink holing if the -EnableDnsSinkhole configuration is set. This attribute can be disabled by setting this value to "$true".
+
+- Type: Boolean
+- Position: Named
+- Default value: False
+- Accept pipeline input: False
+- Accept wildcard characters: False
+
+**EnableNetworkProtection/DisableDnsParsing**
+
+Network Protection inspects DNS traffic that occurs over a UDP channel, to provide metadata for Anti-malware Behavior Monitoring or to allow for DNS sink holing if the -EnableDnsSinkhole configuration is set. This attribute can be disabled by setting this value to "$true".
+
+- Type: Boolean
+- Position: Named
+- Default value: False
+- Accept pipeline input: False
+- Accept wildcard characters: False
+
+**EnableNetworkProtection/DisableHttpParsing**
+
+Network Protection inspects HTTP traffic to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. HTTP connections to malicious websites can also be blocked if -EnableNetworkProtection is set to enabled. HTTP inspection can be disabled by setting this value to "$true".
+
+- Type: Boolean
+- Position: Named
+- Default value: False
+- Accept pipeline input: False
+- Accept wildcard characters: False
+
+**EnableNetworkProtection/DisableRdpParsing**
+
+Network Protection inspects RDP traffic so that it can block connections from known malicious hosts if -EnableNetworkProtection is set to be enabled, and to provide metadata to behavior monitoring. RDP inspection can be disabled by setting this value to "$true".
+
+- Type: Boolean
+- Position: Named
+- Default value: False
+- Accept pipeline input: False
+- Accept wildcard characters: False
+
+**EnableNetworkProtection/DisableSshParsing**
+
+Network Protection inspects SSH traffic, so that it can block connections from known malicious hosts. If -EnableNetworkProtection is set to be enabled, and to provide metadata to behavior monitoring. SSH inspection can be disabled by setting this value to "$true".
+
+- Type: Boolean
+- Position: Named
+- Default value: False
+- Accept pipeline input: False
+- Accept wildcard characters: False
+
+**EnableNetworkProtection/DisableTlsParsing**
+
+Network Protection inspects TLS traffic (also known as HTTPS traffic) to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. TLS connections to malicious websites can also be blocked if -EnableNetworkProtection is set to enabled. HTTP inspection can be disabled by setting this value to "$true".
+
+- Type: Boolean
+- Position: Named
+- Default value: False
+- Accept pipeline input: False
+- Accept wildcard characters: False
+
 **Health**  
 An interior node to group information about Windows Defender health status.
 
 Supported operation is Get.
 
 **Health/ProductStatus**  
-Added in Windows 10, version 1809. Provide the current state of the product. This is a bitmask flag value that can represent one or multiple product states from below list.
+Added in Windows 10, version 1809. Provide the current state of the product. This value is a bitmask flag value that can represent one or multiple product states from below list.
 
 The data type is integer. Supported operation is Get.
 
@@ -232,7 +409,7 @@ Supported product status values:
 -  Service started without any malware protection engine            = 1 << 1
 -  Pending full scan due to threat action                           = 1 << 2
 -  Pending reboot due to threat action                              = 1 << 3
--  ending manual steps due to threat action                        = 1 << 4
+-  ending manual steps due to threat action                         = 1 << 4
 -  AV signatures out of date                                        = 1 << 5
 -  AS signatures out of date                                        = 1 << 6
 -  No quick scan has happened for a specified period                = 1 << 7
@@ -247,7 +424,7 @@ Supported product status values:
 -  Service is shutting down as part of system shutdown              = 1 << 16
 -  Threat remediation failed critically                             = 1 << 17
 -  Threat remediation failed non-critically                         = 1 << 18
--  No status flags set (well initialized state)                     = 1 << 19
+-  No status flags set (well-initialized state)                     = 1 << 19
 -  Platform is out of date                                          = 1 << 20
 -  Platform update is in progress                                   = 1 << 21
 -  Platform is about to be outdated                                 = 1 << 22
@@ -312,7 +489,7 @@ Supported operation is Get.
 **Health/QuickScanOverdue**  
 Indicates whether a Windows Defender quick scan is overdue for the device.
 
-A Quick scan is overdue when a scheduled Quick scan did not complete successfully for 2 weeks and [catchup Quick scans](./policy-csp-defender.md#defender-disablecatchupquickscan) are disabled (default).
+A Quick scan is overdue when a scheduled Quick scan didn't complete successfully for 2 weeks and [catchup Quick scans](./policy-csp-defender.md#defender-disablecatchupquickscan) are disabled (default).
 
 The data type is a Boolean.
 
@@ -321,7 +498,7 @@ Supported operation is Get.
 **Health/FullScanOverdue**  
 Indicates whether a Windows Defender full scan is overdue for the device.
 
-A Full scan is overdue when a scheduled Full scan did not complete successfully for 2 weeks and [catchup Full scans](./policy-csp-defender.md#defender-disablecatchupfullscan) are disabled (default).
+A Full scan is overdue when a scheduled Full scan didn't complete successfully for 2 weeks and [catchup Full scans](./policy-csp-defender.md#defender-disablecatchupfullscan) are disabled (default).
 
 The data type is a Boolean.
 
@@ -417,30 +594,50 @@ An interior node to group Windows Defender configuration information.
 Supported operation is Get.
 
 **Configuration/TamperProtection**  
-Tamper protection helps protect important security features from unwanted changes and interference.  This includes real-time protection, behavior monitoring, and more. Accepts signed string to turn the feature on or off. Settings are configured with an MDM solution, such as Intune and is available in Windows 10 Enterprise E5 or equivalent subscriptions.
+Tamper protection helps protect important security features from unwanted changes and interference. This protection includes real-time protection, behavior monitoring, and more. Accepts signed string to turn the feature on or off. Settings are configured with an MDM solution, such as Intune and is available in Windows 10 Enterprise E5 or equivalent subscriptions.
 
-Send off blob to device to reset tamper protection state before setting this configuration to "not configured" or "unassigned" in Intune.
+Send off blob to device to reset the tamper protection state before setting this configuration to "not configured" or "unassigned" in Intune.
 
 The data type is a Signed blob.
 
 Supported operations are Add, Delete, Get, Replace.
 
 Intune tamper protection setting UX supports three states:  
-- Not configured (default): Does not have any impact on the default state of the device.
+- Not configured (default): Doesn't have any impact on the default state of the device.
 - Enabled: Enables the tamper protection feature.
 - Disabled: Turns off the tamper protection feature.
 
-When enabled or disabled exists on the client and admin moves the setting to not configured, it will not have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
+When enabled or disabled exists on the client and admin moves the setting to not configured, it won't have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
 
 **Configuration/DisableLocalAdminMerge**
                    
 This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. This setting applies to lists such as threats and exclusions.
 
-If you disable or do not configure this setting, unique items defined in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, management settings will override preference settings.
+If you disable or don't configure this setting, unique items defined in preference settings configured by the local administrator will be merged into the resulting effective policy. If conflicts occur, management settings will override preference settings.
 
 If you enable this setting, only items defined by management will be used in the resulting effective policy. Managed settings will override preference settings configured by the local administrator.
 
 > [!NOTE]
-> Applying this setting will not remove exclusions from the device registry, it will only prevent them from being applied/used. This is reflected in **Get-MpPreference**.
+> Applying this setting won't remove exclusions from the device registry, it will only prevent them from being applied/used. This is reflected in **Get-MpPreference**.
+
+Supported OS versions:  Windows 10
+
+The data type is integer.
+
+Supported operations are Add, Delete, Get, Replace.
+
+Valid values are:  
+- 1 – Enable.
+- 0 (default) – Disable.
+
+**Configuration/HideExclusionsFromLocalAdmins**
                    
+This policy setting controls whether or not exclusions are visible to Local Admins.  For end users (that aren't Local Admins) exclusions aren't visible, whether or not this setting is enabled.
+
+If you disable or don't configure this setting, Local Admins will be able to see exclusions in the Windows Security App, in the registry, and via PowerShell.
+
+If you enable this setting, Local Admins will no longer be able to see the exclusion list in the Windows Security app, in the registry, or via PowerShell.
+
+> [!NOTE]
+> Applying this setting won't remove exclusions, it will only prevent them from being visible to Local Admins. This is reflected in **Get-MpPreference**.
 
 Supported OS versions:  Windows 10
 
@@ -453,7 +650,7 @@ Valid values are:
 - 0 (default) – Disable.
 
 **Configuration/DisableCpuThrottleOnIdleScans**
                    	
-Indicates whether the CPU will be throttled for scheduled scans while the device is idle.  This feature is enabled by default and will not throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans this flag will have no impact and normal throttling will occur.	
+Indicates whether the CPU will be throttled for scheduled scans while the device is idle.  This feature is enabled by default and won't throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans, this flag will have no impact and normal throttling will occur.	
 
 The data type is integer.	
 
@@ -494,7 +691,7 @@ Supported operations are Add, Delete, Get, Replace.
 
 **Configuration/EnableFileHashComputation**  
 Enables or disables file hash computation feature.
-When this feature is enabled Windows Defender will compute hashes for files it scans.
+When this feature is enabled, Windows Defender will compute hashes for files it scans.
 
 The data type is integer.
 
@@ -513,30 +710,31 @@ Supported operations are Add, Delete, Get, Replace.
 
 Intune Support log location setting UX supports three states:  
 
-- Not configured (default) - Does not have any impact on the default state of the device. 
+- Not configured (default) - Doesn't have any impact on the default state of the device. 
 - 1 - Enabled. Enables the Support log location feature. Requires admin to set custom file path.
 - 0 - Disabled. Turns off the Support log location feature. 
 
-When enabled or disabled exists on the client and admin moves the setting to not configured, it will not have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.  
+When enabled or disabled exists on the client and admin moves the setting to be configured not , it won't have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.  
 
 More details:  
 
 - [Microsoft Defender Antivirus diagnostic data](/microsoft-365/security/defender-endpoint/collect-diagnostic-data)  
 - [Collect investigation package from devices](/microsoft-365/security/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices)  
 
-**Configuration/PlatformUpdatesChannel**
-
+**Configuration/PlatformUpdatesChannel**
 Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout.
 
 Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.
 
 Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments.
 
-Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).
+Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested applying to a small, representative part of your production population (~10%).
 
 Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
 
-If you disable or do not configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
+Critical: Devices will be offered updates with a 48-hour delay. Suggested for critical environments only 
+
+If you disable or don't configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
 
 The data type is integer.
 
@@ -544,51 +742,103 @@ Supported operations are Add, Delete, Get, Replace.
 
 Valid values are:
 - 0: Not configured (Default)
-- 1: Beta Channel - Prerelease
-- 2: Current Channel (Preview)
-- 3: Current Channel (Staged)
-- 4: Current Channel (Broad)
+- 2: Beta Channel - Prerelease
+- 3: Current Channel (Preview)
+- 4: Current Channel (Staged)
+- 5: Current Channel (Broad)
+- 6: Critical- Time Delay
 
-**Configuration/EngineUpdatesChannel**
 
+More details:  
+
+- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)  
+- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)  
+
+**Configuration/EngineUpdatesChannel**
 Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout.
 
 Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.
 
 Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments.
 
-Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).
+Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested applying to a small, representative part of your production population (~10%).
 
 Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
 
-If you disable or do not configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
+Critical: Devices will be offered updates with a 48-hour delay. Suggested for critical environments only
+
+If you disable or don't configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
 
 The data type is integer.
 
 Supported operations are Add, Delete, Get, Replace.
 
 Valid values are:
-- 0 - Not configured (Default)
-- 1 - Beta Channel - Prerelease
-- 2 - Current Channel (Preview)
-- 3 - Current Channel (Staged)
-- 4 - Current Channel (Broad)
+- 0: Not configured (Default)
+- 2: Beta Channel - Prerelease
+- 3: Current Channel (Preview)
+- 4: Current Channel (Staged)
+- 5: Current Channel (Broad)
+- 6: Critical- Time Delay
 
-**Configuration/SignaturesUpdatesChannel** 
+More details:  
 
-Enable this policy to specify when devices receive daily Microsoft Defender definition updates during the daily gradual rollout.
+- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)  
+- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)  
+
+**Configuration/SecurityIntelligenceUpdatesChannel** 
+Enable this policy to specify when devices receive daily Microsoft Defender security intelligence (definition) updates during the daily gradual rollout.
+
+Current Channel (Staged): Devices will be offered updates after the release cycle. Suggested to apply to a small, representative part of production population (~10%).
 
 Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
 
-If you disable or do not configure this policy, the device will stay up to date automatically during the daily release cycle. Suitable for most devices.
+If you disable or don't configure this policy, the device will stay up to date automatically during the daily release cycle. Suitable for most devices.
 
 The data type is integer.
 Supported operations are Add, Delete, Get, Replace.
 
 Valid Values are:
 - 0: Not configured (Default)
-- 3: Current Channel (Staged)
-- 4: Current Channel (Broad)
+- 4: Current Channel (Staged)
+- 5: Current Channel (Broad)
+
+More details:  
+
+- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)  
+- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)  
+
+**Configuration/DisableGradualRelease**
+Enable this policy to disable gradual rollout of monthly and daily Microsoft Defender updates.
+Devices will be offered all Microsoft Defender updates after the gradual release cycle completes. This facility for devices is best for datacenters that only receive limited updates.
+
+> [!NOTE]
+> This setting applies to both monthly as well as daily Microsoft Defender updates and will override any previously configured channel selections for platform and engine updates.
+
+If you disable or don't configure this policy, the device will remain in Current Channel (Default) unless specified otherwise in specific channels for platform and engine updates. Stay up to date automatically during the gradual release cycle. Suitable for most devices.
+
+The data type is integer.
+
+Supported operations are Add, Delete, Get, Replace.
+
+Valid values are:
+- 1 – Enabled.
+-	0 (default) – Not Configured.
+
+More details:  
+
+- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)  
+- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)  
+
+**Configuration/PassiveRemediation**
+This policy setting enables or disables EDR in block mode (recommended for devices running Microsoft Defender Antivirus in passive mode). For more information, see Endpoint detection and response in block mode | Microsoft Docs. Available with platform release: 4.18.2202.X
+
+The data type is integer
+
+Supported values:
+- 1: Turn EDR in block mode on
+- 0: Turn EDR in block mode off
+
 
 **Scan**  
 Node that can be used to start a Windows Defender scan on a device.
@@ -609,6 +859,6 @@ Added in Windows 10, version 1803. OfflineScan action starts a Microsoft Defende
 
 Supported operations are Get and Execute.
 
-## Related topics
+## See also
 
-[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index 7aa0520e15..fe6514f5c2 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -8,13 +8,14 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
+ms.date: 07/23/2021
 ---
 
 # Defender DDF file
 
-This topic shows the OMA DM device description framework (DDF) for the **Defender** configuration service provider. DDF files are used only with OMA DM provisioning XML.
+This article shows the OMA DM device description framework (DDF) for the Defender configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
@@ -757,6 +758,185 @@ The XML below is the current version for this CSP.
             
           
           
+        DisableGradualRelease
+        
+          
+            
+            
+            
+            
+          
+          Enable this policy to disable gradual rollout of Defender updates.
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            text/plain
+          
+          
+            99.9.99999
+            1.3
+          
+          
+            
+              1
+              Gradual release is disabled
+            
+            
+              0
+              Gradual release is enabled
+            
+          
+        
+      
+           
+        DefinitionUpdatesChannel
+        
+          
+            
+            
+            
+            
+          
+          Enable this policy to specify when devices receive daily Microsoft Defender definition updates during the daily gradual rollout.
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            text/plain
+          
+          
+            99.9.99999
+            1.3
+          
+          
+            
+              0
+              Not configured (Default). The device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
+            
+            
+              4
+              Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).
+            
+            
+              5
+              Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
+            
+          
+        
+      
+          
+        EngineUpdatesChannel
+        
+          
+            
+            
+            
+            
+          
+          Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout.
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            text/plain
+          
+          
+            99.9.99999
+            1.3
+          
+          
+            
+              0
+              Not configured (Default). The device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
+            
+            
+              2
+              Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.
+            
+            
+              3
+              Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments.
+            
+            
+              4
+              Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).
+            
+            
+              5
+              Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
+            
+          
+        
+      
+          
+        PlatformUpdatesChannel
+        
+          
+            
+            
+            
+            
+          
+          Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout.
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            text/plain
+          
+          
+            99.9.99999
+            1.3
+          
+          
+            
+              0
+              Not configured (Default). The device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
+            
+            
+              2
+              Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.
+            
+            
+              3
+              Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments.
+            
+            
+              4
+              Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).
+            
+            
+              5
+              Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
+            
+          
+        
+      
         
         
           Scan
@@ -825,7 +1005,6 @@ The XML below is the current version for this CSP.
 
 ```
 
-## Related topics
-
+## See also
 
 [Defender configuration service provider](defender-csp.md)
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 5337bb0cfd..7a1c219d01 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DevDetail CSP
-description: Learn how the DevDetail configuration service provider handles the management object which provides device-specific parameters to the OMA DM server.
+description: Learn how the DevDetail configuration service provider handles the management object. This CSP provides device-specific parameters to the OMA DM server.
 ms.assetid: 719bbd2d-508d-439b-b175-0874c7e6c360
 ms.reviewer: 
 manager: dansimp
@@ -8,21 +8,22 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 03/27/2020
 ---
 
 # DevDetail CSP
 
-The DevDetail configuration service provider handles the management object which provides device-specific parameters to the OMA DM server. These device parameters are not sent from the client to the server automatically, but can be queried by servers using OMA DM commands.
+The DevDetail configuration service provider handles the management object that provides device-specific parameters to the OMA DM server. These device parameters can be queried by servers using OMA DM commands. They aren't sent from the client to the server automatically.
 
 > [!NOTE]
 > This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application.
 
-For the DevDetail CSP, you cannot use the Replace command unless the node already exists.
+For the DevDetail CSP, you can't use the Replace command unless the node already exists.
 
-The following shows the DevDetail configuration service provider management object in tree format as used by OMA Device Management. The OMA Client Provisioning protocol is not supported for this configuration service provider.
-```
+The following information shows the DevDetail configuration service provider management object in tree format as used by OMA Device Management. The OMA Client Provisioning protocol isn't supported for this configuration service provider.
+
+```console
 .
 DevDetail
 ----URI
@@ -76,7 +77,7 @@ For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it r
 Supported operation is Get.
 
 **SwV**  
-Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the desktop and mobile build number on the phone. In the future, the build numbers may converge.
+Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the client device. In the future, the build numbers may converge.
 
 Supported operation is Get.
 
@@ -97,29 +98,33 @@ Required. Returns the maximum depth of the management tree that the device suppo
 
 Supported operation is Get.
 
-This is the maximum number of URI segments that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited depth.
+This value is the maximum number of URI segments that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited depth.
 
 **URI/MaxTotLen**  
 Required. Returns the maximum total length of any URI used to address a node or node property. The default is zero (0).
 
 Supported operation is Get.
 
-This is the largest number of characters in the URI that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited length.
+This value is the largest number of characters in the URI that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited length.
 
 **URI/MaxSegLen**  
 Required. Returns the total length of any URI segment in a URI that addresses a node or node property. The default is zero (0).
 
 Supported operation is Get.
 
-This is the largest number of characters that the device can support in a single URI segment. The default value zero (0) indicates that the device supports URI segment of unlimited length.
+This value is the largest number of characters that the device can support in a single URI segment. The default value zero (0) indicates that the device supports URI segment of unlimited length.
+
+
+
 **Ext/Microsoft/RadioSwV**  
 Required. Returns the radio stack software version number.
 
@@ -131,7 +136,7 @@ Required. Returns the UI screen resolution of the device (example: "480x800
 Supported operation is Get.
 
 **Ext/Microsoft/CommercializationOperator**  
-Required. Returns the name of the mobile operator if it exists; otherwise it returns 404..
+Required. Returns the name of the mobile operator if it exists. Otherwise, it returns 404.
 
 Supported operation is Get.
 
@@ -158,7 +163,7 @@ Supported operation is Get.
 **Ext/Microsoft/DeviceName**  
 Required. Contains the user-specified device name.
 
-Support for Replace operation for Windows 10 Mobile was added in Windows 10, version 1511. Replace operation is not supported in the desktop or IoT Core. When you change the device name using this node, it triggers a dialog on the device asking the user to reboot. The new device name does not take effect until the device is restarted. If the user cancels the dialog, it will show again until a reboot occurs.
+Replace operation isn't supported in Windows client or IoT Core. When you change the device name using this node, it triggers a dialog on the device asking the user to reboot. The new device name doesn't take effect until the device is restarted. If the user cancels the dialog, it will show again until a reboot occurs.
 
 Value type is string.
 
@@ -171,23 +176,15 @@ The following are the available naming macros:
 
 | Macro | Description | Example | Generated Name |
 | -------| -------| -------| -------|
-| %RAND:<# of digits> | Generates the specified number of random digits. | Test%RAND:6% | Test123456|
-| %SERIAL% | Generates the serial number derived from the device. If the serial number causes the new name to exceed the 63 character limit, the serial number will be truncated from the beginning of the sequence.| Test-Device-%SERIAL% | Test-Device-456|
+| %RAND:<# of digits> | Generates the specified number of random digits. | `Test%RAND:6%` | Test123456|
+| %SERIAL% | Generates the serial number derived from the device. If the serial number causes the new name to exceed the 63 character limit, the serial number will be truncated from the beginning of the sequence.| `Test-Device-%SERIAL%` | Test-Device-456|
 
 Value type is string. Supported operations are Get and Replace.
 
 > [!NOTE]  
 > We recommend using `%SERIAL%` or `%RAND:x%` with a high character limit to reduce the chance of name collision when generating a random name. This feature doesn't check if a particular name is already present in the environment.
 
-On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer's` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**.
-
-**Ext/Microsoft/TotalStorage**  
-Added in Windows 10, version 1511. Integer that specifies the total available storage in MB from first internal drive on the device (may be less than total physical storage).
-
-Supported operation is Get.
-
-> [!NOTE]
-> This is only supported in Windows 10 Mobile.
+On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the computer's serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit doesn't count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**.
 
 **Ext/Microsoft/TotalRAM**  
 Added in Windows 10, version 1511. Integer that specifies the total available memory in MB on the device (may be less than total physical memory).
@@ -205,30 +202,30 @@ The MAC address of the active WLAN connection, as a 12-digit hexadecimal number.
 Supported operation is Get.
 
 > [!NOTE]
-> This is not supported in Windows 10 for desktop editions.
+> This isn't supported in Windows 10 for desktop editions.
 
 **Ext/VoLTEServiceSetting**  
-Returns the VoLTE service to on or off. This is only exposed to mobile operator OMA-DM servers.
+Returns the VoLTE service to on or off. This setting is only exposed to mobile operator OMA-DM servers.
 
 Supported operation is Get.
 
 **Ext/WlanIPv4Address**  
-Returns the IPv4 address of the active Wi-Fi connection. This is only exposed to enterprise OMA DM servers.
+Returns the IPv4 address of the active Wi-Fi connection. This address is only exposed to enterprise OMA DM servers.
 
 Supported operation is Get.
 
 **Ext/WlanIPv6Address**  
-Returns the IPv6 address of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
+Returns the IPv6 address of the active Wi-Fi connection. This address is only exposed to enterprise OMA-DM servers.
 
 Supported operation is Get.
 
 **Ext/WlanDnsSuffix**  
-Returns the DNS suffix of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
+Returns the DNS suffix of the active Wi-Fi connection. This suffix is only exposed to enterprise OMA-DM servers.
 
 Supported operation is Get.
 
 **Ext/WlanSubnetMask**  
-Returns the subnet mask for the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
+Returns the subnet mask for the active Wi-Fi connection. This subnet mask is only exposed to enterprise OMA-DM servers.
 
 Supported operation is Get.
 
@@ -236,17 +233,10 @@ Supported operation is Get.
 Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device.
 
 > [!NOTE]
-> This node contains a raw blob used to identify a device in the cloud. It's not meant to be human readable by design and you cannot parse the content to get any meaningful hardware information.
+> This node contains a raw blob used to identify a device in the cloud. It's not meant to be human readable by design and you can't parse the content to get any meaningful hardware information.
 
 Supported operation is Get.
 
-## Related topics
+## Related articles
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index de26ad8620..29a697c6d8 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/03/2020
 ---
 
diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md
index 2f1ccdb53c..b27c178d3c 100644
--- a/windows/client-management/mdm/developersetup-csp.md
+++ b/windows/client-management/mdm/developersetup-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2018
 ---
 
@@ -35,48 +35,48 @@ DeveloperSetup
 ------------HttpsPort
 ```
 **DeveloperSetup**  
-
                    The root node for the DeveloperSetup configuration service provider.
+
                    The root node for the DeveloperSetup configuration service provider.
 
 **EnableDeveloperMode**  
-
                    A Boolean value that is used to enable Developer Mode on the device. The default value is false.
+
                    A Boolean value that is used to enable Developer Mode on the device. The default value is false.
 
-
                    The only supported operation is Replace.
+
                    The only supported operation is Replace.
 
 **DevicePortal**   
-
                    The node for the Windows Device Portal.   
+
                    The node for the Windows Device Portal.   
 
 **DevicePortal/Authentication**  
-
                    The node that describes the characteristics of the authentication mechanism that is used for the Windows Device Portal.  
+
                    The node that describes the characteristics of the authentication mechanism that is used for the Windows Device Portal.  
 
 **DevicePortal/Authentication/Mode**   
-
                    An integer value that specifies the mode of authentication that is used when making requests to the Windows Device Portal.  
+
                    An integer value that specifies the mode of authentication that is used when making requests to the Windows Device Portal.  
 
-
                    The only supported operation is Replace.
+
                    The only supported operation is Replace.
 
 **DevicePortal/Authentication/BasicAuth**   
-
                    The node that describes the credentials that are used for basic authentication with the Windows Device Portal.  
+
                    The node that describes the credentials that are used for basic authentication with the Windows Device Portal.  
 
 **DevicePortal/Authentication/BasicAuth/Username**   
-
                    A string value that specifies the user name to use when performing basic authentication with the Windows Device Portal. 
+
                    A string value that specifies the user name to use when performing basic authentication with the Windows Device Portal. 
 The user name must contain only ASCII characters and cannot contain a colon (:).
 
-
                    The only supported operation is Replace.
+
                    The only supported operation is Replace.
 
 **DevicePortal/Authentication/BasicAuth/Password**   
-
                    A string value that specifies the password to use when authenticating requests against the Windows Device Portal.  
+
                    A string value that specifies the password to use when authenticating requests against the Windows Device Portal.  
 
-
                    The only supported operation is Replace.
+
                    The only supported operation is Replace.
 
 **DevicePortal/Connection**  
-
                    The node for configuring connections to the Windows Device Portal service.   
+
                    The node for configuring connections to the Windows Device Portal service.   
 
 **DevicePortal/Connection/HttpPort**   
-
                    An integer value that is used to configure the HTTP port for incoming connections to the Windows Device Portal service. 
+
                    An integer value that is used to configure the HTTP port for incoming connections to the Windows Device Portal service. 
 If authentication is enabled, HttpPort will redirect the user to the (required) HttpsPort. 
 
-
                    The only supported operation is Replace.
+
                    The only supported operation is Replace.
 
 **DevicePortal/Connection/HttpsPort**   
-
                    An integer value that is used to configure the HTTPS port for incoming connections to the Windows Device Portal service.  
+
                    An integer value that is used to configure the HTTPS port for incoming connections to the Windows Device Portal service.  
 
-
                    The only supported operation is Replace.
\ No newline at end of file
+
                    The only supported operation is Replace.
\ No newline at end of file
diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md
index 21afb0f2a6..13d4a19b6a 100644
--- a/windows/client-management/mdm/developersetup-ddf.md
+++ b/windows/client-management/mdm/developersetup-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md
index 8e886f3661..22f1b88991 100644
--- a/windows/client-management/mdm/device-update-management.md
+++ b/windows/client-management/mdm/device-update-management.md
@@ -9,8 +9,9 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/15/2017
+ms.collection: highpri
 ---
 
 
@@ -19,58 +20,58 @@ ms.date: 11/15/2017
 >[!TIP]
 >If you're not a developer or administrator, you'll find more helpful information in the [Windows Update: Frequently Asked Questions](https://support.microsoft.com/help/12373/windows-update-faq).
 
-In the current device landscape of PC, tablets, phones, and IoT devices, Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology. In Windows 10, we are investing heavily in extending the management capabilities available to MDMs. One key feature we are adding is the ability for MDMs to keep devices up to date with the latest Microsoft updates.
+With PCs, tablets, phones, and IoT devices, Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology. In Windows 10, we're investing heavily in extending the management capabilities available to MDMs. One key feature we're adding is the ability for MDMs to keep devices up to date with the latest Microsoft updates.
 
 In particular, Windows 10 provides APIs to enable MDMs to:
 
 -   Ensure machines stay up to date by configuring Automatic Update policies.
--   Test updates on a smaller set of machines before enterprise-wide rollout by configuring which updates are approved for a given device.
--   Get compliance status of managed devices so IT can easily understand which machines still need a particular security patch, or how up to date is a particular machine.
+-   Test updates on a smaller set of machines by configuring which updates are approved for a given device. Then, do an enterprise-wide rollout.
+-   Get compliance status of managed devices. IT can understand which machines still need a security patch, or how current is a particular machine.
 
-This topic provides MDM independent software vendors (ISV) with the information they need to implement update management in Windows 10.
+This article provides independent software vendors (ISV) with the information they need to implement update management in Windows 10.
 
 In Windows 10, the MDM protocol has been extended to better enable IT admins to manage updates. In particular, Windows has added configuration service providers (CSPs) that expose policies and actions for MDMs to:
 
--   Configure automatic update policies to ensure devices stay up-to-date.
+-   Configure automatic update policies to ensure devices stay up to date.
 -   Get device compliance information (the list of updates that are needed but not yet installed).
--   Specify a per-device update approval list, to ensure devices don’t install unapproved updates that have not been tested.
--   Approve EULAs on behalf of the end user so update deployment can be automated even for updates with EULAs.
+-   Enter a per-device update approval list. The list makes sure devices only install updates that are approved and tested.
+-   Approve end-user license agreements (EULAs) for the end user so update deployment can be automated even for updates with EULAs.
 
-The OMA DM APIs for specifying update approvals and getting compliance status refer to updates by using an Update ID, which is a GUID that identifies a particular update. The MDM, of course, will want to expose IT-friendly information about the update (instead of a raw GUID), including the update’s title, description, KB, update type (for example, a security update or service pack). For more information, see [\[MS-WSUSSS\]: Windows Update Services: Server-Server Protocol](/openspecs/windows_protocols/ms-wsusss/f49f0c3e-a426-4b4b-b401-9aeb2892815c).
+The OMA DM APIs for specifying update approvals and getting compliance status refer to updates by using an Update ID. The Update ID is a GUID that identifies a particular update. The MDM will want to show IT-friendly information about the update, instead of a raw GUID, including the update’s title, description, KB, update type, like a security update or service pack. For more information, see [\[MS-WSUSSS\]: Windows Update Services: Server-Server Protocol](/openspecs/windows_protocols/ms-wsusss/f49f0c3e-a426-4b4b-b401-9aeb2892815c).
 
 For more information about the CSPs, see [Update CSP](update-csp.md) and the update policy area of the [Policy CSP](policy-configuration-service-provider.md).
 
 The following diagram provides a conceptual overview of how this works:
 
-![mobile device update management](images/mdm-update-sync.png)
+![mobile device update management.](images/mdm-update-sync.png)
 
 The diagram can be roughly divided into three areas:
 
 -   The Device Management service syncs update information (title, description, applicability) from Microsoft Update using the Server-Server sync protocol (top of the diagram).
 -   The Device Management service sets automatic update policies, obtains update compliance information, and sets approvals via OMA DM (left portion of the diagram).
--   The device gets updates from Microsoft Update using client/server protocol, but only downloads and installs updates that are both applicable to the device and approved by IT (right portion of the diagram).
+-   The device gets updates from Microsoft Update using client/server protocol. It only downloads and installs updates that apply to the device and are approved by IT (right portion of the diagram).
 
 ## Getting update metadata using the Server-Server sync protocol
 
-The Microsoft Update Catalog is huge and contains many updates that are not needed by MDM-managed devices, including updates for legacy software (for example, updates to servers, down-level desktop operating systems, and legacy apps), and a large number of drivers. We recommend that the MDM use the Server-Server sync protocol to get update metadata for updates reported from the client.
+The Microsoft Update Catalog contains many updates that aren't needed by MDM-managed devices. It includes updates for legacy software, like updates to servers, down-level desktop operating systems, & legacy apps, and a large number of drivers. We recommend MDMs use the Server-Server sync protocol to get update metadata for updates reported from the client.
 
-This section describes how this is done. The following diagram shows the server-server sync protocol process.
+This section describes this setup. The following diagram shows the server-server sync protocol process.
 
-![mdm server-server sync](images/deviceupdateprocess2.png)
+:::image type="content" alt-text="mdm server-server sync." source="images/deviceupdateprocess2.png" lightbox="images/deviceupdateprocess2.png":::
 
 MSDN provides much information about the Server-Server sync protocol. In particular:
 
--   It is a SOAP-based protocol, and you can get the WSDL in [Server Sync Web Service](/openspecs/windows_protocols/ms-wsusss/8a3b2470-928a-4bd1-bdcc-8c2bf6b8e863). The WSDL can be used to generate calling proxies for many programming environments, which will simplify your development.
--   You can find code samples in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a). The sample code shows raw SOAP commands, which can be used. Although it’s even simpler to make the call from a programming language like .NET (calling the WSDL-generated proxies). The stub generated by the Server Sync WSDL from the MSDN link above generates an incorrect binding URL. The binding URL should be set to https://fe2.update.microsoft.com/v6/ServerSyncWebService/serversyncwebservice.asmx.
+-   It's a SOAP-based protocol, and you can get the WSDL in [Server Sync Web Service](/openspecs/windows_protocols/ms-wsusss/8a3b2470-928a-4bd1-bdcc-8c2bf6b8e863). The WSDL can be used to generate calling proxies for many programming environments, which will simplify your development.
+-   You can find code samples in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a). The sample code shows raw SOAP commands, which can be used. Although it’s even simpler to make the call from a programming language like .NET (calling the WSDL-generated proxies). The stub generated by the Server Sync WSDL from the MSDN link above generates an incorrect binding URL. The binding URL should be set to `https://fe2.update.microsoft.com/v6/ServerSyncWebService/serversyncwebservice.asmx`.
 
 Some important highlights:
 
--   The protocol has an authorization phase (calling GetAuthConfig, GetAuthorizationCookie, and GetCookie). In [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a), the **Sample 1: Authorization** code shows how this is done. Even though this is called the authorization phase, the protocol is completely open (no credentials are needed to run this phase of the protocol). This sequence of calls needs to be done to obtain a cookie for the main part of the sync protocol. As an optimization, you can cache the cookie and only call this sequence again if your cookie has expired.
--   The protocol allows the MDM to sync update metadata for a particular update by calling GetUpdateData. For more information, see [GetUpdateData](/openspecs/windows_protocols/ms-wsusss/c28ad30c-fa3f-4bc6-a747-788391d2d964) in MSDN. The LocURI to get the applicable updates with their revision Numbers is `./Vendor/MSFT/Update/InstallableUpdates?list=StructData`. Because not all updates are available via S2S sync, make sure you handle SOAP errors.
--   For mobile devices, you can either sync metadata for a particular update by calling GetUpdateData, or for a local on-premises solution, you can use WSUS and manually import the mobile updates from the Microsoft Update Catalog site. For more information, see [Process flow diagram and screenshots of server sync process](#process-flow-diagram-and-screenshots-of-server-sync-process).
+-   The protocol has an authorization phase (calling GetAuthConfig, GetAuthorizationCookie, and GetCookie). In [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a), the **Sample 1: Authorization** code shows how authorization is done. Even though it's called the authorization phase, the protocol is completely open (no credentials are needed to run this phase of the protocol). This sequence of calls needs to be done to obtain a cookie for the main part of the sync protocol. As an optimization, you can cache the cookie and only call this sequence again if your cookie has expired.
+-   The protocol allows the MDM to sync update metadata for a particular update by calling GetUpdateData. For more information, see [GetUpdateData](/openspecs/windows_protocols/ms-wsusss/c28ad30c-fa3f-4bc6-a747-788391d2d964) in MSDN. The LocURI to get the applicable updates with their revision numbers is `./Vendor/MSFT/Update/InstallableUpdates?list=StructData`. Because not all updates are available via S2S sync, make sure you handle SOAP errors.
+-   For mobile devices, you can sync metadata for a particular update by calling GetUpdateData. Or, for a local on-premises solution, you can use Windows Server Update Services (WSUS) and manually import the mobile updates from the Microsoft Update Catalog site. For more information, see [Process flow diagram and screenshots of server sync process](#process-flow-diagram-and-screenshots-of-server-sync-process).
 
 > [!NOTE]
-> On Microsoft Update, metadata for a given update gets modified over time (updating descriptive information, fixing bugs in applicability rules, localization changes, etc). Each time such a change is made that doesn’t affect the update itself, a new update revision is created. The identity of an update revision is a compound key containing both an UpdateID (GUID) and a RevisionNumber (int). The MDM should not expose the notion of an update revision to IT. Instead, for each UpdateID (GUID) the MDM should just keep the metadata for the later revision of that update (the one with the highest revision number).
+> On Microsoft Update, metadata for a given update gets modified over time (updating descriptive information, fixing bugs in applicability rules, localization changes, and so on). Each time such a change is made that doesn’t affect the update itself, a new update revision is created. The identity of an update revision is a compound key containing both an UpdateID (GUID) and a RevisionNumber (int). The MDM should not expose the notion of an update revision to IT. Instead, for each UpdateID (GUID) the MDM should just keep the metadata for the later revision of that update (the one with the highest revision number).
 
 
 ## Examples of update metadata XML structure and element descriptions
@@ -82,16 +83,16 @@ The response of the GetUpdateData call returns an array of ServerSyncUpdateData
 -   **CreationDate** – the date on which this update was created.
 -   **UpdateType** – The type of update, which could include the following:
     -   **Detectoid** – if this update identity represents a compatibility logic
-    -   **Category** – This could represent either of the following:
-        -   A Product category the update belongs to. For example, Windows, MS office etc.
-        -   The classification the update belongs to. For example, Drivers, security etc.
+    -   **Category** – This element could represent either of the following:
+        -   A Product category the update belongs to. For example, Windows, MS office, and so on.
+        -   The classification the update belongs to. For example, drivers, security, and so on.
     -   **Software** – If the update is a software update.
     -   **Driver** – if the update is a driver update.
 -   **LocalizedProperties** – represents the language the update is available in, title and description of the update. It has the following fields:
     -   **Language** – The language code identifier (LCID). For example, en or es.
     -   **Title** – Title of the update. For example, “Windows SharePoint Services 3.0 Service Pack 3 x64 Edition (KB2526305)”
-    -   **Description** – Description of the update. For example, “Windows SharePoint Services 3.0 Service Pack 3 (KB2526305) provides the latest updates to Windows SharePoint Services 3.0. After you install this item, you may have to restart your computer. After you have installed this item, it cannot be removed.”
--   **KBArticleID** – The KB article number for this update that has details regarding the particular update. For example, .
+    -   **Description** – Description of the update. For example, “Windows SharePoint Services 3.0 Service Pack 3 (KB2526305) provides the latest updates to Windows SharePoint Services 3.0. After you install this item, you may have to restart your computer. After you've installed this item, it can't be removed.”
+-   **KBArticleID** – The KB article number for this update that has details about the particular update. For example, `https://support.microsoft.com/kb/2902892`.
 
 ## Recommended Flow for Using the Server-Server Sync Protocol
 
@@ -99,119 +100,156 @@ This section describes a possible algorithm for using the server-server sync pro
 
 First some background:
 
-- If you have a multi-tenant MDM, the update metadata can be kept in a shared partition, since it is common to all tenants.
-- A metadata sync service can then be implemented that periodically calls server-server sync to pull in metadata for the updates IT cares about.
-- The MDM component that uses OMA DM to control devices (described in the next section) should send the metadata sync service the list of needed updates it gets from each client if those updates are not already known to the device.
+- If you have a multi-tenant MDM, the update metadata can be kept in a shared partition, since it's common to all tenants.
+- A metadata sync service can then be implemented. The service periodically calls server-server sync to pull in metadata for the updates IT cares about.
+- The MDM component that uses OMA DM to control devices (described in the next section) should send the metadata sync service the list of needed updates it gets from each client, if those updates aren't already known to the device.
 
 
 The following procedure describes a basic algorithm for a metadata sync service:
 
--   Initialization, composed of the following:
-    1.  Create an empty list of “needed update IDs to fault in”. This list will get updated by the MDM service component that uses OMA DM. We recommend not adding definition updates to this list, since those are temporary in nature (for example, Defender releases about four new definition updates per day, each of which is cumulative).
+-   Initialization uses the following steps:
+    a.  Create an empty list of “needed update IDs to fault in”. This list will get updated by the MDM service component that uses OMA DM. We recommend not adding definition updates to this list, since they're temporary. For example, Defender can release new definition updates many times per day, each of which is cumulative.
 -   Sync periodically (we recommend once every 2 hours - no more than once/hour).
     1.  Implement the authorization phase of the protocol to get a cookie if you don’t already have a non-expired cookie. See **Sample 1: Authorization** in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a).
     2.  Implement the metadata portion of the protocol (see **Sample 2: Metadata and Deployments Synchronization** in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a)), and:
-        -   Call GetUpdateData for all updates in the "needed update IDs to fault in" list if the update metadata has not already been pulled into the DB.
+        -   Call GetUpdateData for all updates in the "needed update IDs to fault in" list if the update metadata hasn't already been pulled into the DB.
             -   If the update is a newer revision of an existing update (same UpdateID, higher revision number), replace the previous update metadata with the new one.
-            -   Remove updates from the "needed update IDs to fault in" list once they have been brought in.
+            -   Remove updates from the "needed update IDs to fault in" list once they've been brought in.
 
-This provides an efficient way to pull in the information about the set of Microsoft Updates that IT needs to manage, so the information can be used in various update management scenarios. For example, at update approval time you can pull information so IT can see what updates they are approving, or for compliance reports to see what updates are needed but not yet installed.
+These steps get information about the set of Microsoft Updates that IT needs to manage, so the information can be used in various update management scenarios. For example, at update approval time, you can get information so IT can see what updates they're approving. Or, for compliance reports to see what updates are needed but not yet installed.
 
 ## Managing updates using OMA DM
 
-An MDM can manage updates via OMA DM. The details of how to use and integrate an MDM with the Windows OMA DM protocol, and how to enroll devices for MDM management, is documented the [Mobile device management](mobile-device-enrollment.md) topic. This section focuses on how to extend that integration to support update management. The key aspects of update management include the following:
+An MDM can manage updates via OMA DM. The details of how to use and integrate an MDM with the Windows OMA DM protocol, and how to enroll devices for MDM management, is documented in [Mobile device management](mobile-device-enrollment.md). This section focuses on how to extend that integration to support update management. The key aspects of update management include the following information:
 
--   Configure automatic update policies to ensure devices stay up-to-date.
+-   Configure automatic update policies to ensure devices stay up to date.
 -   Get device compliance information (the list of updates that are needed but not yet installed)
--   Specify a per-device update approval list to ensure devices don’t install unapproved updates that have not been tested.
--   Approve EULAs on behalf of the end-user so update deployment can be automated even for updates with EULAs
+-   Specify a per-device update approval list. The list makes sure devices only install updates that are approved and tested.
+-   Approve EULAs for the end user so update deployment can be automated, even for updates with EULAs
 
 The following list describes a suggested model for applying updates.
 
 1.  Have a "Test Group" and an "All Group".
 2.  In the Test group, just let all updates flow.
-3.  In the All Group, set up Quality Update deferral for 7 days and then Quality Updates will be auto approved after the 7 days.  Note that Definition Updates are excluded from Quality Update deferrals and will be auto approved when they are available. This can be done by setting Update/DeferQualityUpdatesPeriodInDays to 7 and just letting updates flow after seven days or pushing Pause in case of issues.
+3.  In the All Group, set up Quality Update deferral for seven days. Then, Quality Updates will be auto approved after the seven days. Definition Updates are excluded from Quality Update deferrals, and will be auto approved when they're available. This schedule can be done by setting Update/DeferQualityUpdatesPeriodInDays to seven, and just letting updates flow after seven days or pushing Pause if any issues.
 
-Updates are configured using a combination of the [Update CSP](update-csp.md), and the update portion of the [Policy CSP](policy-configuration-service-provider.md). Please refer to these topics for details on configuring updates.
+Updates are configured using a combination of the [Update CSP](update-csp.md), and the update portion of the [Policy CSP](policy-configuration-service-provider.md).
 
 ### Update policies
 
-The enterprise IT can configure auto-update polices via OMA DM using the [Policy CSP](policy-configuration-service-provider.md) (this functionality is not supported in Windows 10 Mobile and Windows 10 Home). Here's the CSP diagram for the Update node in Policy CSP.
+The enterprise IT can configure auto-update policies via OMA DM using the [Policy CSP](policy-configuration-service-provider.md) (this functionality isn't supported in Windows 10 Home). Here's the CSP diagram for the Update node in Policy CSP.
 
-The following diagram shows the Update policies in a tree format.
+The following information shows the Update policies in a tree format.
 
-![update policies](images/update-policies.png)
+```console
+./Vendor/MSFT
+Policy
+----Config
+--------Update
+-----------ActiveHoursEnd
+-----------ActiveHoursMaxRange
+-----------ActiveHoursStart
+-----------AllowAutoUpdate
+-----------AllowMUUpdateService
+-----------AllowNonMicrosoftSignedUpdate
+-----------AllowUpdateService
+-----------AutoRestartNotificationSchedule
+-----------AutoRestartRequiredNotificationDismissal
+-----------BranchReadinessLevel
+-----------DeferFeatureUpdatesPeriodInDays
+-----------DeferQualityUpdatesPeriodInDays
+-----------DeferUpdatePeriod
+-----------DeferUpgradePeriod
+-----------EngagedRestartDeadline
+-----------EngagedRestartSnoozeSchedule
+-----------EngagedRestartTransitionSchedule
+-----------ExcludeWUDriversInQualityUpdate
+-----------IgnoreMOAppDownloadLimit
+-----------IgnoreMOUpdateDownloadLimit
+-----------PauseDeferrals
+-----------PauseFeatureUpdates
+-----------PauseQualityUpdates
+-----------RequireDeferUpgrade
+-----------RequireUpdateApproval
+-----------ScheduleImminentRestartWarning
+-----------ScheduledInstallDay
+-----------ScheduledInstallTime
+-----------ScheduleRestartWarning
+-----------SetAutoRestartNotificationDisable
+-----------UpdateServiceUrl
+-----------UpdateServiceUrlAlternate
+```
 
 **Update/ActiveHoursEnd**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education 
 
 
-
                    Added in Windows 10, version 1607. Allows the IT admin (when used with Update/ActiveHoursStart) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time.
+Added in Windows 10, version 1607. When used with **Update/ActiveHoursStart**, it allows the IT admin to manage a range of active hours where update reboots aren't scheduled. This value sets the end time. There's a 12-hour maximum from start time.
 
 > [!NOTE]
-> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured.  See **Update/ActiveHoursMaxRange** below for more information.
+> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. For more information, see **Update/ActiveHoursMaxRange** in this article.
 
-
                    Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
+Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, and so on.
 
-
                    The default is 17 (5 PM).
+The default is 17 (5 PM).
 
 **Update/ActiveHoursMaxRange**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. 
 
-
                    Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.
+Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.
 
-
                    Supported values are 8-18.
+Supported values are 8-18.
 
-
                    The default value is 18 (hours).
+The default value is 18 (hours).
 
 **Update/ActiveHoursStart**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
 
 
-
                    Added in Windows 10, version 1607. Allows the IT admin (when used with Update/ActiveHoursEnd) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time.
+Added in Windows 10, version 1607. When used with **Update/ActiveHoursEnd**, it allows the IT admin to manage a range of hours where update reboots aren't scheduled. This value sets the start time. There's a 12-hour maximum from end time.
 
 > [!NOTE]
-> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured.  See **Update/ActiveHoursMaxRange** above for more information.
+> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. For more information, see **Update/ActiveHoursMaxRange** in this article.
 
-
                    Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
+Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, and so on.
 
-
                    The default value is 8 (8 AM).
+The default value is 8 (8 AM).
 
 **Update/AllowAutoUpdate**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
 
 
-
                    Enables the IT admin to manage automatic update behavior to scan, download, and install updates.
+Enables the IT admin to manage automatic update behavior to scan, download, and install updates.
 
-
                    Supported operations are Get and Replace.
+Supported operations are Get and Replace.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
--   0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
--   1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shutdown properly on restart.
--   2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shutdown properly on restart.
+-   0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end users to manage data usage. With this option, users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
+-   1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks. They're installed during "Automatic Maintenance" when the device isn't in use, and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end user is prompted to schedule the restart time. The end user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end user to control the start time reduces the risk of accidental data loss caused by applications that don't shutdown properly on restart.
+-   2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks. They're installed during "Automatic Maintenance" when the device isn't in use, and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. This behavior is the default behavior for unmanaged devices. Devices are updated quickly. But, it increases the risk of accidental data loss caused by an application that doesn't shutdown properly on restart.
 -   3 – Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart.
--   4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only.
+-   4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks. They're installed during "Automatic Maintenance" when the device isn't in use, and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. This setting option also sets the end-user control panel to read-only.
 -   5 – Turn off automatic updates.
 
 > [!IMPORTANT]
 > This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
  
 
-
                    If the policy is not configured, end-users get the default behavior (Auto install and restart).
+If the policy isn't configured, end users get the default behavior (Auto install and restart).
 
 **Update/AllowMUUpdateService**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 
-
                    Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
+Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
 -   0 – Not allowed or not configured.
 -   1 – Allowed. Accepts updates received through Microsoft Update.
@@ -221,31 +259,31 @@ The following diagram shows the Update policies in a tree format.
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise and Windows 10 Education.
 
 
-
                    Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for third party software and patch distribution.
+Allows the IT admin to manage if Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for third-party software and patch distribution.
 
-
                    Supported operations are Get and Replace.
+Supported operations are Get and Replace.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
 -   0 – Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft.
--   1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer.
+-   1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they're signed by a certificate in the "Trusted Publishers" certificate store of the local computer.
 
-
                    This policy is specific to desktop and local publishing via WSUS for third party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
+This policy is specific to desktop and local publishing using WSUS for third-party updates (binaries and updates not hosted on Microsoft Update). It allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
 
 **Update/AllowUpdateService**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 
-
                    Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft.
+Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft.
 
-
                    Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft
+Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update.
 
-
                    Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft to stop working.
+Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft to stop working.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
--   0 – Update service is not allowed.
+-   0 – Update service isn't allowed.
 -   1 (default) – Update service is allowed.
 
 > [!NOTE]
@@ -257,20 +295,20 @@ The following diagram shows the Update policies in a tree format.
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 
-
                    Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications.
+Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications.
 
-
                    Supported values are 15, 30, 60, 120, and 240 (minutes).
+Supported values are 15, 30, 60, 120, and 240 (minutes).
 
-
                    The default value is 15 (minutes).
+The default value is 15 (minutes).
 
 **Update/AutoRestartRequiredNotificationDismissal**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 
-
                    Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto restart required notification is dismissed.
+Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto restart required notification is dismissed.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
 -   1 (default) – Auto Dismissal.
 -   2 – User Dismissal.
@@ -280,9 +318,9 @@ The following diagram shows the Update policies in a tree format.
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education 
 
 
-
                    Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.
+Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
 -   16 (default) – User gets all applicable upgrades from Current Branch (CB).
 -   32 – User gets upgrades from Current Branch for Business (CBB).
@@ -291,18 +329,18 @@ The following diagram shows the Update policies in a tree format.
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
 
-
                    Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days.
+Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days.
 
-
                    Supported values are 0-180.
+Supported values are 0-180.
 
 **Update/DeferQualityUpdatesPeriodInDays**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 
-
                    Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days.
+Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days.
 
-
                    Supported values are 0-30.
+Supported values are 0-30.
 
 **Update/DeferUpdatePeriod**
 > [!NOTE]
@@ -311,140 +349,110 @@ The following diagram shows the Update policies in a tree format.
 > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices.
 
 
-
                    Allows IT Admins to specify update delays for up to four weeks.
+Allows IT Admins to specify update delays for up to four weeks.
 
-
                    Supported values are 0-4, which refers to the number of weeks to defer updates.
+Supported values are 0-4, which refers to the number of weeks to defer updates.
 
-
                    If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+If the **Specify intranet Microsoft update service location** policy is enabled, then the **Defer upgrades by**, **Defer updates by**; and **Pause Updates and Upgrades** settings have no effect.
 
-
                    If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+If the **Allow Telemetry** policy is enabled and the Options value is set to 0, then the **Defer upgrades by**, **Defer updates by** and **Pause Updates and Upgrades** settings have no effect.
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Update categoryMaximum deferralDeferral incrementUpdate type/notes
                    OS upgrade
                    8 months
                    1 month
                    Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5
                    Update
                    1 month
                    1 week
                    
-Note
-If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic.
-
                    
-
                      
-
                    • Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
                      • 
-
                    • Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
                      • 
-
                    • Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
                      • 
-
                    • Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
                      • 
-
                    • Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
                      • 
-
                    • Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
                      • 
-
                    • Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
                      • 
-
                    • Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
                      • 
-
                    Other/cannot defer
                    No deferral
                    No deferral
                    Any update category not enumerated above falls into this category.
                    
-
                    Definition Update - E0789628-CE08-4437-BE74-2495B842F43B
                    
+- **Update category**: OS upgrade
+  - **Maximum deferral**: 8 months
+  - **Deferral increment**: 1 month
+  - **Update type/notes**: Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5
 
+- **Update category**: Update
+  - **Maximum deferral**: 1 month
+  - **Deferral increment**: 1 week
+  - **Update type/notes**: If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic.
+
+    - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
+    - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
+    - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
+    - Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
+    - Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
+    - Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
+    - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
+    - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
+
+- **Update category**: Other/cannot defer
+  - **Maximum deferral**: No deferral
+  - **Deferral increment**: No deferral
+  - **Update type/notes**: Any update category not enumerated above falls into this category.
+    - Definition Update - E0789628-CE08-4437-BE74-2495B842F43B
 
 **Update/DeferUpgradePeriod**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
 >
-> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
->
 > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices.
 
 
-
                    Allows IT Admins to specify additional upgrade delays for up to eight months.
+Allows IT Admins to enter more upgrade delays for up to eight months.
 
-
                    Supported values are 0-8, which refers to the number of months to defer upgrades.
+Supported values are 0-8, which refers to the number of months to defer upgrades.
 
-
                    If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+If the **Specify intranet Microsoft update service location** policy is enabled, then the **Defer upgrades by**, **Defer updates by** and **Pause Updates and Upgrades** settings have no effect.
 
-
                    If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+If the **Allow Telemetry** policy is enabled and the Options value is set to 0, then the **Defer upgrades by**, **Defer updates by** and **Pause Updates and Upgrades** settings have no effect.
 
 **Update/EngagedRestartDeadline**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 
-
                    Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period.  If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling).
+Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period.  If no deadline is specified or deadline is set to 0, then the restart won't be automatically executed. It will remain Engaged restart (pending user scheduling).
 
-
                    Supported values are 2-30 days.
+Supported values are 2-30 days.
 
-
                    The default value is 0 days (not specified).
+The default value is 0 days (not specified).
 
 **Update/EngagedRestartSnoozeSchedule**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 
-
                    Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications.
+Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications.
 
-
                    Supported values are 1-3 days.
+Supported values are 1-3 days.
 
-
                    The default value is three days.
+The default value is three days.
 
 **Update/EngagedRestartTransitionSchedule**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 
-
                    Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
+Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
 
-
                    Supported values are 2-30 days.
+Supported values are 2-30 days.
 
-
                    The default value is seven days.
+The default value is seven days.
 
 **Update/ExcludeWUDriversInQualityUpdate**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
-> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
 
-
                    Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates.
+Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
 -   0 (default) – Allow Windows Update drivers.
 -   1 – Exclude Windows Update drivers.
 
 **Update/IgnoreMOAppDownloadLimit**
-
                    Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
+Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
 
 > [!WARNING]
 > Setting this policy might cause devices to incur costs from MO operators.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
--   0 (default) – Do not ignore MO download limit for apps and their updates.
+-   0 (default) – Don't ignore MO download limit for apps and their updates.
 -   1 – Ignore MO download limit (allow unlimited downloading) for apps and their updates.
 
-
                    To validate this policy:
+To validate this policy:
 
 1.  Enable the policy ensure the device is on a cellular network.
 2.  Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell:
@@ -456,20 +464,20 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
 
 
 **Update/IgnoreMOUpdateDownloadLimit**
-
                    Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
+Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
 
 > [!WARNING]
 > Setting this policy might cause devices to incur costs from MO operators.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
--   0 (default) – Do not ignore MO download limit for OS updates.
+-   0 (default) – Don't ignore MO download limit for OS updates.
 -   1 – Ignore MO download limit (allow unlimited downloading) for OS updates.
 
-
                    To validate this policy:
+To validate this policy:
 
 1.  Enable the policy and ensure the device is on a cellular network.
-2.  Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell:
+2.  Run the scheduled task on the devices to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell:
       - `exec-device schtasks.exe -arguments ""/run /tn """"\Microsoft\Windows\WindowsUpdate\AUScheduledInstall"""" /I""`
 
 3.   Verify that any downloads that are above the download size limit will complete without being paused.
@@ -482,26 +490,26 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
 > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices.
 
 
-
                    Allows IT Admins to pause updates and upgrades for up to five weeks. Paused deferrals will be reset after five weeks.
+Allows IT Admins to pause updates and upgrades for up to five weeks. Paused deferrals will be reset after five weeks.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
--   0 (default) – Deferrals are not paused.
+-   0 (default) – Deferrals aren't paused.
 -   1 – Deferrals are paused.
 
-
                    If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+If the **Specify intranet Microsoft update service location** policy is enabled, then the **Defer upgrades by**, **Defer updates by** and **Pause Updates and Upgrades** settings have no effect.
 
-
                    If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+If the **Allow Telemetry** policy is enabled and the Options value is set to 0, then the **Defer upgrades by**, **Defer updates by** and **Pause Updates and Upgrades** settings have no effect.
 
 **Update/PauseFeatureUpdates**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
 
-
                    Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days.
+Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
--   0 (default) – Feature Updates are not paused.
+-   0 (default) – Feature Updates aren't paused.
 -   1 – Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner.
 
 **Update/PauseQualityUpdates**
@@ -509,11 +517,11 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 
-
                    Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates.
+Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
--   0 (default) – Quality Updates are not paused.
+-   0 (default) – Quality Updates aren't paused.
 -   1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner.
 
 **Update/RequireDeferUpgrade**
@@ -523,9 +531,9 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
 > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices.
 
 
-
                    Allows the IT admin to set a device to CBB train.
+Allows the IT admin to set a device to CBB train.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
 -   0 (default) – User gets upgrades from Current Branch.
 -   1 – User gets upgrades from Current Branch for Business.
@@ -541,38 +549,38 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
 > If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
 
 
-
                    Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved.
+Allows the IT admin to restrict the updates that are installed on a device to only the updates on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update for the end user. EULAs are approved once an update is approved.
 
-
                    Supported operations are Get and Replace.
+Supported operations are Get and Replace.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
 -   0 – Not configured. The device installs all applicable updates.
--   1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment.
+-   1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required before deployment.
 
 **Update/ScheduleImminentRestartWarning**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 
-
                    Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications.
+Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications.
 
-
                    Supported values are 15, 30, or 60 (minutes).
+Supported values are 15, 30, or 60 (minutes).
 
-
                    The default value is 15 (minutes).
+The default value is 15 (minutes).
 
 **Update/ScheduledInstallDay**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 
-
                    Enables the IT admin to schedule the day of the update installation.
+Enables the IT admin to schedule the day of the update installation.
 
-
                    The data type is a string.
+The data type is a string.
 
-
                    Supported operations are Add, Delete, Get, and Replace.
+Supported operations are Add, Delete, Get, and Replace.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
 -   0 (default) – Every day
 -   1 – Sunday
@@ -588,35 +596,35 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 
-
                    Enables the IT admin to schedule the time of the update installation.
+Enables the IT admin to schedule the time of the update installation.
 
-
                    The data type is a string.
+The data type is a string.
 
-
                    Supported operations are Add, Delete, Get, and Replace.
+Supported operations are Add, Delete, Get, and Replace.
 
-
                    Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM.
+Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM.
 
-
                    The default value is 3.
+The default value is 3.
 
 **Update/ScheduleRestartWarning**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 
-
                    Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto restart warning reminder notifications.
+Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto restart warning reminder notifications.
 
-
                    Supported values are 2, 4, 8, 12, or 24 (hours).
+Supported values are 2, 4, 8, 12, or 24 (hours).
 
-
                    The default value is 4 (hours).
+The default value is 4 (hours).
 
 **Update/SetAutoRestartNotificationDisable**
 > [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 
-
                    Added in Windows 10, version 1703. Allows the IT Admin to disable auto restart notifications for update installations.
+Added in Windows 10, version 1703. Allows the IT Admin to disable auto restart notifications for update installations.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
 -   0 (default) – Enabled
 -   1 – Disabled
@@ -626,13 +634,13 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 > [!Important]
-> Starting in Windows 10, version 1703 this policy is not supported in IoT Enterprise.
+> Starting in Windows 10, version 1703 this policy isn't supported in IoT Enterprise.
 
-
                    Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
+Allows the device to check for updates from a WSUS server instead of Microsoft Update. Using WSUS is useful for on-premises MDMs that need to update devices that can't connect to the Internet.
 
-
                    Supported operations are Get and Replace.
+Supported operations are Get and Replace.
 
-
                    The following list shows the supported values:
+The following list shows the supported values:
 
 -   Not configured. The device checks for updates from Microsoft Update.
 -   Set to a URL, such as `http://abcd-srv:8530`. The device checks for updates from the WSUS server at the specified URL.
@@ -640,43 +648,73 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
 Example
 
 ```xml
-        
-            $CmdID$
-            
-                
-                    chr
-                    text/plain
-                
-                
-                    ./Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl
-                
-                http://abcd-srv:8530
-            
-        
+
+    $CmdID$
+    
+        
+            chr
+            text/plain
+        
+        
+            ./Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl
+        
+        http://abcd-srv:8530
+    
+
 ```
 
 **Update/UpdateServiceUrlAlternate**
 
-> **Note**  This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
 
-
                    Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
+Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
 
-
                    This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
+This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
 
-
                    To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server.  An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
+To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server.  An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
 
-
                    Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
+Value type is string and the default value is an empty string. If the setting isn't configured, and if Automatic Updates isn't disabled by policy or user preference, then the Automatic Updates client connects directly to the Windows Update site on the Internet.
 
 > [!Note]
 > If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect.
-> If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates.
-> This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
+> If the "Alternate Download Server" Group Policy isn't set, it will use the WSUS server by default to download updates.
+> This policy isn't supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
 
 ### Update management
 
-The enterprise IT can configure the set of approved updates and get compliance status via OMA DM using the [Update CSP](update-csp.md). The following diagram shows the Update CSP in tree format..
+The enterprise IT can configure the set of approved updates and get compliance status via OMA DM using the [Update CSP](update-csp.md). The following information shows the Update CSP in tree format.
 
-![provisioning csp update](images/provisioning-csp-update.png)
+```console
+./Vendor/MSFT
+Update
+----ApprovedUpdates
+--------Approved Update Guid
+------------ApprovedTime
+----FailedUpdates
+--------Failed Update Guid
+------------HResult
+------------Status
+------------RevisionNumber
+----InstalledUpdates
+--------Installed Update Guid
+------------RevisionNumber
+----InstallableUpdates
+--------Installable Update Guid
+------------Type
+------------RevisionNumber
+----PendingRebootUpdates
+--------Pending Reboot Update Guid
+------------InstalledTime
+------------RevisionNumber
+----LastSuccessfulScanTime
+----DeferUpgrade
+----Rollback
+--------QualityUpdate
+--------FeatureUpdate
+--------QualityUpdateStatus
+--------FeatureUpdateStatus
+```
 
 **Update**
 The root node.
@@ -684,15 +722,17 @@ The root node.
 Supported operation is Get.
 
 **ApprovedUpdates**
-Node for update approvals and EULA acceptance on behalf of the end-user.
+Node for update approvals and EULA acceptance for the end user.
 
-> **Note** When the RequireUpdateApproval policy is set, the MDM uses the ApprovedUpdates list to pass the approved GUIDs. These GUIDs should be a subset of the InstallableUpdates list.
+> [!NOTE]
+> When the RequireUpdateApproval policy is set, the MDM uses the ApprovedUpdates list to pass the approved GUIDs. These GUIDs should be a subset of the InstallableUpdates list.
 
-The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It is only necessary to approve the EULA once per EULA ID, not one per update.
+The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to present the EULA is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It's only necessary to approve the EULA once per EULA ID, not one per update.
 
-The update approval list enables IT to approve individual updates and update classifications. Auto-approval by update classifications allows IT to automatically approve Definition Updates (that is, updates to the virus and spyware definitions on devices) and Security Updates (that is, product-specific updates for security-related vulnerability). The update approval list does not support the uninstallation of updates by revoking approval of already installed updates. Updates are approved based on UpdateID, and an UpdateID only needs to be approved once. An update UpdateID and RevisionNumber are part of the UpdateIdentity type. An UpdateID can be associated to several UpdateIdentity GUIDs due to changes to the RevisionNumber setting. MDM services must synchronize the UpdateIdentity of an UpdateID based on the latest RevisionNumber to get the latest metadata for an update. However, update approval is based on UpdateID.
+The update approval list enables IT to approve individual updates and update classifications. Auto-approval by update classifications allows IT to automatically approve Definition Updates (updates to the virus and spyware definitions on devices) and Security Updates (product-specific updates for security-related vulnerability). The update approval list doesn't support the uninstall of updates by revoking approval of already installed updates. Updates are approved based on UpdateID, and an UpdateID only needs to be approved once. An update UpdateID and RevisionNumber are part of the UpdateIdentity type. An UpdateID can be associated to several UpdateIdentity GUIDs because of changes to the RevisionNumber setting. MDM services must synchronize the UpdateIdentity of an UpdateID based on the latest RevisionNumber to get the latest metadata for an update. However, update approval is based on UpdateID.
 
-> **Note**  For the Windows 10 build, the client may need to reboot after additional updates are added.
+> [!NOTE]
+> For the Windows 10 build, the client may need to reboot after additional updates are added.
 
  
 
@@ -722,7 +762,7 @@ Specifies the approved updates that failed to install on a device.
 Supported operation is Get.
 
 **FailedUpdates/***Failed Update Guid*
-Update identifier field of the UpdateIdentity GUID that represent an update that failed to download or install.
+Update identifier field of the UpdateIdentity GUID that represents an update that failed to download or install.
 
 Supported operation is Get.
 
@@ -747,7 +787,7 @@ UpdateIDs that represent the updates installed on a device.
 Supported operation is Get.
 
 **InstallableUpdates**
-The updates that are applicable and not yet installed on the device. This includes updates that are not yet approved.
+The updates that are applicable and not yet installed on the device. This information includes updates that aren't yet approved.
 
 Supported operation is Get.
 
@@ -798,7 +838,7 @@ Supported operation is Get.
 
 ##  Windows 10, version 1607 for update management
 
-Here are the new policies added in Windows 10, version 1607 in [Policy CSP](policy-configuration-service-provider.md). You should use these policies for the new Windows 10, version 1607 devices.
+Here are the new policies added in Windows 10, version 1607 in [Policy CSP](policy-configuration-service-provider.md). Use these policies for the Windows 10, version 1607 devices.
 
 -   Update/ActiveHoursEnd
 -   Update/ActiveHoursStart
@@ -812,73 +852,18 @@ Here are the new policies added in Windows 10, version 1607 in [Policy CSP](pol
 
 Here's the list of corresponding Group Policy settings in HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    GPO keyTypeValue
                    BranchReadinessLevel
                    REG_DWORD
                    16: systems take Feature Updates on the Current Branch (CB) train
                    
-
                    32: systems take Feature Updates on the Current Branch for Business
                    
-
                    Other value or absent: receive all applicable updates (CB)
                    DeferQualityUpdates
                    REG_DWORD
                    1: defer quality updates
                    
-
                    Other value or absent: don’t defer quality updates
                    DeferQualityUpdatesPeriodInDays
                    REG_DWORD
                    0-30: days to defer quality updates
                    PauseQualityUpdates
                    REG_DWORD
                    1: pause quality updates
                    
-
                    Other value or absent: don’t pause quality updates
                    DeferFeatureUpdates
                    REG_DWORD
                    1: defer feature updates
                    
-
                    Other value or absent: don’t defer feature updates
                    DeferFeatureUpdatesPeriodInDays
                    REG_DWORD
                    0-180: days to defer feature updates
                    PauseFeatureUpdates
                    REG_DWORD
                    1: pause feature updates
                    
-
                    Other value or absent: don’t pause feature updates
                    ExcludeWUDriversInQualityUpdate
                    REG_DWORD
                    1: exclude WU drivers
                    
-
                    Other value or absent: offer WU drivers
                    
+|GPO key|Type|Value|
+|--- |--- |--- |
+|BranchReadinessLevel|REG_DWORD|16: systems take Feature Updates on the Current Branch (CB) train

                    32: systems take Feature Updates on the Current Branch for Business

                    Other value or absent: receive all applicable updates (CB)|
+|DeferQualityUpdates|REG_DWORD|1: defer quality updates

                    Other value or absent: don’t defer quality updates|
+|DeferQualityUpdatesPeriodInDays|REG_DWORD|0-30: days to defer quality updates|
+|PauseQualityUpdates|REG_DWORD|1: pause quality updates

                    Other value or absent: don’t pause quality updates|
+|DeferFeatureUpdates|REG_DWORD|1: defer feature updates

                    Other value or absent: don’t defer feature updates|
+|DeferFeatureUpdatesPeriodInDays|REG_DWORD|0-180: days to defer feature updates|
+|PauseFeatureUpdates|REG_DWORD|1: pause feature updates

                    Other value or absent: don’t pause feature updates|
+|ExcludeWUDriversInQualityUpdate|REG_DWORD|1: exclude WU drivers

                    Other value or absent: offer WU drivers|
 
- 
-
-Here is the list of older policies that are still supported for backward compatibility. You can use these for Windows 10, version 1511 devices.
+Here's the list of older policies that are still supported for backward compatibility. You can use these older policies for Windows 10, version 1511 devices.
 
 -   Update/RequireDeferUpgrade
 -   Update/DeferUpgradePeriod
@@ -889,9 +874,9 @@ Here is the list of older policies that are still supported for backward compati
 
 The following screenshots of the administrator console show the list of update titles, approval status, and additional metadata fields.
 
-![mdm update management screenshot](images/deviceupdatescreenshot1.png)
+![mdm update management screenshot.](images/deviceupdatescreenshot1.png)
 
-![mdm update management metadata screenshot](images/deviceupdatescreenshot2.png)
+![mdm update management metadata screenshot.](images/deviceupdatescreenshot2.png)
 
 
 ## SyncML example
@@ -945,5 +930,16 @@ Set auto update to notify and defer.
 
 The following diagram and screenshots show the process flow of the device update process using Windows Server Update Services and Microsoft Update Catalog.
 
-![mdm device update management screenshot3](images/deviceupdatescreenshot3.png)![mdm device update management screenshot4](images/deviceupdatescreenshot4.png)![mdm device update management screenshot5](images/deviceupdatescreenshot5.png)![mdm device update management screenshot6](images/deviceupdatescreenshot6.png)![mdm device update management screenshot7](images/deviceupdatescreenshot7.png)![mdm device update management screenshot8](images/deviceupdatescreenshot8.png)![mdm device update management screenshot9](images/deviceupdatescreenshot9.png)
+![mdm device update management screenshot3.](images/deviceupdatescreenshot3.png)
 
+![mdm device update management screenshot4](images/deviceupdatescreenshot4.png)
+
+![mdm device update management screenshot5](images/deviceupdatescreenshot5.png)
+
+![mdm device update management screenshot6](images/deviceupdatescreenshot6.png)
+
+![mdm device update management screenshot7](images/deviceupdatescreenshot7.png)
+
+![mdm device update management screenshot8](images/deviceupdatescreenshot8.png)
+
+![mdm device update management screenshot9](images/deviceupdatescreenshot9.png)
diff --git a/windows/client-management/mdm/deviceinstanceservice-csp.md b/windows/client-management/mdm/deviceinstanceservice-csp.md
deleted file mode 100644
index f24564545c..0000000000
--- a/windows/client-management/mdm/deviceinstanceservice-csp.md
+++ /dev/null
@@ -1,121 +0,0 @@
----
-title: DeviceInstanceService CSP
-description: Learn how the DeviceInstanceService configuration service provider (CSP) provides some device inventory information that could be useful for an enterprise.
-ms.assetid: f113b6bb-6ce1-45ad-b725-1b6610721e2d
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# DeviceInstanceService CSP
-
-
-The DeviceInstanceService configuration service provider provides some device inventory information that could be useful for an enterprise. Additionally, this CSP supports querying two different phone numbers in the case of dual SIM. The URIs for SIM 1 and SIM 2 are ./Vendor/MSFT/DeviceInstanceService/Identity/Identity1 and ./Vendor/MSFT/DeviceInstanceService/Identity/Identity2 respectively.
-
-> **Note**  
-Stop using DeviceInstanceService CSP and use the updated [DeviceStatus CSP](devicestatus-csp.md) instead.
-
-The DeviceInstance CSP is only supported in Windows 10 Mobile.
-
- 
-
-The following diagram shows the DeviceInstanceService configuration service provider in tree format.
-
-![provisioning\-csp\-deviceinstanceservice](images/provisioning-csp-deviceinstanceservice.png)
-
-**Roaming**  
-A boolean value that specifies the roaming status of the device. In dual SIM mode when the device supports two different phone numbers, querying SIM 1 explicitly with ./Vendor/MSFT/DeviceInstanceService/Identify1/Roaming is functionally equivalent to using ./Vendor/MSFT/DeviceInstanceService/Roaming.
-
-Supported operation is **Get**.
-
-Returns **True** if the device is roaming; otherwise **False**.
-
-**PhoneNumber**  
-A string that represents the phone number of the device. In case of dual SIM mode when the device supports two different phone numbers, querying SIM 1 explicitly with ./Vendor/MSFT/DeviceInstanceService/Identify1/PhoneNumber is functionally equivalent to using ./Vendor/MSFT/DeviceInstanceService/PhoneNumber.
-
-Value type is chr.
-
-Supported operation is **Get**.
-
-**IMEI**  
-A string the represents the International Mobile Station Equipment Identity (IMEI) of the device. In case of dual SIM mode when the device supports two different phone numbers, querying SIM 1 explicitly with ./Vendor/MSFT/DeviceInstanceService/Identify1/IMEI is functionally equivalent to using ./Vendor/MSFT/DeviceInstanceService/IMEI.
-
-Value type is chr.
-
-Supported operation is **Get**.
-
-**IMSI**  
-A string that represents the first six digits of device IMSI number (Mobile Country/region Code, Mobile Network Code) of the device. In case of dual SIM mode when the device supports two different phone numbers, querying SIM 1 explicitly with ./Vendor/MSFT/DeviceInstanceService/Identify1/IMSI is functionally equivalent to using ./Vendor/MSFT/DeviceInstanceService/IMSI.
-
-Value type is chr.
-
-Supported operation is **Get**.
-
-**Identity**  
-The parent node to group per SIM specific information in case of dual SIM mode.
-
-**Identity1**  
-The parent node to group SIM1 specific information in case of dual SIM mode.
-
-**Identity2**  
-The parent node to group SIM2 specific information in case of dual SIM mode.
-
-## Examples
-
-
-The following sample shows how to query roaming status and phone number on the device.
-
-```xml
-
-      2
-      
-        
-          ./Vendor/MSFT/DeviceInstanceService/Roaming
-        
-      
-      
-        
-          ./Vendor/MSFT/DeviceInstanceService/PhoneNumber
-        
-      
-
-```
-
-Response from the phone.
-
-```xml
-
-   3
-   1
-   2
-   
-      ./Vendor/MSFT/DeviceInstanceService/Roaming
-      bool
-      false
-   
-   
-      ./Vendor/MSFT/DeviceInstanceService/PhoneNumber
-      +14254458055
-   
-
-```
-
-## Related topics
-
-
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md
index cef65071ec..f0d67e6950 100644
--- a/windows/client-management/mdm/devicelock-csp.md
+++ b/windows/client-management/mdm/devicelock-csp.md
@@ -8,16 +8,20 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
 # DeviceLock CSP
 
+This policy is deprecated. Use [Policy CSP](policy-configuration-service-provider.md) instead.
+
+
 
+## Related articles
+
+[Policy CSP](policy-configuration-service-provider.md)
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md
index eb63ef11fe..c396396f46 100644
--- a/windows/client-management/mdm/devicelock-ddf-file.md
+++ b/windows/client-management/mdm/devicelock-ddf-file.md
@@ -8,12 +8,15 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
 # DeviceLock DDF file
 
+This policy is deprecated. Use [Policy CSP](policy-configuration-service-provider.md) instead.
+
+
 
 ## Related topics
 
+[Policy CSP](policy-configuration-service-provider.md)
 
 [DeviceLock configuration service provider](devicelock-csp.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index 99d2930eff..9768af70a3 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/01/2017
 ---
 
@@ -17,9 +17,9 @@ ms.date: 11/01/2017
 
 The DeviceManageability configuration service provider (CSP) is used to retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607.
 
-For performance reasons, DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that the both paths return the same information. 
+For performance reasons, DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that both the paths return the same information. 
 
-The following shows the DeviceManageability configuration service provider in a tree format.
+The following example shows the DeviceManageability configuration service provider in a tree format.
 ```
 ./Device/Vendor/MSFT
 DeviceManageability
@@ -46,14 +46,14 @@ Added in Windows 10, version 1709. Interior node.
 Added in Windows 10, version 1709. Provider ID of the configuration source. ProviderID should be unique among the different config sources.
 
 **Provider/_ProviderID_/ConfigInfo**  
-Added in Windows 10, version 1709. Configuration information string value set by the configuration source. Recommended to be used during sync session.
+Added in Windows 10, version 1709. Configuration information string value set by the configuration source. Recommended to use during sync session.
 
 ConfigInfo value can only be set by the provider that owns the ProviderID. The value is readable by other config sources.
 
 Data type is string. Supported operations are Add, Get, Delete, and Replace.
 
 **Provider/_ProviderID_/EnrollmentInfo**  
-Added in Windows 10, version 1709. Enrollment information string value set by the configuration source and sent during MDM enrollment. It is readable by MDM server during sync session.
+Added in Windows 10, version 1709. Enrollment information string value set by the configuration source and sent during MDM enrollment. It's readable by MDM server during sync session.
 
 Data type is string. Supported operations are Add, Get, Delete, and Replace. 
 
diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md
index 4cb0c7f58b..ca69075d3a 100644
--- a/windows/client-management/mdm/devicemanageability-ddf.md
+++ b/windows/client-management/mdm/devicemanageability-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index f861b2d2e4..17cb3d7424 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/25/2021
 ---
 
@@ -17,7 +17,7 @@ ms.date: 06/25/2021
 
 The DeviceStatus configuration service provider is used by the enterprise to keep track of device inventory and query the state of compliance of these devices with their enterprise policies.
 
-The following shows the DeviceStatus configuration service provider in tree format.
+The following example shows the DeviceStatus configuration service provider in tree format.
 ```
 ./Vendor/MSFT
 DeviceStatus
@@ -67,7 +67,7 @@ DeviceStatus
 The root node for the DeviceStatus configuration service provider.
 
 **DeviceStatus/SecureBootState**  
-Indicates whether secure boot is enabled. The value is one of the following:
+Indicates whether secure boot is enabled. The value is one of the following values:
 
 -   0 - Not supported
 -   1 - Enabled
@@ -136,7 +136,7 @@ Boolean value that indicates whether the network card associated with the MAC ad
 Supported operation is Get.
 
 **DeviceStatus/NetworkIdentifiers/*MacAddress*/Type**  
-Type of network connection. The value is one of the following:
+Type of network connection. The value is one of the following values:
 
 -   2 - WLAN (or other Wireless interface)
 -   1 - LAN (or other Wired interface)
@@ -148,7 +148,7 @@ Supported operation is Get.
 Node for the compliance query.
 
 **DeviceStatus/Compliance/EncryptionCompliance**  
-Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following:
+Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following values:
 
 -   0 - Not encrypted
 -   1 - Encrypted
@@ -194,9 +194,9 @@ Added in Windows, version 1607. Integer that specifies the status of the antivi
 
 Valid values:
 
--   0 - The security software reports that it is not the most recent version.
--   1 (default) - The security software reports that it is the most recent version.
--   2 – Not applicable. This is returned for devices like the phone that do not have an antivirus (where the API doesn’t exist.)
+-   0 - The security software reports that it isn't the most recent version.
+-   1 (default) - The security software reports that it's the most recent version.
+-   2 – Not applicable. This value is returned for devices like the phone that don't have an antivirus (where the API doesn’t exist.)
 
 Supported operation is Get.
 
@@ -213,9 +213,9 @@ Valid values:
 
 -   0 – Antivirus is on and monitoring.
 -   1 – Antivirus is disabled.
--   2 – Antivirus is not monitoring the device/PC or some options have been turned off.
+-   2 – Antivirus isn't monitoring the device/PC or some options have been turned off.
 -   3 (default) – Antivirus is temporarily not completely monitoring the device/PC.
--   4 – Antivirus not applicable for this device. This is returned for devices like the phone that do not have an antivirus (where the API doesn’t exist.)
+-   4 – Antivirus not applicable for this device. This value is returned for devices like the phone that don't have an antivirus (where the API doesn’t exist.)
 
 Supported operation is Get.
 
@@ -229,9 +229,9 @@ Added in Windows, version 1607. Integer that specifies the status of the antisp
 
 Valid values:
 
--  0 - The security software reports that it is not the most recent version.
--  1 - The security software reports that it is the most recent version.
--  2 - Not applicable. This is returned for devices like the phone that do not have an antivirus (where the API doesn’t exist.)
+-  0 - The security software reports that it isn't the most recent version.
+-  1 - The security software reports that it's the most recent version.
+-  2 - Not applicable. This value is returned for devices like the phone that don't have an antivirus (where the API doesn’t exist.)
 
 Supported operation is Get.
 
@@ -246,10 +246,10 @@ Added in Windows, version 1607. Integer that specifies the status of the antisp
 
 Valid values:
 
--  0 - The status of the security provider category is good and does not need user attention.
--  1 - The status of the security provider category is not monitored by Windows Security Center (WSC).
--  2 - The status of the security provider category is poor and the computer may be at risk.
--  3 - The security provider category is in snooze state. Snooze indicates that WSC is not actively protecting the computer.
+- 0 - The status of the security provider category is good and doesn't need user attention.
+- 1 - The status of the security provider category isn't monitored by Windows Security.
+- 2 - The status of the security provider category is poor and the computer may be at risk.
+- 3 - The security provider category is in snooze state. Snooze indicates that the Windows Security Service isn't actively protecting the computer.
 
 Supported operation is Get.
 
@@ -265,9 +265,9 @@ Valid values:
 
 -   0 – Firewall is on and monitoring.
 -   1 – Firewall has been disabled.
--   2 – Firewall is not monitoring all networks or some rules have been turned off.
+-   2 – Firewall isn't monitoring all networks or some rules have been turned off.
 -   3 (default) – Firewall is temporarily not monitoring all networks.
--   4 – Not applicable. This is returned for devices like the phone that do not have an antivirus (where the API doesn’t exist.)
+-   4 – Not applicable. This value is returned for devices like the phone that don't have an antivirus (where the API doesn’t exist.)
 
 Supported operation is Get.
 
@@ -292,21 +292,21 @@ Added in Windows, version 1607. Integer that specifies the status of the batter
 Supported operation is Get.
 
 **DeviceStatus/Battery/EstimatedChargeRemaining**  
-Added in Windows, version 1607. Integer that specifies the estimated battery charge remaining. This is the value returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status).
+Added in Windows, version 1607. Integer that specifies the estimated battery charge remaining. This value is the one that is returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status).
 
-The value is the number of seconds of battery life remaining when the device is not connected to an AC power source. When it is connected to a power source, the value is -1. When the estimation is unknown, the value is -1.
+The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1.
 
 Supported operation is Get.
 
 **DeviceStatus/Battery/EstimatedRuntime**  
-Added in Windows, version 1607. Integer that specifies the estimated runtime of the battery. This is the value returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status).
+Added in Windows, version 1607. Integer that specifies the estimated runtime of the battery. This value is the one that is returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status).
 
-The value is the number of seconds of battery life remaining when the device is not connected to an AC power source. When it is connected to a power source, the value is -1. When the estimation is unknown, the value is -1.
+The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1.
 
 Supported operation is Get.
 
 **DeviceStatus/DomainName**  
-Added in Windows, version 1709. Returns the fully qualified domain name of the device (if any). If the device is not domain-joined, it returns an empty string.
+Added in Windows, version 1709. Returns the fully qualified domain name of the device (if any). If the device isn't domain-joined, it returns an empty string.
 
 Supported operation is Get.
 
@@ -322,15 +322,15 @@ Added in Windows, version 1709. Virtualization-based security hardware requirem
 - 0x1: SecureBoot required 
 - 0x2: DMA Protection required
 - 0x4: HyperV not supported for Guest VM
-- 0x8: HyperV feature is not available
+- 0x8: HyperV feature isn't available
 
 Supported operation is Get.
 
 **DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus**  
-Added in Windows, version 1709. Virtualization-based security status.  Value is one of the following:
+Added in Windows, version 1709. Virtualization-based security status.  Value is one of the following values:
 - 0 - Running
 - 1 - Reboot required 
-- 2 - 64 bit architecture required 
+- 2 - 64-bit architecture required 
 - 3 - Not licensed 
 - 4 - Not configured 
 - 5 - System doesn't meet hardware requirements 
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index fbdf08a6d0..4b820066f6 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 03/12/2018
 ---
 
diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md
index e9c0979c67..ef7c93a036 100644
--- a/windows/client-management/mdm/devinfo-csp.md
+++ b/windows/client-management/mdm/devinfo-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DevInfo CSP
-description: Learn now the DevInfo configuration service provider handles the managed object which provides device information to the OMA DM server.
+description: Learn how the DevInfo configuration service provider handles the managed object that provides device information to the OMA DM server.
 ms.assetid: d3eb70db-1ce9-4c72-a13d-651137c1713c
 ms.reviewer: 
 manager: dansimp
@@ -8,23 +8,23 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
 # DevInfo CSP
 
 
-The DevInfo configuration service provider handles the managed object which provides device information to the OMA DM server. This device information is automatically sent to the OMA DM server at the beginning of each OMA DM session.
+The DevInfo configuration service provider handles the managed object that provides device information to the OMA DM server. This device information is automatically sent to the OMA DM server at the beginning of each OMA DM session.
 
 > [!NOTE]
 > This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application.
 
  
 
-For the DevInfo CSP, you cannot use the Replace command unless the node already exists.
+For the DevInfo CSP, you can't use the Replace command unless the node already exists.
 
-The following shows the DevInfo configuration service provider management object in tree format as used by OMA Device Management. The OMA Client provisioning protocol is not supported by this configuration service provider.
+The following example shows the DevInfo configuration service provider management object in tree format as used by OMA Device Management. The OMA Client provisioning protocol isn't supported by this configuration service provider.
 ```
 .
 DevInfo
@@ -52,14 +52,14 @@ The **UseHWDevID** parm of the [DMAcc configuration service provider](dmacc-csp.
 **Man**  
 Required. Returns the name of the OEM. For Windows 10 for desktop editions, it returns the SystemManufacturer as defined in HKEY\_LOCAL\_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\SystemManufacturer.
 
-If no name is found, this returns "Unknown".
+If no name is found, the value returned is "Unknown".
 
 Supported operation is Get.
 
 **Mod**  
 Required. Returns the name of the hardware device model as specified by the mobile operator. For Windows 10 for desktop editions, it returns the SystemProductName as defined in HKEY\_LOCAL\_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\SystemProductName.
 
-If no name is found, this returns "Unknown".
+If no name is found, the value returned is "Unknown".
 
 Supported operation is Get.
 
diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md
index aec2b4cc91..3cf4154682 100644
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
index 3bd7186d4f..057030f5f3 100644
--- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
+++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
@@ -8,8 +8,9 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/25/2018
+ms.collection: highpri
 ---
 
 # Diagnose MDM failures in Windows 10
@@ -18,15 +19,15 @@ To help diagnose enrollment or device management issues in Windows 10 devices m
 
 ## Download the MDM Diagnostic Information log from Windows 10 PCs
 
-1. On your managed device go to **Settings** > **Accounts** > **Access work or school**.
+1. On your managed device, go to **Settings** > **Accounts** > **Access work or school**.
 1. Click your work or school account, then click **Info.**  
-   ![Access work or school page in Settings](images/diagnose-mdm-failures15.png)
+   ![Access work or school page in Settings.](images/diagnose-mdm-failures15.png)
 
 1. At the bottom of the **Settings** page, click **Create report**.  
-   ![Access work or school page and then Create report](images/diagnose-mdm-failures16.png)
+   ![Access work or school page and then Create report.](images/diagnose-mdm-failures16.png)
 1. A window opens that shows the path to the log files. Click **Export**.
 
-   ![Access work or school log files](images/diagnose-mdm-failures17.png)
+   ![Access work or school log files.](images/diagnose-mdm-failures17.png)
 
 1. In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
 
@@ -35,12 +36,12 @@ To help diagnose enrollment or device management issues in Windows 10 devices m
 You can also collect the MDM Diagnostic Information logs using the following command:
 
 ```xml
-mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -cab c:\users\public\documents\MDMDiagReport.cab
+mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -zip c:\users\public\documents\MDMDiagReport.zip
 ```
 -   In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
 
-### Understanding cab structure
-The cab file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the cab files collected via command line or Feedback Hub
+### Understanding zip structure
+The zip file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the zip files collected via command line or Feedback Hub
 
 -   DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls
 -   DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
@@ -59,7 +60,7 @@ Starting with the Windows 10, version 1511, MDM logs are captured in the Event
 
 Here's a screenshot:
 
-![mdm event viewer](images/diagnose-mdm-failures1.png)
+![mdm event viewer.](images/diagnose-mdm-failures1.png)
 
 In this location, the **Admin** channel logs events by default. However, if you need more details logs you can enable **Debug** logs by choosing **Show Analytic and Debug** logs option in **View** menu in Event Viewer.
 
@@ -87,7 +88,7 @@ You can open the log files (.evtx files) in the Event Viewer on a Windows 10 PC
 
 ## Collect logs remotely from Windows 10 PCs
 
-When the PC is already enrolled in MDM, you can remotely collect logs from the PC through the MDM channel if your MDM server supports this. The [DiagnosticLog CSP](diagnosticlog-csp.md) can be used to enable an event viewer channel by full name. Here are the Event Viewer names for the Admin and Debug channels:
+When the PC is already enrolled in MDM, you can remotely collect logs from the PC through the MDM channel if your MDM server supports this facility. The [DiagnosticLog CSP](diagnosticlog-csp.md) can be used to enable an event viewer channel by full name. Here are the Event Viewer names for the Admin and Debug channels:
 
 -   Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FAdmin
 -   Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FDebug
@@ -133,74 +134,6 @@ Example: Export the Debug logs
 
 ```
 
-**To collect logs manually**
-
-1.  Download and install the [Field Medic]( https://go.microsoft.com/fwlink/p/?LinkId=718232) app from the store.
-2.  Open the Field Medic app and then click on **Advanced**.
-
-    ![field medic screenshot 2](images/diagnose-mdm-failures2.png)
-
-3.  Click on **Choose with ETW provider to use**.
-
-    ![field medic screenshot 3](images/diagnose-mdm-failures3.png)
-
-4.  Check **Enterprise** and un-check the rest.
-
-    ![field medic screenshot 4](images/diagnose-mdm-failures4.png)
-
-5.  In the app, click on **Start Logging** and then perform the operation that you want to troubleshoot.
-
-    ![field medic screenshot 5](images/diagnose-mdm-failures2.png)
-
-6.  When the operation is done, click on **Stop Logging**.
-
-    ![field medic screenshot 6](images/diagnose-mdm-failures5.png)
-
-7.  Save the logs. They will be stored in the Field Medic log location on the device.
-8.  You can send the logs via email by attaching the files from **Documents > Field Medic > Reports > ...** folder.
-
-    ![device documents folder](images/diagnose-mdm-failures6.png)![device folder screenshot 7](images/diagnose-mdm-failures7.png)![device folder screenshot 8](images/diagnose-mdm-failures8.png)
-
-The following table contains a list of common providers and their corresponding GUIDs.
-
-| GUID                                 | Provider Name                                          |
-|--------------------------------------|--------------------------------------------------------|
-| 099614a5-5dd7-4788-8bc9-e29f43db28fc | Microsoft-Windows-LDAP-Client                          |
-| 0f67e49f-fe51-4e9f-b490-6f2948cc6027 | Microsoft-Windows-Kernel-Processor-Power               |
-| 0ff1c24b-7f05-45c0-abdc-3c8521be4f62 | Microsoft-Windows-Mobile-Broadband-Experience-SmsApi   |
-| 10e4f0e0-9686-4e62-b2d6-fd010eb976d3 | Microsoft-WindowsPhone-Shell-Events                    |
-| 1e39b4ce-d1e6-46ce-b65b-5ab05d6cc266 | Microsoft-Windows-Networking-RealTimeCommunication     |
-| 22a7b160-f6e8-46b9-8e0b-a51989c85c66 | Microsoft-WindowsPhone-Bluetooth-AG                    |
-| 2f94e1cc-a8c5-4fe7-a1c3-53d7bda8e73e | Microsoft-WindowsPhone-ConfigManager2                  |
-| 331c3b3a-2005-44c2-ac5e-77220c37d6b4 | Microsoft-Windows-Kernel-Power                         |
-| 33693e1d-246a-471b-83be-3e75f47a832d | Microsoft-Windows-BTH-BTHUSB                           |
-| 3742be72-99a9-42e6-9fd5-c01a330e3625 | Microsoft-WindowsPhone-PhoneAudio                      |
-| 3b9602ff-e09b-4c6c-bc19-1a3dfa8f2250 | Microsoft-WindowsPhone-OmaDm-Client-Provider           |
-| 3da494e4-0fe2-415C-b895-fb5265c5c83b | Microsoft-WindowsPhone-Enterprise-Diagnostics-Provider |
-| 3f471139-acb7-4a01-b7a7-ff5da4ba2d43 | Microsoft-Windows-AppXDeployment-Server                |
-| 4180c4f7-e238-5519-338f-ec214f0b49aa | Microsoft.Windows.ResourceManager                      |
-| 4637124c-1d40-4b4d-892f-2aaecf24ff06 | Microsoft-Windows-WinJson                              |
-| 4d13548f-c7b8-4174-bb7a-d7f64bf22d29 | Microsoft-WindowsPhone-LocationServiceProvider         |
-| 4eacb4d0-263b-4b93-8cd6-778a278e5642 | Microsoft-Windows-GenericRoaming                       |
-| 4f386063-ef17-4629-863c-d71597af743d | Microsoft-WindowsPhone-NotificationService             |
-| 55404e71-4db9-4deb-a5f5-8f86e46dde56 | Microsoft-Windows-Winsock-NameResolution               |
-| 59819d0a-adaf-46b2-8d7c-990bc39c7c15 | Microsoft-Windows-Battery                              |
-| 5c103042-7e75-4629-a748-bdfa67607fac | Microsoft-WindowsPhone-Power                           |
-| 69c1c3f1-2b5c-41d0-a14a-c7ca5130640e | Microsoft-WindowsPhone-Cortana                         |
-| 6ad52b32-d609-4be9-ae07-ce8dae937e39 | Microsoft-Windows-RPC                                  |
-| 7263516b-6eb0-477b-b64f-17b91d29f239 | Microsoft-WindowsPhone-BatterySense                    |
-| 7dd42a49-5329-4832-8dfd-43d979153a88 | Microsoft-Windows-Kernel-Network                       |
-| ae4bd3be-f36f-45b6-8d21-bdd6fb832853 | Microsoft-Windows-Audio                                |
-| daa6a96b-f3e7-4d4d-a0d6-31a350e6a445 | Microsoft-Windows-WLAN-Driver                          |
-| 4d13548f-c7b8-4174-bb7a-d7f64bf22d29 | Microsoft-WindowsPhone-LocationServiceProvider         |
-| 74e106b7-00be-4a55-b707-7ab58d6a9e90 | Microsoft-WindowsPhone-Shell-OOBE                      |
-| cbda4dbf-8d5d-4f69-9578-be14aa540d22 | Microsoft-Windows-AppLocker                            |
-| e595f735-b42a-494b-afcd-b68666945cd3 | Microsoft-Windows-Firewall                             |
-| e5fc4a0f-7198-492f-9b0f-88fdcbfded48 | Microsoft-Windows Networking VPN                       |
-| e5c16d49-2464-4382-bb20-97a4b5465db9 | Microsoft-Windows-WiFiNetworkManager                   |
-
- -->
-
 ## Collect logs remotely from Windows 10 Holographic
 
 For holographic already enrolled in MDM, you can remotely collect MDM logs through the MDM channel using the [DiagnosticLog CSP](diagnosticlog-csp.md).
@@ -301,31 +234,31 @@ After the logs are collected on the device, you can retrieve the files through t
 
 ## View logs
 
-For best results, ensure that the PC or VM on which you are viewing logs matches the build of the OS from which the logs were collected.
+For best results, ensure that the PC or VM on which you're viewing logs matches the build of the OS from which the logs were collected.
 
 1.  Open eventvwr.msc.
 2.  Right-click on **Event Viewer(Local)** and select **Open Saved Log**.
 
-    ![event viewer screenshot](images/diagnose-mdm-failures9.png)
+    ![event viewer screenshot.](images/diagnose-mdm-failures9.png)
 
 3.  Navigate to the etl file that you got from the device and then open the file.
 4.  Click **Yes** when prompted to save it to the new log format.
 
-    ![event viewer prompt](images/diagnose-mdm-failures10.png)
+    ![event viewer prompt.](images/diagnose-mdm-failures10.png)
 
-    ![diagnose mdm failures](images/diagnose-mdm-failures11.png)
+    ![diagnose mdm failures.](images/diagnose-mdm-failures11.png)
 
 5.  The new view contains traces from the channel. Click on **Filter Current Log** from the **Actions** menu.
 
-    ![event viewer actions](images/diagnose-mdm-failures12.png)
+    ![event viewer actions.](images/diagnose-mdm-failures12.png)
 
 6.  Add a filter to Event sources by selecting **DeviceManagement-EnterpriseDiagnostics-Provider** and click **OK**.
 
-    ![event filter for Device Management](images/diagnose-mdm-failures13.png)
+    ![event filter for Device Management.](images/diagnose-mdm-failures13.png)
 
-7.  Now you are ready to start reviewing the logs.
+7.  Now you're ready to start reviewing the logs.
 
-    ![event viewer review logs](images/diagnose-mdm-failures14.png)
+    ![event viewer review logs.](images/diagnose-mdm-failures14.png)
 
 ## Collect device state data
 
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index b8ffe15b74..ded51dd0fa 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/19/2019
 ---
 
@@ -18,16 +18,16 @@ The DiagnosticLog configuration service provider (CSP) provides the following fe
 - [DiagnosticArchive area](#diagnosticarchive-area). Capture and upload event logs, log files, and registry values for troubleshooting.
 - [Policy area](#policy-area). Configure Windows event log policies, such as maximum log size.
 - [EtwLog area](#etwlog-area). Control ETW trace sessions.
-- [DeviceStateData area](#devicestatedata-area). Provide additional device information.
+- [DeviceStateData area](#devicestatedata-area). Provide more device information.
 - [FileDownload area](#filedownload-area). Pull trace and state data directly from the device.
 
-The following are the links to different versions of the DiagnosticLog CSP DDF files:
+The links to different versions of the DiagnosticLog CSP DDF files are:
 -   [DiagnosticLog CSP version 1.4](diagnosticlog-ddf.md#version-1-4)
 -   [DiagnosticLog CSP version 1.3](diagnosticlog-ddf.md#version-1-3)
 -   [DiagnosticLog CSP version 1.2](diagnosticlog-ddf.md#version-1-2)
 
 
-The following shows the DiagnosticLog CSP in tree format.
+The following example shows the DiagnosticLog CSP in tree format.
 
 ```
 ./Vendor/MSFT/DiagnosticLog
@@ -90,7 +90,9 @@ The data type is string.
 Expected value:
 Set and Execute are functionality equivalent, and each accepts a `Collection` XML snippet (as a string) describing what data to gather and where to upload it. The results are zipped and uploaded to the specified SasUrl. The zipped filename format is "DiagLogs-{ComputerName}-YYYYMMDDTHHMMSSZ.zip".
 
-The following is an example of a `Collection` XML.
+With Windows 10 KB5011543, Windows 11 KB5011563 we have added support for an additional element which will determine whether the output file generated by the CSP is a flattened folder structure, instead of having individual folders for each directive in the XML. 
+
+The following example shows a `Collection` XML:
 
 ``` xml
 
@@ -104,6 +106,7 @@ The following is an example of a `Collection` XML.
    %windir%\system32\mdmdiagnosticstool.exe -out %ProgramData%\temp\
    %ProgramData%\temp\*.*
    Application
+   Flattened
 
 
 ```
@@ -113,7 +116,7 @@ The XML should include the following elements within the `Collection` element:
 The ID value uniquely identifies this data-gathering request. To avoid accidental repetition of data gathering, the CSP ignores subsequent Set or Execute invocations with the same ID value. The CSP expects the value to be populated when the request is received, so it must be generated by the IT admin or the management server.
 
 **SasUrl**
-The SasUrl value is the target URI to which the CSP uploads the zip file containing the gathered data. It is the responsibility of the management server to provision storage in such a way that the storage server accepts the device's HTTP PUT to this URL. For example, the device management service could:
+The SasUrl value is the target URI to which the CSP uploads the zip file containing the gathered data. It's the responsibility of the management server to provision storage in such a way that the storage server accepts the device's HTTP PUT to this URL. For example, the device management service could:
 - Provision cloud storage reachable by the target device, such as a Microsoft Azure blob storage container
 - Generate a Shared Access Signature URL granting the possessor (the target device) time-limited write access to the storage container
 - Pass this value to the CSP on the target device through the `Collection` XML as the `SasUrl` value.
@@ -124,7 +127,7 @@ The SasUrl value is the target URI to which the CSP uploads the zip file contain
   - Exports all of the key names and values under a given path (recursive).
   - Expected input value: Registry path such as "HKLM\Software\Policies".
   - Output format: Creates a .reg file, similar to the output of reg.exe EXPORT command.
-  - Privacy guardrails: To enable diagnostic log capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, registry paths are restricted to those under HKLM and HKCR.
+  - Privacy guardrails: To enable diagnostic log capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, registry paths are restricted to those paths that're under HKLM and HKCR.
 
 - **Events**
   - Exports all events from the named Windows event log.
@@ -132,9 +135,9 @@ The SasUrl value is the target URI to which the CSP uploads the zip file contain
   - Output format: Creates a .evtx file.
 
 - **Commands**
-  - This directive type allows the execution of specific commands such as ipconfig.exe. Note that DiagnosticArchive and the Commands directives are not a general-purpose scripting platform. These commands are allowed in the DiagnosticArchive context to handle cases where critical device information may not be available through existing log files.
+  - This directive type allows the execution of specific commands such as ipconfig.exe. Note that DiagnosticArchive and the Commands directives aren't a general-purpose scripting platform. These commands are allowed in the DiagnosticArchive context to handle cases where critical device information may not be available through existing log files.
   - Expected input value: The full command line including path and any arguments, such as `%windir%\\system32\\ipconfig.exe /all`.
-  - Output format: Console text output from the command is captured in a text file and included in the overall output archive. For commands which may generate file output rather than console output, a subsequent FolderFiles directive would be used to capture that output. The example XML above demonstrates this pattern with mdmdiagnosticstool.exe's -out parameter.
+  - Output format: Console text output from the command is captured in a text file and included in the overall output archive. For commands that may generate file output rather than console output, a subsequent FolderFiles directive would be used to capture that output. The example XML above demonstrates this pattern with mdmdiagnosticstool.exe's -out parameter.
   - Privacy guardrails: To enable diagnostic data capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only the following commands are allowed:
     - %windir%\\system32\\certutil.exe
     - %windir%\\system32\\dxdiag.exe
@@ -176,6 +179,11 @@ The SasUrl value is the target URI to which the CSP uploads the zip file contain
     - .evtx
     - .etl
 
+- **OutputFileFormat**
+  - Flattens folder structure, instead of having individual folders for each directive in the XML.
+  - The value “Flattened” is the only supported value for the OutputFileFormat. If the OutputFileFormat is absent in the XML, or if explicitly set to something other than Flattened, it will leave the file structure in old structure.  
+
+
 **DiagnosticArchive/ArchiveResults**
 Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run.
 
@@ -229,11 +237,11 @@ A Get to the above URI will return the results of the data gathering for the las
 
 ```
 
-Each data gathering node is annotated with the HRESULT of the action and the collection is also annotated with an overall HRESULT. In this example, note that the mdmdiagnosticstool.exe command failed.
+Each data gathering node is annotated with the HRESULT of the action and the collection is also annotated with an overall HRESULT. In this example, the mdmdiagnosticstool.exe command failed.
 
 ### Making use of the uploaded data
 
-The zip archive which is created and uploaded by the CSP contains a folder structure like the following:
+The zip archive that is created and uploaded by the CSP contains a folder structure like the following example:
 
 ```powershell
 PS C:\> dir C:\DiagArchiveExamples\DiagLogs-MYDEVICE-20201202T182748Z
@@ -246,7 +254,15 @@ la---            1/4/2021  2:45 PM                1
 la---            1/4/2021  2:45 PM                2
 la---           12/2/2020  6:27 PM           2701 results.xml
 ```
-Each data gathering directive from the original `Collection` XML corresponds to a folder in the output. For example, if the first directive was HKLM\Software\Policies then folder `1` will contain the corresponding `export.reg` file.
+Each data gathering directive from the original `Collection` XML corresponds to a folder in the output. 
+For example, the first directive was:
+
+```xml
+
+     HKLM\Software\Policies
+
+```
+then folder `1` will contain the corresponding `export.reg` file.
 
 The `results.xml` file is the authoritative map to the output. It includes a status code for each directive. The order of the directives in the file corresponds to the order of the output folders. Using `results.xml` the administrator can see what data was gathered, what failures may have occurred, and which folders contain which output. For example, the following `results.xml` content indicates that registry export of HKLM\Software\Policies was successful and the data can be found in folder `1`. It also indicates that `netsh.exe wlan show profiles` command failed.
 
@@ -262,7 +278,7 @@ Administrators can apply automation to 'results.xml' to create their own preferr
 ```powershell
 Select-XML -Path results.xml -XPath '//RegistryKey | //Command | //Events | //FoldersFiles' | Foreach-Object -Begin {$i=1} -Process { [pscustomobject]@{DirectiveNumber=$i; DirectiveHRESULT=$_.Node.HRESULT; DirectiveInput=$_.Node.('#text')} ; $i++}
 ```
-This example produces output similar to the following:
+This example produces output similar to the following output:
 ```
 DirectiveNumber DirectiveHRESULT DirectiveInput
 --------------- ---------------- --------------
@@ -319,7 +335,7 @@ foreach( $element in $resultElements )
 #endregion
 Remove-Item -Path $diagnosticArchiveTempUnzippedPath -Force -Recurse
 ```
-That example script produces a set of files similar to the following, which can be a useful view for an administrator interactively browsing the results without needing to navigate any sub-folders or refer to `results.xml` repeatedly:
+That example script produces a set of files similar to the following set of files, which can be a useful view for an administrator interactively browsing the results without needing to navigate any subfolders or refer to `results.xml` repeatedly:
 
 ```powershell
 PS C:\> dir C:\DiagArchiveExamples\DiagLogs-MYDEVICE-20201202T182748Z.zip_formatted | format-table Length,Name
@@ -355,10 +371,11 @@ Added in version 1.4 of the CSP in Windows 10, version 1903. Node that contains
 The supported operation is Get.
 
 **Policy/Channels/_ChannelName_**
-Added in version 1.4 of the CSP in Windows 10, version 1903. Dynamic node to represent a registered channel. The node name must be a valid Windows event log channel name, such as ``Microsoft-Client-Licensing-Platform%2FAdmin``. When specifying the name in the LocURI, it must be URL encoded, otherwise it may unexpectedly translate into a different URI.
+Added in version 1.4 of the CSP in Windows 10, version 1903. Dynamic node to represent a registered channel. The node name must be a valid Windows event log channel name, such as ``Microsoft-Client-Licensing-Platform%2FAdmin``. When the name is being specified in the LocURI, it must be URL encoded, otherwise it may unexpectedly translate into a different URI.
 
 Supported operations are Add, Delete, and Get.
 
+
 Add **Channel**
 ``` xml
  
@@ -422,7 +439,7 @@ Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting
 
 If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte and 2 terabytes in megabyte increments.
 
-If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte.
+If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte.
 
 Supported operations are Add, Delete, Get, and Replace.
 
@@ -522,7 +539,7 @@ The data type is string.
 
 Default string is as follows:
 
-https://docs.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype.
+`https://docs.microsoft.com/windows/'desktop/WES/eventmanifestschema-channeltype-complextype`
 
 Add **SDDL**
 ``` xml
@@ -619,11 +636,11 @@ Supported operations are Add, Delete, Get, and Replace.
 The data type is string.
 
 The following are the possible values:
-- Truncate — When the log file reaches its maximum file size, new events are not written to the log and are lost.
-- Overwrite — When the log file reaches its maximum file size, new events overwrite old events.
-- Archive — When the log file reaches its maximum size, the log file is saved to the location specified by the "Archive Location" policy setting. If archive location value is not set, the new file is saved in the same directory as current log file.
+- Truncate—When the log file reaches its maximum file size, new events aren't written to the log and are lost.
+- Overwrite—When the log file reaches its maximum file size, new events overwrite old events.
+- Archive—When the log file reaches its maximum size, the log file is saved to the location specified by the "Archive Location" policy setting. If archive location value isn't set, the new file is saved in the same directory as current log file.
 
-If you disable or do not configure this policy setting, the locally configured value will be used as default. Every channel that is installed, whether inbox or by ISVs, is responsible for defining its own local configuration, and that configuration can be changed by any administrator. Values set via this policy override but do not replace local configuration.
+If you disable or don't configure this policy setting, the locally configured value will be used as default. Every channel that is installed, whether inbox or by ISVs, is responsible for defining its own local configuration, and that configuration can be changed by any administrator. Values set via this policy override but don't replace local configuration.
 
 
 Add **ActionWhenFull**
@@ -720,10 +737,10 @@ Supported operations are Add, Delete, Get, and Replace.
 The data type is boolean.
 
 The following are the possible values:
-- TRUE — Enables the channel.
-- FALSE — Disables the channel.
+- TRUE—Enables the channel.
+- FALSE—Disables the channel.
 
-If you disable or do not configure this policy setting, the locally configured value is used as default.
+If you disable or don't configure this policy setting, the locally configured value is used as default.
 
 Get **Enabled**
 ``` xml
@@ -836,7 +853,7 @@ For each collector node, the user can:
 - Change trace log file mode
 - Change trace log file size limit
 
-The configurations log file mode and log file size limit does not take effect while trace session is in progress. These are applied when user stops the current session and then starts it again for this collector.
+The configurations log file mode and log file size limit don't take effect while trace session is in progress. These attributes are applied when user stops the current session and then starts it again for this collector.
 
 For each registered provider in this collector, the user can:
 
@@ -851,7 +868,7 @@ The changes on **State**, **Keywords**, and **TraceLevel** takes effect immediat
 
  ### Channel-based tracing
 
-The type of event tracing exports event data from a specific channel. This is only supported on the desktop.
+The type of event tracing exports event data from a specific channel. This method is only supported on the desktop.
 
 Users can add or delete a channel node using the full name, such as Microsoft-Windows-AppModel-Runtime/Admin.
 
@@ -982,7 +999,7 @@ The following table lists the possible values:
 
 The supported operation is Execute.
 
-After you have added a logging task, you can start a trace by running an Execute command on this node with the value START.
+After you've added a logging task, you can start a trace by running an Execute command on this node with the value START.
 
 To stop the trace, running an execute command on this node with the value STOP.
 
@@ -1200,7 +1217,7 @@ The following table lists the possible values:
 
 | Value | Description        |
 | ----- | ------------------ |
-| TRUE  | Provider is enabled in the trace session. This is the default. |
+| TRUE  | Provider is enabled in the trace session. This value is the default value. |
 | FALSE | Provider is disabled in the trace session. |
 
 Set provider **State**
@@ -1387,7 +1404,7 @@ Set channel **State**
 
 ## DeviceStateData area
 
-The DeviceStateData functionality within the DiagnosticLog CSP provides additional device information.
+The DeviceStateData functionality within the DiagnosticLog CSP provides extra device information.
 
 The following section describes the nodes for the DeviceStateData functionality.
 
@@ -1426,10 +1443,10 @@ The FileDownload feature of the DiagnosticLog CSP enables a management server to
 
 ### Comparing FileDownload and DiagnosticArchive
 
-Both the FileDownload and DiagnosticArchive features can be used to get data from the device to the management server, but they are optimized for different workflows.
+Both the FileDownload and DiagnosticArchive features can be used to get data from the device to the management server, but they're optimized for different workflows.
 
-- FileDownload enables the management server to directly pull byte-level trace data from the managed device. The data transfer takes place through the existing OMA-DM/SyncML context. It is typically used together with the EtwLogs feature as part of an advanced monitoring or diagnostic flow. FileDownlod requires granular orchestration by the management server, but avoids the need for dedicated cloud storage.
-- DiagnosticArchive allows the management server to give the CSP a full set of instructions as single command. Based on those instructions the CSP orchestrates the work client-side to package the requested diagnostic files into a zip archive and upload that archive to cloud storage. The data transfer happens outside of the OMA-DM session, via an HTTP PUT.
+- FileDownload enables the management server to directly pull byte-level trace data from the managed device. The data transfer takes place through the existing OMA-DM/SyncML context. It's used together with the EtwLogs feature as part of an advanced monitoring or diagnostic flow. FileDownlod requires granular orchestration by the management server, but avoids the need for dedicated cloud storage.
+- DiagnosticArchive allows the management server to give the CSP a full set of instructions as single command. Based on those instructions, the CSP orchestrates the work client-side to package the requested diagnostic files into a zip archive and upload that archive to cloud storage. The data transfer happens outside of the OMA-DM session, via an HTTP PUT.
 
 The following section describes the nodes for the FileDownload functionality.
 
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index f635ed44c6..0f25053a37 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
index 35fe6568b0..f3e3c24cf9 100644
--- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
+++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
@@ -1,6 +1,6 @@
 ---
 title: Disconnecting from the management infrastructure (unenrollment)
-description: Disconnecting may be initiated either locally by the user from the phone or remotely by the IT admin using management server.
+description: Disconnecting is initiated either locally by the user using a phone or remotely by the IT admin using management server.
 MS-HAID:
 - 'p\_phdevicemgmt.disconnecting\_from\_the\_management\_infrastructure\_\_unenrollment\_'
 - 'p\_phDeviceMgmt.disconnecting\_from\_mdm\_unenrollment'
@@ -11,22 +11,23 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
 
 # Disconnecting from the management infrastructure (unenrollment)
 
-Disconnecting may be initiated either locally by the user from the phone or remotely by the IT admin using management server. User-initiated disconnection is performed much like the initial connection, and it is initiated from the same location in the Setting Control Panel as creating the workplace account. Users may choose to disconnect for any number of reasons, including leaving the company or getting a new device and no longer needing access to their LOB apps on the old device. When an administrator initiates a disconnection, the enrollment client performs the disconnection during its next regular maintenance session. Administrators may choose to disconnect a user’s device after they’ve left the company or because the device is regularly failing to comply with the organization’s security settings policy.
+The Disconnecting process is done either locally by the user who uses a phone or remotely by the IT administrator using management server. The user-initiated disconnection process is similar to the initial connection, wherein its initiation is from the same location in the Setting Control Panel as creating the workplace account. 
+The users choose to disconnect for any number of reasons, such as the ones described below: leaving the company or getting a new device or not needing access to their LOB apps on the old device, anymore. When an IT administrator initiates a disconnection, the enrollment client performs the disconnection during the next regular maintenance session. Administrators choose to disconnect users' device after they’ve left the company or because the device is regularly failing to comply with the organization’s security settings policy.
 
-During disconnection, the client does the following:
+During disconnection, the client executes the following tasks:
 
 -   Removes the enterprise application token that allowed installing and running LOB apps. Any business applications associated with this enterprise token are removed as well.
 -   Removes certificates that are configured by MDM server.
--   Ceases enforcement of the settings policies that the management infrastructure has applied.
+-   Ceases enforcement of the settings policies applied by the management infrastructure.
 -   Removes the device management client configuration and other setting configuration added by MDM server, including the scheduled maintenance task. The client remains dormant unless the user reconnects it to the management infrastructure.
--   Reports successful initiated disassociation to the management infrastructure if the admin initiated the process. Note that in Windows, user-initiated disassociation is reported to the server as a best effort.
+-   Reports successfully initiated disassociation to the management infrastructure if the admin initiated the process. In Windows, a user-initiated disassociation is reported to the server as a best effort.
 
 
 ## In this topic
@@ -40,12 +41,12 @@ During disconnection, the client does the following:
 
 ## User-initiated disconnection
 
-In Windows, after the user confirms the account deletion command and before the account is deleted, the MDM client will send a notification to the MDM server notifying that the server the account will be removed. This is a best effort action as no retry is built-in to ensure the notification is successfully sent to the device.
+In Windows, after the user confirms the account deletion command and before the account is deleted, the MDM client will notify to the MDM server that the account will be removed. This notification is a best-effort action as no retry is built-in to ensure the notification is successfully sent to the device.
 
 This action utilizes the OMA DM generic alert 1226 function to send a user an MDM unenrollment user alert to the MDM server after the device accepts the user unenrollment request, but before it deletes any enterprise data. The server should set the expectation that unenrollment may succeed or fail, and the server can check whether the device is unenrolled by either checking whether the device calls back at scheduled time or by sending a push notification to the device to see whether it responds back. If the server plans to send a push notification, it should allow for some delay to give the device the time to complete the unenrollment work.
 
 > [!NOTE]
-> The user unenrollment is an OMA DM standard. For more information about the 1226 generic alert, refer to the OMA Device Management Protocol specification (OMA-TS-DM\_Protocol-V1\_2\_1-20080617-A), available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/).
+> The user unenrollment is an OMA DM standard. For more information about the 1226 generic alert, see the OMA Device Management Protocol specification (OMA-TS-DM\_Protocol-V1\_2\_1-20080617-A), available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/).
 
  
 The vendor uses the Type attribute to specify what type of generic alert it is. For device initiated MDM unenrollment, the alert type is **com.microsoft:mdm.unenrollment.userrequest**.
@@ -135,11 +136,11 @@ You can only use the Work Access page to unenroll under the following conditions
 
 ## Unenrollment from Azure Active Directory Join
 
-When a user is enrolled into MDM through Azure Active Directory Join and then disconnects the enrollment, there is no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message does not indicate the loss of WIP data.
+When a user is enrolled into MDM through Azure Active Directory Join and later, the enrollment disconnects, there is no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message does not indicate the loss of WIP data.
 
-![aadj unenerollment](images/azure-ad-unenrollment.png)
+![aadj unenerollment.](images/azure-ad-unenrollment.png)
 
-When a device is enrolled into MDM through Azure Active Directory Join and then remotely unenrolled, the device may get into a state where it must be re-imaged. When devices are remotely unenrolled from MDM, the AAD association is also removed. This safeguard is in place to avoid leaving the corporated devices in unmanaged state.
+During the process in which a device is enrolled into MDM through Azure Active Directory Join and then remotely unenrolled, the device may get into a state where it must be reimaged. When devices are remotely unenrolled from MDM, the Azure Active Directory association is also removed. This safeguard is in place to avoid leaving the corporated devices in unmanaged state.
 
 Before remotely unenrolling corporate devices, you must ensure that there is at least one admin user on the device that is not part of the Azure tenant, otherwise the device will not have any admin user after the operation.
 
@@ -148,7 +149,7 @@ In mobile devices, remote unenrollment for Azure Active Directory Joined devices
 
 ## IT admin–requested disconnection
 
-The server requests an enterprise management disconnection request by issuing an Exec OMA DM SyncML XML command to the device using the DMClient configuration service provider’s Unenroll node during the next client-initiated DM session. The Data tag inside the Exec command should be the value of the provisioned DM server ProviderID. For more information, see the Enterprise-specific DM client configuration topic.
+The server requests an enterprise management disconnection by issuing an Exec OMA DM SyncML XML command to the device, using the DMClient configuration service provider’s Unenroll node during the next client-initiated DM session. The Data tag inside the Exec command should be the value of the provisioned DM server ProviderID. For more information, see the Enterprise-specific DMClient configuration topic.
 
 When the disconnection is completed, the user is notified that the device has been disconnected from enterprise management.
 
diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md
index e7e340552c..4e55cd3c89 100644
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -21,9 +21,9 @@ The DMAcc configuration service provider allows an OMA Device Management (DM) ve
 
  
 
-For the DMAcc CSP, you cannot use the Replace command unless the node already exists.
+For the DMAcc CSP, you can't use the Replace command unless the node already exists.
 
-The following shows the DMAcc configuration service provider management object in tree format as used by OMA Device Management version 1.2. The OMA Client Provisioning protocol is not supported by this configuration service provider.
+The following example shows the DMAcc configuration service provider management object in tree format as used by OMA Device Management version 1.2. The OMA Client Provisioning protocol isn't supported by this configuration service provider.
 
 ```
 ./SyncML
@@ -103,7 +103,7 @@ Required.
 **AppAddr/***ObjectName*  
 Required. Defines the OMA DM server address. Only one server address can be configured.
 
-When mapping the [w7 APPLICATION configuration service provider](w7-application-csp.md) to the DMAcc Configuration Service Provider, the name of this element is "1". This is the first DM address encountered in the w7 APPLICATION configuration service provider, other DM accounts are ignored.
+When the [w7 APPLICATION configuration service provider](w7-application-csp.md) is being mapped to the DMAcc Configuration Service Provider, the name of this element is "1". This DM address is the first one encountered in the w7 APPLICATION configuration service provider; other DM accounts are ignored.
 
 ***ObjectName*/Addr**  
 Required. Specifies the address of the OMA DM account. The type of address stored is specified by the AddrType element.
@@ -125,10 +125,10 @@ Optional.
 **Port/***ObjectName*  
 Required. Only one port number can be configured.
 
-When mapping the [w7 APPLICATION configuration service provider](w7-application-csp.md) to the DMAcc Configuration Service Provider, the name of this element is "1".
+When the [w7 APPLICATION configuration service provider](w7-application-csp.md) is being mapped to the DMAcc Configuration Service Provider, the name of this element is "1".
 
 ***ObjectName*/PortNbr**  
-Required. Specifies the port number of the OMA MD account address. This must be a decimal number that fits within the range of a 16-bit unsigned integer.
+Required. Specifies the port number of the OMA MD account address. This number must be a decimal number that fits within the range of a 16-bit unsigned integer.
 
 Value type is string. Supported operations are Add, Get, and Replace.
 
@@ -137,7 +137,7 @@ Optional. Specifies the application authentication preference.
 
 A value of "BASIC" specifies that the client attempts BASIC authentication. A value of "DIGEST' specifies that the client attempts MD5 authentication.
 
-If this value is empty, the client attempts to use the authentication mechanism negotiated in the previous session if one exists. If the value is empty, no previous session exists, and MD5 credentials exist, clients try MD5 authorization first. If the criteria are not met then the client tries BASIC authorization first.
+If this value is empty, the client attempts to use the authentication mechanism negotiated in the previous session if one exists. If the value is empty, no previous session exists, and MD5 credentials exist, clients try MD5 authorization first. If the criteria aren't met, then the client tries BASIC authorization first.
 
 Value type is string. Supported operations are Add, Get, and Replace.
 
@@ -147,7 +147,7 @@ Optional. Defines authentication settings.
 **AppAuth/***ObjectName*  
 Required. Defines one set of authentication settings.
 
-When mapping the [w7 APPLICATION configuration service provider](w7-application-csp.md) to the DMAcc Configuration Service Provider, the name of this element is same name as the AAuthLevel value ("CLRED" or "SRVCRED").
+When the [w7 APPLICATION configuration service provider](w7-application-csp.md) is being mapped to the DMAcc Configuration Service Provider, the name of this element is same name as the AAuthLevel value ("CLRED" or "SRVCRED").
 
 ***ObjectName*/AAuthlevel**  
 Required. Specifies the application authentication level.
@@ -176,7 +176,7 @@ Value type is string. Supported operations are Add and Replace.
 ***ObjectName*/AAuthData**  
 Optional. Specifies the next nonce used for authentication.
 
-"Nonce" refers to a number used once. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in repeat attacks.
+"Nonce" refers to a number used once. It's often a random or pseudo-random number issued in an authentication protocol to ensure that old communications can't be reused in repeat attacks.
 
 Value type is binary. Supported operations are Add and Replace.
 
@@ -226,16 +226,16 @@ The default value is 86400000.
 Value type is integer. Supported operations are Add, Get, and Replace.
 
 **Microsoft/ProtoVer**  
-Optional. Specifies the OMA DM Protocol version that the server supports. There is no default value.
+Optional. Specifies the OMA DM Protocol version that the server supports. There's no default value.
 
-Valid values are "1.1" and "1.2". The protocol version set by this element will match the protocol version that the DM client reports to the server in SyncHdr in package 1. If this element is not specified when adding a DM server account, the latest DM protocol version that the client supports is used. Windows 10 clients support version 1.2.
+Valid values are "1.1" and "1.2". The protocol version set by this element will match the protocol version that the DM client reports to the server in SyncHdr in package 1. If this element isn't specified when adding a DM server account, the latest DM protocol version that the client supports is used. Windows 10 clients support version 1.2.
 
 Value type is string. Supported operations are Add, Get, and Replace.
 
 **Microsoft/Role**  
 Required. Specifies the role mask that the OMA DM session runs with when it communicates with the server.
 
-If this parameter is not present, the DM session is given the role mask of the OMA DM session that the server created. The following list shows the valid security role masks and their values.
+If this parameter isn't present, the DM session is given the role mask of the OMA DM session that the server created. The following list shows the valid security role masks and their values.
 
 -   4 = SECROLE\_OPERATOR
 
@@ -245,7 +245,7 @@ If this parameter is not present, the DM session is given the role mask of the O
 
 -   128 = SECROLE\_OPERATOR\_TPS
 
-The acceptable access roles for this node cannot be more than the roles assigned to the DMAcc object.
+The acceptable access roles for this node can't be more than the roles assigned to the DMAcc object.
 
 Value type is integer. Supported operations are Get and Replace.
 
@@ -267,9 +267,9 @@ Value type is bool. Supported operations are Add, Get, and Replace.
 **Microsoft/UseNonceResync**  
 Optional. Specifies whether the OMA DM client should use the nonce resynchronization procedure if the server trigger notification fails authentication. The default is "FALSE".
 
-If the authentication fails because the server nonce does not match the server nonce that is stored on the device, then the device can use the backup nonce as the server nonce. For this procedure to be successful, if the device did not authenticate with the preconfigured nonce value, the server must then use the backup nonce when sending the signed server notification message.
+If the authentication fails because the server nonce doesn't match the server nonce that is stored on the device, then the device can use the backup nonce as the server nonce. For this procedure to be successful, if the device didn't authenticate with the preconfigured nonce value, the server must then use the backup nonce when sending the signed server notification message.
 
-The default value of "FALSE" specifies that the client does not try to authenticate the notification with the backup server nonce if authentication to the stored nonce fails. A value of "TRUE" specifies that the client initiates a DM session if the backup server nonce is received after authentication failed.
+The default value of "FALSE" specifies that the client doesn't try to authenticate the notification with the backup server nonce if authentication to the stored nonce fails. A value of "TRUE" specifies that the client initiates a DM session if the backup server nonce is received after authentication failed.
 
 Value type is bool. Supported operations are Add, Get, and Replace.
 
@@ -284,19 +284,19 @@ Optional. Determines whether the OMA DM client should be launched when roaming.
 Value type is bool. Supported operations are Add, Get, and Replace.
 
 **SSLCLIENTCERTSEARCHCRITERIA**  
-Optional. The SSLCLIENTCERTSEARCHCRITERIA parameter is used to specify the client certificate search criteria. This parameter supports search by subject attribute and certificate stores. If any other criteria are provided, it is ignored.
+Optional. The SSLCLIENTCERTSEARCHCRITERIA parameter is used to specify the client certificate search criteria. This parameter supports search by subject attribute and certificate stores. If any other criteria are provided, it's ignored.
 
 The string is a concatenation of name/value pairs, each member of the pair delimited by the "&" character. The name and values are delimited by the "=" character. If there are multiple values, each value is delimited by the Unicode character "U+F000". If the name or value contains characters not in the UNRESERVED set (as specified in RFC2396), then those characters are URI-escaped per the RFC.
 
-The supported names are Subject and Stores; wildcard certificate search is not supported.
+The supported names are Subject and Stores; wildcard certificate search isn't supported.
 
-Stores specifies which certificate stores the DM client will search to find the SSL client certificate. The valid store value is My%5CUser. The store name is not case sensitive.
+Stores specifies which certificate stores the DM client will search to find the SSL client certificate. The valid store value is My%5CUser. The store name isn't case sensitive.
 
 > **Note**   %EF%80%80 is the UTF8-encoded character U+F000.
 
  
 
-Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following:
+Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following schema:
 
 ```xml
 **UpdateManagementServiceAddress**  
-For provisioning packages only. Specifies the list of servers (semicolon delimited). The first server in the semicolon-delimited list is the server that will be used to instantiate MDM sessions. The list can be a permutation or a subset of the existing server list. You cannot add new servers to the list using this node.
+For provisioning packages only. Specifies the list of servers (semicolon delimited). The first server in the semicolon-delimited list is the server that will be used to instantiate MDM sessions. The list can be a permutation or a subset of the existing server list. You can't add new servers to the list using this node.
 
 **HWDevID**  
 Added in Windows 10, version 1703. Returns the hardware device ID.
@@ -81,28 +86,31 @@ Required. The root node for all settings that belong to a single management serv
 Supported operation is Get.
 
 **Provider/***ProviderID*  
-Required. This node contains the URI-encoded value of the bootstrapped device management account’s Provider ID. Scope is dynamic. This value is set and controlled by the MDM server. As a best practice, use text that doesn’t require XML/URI escaping.
+Required. This node contains the URI-encoded value of the bootstrapped device management account’s Provider ID. Scope is dynamic. This value is set and controlled by the MDM provider. As a best practice, use text that doesn’t require XML/URI escaping.
 
 Supported operations are Get and Add.
 
 **Provider/*ProviderID*/EntDeviceName**  
-Optional. Character string that contains the user-friendly device name used by the IT admin console. The value is set during the enrollment process by way of the DMClient CSP. You can retrieve it later during an OMA DM session.
+Optional. Character string that contains the user-friendly device name used by the IT admin console. The value is set during the enrollment process using the DMClient CSP. You can retrieve it later during an OMA DM session.
 
 Supported operations are Get and Add.
 
 **Provider/*ProviderID*/EntDMID**  
-Optional. Character string that contains the unique enterprise device ID. The value is set by the management server during the enrollment process by way of the DMClient CSP. You can retrieve it later during an OMA DM session.
+Optional. Character string that contains the unique enterprise device ID. The value is set by the management server during the enrollment process using the DMClient CSP. You can retrieve it later during an OMA DM session.
 
 Supported operations are Get and Add.
 
 > [!NOTE]
-> Although hardware device IDs are guaranteed to be unique, there is a concern that this is not ultimately enforceable during a DM session. The device ID could be changed through the w7 APPLICATION CSP’s **USEHWDEVID** parm by another management server. So during enterprise bootstrap and enrollment, a new device ID is specified by the enterprise server.
+> Although hardware device IDs are guaranteed to be unique, there's a concern that this isn't ultimately enforceable during a DM session. The device ID could be changed through the w7 APPLICATION CSP’s **USEHWDEVID** parm by another management server. So during enterprise bootstrap and enrollment, a new device ID is specified by the enterprise server.
 This node is required and must be set by the server before the client certificate renewal is triggered.
 
  
 
 **Provider/*ProviderID*/ExchangeID**  
-Optional. Character string that contains the unique Exchange device ID used by the Outlook account of the user the session is running against. This is useful for the enterprise management server to correlate and merge records for a device that is managed by exchange and natively managed by a dedicated management server.
+Optional. Character string that contains the unique Exchange device ID used by the Outlook account of the user the session is running against. The enterprise management server can correlate and merge records for:
+
+- A device that's managed by Exchange.
+- A device that's natively managed by a dedicated management server.
 
 > [!NOTE]
 > In some cases for the desktop, this node will return "not found" until the user sets up their email.
@@ -111,7 +119,7 @@ Optional. Character string that contains the unique Exchange device ID used by t
 
 Supported operation is Get.
 
-The following is a Get command example.
+The following XML is a Get command example:
 
 ```xml
 
@@ -124,13 +132,8 @@ The following is a Get command example.
 
 ```
 
-**Provider/*ProviderID*/PublisherDeviceID**  
-(Only for Windows 10 Mobile.) Optional. The PublisherDeviceID is a device-unique ID created based on the enterprise Publisher ID. Publisher ID is created based on the enterprise application token and enterprise ID via ./Vendor/MSFT/EnterpriseAppManagement/<enterprise id>/EnrollmentToken. It is to ensure that for one enterprise, each device has a unique ID associated with it. For the same device, if it has multiple enterprises’ applications, each enterprise is identified differently.
-
-Supported operation is Get.
-
 **Provider/*ProviderID*/SignedEntDMID**  
-Optional. Character string that contains the device ID. This node and the nodes **CertRenewTimeStamp** can be used by the MDM server to verify client identity in order to update the registration record after the device certificate is renewed. The device signs the **EntDMID** with the old client certificate during the certificate renewal process and saves the signature locally.
+Optional. Character string that contains the device ID. This node and the nodes **CertRenewTimeStamp** can be used by the MDM provider to verify client identity to update the registration record after the device certificate is renewed. The device signs the **EntDMID** with the old client certificate during the certificate renewal process and saves the signature locally.
 
 Supported operation is Get.
 
@@ -140,57 +143,61 @@ Optional. The time in OMA DM standard time format. This node is designed to redu
 Supported operation is Get.
 
 **Provider/*ProviderID*/ManagementServiceAddress**  
-Required. The character string that contains the device management server address. It can be updated during an OMA DM session by the management server to allow the server to load balance to another server in situations where too many devices are connected to the server.
+Required. The character string that contains the device management server address. It can be updated during an OMA DM session by the management server. It allows the server to load balance to another server when too many devices are connected to the server.
 
 > [!NOTE]
 > When the **ManagementServerAddressList** value is set, the device ignores the value.
 
  
 
-The DMClient CSP will save the address to the same location as the w7 and DMS CSPs to ensure the management client has a single place to retrieve the current server address. The initial value for this node is the same server address value as bootstrapped via the [w7 APPLICATION configuration service provider](w7-application-csp.md).
+The DMClient CSP will save the address to the same location as the w7 and DMS CSPs. The save ensures the management client has a single place to retrieve the current server address. The initial value for this node is the same server address value as bootstrapped using the [w7 APPLICATION configuration service provider](w7-application-csp.md).
 
-Starting in Windows 10, version 1511, this node supports multiple server addresses in the format <URL1><URL2><URL3>. If there is only a single URL, then the <> are not required. This is supported for both desktop and mobile devices.
+Starting in Windows 10, version 1511, this node supports multiple server addresses in the format <URL1><URL2><URL3>. If there's only a single URL, then the <> aren't required. This feature is supported on Windows client devices.
 
 During a DM session, the device will use the first address on the list and then keep going down the list until a successful connection is achieved. The DM client should cache the successfully connected server URL for the next session.
 
 Supported operations are Add, Get, and Replace.
 
 **Provider/*ProviderID*/UPN**  
-Optional. Allows the management server to update the User Principal Name (UPN) of the enrolled user. This is useful in scenarios where the user email address changes in the identity system, or in the scenario where the user enters an invalid UPN during enrollment, and fixes the UPN during federated enrollment. The UPN will be recorded and the UX will reflect the updated UPN.
+Optional. Allows the management server to update the User Principal Name (UPN) of the enrolled user. This information is useful when the user email address changes in the identity system. Or, when the user enters an invalid UPN during enrollment, and fixes the UPN during federated enrollment. The UPN will be recorded and the UX will reflect the updated UPN.
 
 Supported operations are Get and Replace.
 
 **Provider/*ProviderID*/HelpPhoneNumber**  
-Optional. The character string that allows the user experience to include a customized help phone number that the end user will be able to view and use if they need help or support.
+Optional. The character string that allows the user experience to include a customized help phone number. Users can see this information if they need help or support.
 
 Supported operations are Get, Replace, and Delete.
 
 **Provider/*ProviderID*/HelpWebsite**  
-Optional. The character string that allows the user experience to include a customized help website that the end user will be able to view and use if they need help or support.
+Optional. The character string that allows the user experience to include a customized help website. Users can see this information if they need help or support.
 
 Supported operations are Get, Replace, and Delete
 
 **Provider/*ProviderID*/HelpEmailAddress**  
-Optional. The character string that allows the user experience to include a customized help email address that the end user will be able to view and use if they need help or support.
+Optional. The character string that allows the user experience to include a customized help email address. Users can see this information if they need help or support.
 
 Supported operations are Get, Replace, and Delete.
 
 **Provider/*ProviderID*/RequireMessageSigning**  
-Boolean type. Primarily used for SSL bridging mode where firewalls and proxies are deployed and where device client identity is required. When enabled, every SyncML message from the device will carry an additional HTTP header named MDM-Signature. This header contains BASE64-encoded Cryptographic Message Syntax using a Detached Signature of the complete SyncML message SHA-2 (inclusive of the SyncHdr and SyncBody). Signing is performed using the private key of the management session certificate that was enrolled as part of the enrollment process. The device public key and PKCS9 UTC signing time stamp are included as part of the authenticated attributes in the signature.
+Boolean type. Primarily used for SSL bridging mode where firewalls and proxies are deployed and where device client identity is required. When enabled, every SyncML message from the device will carry an additional HTTP header named MDM-Signature. This header contains BASE64-encoded Cryptographic Message Syntax using a Detached Signature of the complete SyncML message SHA-2 (inclusive of the SyncHdr and SyncBody). Signing is performed using the private key of the management session certificate that was enrolled as part of the enrollment process. The device public key and PKCS9 UTC signing time stamp are included in the authenticated attributes in the signature.
 
-Default value is false, where the device management client does not include authentication information in the management session HTTP header. Optionally set to true, where the client authentication information is provided in the management session HTTP header.
+Default value is false, where the device management client doesn't include authentication information in the management session HTTP header. Optionally set to true, where the client authentication information is provided in the management session HTTP header.
 
-When enabled, the MDM server should validate the signature and the timestamp using the device identify certificate enrolled as part of MS-MDE, ensure the certificate and time are valid, and verify that the signature is trusted by the MDM server.
+When enabled, the MDM provider should:
+
+- Validate the signature and the timestamp using the device identify certificate enrolled as part of Mobile Device Enrollment protocol (MS-MDE).
+- Ensure the certificate and time are valid.
+- Verify that the signature is trusted by the MDM provider.
 
 Supported operations are Get, Replace, and Delete.
 
 **Provider/*ProviderID*/SyncApplicationVersion**  
-Optional. Used by the management server to set the DM session version that the server and device should use. Default is 1.0. In Windows 10, the DM session protocol version of the client is 2.0. If the server is updated to support 2.0, then you should set this value to 2.0. In the next session, check to see if there is a client behavior change between 1.0 and 2.0.
+Optional. Used by the management server to set the DM session version that the server and device should use. Default is 1.0. In Windows 10, the DM session protocol version of the client is 2.0. If the server is updated to support 2.0, then you should set this value to 2.0. In the next session, check to see if there's a client behavior change between 1.0 and 2.0.
 
 > [!NOTE]
 > This node is only supported in Windows 10 and later.
 
-Once you set the value to 2.0, it will not go back to 1.0.
+Once you set the value to 2.0, it won't go back to 1.0.
 
  
 
@@ -204,18 +211,18 @@ When you query this node, a Windows 10 client will return 2.0 and a Windows 8.
 Supported operation is Get.
 
 **Provider/*ProviderID*/AADResourceID**  
-Optional. This is the ResourceID used when requesting the user token from the OMA DM session for Azure Active Directory (Azure AD) enrollments (Azure AD Join or Add Accounts). The token is audience-specific, which allows for different service principals (enrollment vs. device management). It can be an application ID or the endpoint that you are trying to access.
+Optional. This ResourceID is used when requesting the user token from the OMA DM session for Azure Active Directory (Azure AD) enrollments (Azure AD Join or Add Accounts). The token is audience-specific, which allows for different service principals (enrollment vs. device management). It can be an application ID or the endpoint that you're trying to access.
 
 For more information about Azure AD enrollment, see [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md).
 
 **Provider/*ProviderID*/EnableOmaDmKeepAliveMessage**  
 Added in Windows 10, version 1511. A boolean value that specifies whether the DM client should send out a request pending alert in case the device response to a DM request is too slow.
 
-When the server sends a configuration request, sometimes it takes the client longer than the HTTP timeout to get all information together and then the session ends unexpectedly due to timeout. By default, the MDM client does not send an alert that a DM request is pending.
+When the server sends a configuration request, the client can take longer than the HTTP timeout to get all information together. The session might end unexpectedly because of the timeout. By default, the MDM client doesn't send an alert that a DM request is pending.
 
-To work around the timeout, you can use this setting to keep the session alive by sending a heartbeat message back to the server. This is achieved by sending a SyncML message with a specific device alert element in the body until the client is able to respond back to the server with the requested information.
+To work around the timeout, you can use this setting to keep the session alive by sending a heartbeat message back to the server. Send a SyncML message with a specific device alert element in the body until the client can respond back to the server with the requested information.
 
-Here is an example of DM message sent by the device when it is in pending state:
+Here's an example of DM message sent by the device when it's in pending state:
 
 ```xml
 
@@ -262,12 +269,12 @@ Added in Windows 10, version 1607. Returns the hardware device ID.
 Supported operation is Get.
 
 **Provider/*ProviderID*/CommercialID**  
-Added in Windows 10, version 1607. Configures the identifier used to uniquely associate this diagnostic data of this device as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its diagnostic data with your organization.
+Added in Windows 10, version 1607. It configures the identifier that uniquely associates the device's diagnostic data belonging to the organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization, then use this setting to provide that identification. The value for this setting is provided by Microsoft in the onboarding process for the program. If you disable or don't configure this policy setting, then Microsoft can't use this identifier to associate this machine and its diagnostic data with your organization.
 
 Supported operations are Add, Get, Replace, and Delete.
 
 **Provider/*ProviderID*/ManagementServerAddressList**  
-Added in Windows 10, version 1607. The list of management server URLs in the format <URL1><URL2><URL3>, and so on. If there is only one, the angle brackets (<>) are not required.
+Added in Windows 10, version 1607. The list of management server URLs in the format <URL1><URL2><URL3>, and so on. If there's only one, the angle brackets (<>) aren't required.
 
 > [!NOTE]
 > The < and > should be escaped.
@@ -290,12 +297,12 @@ Added in Windows 10, version 1607. The list of management server URLs in the fo
 
 If ManagementServerAddressList node is set, the device will only use the server URL configured in this node and ignore the ManagementServiceAddress value.
 
-When the server is not responding after a specified number of retries, the device tries to use the next server URL in the list until it gets a successful connection. After the server list is updated, the client uses the updated list at the next session starting with the first on in the list.
+When the server isn't responding after a specified number of retries, the device tries to use the next server URL in the list. It keeps trying until it gets a successful connection. After the server list is updated, the client uses the updated list at the next session starting with the first one in the list.
 
 Supported operations are Get and Replace. Value type is string.
 
 **Provider/*ProviderID*/ManagementServerToUpgradeTo**  
-Optional. Added in Windows 10, version 1703. Specify the Discovery server URL of the MDM server to upgrade to for a Mobile Application Management (MAM) enrolled device.
+Optional. Added in Windows 10, version 1703. Specify the Discovery server URL of the MDM provider to upgrade to for a Mobile Application Management (MAM) enrolled device.
 
 Supported operations are Add, Delete, Get, and Replace. Value type is string.
 
@@ -306,310 +313,167 @@ Supported operations are Add, Delete, Get, and Replace. Value type is integer.
 
 **Provider/*ProviderID*/AADSendDeviceToken**  
 
-Device. Added in Windows 10 version 1803. For Azure AD backed enrollments, this will cause the client to send a Device Token if the User Token cannot be obtained.
+Device. Added in Windows 10 version 1803. For Azure AD backed enrollments, this feature will cause the client to send a Device Token if the User Token can't be obtained.
 
 Supported operations are Add, Delete, Get, and Replace. Value type is bool.
 
 **Provider/*ProviderID*/Poll**  
-Optional. Polling schedules must utilize the DMClient CSP. The Registry paths previously associated with polling using the Registry CSP are now deprecated.
+Optional. Polling schedules must use the DMClient CSP. The Registry paths previously associated with polling using the Registry CSP are now deprecated.
 
 Supported operations are Get and Add.
 
-There are three schedules managed under the Poll node which enable a rich polling schedule experience to provide greater flexibility in managing the way in which devices poll the management server. There are a variety of ways in which polling schedules may be set. If an invalid polling configuration is set, the device will correct or remove the schedules in order to restore the polling schedules back to a valid configuration.
+There are three schedules managed under the Poll node. They enable a rich polling schedule experience to provide greater flexibility in managing the way devices poll the management server. There are various ways that polling schedules may be set. If an invalid polling configuration is set, the device will correct or remove the schedules to restore the polling schedules back to a valid configuration.
 
-If there is no infinite schedule set, then a 24-hour schedule is created and scheduled to launch in the maintenance window.
+If there's no infinite schedule set, then a 24-hour schedule is created and scheduled to launch in the maintenance window.
 
 **Valid poll schedule: sigmoid polling schedule with infinite schedule (Recommended).**
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    Schedule nameSchedule set by the serverActual value queried on device
                    IntervalForFirstSetOfRetries
                    15
                    15
                    NumberOfFirstRetries
                    5
                    5
                    IntervalForSecondSetOfRetries
                    60
                    60
                    NumberOfSecondRetries
                    10
                    10
                    IntervalForRemainingScheduledRetries
                    1440
                    1440
                    NumberOfRemainingScheduledRetries
                    0
                    0
                    
+|Schedule name|Schedule set by the server|Actual value queried on device|
+|--- |--- |--- |
+|IntervalForFirstSetOfRetries|15|15|
+|NumberOfFirstRetries|5|5|
+|IntervalForSecondSetOfRetries|60|60|
+|NumberOfSecondRetries|10|10|
+|IntervalForRemainingScheduledRetries|1440|1440|
+|NumberOfRemainingScheduledRetries|0|0|
 
- 
+**Valid poll schedule: initial enrollment only [no infinite schedule]**
 
-**Valid poll schedule: initial enrollment only \[no infinite schedule\]**
-
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    Schedule nameSchedule set by the serverActual value queried on device
                    IntervalForFirstSetOfRetries
                    15
                    15
                    NumberOfFirstRetries
                    5
                    5
                    IntervalForSecondSetOfRetries
                    60
                    60
                    NumberOfSecondRetries
                    10
                    10
                    IntervalForRemainingScheduledRetries
                    0
                    0
                    NumberOfRemainingScheduledRetries
                    0
                    0
                    
-
- 
+|Schedule name|Schedule set by the server|Actual value queried on device|
+|--- |--- |--- |
+|IntervalForFirstSetOfRetries|15|15|
+|NumberOfFirstRetries|5|5|
+|IntervalForSecondSetOfRetries|60|60|
+|NumberOfSecondRetries|10|10|
+|IntervalForRemainingScheduledRetries|0|0|
+|NumberOfRemainingScheduledRetries|0|0|
 
 **Invalid poll schedule: disable all poll schedules**
 
 > [!NOTE]
 > Disabling poll schedules results in UNDEFINED behavior and enrollment may fail if poll schedules are all set to zero.
 
+|Schedule name|Schedule set by the server|Actual value queried on device|
+|--- |--- |--- |
+|IntervalForFirstSetOfRetries|0|0|
+|NumberOfFirstRetries|0|0|
+|IntervalForSecondSetOfRetries|0|0|
+|NumberOfSecondRetries|0|0|
+|IntervalForRemainingScheduledRetries|0|0|
+|NumberOfRemainingScheduledRetries|0|0|
  
-
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    Schedule nameSchedule set by the serverActual value queried on device
                    IntervalForFirstSetOfRetries
                    0
                    0
                    NumberOfFirstRetries
                    0
                    0
                    IntervalForSecondSetOfRetries
                    0
                    0
                    NumberOfSecondRetries
                    0
                    0
                    IntervalForRemainingScheduledRetries
                    0
                    0
                    NumberOfRemainingScheduledRetries
                    0
                    0
                    
-
- 
-
 **Invalid poll schedule: two infinite schedules**
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Schedule nameSchedule set by serverActual schedule set on deviceActual experience
                    IntervalForFirstSetOfRetries
                    15
                    15
                    Device polls
                    NumberOfFirstRetries
                    5
                    5
                    Device polls
                    IntervalForSecondSetOfRetries
                    1440
                    1440
                    Device polls the server once in 24 hours
                    NumberOfSecondRetries
                    0
                    0
                    Device polls the server once in 24 hours
                    IntervalForRemainingScheduledRetries
                    1440
                    0
                    Third schedule is disabled
                    NumberOfRemainingScheduledRetries
                    0
                    0
                    Third schedule is disabled
                    
+|Schedule name|Schedule set by server|Actual schedule set on device|Actual experience|
+|--- |--- |--- |--- |
+|IntervalForFirstSetOfRetries|15|15|Device polls|
+|NumberOfFirstRetries|5|5|Device polls|
+|IntervalForSecondSetOfRetries|1440|1440|Device polls the server once in 24 hours|
+|NumberOfSecondRetries|0|0|Device polls the server once in 24 hours|
+|IntervalForRemainingScheduledRetries|1440|0|Third schedule is disabled|
+|NumberOfRemainingScheduledRetries|0|0|Third schedule is disabled|
 
- 
+If the device was previously enrolled in MDM with polling schedule configured using the registry key values directly, the MDM provider that supports using DMClient CSP to update polling schedule must first send an Add command to add a **./Vendor/MSFT/DMClient/Enrollment/<ProviderID>/Poll** node before it sends a Get/Replace command to query or update polling parameters using the DMClient CSP
 
-If the device was previously enrolled in MDM with polling schedule configured via registry key values directly, the MDM server that supports using DMClient CSP to update polling schedule must first send an Add command to add a **./Vendor/MSFT/DMClient/Enrollment/<ProviderID>/Poll** node before it sends a Get/Replace command to query or update polling parameters via DMClient CSP
-
-When using the DMClient CSP to configure polling schedule parameters, the server must not set all six polling parameters to 0, or set all 3 number of retry nodes to 0 because it will cause a configuration failure.
+When using the DMClient CSP to configure polling schedule parameters, the server must not set all six polling parameters to 0, or set all three number of retry nodes to 0. It will cause a configuration failure.
 
 **Provider/*ProviderID*/Poll/IntervalForFirstSetOfRetries**  
-Optional. The waiting time (in minutes) for the initial set of retries as specified by the number of retries in /<ProviderID>/Poll/NumberOfFirstRetries. If IntervalForFirstSetOfRetries is not set, then the default value is used. The default value is 15. If the value is set to 0, this schedule is disabled.
+Optional. The waiting time (in minutes) for the initial set of retries, which is the number of retries in `//Poll/NumberOfFirstRetries`. If IntervalForFirstSetOfRetries isn't set, then the default value is used. The default value is 15. If the value is set to 0, this schedule is disabled.
 
 Supported operations are Get and Replace.
 
-The IntervalForFirstSetOfRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\AuxRetryInterval path that previously utilized the Registry CSP.
+The IntervalForFirstSetOfRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\AuxRetryInterval path that previously used the Registry CSP.
 
 **Provider/*ProviderID*/Poll/NumberOfFirstRetries**  
-Optional. The number of times the DM client should retry to connect to the server when the client is initially configured or enrolled to communicate with the server. If the value is set to 0 and the IntervalForFirstSetOfRetries value is not 0, then the schedule will be set to repeat an infinite number of times and second set and this set of schedule will not set in this case. The default value is 10.
+Optional. The number of times the DM client should retry to connect to the server when the client is initially configured or enrolled to communicate with the server. If the value is set to 0 and the IntervalForFirstSetOfRetries value isn't 0, then the schedule will be set to repeat an infinite number of times and second set and this set of schedule won't set in this case. The default value is 10.
 
 Supported operations are Get and Replace.
 
-The NumberOfFirstRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\AuxNumRetries path that previously utilized the Registry CSP.
+The NumberOfFirstRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\AuxNumRetries path that previously used the Registry CSP.
 
-The first set of retries is intended to give the management server some buffered time to be ready to send policies and settings configuration to the device. The total time for first set of retries should not be more than a few hours. The server should not set NumberOfFirstRetries to be 0. RemainingScheduledRetries is used for the long run device polling schedule.
+The first set of retries gives the management server some buffered time to be ready to send policy and setting configurations to the device. The total time for first set of retries shouldn't be more than a few hours. The server shouldn't set NumberOfFirstRetries to 0. RemainingScheduledRetries is used for the long run device polling schedule.
 
 **Provider/*ProviderID*/Poll/IntervalForSecondSetOfRetries**  
-Optional. The waiting time (in minutes) for the second set of retries as specified by the number of retries in /<ProviderID>/Poll/NumberOfSecondRetries. Default value is 0. If this value is set to zero, then this schedule is disabled.
+Optional. The waiting time (in minutes) for the second set of retries, which is the number of retries in `//Poll/NumberOfSecondRetries`. Default value is 0. If this value is set to zero, then this schedule is disabled.
 
 Supported operations are Get and Replace.
 
-The IntervalForSecondSetOfRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\RetryInterval path that previously utilized the Registry CSP.
+The IntervalForSecondSetOfRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\RetryInterval path that previously used the Registry CSP.
 
 **Provider/*ProviderID*/Poll/NumberOfSecondRetries**  
-Optional. The number of times the DM client should retry a second round of connecting to the server when the client is initially configured/enrolled to communicate with the server. Default value is 0. If the value is set to 0 and IntervalForSecondSetOfRetries is not set to 0 AND the first set of retries is not set as infinite retries, then the schedule repeats an infinite number of times. However, if the first set of retries is set at infinite, then this schedule is disabled.
+Optional. The number of times the DM client should retry a second round of connecting to the server when the client is initially configured/enrolled to communicate with the server. Default value is 0. If the value is set to 0 and IntervalForSecondSetOfRetries isn't set to 0 AND the first set of retries isn't set as infinite retries, then the schedule repeats an infinite number of times. However, if the first set of retries is set at infinite, then this schedule is disabled.
 
 Supported operations are Get and Replace.
 
-The NumberOfSecondRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\NumRetries path that previously utilized the Registry CSP.
+The NumberOfSecondRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\NumRetries path that previously used the Registry CSP.
 
 The second set of retries is also optional and temporarily retries that the total duration should be last for more than a day. And the IntervalForSecondSetOfRetries should be longer than IntervalForFirstSetOfRetries. RemainingScheduledRetries is used for the long run device polling schedule.
 
 **Provider/*ProviderID*/Poll/IntervalForRemainingScheduledRetries**  
-Optional. The waiting time (in minutes) for the initial set of retries as specified by the number of retries in /<ProviderID>/Poll/NumberOfRemainingScheduledRetries. Default value is 0. If IntervalForRemainingScheduledRetries is set to 0, then this schedule is disabled.
+Optional. The waiting time (in minutes) for the initial set of retries, which is the number of retries in `//Poll/NumberOfRemainingScheduledRetries`. Default value is 0. If IntervalForRemainingScheduledRetries is set to 0, then this schedule is disabled.
 
 Supported operations are Get and Replace.
 
-The IntervalForRemainingScheduledRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\Aux2RetryInterval path that previously utilized the Registry CSP.
+The IntervalForRemainingScheduledRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\Aux2RetryInterval path that previously used the Registry CSP.
 
 **Provider/*ProviderID*/Poll/NumberOfRemainingScheduledRetries**  
-Optional. The number of times the DM client should retry connecting to the server when the client is initially configured/enrolled to communicate with the server. Default value is 0. If the value is set to 0 and IntervalForRemainingScheduledRetries AND the first and second set of retries are not set as infinite retries, then the schedule will be set to repeat for an infinite number of times. However, if either or both of the first and second set of retries are set as infinite, then this schedule will be disabled.
+Optional. The number of times the DM client should retry connecting to the server when the client is initially configured/enrolled to communicate with the server. Default value is 0. If the value is set to 0 and IntervalForRemainingScheduledRetries AND the first and second set of retries aren't set as infinite retries, then the schedule will be set to repeat for an infinite number of times. However, if either or both of the first and second set of retries are set as infinite, then this schedule will be disabled.
 
 Supported operations are Get and Replace.
 
-The NumberOfRemainingScheduledRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\Aux2NumRetries path that previously utilized the Registry CSP.
+The NumberOfRemainingScheduledRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\Aux2NumRetries path that previously used the Registry CSP.
 
-The RemainingScheduledRetries is used for the long run device polling schedule. IntervalForRemainingScheduledRetries should not be set smaller than 1440 minutes (24 hours) in Windows Phone 8.1 device. Windows Phone 8.1 supports MDM server push.
+The RemainingScheduledRetries is used for the long run device polling schedule. 
 
 **Provider/*ProviderID*/Poll/PollOnLogin**  
-Optional. Boolean value that allows the IT admin to require the device to start a management session on any user login, regardless of if the user has preciously logged in. Login is not the same as device unlock. Default value is false, where polling is disabled on first login. Supported values are true or false.
+Optional. Boolean value that allows the IT admin to require the device to start a management session on any user login, even if the user has previously logged in. Login isn't the same as device unlock. Default value is false, where polling is disabled on first login. Supported values are true or false.
 
 Supported operations are Add, Get, and Replace.
 
 **Provider/*ProviderID*/Poll/AllUsersPollOnFirstLogin**  
-Optional. Boolean value that allows the IT admin to require the device to start a management session on first user login for all NT users. A session is only kicked off the first time a user logs in to the system; subsequent logins will not trigger an MDM session. Login is not the same as device unlock. Default value is false, where polling is disabled on first login. Supported values are true or false.
+Optional. Boolean value that allows the IT admin to require the device to start a management session on first user login for all NT users. A session is only kicked off the first time a user logs in to the system. Later sign-ins won't trigger an MDM session. Login isn't the same as device unlock. Default value is false, where polling is disabled on first login. Supported values are true or false.
 
 Supported operations are Add, Get, and Replace.
 
+**Provider/*ProviderID*/ConfigLock**
+
+Optional. This node enables [Config Lock](config-lock.md) feature. If enabled, policies defined in the Config Lock document will be monitored and quickly remediated when a configuration drift is detected.
+
+Default = Locked
+
+> [!Note]
+>If the device isn't a Secured-core PC, then this feature won't work. To know more, see [Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure).
+
+**Provider/*ProviderID*/ConfigLock/Lock**
+
+The supported values for this node are 0-unlock, 1-lock.
+
+Supported operations are Add, Delete, Get.
+
+**Provider/*ProviderID*/ConfigLock/UnlockDuration**
+
+The supported values for this node are 1 to 480 (in min).
+
+Supported operations are Add, Delete, Get.
+
+**Provider/*ProviderID*/ConfigLock/SecureCore**
+
+The supported values for this node are false or true.
+
+Supported operation is Get only.
+
 **Provider/*ProviderID*/Push**  
 Optional. Not configurable during WAP Provisioning XML. If removed, DM sessions triggered by Push will no longer be supported.
 
 Supported operations are Add and Delete.
 
 **Provider/*ProviderID*/Push/PFN**  
-Required. A string provided by the Windows 10 ecosystem for an MDM solution. Used to register a device for Push Notifications. The server must use the same PFN as the devices it is managing.
+Required. A string provided by the Windows 10 ecosystem for an MDM solution. Used to register a device for Push Notifications. The server must use the same PFN as the devices it's managing.
 
 Supported operations are Add, Get, and Replace.
 
 **Provider/*ProviderID*/Push/ChannelURI**  
-Required. A string that contains the channel that the WNS client has negotiated for the OMA DM client on the device based on the PFN that was provided. If no valid PFN is currently set, ChannelURI will return null.
+Required. A string that contains the channel that the WNS client has negotiated for the OMA DM client on the device, based on the PFN that was provided. If no valid PFN is currently set, ChannelURI will return null.
 
 Supported operation is Get.
 
@@ -620,58 +484,17 @@ Supported operation is Get.
 
 The status error mapping is listed below.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    StatusDescription
                    0
                    Success
                    1
                    Failure: invalid PFN
                    2
                    Failure: invalid or expired device authentication with MSA
                    3
                    Failure: WNS client registration failed due to an invalid or revoked PFN
                    4
                    Failure: no Channel URI assigned
                    5
                    Failure: Channel URI has expired
                    6
                    Failure: Channel URI failed to be revoked
                    7
                    Failure: push notification received, but unable to establish an OMA-DM session due to power or connectivity limitations.
                    8
                    Unknown error
                    
-
- 
+|Status|Description|
+|--- |--- |
+|0|Success|
+|1|Failure: invalid PFN|
+|2|Failure: invalid or expired device authentication with MSA|
+|3|Failure: WNS client registration failed due to an invalid or revoked PFN|
+|4|Failure: no Channel URI assigned|
+|5|Failure: Channel URI has expired|
+|6|Failure: Channel URI failed to be revoked|
+|7|Failure: push notification received, but unable to establish an OMA-DM session due to power or connectivity limitations.|
+|8|Unknown error|
 
 **Provider/*ProviderID*/CustomEnrollmentCompletePage**  
 Optional. Added in Windows 10, version 1703.
@@ -689,12 +512,12 @@ Optional. Added in Windows 10, version 1703. Specifies the body text of the all
 Supported operations are Add, Delete, Get, and Replace. Value type is string.
 
 **Provider/*ProviderID*/CustomEnrollmentCompletePage/HyperlinkHref**  
-Optional. Added in Windows 10, version 1703. Specifies the URL that is shown at the end of the MDM enrollment flow.
+Optional. Added in Windows 10, version 1703. Specifies the URL that's shown at the end of the MDM enrollment flow.
 
 Supported operations are Add, Delete, Get, and Replace. Value type is string.
 
 **Provider/*ProviderID*/CustomEnrollmentCompletePage/HyperlinkText**  
-Optional. Added in Windows 10, version 1703. Specifies the display text for the URL that is shown at the end of the MDM enrollment flow.
+Optional. Added in Windows 10, version 1703. Specifies the display text for the URL that's shown at the end of the MDM enrollment flow.
 
 Supported operations are Add, Delete, Get, and Replace. Value type is string.
 
@@ -702,39 +525,39 @@ Supported operations are Add, Delete, Get, and Replace. Value type is string.
 Optional node. Added in Windows 10, version 1709.
 
 **Provider/*ProviderID*/FirstSyncStatus/ExpectedPolicies**  
-Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to policies the management service provider expects to provision, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER).
+Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to policies the management service provider expects to configure, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER).
 
 Supported operations are Add, Delete, Get, and Replace. Value type is string.
 
 **Provider/*ProviderID*/FirstSyncStatus/ExpectedNetworkProfiles**  
-Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profiles the management service provider expects to provision, delimited by the character L"\xF000".
+Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profiles the management service provider expects to configure, delimited by the character L"\xF000".
 
 Supported operations are Add, Delete, Get, and Replace. Value type is string.
 
 **Provider/*ProviderID*/FirstSyncStatus/ExpectedMSIAppPackages**  
-Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to App Packages the management service provider expects to provision via EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000".  The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package.  We will not verify that number. For example, `./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2`  This represents App Package ProductID1 containing four apps, and ProductID2 containing two apps.
+Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to App Packages the management service provider expects to configure using the EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000".  The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package.  We won't verify that number. For example, `./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2`  This represents App Package ProductID1 containing four apps, and ProductID2 containing two apps.
 
 Supported operations are Add, Delete, Get, and Replace. Value type is string.
 
 **Provider/*ProviderID*/FirstSyncStatus/ExpectedModernAppPackages**  
-Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to App Packages the management service provider expects to provision via EnterpriseModernAppManagement CSP, delimited by the character L"\xF000".  The LocURI will be followed by a semicolon and a number, representing the amount of apps included in the App Package.  We will not verify that number.  For example, 
+Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to App Packages the management service provider expects to configure using the EnterpriseModernAppManagement CSP, delimited by the character L"\xF000".  The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package.  We won't verify that number.  For example, 
 
 ``` syntax
 ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000" 
 ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName2/Name;2
 ```
 
-This represents App Package PackageFullName containing four apps, and PackageFullName2 containing two apps.
+This syntax represents App Package PackageFullName containing four apps, and PackageFullName2 containing two apps.
 
 Supported operations are Add, Delete, Get, and Replace. Value type is string.
 
 **Provider/*ProviderID*/FirstSyncStatus/ExpectedPFXCerts**  
-Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to certs the management service provider expects to provision via ClientCertificateInstall CSP, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER).
+Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to certs the management service provider expects to configure using the ClientCertificateInstall CSP, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER).
 
 Supported operations are Add, Delete, Get, and Replace. Value type is string.
 
 **Provider/*ProviderID*/FirstSyncStatus/ExpectedSCEPCerts**  
-Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to SCEP certs the management service provider expects to provision via ClientCertificateInstall CSP, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER).
+Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to SCEP certs the management service provider expects to configure using the ClientCertificateInstall CSP, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER).
 
 Supported operations are Add, Delete, Get, and Replace. Value type is string.
 
@@ -744,42 +567,42 @@ Required. Added in Windows 10, version 1709. This node determines how long we wi
 Supported operations are Get and Replace. Value type is integer.
 
 **Provider/*ProviderID*/FirstSyncStatus/ServerHasFinishedProvisioning**  
-Required. Added in Windows 10, version 1709. This node is set by the server to inform the UX that the server has finished provisioning the device. This was added so that the server can “change its mind" about what it needs to provision on the device. When this node is set, many other DM Client nodes will no longer be able to be changed. If this node is not True, the UX will consider the provisioning a failure. Once set to true, it would reject attempts to change it back to false with CFGMGR_E_COMMANDNOTALLOWED. This node applies to the per user expected policies and resources lists.
+Required. Added in Windows 10, version 1709. This node is set by the server to inform the UX that the server has finished configuring the device. It was added so that the server can “change its mind" about what it needs to configure on the device. When this node is set, many other DM Client nodes can't be changed. If this node isn't True, the UX will consider the configuration a failure. Once set to true, it would reject attempts to change it back to false with CFGMGR_E_COMMANDNOTALLOWED. This node applies to the per user expected policies and resources lists.
 
 Supported operations are Get and Replace. Value type is boolean.
 
 **Provider/*ProviderID*/FirstSyncStatus/IsSyncDone**  
-Required. Added in Windows 10, version 1709. This node, when doing a get, tells the server if the “First Syncs" are done and the device is fully provisioned. When doing a Set, this triggers the UX to override whatever state it is in and tell the user that the device is provisioned. It cannot be set from True to False (it will not change its mind on whether or not the sync is done), and it cannot be set from True to True (to prevent notifications from firing multiple times). This node only applies to the user MDM status page (on a per user basis).
+Required. Added in Windows 10, version 1709. This node, when doing a get, tells the server if the “First Syncs" are done and the device is fully configured. `Set` triggers the UX to override whatever state it's in, and tell the user that the device is configured. It can't be set from True to False (it won't change its mind  if the sync is done), and it can't be set from True to True (to prevent notifications from firing multiple times). This node only applies to the user MDM status page (on a per user basis).
 
 Supported operations are Get and Replace. Value type is boolean.
 
 **Provider/*ProviderID*/FirstSyncStatus/WasDeviceSuccessfullyProvisioned**  
-Required. Added in Windows 10, version 1709. Integer node determining if a device was successfully provisioned.  0 is failure, 1 is success, 2 is in progress.  Once the value is changed to 0 or 1, the value cannot be changed again. The client will change the value of success or failure and update the node. The server can, however, force a failure or success message to appear on the device by setting this value and then setting the IsSyncDone node to true. This node only applies to the user MDM status page (on a per user basis).
+Required. Added in Windows 10, version 1709. Integer node determining if a device was successfully configured.  0 is failure, 1 is success, 2 is in progress.  Once the value is changed to 0 or 1, the value can't be changed again. The client will change the value of success or failure and update the node. The server can force a failure or success message to appear on the device by setting this value and then setting the IsSyncDone node to true. This node only applies to the user MDM status page (on a per user basis).
 
 Supported operations are Get and Replace. Value type is integer.
 
 **Provider/*ProviderID*/FirstSyncStatus/BlockInStatusPage**  
-Required. Device Only. Added in Windows 10, version 1803. This node determines whether or not the MDM progress page is blocking in the Azure AD joined or DJ++ case, as well as which remediation options are available.
+Required. Device Only. Added in Windows 10, version 1803. This node determines if the MDM progress page is blocking in the Azure AD joined or DJ++ case, and which remediation options are available.
 
 Supported operations are Get and Replace. Value type is integer.
 
 **Provider/*ProviderID*/FirstSyncStatus/AllowCollectLogsButton**  
-Required. Added in Windows 10, version 1803. This node decides whether or not the MDM progress page displays the Collect Logs button.  
+Required. Added in Windows 10, version 1803. This node decides if the MDM progress page displays the Collect Logs button.  
 
 Supported operations are Get and Replace. Value type is bool.
 
 **Provider/*ProviderID*/FirstSyncStatus/CustomErrorText**  
-Required. Added in Windows 10, version 1803. This node allows the MDM to set custom error text, detailing what the user needs to do in case of error.  
+Required. Added in Windows 10, version 1803. This node allows the MDM to set custom error text, detailing what the user needs to do if there's an error.  
 
 Supported operations are Add, Get, Delete, and Replace. Value type is string.
 
 **Provider/*ProviderID*/FirstSyncStatus/SkipDeviceStatusPage**  
-Required. Device only. Added in Windows 10, version 1803. This node decides whether or not the MDM device progress page skips after Azure AD joined or Hybrid Azure AD joined in OOBE.
+Required. Device only. Added in Windows 10, version 1803. This node decides if the MDM device progress page skips after Azure AD joined or Hybrid Azure AD joined in OOBE.
 
 Supported operations are Get and Replace. Value type is bool.
 
 **Provider/*ProviderID*/FirstSyncStatus/SkipUserStatusPage**  
-Required. Device only. Added in Windows 10, version 1803. This node decides whether or not the MDM user progress page skips after Azure AD joined or DJ++ after user login.
+Required. Device only. Added in Windows 10, version 1803. This node decides if the MDM user progress page skips after Azure AD joined or DJ++ after user login.
 
 Supported operations are Get and Replace. Value type is bool.
 
@@ -789,12 +612,12 @@ Required node. Added in Windows 10, version 1709.
 Supported operation is Get.
 
 **Provider/*ProviderID*/EnhancedAppLayerSecurity/SecurityMode**  
-Required. Added in Windows 10, version 1709. This node specifies how the client will perform the app layer signing and encryption. 0: no op; 1: sign only; 2: encrypt only; 3: sign and encrypt. The default value is 0.
+Required. Added in Windows 10, version 1709. This node specifies how the client will do the app layer signing and encryption. 0: no op; 1: sign only; 2: encrypt only; 3: sign and encrypt. The default value is 0.
 
 Supported operations are Add, Get, Replace, and Delete. Value type is integer.
 
 **Provider/*ProviderID*/EnhancedAppLayerSecurity/UseCertIfRevocationCheckOffline**  
-Required. Added in Windows 10, version 1709. This node, when it is set, tells the client to use the certificate even when the client cannot check the certificate's revocation status because the device is offline. The default value is set.
+Required. Added in Windows 10, version 1709. When this node is set, it tells the client to use the certificate even when the client can't check the certificate's revocation status because the device is offline. The default value is set.
 
 Supported operations are Add, Get, Replace, and Delete. Value type is boolean.
 
@@ -809,13 +632,13 @@ Required. Added in Windows 10, version 1709. The node contains the secondary cer
 Supported operations are Add, Get, Replace, and Delete. Value type is string.
 
 **Provider/*ProviderID*/Unenroll**  
-Required. The node accepts unenrollment requests by way of the OMA DM Exec command and calls the enrollment client to unenroll the device from the management server whose provider ID is specified in the `` tag under the `` element. Scope is permanent.
+Required. The node accepts unenrollment requests using the OMA DM Exec command and calls the enrollment client to unenroll the device from the management server whose provider ID is specified in the `` tag under the `` element. Scope is permanent.
 
 Supported operations are Get and Exec.
 
-Note that <LocURI>./Vendor/MSFT/DMClient/Unenroll</LocURI> is supported for backward compatibility.
+<LocURI>./Vendor/MSFT/DMClient/Unenroll</LocURI> is supported for backward compatibility.
 
-The following SyncML shows how to remotely unenroll the device. Note that this command should be inserted in the general DM packages sent from the server to the device.
+The following SyncML shows how to remotely unenroll the device. This command should be inserted in the general DM packages sent from the server to the device.
 
 ```xml
     
@@ -833,17 +656,7 @@ The following SyncML shows how to remotely unenroll the device. Note that this c
     
 ```
 
-## Related topics
+## Related articles
 
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index c5ba87da90..9121cdc2b4 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
index 46dd29b427..67d29f0ce3 100644
--- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
+++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
@@ -18,33 +18,34 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
 # DMProcessConfigXMLFiltered function
 
 > [!Important]
-> The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. Please see [Connectivity configuration](/previous-versions//dn757424(v=vs.85)) for more information about the new process for provisioning connectivity configuration. However, this function is still supported for other OEM uses.
+> The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. For more information about the new process for provisioning connectivity configuration, see [Connectivity configuration](/previous-versions//dn757424(v=vs.85)). However, this function is still supported for other OEM uses.
 
 
 Configures phone settings by using OMA Client Provisioning XML. Use of this function is strictly limited to the following scenarios.
 
 -   Adding dynamic credentials for OMA Client Provisioning.
 
--   Manufacturing test applications. These applications and the supporting drivers must be removed from the phones before they are sold.
+-   Manufacturing test applications. These applications and the supporting drivers must be removed from the phones before they're sold.
 
-Microsoft recommends that this function is not used to configure the following types of settings.
+Microsoft recommends that this function isn't used to configure the following types of settings:
 
--   Security settings that are configured by using CertificateStore, SecurityPolicy, and RemoteWipe, unless they are related to OMA DM or OMA Client Provisioning security policies.
+-   Security settings that are configured using CertificateStore, SecurityPolicy, and RemoteWipe, unless they're related to OMA DM or OMA Client Provisioning security policies
 
 -   Non-cellular data connection settings (such as Hotspot settings).
 
--   File system files and registry settings, unless they are used for OMA DM account management, mobile operator data connection settings, or manufacturing tests.
+-   File system files and registry settings, unless they're used for OMA DM account management, mobile operator data connection settings, or manufacturing tests
 
--   Email settings.
+-   Email settings
 
-> **Note**  The **DMProcessConfigXMLFiltered** function has full functionality in Windows 10 Mobile and Windows Phone 8.1, but it has a read-only functionality in Windows 10 desktop.
+> [!Note]
+> The **DMProcessConfigXMLFiltered** function has full functionality in Windows Phone 8.1, but it has a read-only functionality in Windows 10.
 
  
 
@@ -53,86 +54,49 @@ Microsoft recommends that this function is not used to configure the following t
 ```C++
 HRESULT STDAPICALLTYPE DMProcessConfigXMLFiltered(
          LPCWSTR pszXmlIn,
-   const WCHAR   **rgszAllowedCspNode,
-   const DWORD   dwNumAllowedCspNodes,
-         BSTR    *pbstrXmlOut
+   const WCHAR   **rgszAllowedCspNode,
+   const DWORD   dwNumAllowedCspNodes,
+         BSTR    *pbstrXmlOut
 );
 ```
 
 ## Parameters
 
 *pszXmlIn*
-
                      
-
                    • [in] The null–terminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. DMProcessConfigXMLFiltered accepts only OMA Client Provisioning XML (also known as WAP provisioning). It does not accept OMA DM SyncML XML (also known as SyncML).
                      • 
-
                    
-
                    
+
+- [in] The null–terminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. **DMProcessConfigXMLFiltered** accepts only OMA Client Provisioning XML (also known as WAP provisioning). It doesn't accept OMA DM SyncML XML (also known as SyncML).
 
 *rgszAllowedCspNode*
-
                      
-
                    • [in] Array of WCHAR\* that specify which configuration service provider nodes are allowed to be invoked.
                      • 
-
                    
-
                    
+
+- [in] Array of `WCHAR` that specify which configuration service provider nodes can be invoked.
 
 *dwNumAllowedCspNodes*
-
                      
-
                    • [in] Number of elements passed in rgszAllowedCspNode.
                      • 
-
                    
-
                     
+
+- [in] Number of elements passed in rgszAllowedCspNode.
 
 *pbstrXmlOut*
-
                      
-
                    • [out] The resulting null–terminated XML from configuration. The caller of DMProcessConfigXMLFiltered is responsible for cleanup of the output buffer that the pbstrXmlOut parameter references. Use SysFreeString to free the memory.
                      • 
-
                    
-
                    
 
-If **DMProcessConfigXMLFiltered** retrieves a document, the *pbstrXmlOut* holds the XML output (in string form) of the provisioning operations. If **DMProcessConfigXMLFiltered** returns a failure, the XML output often contains "error nodes" that indicate which elements of the original XML failed. If the input document does not contain queries and is successfully processed, the output document should resemble the input document. In some error cases, no output is returned.
+- [out] The resulting null–terminated XML from configuration. The caller of **DMProcessConfigXMLFiltered** is responsible for cleanup of the output buffer that the pbstrXmlOut parameter references. Use **SysFreeString** to free the memory.
+
+If **DMProcessConfigXMLFiltered** retrieves a document, the *pbstrXmlOut* holds the XML output (in string form) of the provisioning operations. If **DMProcessConfigXMLFiltered** returns a failure, the XML output often contains "error nodes" that indicate which elements of the original XML failed. If the input document doesn't contain queries and is successfully processed, the output document should resemble the input document. In some error cases, no output is returned.
 
 ## Return value
 
-Returns the standard **HRESULT** value **S\_OK** to indicate success. The following table shows the additional error codes that may be returned.
+Returns the standard **HRESULT** value **S\_OK** to indicate success. The following table shows more error codes that can be returned:
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Return codeDescription
                    CONFIG_E_OBJECTBUSY
                    Another instance of the configuration management service is currently running.
                    CONFIG_E_ENTRYNOTFOUND
                    No metabase entry was found.
                    CONFIG_E_CSPEXCEPTION
                    An exception occurred in one of the configuration service providers.
                    CONFIG_E_TRANSACTIONINGFAILURE
                    A configuration service provider failed to roll back properly. The affected settings might be in an unknown state.
                    CONFIG_E_BAD_XML
                    The XML input is invalid or malformed.
                    
-
- 
+|Return code|Description|
+|--- |--- |
+|**CONFIG_E_OBJECTBUSY**|Another instance of the configuration management service is currently running.|
+|**CONFIG_E_ENTRYNOTFOUND**|No metabase entry was found.|
+|**CONFIG_E_CSPEXCEPTION**|An exception occurred in one of the configuration service providers.|
+|**CONFIG_E_TRANSACTIONINGFAILURE**|A configuration service provider failed to roll back properly. The affected settings might be in an unknown state.|
+|**CONFIG_E_BAD_XML**|The XML input is invalid or malformed.|
 
 ## Remarks
 
-The processing of the XML is transactional; either the entire document gets processed successfully or none of the settings are processed. Therefore, the **DMProcessConfigXMLFiltered** function processes only one XML configuration request at a time.
+The processing of the XML is transactional. Either the entire document gets processed successfully, or none of the settings are processed. So, the **DMProcessConfigXMLFiltered** function processes only one XML configuration request at a time.
 
-The usage of **DMProcessConfigXMLFiltered** depends on the configuration service providers that are used. For example, if the input .provxml contains the following two settings:
+The usage of **DMProcessConfigXMLFiltered** depends on the configuration service providers that are used. For example, if the input `.provxml` contains the following two settings:
 
 ``` XML
 
@@ -163,9 +127,9 @@ LPCWSTR rgszAllowedCspNodes[] =
 };
 ```
 
-This array of configuration service provider names indicates which .provxml contents should be present. If the provxml contains "EMAIL2" provisioning but *rgszAllowedCspNodes* does not contain EMAIL2, then **DMProcessConfigXMLFiltered** fails with an **E\_ACCESSDENIED** error code.
+This array of configuration service provider names indicates which `.provxml` contents should be present. If the provxml contains "EMAIL2" provisioning but *rgszAllowedCspNodes* doesn't contain EMAIL2, then **DMProcessConfigXMLFiltered** fails with an **E\_ACCESSDENIED** error code.
 
-The following code sample shows how this array would be passed in. Note that *szProvxmlContent* does not show the full XML contents for brevity. In actual usage, the "…" would contain the full XML string shown above.
+The following code sample shows how this array would be passed in. The *szProvxmlContent* doesn't show the full XML contents for brevity. In actual usage, the "…" would contain the full XML string shown above.
 
 ``` C++
 WCHAR szProvxmlContent[] = L"..."; 
@@ -189,38 +153,14 @@ if ( bstr != NULL )
 
 ## Requirements
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Minimum supported client
                    None supported
                    Minimum supported server
                    None supported
                    Minimum supported phone
                    Windows Phone 8.1
                    Header
                    Dmprocessxmlfiltered.h
                    Library
                    Dmprocessxmlfiltered.lib
                    DLL
                    Dmprocessxmlfiltered.dll
                    
+|Requirement|Support|
+|--- |--- |
+|Minimum supported client|None supported|
+|Minimum supported server|None supported|
+|Minimum supported phone|Windows Phone 8.1|
+|Header|Dmprocessxmlfiltered.h|
+|Library|Dmprocessxmlfiltered.lib|
+|DLL|Dmprocessxmlfiltered.dll|
 
 ## See also
 
diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md
index 8c5772b29c..6b48ccc230 100644
--- a/windows/client-management/mdm/dmsessionactions-csp.md
+++ b/windows/client-management/mdm/dmsessionactions-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ms.reviewer: 
 manager: dansimp
@@ -21,7 +21,7 @@ The DMSessionActions configuration service provider (CSP) is used to manage:
 
 This CSP was added in Windows 10, version 1703.
 
-The following shows the DMSessionActions configuration service provider in tree format.
+The following example shows the DMSessionActions configuration service provider in tree format.
 ```
 ./User/Vendor/MSFT
 DMSessionActions
@@ -63,41 +63,41 @@ DMSessionActions
 ------------MaxTimeSessionsSkippedInLowPowerState
 ```
 **./Device/Vendor/MSFT/DMSessionActions or ./User/Vendor/MSFT/DMSessionActions**  
-
                    Defines the root node for the DMSessionActions configuration service provider.
                    
+
                    Defines the root node for the DMSessionActions configuration service provider.
                    
 
 ***ProviderID***  
-
                    Group settings per device management (DM) server. Each group of settings is distinguished by the Provider ID of the server. It must be the same DM server Provider ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. Only one enterprise management server is supported, which means there should be only one ProviderID node under NodeCache. 
                    
+
                    Group settings per device management (DM) server. Each group of settings is distinguished by the Provider ID of the server. It must be the same DM server Provider ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. Only one enterprise management server is supported, which means there should be only one ProviderID node under NodeCache. 
                    
 
-
                    Scope is dynamic. Supported operations are Get, Add, and Delete.
                    
+
                    Scope is dynamic. Supported operations are Get, Add, and Delete.
                    
 
 ***ProviderID*/CheckinAlertConfiguration**  
-
                    Node for the custom configuration of alerts to be sent during MDM sync session.
                    
+
                    Node for the custom configuration of alerts to be sent during MDM sync session.
                    
 
 ***ProviderID*/CheckinAlertConfiguration/Nodes**  
-
                    Required. Root node for URIs to be queried. Scope is dynamic.
                    
+
                    Required. Root node for URIs to be queried. Scope is dynamic.
                    
 
-
                    Supported operation is Get.
                    
+
                    Supported operation is Get.
                    
 
 ***ProviderID*/CheckinAlertConfiguration/Nodes/*NodeID***  
-
                    Required. Information about each node is stored under NodeID as specified by the server. This value must not contain a comma. Scope is dynamic.
                    
+
                    Required. Information about each node is stored under NodeID as specified by the server. This value must not contain a comma. Scope is dynamic.
                    
 
-
                    Supported operations are Get, Add, and Delete.
                    
+
                    Supported operations are Get, Add, and Delete.
                    
 
 ***ProviderID*/CheckinAlertConfiguration/Nodes/*NodeID*/NodeURI**  
-
                    Required. The value is a complete OMA DM node URI. It can specify either an interior node or a leaf node in the device management tree. Scope is dynamic.
                    
-
                    Value type is string. Supported operations are Add, Get, Replace, and Delete.
                    
+
                    Required. The value is a complete OMA DM node URI. It can specify either an interior node or a leaf node in the device management tree. Scope is dynamic.
                    
+
                    Value type is string. Supported operations are Add, Get, Replace, and Delete.
                    
 
 **AlertData**  
-
                    Node to query the custom alert per server configuration
                    
-
                    Value type is string. Supported operation is Get.
                    
+
                    Node to query the custom alert per server configuration
                    
+
                    Value type is string. Supported operation is Get.
                    
 
 **PowerSettings**  
-
                    Node for power-related configrations
                    
+
                    Node for power-related configurations
                    
 
 **PowerSettings/MaxSkippedSessionsInLowPowerState**  
-
                    Maximum number of continuous skipped sync sessions when the device is in low-power state.
                    
-
                    Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                    
+
                    Maximum number of continuous skipped sync sessions when the device is in low-power state.
                    
+
                    Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                    
 
 **PowerSettings/MaxTimeSessionsSkippedInLowPowerState**  
-
                    Maximum time in minutes when the device can skip the check-in with the server if the device is in low-power state. 
                    
-
                    Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                    
+
                    Maximum time in minutes when the device can skip the check-in with the server if the device is in low-power state. 
                    
+
                    Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                    
diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md
index 61b4b4754a..7cebc030ce 100644
--- a/windows/client-management/mdm/dmsessionactions-ddf.md
+++ b/windows/client-management/mdm/dmsessionactions-ddf.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md
index 3716a1c54a..355e5d1e79 100644
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@@ -5,19 +5,20 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ms.reviewer: 
 manager: dansimp
+ms.collection: highpri
 ---
 
 # DynamicManagement CSP
 
-Windows 10 allows you to manage devices differently depending on location, network, or time.  In Windows 10, version 1703 the focus is on the most common areas of concern expressed by organizations. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device is not within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs.  
+Windows 10 allows you to manage devices differently depending on location, network, or time.  In Windows 10, version 1703 the focus is on the most common areas of concern expressed by organizations. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs.  
 
 This CSP was added in Windows 10, version 1703.
 
-The following shows the DynamicManagement configuration service provider in tree format.
+The following example shows the DynamicManagement configuration service provider in tree format.
 ```
 ./Device/Vendor/MSFT
 DynamicManagement
@@ -33,12 +34,12 @@ DynamicManagement
 ----AlertsEnabled
 ```
 **DynamicManagement**  
-
                    The root node for the DynamicManagement configuration service provider.
                    
+
                    The root node for the DynamicManagement configuration service provider.
                    
 
 **NotificationsEnabled**  
-
                    Boolean value for sending notification to the user of a context change.
                    
-
                    Default value is False. Supported operations are Get and Replace.
                    
-
                    Example to turn on NotificationsEnabled:
                    
+
                    Boolean value for sending notification to the user of a context change.
                    
+
                    Default value is False. Supported operations are Get and Replace.
                    
+
                    Example to turn on NotificationsEnabled:
                    
 
 ```xml
 
@@ -56,40 +57,40 @@ DynamicManagement
 
 ```
 **ActiveList**  
-
                    A string containing the list of all active ContextIDs on the device.  Delimeter is unicode character 0xF000..
                    
-
                    Supported operation is Get.
                      
+
                    A string containing the list of all active ContextIDs on the device.  Delimeter is unicode character 0xF000..
                    
+
                    Supported operation is Get.
                      
 
 **Contexts**  
-
                    Node for context information.
                    
-
                    Supported operation is Get.
                    
+
                    Node for context information.
                    
+
                    Supported operation is Get.
                    
 
 ***ContextID***  
-
                    Node created by the server to define a context.  Maximum number of characters allowed is 38.
                    
-
                    Supported operations are Add, Get, and Delete.
                    
+
                    Node created by the server to define a context.  Maximum number of characters allowed is 38.
                    
+
                    Supported operations are Add, Get, and Delete.
                    
 
 **SignalDefinition**  
-
                    Signal Definition XML.
                    
-
                    Value type is string. Supported operations are Add, Get, Delete, and Replace.
                    
+
                    Signal Definition XML.
                    
+
                    Value type is string. Supported operations are Add, Get, Delete, and Replace.
                    
 
 **SettingsPack**  
-
                    Settings that get applied when the Context is active.
                    
-
                    Value type is string. Supported operations are Add, Get, Delete, and Replace.
                    
+
                    Settings that get applied when the Context is active.
                    
+
                    Value type is string. Supported operations are Add, Get, Delete, and Replace.
                    
 
 **SettingsPackResponse**  
-
                    Response from applying a Settings Pack that contains information on each individual action.
                    
-
                    Value type is string. Supported operation is Get.
                    
+
                    Response from applying a Settings Pack that contains information on each individual action.
                    
+
                    Value type is string. Supported operation is Get.
                    
 
 **ContextStatus**  
-
                    Reports status of the context.  If there was a failure, SettingsPackResponse should be checked for what exactly failed.
                    
-
                    Value type is integer. Supported operation is Get.
                    
+
                    Reports status of the context.  If there was a failure, SettingsPackResponse should be checked for what exactly failed.
                    
+
                    Value type is integer. Supported operation is Get.
                    
 
 **Altitude**  
-
                    A value that determines how to handle conflict resolution of applying multiple contexts on the device. This is required and must be distinct of other priorities.
                    
-
                    Value type is integer. Supported operations are Add, Get, Delete, and Replace.
                    
+
                    A value that determines how to handle conflict resolution of applying multiple contexts on the device. This value is required and must be distinct of other priorities.
                    
+
                    Value type is integer. Supported operations are Add, Get, Delete, and Replace.
                    
 
 **AlertsEnabled**  
-
                    A Boolean value for sending an alert to the server when a context fails.
                    
-
                    Supported operations are Get and Replace.
                    
+
                    A Boolean value for sending an alert to the server when a context fails.
                    
+
                    Supported operations are Get and Replace.
                    
 
 ## Examples
 
diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md
index 2690fa4e23..5bf20a535b 100644
--- a/windows/client-management/mdm/dynamicmanagement-ddf.md
+++ b/windows/client-management/mdm/dynamicmanagement-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md
index 43882781ec..9f9d1ab88c 100644
--- a/windows/client-management/mdm/eap-configuration.md
+++ b/windows/client-management/mdm/eap-configuration.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -24,35 +24,35 @@ To get the EAP configuration from your desktop using the rasphone tool that is s
 
 1.  Run rasphone.exe.
 
-    ![vpnv2 rasphone](images/vpnv2-csp-rasphone.png)
+    ![vpnv2 rasphone.](images/vpnv2-csp-rasphone.png)
 
 1.  If you don't currently have a VPN connection and you see the following message, select **OK**.
 
-    ![vpnv2 csp network connections](images/vpnv2-csp-networkconnections.png)
+    ![vpnv2 csp network connections.](images/vpnv2-csp-networkconnections.png)
 
 1.  In the wizard, select **Workplace network**.
 
-    ![vpnv2 csp set up connection](images/vpnv2-csp-setupnewconnection.png)
+    ![vpnv2 csp set up connection.](images/vpnv2-csp-setupnewconnection.png)
 
-1.  Enter an Internet address and connection name. These can be fake since it does not impact the authentication parameters.
+1.  Enter an Internet address and connection name. These details can be fake since it doesn't impact the authentication parameters.
 
-    ![vpnv2 csp set up connection 2](images/vpnv2-csp-setupnewconnection2.png)
+    ![vpnv2 csp set up connection 2.](images/vpnv2-csp-setupnewconnection2.png)
 
 1.  Create a fake VPN connection. In the UI shown here, select **Properties**.
 
-    ![vpnv2 csp choose nw connection](images/vpnv2-csp-choosenetworkconnection.png)
+    ![vpnv2 csp choose nw connection.](images/vpnv2-csp-choosenetworkconnection.png)
 
 1.  In the **Test Properties** dialog, select the **Security** tab.
 
-    ![vpnv2 csp test props](images/vpnv2-csp-testproperties.png)
+    ![vpnv2 csp test props.](images/vpnv2-csp-testproperties.png)
 
 1.  On the **Security** tab, select **Use Extensible Authentication Protocol (EAP)**.
 
-    ![vpnv2 csp test props2](images/vpnv2-csp-testproperties2.png)
+    ![vpnv2 csp test props2.](images/vpnv2-csp-testproperties2.png)
 
 1.  From the drop-down menu, select the EAP method that you want to configure, and then select **Properties** to configure as needed.
 
-    ![vpnv2 csp test props3](images/vpnv2-csp-testproperties3.png)![vpnv2 csp test props4](images/vpnv2-csp-testproperties4.png)
+    ![vpnv2 csp test props3.](images/vpnv2-csp-testproperties3.png)![vpnv2 csp test props4](images/vpnv2-csp-testproperties4.png)
 
 1.  Switch over to PowerShell and use the following cmdlets to retrieve the EAP configuration XML.
 
@@ -60,7 +60,7 @@ To get the EAP configuration from your desktop using the rasphone tool that is s
     Get-VpnConnection -Name Test
     ```
 
-    Here is an example output.
+    Here's an example output.
 
     ``` syntax
     Name                  : Test
@@ -88,7 +88,7 @@ To get the EAP configuration from your desktop using the rasphone tool that is s
     $a.EapConfigXmlStream.InnerXml
     ```
 
-    Here is an example output.
+    Here's an example output.
 
     ```xml
     ***GUID***  
-Defines a specific email account. A globally unique identifier (GUID) must be generated for each email account on the device. Provisioning with an account that has the same GUID as an existing one does not create the new account and Add command will fail in this case.
+Defines a specific email account. A globally unique identifier (GUID) must be generated for each email account on the device. Provisioning with an account that has the same GUID as an existing one doesn't create the new account and Add command will fail in this case.
 
 Supported operations are Get, Add, and Delete.
 
@@ -86,14 +88,14 @@ The braces {} around the GUID are required in the EMAIL2 configuration service p
 **ACCOUNTICON**  
 Optional. Returns the location of the icon associated with the account.
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
-The account icon can be used as a tile in the **Start** list or an icon in the applications list under **Settings, email & accounts**. Some icons are already provided on the device. The suggested icon for POP/IMAP or generic ActiveSync accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.genericmail.png. The suggested icon for Exchange Accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.office.outlook.png. Custom icons can be added if desired.
+The account icon can be used as a tile in the **Start** list or an icon in the applications list under **Settings, email & accounts**. Some icons are already provided on the device. The suggested icon for POP/IMAP or generic ActiveSync accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.genericmail.png. The suggested icon for Exchange Accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.office.outlook.png. Custom icons can be added.
 
 **ACCOUNTTYPE**  
 Required. Specifies the type of account.
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
 Valid values are:
 
@@ -104,60 +106,61 @@ Valid values are:
 **AUTHNAME**  
 Required. Character string that specifies the name used to authorize the user to a specific email account (also known as the user's logon name).
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
 **AUTHREQUIRED**  
 Optional. Character string that specifies whether the outgoing server requires authentication.
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
-Valid values are one of the following:
+Value options:
 
--   0 - Server authentication is not required.
+-   0 - Server authentication isn't required.
 -   1 - Server authentication is required.
 
-> **Note**  If this value is not specified, then no SMTP authentication is done. Also, this is different from SMTPALTENABLED.
+> [!NOTE]
+> If this value isn't specified, then no SMTP authentication is done. Also, this is different from SMTPALTENABLED.
 
  
 
 **AUTHSECRET**  
 Optional. Character string that specifies the user's password. The same password is used for SMTP authentication.
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
 **DOMAIN**  
 Optional. Character string that specifies the incoming server credentials domain. Limited to 255 characters.
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
 **DWNDAY**  
 Optional. Character string that specifies how many days' worth of email should be downloaded from the server.
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
-Valid values are one of the following:
+Value options:
 
 -   -1: Specifies that all email currently on the server should be downloaded.
 
--   7: Specifies that 7 days’ worth of email should be downloaded.
+-   7: Specifies that seven days’ worth of email should be downloaded.
 
 -   14: Specifies that 14 days’ worth of email should be downloaded.
 
 -   30: Specifies that 30 days’ worth of email should be downloaded.
 
 **INSERVER**  
-Required. Character string that specifies the name of the incoming server name and port number. This is limited to 62 characters. If the standard port number is used, then you don't have to specify the port number. The value format is:
+Required. Character string that specifies the name of the incoming server name and port number. This string is limited to 62 characters. If the standard port number is used, then you don't have to specify the port number. The value format is:
 
 -   server name:port number
 
-Supported operations are Get, Add and Replace.
+Supported operations are Get, Add, and Replace.
 
 **LINGER**  
 Optional. Character string that specifies the length of time between email send/receive updates in minutes.
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
-Valid values are:
+Value options:
 
 -   0 - Email updates must be performed manually.
 
@@ -174,16 +177,16 @@ Optional. Specifies the maximum size for a message attachment. Attachments beyon
 
 The limit is specified in KB
 
-Valid values are 0, 25, 50, 125, and 250.
+Value options are 0, 25, 50, 125, and 250.
 
 A value of 0 meaning that no limit will be enforced.
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
 **NAME**  
 Optional. Character string that specifies the name of the sender displayed on a sent email. It should be set to the user’s name. Limited to 255 characters.
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
 **OUTSERVER**  
 Required. Character string that specifies the name of the messaging service's outgoing email server. Limited to 62 characters. The value format is:
@@ -195,14 +198,15 @@ Supported operations are Get, Add, Delete, and Replace.
 **REPLYADDR**  
 Required. Character string that specifies the reply email address of the user (usually the same as the user email address). Sending email will fail without it. Limited to 255 characters.
 
-Supported operations are Get, Add, Delete and Replace.
+Supported operations are Get, Add, Delete, and Replace.
 
 **SERVICENAME**  
 Required. Character string that specifies the name of the email service to create or edit (32 characters maximum).
 
 Supported operations are Get, Add, Replace, and Delete.
 
-> **Note**   The EMAIL2 Configuration Service Provider does not support the OMA DM **Replace** command on the parameters **SERVICENAME** and **SERVICETYPE**. To replace either the email account name or the account service type, the existing email account must be deleted and then a new one must be created.
+> [!NOTE]
+> The EMAIL2 Configuration Service Provider doesn't support the OMA DM **Replace** command on the parameters **SERVICENAME** and **SERVICETYPE**. To replace either the email account name or the account service type, the existing email account must be deleted and then a new one must be created.
 
  
 
@@ -211,19 +215,19 @@ Required. Character string that specifies the type of email service to create or
 
 Supported operations are Get, Add, Replace, and Delete.
 
-> **Note**   The EMAIL2 Configuration Service Provider does not support the OMA DM **Replace** command on the parameters **SERVICENAME** and **SERVICETYPE**. To replace either the email account name or the account service type, the existing email account must be deleted and then a new one must be created.
+> **Note**   The EMAIL2 Configuration Service Provider doesn't support the OMA DM **Replace** command on the parameters **SERVICENAME** and **SERVICETYPE**. To replace either the email account name or the account service type, the existing email account must be deleted and then a new one must be created.
 
  
 
 **RETRIEVE**  
 Optional. Specifies the maximum size in bytes for messages retrieved from the incoming email server. Messages beyond this size are retrieved, but truncated.
 
-Valid values are 512, 1024, 2048, 5120, 20480, and 51200.
+Value options are 512, 1024, 2048, 5120, 20480, and 51200.
 
 Supported operations are Get, Add, Replace, and Delete.
 
 **SERVERDELETEACTION**  
-Optional. Character string that specifies how message is deleted on server. Valid values:
+Optional. Character string that specifies how message is deleted on server. Value options:
 
 -   1 - delete message on the server
 -   2 - keep the message on the server (delete to the Trash folder).
@@ -238,7 +242,7 @@ Optional. If this flag is set, the account only uses the cellular network and no
 Value type is string. Supported operations are Get, Add, Replace, and Delete.
 
 **SYNCINGCONTENTTYPES**  
-Required. Specifies a bitmask for which content types are supported for syncing (eg: Mail, Contacts, Calendar).
+Required. Specifies a bitmask for which content types are supported for syncing, like Mail, Contacts, and Calendar.
 
 -   No data (0x0)
 -   Contacts (0x1)
@@ -257,12 +261,12 @@ Required. Specifies a bitmask for which content types are supported for syncing
 Supported operations are Get, Add, Replace, and Delete.
 
 **CONTACTSSERVER**  
-Optional. Server for contact sync if it is different from the email server.
+Optional. Server for contact sync if it's different from the email server.
 
 Supported operations are Get, Add, Replace, and Delete.
 
 **CALENDARSERVER**  
-Optional. Server for calendar sync if it is different from the email server.
+Optional. Server for calendar sync if it's different from the email server.
 
 Supported operations are Get, Add, Replace, and Delete.
 
@@ -289,38 +293,38 @@ Supported operations are Get, Add, Replace, and Delete.
 **SMTPALTAUTHNAME**  
 Optional. Character string that specifies the display name associated with the user's alternative SMTP email account.
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
 **SMTPALTDOMAIN**  
 Optional. Character string that specifies the domain name for the user's alternative SMTP account.
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
 **SMTPALTENABLED**  
 Optional. Character string that specifies if the user's alternate SMTP account is enabled.
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
-A value of "FALSE" specifies that the user's alternate SMTP email account is disabled. A value of "TRUE" specifies that the user's alternate SMTP email account is enabled.
+A value of "FALSE" means the user's alternate SMTP email account is disabled. A value of "TRUE" means that the user's alternate SMTP email account is enabled.
 
 **SMTPALTPASSWORD**  
 Optional. Character string that specifies the password for the user's alternate SMTP account.
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
 **TAGPROPS**  
 Optional. Defines a group of properties with non-standard element names.
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
 **TAGPROPS/8128000B**  
 Optional. Character string that specifies if the incoming email server requires SSL.
 
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace, and Delete.
 
-Value is one of the following:
+Value options:
 
--   0 - SSL is not required.
+-   0 - SSL isn't required.
 -   1 - SSL is required.
 
 **TAGPROPS/812C000B**  
@@ -328,49 +332,39 @@ Optional. Character string that specifies if the outgoing email server requires
 
 Supported operations are Get and Replace.
 
-Value is one of the following:
+Value options:
 
--   0 - SSL is not required.
+-   0 - SSL isn't required.
 -   1 - SSL is required.
 
 ## Remarks
 
 
-When an application removal or configuration roll-back is provisioned, the EMAIL2 CSP passes the request to Configuration Manager, which handles the transaction externally. When a MAPI application is removed, the accounts that were created with it are deleted and all messages and other properties that the transport (for example, Short Message Service \[SMS\], Post Office Protocol \[POP\], or Simple Mail Transfer Protocol \[SMTP\]) might have stored, are lost. If an attempt to create a new email account is unsuccessful, the new account is automatically deleted. If an attempt to edit an existing account is unsuccessful, the original configuration is automatically rolled back (restored).
+When an application removal or configuration roll-back is provisioned, the EMAIL2 CSP passes the request to Configuration Manager, which handles the transaction externally. When a MAPI application is removed, the accounts that were created with it are deleted. All messages and other properties that the transport (like Short Message Service \[SMS\], Post Office Protocol \[POP\], or Simple Mail Transfer Protocol \[SMTP\]) might have stored, are lost. If an attempt to create a new email account is unsuccessful, the new account is automatically deleted. If an attempt to edit an existing account is unsuccessful, the original configuration is automatically rolled back (restored).
 
-For OMA DM, the EMAIL2 CSP handles the Replace command differently from most other configuration service providers. For the EMAIL2 CSP, Configuration Manager implicitly adds the missing part of the node to be replaced or any segment in the path of the node if it is left out in the \\ block. There are separate parameters defined for the outgoing server logon credentials. The following are the usage rules for these credentials:
+For OMA DM, the EMAIL2 CSP handles the Replace command differently from most other configuration service providers. For the EMAIL2 CSP, Configuration Manager implicitly adds the missing part of the node to be replaced or any segment in the path of the node if it's left out in the \\ block. There are separate parameters defined for the outgoing server logon credentials. The following are the usage rules for these credentials:
 
 -   The incoming server logon credentials are used (AUTHNAME, AUTHSECRET, and DOMAIN) unless the outgoing server credentials are set.
 
--   If some but not all of the outgoing server credentials parameters are present then the EMAIL2 Configuration Service Provider will be considered in error.
+-   If some of the outgoing server credentials parameters are present, then the EMAIL2 Configuration Service Provider will be considered in error.
 
--   Account details cannot be queried unless the account GUID is known. Currently, there is no way to perform a top-level query for account GUIDs.
+-   Account details cannot be queried unless the account GUID is known. Currently, there's no way to perform a top-level query for account GUIDs.
 
-Windows 10 Mobile supports Transport Layer Security (TLS), but this cannot be explicitly enabled through this configuration service provider, and the user cannot enable TLS through the UI. If the connection to the mail server is initiated with deferred SSL, the mail server can send STARTTLS as a server capability and TLS will be enabled. The following steps show how to enable TLS.
+If the connection to the mail server is initiated with deferred SSL, the mail server can send STARTTLS as a server capability and TLS will be enabled. The following steps show how to enable TLS.
 
 1.  The device attempts to connect to the mail server using SSL.
 
 2.  If the SSL connection fails, the device attempts to connect using deferred SSL.
 
-3.  If the connection fails over both SSL and deferred SSL, and the user selected **Server requires encrypted (SSL) connection**, the device does not attempt another connection.
+3.  If the connection fails over both SSL and deferred SSL, and the user selected **Server requires encrypted (SSL) connection**, the device doesn't attempt another connection.
 
-4.  If the user did not select **Server requires encrypted (SSL) connection**, the device attempts to establish a non-SSL connection.
+4.  If the user didn't select **Server requires encrypted (SSL) connection**, the device attempts to establish a non-SSL connection.
 
 5.  If the connection succeeds using any of the encryption protocols, the device requests the server capabilities.
 
-6.  If one of the capabilities sent by the mail server is STARTTLS and the connection is deferred SSL, the device enables TLS. TLS is not enabled on connections using SSL or non-SSL.
+6.  If one of the capabilities sent by the mail server is STARTTLS and the connection is deferred SSL, then the device enables TLS. TLS isn't enabled on connections using SSL or non-SSL.
 
-## Related topics
+## Related articles
 
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md
index 4f11b5b64d..11c6ba0946 100644
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index d6a0127bab..7a4821350c 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -1,42 +1,42 @@
 ---
-title: Enable ADMX-backed policies in MDM
-description: Use this step-by-step guide to configure a selected set of Group Policy administrative templates (ADMX-backed policies) in Mobile Device Management (MDM).
+title: Enable ADMX policies in MDM
+description: Use this step-by-step guide to configure a selected set of Group Policy administrative templates (ADMX policies) in Mobile Device Management (MDM).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 11/01/2017
 ms.reviewer: 
 manager: dansimp
 ---
 
-# Enable ADMX-backed policies in MDM
+# Enable ADMX policies in MDM
 
 
-This is a step-by-step guide to configuring ADMX-backed policies in MDM.
+Here's how to configure Group Policy administrative templates (ADMX policies) in Mobile Device Management (MDM).
 
-Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of [selected set of Group Policy administrative templates (ADMX-backed policies)](./policies-in-policy-csp-admx-backed.md) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX-backed policies in Policy CSP is different from the typical way you configure a traditional MDM policy. 
+Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of [selected set of Group Policy administrative templates (ADMX policies)](./policies-in-policy-csp-admx-backed.md) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX policies in Policy CSP is different from the typical way you configure a traditional MDM policy. 
 
 Summary of steps to enable a policy:
-- Find the policy from the list ADMX-backed policies. 
+- Find the policy from the list ADMX policies. 
 - Find the Group Policy related information from the MDM policy description.
 - Use the Group Policy Editor to determine whether there are parameters necessary to enable the policy.
 - Create the data payload for the SyncML.
 
-See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Ingesting-Office-ADMX-Backed-policies-using/ba-p/354824) and [Deploying ADMX-Backed policies using Microsoft Intune](/archive/blogs/senthilkumar/intune-deploying-admx-backed-policies-using-microsoft-intune) for a walk-through using Intune.
+See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Ingesting-Office-ADMX-Backed-policies-using/ba-p/354824) and [Deploying ADMX policies using Microsoft Intune](/archive/blogs/senthilkumar/intune-deploying-admx-backed-policies-using-microsoft-intune) for a walk-through using Intune.
 
->[!TIP]
->Intune has added a number of ADMX-backed administrative templates in public preview. Check if the policy settings you need are available in a template before using the SyncML method described below. [Learn more about Intune's administrative templates.](/intune/administrative-templates-windows)
+
+
 
 ## Enable a policy
 
 > [!NOTE]
-> See [Understanding ADMX-backed policies in Policy CSP](./understanding-admx-backed-policies.md).
+> See [Understanding ADMX policies in Policy CSP](./understanding-admx-backed-policies.md).
 
-1.  Find the policy from the list [ADMX-backed policies](./policies-in-policy-csp-admx-backed.md). You need the following information listed in the policy description.  
-    - GP English name
+1.  Find the policy from the list [ADMX policies](./policies-in-policy-csp-admx-backed.md). You need the following information listed in the policy description.  
+    - GP Friendly name
     - GP name
     - GP ADMX file name
     - GP path
@@ -47,23 +47,23 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
 
     2. Under **Best match**, click **Edit group policy** to launch it.  
        
-       ![GPEdit search](images/admx-gpedit-search.png)
+       ![GPEdit search.](images/admx-gpedit-search.png)
 
     3. In **Local Computer Policy** navigate to the policy you want to configure.  
     
        In this example, navigate to **Administrative Templates >  System > App-V**.
 
-       ![App-V policies](images/admx-appv.png)
+       ![App-V policies.](images/admx-appv.png)
 
     4. Double-click **Enable App-V Client**.  
 
-       The **Options** section is empty, which means there are no parameters necessary to enable the policy. If the **Options** section is not empty, follow the procedure in [Enable a policy that requires parameters](#enable-a-policy-that-requires-parameters)
+       The **Options** section is empty, which means there are no parameters necessary to enable the policy. If the **Options** section isn't empty, follow the procedure in [Enable a policy that requires parameters](#enable-a-policy-that-requires-parameters)
 
-       ![Enable App-V client](images/admx-appv-enableapp-vclient.png)
+       ![Enable App-V client.](images/admx-appv-enableapp-vclient.png)
 
-3.  Create the SyncML to enable the policy that does not require any parameter.  
+3.  Create the SyncML to enable the policy that doesn't require any parameter.  
 
-    In this example you configure **Enable App-V Client** to **Enabled**.
+    In this example, you configure **Enable App-V Client** to **Enabled**.
 
     > [!NOTE]
     > The \ payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
@@ -99,24 +99,24 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
 
    1. Double-click **Publishing Server 2 Settings** to see the parameters you need to configure when you enable this policy.
 
-      ![Enable publishing server 2 policy](images/admx-appv-publishingserver2.png)
+      ![Enable publishing server 2 policy.](images/admx-appv-publishingserver2.png)
 
-      ![Enable publishing server 2 settings](images/admx-app-v-enablepublishingserver2settings.png)
+      ![Enable publishing server 2 settings.](images/admx-app-v-enablepublishingserver2settings.png)
 
    2. Find the variable names of the parameters in the ADMX file.
 
       You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](policy-configuration-service-provider.md#appvirtualization-publishingallowserver2).
 
-      ![Publishing server 2 policy description](images/admx-appv-policy-description.png)
+      ![Publishing server 2 policy description.](images/admx-appv-policy-description.png)
 
-   3. Navigate to **C:\Windows\PolicyDefinitions** (default location of the admx files) and open appv.admx.
+   3. Navigate to **C:\Windows\PolicyDefinitions** (default location of the ADMX files) and open appv.admx.
 
    4. Search for GP name **Publishing_Server2_policy**.
 
 
-   5. Under **policy name="Publishing_Server2_Policy"** you can see the \ listed. The text id and enum id represents the data id you need to include in the SyncML data payload. They correspond to the fields you see in GP Editor.
+   5. Under **policy name="Publishing_Server2_Policy"** you can see the \ listed. The *text id* and *enum id* represent the *data id* you need to include in the SyncML data payload. They correspond to the fields you see in the Group Policy Editor.
     
-      Here is the snippet from appv.admx:
+      Here's the snippet from appv.admx:
 
       ```xml
       
@@ -206,9 +206,9 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
       
       ```
 
-   6. From the \  tag, copy all the text id and enum id and create an XML with data id and value fields. The value field contains the configuration settings you would enter in the GP Editor.
+   6. From the **\**  tag, copy all of the *text id* and *enum id* and create an XML with *data id* and *value* fields. The *value* field contains the configuration settings that you would enter in the Group Policy Editor.
 
-      Here is the example XML for Publishing_Server2_Policy :
+      Here's the example XML for Publishing_Server2_Policy:
         
       ```xml
       
@@ -225,7 +225,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
 
    7. Create the SyncML to enable the policy. Payload contains \ and name/value pairs.  
 
-      Here is the example for **AppVirtualization/PublishingAllowServer2**:
+      Here's the example for **AppVirtualization/PublishingAllowServer2**:
         
        > [!NOTE]
        > The \ payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
@@ -308,4 +308,4 @@ The \ payload is empty. Here an example to set AppVirtualization/Publishin
     
   
 
-```
\ No newline at end of file
+```
diff --git a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md
deleted file mode 100644
index f4c951af17..0000000000
--- a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md
+++ /dev/null
@@ -1,534 +0,0 @@
----
-title: Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices
-description: Overview of how to enable offline updates using Microsoft Endpoint Configuration Manager.
-ms.assetid: ED3DAF80-847C-462B-BDB1-486577906772
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices
-
-
-Like any Windows devices, Windows 10 Mobile devices use Microsoft Update by default to download updates over the Internet. However, in some enterprise environments, devices may not be able to access the Internet to retrieve their updates. There are also situations where network restrictions or other enterprise policies require that devices download updates from an internal location. This article describes how to enable offline updates using Microsoft Endpoint Configuration Manager.
-
-The following table describes the update path to Windows 10 Mobile.
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Starting SKUUpgrade to Windows 10 Mobile
                    Windows Mobile 6.5
                    No
                    Windows Phone 8
                    No
                    Windows Phone 8.1
                    Yes
                    
-
- 
-To configure the mobile device management (MDM) service provider and enable mobile devices to download updates from a predefined internal location, an IT administrator or device administrator must perform a series of manual and automated steps:
-
-1.  Prepare a test device that can connect to the Internet to download the released update packages. 
-2.  After the updates are downloaded and before pressing the install button, retrieve an XML file on the device that contains all the metadata about each update package.
-3.  Check the status code in the XML file.
-4.  Check for registry dependencies.
-5.  Using a script that we provide, parse the XML file to extract download URLs for the update packages.
-6.  Download the update packages using the download URLs.
-7.  Place the downloaded packages on an internal share that is accessible to devices you are updating.
-8.  Create two additional XML files that define the specific updates to download and the specific locations from which to download the updates, and deploy them onto the production device.
-9.  Start the update process from the devices.
-
-As a part of the update process, Windows runs data migrators to bring forward configured settings and data on the device. For instance, if the device was configured with a maintenance time or other update policy in Windows Embedded 8.1 Handheld, these settings are automatically migrated to Windows 10 as part of the update process. If the handheld device was configured for assigned access lockdown, then this configuration is also migrated to Windows 10 as part of the update process. This includes ProductId and AumId conversion for all internal apps (including buttonremapping apps).
-
-Be aware that the migrators do not take care of the following:
-
--   Third-party apps provided by OEMs.
--   Deprecated first-party apps, such as Bing News.
--   Deprecated system or application settings, such as Microsoft.Game and Microsoft.IE.
-
-In the event of an Enterprise Reset, these migrated settings are automatically persisted.
-
-After the upgrade to Windows 10 is complete, if you decide to push down a new wehlockdown.xml, you need to take the following steps to ensure that the updated settings are persisted through an Enterprise Reset:
-
-1.  Delete the TPK\*ppkg and push down a new ppkg with your new configuration to the persistent folder.
-2.  Push down a new ppkg with your new configuration with higher priority. (Be aware that in ICD, Owner=Microsoft, Rank=0 is the lowest priority, and vice versa. With this step, the old assigned access lockdown configuration is overwritten.)
-
-**Requirements:**
-
--   The test device must be same as the other production devices that are receiving the updates.
--   The test device must be enrolled with Microsoft Endpoint Configuration Manager.
--   The test device must be connected to the Internet.
--   The test device must have an SD card with at least 0.5 GB of free space.
--   Ensure that the settings app and PhoneUpdate applet are available through Assigned Access.
-
-The following diagram shows a high-level overview of the process.
-
-![update process for windows embedded 8.1 devices](images/windowsembedded-update.png)
-
-## Step 1: Prepare a test device to download updates from Microsoft Update
-
-
-Define the baseline update set that you want to apply to other devices. Use a device that is running the most recent image as the test device.
-
-Trigger the device to check for updates either manually or using Microsoft Endpoint Configuration Manager.
-
-**Check for updates manually**
-
-1.  On the device, go to **Settings** > **Phone updates** > **Check for updates**.
-2.  Sync the device, go to **Settings** > **Workplace** > **Enrolled**, and then select the refresh icon. Repeat as needed.
-3.  Follow the prompts to download the updates, but do not select the **Install** button.
-
-> [!NOTE]
-> There is a bug in all OS versions up to GDR2 where the Cloud Solution Provider (CSP) does not set the assigned value. There is no way to change or set this until GDR2 is deployed onto the device.
-
-
-**Check for updates by using Microsoft Endpoint Configuration Manager**
-
-1.  Remotely trigger a scan of the test device by deploying a Trigger Scan configuration baseline.
-
-    ![device scan using Configuration Manager](images/windowsembedded-update2.png)
-
-2.  Set the value of this OMA-URI by going to **Configuration Item**, and then selecting the newly created Trigger Scan settings from the previous step.
-
-    ![device scan using Configuration Manager](images/windowsembedded-update3.png)
-
-3.  Ensure that the value that is specified for this URI is greater than the value on the device(s), and that the **Remediate noncompliant rules when supported** option is selected. For the first time, any value that is greater than 0 will work, but for subsequent configurations, ensure that you specify an incremented value.
-
-    ![device scan using Configuration Manager](images/windowsembedded-update4.png)
-
-4.  Create a configuration baseline for Trigger Scan and Deploy. We recommend that this configuration baseline be deployed after the Controlled Updates baseline has been applied to the device. (The corresponding files are deployed on the device through a device sync session.)
-5.  Follow the prompts for downloading the updates, but do not install the updates on the device.
-
-
-## Step 2: Retrieve the device update report XML from the device
-
-After updates are downloaded (but not installed on the device), the process generates an XML file that contains information about the packages it downloaded. You must retrieve this XML file.
-
-There are two ways to retrieve this file from the device; one pre-GDR1 and one post-GDR1.
-
-**Pre-GDR1: Parse a compliance log from the device in ConfigMgr**
-
-1.  Use ConfigMgr to create a configuration item to look at the registry entry ./Vendor/MSFT/EnterpriseExt/DeviceUpdate/ApprovedUpdatesXml.
-
-    > [!NOTE]
-    > In Microsoft Endpoint Configuration Manager, you may see an error about exceeding the file limit when using ApprovedUpdatesXml, but the process still completes even if the file is large.
-
-    If the XML file is greater than 32 KB, you can also use ./Vendor/MSFT/FileSystem/<*filename*>.
-2.  Set a baseline for this configuration item with a “dummy” value (such as zzz), and ensure that you do not remediate it.
-
-    The dummy value is not set; it is only used for comparison.
-3.  After the report XML is sent to the device, Microsoft Endpoint Manager displays a compliance log that contains the report information. The log can contain significant amount of data.
-4.  Parse this log for the report XML content.
-
-For a step-by-step walkthrough, see [Retrieve a device update report using Microsoft Endpoint Manager logs](#retrieve-a-device-update-report-using-microsoft-endpoint-manager-logs).
-
-
-**Post-GDR1: Retrieve the report xml file using an SD card**
-
-1.  Use ConfigMgr to create a configuration item to set a registry value for ./Vendor/MSFT/EnterpriseExt/DeviceUpdate/CopyUpdateReportToSDCard.
-2.  The value that you define for this configuration item is defined by the relative path to the SD card, which includes the filename of the XML file (such as SDCardRoot\\Update\\DUReport.xml).
-3.  Remove the SD card from device and copy the XML file to your PC.
-
-## Step 3: Check the status code in the XML file
-Make sure that the status code is set to 0000-0000 (success).
-
-## Step 4: Check for registry dependencies
-Remove any registry dependencies in the XML file.
-
-## Step 5: Extract download URLs from the report XML
-
-Use the [example PowerShell script](#example-powershell-script) to extract the download URLs from the XML file or parse it manually.
-
-## Step 6: Retrieve update packages using download URLs
-
-Use a script or manually download each update package to a PC or an internal share.
-
-## Step 7: Place the update packages on an accessible share
-
-Put all the update packages into an internal share that is accessible to all the devices that need these updates. Ensure that the internal share can support multiple devices trying to access the updates at the same time.
-
-## Step 8: Create two XML files for production devices to select updates and download locations
-
-Here are the two files.
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    TermDescription
                    DUControlledUpdates.xml
                    This is the same file as the report XML retrieved in Step 2 with a different name. This file tells the device the specific update packages to download. See Appendix for example
                    
-
                    DUCustomContentUris.xml
                    This file maps the update packages in DUControlledUpdates.xml to the internal share location.
                    
-
- 
-
-For a walkthrough of these steps, see [Deploy controlled updates](#deploy-controlled-updates). Ensure that the Trigger Scan configuration baseline has NOT been deployed.
-
-
-
-### Deploy controlled updates
-
-The deployment process has three parts:
-
--   Create a configuration item for DUControlledUpdates.xml.
--   Create a configuration item for DUCustomContentURIs.xml.
--   Create a configuration item for approved updates.
-
-
-
-**Create a configuration item for DUControlledUpdates.xml**
-
-1.  Create a configuration item. In the **Browse Settings** window, select **Device File** as a filter, and then select **Select**.
-
-    ![embedded device update](images/windowsembedded-update18.png)
-
-2.  Browse to the DUControlledUpdates.xml that was created from the test device, and then specify the file path and name on the device as `NonPersistent\DUControlledUpdates.xml`.
-
-    ![embedded device update](images/windowsembedded-update19.png)
-
-3.  Select **Remediate noncompliant settings**, and then select **OK**.
-
-
-
-**Create a configuration item for DUCustomContentURIs.xml**
-
-1.  Create a configuration item and specify the file path and name on the device as `NonPersistent\DUCustomContentURIs.xml`
-2.  Select **Remediate noncompliant settings**.
-
-    ![embedded device update](images/windowsembedded-update21.png)
-
-3.  Select **OK**.
-
-
-
-**Create a configuration baseline for approved updates**
-
-1.  Create a configuration baseline item and give it a name (such as ControlledUpdates).
-2.  Add the DUControlledUpdates and DUCustomContentURIs configuration items, and then select **OK**.
-
-    ![embedded device update](images/windowsembedded-update22.png)
-
-3.  Deploy the configuration baseline to the appropriate device or device collection.
-
-    ![embedded device update](images/windowsembedded-update23.png)
-
-4.  Select **OK**.
-
-## Step 7: Trigger the other devices to scan, download, and install updates
-
-Now that the other "production" or "in-store" devices have the necessary information to download updates from an internal share, the devices are ready for updates.
-
-### Update unmanaged devices
-
-If the update policy of the device is not managed or restricted by Microsoft Endpoint Configuration Manager, an update process can be initiated on the device in one of the following ways:
-
--   A periodic scan that the device automatically performs.
--   Manually through **Settings** > **Phone Update** > **Check for Updates**.
-
-### Update managed devices
-
-If the update policy of the device is managed or restricted by MDM, an update process can be initiated on the device in one of the following ways:
-
--   Trigger the device to scan for updates through Microsoft Endpoint Configuration Manager.
-
-    Ensure that the trigger scan has successfully executed, and then remove the trigger scan configuration baseline.
-
-    > [!NOTE]
-    > Ensure that the PhoneUpdateRestriction Policy is set to a value of 0 so that the device doesn't perform an automatic scan.
-
-
--   Trigger the device to scan as part of a Maintenance Window defined by the IT Admin in Microsoft Endpoint Configuration Manager.
-
-After the updates are installed, the IT Admin can use the DUReport generated in the production devices to determine whether the device successfully installed the list of updates. If the device did not, error codes are provided in the DUReport.xml. To retrieve the device update report from a device, perform the same steps defined in [Step 2](#step2).
-
-
-## Example PowerShell script
-
-```powershell
-param (
-# [Parameter (Mandatory=$true, HelpMessage="Input File")]
-        [String]$inputFile,
-
-# [Parameter (Mandatory=$true, HelpMessage="Download Cache Location")]
-        [String]$downloadCache,
-
-# [Parameter (Mandatory=$true, HelpMessage="Local Cache URL")]
-        [String]$localCacheURL
-       )
-
-#DownloadFiles Function
-function DownloadFiles($inputFile, $downloadCache, $localCacheURL)
-{
-    $customContentURIFileCreationError = "Not able to create Custom Content URI File"
-#Read the Input File
-    $report = [xml](Get-Content $inputFile)
-    
-# this is where the document will be saved
-    $customContentURLFile = "$downloadCache\DUCustomContentUris.xml"
-    New-Item -Path $customContentURLFile -ItemType File -force -ErrorAction SilentlyContinue -ErrorVariable NewItemError > $null
-    if ($NewItemError -ne "")
-    {
-       PrintMessageAndExit $customContentURIFileCreationError
-    }
-
-# get an XMLTextWriter to create the XML
-    $XmlWriter = New-Object System.XMl.XmlTextWriter($customContentURLFile,$Null)
-
-# choose a pretty formatting:
-    $xmlWriter.Formatting = 'Indented'
-    $xmlWriter.Indentation = 1
-    $XmlWriter.IndentChar = "`t"
- 
-# write the header
-    $xmlWriter.WriteStartDocument()
-    $xmlWriter.WriteStartElement('CustomContentUrls')
-    foreach ($update in $report.UpdateData.coreUpdateMetadata.updateSet.update)
-    {
-        if (!$update.destinationFilePath -or !$update.contentUrl) 
-        {
-            continue;
-        }
-
-        $destFilePath = $update.destinationFilePath.Trim();
-        $contentUrl = $update.contentUrl.Trim();
-
-        Write-Host "Pre-Processing Line: $destFilePath#$contentUrl"
-        if (($destFilePath -ne "") -and ($destFilePath.Contains("\")) -and ($contentUrl -ne "") -and ($contentUrl.Contains("/")) )
-        {
-            $isBundle = $update.isBundle
-            $revisionId = $update.revisionId
-            $updateId = $update.updateId
-            $revisionNum = $update.revisionNum
-
-            $fileName = $destFilePath.Substring($destFilePath.LastIndexOf("\") + 1);
-#Write-Host "Processing Line: $destFilePath#$contentUrl"
-            if ($fileName -ne "")
-            {
-                $destination = $downloadCache + "\" + $fileName;
-                Try
-                {
-                    $wc = New-Object System.Net.WebClient
-                    $wc.DownloadFile($contentUrl, $destination)
-                    Write-Host "Successfull Download: $contentUrl#$destination";
-
-                    $XmlWriter.WriteStartElement('contentUrl')
-                    $XmlWriter.WriteAttributeString('isBundle', $isBundle)
-                    $XmlWriter.WriteAttributeString('revisionId', $revisionId)
-                    $XmlWriter.WriteAttributeString('updateId', $updateId)
-                    $XmlWriter.WriteAttributeString('revisionNum', $revisionNum)
-                    $XmlWriter.WriteRaw($localCacheURL + $fileName)
-                    $xmlWriter.WriteEndElement()
-                }
-                Catch [ArgumentNullException]
-                {
-                    Write-Host "Content URL is null";
-                }
-                Catch [WebException]
-                {
-                    Write-Host "Invalid Content URL: $contentUrl";
-                }
-                Catch 
-                {
-                    Write-Host "Exception in Download: $contentUrl";
-                }
-            }
-            else
-            {
-                Write-Host "Ignored Input Line: $contentUrl"
-            }
-        }
-        else
-        {
-            Write-Host "Ignored Input Line: $contentUrl"
-        }
-    }
-
-# close the "CustomContentUrls" node
-    $xmlWriter.WriteEndElement()
- 
-# finalize the document
-    $xmlWriter.WriteEndDocument()
-    $xmlWriter.Flush()
-    $xmlWriter.Close()
-
-    Write-Host "Successfully Created Custom Content URL File: $customContentURLFile"
-}
-
-#PrintMessage Function
-function PrintMessageAndExit($ErrorMessage)
-{
-    Write-Host $ErrorMessage
-    exit 1
-}
-
-#PrintMessage Function
-function PrintUsageAndExit()
-{
-    Write-Host "Usage: Download.ps1 -inputFile  -downloadCache  -localCacheURL "
-    exit 1
-}
-
-if (($inputFile -eq "") -or ($downloadCache -eq "") -or ($localCacheURL -eq ""))
-{
-    PrintUsageAndExit
-}
-if (!$localCacheURL.EndsWith("/")) 
-{
-    $localCacheURL = $localCacheURL + "/";
-}
-$inputFileErrorString = "Input File does not exist";
-$downloadCacheErrorString = "Download Cache does not exist";
-$downloadCacheAddError = "Access Denied in creating the Download Cache Folder";
-$downloadCacheRemoveError = "Not able to delete files from Download Cache"
-$downloadCacheClearWarningString = "Download Cache not empty. Do you want to Clear";
-
-#Check if Input File Exist
-$inputFileExists = Test-Path $inputFile;
-if(!$inputFileExists) 
-{
-    PrintMessageAndExit($inputFileErrorString)
-}
-
-#Check if Download Cache Exist
-$downloadCacheExists = Test-Path $downloadCache;
-if(!$downloadCacheExists)
-{
-    PrintMessageAndExit($downloadCacheErrorString)
-}
-
-$downloadCacheFileCount = (Get-ChildItem $downloadCache).Length;
-if ($downloadCacheFileCount -ne 0)
-{
-#Clear the directory
-    Remove-Item $downloadCache -Recurse -Force -Confirm -ErrorVariable RemoveItemError -ErrorAction SilentlyContinue > $null
-    if ($RemoveItemError -ne "")
-    {
-        PrintMessageAndExit $downloadCacheRemoveError
-    }
-
-    $childItem = Get-ChildItem $downloadCache -ErrorAction SilentlyContinue > $null
-    $downloadCacheFileCount = ($childItem).Length;
-    if ($downloadCacheFileCount -ne 0)
-    {
-        PrintMessageAndExit $downloadCacheRemoveError
-    }
-
-#Create a new directory
-    New-Item -Path $downloadCache -ItemType Directory -ErrorAction SilentlyContinue -ErrorVariable NewItemError > $null
-    if ($NewItemError -ne "")
-    {
-       PrintMessageAndExit $downloadCacheAddError
-    }
-}
-
-DownloadFiles $inputFile $downloadCache $localCacheURL
-```
-
-
-## Retrieve a device update report using Microsoft Endpoint Manager logs
-
-**For pre-GDR1 devices**
-Use this procedure for pre-GDR1 devices:
-
-1.  Trigger a device scan by going to **Settings** > **Phone Update** > **Check for Updates**.
-
-    Since the DUReport settings have not been remedied, you should see a non-compliance.
-2.  In Microsoft Endpoint Configuration Manager, under **Assets and Compliance** > **Compliance Settings**, right-click **Configuration Items**.
-3.  Select **Create Configuration Item**.
-
-    ![device update using Configuration Manager](images/windowsembedded-update5.png)
-4.  Enter a filename (such as GetDUReport), and then select **Mobile Device**.
-5.  On the **Mobile Device Settings** page, select **Configure Additional Settings that are not in the default settings group**, and then select **Next**.
-
-    ![device update using Configuration Manager](images/windowsembedded-update6.png)
-6.  On the **Additional Settings** page, select **Add**.
-
-    ![device update using Configuration Manager](images/windowsembedded-update7.png)
-7.  On the **Browse Settings** page, select **Create Setting**.
-
-    ![device update](images/windowsembedded-update8.png)
-8.  Enter a unique **Name**. For **Setting type**, select **OMA-URI**, and for **Data type**, select **String**.
-9.  In the **OMA-URI** text box, enter `./Vendor/MSFT/EnterpriseExt/DeviceUpdate/UpdatesResultXml`, and then select **OK**.
-
-    ![handheld device update](images/windowsembedded-update9.png)
-10. On the **Browse Settings** page, select **Close**.
-11. On the **Create Configuration Item Wizard** page, select **All Windows Embedded 8.1 Handheld** as the supported platform, and then select **Next**.
-
-    ![embedded device update](images/windowsembedded-update10.png)
-12. Close the **Create Configuration Item Wizard** page.
-13. Right-click on the newly create configuration item, and then select the **Compliance Rules** tab.
-14. Select the new created mobile device setting (such as DUReport), and then select **Select**.
-15. Enter a dummy value (such as zzz) that is different from the one on the device.
-
-    ![embedded device update](images/windowsembedded-update11.png)
-16. Disable remediation by deselecting the **Remediate noncompliant rules when supported** option.
-17. Select **OK** to close the **Edit Rule** page.
-18. Create a new configuration baseline. Under **Assets and Compliance** > **Compliance Settings**, right-click **Configuration Baselines**.
-19. Select **Create Configuration Item**.
-
-    ![embedded device update](images/windowsembedded-update12.png)
-20. Enter a baseline name (such as RetrieveDUReport).
-21. Add the configuration item that you just created. Select **Add**, and then select the configuration item that you just created (such as DUReport).
-
-    ![embedded device update](images/windowsembedded-update13.png)
-22. Select **OK**, and then select **OK** again to complete the configuration baseline.
-23. Deploy the newly created configuration baseline to the appropriate device collection. Right-click on the configuration baseline that you created, and then select **Deploy**.
-
-    ![embedded device update](images/windowsembedded-update14.png)
-24. Select **Remediate noncompliant rules when supported**.
-25. Select the appropriate device collection and define the schedule.
-
-    ![device update](images/windowsembedded-update15.png)
-26. To view the DUReport content, select the appropriate deployment for the configuration baseline that you created. Right-click on the deployment, and then select **View Status**.
-27. Select **Run Summarization**, and then select **Refresh**. The test device(s) should be listed on the **Non-Compliant** tab.
-28. Under **Asset Details**, right-click on the test device, and then select **Mode Details**.
-
-    ![device update](images/windowsembedded-update16.png)
-29. On the **Non-compliant** tab, you can see the DUReport, but you cannot retrieve the content from here.
-
-    ![device update](images/windowsembedded-update17.png)
-30. To retrieve the DUReport, open C:\\Program Files\\SMS\_CCM\\SMS\_DM.log.
-31. In the log file, search from the bottom for "./Vendor/MSFT/EnterpriseExt/DeviceUpdate/UpdatesResultXml" RuleExression="Equals zzz," where zzz is the dummy value. Just above this, copy the information for UpdateData and use this information to create the DUControlledUpdates.xml.
-
- 
-
-
-
-
-
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 775e72cacd..767c141d9a 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -5,27 +5,32 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
-ms.date: 06/02/2021
+author: dansimp
+ms.date: 04/30/2022
 ms.reviewer:
 manager: dansimp
+ms.collection: highpri
 ---
 
 # Enroll a Windows 10 device automatically using Group Policy
 
-Starting in Windows 10, version 1709, you can use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
+**Applies to:**
 
-The enrollment into Intune is triggered by a group policy created on your local AD and happens without any user interaction. This means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Azure AD account.
+-   Windows 10
+
+Starting in Windows 10, version 1709, you can use a Group Policy to trigger auto-enrollment to Mobile Device Management (MDM) for Active Directory (AD) domain-joined devices.
+
+The enrollment into Intune is triggered by a group policy created on your local AD and happens without any user interaction. This cause-and-effect mechanism means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Azure AD account.
 
 Requirements:
 - Active Directory-joined PC running Windows 10, version 1709 or later
 - The enterprise has configured a mobile device management (MDM) service
 - The on-premises Active Directory must be [integrated with Azure AD (via Azure AD Connect)](/azure/architecture/reference-architectures/identity/azure-ad)
-- The device should not already be enrolled in Intune using the classic agents (devices managed using agents will fail enrollment with `error 0x80180026`)
-- The minimum Windows Server version requirement is based on the Hybrid Azure AD join requirement. See [How to plan your hybrid Azure Active Directory join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan) for more information.
+- The device shouldn't already be enrolled in Intune using the classic agents (devices managed using agents will fail enrollment with `error 0x80180026`)
+- The minimum Windows Server version requirement is based on the Hybrid Azure AD join requirement. For more information, see [How to plan your hybrid Azure Active Directory join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan).
 
 > [!TIP]
-> For additional information, see the following topics:
+> For more information, see the following topics:
 > - [How to configure automatic registration of Windows domain-joined devices with Azure Active Directory](/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup)
 > - [How to plan your hybrid Azure Active Directory join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan)
 > - [Azure Active Directory integration with MDM](./azure-active-directory-integration-with-mdm.md)
@@ -37,138 +42,130 @@ The auto-enrollment relies on the presence of an MDM service and the Azure Activ
 
 When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page.
 
-In Windows 10, version 1709 or later, when the same policy is configured in GP and MDM, the GP policy wins (GP policy takes precedence over MDM). Since Windows 10, version 1803, a new setting allows you to change the policy conflict winner to MDM. For additional information, see [Windows 10 Group Policy vs. Intune MDM Policy who wins?](/archive/blogs/cbernier/windows-10-group-policy-vs-intune-mdm-policy-who-wins)
+In Windows 10, version 1709 or later, when the same policy is configured in Group Policy and MDM, Group Policy policy takes precedence over MDM. Since Windows 10, version 1803, a new setting allows you to change precedence to MDM. For more information, see [Windows 10 Group Policy vs. Intune MDM Policy who wins?](/archive/blogs/cbernier/windows-10-group-policy-vs-intune-mdm-policy-who-wins).
 
-For this policy to work, you must verify that the MDM service provider allows the GP triggered MDM enrollment for domain joined devices.
+For this policy to work, you must verify that the MDM service provider allows Group Policy initiated MDM enrollment for domain-joined devices.
 
 ## Verify auto-enrollment requirements and settings
+
 To ensure that the auto-enrollment feature is working as expected, you must verify that various requirements and settings are configured correctly.
 The following steps demonstrate required settings using the Intune service:
-1. Verify that the user who is going to enroll the device has a valid Intune license.
 
-    ![Intune license verification](images/auto-enrollment-intune-license-verification.png)
+1. Verify that the user who is going to enroll the device has a valid [Intune license](/mem/intune/fundamentals/licenses).
 
-2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md).
+   :::image type="content" alt-text="Intune license verification." source="images/auto-enrollment-intune-license-verification.png" lightbox="images/auto-enrollment-intune-license-verification.png":::
 
-    ![Auto-enrollment activation verification](images/auto-enrollment-activation-verification.png)
+2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Mobile Device Management (MDM) with Intune. For more information, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md).
+
+    ![Auto-enrollment activation verification.](images/auto-enrollment-activation-verification.png)
 
     > [!IMPORTANT]
-    > For BYOD devices, the MAM user scope takes precedence if both MAM user scope and MDM user scope (automatic MDM enrollment) are enabled for all users (or the same groups of users). The device will use Windows Information Protection (WIP) Policies (if you configured them) rather than being MDM enrolled.
+    > For bring-your-own devices (BYOD devices), the Mobile Application Management (MAM) user scope takes precedence if both MAM user scope and MDM user scope (automatic MDM enrollment) are enabled for all users (or the same groups of users). The device will use Windows Information Protection (WIP) Policies (if you configured them) rather than being MDM enrolled.
     >
-    > For corporate devices, the MDM user scope takes precedence if both scopes are enabled. The devices get MDM enrolled.
+    > For corporate-owned devices, the MDM user scope takes precedence if both scopes are enabled. The devices get MDM enrolled.
 
 3. Verify that the device OS version is Windows 10, version 1709 or later.
-4. Auto-enrollment into Intune via Group Policy is valid only for devices which are hybrid Azure AD joined. This means that the device must be joined into both local Active Directory and Azure Active Directory. To verify that the device is  hybrid Azure AD joined, run  `dsregcmd /status` from the command line.
+
+4. Auto-enrollment into Intune via Group Policy is valid only for devices that are hybrid Azure AD joined. This condition means that the device must be joined into both local Active Directory and Azure Active Directory. To verify that the device is hybrid Azure AD joined, run `dsregcmd /status` from the command line.
 
     You can confirm that the device is properly hybrid-joined if both **AzureAdJoined** and **DomainJoined** are set to **YES**.
 
-    ![Auto-enrollment device status result](images/auto-enrollment-device-status-result.png)
+    ![Auto-enrollment device status result.](images/auto-enrollment-device-status-result.png)
 
     Additionally, verify that the SSO State section displays **AzureAdPrt** as **YES**.
 
-    ![Auto-enrollment Azure AD prt verification](images/auto-enrollment-azureadprt-verification.png)
+    ![Auto-enrollment Azure AD prt verification.](images/auto-enrollment-azureadprt-verification.png)
 
     This information can also be found on the Azure AD device list.
 
-    ![Azure AD device list](images/azure-ad-device-list.png)
+    ![Azure AD device list.](images/azure-ad-device-list.png)
 
 5. Verify that the MDM discovery URL during auto-enrollment is https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc
 
-    ![MDM discovery URL](images/auto-enrollment-mdm-discovery-url.png)
+    ![MDM discovery URL.](images/auto-enrollment-mdm-discovery-url.png)
 
 6. Some tenants might have both **Microsoft Intune** and **Microsoft Intune Enrollment** under **Mobility**. Make sure that your auto-enrollment settings are configured under **Microsoft Intune** instead of **Microsoft Intune Enrollment**.
 
-    ![Mobility setting MDM intune](images/auto-enrollment-microsoft-intune-setting.png)
+   :::image type="content" alt-text="Mobility setting MDM intune." source="images/auto-enrollment-microsoft-intune-setting.png" lightbox="images/auto-enrollment-microsoft-intune-setting.png":::
+
+7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (**Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is properly deployed to all devices that should be enrolled into Intune.
 
-7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (**Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is properly deployed to all devices which should be enrolled into Intune.
 You may contact your domain administrators to verify if the group policy has been deployed successfully.
 
-8. Verify that the device is not enrolled with the old Intune client used on the Intune Silverlight Portal (this is the Intune portal used before the Azure portal).
+8. Verify that the device isn't enrolled with the old Intune client used on the Intune Silverlight Portal (the Intune portal used before the Azure portal).
 
-9. Verify that Azure AD allows the logon user to enroll devices.
+9. Verify that Microsoft Intune should allow enrollment of Windows devices.
 
-    ![Azure AD device settings](images/auto-enrollment-azure-ad-device-settings.png)
-
-10. Verify that Microsoft Intune should allow enrollment of Windows devices.
-
-    ![Enrollment of Windows devices](images/auto-enrollment-enrollment-of-windows-devices.png)
+   :::image type="content" alt-text="Enrollment of Windows devices." source="images/auto-enrollment-enrollment-of-windows-devices.png" lightbox="images/auto-enrollment-enrollment-of-windows-devices.png":::
 
 ## Configure the auto-enrollment Group Policy for a single PC
 
-This procedure is only for illustration purposes to show how the new auto-enrollment policy works. It is not recommended for the production environment in the enterprise. For bulk deployment, you should use the [Group Policy Management Console process](#configure-the-auto-enrollment-for-a-group-of-devices).
+This procedure is only for illustration purposes to show how the new auto-enrollment policy works. It's not recommended for the production environment in the enterprise. For bulk deployment, you should use the [Group Policy Management Console process](#configure-the-auto-enrollment-for-a-group-of-devices).
 
 Requirements:
 - AD-joined PC running Windows 10, version 1709 or later
 - Enterprise has MDM service already configured
 - Enterprise AD must be registered with Azure AD
 
-1. Run GPEdit.msc
+1. Run `GPEdit.msc`. Choose **Start**, then in the text box type `gpedit`.
 
-    Click Start, then in the text box type gpedit.
+    ![GPEdit desktop app search result.](images/autoenrollment-gpedit.png)
 
-    ![GPEdit desktop app search result](images/autoenrollment-gpedit.png)
+2. Under **Best match**, select **Edit group policy** to launch it.
 
-2. Under **Best match**, click **Edit group policy** to launch it.
+3. In **Local Computer Policy**, select **Administrative Templates** > **Windows Components** > **MDM**.
 
-3. In **Local Computer Policy**, click **Administrative Templates** > **Windows Components** > **MDM**.
+   :::image type="content" alt-text="MDM policies." source="images/autoenrollment-mdm-policies.png" lightbox="images/autoenrollment-mdm-policies.png":::
 
-    > [!div class="mx-imgBorder"]
-    > ![MDM policies](images/autoenrollment-mdm-policies.png)
+4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** as the **Selected Credential Type to use**.
 
-4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** as the Selected Credential Type to use.
+   :::image type="content" alt-text="MDM autoenrollment policy." source="images/autoenrollment-policy.png" lightbox="images/autoenrollment-policy.png":::
 
-   > [!NOTE]
-   > **Device Credential** Credential Type may work, however, it is not yet supported by Intune. We don't recommend using this option until it's supported. 
-
-   ![MDM autoenrollment policy](images/autoenrollment-policy.png)
-
-5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**.
+5. Select **Enable**, select **User Credential** from the dropdown **Select Credential Type to Use**, then select **OK**.
 
     > [!NOTE]
-    > In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later.
-    > 
-    > The default behavior for older releases is to revert to **User Credential**.
-    > **Device Credential** is only supported for Microsoft Intune enrollment in scenarios with Co-management or Azure Virtual Desktop.
+    > In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. The default behavior for older releases is to revert to **User Credential**.
+    > **Device Credential** is only supported for Microsoft Intune enrollment in scenarios with Co-management or Azure Virtual Desktop because the Intune subscription is user centric.
 
-    When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."
+    When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called "Schedule created by enrollment client for automatically enrolling in MDM from AAD."
 
     To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
 
-    If two-factor authentication is required, you will be prompted to complete the process. Here is an example screenshot.
+    If two-factor authentication is required, you'll be prompted to complete the process. Here's an example screenshot.
 
-    ![Two-factor authentication notification](images/autoenrollment-2-factor-auth.png)
+    ![Two-factor authentication notification.](images/autoenrollment-2-factor-auth.png)
 
     > [!Tip]
     > You can avoid this behavior by using Conditional Access Policies in Azure AD.
     Learn more by reading [What is Conditional Access?](/azure/active-directory/conditional-access/overview).
 
-6. To verify successful enrollment to MDM , click **Start > Settings > Accounts > Access work or school**, then select your domain account.
+6. To verify successful enrollment to MDM, go to **Start** > **Settings** > **Accounts** > **Access work or school**, then select your domain account.
 
-7. Click **Info** to see the MDM enrollment information.
+7. Select **Info** to see the MDM enrollment information.
 
-    ![Work School Settings](images/autoenrollment-settings-work-school.png)
+    ![Work School Settings.](images/autoenrollment-settings-work-school.png)
 
-    If you do not see the **Info** button or the enrollment information, it is possible that the enrollment failed. Check the status in [Task Scheduler app](#task-scheduler-app).
+    If you don't see the **Info** button or the enrollment information, enrollment might have failed. Check the status in [Task Scheduler app](#task-scheduler-app).
 
 
 ### Task Scheduler app
 
-1. Click **Start**, then in the text box type **task scheduler**.
+1. Select **Start**, then in the text box type `task scheduler`.
 
-   ![Task Scheduler search result](images/autoenrollment-task-schedulerapp.png)
+   ![Task Scheduler search result.](images/autoenrollment-task-schedulerapp.png)
 
-2. Under **Best match**, click **Task Scheduler** to launch it.
+2. Under **Best match**, select **Task Scheduler** to launch it.
 
-3. In **Task Scheduler Library**, open **Microsoft > Windows** , then click **EnterpriseMgmt**.
+3. In **Task Scheduler Library**, open **Microsoft > Windows** , then select **EnterpriseMgmt**.
 
-    ![Auto-enrollment scheduled task](images/autoenrollment-scheduled-task.png)
+   :::image type="content" alt-text="Auto-enrollment scheduled task." source="images/autoenrollment-scheduled-task.png" lightbox="images/autoenrollment-scheduled-task.png":::
 
-    To see the result of the task, move the scroll bar to the right to see the **Last Run Result**. Note that **0x80180026** is a failure message (MENROLL\_E_DEVICE\_MANAGEMENT_BLOCKED). You can see the logs in the **History** tab.
+    To see the result of the task, move the scroll bar to the right to see the **Last Run Result**. The message **0x80180026** is a failure message (`MENROLL_E_DEVICE_MANAGEMENT_BLOCKED`). You can see the logs in the **History** tab.
 
-    If the device enrollment is blocked, your IT admin may have enabled the **Disable MDM Enrollment** policy.
+    If the device enrollment is blocked, your IT admin might have enabled the **Disable MDM Enrollment** policy.
 
     > [!NOTE]
-    > The GPEdit console does not reflect the status of policies set by your IT admin on your device. It is only used by the user to set policies.
+    > The GPEdit console doesn't reflect the status of policies set by your IT admin on your device. It's only used by the user to set policies.
 
 ## Configure the auto-enrollment for a group of devices
 
@@ -179,7 +176,7 @@ Requirements:
 - Ensure that PCs belong to same computer group.
 
 > [!IMPORTANT]
-> If you do not see the policy, it may be because you don't have the ADMX for Windows 10, version 1803, version 1809, or version 1903 installed. To fix the issue, use the following procedures. Note that the latest MDM.admx is backwards compatible.
+> If you don't see the policy, it may be because you don't have the ADMX for Windows 10, version 1803, version 1809, or version 1903 installed. To fix the issue, use the following procedures. Note that the latest MDM.admx is backwards compatible.
 
 1. Download:
 
@@ -197,6 +194,9 @@ Requirements:
 
    - 21H1 --> [Administrative Templates (.admx) for Windows 10 May 2021 Update (21H1)](https://www.microsoft.com/download/details.aspx?id=103124)
 
+   - 21H2 --> [Administrative Templates (.admx) for Windows 10 November 2021 Update (21H2)](https://www.microsoft.com/download/103667)
+   
+   
 2. Install the package on the Domain Controller.
 
 3. Navigate, depending on the version to the folder:
@@ -215,13 +215,15 @@ Requirements:
 
    - 21H1 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2021 Update (21H1)**
 
-4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**.
+   - 21H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2021 Update (21H2)**
 
-5. Copy PolicyDefinitions folder to **\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions**.
+4. Rename the extracted Policy Definitions folder to `PolicyDefinitions`.
 
-   If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain.
+5. Copy the PolicyDefinitions folder to `\\SYSVOL\contoso.com\policies\PolicyDefinitions`.
 
-6. Wait for the SYSVOL DFSR replication to be completed and then restart the Domain Controller for the policy to be available.
+   If this folder doesn't exist, then you'll be switching to a [central policy store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for your entire domain.
+
+6. Wait for the SYSVOL DFSR replication to be completed for the policy to be available.
 
 This procedure will work for any future version as well.
 
@@ -234,59 +236,60 @@ This procedure will work for any future version as well.
 4. Filter using Security Groups.
 
 ## Troubleshoot auto-enrollment of devices
+
 Investigate the log file if you have issues even after performing all the mandatory verification steps. The first log file to investigate is the event log on the target Windows 10 device.
 
 To collect Event Viewer logs:
 
 1. Open Event Viewer.
-2. Navigate to **Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider > Admin**.
+
+2. Navigate to **Applications and Services Logs** > **Microsoft** > **Windows** > **DeviceManagement-Enterprise-Diagnostic-Provider** > **Admin**.
 
     > [!Tip]
     > For guidance on how to collect event logs for Intune, see [Collect MDM Event Viewer Log YouTube video](https://www.youtube.com/watch?v=U_oCe2RmQEc).
 
-3. Search for event ID 75, which represents a successful auto-enrollment. Here is an example screenshot that shows the auto-enrollment completed successfully:
+3. Search for event ID 75, which represents a successful auto-enrollment. Here's an example screenshot that shows the auto-enrollment completed successfully:
 
-    ![Event ID 75](images/auto-enrollment-troubleshooting-event-id-75.png)
+   :::image type="content" alt-text="Event ID 75." source="images/auto-enrollment-troubleshooting-event-id-75.png"  lightbox="images/auto-enrollment-troubleshooting-event-id-75.png":::
 
-    If you cannot find event ID 75 in the logs, it indicates that the auto-enrollment failed. This can happen because of the following reasons:
+    If you can't find event ID 75 in the logs, it indicates that the auto-enrollment failed. This failure can happen because of the following reasons:
 
-    - The enrollment failed with error. In this case, search for event ID 76, which represents failed auto-enrollment. Here is an example screenshot that shows that the auto-enrollment failed:
+    - The enrollment failed with error. In this case, search for event ID 76, which represents failed auto-enrollment. Here's an example screenshot that shows that the auto-enrollment failed:
 
-      ![Event ID 76](images/auto-enrollment-troubleshooting-event-id-76.png)
+      :::image type="content" alt-text="Event ID 76." source="images/auto-enrollment-troubleshooting-event-id-76.png" lightbox="images/auto-enrollment-troubleshooting-event-id-76.png":::
 
-      To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](https://support.microsoft.com/en-ph/help/4469913/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for more information.
+      To troubleshoot, check the error code that appears in the event. For more information, see [Troubleshooting Windows device enrollment problems in Microsoft Intune](/troubleshoot/mem/intune/troubleshoot-windows-enrollment-errors).
 
-    - The auto-enrollment did not trigger at all. In this case, you will not find either event ID 75 or event ID 76. To know the reason, you must understand the internal mechanisms happening on the device as described in the following section.
+    - The auto-enrollment didn't trigger at all. In this case, you'll not find either event ID 75 or event ID 76. To know the reason, you must understand the internal mechanisms happening on the device as described in the following section.
 
-      The auto-enrollment process is triggered by a task (**Microsoft > Windows > EnterpriseMgmt**) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (**Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is successfully deployed to the target machine as shown in the following screenshot:
+      The auto-enrollment process is triggered by a task (**Microsoft** > **Windows** > **EnterpriseMgmt**) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (**Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM**) is successfully deployed to the target machine as shown in the following screenshot:
 
-      ![Task scheduler](images/auto-enrollment-task-scheduler.png)
+      :::image type="content" alt-text="Task scheduler." source="images/auto-enrollment-task-scheduler.png" lightbox="images/auto-enrollment-task-scheduler.png":::
 
     > [!Note]
-    > This task isn't visible to standard users - run Scheduled Tasks with administrative credentials to find the task.
+    > This task isn't visible to standard users, run Scheduled Tasks with administrative credentials to find the task.
 
-    This task runs every 5 minutes for the duration of 1 day. To confirm if the task succeeded, check the task scheduler event logs:
-    **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**.
-    Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from AAD is triggered by event ID 107.
+    This task runs every 5 minutes for the duration of one day. To confirm if the task succeeded, check the task scheduler event logs:
+    **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**. Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from AAD is triggered by event ID 107.
 
-    ![Event ID 107](images/auto-enrollment-event-id-107.png)
+    :::image type="content" alt-text="Event ID 107." source="images/auto-enrollment-event-id-107.png" lightbox="images/auto-enrollment-event-id-107.png":::
 
     When the task is completed, a new event ID 102 is logged.
 
-    ![Event ID 102](images/auto-enrollment-event-id-102.png)
+    :::image type="content" alt-text="Event ID 102." source="images/auto-enrollment-event-id-102.png" lightbox="images/auto-enrollment-event-id-102.png":::
 
-    Note that the task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It does not indicate the success or failure of auto-enrollment.
+    The task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This status-display means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It doesn't indicate the success or failure of auto-enrollment.
 
-    If you cannot see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from AAD is initiated, there is possibly issue with the group policy. Immediately run the command `gpupdate /force` in command prompt to get the GPO applied. If this still does not help, further troubleshooting on the Active Directory is required.
+    If you can't see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from Azure AD is initiated, there's possibly an issue with the group policy. Immediately run the command `gpupdate /force` in a command prompt to get the group policy object applied. If this step still doesn't help, further troubleshooting on Active Directory is required.
     One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (**HKLM > Software > Microsoft > Enrollments**). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen:
 
-    ![Outdated enrollment entries](images/auto-enrollment-outdated-enrollment-entries.png)
+    :::image type="content" alt-text="Outdated enrollment entries." source="images/auto-enrollment-outdated-enrollment-entries.png" lightbox="images/auto-enrollment-outdated-enrollment-entries.png":::
 
-    By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational** event log file under event ID 7016.
+    By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs** > **Microsoft** > **Windows** > **Task Scheduler** > **Operational** event log file under event ID 7016.
 
-    A resolution to this issue is to remove the registry key manually. If you do not know which registry key to remove, go for the key which displays most entries as the screenshot above. All other keys will display fewer entries as shown in the following screenshot:
+    A resolution to this issue is to remove the registry key manually. If you don't know which registry key to remove, go for the key that displays most entries as the screenshot above. All other keys will display fewer entries as shown in the following screenshot:
 
-    ![Manually deleted entries](images/auto-enrollment-activation-verification-less-entries.png)
+    :::image type="content" alt-text="Manually deleted entries." source="images/auto-enrollment-activation-verification-less-entries.png" lightbox="images/auto-enrollment-activation-verification-less-entries.png":::
 
 ### Related topics
 
@@ -295,9 +298,14 @@ To collect Event Viewer logs:
 - [Link a Group Policy Object](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732979(v=ws.11))
 - [Filter Using Security Groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc752992(v=ws.11))
 - [Enforce a Group Policy Object Link](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753909(v=ws.11))
-- [Group Policy Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
+- [Group Policy Central Store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store)
+- [Getting started with Cloud Native Windows Endpoints](/mem/cloud-native-windows-endpoints)
+- [A Framework for Windows endpoint management transformation](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/a-framework-for-windows-endpoint-management-transformation/ba-p/2460684)
+- [Success with remote Windows Autopilot and Hybrid Azure Active Director join](https://techcommunity.microsoft.com/t5/intune-customer-success/success-with-remote-windows-autopilot-and-hybrid-azure-active/ba-p/2749353)
+
 
 ### Useful Links
+- [Windows 10 Administrative Templates for Windows 10 November 2021 Update 21H2](https://www.microsoft.com/download/103667)
 - [Windows 10 Administrative Templates for Windows 10 May 2021 Update 21H1](https://www.microsoft.com/download/details.aspx?id=103124)
 - [Windows 10 Administrative Templates for Windows 10 November 2019 Update 1909](https://www.microsoft.com/download/details.aspx?id=100591)
 - [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495)
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
index 98739efcb1..75870e43e0 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: ManikaDhiman
+author: dansimp
 ms.date: 05/17/2019
 ---
 
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md
index 54e9da339c..6cf9e1ad93 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md
@@ -1,24 +1,24 @@
 ---
 title: EnrollmentStatusTracking CSP
-description: Learn how to perform a hybrid certificate trust deployment of Windows Hello for Business, for systems with no previous installations.
+description: Learn how to execute a hybrid certificate trust deployment of Windows Hello for Business, for systems with no previous installations.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: ManikaDhiman
+author: dansimp
 ms.date: 05/21/2019
 ---
 
 # EnrollmentStatusTracking CSP
 
-During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device use until the required apps are installed. You can select the apps that must be installed before using the device. The EnrollmentStatusTracking configuration service provider (CSP) is used by Intune's agents, such as SideCar to configure ESP for blocking the device use until the required Win32 apps are installed. It tracks the installation status of the required policy providers and the apps they install and sends it to ESP, which displays the installation progress message to the user. For more information on ESP, see [Windows Autopilot Enrollment Status page](/windows/deployment/windows-autopilot/enrollment-status).
+During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device usage until the required apps are installed. You can select the apps that must be installed before using the device. The EnrollmentStatusTracking configuration service provider (CSP) is used by Intune's agents, such as SideCar, to configure ESP for blocking the device usage until the required Win32 apps are installed. It tracks the installation status of the required policy providers and the apps they install and sends it to ESP, which displays the installation progress message to the user. For more information on ESP, see [Windows Autopilot Enrollment Status page](/windows/deployment/windows-autopilot/enrollment-status).
 
-ESP uses the EnrollmentStatusTracking CSP along with the DMClient CSP to track the installation of different apps. The EnrollmentStatusTracking CSP tracks Win32 apps installations and DMClient CSP tracks MSI and Universal Windows Platform apps installations. In DMClient CSP, the **FirstSyncStatus/ExpectedMSIAppPackages** and **FirstSyncStatus/ExpectedModernAppPackages** nodes list the apps to track their installation. See [DMClient CSP](dmclient-csp.md) for more information.
+ESP uses the EnrollmentStatusTracking CSP along with the DMClient CSP to track the installation of different apps. The EnrollmentStatusTracking CSP tracks Win32 apps installations and DMClient CSP tracks MSI and Universal Windows Platform apps installations. In DMClient CSP, the **FirstSyncStatus/ExpectedMSIAppPackages** and **FirstSyncStatus/ExpectedModernAppPackages** nodes list the apps to track their installation. For more information, see [DMClient CSP](dmclient-csp.md).
 
 The EnrollmentStatusTracking CSP was added in Windows 10, version 1903.
 
 
-The following shows the EnrollmentStatusTracking CSP in tree format.
+The following example shows the EnrollmentStatusTracking CSP in tree format.
 ```
 ./User/Vendor/MSFT
 EnrollmentStatusTracking
diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md
index b809041a65..d5a45549a2 100644
--- a/windows/client-management/mdm/enterprise-app-management.md
+++ b/windows/client-management/mdm/enterprise-app-management.md
@@ -1,6 +1,6 @@
 ---
 title: Enterprise app management
-description: This topic covers one of the key mobile device management (MDM) features in Windows 10 for managing the lifecycle of apps across all of Windows.
+description: This article covers one of the key mobile device management (MDM) features in Windows 10 for managing the lifecycle of apps across all of Windows.
 ms.assetid: 225DEE61-C3E3-4F75-BC79-5068759DFE99
 ms.reviewer: 
 manager: dansimp
@@ -8,13 +8,13 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
-ms.date: 09/22/2017
+author: dansimp
+ms.date: 10/04/2021
 ---
 
 # Enterprise app management
 
-This topic covers one of the key mobile device management (MDM) features in Windows 10 for managing the lifecycle of apps across all of Windows. It is the ability to manage both Store and non-Store apps as part of the native MDM capabilities. New in Windows 10 is the ability to take inventory of all your apps.
+This article covers one of the key mobile device management (MDM) features in Windows 10. It manages the lifecycle of apps across all of Windows. It's the ability to manage both Store and non-Store apps as part of the native MDM capabilities. New in Windows 10 is the ability to take inventory of all your apps.
 
 ## Application management goals
 
@@ -26,32 +26,129 @@ Windows 10 offers the ability for management servers to:
 -   Inventory all apps for a user (Store and non-Store apps)
 -   Inventory all apps for a device (Store and non-Store apps)
 -   Uninstall all apps for a user (Store and non-Store apps)
--   Provision apps so they are installed for all users of a device running Windows 10 for desktop editions (Home, Pro, Enterprise, and Education)
+-   Provision apps so they're installed for all users of a device running Windows 10 for desktop editions (Home, Pro, Enterprise, and Education)
 -   Remove the provisioned app on the device running Windows 10 for desktop editions
 
 ## Inventory your apps
 
-Windows 10 lets you inventory all apps deployed to a user and all apps for all users of a device on Windows 10 for desktop editions. The [EnterpriseModernAppManagement](enterprisemodernappmanagement-csp.md) configuration service provider (CSP) inventories packaged apps and does not include traditional Win32 apps installed via MSI or executables. When the apps are inventoried they are separated based on the following app classifications:
+Windows 10 lets you inventory all apps deployed to a user, and inventory all apps for all users of a device on Windows 10 for desktop editions. The [EnterpriseModernAppManagement](enterprisemodernappmanagement-csp.md) configuration service provider (CSP) inventories packaged apps and doesn't include traditional Win32 apps installed via MSI or executables. When the apps are inventoried, they're separated based on the following app classifications:
 
 -   Store - Apps that are from the Microsoft Store. Apps can be directly installed from the Store or delivered with the enterprise from the Store for Business
--   nonStore - Apps that were not acquired from the Microsoft Store.
--   System - Apps that are part of the OS. You cannot uninstall these apps. This classification is read-only and can only be inventoried.
+-   nonStore - Apps that weren't acquired from the Microsoft Store.
+-   System - Apps that are part of the OS. You can't uninstall these apps. This classification is read-only and can only be inventoried.
 
 These classifications are represented as nodes in the EnterpriseModernAppManagement CSP.
 
-The following diagram shows the EnterpriseModernAppManagement CSP in a tree format.
+The following information shows the EnterpriseModernAppManagement CSP in a tree format:
 
-![enterprisemodernappmanagement csp diagram](images/provisioning-csp-enterprisemodernappmanagement.png)
+```console
+./Device/Vendor/MSFT 
+or
+./User/Vendor/MSFT
+EnterpriseAppManagement
+----AppManagement
+--------UpdateScan
+--------LastScanError
+--------AppInventoryResults
+--------AppInventoryQuery
+--------RemovePackage
+--------AppStore
+----------PackageFamilyName
+------------PackageFullName
+--------------Name
+--------------Version
+--------------Publisher
+--------------Architecture
+--------------InstallLocation
+--------------IsFramework
+--------------IsBundle
+--------------InstallDate
+--------------ResourceID
+--------------RequiresReinstall
+--------------PackageStatus
+--------------Users
+--------------IsProvisioned
+--------------IsStub
+------------DoNotUpdate
+------------AppSettingPolicy
+--------------SettingValue
+------------MaintainProcessorArchitectureOnUpdate
+------------NonRemovable
+----------ReleaseManagement
+------------ReleaseManagementKey
+--------------ChannelId
+--------------ReleaseId
+--------------EffectiveRelease
+-----------------ChannelId
+-----------------ReleaseId
+--------nonStore
+----------PackageFamilyName
+------------PackageFullName
+--------------Name
+--------------Version
+--------------Publisher
+--------------Architecture
+--------------InstallLocation
+--------------IsFramework
+--------------IsBundle
+--------------InstallDate
+--------------ResourceID
+--------------RequiresReinstall
+--------------PackageStatus
+--------------Users
+--------------IsProvisioned
+--------------IsStub
+------------DoNotUpdate
+------------AppSettingPolicy
+--------------SettingValue
+------------MaintainProcessorArchitectureOnUpdate
+------------NonRemoveable
+--------System
+----------PackageFamilyName
+------------PackageFullName
+--------------Name
+--------------Version
+--------------Publisher
+--------------Architecture
+--------------InstallLocation
+--------------IsFramework
+--------------IsBundle
+--------------InstallDate
+--------------ResourceID
+--------------RequiresReinstall
+--------------PackageStatus
+--------------Users
+--------------IsProvisioned
+--------------IsStub
+------------DoNotUpdate
+------------AppSettingPolicy
+--------------SettingValue
+------------MaintainProcessorArchitectureOnUpdate
+------------NonRemoveable
+----AppInstallation
+--------PackageFamilyName
+----------StoreInstall
+----------HostedInstall
+----------LastError
+----------LastErrorDesc
+----------Status
+----------ProgressStatus
+----AppLicenses
+--------StoreLicenses
+----------LicenseID
+------------LicenseCategory
+------------LicenseUsage
+------------RequesterID
+------------AddLicense
+------------GetLicenseFromStore
+```
 
 Each app displays one package family name and 1-n package full names for installed apps. The apps are categorized based on their origin (Store, nonStore, System).
 
-Inventory can be performed recursively at any level from the AppManagement node through the package full name. Inventory can also be performed only for a specific inventory attribute.
+Inventory can run recursively at any level from the AppManagement node through the package full name. Inventory can also run only for a specific inventory attribute.
 
 Inventory is specific to the package full name and lists bundled packs and resources packs as applicable under the package family name.
 
-> **Note**  On Windows 10 Mobile, XAP packages have the product ID in place of both the package family name and package full name.
-
- 
 Here are the nodes for each package full name:
 
 -   Name
@@ -72,11 +169,11 @@ For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](
 
 ### App inventory
 
-You can use the EnterpriseModernAppManagement CSP to query for all apps installed for a user or device. The query returns all apps regardless if they were installed via MDM or other methods. Inventory can be performed at the user or device level. Inventory at the device level will return information for all users on the device.
+You can use the EnterpriseModernAppManagement CSP to query for all apps installed for a user or device. The query returns all apps, even if they were installed using MDM or other methods. Inventory can run at the user or device level. Inventory at the device level will return information for all users on the device.
 
-Note that performing a full inventory of a device can be resource intensive on the client based on the hardware and number of apps that are installed. The data returned can also be very large. You may want to chunk these requests to reduce the impact to clients and network traffic.
+Doing a full inventory of a device can be resource-intensive based on the hardware and number of apps that are installed. The data returned can also be large. You may want to chunk these requests to reduce the impact to clients and network traffic.
 
-Here is an example of a query for all apps on the device.
+Here's an example of a query for all apps on the device.
 
 ```xml
 
@@ -90,7 +187,7 @@ Here is an example of a query for all apps on the device.
 
 ```
 
-Here is an example of a query for a specific app for a user.
+Here's an example of a query for a specific app for a user.
 
 ```xml
 
@@ -106,7 +203,7 @@ Here is an example of a query for a specific app for a user.
 
 ### Store license inventory
 
-You can use the EnterpriseModernAppManagement CSP to query for all app licenses installed for a user or device. The query returns all app licenses regardless if they were installed via MDM or other methods. Inventory can be performed at the user or device level. Inventory at the device level will return information for all users on the device.
+You can use the EnterpriseModernAppManagement CSP to query for all app licenses installed for a user or device. The query returns all app licenses, event if they were installed via MDM or other methods. Inventory can run at the user or device level. Inventory at the device level will return information for all users on the device.
 
 Here are the nodes for each license ID:
 
@@ -116,10 +213,10 @@ Here are the nodes for each license ID:
 
 For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md).
 
-> **Note**  The LicenseID in the CSP is the content ID for the license.
+> [!NOTE]
+> The LicenseID in the CSP is the content ID for the license.
 
-
-Here is an example of a query for all app licenses on a device.
+Here's an example of a query for all app licenses on a device.
 
 ```xml
 
@@ -133,7 +230,7 @@ Here is an example of a query for all app licenses on a device.
 
 ```
 
-Here is an example of a query for all app licenses for a user.
+Here's an example of a query for all app licenses for a user.
 
 ```xml
 
@@ -149,13 +246,13 @@ Here is an example of a query for all app licenses for a user.
 
 ## Enable the device to install non-Store apps
 
-There are two basic types of apps you can deploy: Store apps and enterprise signed apps. To deploy enterprise signed apps, you must enable a setting on the device to allow trusted apps. The apps can be signed by a Microsoft approved root (such as Symantec), an enterprise deployed root or apps that are self-signed. This section covers the steps to configure the device for non-store app deployment.
+There are two basic types of apps you can deploy: Store apps and enterprise signed apps. To deploy enterprise signed apps, you must enable a setting on the device to allow trusted apps. The apps can be signed by a Microsoft approved root (such as Symantec), an enterprise deployed root, or apps that are self-signed. This section covers the steps to configure the device for non-store app deployment.
 
 ### Unlock the device for non-Store apps
 
-To deploy app that are not from the Microsoft Store, you must configure the ApplicationManagement/AllowAllTrustedApps policy. This policy allows the installation of non-Store apps on the device provided that there is a chain to a certificate on the device. The app can be signed with a root certificate on the device (such as Symantec Enterprise), an enterprise owned root certificate, or a peer trust certificate deployed on the device. For more information about deploying user license, see [Deploy an offline license to a user](#deploy-an-offline-license-to-a-user).
+To deploy apps that aren't from the Microsoft Store, you must configure the ApplicationManagement/AllowAllTrustedApps policy. This policy allows the installation of non-Store apps on the device if there's a chain to a certificate on the device. The app can be signed with a root certificate on the device (such as Symantec Enterprise), an enterprise owned root certificate, or a peer trust certificate deployed on the device. For more information about deploying user license, see [Deploy an offline license to a user](#deploy-an-offline-license-to-a-user).
 
-The AllowAllTrustedApps policy enables the installation apps that are trusted by a certificate in the Trusted People on the device or a root certificate in the Trusted Root of the device. The policy is not configured by default, which means only apps from the Microsoft Store can be installed. If the management server implicitly sets the value to off, the setting is disabled in the settings panel on the device.
+The AllowAllTrustedApps policy enables the installation apps that are trusted by a certificate in the Trusted People on the device, or a root certificate in the Trusted Root of the device. The policy isn't configured by default, which means only apps from the Microsoft Store can be installed. If the management server implicitly sets the value to off, the setting is disabled in the settings panel on the device.
 
 For more information about the AllowAllTrustedApps policy, see [Policy CSP](policy-configuration-service-provider.md).
 
@@ -191,13 +288,13 @@ Here are some examples.
 
 Development of apps on Windows 10 no longer requires a special license. You can enable debugging and deployment of non-packaged apps using ApplicationManagement/AllowDeveloperUnlock policy in Policy CSP.
 
-AllowDeveloperUnlock policy enables the development mode on the device. The AllowDeveloperUnlock is not configured by default, which means only Microsoft Store apps can be installed. If the management server explicitly sets the value to off, the setting is disabled in the settings panel on the device.
+AllowDeveloperUnlock policy enables the development mode on the device. The AllowDeveloperUnlock isn't configured by default, which means only Microsoft Store apps can be installed. If the management server explicitly sets the value to off, the setting is disabled in the settings panel on the device.
 
-Deployment of apps to Windows 10 for desktop editions requires that there is a chain to a certificate on the device. The app can be signed with a root certificate on the device (such as Symantec Enterprise), an enterprise owned root certificate, or a peer trust certificate deployed on the device. Deployment to Windows 10 Mobile does not validate whether the non-Store apps have a valid root of trust on the device.
+Deployment of apps to Windows 10 for desktop editions requires that there's a chain to a certificate on the device. The app can be signed with a root certificate on the device (such as Symantec Enterprise), an enterprise owned root certificate, or a peer trust certificate deployed on the device.
 
 For more information about the AllowDeveloperUnlock policy, see [Policy CSP](policy-configuration-service-provider.md).
 
-Here is an example.
+Here's an example.
 
 ```xml
 
@@ -227,20 +324,20 @@ Here is an example.
 
 ## Install your apps
 
-You can install apps to a specific user or to all users of a device. Apps are installed directly from the Microsoft Store or in some cases from a host location, such as a local disk, UNC path, or HTTPS location. Use the AppInstallation node of the [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) to install apps.
+You can install apps to a specific user or to all users of a device. Apps are installed directly from the Microsoft Store. Or, they're installed from a host location, such as a local disk, UNC path, or HTTPS location. Use the AppInstallation node of the [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) to install apps.
 
 ### Deploy apps to user from the Store
 
-To deploy an app to a user directly from the Microsoft Store, the management server performs an Add and Exec commands on the AppInstallation node of the EnterpriseModernAppManagement CSP. This is only supported in the user context and not supported in the device context.
+To deploy an app to a user directly from the Microsoft Store, the management server runs an Add and Exec command on the AppInstallation node of the EnterpriseModernAppManagement CSP. This feature is only supported in the user context, and not supported in the device context.
 
-If you purchased an app from the Store for Business and the app is specified for an online license, the app and license must be acquired directly from the Microsoft Store.
+If you purchased an app from the Store for Business and the app is specified for an online license, then the app and license must be acquired directly from the Microsoft Store.
 
 Here are the requirements for this scenario:
 
--   The app is assigned to a user Azure Active Directory (AAD) identity in the Store for Business. You can do this directly in the Store for Business or through a management server.
+-   The app is assigned to a user Azure Active Directory (Azure AD) identity in the Store for Business. You can assign directly in the Store for Business or through a management server.
 -   The device requires connectivity to the Microsoft Store.
--   Microsoft Store services must be enabled on the device. Note that the UI for the Microsoft Store can be disabled by the enterprise admin.
--   The user must be signed in with their AAD identity.
+-   Microsoft Store services must be enabled on the device. The UI for the Microsoft Store can be disabled by the enterprise admin.
+-   The user must be signed in with their Azure AD identity.
 
 Here are some examples.
 
@@ -264,9 +361,9 @@ Here are the changes from the previous release:
 1.  The "{CatID}" reference should be updated to "{ProductID}". This value is acquired as a part of the Store for Business management tool.
 2.  The value for flags can be "0" or "1"
 
-    When using "0" the management tool calls back to the Store for Business sync to assign a user a seat of an application. When using "1" the management tool does not call back in to the Store for Business sync to assign a user a seat of an application. The CSP will claim a seat if one is available.
+    When using "0", the management tool calls back to the Store for Business sync to assign a user a seat of an application. When using "1", the management tool doesn't call back in to the Store for Business sync to assign a user a seat of an application. The CSP will claim a seat if one is available.
 
-3.  The skuid is a new parameter that is required. This value is acquired as a part of the Store for Business to management tool sync.
+3.  The `skuid` is a new parameter that is required. This value is acquired as a part of the Store for Business to management tool sync.
 
 ### Deploy an offline license to a user
 
@@ -276,10 +373,10 @@ The app license only needs to be deployed as part of the initial installation of
 
 In the SyncML, you need to specify the following information in the Exec command:
 
--   License ID - This is specified in the LocURI. The License ID for the offline license is referred to as the "Content ID" in the license file. You can retrieve this information from the Base64 encoded license download from the Store for Business.
--   License Content - This is specified in the data section. The License Content is the Base64 encoded blob of the license.
+-   License ID - This ID is specified in the LocURI. The License ID for the offline license is referred to as the "Content ID" in the license file. You can retrieve this information from the Base64 encoded license download from the Store for Business.
+-   License Content - This content is specified in the data section. The License Content is the Base64 encoded blob of the license.
 
-Here is an example of an offline license installation.
+Here's an example of an offline license installation.
 
 ```xml
 
@@ -303,17 +400,17 @@ If you purchased an app from the Store for Business and the app is specified for
 
 Here are the requirements for this scenario:
 
-- The location of the app can be a local files system (C:\\StagedApps\\app1.appx), a UNC path (\\\\server\\share\\app1.apx), or an HTTPS location (https://contoso.com/app1.appx\_
+- The location of the app can be a local files system (C:\\StagedApps\\app1.appx), a UNC path (\\\\server\\share\\app1.apx), or an HTTPS location (`https://contoso.com/app1.appx`).
 - The user must have permission to access the content location. For HTTPs, you can use server authentication or certificate authentication using a certificate associated with the enrollment. HTTP locations are supported, but not recommended because of lack of authentication requirements.
-- The device does not need to have connectivity to the Microsoft Store, store services, or the have the Microsoft Store UI be enabled.
-- The user must be logged in, but association with AAD identity is not required.
+- The device doesn't need to have connectivity to the Microsoft Store, store services, or have the Microsoft Store UI be enabled.
+- The user must be logged in, but association with Azure AD identity isn't required.
 
-> **Note**  You must unlock the device to deploy nonStore apps or you must deploy the app license before deploying the offline apps. For details, see [Deploy an offline license to a user](#deploy-an-offline-license-to-a-user).
+> [!NOTE]
+> You must unlock the device to deploy nonStore apps or you must deploy the app license before deploying the offline apps. For details, see [Deploy an offline license to a user](#deploy-an-offline-license-to-a-user).
 
- 
 The Add command for the package family name is required to ensure proper removal of the app at unenrollment.
 
-Here is an example of a line-of-business app installation.
+Here's an example of a line-of-business app installation.
 
 ```xml
 
@@ -340,7 +437,7 @@ Here is an example of a line-of-business app installation.
 
 ```
 
-Here is an example of an app installation with dependencies.
+Here's an example of an app installation with dependencies.
 
 ```xml
 
@@ -374,7 +471,7 @@ Here is an example of an app installation with dependencies.
 
 ```
 
-Here is an example of an app installation with dependencies and optional packages.
+Here's an example of an app installation with dependencies and optional packages.
 
 ```xml
 
@@ -416,27 +513,26 @@ Here is an example of an app installation with dependencies and optional package
 
 ### Provision apps for all users of a device
 
-Provisioning allows you to stage the app to the device and all users of the device can have the app registered on their next login. This is only supported for app purchased from the Store for Business and the app is specified for an offline license or the app is a non-Store app. The app must be offered from a hosted location. The app is installed as a local system. To install to a local file share, the 'local system' of the device must have access to the share.
+Provisioning allows you to stage the app to the device and all users of the device can have the app registered on their next login. This feature is only supported for app purchased from the Store for Business, and the app is specified for an offline license or the app is a non-Store app. The app must be offered from a hosted location. The app is installed as a local system. To install to a local file share, the 'local system' of the device must have access to the share.
 
 Here are the requirements for this scenario:
 
-- The location of the app can be the local files system (C:\\StagedApps\\app1.appx), a UNC path (\\\\server\\share\\app1.apx), or an HTTPS location (https://contoso.com/app1.appx\_
+- The location of the app can be the local files system (C:\\StagedApps\\app1.appx), a UNC path (\\\\server\\share\\app1.apx), or an HTTPS location (`https://contoso.com/app1.appx\`)
 - The user must have permission to access the content location. For HTTPs, you can use server authentication or certificate authentication using a certificate associated with the enrollment. HTTP locations are supported, but not recommended because of lack of authentication requirements.
-- The device does not need to have connectivity to the Microsoft Store, or store services enabled.
-- The device does not need any AAD identity or domain membership.
+- The device doesn't need to have connectivity to the Microsoft Store, or store services enabled.
+- The device doesn't need any Azure AD identity or domain membership.
 - For nonStore app, your device must be unlocked.
-- For Store offline apps, the required licenses must be deployed prior to deploying the apps.
+- For Store offline apps, the required licenses must be deployed before deploying the apps.
 
-To provision app for all users of a device from a hosted location, the management server performs an Add and Exec command on the AppInstallation node in the device context. The Add command for the package family name is required to ensure proper removal of the app at unenrollment.
+To provision app for all users of a device from a hosted location, the management server runs an Add and Exec command on the AppInstallation node in the device context. The Add command for the package family name is required to ensure proper removal of the app at unenrollment.
 
-> **Note**  When you remove the provisioned app, it will not remove it from the users that already installed the app.
+> [!NOTE]
+> When you remove the provisioned app, it will not remove it from the users that already installed the app.
 
- 
-
-Here is an example of app installation.
-
-> **Note**  This is only supported in Windows 10 for desktop editions.
+Here's an example of app installation.
 
+> [!NOTE]
+> This is only supported in Windows 10 for desktop editions.
 
 ```xml
 
@@ -465,15 +561,15 @@ Here is an example of app installation.
 
 The HostedInstall Exec command contains a Data node that requires an embedded XML. Here are the requirements for the data XML:
 
--   Application node has a required parameter, PackageURI, which can be a local file location, UNC, or HTTPs location.
+-   Application node has a required parameter, PackageURI, which can be a local file location, UNC, or HTTPS location.
 -   Dependencies can be specified if required to be installed with the package. This is optional.
 
 The DeploymentOptions parameter is only available in the user context.
 
-Here is an example of app installation with dependencies.
-
-> **Note**  This is only supported in Windows 10 for desktop editions.
+Here's an example of app installation with dependencies.
 
+> [!NOTE]
+> This is only supported in Windows 10 for desktop editions.
 
 ```xml
 
@@ -509,22 +605,22 @@ Here is an example of app installation with dependencies.
 
 ### Get status of app installations
 
-When an app installation is completed, a Windows notification is sent. You can also query the status of using the AppInstallation node. Here is the list of information you can get back in the query:
+When an app installation is completed, a Windows notification is sent. You can also query the status of using the AppInstallation node. Here's the list of information you can get back in the query:
 
 -   Status - indicates the status of app installation.
-    -   NOT\_INSTALLED (0) - The node was added, but the execution was not completed.
-    -   INSTALLING (1) - Execution has started, but the deployment has not completed. If the deployment completes regardless of suceess this value is updated.
+    -   NOT\_INSTALLED (0) - The node was added, but the execution wasn't completed.
+    -   INSTALLING (1) - Execution has started, but the deployment hasn't completed. If the deployment completes regardless of success, then this value is updated.
     -   FAILED (2) - Installation failed. The details of the error can be found under LastError and LastErrorDescription.
-    -   INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean up actio has not completed, this state may briefly appear.
--   LastError - This is the last error reported by the app deployment server.
+    -   INSTALLED (3) - Once an install is successful this node is cleaned up. If the clean up action hasn't completed, then this state may briefly appear.
+-   LastError - The last error reported by the app deployment server.
 -   LastErrorDescription - Describes the last error reported by the app deployment server.
--   Status - This is an integer that indicates the progress of the app installation. In cases of an https location, this shows the estimated download progress.
+-   Status - An integer that indicates the progress of the app installation. In cases of an HTTPS location, this status shows the estimated download progress.
 
-    Status is not available for provisioning and only used for user-based installations. For provisioning, the value is always 0.
+    Status isn't available for provisioning and only used for user-based installations. For provisioning, the value is always 0.
 
 When an app is installed successfully, the node is cleaned up and no longer present. The status of the app can be reported under the AppManagement node.
 
-Here is an example of a query for a specific app installation.
+Here's an example of a query for a specific app installation.
 
 ```xml
 
@@ -538,7 +634,7 @@ Here is an example of a query for a specific app installation.
 
 ```
 
-Here is an example of a query for all app installations.
+Here's an example of a query for all app installations.
 
 ```xml
 
@@ -554,9 +650,9 @@ Here is an example of a query for all app installations.
 
 ### Alert for installation completion
 
-Application installations can take some time to complete, hence they are done asynchronously. When the Exec command is completed, the client sends a notification to the management server with a status, whether it's a failure or success.
+Application installations can take some time to complete. So, they're done asynchronously. When the Exec command is completed, the client sends a notification to the management server with a status, whether it's a failure or success.
 
-Here is an example of an alert.
+Here's an example of an alert.
 
 ```xml
 
@@ -577,9 +673,10 @@ Here is an example of an alert.
 
 For user-based installation, use the ./User path and for provisioning of apps, use the ./Device path.
 
-The Data field value of 0 (zero) indicates sucess, otherwise it is an error code. If there is a failure, you can get more details from the AppInstallation node.
+The Data field value of 0 (zero) indicates success. Otherwise it's an error code. If there's a failure, you can get more details from the AppInstallation node.
 
-> **Note**  At this time, the alert for Store app installation is not yet available.
+> [!NOTE]
+> At this time, the alert for Store app installation isn't yet available.
 
 
 ## Uninstall your apps
@@ -587,12 +684,12 @@ The Data field value of 0 (zero) indicates sucess, otherwise it is an error code
 You can uninstall apps from users from Windows 10 devices. To uninstall an app, you delete it from the AppManagement node of the CSP. Within the AppManagement node, packages are organized based on their origin according to the following nodes:
 
 -   AppStore - These apps are for the Microsoft Store. Apps can be directly installed from the store or delivered to the enterprise from the Store for Business.
--   nonStore - These apps that were not acquired from the Microsoft Store.
--   System - These apps are part of the OS. You cannot uninstall these apps.
+-   nonStore - These apps that weren't acquired from the Microsoft Store.
+-   System - These apps are part of the OS. You can't uninstall these apps.
 
-To uninstall an app, you delete it under the origin node, package family name, and package full name. To uninstall a XAP, use the product ID in place of the package family nane and package full name.
+To uninstall an app, you delete it under the origin node, package family name, and package full name. To uninstall a XAP, use the product ID in place of the package family name and package full name.
 
-Here is an example for uninstalling all versions of an app for a user.
+Here's an example for uninstalling all versions of an app for a user.
 
 ```xml
 
@@ -606,7 +703,7 @@ Here is an example for uninstalling all versions of an app for a user.
 
 ```
 
-Here is an example for uninstalling a specific version of the app for a user.
+Here's an example for uninstalling a specific version of the app for a user.
 
 ```xml
 
@@ -622,14 +719,15 @@ Here is an example for uninstalling a specific version of the app for a user.
 
 ### Removed provisioned apps from a device
 
-You can remove provisioned apps from a device for a specific version or for all versions of a package family. When a provisioned app is removed, it is not available to future users for the device. Logged in users who has the app registered to them will continue to have access to the app. If you want to removed the app for those users, you must explicitly uninstall the app for those users.
+You can remove provisioned apps from a device for a specific version, or for all versions of a package family. When a provisioned app is removed, it isn't available to future users for the device. Logged in users who have the app registered to them will continue to have access to the app. If you want to remove the app for those users, you must explicitly uninstall the app for those users.
 
-> **Note**  You can only remove an app that has an inventory value IsProvisioned = 1.
+> [!NOTE]
+> You can only remove an app that has an inventory value IsProvisioned = 1.
 
  
 Removing provisioned app occurs in the device context.
 
-Here is an example for removing a provisioned app from a device.
+Here's an example for removing a provisioned app from a device.
 
 ```xml
 
@@ -643,7 +741,7 @@ Here is an example for removing a provisioned app from a device.
 
 ```
 
-Here is an example for removing a specific version of a provisioned app from a device:
+Here's an example for removing a specific version of a provisioned app from a device:
 
 ```xml
 
@@ -661,7 +759,7 @@ Here is an example for removing a specific version of a provisioned app from a d
 
 You can remove app licenses from a device per app based on the content ID.
 
-Here is an example for removing an app license for a user.
+Here's an example for removing an app license for a user.
 
 ```xml
 
@@ -675,7 +773,7 @@ Here is an example for removing an app license for a user.
 
 ```
 
-Here is an example for removing an app license for a provisioned package (device context).
+Here's an example for removing an app license for a provisioned package (device context).
 
 ```xml
 
@@ -691,11 +789,11 @@ Here is an example for removing an app license for a provisioned package (device
 
 ### Alert for app uninstallation
 
-Uninstallation of an app can take some time complete, hence the uninstallation is performed asynchronously. When the Exec command is completed, the client sends a notification to the management server with a status, whether it's a failure or success.
+Uninstallation of an app can take some time complete. So, the uninstall is run asynchronously. When the Exec command is completed, the client sends a notification to the management server with a status, whether it's a failure or success.
 
 For user-based uninstallation, use ./User in the LocURI, and for provisioning, use ./Device in the LocURI.
 
-Here is an example. There is only one uninstall for hosted and store apps.
+Here's an example. There's only one uninstall for hosted and store apps.
 
 ```xml
 
@@ -721,7 +819,7 @@ Apps installed on a device can be updated using the management server. Apps can
 
 To update an app from Microsoft Store, the device requires contact with the store services.
 
-Here is an example of an update scan.
+Here's an example of an update scan.
 
 ```xml
 
@@ -735,7 +833,7 @@ Here is an example of an update scan.
 
 ```
 
-Here is an example of a status check.
+Here's an example of a status check.
 
 ```xml
 
@@ -753,18 +851,17 @@ Here is an example of a status check.
 
 Updating an existing app follows the same process as an initial installation. For more information, see [Deploy apps to a user from a hosted location](#deploy-apps-to-a-user-from-a-hosted-location).
 
-
 ### Update provisioned apps
 
 A provisioned app automatically updates when an app update is sent to the user. You can also update a provisioned app using the same process as an initial provisioning. For more information about initial provisioning, see [Provision apps for all users of a device](#provision-apps-for-all-users-of-a-device).
 
 ### Prevent app from automatic updates
 
-You can prevent specific apps from being automatically updated. This allows you to turn on auto-updates for apps, with specific apps excluded as defined by the IT admin.
+You can prevent specific apps from being automatically updated. This feature allows you to turn on auto-updates for apps, with specific apps excluded as defined by the IT admin.
 
-Turning off updates only applies to updates from the Microsoft Store at the device level. This feature is not available at a user level. You can still update an app if the offline packages is pushed from hosted install location.
+Turning off updates only applies to updates from the Microsoft Store at the device level. This feature isn't available at a user level. You can still update an app if the offline packages are pushed from hosted install location.
 
-Here is an example.
+Here's an example.
 
 ```xml
 
@@ -782,96 +879,24 @@ Here is an example.
 
 ```
 
-## Additional app management scenarios
+## More app management scenarios
 
-The following subsections provide information about additional settings configurations.
-
-### Restrict app installation to the system volume
-
-You can install app on non-system volumes, such as a secondary partition or removable media (USB or SD cards). Using the RestrictApptoSystemVolume policy, you can prevent apps from getting installed or moved to non-system volumes. For more information about this policy, see [Policy CSP](policy-configuration-service-provider.md).
-
-> **Note**  This is only supported in mobile devices.
-
-
-Here is an example.
-
-```xml
-
-
-   1
-   
-      
-         ./Vendor/MSFT/Policy/Result/ApplicationManagement/RestrictAppToSystemVolume?list=StructData
-      
-   
-
-
-
-   2
-   
-      
-         ./Vendor/MSFT/Policy/Config/ApplicationManagement/RestrictAppToSystemVolume
-      
-    
-      int 
-      text/plain 
-    
-   1                        
-
-
-```
-
-### Restrict AppData to the system volume
-
-In Windows 10 Mobile IT administrators can set a policy to restrict user application data for a Microsoft Store app to the system volume, regardless of where the package is installed or moved.
-
-> **Note**  The feature is only for Windows 10 Mobile.
-
- 
-The RestrictAppDataToSystemVolume policy in [Policy CSP](policy-configuration-service-provider.md) enables you to restrict all user application data to stay on the system volume. When the policy is not configured or if it is disabled, and you move a package or when it is installed to a difference volume, then the user application data will moved to the same volume. You can set this policy to 0 (off, default) or 1.
-
-Here is an example.
-
-```xml
-
-
-   1
-   
-      
-         ./Vendor/MSFT/Policy/Result/ApplicationManagement/RestrictAppDataToSystemVolume?list=StructData
-      
-   
-
-
-
-   2
-   
-                        
-         ./Vendor/MSFT/Policy/Config/ApplicationManagement/RestrictAppDataToSystemVolume
-      
-    
-      int 
-      text/plain 
-    
-   1                        
-   
-
-```
+The following subsections provide information about more settings configurations.
 
 ### Enable shared user app data
 
-The Universal Windows app has the ability to share application data between the users of the device. The ability to share data can be set at a package family level or per device.
-
-> **Note**  This is only applicable to multi-user devices.
+The Universal Windows app can share application data between the users of the device. The ability to share data can be set at a package family level or per device.
 
+> [!NOTE]
+> This is only applicable to multi-user devices.
 
 The AllowSharedUserAppData policy in [Policy CSP](policy-configuration-service-provider.md) enables or disables app packages to share data between app packages when there are multiple users. If you enable this policy, applications can share data between packages in their package family. Data can be shared through ShareLocal folder for that package family and local machine. This folder is available through the Windows.Storage API.
 
-If you disable this policy, applications cannot share user application data among multiple users. However, pre-written shared data will persist. The clean pre-written shared data, use DISM ((/Get-ProvisionedAppxPackage to detect if there is any shared data, and /Remove-SharedAppxData to remove it).
+If you disable this policy, applications can't share user application data among multiple users. However, pre-written shared data will persist. The clean pre-written shared data, use DISM ((/Get-ProvisionedAppxPackage to detect if there's any shared data, and /Remove-SharedAppxData to remove it).
 
 The valid values are 0 (off, default value) and 1 (on).
 
-Here is an example.
+Here's an example.
 
 ```xml
 
@@ -898,11 +923,3 @@ Here is an example.
    
 
 ```
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md
index c271c1dbe6..8893e068c9 100644
--- a/windows/client-management/mdm/enterpriseapn-csp.md
+++ b/windows/client-management/mdm/enterpriseapn-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/22/2017
 ---
 
@@ -19,7 +19,7 @@ The EnterpriseAPN configuration service provider (CSP) is used by the enterprise
 > [!Note]
 > Starting in Windows 10, version 1703 the EnterpriseAPN CSP is supported in Windows 10 Home, Pro, Enterprise, and Education editions.
 
-The following shows the EnterpriseAPN configuration service provider in tree format.
+The following example shows the EnterpriseAPN configuration service provider in tree format.
 ```
 ./Vendor/MSFT
 EnterpriseAPN
@@ -39,40 +39,40 @@ EnterpriseAPN
 --------HideView
 ```
 **EnterpriseAPN**  
-
                    The root node for the EnterpriseAPN configuration service provider.
                    
+
                    The root node for the EnterpriseAPN configuration service provider.
                    
 
 **EnterpriseAPN/***ConnectionName*  
-
                    Name of the connection as seen by Windows Connection Manager.
                    
+
                    Name of the connection as seen by Windows Connection Manager.
                    
 
-
                    Supported operations are Add, Get, Delete, and Replace.
                    
+
                    Supported operations are Add, Get, Delete, and Replace.
                    
 
 **EnterpriseAPN/*ConnectionName*/APNName**  
-
                    Enterprise APN name.
                    
+
                    Enterprise APN name.
                    
 
-
                    Supported operations are Add, Get, Delete, and Replace.
                    
+
                    Supported operations are Add, Get, Delete, and Replace.
                    
 
 **EnterpriseAPN/*ConnectionName*/IPType**  
-
                    This value can be one of the following:
                    
+
                    This value can be one of the following values:
                    
 
 -   IPv4 - only IPV4 connection type
 -   IPv6 - only IPv6 connection type
 -   IPv4v6 (default)- IPv4 and IPv6 concurrently.
 -   IPv4v6xlat - IPv6 with IPv4 provided by 46xlat
 
-
                    Supported operations are Add, Get, Delete, and Replace.
                    
+
                    Supported operations are Add, Get, Delete, and Replace.
                    
 
 **EnterpriseAPN/*ConnectionName*/IsAttachAPN**  
-
                    Boolean value that indicates whether this APN should be requested as part of an LTE Attach. Default value is false.
                    
+
                    Boolean value that indicates whether this APN should be requested as part of an LTE Attach. Default value is false.
                    
 
-
                    Supported operations are Add, Get, Delete, and Replace.
                    
+
                    Supported operations are Add, Get, Delete, and Replace.
                    
 
 **EnterpriseAPN/*ConnectionName*/ClassId**  
-
                    GUID that defines the APN class to the modem. This is the same as the OEMConnectionId in CM_CellularEntries CSP. Normally this setting is not present. It is only required when IsAttachAPN is true and the attach APN is not only used as the Internet APN.
                    
+
                    GUID that defines the APN class to the modem. This GUID is the same as the OEMConnectionId in CM_CellularEntries CSP. Normally this setting isn't present. It's only required when IsAttachAPN is true and the attach APN isn't only used as the Internet APN.
                    
 
-
                    Supported operations are Add, Get, Delete, and Replace.
                    
+
                    Supported operations are Add, Get, Delete, and Replace.
                    
 
 **EnterpriseAPN/*ConnectionName*/AuthType**  
-
                    Authentication type. This value can be one of the following:
                    
+
                    Authentication type. This value can be one of the following values:
                    
 
 -   None (default)
 -   Auto
@@ -80,39 +80,39 @@ EnterpriseAPN
 -   CHAP
 -   MSCHAPv2
 
-
                    Supported operations are Add, Get, Delete, and Replace.
                    
+
                    Supported operations are Add, Get, Delete, and Replace.
                    
 
 **EnterpriseAPN/*ConnectionName*/UserName**  
-
                    User name for use with PAP, CHAP, or MSCHAPv2 authentication.
                    
+
                    User name for use with PAP, CHAP, or MSCHAPv2 authentication.
                    
 
-
                    Supported operations are Add, Get, Delete, and Replace.
                    
+
                    Supported operations are Add, Get, Delete, and Replace.
                    
 
 **EnterpriseAPN/*ConnectionName*/Password**  
-
                    Password corresponding to the username.
                    
+
                    Password corresponding to the username.
                    
 
-
                    Supported operations are Add, Get, Delete, and Replace.
                    
+
                    Supported operations are Add, Get, Delete, and Replace.
                    
 
 **EnterpriseAPN/*ConnectionName*/IccId**  
-
                    Integrated Circuit Card ID (ICCID) associated with the cellular connection profile. If this node is not present, the connection is created on a single-slot device using the ICCID of the UICC and on a dual-slot device using the ICCID of the UICC that is active for data.
                    
+
                    Integrated Circuit Card ID (ICCID) associated with the cellular connection profile. If this node isn't present, the connection is created on a single-slot device using the ICCID of the UICC and on a dual-slot device using the ICCID of the UICC that is active for data.
                    
 
-
                    Supported operations are Add, Get, Delete, and Replace.
                    
+
                    Supported operations are Add, Get, Delete, and Replace.
                    
 
 **EnterpriseAPN/*ConnectionName*/AlwaysOn**  
-
                    Added in Windows 10, version 1607. Boolean value that specifies whether the CM will automatically attempt to connect to the APN when a connection is available.
                    
+
                    Added in Windows 10, version 1607. Boolean value that specifies whether the CM will automatically attempt to connect to the APN when a connection is available.
                    
 
-
                    The default value is true.
                    
+
                    The default value is true.
                    
 
-
                    Supported operations are Add, Get, Delete, and Replace.
                    
+
                    Supported operations are Add, Get, Delete, and Replace.
                    
 
 **EnterpriseAPN/*ConnectionName*/Enabled**  
-
                    Added in Windows 10, version 1607. Boolean that specifies whether the connection is enabled.
                    
+
                    Added in Windows 10, version 1607. Boolean that specifies whether the connection is enabled.
                    
 
-
                    The default value is true.
                    
+
                    The default value is true.
                    
 
-
                    Supported operations are Add, Get, Delete, and Replace.
                    
+
                    Supported operations are Add, Get, Delete, and Replace.
                    
 
 **EnterpriseAPN/*ConnectionName*/Roaming**  
-
                    Added in Windows 10, version 1703. Specifies whether the connection should be activated when the device is roaming. Valid values:
                    
+
                    Added in Windows 10, version 1703. Specifies whether the connection should be activated when the device is roaming. Valid values:
                    
 
 
                      
 
                    • 0 - Disallowed
                      • 
@@ -123,27 +123,27 @@ EnterpriseAPN
 
                    • 5 - UseOnlyForRoaming
                      • 
 
                    
 
-
                    Default is 1 (all roaming allowed).
                    
+
                    Default is 1 (all roaming allowed).
                    
 
-
                    Value type is string. Supported operations are Add, Get, Delete, and Replace.
                    
+
                    Value type is string. Supported operations are Add, Get, Delete, and Replace.
                    
 
 
 **EnterpriseAPN/Settings**  
-
                    Added in Windows 10, version 1607. Node that contains global settings.
                    
+
                    Added in Windows 10, version 1607. Node that contains global settings.
                    
 
 **EnterpriseAPN/Settings/AllowUserControl**  
-
                    Added in Windows 10, version 1607. Boolean value that specifies whether the cellular UX will allow users to connect with other APNs other than the Enterprise APN.
                    
+
                    Added in Windows 10, version 1607. Boolean value that specifies whether the cellular UX will allow users to connect with other APNs other than the Enterprise APN.
                    
 
-
                    The default value is false.
                    
+
                    The default value is false.
                    
 
-
                    Supported operations are Get and Replace.
                    
+
                    Supported operations are Get and Replace.
                    
 
 **EnterpriseAPN/Settings/HideView**  
-
                    Added in Windows 10, version 1607. Boolean that specifies whether the cellular UX will allow the user to view enterprise APNs. Only applicable if AllowUserControl is true.
                    
+
                    Added in Windows 10, version 1607. Boolean that specifies whether the cellular UX will allow the user to view enterprise APNs. Only applicable if AllowUserControl is true.
                    
 
-
                    The default value is false.
                    
+
                    The default value is false.
                    
 
-
                    Supported operations are Get and Replace.
                    
+
                    Supported operations are Get and Replace.
                    
 
 ## Examples
 
diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md
index 5e7af9b60d..60e6f5ba4a 100644
--- a/windows/client-management/mdm/enterpriseapn-ddf.md
+++ b/windows/client-management/mdm/enterpriseapn-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md
index 51c1a6581f..b59fc137e1 100644
--- a/windows/client-management/mdm/enterpriseappmanagement-csp.md
+++ b/windows/client-management/mdm/enterpriseappmanagement-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -17,16 +17,42 @@ ms.date: 06/26/2017
 
 The EnterpriseAppManagement enterprise configuration service provider is used to handle enterprise application management tasks such as installing an enterprise application token, the first auto-downloadable app link, querying installed enterprise applications (name and version), auto updating already installed enterprise applications, and removing all installed enterprise apps (including the enterprise app token) during unenrollment.
 
-> **Note**   The EnterpriseAppManagement CSP is only supported in Windows 10 Mobile.
-
+> [!NOTE]
+> The EnterpriseAppManagement CSP is only supported in Windows 10 IoT Core.
  
 
-The following diagram shows the EnterpriseAppManagement configuration service provider in tree format.
+The following example shows the EnterpriseAppManagement configuration service provider in tree format.
 
-![enterpriseappmanagement csp](images/provisioning-csp-enterpriseappmanagement.png)
+```console
+./Vendor/MSFT
+EnterpriseAppManagement
+----EnterpriseID
+--------EnrollmentToken
+--------StoreProductID
+--------StoreUri
+--------CertificateSearchCriteria
+--------Status
+--------CRLCheck
+--------EnterpriseApps
+------------Inventory
+----------------ProductID
+--------------------Version
+--------------------Title
+--------------------Publisher
+--------------------InstallDate
+------------Download
+----------------ProductID
+--------------------Version
+--------------------Name
+--------------------URL
+--------------------Status
+--------------------LastError
+--------------------LastErrorDesc
+--------------------DownloadInstall
+```
 
 ***EnterpriseID***
-Optional. A dynamic node that represents the EnterpriseID as a GUID. It is used to enroll or unenroll enterprise applications.
+Optional. A dynamic node that represents the EnterpriseID as a GUID. It's used to enroll or unenroll enterprise applications.
 
 Supported operations are Add, Delete, and Get.
 
@@ -55,7 +81,8 @@ Optional. The character string that contains the search criteria to search for t
 
 Supported operations are Get and Add.
 
-> **Note**   Do NOT use Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00. The server must replace this value in the supplied client certificate. If your server returns a client certificate containing the same Subject value, this can cause unexpected behavior. The server should always override the subject value and not use the default device-provided Device ID Subject= Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00
+> [!NOTE]
+> Do NOT use Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00. The server must replace this value in the supplied client certificate. If your server returns a client certificate containing the same Subject value, this can cause unexpected behavior. The server should always override the subject value and not use the default device-provided Device ID Subject= Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00
 
  
 
@@ -132,48 +159,16 @@ Supported operations are Get, Add, and Replace.
 **/Download/*ProductID*/Status**
 Required. The integer value that indicates the status of the current download process. The following table shows the possible values.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    0: CONFIRM
                    Waiting for confirmation from user.
                    1: QUEUED
                    Waiting for download to start.
                    2: DOWNLOADING
                    In the process of downloading.
                    3: DOWNLOADED
                    Waiting for installation to start.
                    4: INSTALLING
                    Handed off for installation.
                    5: INSTALLED
                    Successfully installed
                    6: FAILED
                    Application was rejected (not signed properly, bad XAP format, not enrolled properly, etc.)
                    7:DOWNLOAD_FAILED
                    Unable to connect to server, file doesn't exist, etc.
                    
-
- 
+|Value|Description|
+|--- |--- |
+|0: CONFIRM|Waiting for confirmation from user.|
+|1: QUEUED|Waiting for download to start.|
+|2: DOWNLOADING|In the process of downloading.|
+|3: DOWNLOADED|Waiting for installation to start.|
+|4: INSTALLING|Handed off for installation.|
+|5: INSTALLED|Successfully installed|
+|6: FAILED|Application was rejected (not signed properly, bad XAP format, not enrolled properly, etc.)|
+|7:DOWNLOAD_FAILED|Unable to connect to server, file doesn't exist, etc.|
 
 Scope is dynamic. Supported operations are Get, Add, and Replace.
 
@@ -195,11 +190,11 @@ Supported operation is Exec.
 
 ### Install and Update Line of Business (LOB) applications
 
-A workplace can automatically install and update Line of Business applications during a management session. Line of Business applications support a variety of file types including XAP (8.0 and 8.1), AppX, and AppXBundles. A workplace can also update applications from XAP file formats to Appx and AppxBundle formats through the same channel. For more information, see the Examples section.
+A workplace can automatically install and update Line of Business applications during a management session. Line of Business applications support various file types including XAP (8.0 and 8.1), AppX, and AppXBundles. A workplace can also update applications from XAP file formats to Appx and AppxBundle formats through the same channel. For more information, see the Examples section.
 
 ### Uninstall Line of Business (LOB) applications
 
-A workplace can also remotely uninstall Line of Business applications on the device. It is not possible to use this mechanism to uninstall Store applications on the device or Line of Business applications that are not installed by the enrolled workplace (for side-loaded application scenarios). For more information, see the Examples section
+A workplace can also remotely uninstall Line of Business applications on the device. It's not possible to use this mechanism to uninstall Store applications on the device or Line of Business applications that aren't installed by the enrolled workplace (for side-loaded application scenarios). For more information, see the Examples section.
 
 ### Query installed Store application
 
@@ -247,7 +242,7 @@ All node values under the ProviderID interior node represent the policy values t
 
 -   An Add or Replace command on those nodes returns success in both of the following cases:
 
-    -   The value is actually applied to the device.
+    -   The value is applied to the device.
 
     -   The value isn’t applied to the device because the device has a more secure value set already.
 
@@ -257,9 +252,9 @@ From a security perspective, the device complies with the policy request that is
 
 -   If a Replace command fails, the node value is set to be the previous value before Replace command was applied.
 
--   If an Add command fails, the node is not created.
+-   If an Add command fails, the node isn't created.
 
-The value actually applied to the device can be queried via the nodes under the DeviceValue interior node.
+The value applied to the device can be queried via the nodes under the DeviceValue interior node.
 
 ## OMA DM examples
 
@@ -308,7 +303,7 @@ Update the enrollment token (for example, to update an expired application enrol
 
 ```
 
-Query all installed applications that belong to enterprise id “4000000001”:
+Query all installed applications that belong to enterprise ID “4000000001”:
 
 ```xml
 
@@ -435,12 +430,12 @@ Response from the device (that contains two installed applications):
 
 Install or update the installed app with the product ID “{B316008A-141D-4A79-810F-8B764C4CFDFB}”.
 
-To perform an XAP update, create the Name, URL, Version, and DownloadInstall nodes first, then perform an “execute” on the “DownloadInstall” node (all within an “Atomic” operation). If the application does not exist, the application will be silently installed without any user interaction. If the application cannot be installed, the user will be notified with an Alert dialog.
+To perform an XAP update, create the Name, URL, Version, and DownloadInstall nodes first, then perform an “execute” on the “DownloadInstall” node (all within an “Atomic” operation). If the application doesn't exist, the application will be silently installed without any user interaction. If the application can't be installed, the user will be notified with an Alert dialog.
 
-> **Note**  
-> 1.  If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation).
-
-2. The application product ID curly braces need to be escaped where { is %7B and } is %7D.
+> [!NOTE]
+> - If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation).
+> 
+> - The application product ID curly braces need to be escaped where { is %7B and } is %7D.
 
  
 
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
index 9a0893f98e..5833aa9062 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ms.reviewer: 
 manager: dansimp
@@ -45,68 +45,68 @@ EnterpriseAppVManagement
 ------------Policy
 ```
 **./Vendor/MSFT/EnterpriseAppVManagement**  
-
                    Root node for the EnterpriseAppVManagement configuration service provider.
                    
+
                    Root node for the EnterpriseAppVManagement configuration service provider.
                    
 
 **AppVPackageManagement**  
-
                    Used to query App-V package information (post-publish).
                     
+
                    Used to query App-V package information (post-publish).
                     
 
 **AppVPackageManagement/EnterpriseID**  
-
                    Used to query package information. Value is always "HostedInstall".
                    
+
                    Used to query package information. Value is always "HostedInstall".
                    
 
 **AppVPackageManagement/EnterpriseID/PackageFamilyName**  
-
                    Package ID of the published App-V package.
                    
+
                    Package ID of the published App-V package.
                    
 
 **AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName***  
-
                    Version ID of the published App-V package.
                    
+
                    Version ID of the published App-V package.
                    
 
 **AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Name**  
-
                    Name specified in the published AppV package.
                    
-
                    Value type is string. Supported operation is Get.
                    
+
                    Name specified in the published AppV package.
                    
+
                    Value type is string. Supported operation is Get.
                    
 
 **AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Version**  
-
                    Version specified in the published AppV package.
                    
-
                    Value type is string. Supported operation is Get.
                    
+
                    Version specified in the published AppV package.
                    
+
                    Value type is string. Supported operation is Get.
                    
 
 **AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Publisher**  
-
                    Publisher as specified in the published asset information of the AppV package.
                    
-
                    Value type is string. Supported operation is Get.
                    
+
                    Publisher as specified in the published asset information of the AppV package.
                    
+
                    Value type is string. Supported operation is Get.
                    
 
 **AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallLocation**  
-
                    Local package path specified in the published asset information of the AppV package.
                    
-
                    Value type is string. Supported operation is Get.
                    
+
                    Local package path specified in the published asset information of the AppV package.
                    
+
                    Value type is string. Supported operation is Get.
                    
 
 **AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallDate**  
-
                    Date the app was installed, as specified in the published asset information of the AppV package.
                    
-
                    Value type is string. Supported operation is Get.
                    
+
                    Date the app was installed, as specified in the published asset information of the AppV package.
                    
+
                    Value type is string. Supported operation is Get.
                    
 
 **AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Users**  
-
                    Registered users for app, as specified in the published asset information of the AppV package.
                    
-
                    Value type is string. Supported operation is Get.
                    
+
                    Registered users for app, as specified in the published asset information of the AppV package.
                    
+
                    Value type is string. Supported operation is Get.
                    
 
 **AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageId**  
-
                       Package ID of the published App-V package.
                    
-
                    Value type is string. Supported operation is Get.
                    
+
                       Package ID of the published App-V package.
                    
+
                    Value type is string. Supported operation is Get.
                    
 
 **AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVVersionId**  
-
                    Version ID of the published App-V package.
                    
-
                    Value type is string. Supported operation is Get.
                    
+
                    Version ID of the published App-V package.
                    
+
                    Value type is string. Supported operation is Get.
                    
 
 **AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageUri**  
-
                    Package URI of the published App-V package.
                    
-
                    Value type is string. Supported operation is Get.
                    
+
                    Package URI of the published App-V package.
                    
+
                    Value type is string. Supported operation is Get.
                    
 
 **AppVPublishing**  
-
                    Used to monitor publishing operations on App-V.
                    
+
                    Used to monitor publishing operations on App-V.
                    
 
 **AppVPublishing/LastSync**  
-
                    Used to monitor publishing status of last sync operation.
                    
+
                    Used to monitor publishing status of last sync operation.
                    
 
 **AppVPublishing/LastSync/LastError**  
-
                    Error code and error description of last sync operation.
                    
-
                    Value type is string. Supported operation is Get.
                    
+
                    Error code and error description of last sync operation.
                    
+
                    Value type is string. Supported operation is Get.
                    
 
 **AppVPublishing/LastSync/LastErrorDescription**  
-
                    Last sync error status. One of the following values may be returned:
                    
+
                    Last sync error status. One of the following values may be returned:
                    
 
 - SYNC\_ERR_NONE (0) - No errors during publish.
 - SYNC\_ERR\_UNPUBLISH_GROUPS (1) - Unpublish groups failed during publish.
@@ -116,10 +116,10 @@ EnterpriseAppVManagement
 - SYNC\_ERR\_NEW_POLICY_WRITE (5) - New policy write failed during publish.
 - SYNC\_ERR\_MULTIPLE\_DURING_PUBLISH (6) - Multiple non-fatal errors occurred during publish.
 
-
                    Value type is string. Supported operation is Get.
                    
+
                    Value type is string. Supported operation is Get.
                    
 
 **AppVPublishing/LastSync/SyncStatusDescription**  
-
                    Latest sync in-progress stage. One of the following values may be returned:
                    
+
                    Latest sync in-progress stage. One of the following values may be returned:
                    
 
 - SYNC\_PROGRESS_IDLE (0) - App-V publishing is idle.
 - SYNC\_PROGRESS\_UNPUBLISH_GROUPS (1) - App-V connection groups publish in progress.
@@ -127,9 +127,9 @@ EnterpriseAppVManagement
 - SYNC\_PROGRESS\_PUBLISH\_GROUP_PACKAGES (3) - App-V packages (connection group) publish in progress.
 - SYN\C_PROGRESS_UNPUBLISH_PACKAGES (4) - App-V packages unpublish in progress.
 
-
                    Value type is string. Supported operation is Get.
                    
+
                    Value type is string. Supported operation is Get.
                    
 
-AppVPublishing/LastSync/SyncProgress
                    Latest sync state. One of the following values may be returned:
                    
+AppVPublishing/LastSync/SyncProgress
                    Latest sync state. One of the following values may be returned:
                    
 
 - SYNC\_STATUS_IDLE (0) - App-V Sync is idle.
 - SYNC\_STATUS\_PUBLISH_STARTED (1) - App-V Sync is initializing.
@@ -137,22 +137,22 @@ EnterpriseAppVManagement
 - SYNC\_STATUS\_PUBLISH\_COMPLETED (3) - App-V Sync is complete.
 - SYNC\_STATUS\_PUBLISH\_REBOOT_REQUIRED (4) - App-V Sync requires device reboot.
 
-
                    Value type is string. Supported operation is Get.
                    
+
                    Value type is string. Supported operation is Get.
                    
 
 **AppVPublishing/Sync**  
-
                    Used to perform App-V synchronization.
                    
+
                    Used to perform App-V synchronization.
                    
 
 **AppVPublishing/Sync/PublishXML**  
-
                    Used to execute the App-V synchronization using the Publishing protocol. For more information about the protocol see [MS-VAPR]: Virtual Application Publishing and Reporting (App-V) Protocol.
                    
-
                    Supported operations are Get, Delete, and Execute.
                    
+
                    Used to execute the App-V synchronization using the Publishing protocol. For more information about the protocol see [MS-VAPR]: Virtual Application Publishing and Reporting (App-V) Protocol.
                    
+
                    Supported operations are Get, Delete, and Execute.
                    
 
 
 **AppVDynamicPolicy**  
-
                    Used to set App-V Policy Configuration documents for publishing packages.
                    
+
                    Used to set App-V Policy Configuration documents for publishing packages.
                    
 
 **AppVDynamicPolicy/*ConfigurationId***  
-
                    ID for App-V Policy Configuration document for publishing packages (referenced in the Publishing protocol document).
                    
+
                    ID for App-V Policy Configuration document for publishing packages (referenced in the Publishing protocol document).
                    
 
 **AppVDynamicPolicy/*ConfigurationId*/Policy**  
-
                    XML for App-V Policy Configuration documents for publishing packages.
                    
-
                    Value type is xml. Supported operations are Add, Get, Delete, and Replace.
                    
\ No newline at end of file
+
                    XML for App-V Policy Configuration documents for publishing packages.
                    
+
                    Value type is xml. Supported operations are Add, Get, Delete, and Replace.
                    
\ No newline at end of file
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
index 8cf951cf55..1c18aff981 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md
deleted file mode 100644
index 271c1d69cb..0000000000
--- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md
+++ /dev/null
@@ -1,1681 +0,0 @@
----
-title: EnterpriseAssignedAccess CSP
-description: Use the EnterpriseAssignedAccess configuration service provider (CSP) to configure custom layouts on a device. 
-ms.assetid: 5F88E567-77AA-4822-A0BC-3B31100639AA
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 07/12/2017
----
-
-# EnterpriseAssignedAccess CSP
-
-
-The EnterpriseAssignedAccess configuration service provider allows IT administrators to configure settings, such as language and themes, lock down a device, and configure custom layouts on a device. For example, the administrator can lock down a device so that only applications specified in an Allow list are available. Apps not on the Allow list remain installed on the device, but are hidden from view and blocked from launching.
-
-> **Note**   The EnterpriseAssignedAccess CSP is only supported in Windows 10 Mobile.
-
-
-To use an app to create a lockdown XML see [Use the Lockdown Designer app to create a Lockdown XML file](/windows/configuration/mobile-devices/mobile-lockdown-designer). For more information about how to interact with the lockdown XML at runtime, see [**DeviceLockdownProfile class**](/uwp/api/Windows.Embedded.DeviceLockdown.DeviceLockdownProfile).
-
-The following shows the EnterpriseAssignedAccess configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
-```
-./Vendor/MSFT
-EnterpriseAssignedAccess
-----AssignedAccess
---------AssignedAccessXml
-----LockScreenWallpaper
---------BGFileName
-----Theme
---------ThemeBackground
---------ThemeAccentColorID
---------ThemeAccentColorValue
-----Clock
---------TimeZone
-----Locale
---------Language
-```
-The following list shows the characteristics and parameters.
-
-**./Vendor/MSFT/EnterpriseAssignedAccess/**
-The root node for the EnterpriseAssignedAccess configuration service provider. Supported operations are Add, Delete, Get and Replace.
-
-**AssignedAccess/**
-The parent node of assigned access XML.
-
-**AssignedAccess/AssignedAccessXml**
-The XML code that controls the assigned access settings that will be applied to the device.
-
-Supported operations are Add, Delete, Get and Replace.
-
-The Apps and Settings sections of lockdown XML constitute an Allow list. Any app or setting that is not specified in AssignedAccessXML will not be available on the device to users. The following table describes the entries in lockdown XML.
-
-> [!IMPORTANT]
-> When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as \< instead of < because it is embedded in an XML. The examples provided in the topic are formatted for readability.
-
-When using the AssignedAccessXml in a provisioning package using the Windows Configuration Designer tool, do not use escaped characters.
-
-Entry | Description
------------ | ------------
-ActionCenter | You can enable or disable the Action Center (formerly known as Notification Center) on the device. Set to true to enable the Action Center, or set to false to disable the Action Center.
-ActionCenter | Example: ``
-ActionCenter | In Windows 10, when the Action Center is disabled, Above Lock notifications and toasts are also disabled. When the Action Center is enabled, the following policies are also enabled;  **AboveLock/AllowActionCenterNotifications** and **AboveLock/AllowToasts**. For more information about these policies, see [Policy CSP](policy-configuration-service-provider.md)
-ActionCenter | You can also add the following optional attributes to the ActionCenter element to override the default behavior: **aboveLockToastEnabled** and **actionCenterNotificationEnabled**. Valid values are 0 (policy disabled), 1 (policy enabled), and -1 (not set, policy enabled). In this example, the Action Center is enabled and both policies are disabled.: ``
-ActionCenter | These optional attributes are independent of each other. In this example, Action Center is enabled, the notifications policy is disabled, and the toast policy is enabled by default because it is not set. ``
-StartScreenSize | Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: **Small** - sets the width to 4 columns on device with short axis <400epx or 6 columns on devices with short axis >=400epx. **Large** - sets the width to 6 columns on devices with short axis <400epx or 8 columns on devices with short axis >=400epx.
-StartScreenSize | If you have existing lockdown XML, you must update it if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. Example: `Large`
-Application | Provide the product ID for each app that will be available on the device. You can find the product ID for a locally developed app in the AppManifest.xml file of the app. 
-Application | To turn on the notification for a Windows app, you must include the application's AUMID in the lockdown XML. However, the user can change the setting at any time from user interface. Example: ``
-Application | modern app notification
-Application | Include PinToStart to display an app on the Start screen. For apps pinned to the Start screen, identify a tile size (small, medium, or large), and a location. The size of a small tile is 1 column x 1 row, a medium tile is 2 x 2, and a large tile is 4 x 2. For the tile location, the first value indicates the column and the second value indicates the row. A value of 0 (zero) indicates the first column, a value of 1 indicates the second column, and so on. Include autoRun as an attribute to configure the application to run automatically.
-
-Application example:
-```xml
-
-   
-      Large
-      
-         0
-         2
-      
-   
-
-```
-
-Entry | Description
------------ | ------------
-Application | Multiple App Packages enable multiple apps to exist inside the same package. Since ProductIds identify packages and not applications, specifying a ProductId is not enough to distinguish between individual apps inside a multiple app package. Trying to include application from a multiple app package with just a ProductId can result in unexpected behavior. To support pinning applications in multiple app packages, use an AUMID parameter in lockdown XML. The following example shows how to pin both Outlook mail and Outlook calendar.
-
-Application example:
-```xml
-
-    
-    
-        
-            Large
-            
-                1
-                4
-            
-        
-    
-    
-    
-        
-            Large
-            
-                1
-                6
-            
-        
-    
-
-```
-
-Entry | Description
------------ | ------------
-Folder | A folder should be contained in `` node among with other `` nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder.
-
-Folder example:
-```xml
-
-    
-        Large
-        
-            0
-            2
-        
-    
-
-```
-An application that belongs in the folder would add an optional attribute **ParentFolderId**, which maps to **folderId** of the folder. In this case, the location of this application will be located inside the folder.
-
-```xml
-
-    
-        Medium
-        
-            0
-            0
-        
-        2
-    
-
-```
-
-Entry | Description
------------ | ------------
-Settings | Starting in Windows 10, version 1511, you can specify the following settings pages in the lockdown XML file. For Windows 10, version 1703, see the instructions below for the new way to specify the settings pages.
-
-
                      
-
                    • System (main menu) - SettingsPageGroupPCSystem
-
                        
-
                      • Display - SettingsPageDisplay
                        • 
-
                      • Notifications & actions - SettingsPageAppsNotifications
                        • 
-
                      • Phone - SettingsPageCalls
                        • 
-
                      • Messaging - SettingsPageMessaging
                        • 
-
                      • Battery saver - SettingsPageBatterySaver
                        • 
-
                      • Storage - SettingsPageStorageSenseStorageOverview
                        • 
-
                      • Driving mode - SettingsPageDrivingMode
                        • 
-
                      • Offline maps - SettingsPageMaps
                        • 
-
                      • About - SettingsPagePCSystemInfo
                        • 
-
                      • Apps for websites - SettingsPageAppsForWebsites
                        • 
-
                      • 
-
                    • Devices (main menu) - SettingsPageGroupDevices
-
                        
-
                      • Default camera - SettingsPagePhotos
                        • 
-
                      • Bluetooth - SettingsPagePCSystemBluetooth
                        • 
-
                      • NFC - SettingsPagePhoneNFC
                        • 
-
                      • Mouse - SettingsPageMouseTouchpad
                        • 
-
                      • USB - SettingsPageUsb
                        • 
-
                      • 
-
                    • Network and wireless (main menu) - SettingsPageGroupNetwork
-
                        
-
                      • Cellular and SIM - SettingsPageNetworkCellular
                        • 
-
                      • Wi-Fi - SettingsPageNetworkWiFi
                        • 
-
                      • Airplane mode - SettingsPageNetworkAirplaneMode
                        • 
-
                      • Data usage - SettingsPageDataSenseOverview
                        • 
-
                      • Mobile hotspot - SettingsPageNetworkMobileHotspot
                        • 
-
                      • VPN - SettingsPageNetworkVPN
                        • 
-
                      • 
-
                      • 
-
                    • Personalization (main menu) - SettingsPageGroupPersonalization
-
                        
-
                      • Start - SettingsPageBackGround
                        • 
-
                      • Colors - SettingsPageColors
                        • 
-
                      • Sounds - SettingsPageSounds
                        • 
-
                      • Lock screen - SettingsPageLockscreen
                        • 
-
                      • Glance - SettingsPageGlance
                        • 
-
                      • Navigation bar - SettingsNavigationBar
                        • 
-
                      • 
-
                    • Accounts (main menu) - SettingsPageGroupAccounts
-
                        
-
                      • Your account - SettingsPageAccountsPicture
                        • 
-
                      • Sign-in options - SettingsPageAccountsSignInOptions
                        • 
-
                      • Work access - SettingsPageWorkAccess
                        • 
-
                      • Sync your settings - SettingsPageAccountsSync
                        • 
-
                      • Apps corner* - SettingsPageAppsCorner
                        • 
-
                      • Email - SettingsPageAccountsEmailApp
                        • 
-
                      • 
-
                    • Time and language (main menu) - SettingsPageGroupTimeRegion
-
                        
-
                      • Date and time - SettingsPageTimeRegionDateTime
                        • 
-
                      • Language - SettingsPageTimeLanguage
                        • 
-
                      • Region - SettingsPageRegion
                        • 
-
                      • Keyboard - SettingsPageKeyboard
                        • 
-
                      • Speech - SettingsPageSpeech
                        • 
-
                      • 
-
                    • Ease of access (main menu) - SettingsPageGroupEaseOfAccess
-
                        
-
                      • Narrator - SettingsPageEaseOfAccessNarrator
                        • 
-
                      • Magnifier - SettingsPageEaseOfAccessMagnifier
                        • 
-
                      • High contrast - SettingsPageEaseOfAccessHighContrast
                        • 
-
                      • Closed captions - SettingsPageEaseOfAccessClosedCaptioning
                        • 
-
                      • More options - SettingsPageEaseOfAccessMoreOptions
                        • 
-
                      • 
-
                    • Privacy (main menu) - SettingsPageGroupPrivacy
-
                        
-
                      • Location - SettingsPagePrivacyLocation
                        • 
-
                      • Camera - SettingsPagePrivacyWebcam
                        • 
-
                      • Microphone - SettingsPagePrivacyMicrophone
                        • 
-
                      • Motion - SettingsPagePrivacyMotionData
                        • 
-
                      • Speech inking and typing - SettingsPagePrivacyPersonalization
                        • 
-
                      • Account info - SettingsPagePrivacyAccountInfo
                        • 
-
                      • Contacts - SettingsPagePrivacyContacts
                        • 
-
                      • Calendar - SettingsPagePrivacyCalendar
                        • 
-
                      • Messaging - SettingsPagePrivacyMessaging
                        • 
-
                      • Radios - SettingsPagePrivacyRadios
                        • 
-
                      • Background apps - SettingsPagePrivacyBackgroundApps
                        • 
-
                      • Accessory apps - SettingsPageAccessories
                        • 
-
                      • Advertising ID - SettingsPagePrivacyAdvertisingId
                        • 
-
                      • Other devices - SettingsPagePrivacyCustomPeripherals
                        • 
-
                      • Feedback & diagnostics - SettingsPagePrivacySIUFSettings
                        • 
-
                      • Call history - SettingsPagePrivacyCallHistory
                        • 
-
                      • Email - SettingsPagePrivacyEmail
                        • 
-
                      • Phone call - SettingsPagePrivacyPhoneCall
                        • 
-
                      • Notifications - SettingsPagePrivacyNotifications
                        • 
-
                      • CDP - SettingsPagePrivacyCDP
                        • 
-
                      • 
-
                    • Update and Security (main menu) - SettingsPageGroupRestore
-
                        
-
                      • Phone update - SettingsPageRestoreMusUpdate
                        • 
-
                      • Backup - SettingsPageRestoreOneBackup
                        • 
-
                      • Find my phone - SettingsPageFindMyDevice
                        • 
-
                      • For developers - SettingsPageSystemDeveloperOptions
                        • 
-
                      • Windows Insider Program - SettingsPageFlights
                        • 
-
                      • Device encryption - SettingsPageGroupPCSystemDeviceEncryption
                        • 
-
                      • 
-
                    • OEM (main menu) - SettingsPageGroupExtensibility
-
                        
-
                      • Extensibility - SettingsPageExtensibility
                        • 
-
                      • 
-
                    
-
-Entry | Description
------------ | ------------
-Settings | Starting in Windows 10, version 1703, you can specify the settings pages using the settings URI.
-
-For example, in place of SettingPageDisplay, you would use ms-settings:display. See [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference) to find the URI for each settings page.
-
-Here is an example for Windows 10, version 1703.
-
-```xml
-
-  
-  
-  
-  
-  
-  
-  
-
-```
-
-**Quick action settings**
-
-Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page).
-
-> [!NOTE]
-> Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. In Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page.
-
-
                      
-
                    • SystemSettings_System_Display_QuickAction_Brightness
                      
-
                      Dependencies - SettingsPageSystemDisplay, SettingsPageDisplay
                      • 
-
                    • SystemSettings_System_Display_Internal_Rotation
                      
-
                      Dependencies - SettingsPageSystemDisplay, SettingsPageDisplay
                      • 
-
                    • SystemSettings_QuickAction_WiFi
                      
-
                      Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkWiFi
                      • 
-
                    • SystemSettings_QuickAction_InternetSharing
                      
-
                      Dependencies - SettingsPageGroupNetwork, SettingsPageInternetSharing
                      • 
-
                    • SystemSettings_QuickAction_CellularData
                      
-
                      Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkCellular
                      • 
-
                    • SystemSettings_QuickAction_AirplaneMode
                      
-
                      Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkAirplaneMode
                      • 
-
                    • SystemSettings_Privacy_LocationEnabledUserPhone
                      
-
                      Dependencies - SettingsGroupPrivacyLocationGlobals, SettingsPagePrivacyLocation
                      • 
-
                    • SystemSettings_Network_VPN_QuickAction
                      
-
                      Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkVPN
                      • 
-
                    • SystemSettings_Launcher_QuickNote
                      
-
                      Dependencies - none
                      • 
-
                    • SystemSettings_Flashlight_Toggle
                      
-
                      Dependencies - none
                      • 
-
                    • SystemSettings_Device_BluetoothQuickAction
                      
-
                      Dependencies - SettingsPageGroupDevices, SettingsPagePCSystemBluetooth
                      • 
-
                    • SystemSettings_BatterySaver_LandingPage_OverrideControl
                      
-
                      Dependencies - BatterySaver_LandingPage_SettingsConfiguration, SettingsPageBatterySaver
                      • 
-
                    • QuickActions_Launcher_DeviceDiscovery
                      
-
                      Dependencies - none
                      • 
-
                    • QuickActions_Launcher_AllSettings
                      
-
                      Dependencies - none
                      • 
-
                    • SystemSettings_QuickAction_QuietHours
                      
-
                      Dependencies - none
                      • 
-
                    • SystemSettings_QuickAction_Camera
                      
-
                      Dependencies - none
                      • 
-
                    
-
-Starting in Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page. Here is the list:
-- QuickActions_Launcher_AllSettings
-- QuickActions_Launcher_DeviceDiscovery
-- SystemSettings_BatterySaver_LandingPage_OverrideControl
-- SystemSettings_Device_BluetoothQuickAction
-- SystemSettings_Flashlight_Toggle
-- SystemSettings_Launcher_QuickNote
-- SystemSettings_Network_VPN_QuickAction
-- SystemSettings_Privacy_LocationEnabledUserPhone
-- SystemSettings_QuickAction_AirplaneMode
-- SystemSettings_QuickAction_Camera
-- SystemSettings_QuickAction_CellularData
-- SystemSettings_QuickAction_InternetSharing
-- SystemSettings_QuickAction_QuietHours
-- SystemSettings_QuickAction_WiFi
-- SystemSettings_System_Display_Internal_Rotation
-- SystemSettings_System_Display_QuickAction_Brightness
-
-
-In this example, all settings pages and quick action settings are allowed. An empty \ node indicates that none of the settings are blocked.
-
-```xml
-
-
-```
-
-In this example for Windows 10, version 1511, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names.
-
-```xml
-
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
- 
-```
-Here is an example for Windows 10, version 1703.
-
-```xml
-
-  
-  
-  
-  
-  
-  
-  
-
-```
-
-Entry | Description
------------ | ------------
-Buttons | The following list identifies the hardware buttons on the device that you can lock down in ButtonLockdownList. When a user taps a button that is in the lockdown list, nothing will happen.
-
-
                      
-
                    • Start
                      
-
                    • Back
                      • 
-
                    • Search
                      • 
-
                    • Camera
                      • 
-
                    • Custom1
                      • 
-
                    • Custom2
                      • 
-
                    • Custom3
                      • 
-
                    
-
-> [!NOTE]
-> Lock down of the Start button only prevents the press and hold event.
->
-> Custom buttons are hardware buttons that can be added to devices by OEMs.
-
-Buttons example:
-```xml
-
-   
-      
-         
-         
-         
-         
-         
-   
-```
-The Search and custom buttons can be remapped or configured to open a specific application. Button remapping takes effect for the device and applies to all users.
-
-> [!NOTE]
-> The lockdown settings for a button, per user role, will apply regardless of the button mapping.
->
-> Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role.
-
-To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open.
-
-```xml
-
-   
-
-```
-**Disabling navigation buttons**
-To disable navigation buttons (such as Home or Back) in lockdown XML, you supply the name (for example, Start) and button event (typically "press").
-
-The following section contains a sample lockdown XML file that shows how to disable navigation buttons.
-
-```xml
-
-
-    
-        
-        
-            
-            
-                
-                    Large
-                    
-                        0
-                        0
-                    
-                
-            
-
-            
-            
-                
-                    Small
-                    
-                        2
-                        2
-                    
-                
-            
-        
-        
-            
-                
-                
-                
-                
-                
-                
-                
-            
-            
-        
-        
-            
-        
-        
-        
-        
-            
-        
-        Small
-    
-
-```
-
-Entry | Description
------------ | ------------
-MenuItems | Use **DisableMenuItems** to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Programs list. You can include this entry in the default profile and in any additional user role profiles that you create.
-
-> [!IMPORTANT]
-> If **DisableMenuItems** is not included in a profile, users of that profile can uninstall apps.
-
-MenuItems example:
-
-```xml
-
-   
-
-```
-
-Entry | Description
------------ | ------------
-Tiles | **Turning-on tile manipulation** - By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile.
-
-> [!IMPORTANT]
->  If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile.
-
-The following sample file contains configuration for enabling tile manipulation.
-
-> [!NOTE]
-> Tile manipulation is disabled when you don’t have a `` node in lockdown XML, or if you have a `` node but don’t have the `` node.
-
-```xml
-
-
-    
-        
-        
-            
-            
-                
-                    Large
-                    
-                        0
-                        0
-                    
-                
-            
-
-            
-            
-                
-                    Small
-                    
-                        2
-                        2
-                    
-                
-            
-        
-        
-            
-                
-                
-                
-                
-                
-                
-                
-            
-            
-        
-        
-            
-        
-        
-        
-        
-            
-        
-        Small
-    
-
-```
-
-Entry | Description
------------ | ------------
-CSP Runner | Allows CSPs to be executed on the device per user role. You can use this to implement role specific policies, such as changing the color scheme when an admin logs on the device, or to set configurations per role.
- 
-
-**LockscreenWallpaper/**
-The parent node of the lock screen-related parameters that let administrators query and manage the lock screen image on devices. Supported operations are Add, Delete, Get and Replace.
-
-**LockscreenWallpaper/BGFileName**
-The file name of the lock screen. The image file for the lock screen can be in .jpg or .png format and must not exceed 2 MB. The file name can also be in the Universal Naming Convention (UNC) format, in which case the device downloads it from the shared network and then sets it as the lock screen wallpaper.
-
-Supported operations are Add, Get, and Replace.
-
-**Theme/**
-The parent node of theme-related parameters.
-
-Supported operations are Add, Delete, Get and Replace.
-
-**Theme/ThemeBackground**
-Indicates whether the background color is light or dark. Set to **0** for light; set to **1** for dark.
-
-Supported operations are Get and Replace.
-
-**Theme/ThemeAccentColorID**
-The accent color to apply as the foreground color for tiles, controls, and other visual elements on the device. The following table shows the possible values.
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    ValueDescription
                    0
                    Lime
                    1
                    Green
                    2
                    Emerald
                    3
                    Teal (Viridian)
                    4
                    Cyan (Blue)
                    5
                    Cobalt
                    6
                    Indigo
                    7
                    Violet (Purple)
                    8
                    Pink
                    9
                    Magenta
                    10
                    Crimson
                    11
                    Red
                    12
                    Orange (Mango)
                    13
                    Amber
                    14
                    Yellow
                    15
                    Brown
                    16
                    Olive
                    17
                    Steel
                    18
                    Mauve
                    19
                    Sienna
                    101 through 104
                    Optional colors, as defined by the OEM
                    151
                    Custom accent color for Enterprise
                    
-
- 
-
-Supported operations are Get and Replace.
-
-**Theme/ThemeAccentColorValue**
-A 6-character string for the accent color to apply to controls and other visual elements.
-
-To use a custom accent color for Enterprise, enter **151** for *ThemeAccentColorID* before *ThemeAccentColorValue* in lockdown XML. *ThemeAccentColorValue* configures the custom accent color using hex values for red, green, and blue, in RRGGBB format. For example, enter FF0000 for red.
-
-Supported operations are Get and Replace.
-
-**PersistData**
-Not supported in Windows 10.
-
-The parent node of whether to persist data that has been provisioned on the device.
-
-**PersistData/PersistProvisionedData**
-Not supported in Windows 10. Use doWipePersistProvisionedData in [RemoteWipe CSP](remotewipe-csp.md) instead.
-
-**Clock/TimeZone/**
-An integer that specifies the time zone of the device. The following table shows the possible values.
-
-Supported operations are Get and Replace.
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    ValueTime zone
                    0
                    UTC-12 International Date Line West
                    100
                    UTC+13 Samoa
                    110
                    UTC-11 Coordinated Universal Time-11
                    200
                    UTC-10 Hawaii
                    300
                    UTC-09 Alaska
                    400
                    UTC-08 Pacific Time (US & Canada)
                    410
                    UTC-08 Baja California
                    500
                    UTC-07 Mountain Time (US & Canada)
                    510
                    UTC-07 Chihuahua, La Paz, Mazatlan
                    520
                    UTC-07 Arizona
                    600
                    UTC-06 Saskatchewan
                    610
                    UTC-06 Central America
                    620
                    UTC-06 Central Time (US & Canada)
                    630
                    UTC-06 Guadalajara, Mexico City, Monterrey
                    700
                    UTC-05 Eastern Time (US & Canada)
                    710
                    UTC-05 Bogota, Lima, Quito
                    720
                    UTC-05 Indiana (East)
                    800
                    UTC-04 Atlantic Time (Canada)
                    810
                    UTC-04 Cuiaba
                    820
                    UTC-04 Santiago
                    830
                    UTC-04 Georgetown, La Paz, Manaus, San Juan
                    840
                    UTC-04 Caracas
                    850
                    UTC-04 Asuncion
                    900
                    UTC-03:30 Newfoundland
                    910
                    UTC-03 Brasilia
                    920
                    UTC-03 Greenland
                    930
                    UTC-03 Montevideo
                    940
                    UTC-03 Cayenne, Fortaleza
                    950
                    UTC-03 Buenos Aires
                    960
                    UTC-03 Salvador
                    1000
                    UTC-02 Mid-Atlantic
                    1010
                    UTC-02 Coordinated Universal Time-02
                    1100
                    UTC-01 Azores
                    1110
                    UTC-01 Cabo Verde
                    1200
                    UTC Dublin, Edinburgh, Lisbon, London
                    1210
                    UTC Monrovia, Reykjavik
                    1220
                    UTC Casablanca
                    1230
                    UTC Coordinated Universal Time
                    1300
                    UTC+01 Belgrade, Bratislava, Budapest, Ljubljana, Prague
                    1310
                    UTC+01 Sarajevo, Skopje, Warsaw, Zagreb
                    1320
                    UTC+01 Brussels, Copenhagen, Madrid, Paris
                    1330
                    UTC+01 West Central Africa
                    1340
                    UTC+01 Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
                    1350
                    UTC+01 Windhoek
                    1360
                    UTC+01 Tripoli
                    1400
                    UTC+02 E. Europe
                    1410
                    UTC+02 Cairo
                    1420
                    UTC+02 Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius
                    1430
                    UTC+02 Athens, Bucharest
                    1440
                    UTC+02 Jerusalem
                    1450
                    UTC+02 Amman
                    1460
                    UTC+02 Beirut
                    1470
                    UTC+02 Harare, Pretoria
                    1480
                    UTC+02 Damascus
                    1490
                    UTC+02 Istanbul
                    1500
                    UTC+03 Kuwait, Riyadh
                    1510
                    UTC+03 Baghdad
                    1520
                    UTC+03 Nairobi
                    1530
                    UTC+03 Kaliningrad, Minsk
                    1540
                    UTC+04 Moscow, St. Petersburg, Volgograd
                    1550
                    UTC+03 Tehran
                    1600
                    UTC+04 Abu Dhabi, Muscat
                    1610
                    UTC+04 Baku
                    1620
                    UTC+04 Yerevan
                    1630
                    UTC+04 Kabul
                    1640
                    UTC+04 Tbilisi
                    1650
                    UTC+04 Port Louis
                    1700
                    UTC+06 Ekaterinburg
                    1710
                    UTC+05 Tashkent
                    1720
                    UTC+05 Chennai, Kolkata, Mumbai, New Delhi
                    1730
                    UTC+05 Sri Jayawardenepura
                    1740
                    UTC+05 Kathmandu
                    1750
                    UTC+05 Islamabad, Karachi
                    1800
                    UTC+06 Astana
                    1810
                    UTC+07 Novosibirsk
                    1820
                    UTC+06 Yangon (Rangoon)
                    1830
                    UTC+06 Dhaka
                    1900
                    UTC+08 Krasnoyarsk
                    1910
                    UTC+07 Bangkok, Hanoi, Jakarta
                    1900
                    UTC+08 Krasnoyarsk
                    2000
                    UTC+08 Beijing, Chongqing, Hong Kong SAR, Urumqi
                    2010
                    UTC+09 Irkutsk
                    2020
                    UTC+08 Kuala Lumpur, Singapore
                    2030
                    UTC+08 Taipei
                    2040
                    UTC+08 Perth
                    2050
                    UTC+08 Ulaanbaatar
                    2100
                    UTC+09 Seoul
                    2110
                    UTC+09 Osaka, Sapporo, Tokyo
                    2120
                    UTC+10 Yakutsk
                    2130
                    UTC+09 Darwin
                    2140
                    UTC+09 Adelaide
                    2200
                    UTC+10 Canberra, Melbourne, Sydney
                    2210
                    UTC+10 Brisbane
                    2220
                    UTC+10 Hobart
                    2230
                    UTC+11 Vladivostok
                    2240
                    UTC+10 Guam, Port Moresby
                    2300
                    UTC+11 Solomon Is., New Caledonia
                    2310
                    UTC+12 Magadan
                    2400
                    UTC+12 Fiji
                    2410
                    UTC+12 Auckland, Wellington
                    2420
                    UTC+12 Petropavlovsk-Kamchatsky
                    2430
                    UTC+12 Coordinated Universal Time +12
                    2500
                    UTC+13 Nuku'alofa
                    
-
-
-**Locale/Language/**
-The culture code that identifies the language to display on a device, and specifies the formatting of numbers, currencies, time, and dates. For language values, see [Locale IDs Assigned by Microsoft](/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c).
-
-The language setting is configured in the Default User profile only.
-
-> **Note**  Apply the Locale ID only after the corresponding language packs are built into and supported for the OS image running on the device. The specified language will be applied as the phone language and a restart may be required.
-
-Supported operations are Get and Replace.
-
-## OMA client provisioning examples
-
-
-The XML examples in this section show how to perform various tasks by using OMA client provisioning.
-
-> **Note**  These examples are XML snippets and do not include all sections that are required for a complete lockdown XML file.
-
- 
-
-### Assigned Access settings
-
-The following example shows how to add a new policy.
-
-```xml
-
-  
-    
-      "/>
-    
-  
-
-```
-
-### Language
-
-The following example shows how to specify the language to display on the device.
-
-```xml
-
-   
-  
-      
-   
-
-```
-
-## OMA DM examples
-
-
-These XML examples show how to perform various tasks using OMA DM.
-
-### Assigned access settings
-
-The following example shows how to lock down a device.
-
-```xml
-
-   
-      
-         2
-         
-            
-               ./Vendor/MSFT/EnterpriseAssignedAccess/AssignedAccess/AssignedAccessXml
-            
-            
                  
@@ -181,14 +182,14 @@ The following example removes a package for all users:
       
       xml
       
-          
+          
       
    
 
 ````
 
 **AppManagement/nonStore**  
-Used to manage enterprise apps or developer apps that were not acquired from the Microsoft Store.
+Used to manage enterprise apps or developer apps that weren't acquired from the Microsoft Store.
 
 Supported operation is Get.
 
@@ -209,7 +210,7 @@ Added in Windows 10, version 1809. Interior node for the managing updates throug
 > ReleaseManagement settings only apply to updates through the Microsoft Store.
 
 **AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_**  
-Added in Windows 10, version 1809. Identifier for the app or set of apps. If there is only one app, it is the PackageFamilyName. If it is for a set of apps, it is the PackageFamilyName of the main app.
+Added in Windows 10, version 1809. Identifier for the app or set of apps. If there's only one app, it's the PackageFamilyName. If it's for a set of apps, it's the PackageFamilyName of the main app.
 
 
 **AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/ChannelId**  
@@ -236,7 +237,7 @@ Added in Windows 10, version 1809. Returns the last user release ID on the devic
 Value type is string. Supported operation is Get.
 
 **.../***PackageFamilyName*  
-Optional. Package family name (PFN) of the app. There is one for each PFN on the device when reporting inventory. These items are rooted under their signing origin.
+Optional. Package family name (PFN) of the app. There's one for each PFN on the device when reporting inventory. These items are rooted under their signing origin.
 
 Supported operations are Get and Delete.
 
@@ -322,7 +323,7 @@ Required. Date the app was installed. Value type is string.
 Supported operation is Get.
 
 **.../*PackageFamilyName*/*PackageFullName*/ResourceID**  
-Required. Resource ID of the app. This is null for the main app, ~ for a bundle, and contains resource information for resources packages. Value type is string.
+Required. Resource ID of the app. This value is null for the main app, ~ for a bundle, and contains resource information for resources packages. Value type is string.
 
 > [!Note]
 > Not applicable to XAP files.
@@ -333,10 +334,10 @@ Supported operation is Get.
 Required. Provides information about the status of the package. Value type is int. Valid values are:
 
 -   OK (0) - The package is usable.
--   LicenseIssue (1) - The license of the package is not valid.
+-   LicenseIssue (1) - The license of the package isn't valid.
 -   Modified (2) - The package payload was modified by an unknown source.
 -   Tampered (4) - The package payload was tampered intentionally.
--   Disabled (8) - The package is not available for use. It can still be serviced.
+-   Disabled (8) - The package isn't available for use. It can still be serviced.
 
 > [!Note]
 > Not applicable to XAP files.
@@ -344,7 +345,7 @@ Required. Provides information about the status of the package. Value type is in
 Supported operation is Get.
 
 **.../*PackageFamilyName*/*PackageFullName*/RequiresReinstall**  
-Required. Specifies whether the package state has changed and requires a reinstallation of the app. This can occur when new app resources are required, such as when a device has a change in language preference or a new DPI. It can also occur of the package was corrupted. If the value is 1, reinstallation of the app is performed. Value type is int.
+Required. Specifies whether the package state has changed and requires a reinstallation of the app. This change of status can occur when new app resources are required, such as when a device has a change in language preference or a new DPI. It can also occur of the package was corrupted. If the value is 1, reinstallation of the app is performed. Value type is int.
 
 > [!Note]
 > Not applicable to XAP files.
@@ -385,7 +386,7 @@ Added in Windows 10, version 1511. Interior node for all managed app setting val
 **.../*PackageFamilyName*/AppSettingPolicy/***SettingValue* (only for ./User/Vendor/MSFT)  
 Added in Windows 10, version 1511. The *SettingValue* and data represent a key value pair to be configured for the app. The node represents the name of the key and the data represents the value. You can find this value in LocalSettings in the Managed.App.Settings container.
 
-This setting only works for apps that support the feature and it is only supported in the user context.
+This setting only works for apps that support the feature and it's only supported in the user context.
 
 Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
@@ -422,7 +423,7 @@ The following example gets all managed app settings for a specific app.
 ```
 
 **.../_PackageFamilyName_/MaintainProcessorArchitectureOnUpdate**  
-Added in Windows 10, version 1803. Specify whether on a AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available.
+Added in Windows 10, version 1803. Specify whether on an AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available.
 
 Supported operations are Add, Get, Delete, and Replace. Value type is integer.
 
@@ -438,20 +439,21 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M
 **.../_PackageFamilyName_/NonRemovable**  
 Added in Windows 10, version 1809. Specifies if an app is nonremovable by the user. 
 
-This setting allows the IT admin to set an app to be nonremovable, or unable to be uninstalled by a user. This is useful in enterprise and education scenarios, where the IT admin might want to ensure that everyone always has certain apps and they won't be removed accidentally. This is also useful when there are multiple users per device, and you want to ensure that one user doesn’t remove it for all users.  
+This setting allows the IT admin to set an app to be nonremovable, or unable to be uninstalled by a user. This setting is useful in enterprise and education scenarios, where the IT admin might want to ensure that everyone always has certain apps and they won't be removed accidentally. This setting is also useful when there are multiple users per device, and you want to ensure that one user doesn’t remove it for all users.  
 
-NonRemovable requires admin permission. This can only be set per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults.
+NonRemovable requires admin permission. This setting can only be defined per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults.
 
 Value type is integer. Supported operations are Add, Get, and Replace.
 
 Valid values:  
--   0 – app is not in the nonremovable app policy list
+-   0 – app isn't in the nonremovable app policy list
 -   1 – app is included in the nonremovable app policy list
 
 **Examples:**
 
 Add an app to the nonremovable app policy list 
-```
+
+```xml
   
      
          
@@ -472,7 +474,8 @@ Add an app to the nonremovable app policy list
 ```
 
 Get the status for a particular app  
-```
+
+```xml
  
      
          
@@ -489,9 +492,10 @@ Get the status for a particular app
 ```
 
 Replace an app in the nonremovable app policy list  
-Data 0 = app is not in the app policy list  
+Data 0 = app isn't in the app policy list  
 Data 1 = app is in the app policy list
-```
+
+```xml
  
      
          
@@ -515,7 +519,7 @@ Data 1 = app is in the app policy list
 Required node. Used to perform app installation.
 
 **AppInstallation/***PackageFamilyName*  
-Optional node. Package family name (PFN) of the app. There is one for each PFN on the device when reporting inventory. These items are rooted under their signing origin.
+Optional node. Package family name (PFN) of the app. There's one for each PFN on the device when reporting inventory. These items are rooted under their signing origin.
 
 Supported operations are Get and Add.
 
@@ -529,7 +533,7 @@ Required. Command to perform an install of an app and a license from the Microso
 Supported operation is Execute, Add, Delete, and Get.
 
 **AppInstallation/*PackageFamilyName*/HostedInstall**  
-Required. Command to perform an install of an app package from a hosted location (this can be a local drive, a UNC, or https data source).
+Required. Command to perform an install of an app package from a hosted location (this location can be a local drive, a UNC, or https data source).
 
 The following list shows the supported deployment options: 
 - ForceApplicationShutdown
@@ -537,10 +541,10 @@ The following list shows the supported deployment options:
 - InstallAllResources
 - ForceTargetApplicationShutdown 
 - ForceUpdateToAnyVersion
-- DeferRegistration="1". If the app is in use at the time of installation. This stages the files for an app update and completes the registration of the app update after the app closes. Available in the latest insider flight of 20H1.
+- DeferRegistration="1". If the app is in use at the time of installation. This option stages the files for an app update and completes the registration of the app update after the app closes. Available in the latest insider flight of 20H1.
 - StageOnly="1". Stages the files for an app installation or update without installing the app. Available in 1803.
 - LicenseUri="\\server\license.lic". Deploys an offline license from the Microsoft Store for Business. Available in 1607. 
-- ValidateDependencies="1". This is used at provisioning/staging time. If it is set to 1, deployment will perform the same dependency validation during staging that we would normally do at registration time, failing and rejecting the provision request if the dependencies are not present. Available in the latest insider flight of 20H1.
+- ValidateDependencies="1". This option is used at provisioning/staging time. If it's set to 1, deployment will perform the same dependency validation during staging that we would normally do at registration time, failing and rejecting the provision request if the dependencies aren't present. Available in the latest insider flight of 20H1.
 - ExcludeAppFromLayoutModification="1". Sets that the app will be provisioned on all devices and will be able to retain the apps provisioned without pinning them to start layout. Available in 1809.
 
 Supported operation is Execute, Add, Delete, and Get.
@@ -551,7 +555,7 @@ Required. Last error relating to the app installation.
 Supported operation is Get.
 
 > [!Note]
-> This element is not present after the app is installed.
+> This element isn't present after the app is installed.
 
 
 
@@ -561,30 +565,30 @@ Required. Description of last error relating to the app installation.
 Supported operation is Get.
 
 > [!Note]
-> This element is not present after the app is installed.
+> This element isn't present after the app is installed.
 
 
 **AppInstallation/*PackageFamilyName*/Status**  
 Required. Status of app installation. The following values are returned:
 
--   NOT\_INSTALLED (0) - The node was added, but the execution has not completed.
--   INSTALLING (1) - Execution has started, but the deployment has not completed. If the deployment completes regardless of success, this value is updated.
+-   NOT\_INSTALLED (0) - The node was added, but the execution hasn't completed.
+-   INSTALLING (1) - Execution has started, but the deployment hasn't completed. If the deployment completes regardless of success, this value is updated.
 -   FAILED (2) - Installation failed. The details of the error can be found under LastError and LastErrorDescription.
--   INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean up action has not completed, this state may briefly appear.
+-   INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean-up action hasn't completed, this state may briefly appear.
 
 Supported operation is Get.
 
 > [!Note]
-> This element is not present after the app is installed.
+> This element isn't present after the app is installed.
 
 
 **AppInstallation/*PackageFamilyName*/ProgessStatus**  
-Required. An integer the indicates the progress of the app installation. For https locations, this indicates the download progress. ProgressStatus is not available for provisioning and it is only for user-based installations. In provisioning, the value is always 0 (zero).
+Required. An integer that indicates the progress of the app installation. For https locations, this integer indicates the download progress. ProgressStatus isn't available for provisioning and it's only for user-based installations. ProgressStatus value is always 0 (zero) in provisioning.
 
 Supported operation is Get.
 
 > [!Note]
-> This element is not present after the app is installed.
+> This element isn't present after the app is installed.
 
 
 **AppLicenses**  
@@ -613,7 +617,7 @@ Supported operation is Get.
 Added in Windows 10, version 1511. Required. Indicates the allowed usage for the license. Valid values:
 
 -   Unknown - usage is unknown
--   Online - the license is only valid for online usage. This is for applications with concurrence requirements, such as an app used on several computers, but can only be used on one at any given time.
+-   Online - the license is only valid for online usage. This license is for applications with concurrence requirements, such as an app used on several computers, but can only be used on one at any given time.
 -   Offline - license is valid for use offline. You don't need a connection to the internet to use this license.
 -   Enterprise Root -
 
@@ -678,13 +682,3 @@ Subsequent query for a specific app for its properties.
 ## Related topics
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
index 237000b2f0..4ffad48863 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/01/2019
 ---
 
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
index f8b15504cc..53de7e899e 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md
index 4f516e8c19..f3e01980bb 100644
--- a/windows/client-management/mdm/esim-enterprise-management.md
+++ b/windows/client-management/mdm/esim-enterprise-management.md
@@ -12,12 +12,12 @@ ms.topic: conceptual
 ---
 
 # How Mobile Device Management Providers support eSIM Management on Windows
-The eSIM Profile Management Solution puts the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to use an already existing solution that customers are familiar with and that they use to manage devices. The expectations from an MDM are that it will use the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and the installation happen in the background without impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management.
+The eSIM Profile Management Solution places the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to use an already-existing solution that customers are familiar with and use to manage devices. The expectations from an MDM are that it will use the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and the installation happen in the background without impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management.
  If you are a Mobile Device Management (MDM) Provider and want to support eSIM Management on Windows, perform the following steps:
 - Onboard to Azure Active Directory
-- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, contact them and learn more about their onboarding. If you would like to integrate and work with only one MDM provider, contact that provider directly. If you would like to offer eSIM management to customers using different MDM providers, contact an orchestrator provider. Orchestrator providers act as proxy handling MDM onboarding as well as mobile operator onboarding. Their role is to make the process as painless and scalable as possible for all parties. Potential orchestrator providers you could contact include:
-    - [HPE’s Device Entitlement Gateway](https://www.hpe.com/emea_europe/en/solutions/digital-communications-services.html)
-    - [IDEMIA’s The Smart Connect - Hub](https://www.idemia.com/smart-connect-hub)
+- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Windows OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this capability to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Windows OMA-DM. This characteristic makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, contact them and learn more about their onboarding. If you would like to integrate and work with only one MDM provider, contact that provider directly. If you would like to offer eSIM management to customers using different MDM providers, contact an orchestrator provider. Orchestrator providers act as proxy handling MDM onboarding and as a mobile operator onboarding. Their role is to make the process as painless and scalable as possible for all parties. Potential orchestrator providers you could contact include:
+    - [HPE Device Entitlement Gateway](https://www.hpe.com/emea_europe/en/solutions/digital-communications-services.html)
+    - [IDEMIA The Smart Connect - Hub](https://www.idemia.com/smart-connect-hub)
 - Assess solution type that you would like to provide your customers
 - Batch/offline solution
 - IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices.
diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
index 9ce12f6be8..aea59b7da0 100644
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -1,11 +1,11 @@
 ---
 title: eUICCs CSP
-description: Learn how the eUICCs CSP is used to support eUICC enterprise use cases and enables the IT admin to manage (assign, re-assign, remove) subscriptions to employees.
+description: Learn how the eUICCs CSP is used to support eUICC enterprise use cases and enables the IT admin to manage (assign, reassign, remove) subscriptions to employees.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 03/02/2018
 ms.reviewer: 
 manager: dansimp
@@ -14,9 +14,9 @@ manager: dansimp
 # eUICCs CSP
 
 
-The eUICCs configuration service provider is used to support eUICC enterprise use cases and enables the IT admin to manage (assign, re-assign, remove) subscriptions to employees. This CSP was added in windows 10, version 1709.
+The eUICCs configuration service provider is used to support eUICC enterprise use cases and enables the IT admin to manage (assign, reassign, remove) subscriptions to employees. This CSP was added in windows 10, version 1709.
 
-The following shows the eUICCs configuration service provider in tree format.
+The following example shows the eUICCs configuration service provider in tree format.
 ```
 ./Device/Vendor/MSFT
 eUICCs
@@ -25,6 +25,10 @@ eUICCs
 --------IsActive
 --------PPR1Allowed
 --------PPR1AlreadySet
+--------DownloadServers
+------------ServerName
+----------------DiscoveryState
+----------------AutoEnable
 --------Profiles
 ------------ICCID
 ----------------ServerName
@@ -44,12 +48,12 @@ eUICCs
 Root node. 
 
 **_eUICC_**  
-Interior node. Represents information associated with an eUICC. There is one subtree for each known eUICC, created by the Local Profile Assistant (LPA) when the eUICC is first seen. The node name is meaningful only to the LPA (which associates it with an eUICC ID (EID) in an implementation-specific manner, e.g., this could be a SHA-256 hash of the EID). The node name "Default" represents the currently active eUICC.
+Interior node. Represents information associated with an eUICC. There's one subtree for each known eUICC, created by the Local Profile Assistant (LPA) when the eUICC is first seen. The node name is meaningful only to the LPA (which associates it with an eUICC ID (EID) in an implementation-specific manner, for example, this association could be an SHA-256 hash of the EID). The node name "Default" represents the currently active eUICC.
 
 Supported operation is Get.
 
 **_eUICC_/Identifier**  
-Required. Identifies an eUICC in an implementation-specific manner, e.g., this could be a SHA-256 hash of the EID.
+Required. Identifies an eUICC in an implementation-specific manner, for example, this identification could be an SHA-256 hash of the EID.
 
 Supported operation is Get. Value type is string.
 
@@ -58,6 +62,36 @@ Required. Indicates whether this eUICC is physically present and active. Updated
 
 Supported operation is Get. Value type is boolean.
 
+**_eUICC_/PPR1Allowed**  
+Profile Policy Rule 1 (PPR1) is required. Indicates whether the download of a profile with PPR1 is allowed. If the eUICC already has a profile (regardless of its origin and policy rules associated with it), the download of a profile with PPR1 isn't allowed.
+
+Supported operation is Get. Value type is boolean.
+
+**_eUICC_/PPR1AlreadySet**  
+Required. Indicates whether the eUICC already has a profile with PPR1.
+
+Supported operation is Get. Value type is boolean.
+
+**_eUICC_/DownloadServers**  
+Interior node. Represents default SM-DP+ discovery requests.
+
+Supported operation is Get.
+
+**_eUICC_/DownloadServers/_ServerName_**  
+Interior node. Optional. Node specifying the server name for a discovery operation. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request.
+
+Supported operations are Add, Get, and Delete.
+
+**_eUICC_/DownloadServers/_ServerName_/DiscoveryState**  
+Required. Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA.
+
+Supported operation is Get. Value type is integer. Default value is 1.
+
+**_eUICC_/DownloadServers/_ServerName_/AutoEnable**  
+Required. Indicates whether the discovered profile must be enabled automatically after install. This setting must be defined by the MDM when the ServerName subtree is created.
+
+Supported operations are Add, Get, and Replace. Value type is bool.
+
 **_eUICC_/Profiles**  
 Interior node. Required. Represents all enterprise-owned profiles.
 
@@ -99,7 +133,7 @@ Required. Determines whether the local user interface of the LUI is available (t
 Supported operations are Get and Replace. Value type is boolean. Default value is true.
 
 **_eUICC_/Actions**  
-Interior node. Required. Actions that can be performed on the eUICC as a whole (when it is active).
+Interior node. Required. Actions that can be performed on the eUICC as a whole (when it's active).
 
 Supported operation is Get.
 
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index 38bb8e5f6f..1649e9b5ca 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 03/02/2018
 ---
 
@@ -49,7 +49,7 @@ The XML below if for Windows 10, version 1803.
                 
             
             
-                com.microsoft/1.1/MDM/eUICCs
+                com.microsoft/1.2/MDM/eUICCs
             
         
         
@@ -58,7 +58,7 @@ The XML below if for Windows 10, version 1803.
                 
                     
                 
-                Represents information associated with an eUICC. There is one subtree for each known eUICC, created by the Local Profile Assistant (LPA) when the eUICC is first seen. The node name is meaningful only to the LPA (which associates it with an eUICC ID (EID) in an implementation-specific manner, e.g., this could be a SHA-256 hash of the EID). The node name "Default" represents the currently active eUICC.
+                Represents information associated with an eUICC. There is one subtree for each known eUICC, created by the Local Profile Assistant (LPA) when the eUICC is first seen.  The node name is the eUICC ID (EID). The node name "Default" represents the currently active eUICC.
                 
                     
                 
@@ -79,7 +79,7 @@ The XML below if for Windows 10, version 1803.
                     
                         
                     
-                    Identifies an eUICC in an implementation-specific manner, e.g., this could be a SHA-256 hash of the EID.
+                    The EID.
                     
                         
                     
@@ -118,6 +118,139 @@ The XML below if for Windows 10, version 1803.
                     
                 
             
+            
+                PPR1Allowed
+                
+                    
+                        
+                    
+                    Indicates whether the download of a profile with PPR1 is allowed. If the eUICC already has a profile (regardless of its origin and policy rules associated with it), the download of a profile with PPR1 is not allowed.
+                    
+                        
+                    
+                    
+                        
+                    
+                    
+                        
+                    
+                    
+                        text/plain
+                    
+                
+            
+            
+                PPR1AlreadySet
+                
+                    
+                        
+                    
+                    Indicates whether the eUICC already has a profile with PPR1.
+                    
+                        
+                    
+                    
+                        
+                    
+                    
+                        
+                    
+                    
+                        text/plain
+                    
+                
+            
+            
+                DownloadServers
+                
+                    
+                        
+                    
+                    Represents default SM-DP+ discovery requests.
+                    
+                        
+                    
+                    
+                        
+                    
+                    
+                        
+                    
+                    
+                        
+                    
+                
+                
+                    
+                    
+                        
+                            
+                            
+                            
+                            
+                        
+                        Node specifying the server name for a discovery operation. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request.
+                        
+                            
+                        
+                        
+                            
+                        
+                        
+                            
+                        
+                        ServerName
+                        
+                            
+                        
+                    
+                    
+                        DiscoveryState
+                        
+                            
+                                
+                            
+                            1
+                            Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA.
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                text/plain
+                            
+                        
+                    
+                    
+                        AutoEnable
+                        
+                            
+                                
+                                
+                                
+                            
+                            Indicates whether the discovered profile must be enabled automatically after install. This must be set by the MDM when the ServerName subtree is created.
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                text/plain
+                            
+                        
+                    
+                
+            
             
                 Profiles
                 
@@ -145,6 +278,7 @@ The XML below if for Windows 10, version 1803.
                             
                             
                             
+                            
                         
                         Node representing an enterprise-owned eUICC profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).
                         
@@ -167,6 +301,7 @@ The XML below if for Windows 10, version 1803.
                             
                                 
                                 
+                                
                             
                             Fully qualified domain name of the SM-DP+ that can download this profile. Must be set by the MDM when the ICCID subtree is created.
                             
@@ -192,6 +327,7 @@ The XML below if for Windows 10, version 1803.
                             
                                 
                                 
+                                
                             
                             Matching ID (activation code token) for profile download. Must be set by the MDM when the ICCID subtree is created.
                             
@@ -256,6 +392,70 @@ The XML below if for Windows 10, version 1803.
                             
                         
                     
+                    
+                        PPR1Set
+                        
+                            
+                                
+                            
+                            This profile policy rule indicates whether disabling of this profile is not allowed (true if not allowed, false otherwise).
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                text/plain
+                            
+                        
+                    
+                    
+                        PPR2Set
+                        
+                            
+                                
+                            
+                            This profile policy rule indicates whether deletion of this profile is not allowed (true if not allowed, false otherwise).
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                text/plain
+                            
+                        
+                    
+                    
+                        ErrorDetail
+                        
+                            
+                                
+                            
+                            0
+                            Detailed error if the profile download and install procedure failed (None = 0, CardGeneralFailure = 1, ConfirmationCodeMissing = 3, ForbiddenByPolicy = 5, InvalidMatchingId = 6, NoEligibleProfileForThisDevice = 7, NotEnoughSpaceOnCard = 8, ProfileEidMismatch = 10, ProfileNotAvailableForNewBinding = 11, ProfileNotReleasedByOperator = 12, RemoteServerGeneralFailure = 13, RemoteServerUnreachable = 14).
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                text/plain
+                            
+                        
+                    
                 
             
             
diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md
index 858a51a88b..6dc5301d1b 100644
--- a/windows/client-management/mdm/federated-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md
@@ -8,17 +8,17 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 07/28/2017
 ---
 
 # Federated authentication device enrollment
 
-This section provides an example of the mobile device enrollment protocol using federated authentication policy. When the authentication policy is set to Federated, the web authentication broker is leveraged by the enrollment client to get a security token. The enrollment client calls the web authentication broker API within the response message to start the process. The server should build the web authentication broker pages to fit the device screen and should be consistent with the existing enrollment UI. The opaque security token that is returned from the broker as an end page is used by the enrollment client as the device security secret during the client certificate request call.
+This section provides an example of the mobile device enrollment protocol using federated authentication policy. When the authentication policy is set to Federated, the web authentication broker is used by the enrollment client to get a security token. The enrollment client calls the web authentication broker API within the response message to start the process. The server should build the web authentication broker pages to fit the device screen and should be consistent with the existing enrollment UI. The opaque security token that is returned from the broker as an end page is used by the enrollment client as the device security secret during the client certificate request call.
 
-The <AuthenticationServiceURL> element the discovery response message specifies web authentication broker page start URL.
+The `` element the discovery response message specifies web authentication broker page start URL.
 
-For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692).
+For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692).
 
 ## In this topic
 
@@ -26,7 +26,7 @@ For details about the Microsoft mobile device enrollment protocol for Windows 1
 [Enrollment policy web service](#enrollment-policy-web-service)  
 [Enrollment web service](#enrollment-web-service)  
 
-For the list of enrollment scenarios not supported in Windows 10, see [Enrollment scenarios not supported](mobile-device-enrollment.md#enrollment-scenarios-not-supported).
+For the list of enrollment scenarios not supported in Windows 10, see [Enrollment scenarios not supported](mobile-device-enrollment.md#enrollment-scenarios-not-supported).
 
 ## Discovery service
 
@@ -35,7 +35,7 @@ The discovery web service provides the configuration information necessary for a
 > [!NOTE]
 > The administrator of the discovery service must create a host with the address enterpriseenrollment.*domain\_name*.com.
 
-The automatic discovery flow of the device uses the domain name of the email address that was submitted to the Workplace settings screen during sign in. The automatic discovery system constructs a URI that uses this hostname by appending the subdomain “enterpriseenrollment” to the domain of the email address, and by appending the path “/EnrollmentServer/Discovery.svc”. For example, if the email address is “sample@contoso.com”, the resulting URI for first Get request would be: http://enterpriseenrollment.contoso.com/EnrollmentServer/Discovery.svc
+The automatic discovery flow of the device uses the domain name of the email address that was submitted to the Workplace settings screen during sign in. The automatic discovery system constructs a URI that uses this hostname by appending the subdomain “enterpriseenrollment” to the domain of the email address, and by appending the path “/EnrollmentServer/Discovery.svc”. For example, if the email address is “sample@contoso.com”, the resulting URI for first Get request would be: `http://enterpriseenrollment.contoso.com/EnrollmentServer/Discovery.svc`.
 
 The first request is a standard HTTP GET request.
 
@@ -75,9 +75,9 @@ After the device gets a response from the server, the device sends a POST reques
 
 The following logic is applied:
 
-1.  The device first tries HTTPS. If the server cert is not trusted by the device, the HTTPS fails.
-2.  If that fails, the device tries HTTP to see whether it is redirected:
-    -   If the device is not redirected, it prompts the user for the server address.
+1.  The device first tries HTTPS. If the server cert isn't trusted by the device, the HTTPS fails.
+2.  If that fails, the device tries HTTP to see whether it's redirected:
+    -   If the device isn't redirected, it prompts the user for the server address.
     -   If the device is redirected, it prompts the user to allow the redirect.
 
 The following example shows a request via an HTTP POST command to the discovery web service given user@contoso.com as the email address
@@ -89,48 +89,49 @@ https://EnterpriseEnrollment.Contoso.com/EnrollmentServer/Discovery.svc
 The following example shows the discovery service request.
 
 ```xml
-    
-    
-      
-        
-          http://schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoveryService/Discover
-        
-        urn:uuid: 748132ec-a575-4329-b01b-6171a9cf8478
-        
-          http://www.w3.org/2005/08/addressing/anonymous
-        
-        
-          https://ENROLLTEST.CONTOSO.COM/EnrollmentServer/Discovery.svc
-        
-      
-      
-        
-          
-            user@contoso.com
-            3 
-            3.0 
-            WindowsPhone 
-            10.0.0.0
-            
-                OnPremise
-                Federated
-            
-          
-        
-      
+
+
+  
+	
+	  http://schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoveryService/Discover
+	
+	urn:uuid: 748132ec-a575-4329-b01b-6171a9cf8478
+	
+	  http://www.w3.org/2005/08/addressing/anonymous
+	
+	
+	  https://ENROLLTEST.CONTOSO.COM/EnrollmentServer/Discovery.svc
+	
+  
+  
+	
+	  
+		user@contoso.com
+		3 
+		3.0 
+		WindowsPhone 
+		10.0.0.0
+		
+			OnPremise
+			Federated
+		
+	  
+	
+  
+
 ```
 
 The discovery response is in the XML format and includes the following fields:
 
 -   Enrollment service URL (EnrollmentServiceUrl) – Specifies the URL of the enrollment endpoint that is exposed by the management service. The device should call this URL after the user has been authenticated. This field is mandatory.
 -   Authentication policy (AuthPolicy) – Indicates what type of authentication is required. For the MDM server, OnPremise is the supported value, which means that the user will be authenticated when calling the management service URL. This field is mandatory.
--   In Windows, Federated is added as another supported value. This allows the server to leverage the Web Authentication Broker to perform customized user authentication, and term of usage acceptance.
+-   In Windows, Federated is added as another supported value. This addition allows the server to use the Web Authentication Broker to perform customized user authentication, and term of usage acceptance.
 
 > [!Note]
 > The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
 
-When authentication policy is set to be Federated, Web Authentication Broker (WAB) will be leveraged by the enrollment client to get a security token. The WAB start page URL is provided by the discovery service in the response message. The enrollment client will call the WAB API within the response message to start the WAB process. WAB pages are server hosted web pages. The server should build those pages to fit the device screen nicely and be as consistent as possible to other builds in the MDM enrollment UI. The opaque security token that is returned from WAB as an endpage will be used by the enrollment client as the device security secret during the client certificate enrollment request call.
+When authentication policy is set to be Federated, Web Authentication Broker (WAB) will be used by the enrollment client to get a security token. The WAB start page URL is provided by the discovery service in the response message. The enrollment client will call the WAB API within the response message to start the WAB process. WAB pages are server hosted web pages. The server should build those pages to fit the device screen nicely and be as consistent as possible to other builds in the MDM enrollment UI. The opaque security token that is returned from WAB as an endpage will be used by the enrollment client as the device security secret during the client certificate enrollment request call.
 
 > [!Note]
 > Instead of relying on the user agent string that is passed during authentication to get information, such as the OS version, use the following guidance:
@@ -145,23 +146,23 @@ A new XML tag, AuthenticationServiceUrl, is introduced in the DiscoveryResponse
 
 The following are the explicit requirements for the server.
 
--   The <DiscoveryResponse><AuthenticationServiceUrl> element must support HTTPS.
+-   The ```` element must support HTTPS.
 -   The authentication server must use a device trusted root certificate. Otherwise, the WAP call will fail.
--   WP doesn’t support Window Integrated Authentication (WIA) for ADFS during WAB authentication. ADFS 2012 R2 if used needs to be configured to not attempt WIA for Windows device.
+-   WP doesn’t support Windows Integrated Authentication (WIA) for ADFS during WAB authentication. ADFS 2012 R2 if used needs to be configured to not attempt WIA for Windows device.
 
 The enrollment client issues an HTTPS request as follows:
 
-```
+```http
 AuthenticationServiceUrl?appru=&login_hint=
 ```
 
-- <appid> is of the form ms-app://string
-- <User Principal Name> is the name of the enrolling user, for example, user@constoso.com as input by the user in an enrollment sign in page. The value of this attribute serves as a hint that can be used by the authentication server as part of the authentication.
+- `` is of the form ms-app://string
+- `` is the name of the enrolling user, for example, user@constoso.com as input by the user in an enrollment sign-in page. The value of this attribute serves as a hint that can be used by the authentication server as part of the authentication.
 
 After authentication is complete, the auth server should return an HTML form document with a POST method action of appid identified in the query string parameter.
 
 > [!NOTE]
-> To make an application compatible with strict Content Security Policy, it is usually necessary to make some changes to HTML templates and client-side code, add the policy header, and test that everything works properly once the policy is deployed.
+> To make an application compatible with strict Content Security Policy, it's usually necessary to make some changes to HTML templates and client-side code, add the policy header, and test that everything works properly once the policy is deployed.
 
 ```html
 HTTP/1.1 200 OK 
@@ -190,42 +191,42 @@ Content-Length: 556
 
 ```
 
-The server has to send a POST to a redirect URL of the form ms-app://string (the URL scheme is ms-app) as indicated in the POST method action. The security token value is the base64-encoded string "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary" contained in the <wsse:BinarySecurityToken> EncodingType attribute. Windows does the binary encode when it sends it back to enrollment server, in the form it is just HTML encoded. This string is opaque to the enrollment client; the client does not interpret the string.
+The server has to send a POST to a redirect URL of the form ms-app://string (the URL scheme is ms-app) as indicated in the POST method action. The security token value is the base64-encoded string `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary` contained in the `` EncodingType attribute. Windows does the binary encode when it sends it back to enrollment server, in the form it's just HTML encoded. This string is opaque to the enrollment client; the client doesn't interpret the string.
 
-The following example shows a response received from the discovery web service which requires authentication via WAB.
+The following example shows a response received from the discovery web service that requires authentication via WAB.
 
 ```xml
-    
-      
-        
-          http://schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoveryService/DiscoverResponse
-        
-        
-          d9eb2fdd-e38a-46ee-bd93-aea9dc86a3b8
-        
-        urn:uuid: 748132ec-a575-4329-b01b-6171a9cf8478
-      
-      
-        
-          
-            Federated
-            3.0
-            
-              https://enrolltest.contoso.com/ENROLLMENTSERVER/DEVICEENROLLMENTWEBSERVICE.SVC
-            
-            
-              https://enrolltest.contoso.com/ENROLLMENTSERVER/DEVICEENROLLMENTWEBSERVICE.SVC
-            
-            
-              https://portal.manage.contoso.com/LoginRedirect.aspx
-            
-          
-        
-      
-    
+
+  
+	
+	  http://schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoveryService/DiscoverResponse
+	
+	
+	  d9eb2fdd-e38a-46ee-bd93-aea9dc86a3b8
+	
+	urn:uuid: 748132ec-a575-4329-b01b-6171a9cf8478
+  
+  
+	
+	  
+		Federated
+		3.0
+		
+		  https://enrolltest.contoso.com/ENROLLMENTSERVER/DEVICEENROLLMENTWEBSERVICE.SVC
+		
+		
+		  https://enrolltest.contoso.com/ENROLLMENTSERVER/DEVICEENROLLMENTWEBSERVICE.SVC
+		
+		
+		  https://portal.manage.contoso.com/LoginRedirect.aspx
+		
+	  
+	
+  
+
 ```
 
 ## Enrollment policy web service
@@ -234,65 +235,65 @@ Policy service is optional. By default, if no policies are specified, the minimu
 
 This web service implements the X.509 Certificate Enrollment Policy Protocol (MS-XCEP) specification that allows customizing certificate enrollment to match different security needs of enterprises at different times (cryptographic agility). The service processes the GetPolicies message from the client, authenticates the client, and returns matching enrollment policies in the GetPoliciesResponse message.
 
-For Federated authentication policy, The security token credential is provided in a request message using the <wsse:BinarySecurityToken> element \[WSS\]. The security token is retrieved as described in the discovery response section. The authentication information is as follows:
+For Federated authentication policy, the security token credential is provided in a request message using the `` element \[WSS\]. The security token is retrieved as described in the discovery response section. The authentication information is as follows:
 
--   wsse:Security: The enrollment client implements the <wsse:Security> element defined in \[WSS\] section 5. The <wsse:Security> element must be a child of the <s:Header> element.
--   wsse:BinarySecurityToken: The enrollment client implements the <wsse:BinarySecurityToken> element defined in \[WSS\] section 6.3. The <wsse:BinarySecurityToken> element must be included as a child of the <wsse:Security> element in the SOAP header.
+-   wsse:Security: The enrollment client implements the `` element defined in \[WSS\] section 5. The `` element must be a child of the `` element.
+-   wsse:BinarySecurityToken: The enrollment client implements the `` element defined in \[WSS\] section 6.3. The `` element must be included as a child of the `` element in the SOAP header.
 
-As was described in the discovery response section, the inclusion of the <wsse:BinarySecurityToken> element is opaque to the enrollment client, and the client does not interpret the string, and the inclusion of the element is agreed upon by the security token authentication server (as identified in the <AuthenticationServiceUrl> element of <DiscoveryResponse> and the enterprise server.
+As was described in the discovery response section, the inclusion of the `` element is opaque to the enrollment client, and the client doesn't interpret the string, and the inclusion of the element is agreed upon by the security token authentication server (as identified in the `` element of `` and the enterprise server.
 
-The <wsse:BinarySecurityToken> element contains a base64-encoded string. The enrollment client uses the security token received from the authentication server and base64-encodes the token to populate the <wsse:BinarySecurityToken> element. wsse:BinarySecurityToken/attributes/ValueType: The <wsse:BinarySecurityToken> ValueType attribute must be "http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentUserToken".
+The `` element contains a base64-encoded string. The enrollment client uses the security token received from the authentication server and base64-encodes the token to populate the `` element. 
 
-wsse:BinarySecurityToken/attributes/EncodingType: The <wsse:BinarySecurityToken> EncodingType attribute must be "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary".
+- wsse:BinarySecurityToken/attributes/ValueType: The `` ValueType attribute must be `http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentUserToken`.
 
-The following is an enrollment policy request example with a received security token as client credential.
+- wsse:BinarySecurityToken/attributes/EncodingType: The `` EncodingType attribute must be `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary`.
+
+The following example is an enrollment policy request with a received security token as client credential.
 
 ```xml
-    
-      
-        
-          http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPolicies
-        
-        urn:uuid:72048B64-0F19-448F-8C2E-B4C661860AA0
-        
-          http://www.w3.org/2005/08/addressing/anonymous
-        
-        
-          https://enrolltest.contoso.com/ENROLLMENTSERVER/DEVICEENROLLMENTWEBSERVICE.SVC
-        
-        
-          
-          B64EncodedSampleBinarySecurityToken
-          
-        
-      
-      
-        
-          
-            
-            
-          
-          
-        
-      
-    
+
+  
+	
+	  http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPolicies
+	
+	urn:uuid:72048B64-0F19-448F-8C2E-B4C661860AA0
+	
+	  http://www.w3.org/2005/08/addressing/anonymous
+	
+	
+	  https://enrolltest.contoso.com/ENROLLMENTSERVER/DEVICEENROLLMENTWEBSERVICE.SVC
+	
+	
+	  
+	  B64EncodedSampleBinarySecurityToken
+	  
+	
+  
+  
+	
+	  
+		
+		
+	  
+	  
+	
+  
+
 ```
 
 After the user is authenticated, the web service retrieves the certificate template that the user should enroll with and creates enrollment policies based on the certificate template properties. A sample of the response can be found on MSDN.
 
-MS-XCEP supports very flexible enrollment policies using various Complex Types and Attributes. For Windows device, we will first support the minimalKeyLength, the hashAlgorithmOIDReference policies, and the CryptoProviders. The hashAlgorithmOIDReference has related OID and OIDReferenceID and policySchema in the GetPolicesResponse. The policySchema refers to the certificate template version. Version 3 of MS-XCEP supports hashing algorithms.
+MS-XCEP supports flexible enrollment policies using various Complex Types and Attributes. For Windows device, we'll first support the minimalKeyLength, the hashAlgorithmOIDReference policies, and the CryptoProviders. The hashAlgorithmOIDReference has related OID and OIDReferenceID and policySchema in the GetPolicesResponse. The policySchema refers to the certificate template version. Version 3 of MS-XCEP supports hashing algorithms.
 
 > [!NOTE]
 > The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
@@ -300,91 +301,91 @@ MS-XCEP supports very flexible enrollment policies using various Complex Types a
 The following snippet shows the policy web service response.
 
 ```xml
-      
-        
-          
-            http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPoliciesResponse
-          
-          urn:uuid: 69960163-adad-4a72-82d2-bb0e5cff5598
-        
-        
-          
-            
-            
-              
-              
-              
-              
-                
-                  0
-                  
-                  
-                    CEPUnitTest
-                    3
-                    
-                      1209600
-                      172800
-                    
-                    
-                      true
-                      false
-                    
-                    
-                      2048
-                      
-                      
-                      
-                      
-                      
-                    
-                    
-                      101
-                      0
-                    
-                    
-                    
-                    
-                    
-                    
-                    0
-                    
-                    
-                    
-                  
-                
-              
-            
+
+  
+    
+      http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPoliciesResponse
+    
+    urn:uuid: 69960163-adad-4a72-82d2-bb0e5cff5598
+  
+  
+    
+      
+      
+        
+        
+        
+        
+          
+            0
             
-            
-              
-                1.3.14.3.2.29
-                1
-                0
-                szOID_OIWSEC_sha1RSASign
-              
-            
-          
-        
-      
+            
+              CEPUnitTest
+              3
+              
+                1209600
+                172800
+              
+              
+                true
+                false
+              
+              
+                2048
+                
+                
+                
+                
+                
+              
+              
+                101
+                0
+              
+              
+              
+              
+              
+              
+              0
+              
+              
+              
+            
+          
+        
+      
+      
+      
+        
+          1.3.14.3.2.29
+          1
+          0
+          szOID_OIWSEC_sha1RSASign
+        
+      
+    
+  
+
 ```
 
 ## Enrollment web service
 
 This web service implements the MS-WSTEP protocol. It processes the RequestSecurityToken (RST) message from the client, authenticates the client, requests the certificate from the CA, and returns it in the RequestSecurityTokenResponse (RSTR) to the client. Besides the issued certificate, the response also contains configurations needed to provision the DM client.
 
-The RequestSecurityToken (RST) must have the user credential and a certificate request. The user credential in an RST SOAP envelope is the same as in GetPolicies, and can vary depending on whether the authentication policy is OnPremise or Federated. The BinarySecurityToken in an RST SOAP body contains a Base64-encoded PKCS\#10 certificate request, which is generated by the client based on the enrollment policy. The client could have requested an enrollment policy by using MS-XCEP before requesting a certificate using MS-WSTEP. If the PKCS\#10 certificate request is accepted by the certification authority (CA) (the key length, hashing algorithm, and so on match the certificate template), the client can enroll successfully.
+The RequestSecurityToken (RST) must have the user credential and a certificate request. The user credential in an RST SOAP envelope is the same as in GetPolicies, and can vary depending on whether the authentication policy is OnPremise or Federated. The BinarySecurityToken in an RST SOAP body contains a Base64-encoded PKCS\#10 certificate request, which is generated by the client based on the enrollment policy. The client could have requested an enrollment policy by using MS-XCEP before requesting a certificate using MS-WSTEP. If the PKCS\#10 certificate request is accepted by the certification authority (CA) (the key length, hashing algorithm, and so on, match the certificate template), the client can enroll successfully.
 
-Note that the RequestSecurityToken will use a custom TokenType (http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken), because our enrollment token is more than an X.509 v3 certificate. For more details, see the Response section.
+The RequestSecurityToken will use a custom TokenType (`http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken`), because our enrollment token is more than an X.509 v3 certificate. For more information, see the Response section.
 
-The RST may also specify a number of AdditionalContext items, such as DeviceType and Version. Based on these values, for example, the web service can return device-specific and version-specific DM configuration.
+The RST may also specify many AdditionalContext items, such as DeviceType and Version. Based on these values, for example, the web service can return device-specific and version-specific DM configuration.
 
 > [!Note]
 > The policy service and the enrollment service must be on the same server; that is, they must have the same host name.
@@ -392,86 +393,84 @@ The RST may also specify a number of AdditionalContext items, such as DeviceType
 The following example shows the enrollment web service request for federated authentication.
 
 ```xml
-    
-      
-        
-          http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RST/wstep
-        
-        urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749
-        
-          http://www.w3.org/2005/08/addressing/anonymous
-        
-        
-          https://enrolltest.contoso.com:443/ENROLLMENTSERVER/DEVICEENROLLMENTWEBSERVICE.SVC
-        
-        
-          
-          B64EncodedSampleBinarySecurityToken
-          
-        
-      
-      
-        
-          
-            http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken
-          
-          
-            http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
-          
-          
-            DER format PKCS#10 certificate request in Base64 encoding Insterted Here
-          
-          
-               
-                    4
-                
-                
-                   10.0.9999.0
-                
-                
-                   MY_WINDOWS_DEVICE
-                
-                
-                   FF:FF:FF:FF:FF:FF
-                
-                
-                   CC:CC:CC:CC:CC:CC
-                
-                   49015420323756
-                
-                
-                   30215420323756
-                
-                
-                   Full
-                
-                
-                   CIMClient_Windows
-                
-                
-                   10.0.9999.0
-                
-                
-                   7BA748C8-703E-4DF2-A74A-92984117346A
-                
-                
-                   True
-                
-             
-        
-      
+
+  
+    
+      http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RST/wstep
+    
+    urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749
+    
+      http://www.w3.org/2005/08/addressing/anonymous
+    
+    
+      https://enrolltest.contoso.com:443/ENROLLMENTSERVER/DEVICEENROLLMENTWEBSERVICE.SVC
+    
+    
+      
+      B64EncodedSampleBinarySecurityToken
+      
+    
+  
+  
+    
+      
+        http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken
+      
+      
+        http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
+      
+      
+        DER format PKCS#10 certificate request in Base64 encoding Insterted Here
+      
+      
+           
+                4
+            
+            
+               10.0.9999.0
+            
+            
+               MY_WINDOWS_DEVICE
+            
+            
+               FF:FF:FF:FF:FF:FF
+            
+            
+               CC:CC:CC:CC:CC:CC
+            
+               49015420323756
+            
+            
+               30215420323756
+            
+            
+               Full
+            
+            
+               CIMClient_Windows
+            
+            
+               10.0.9999.0
+            
+            
+               7BA748C8-703E-4DF2-A74A-92984117346A
+            
+            
+               True
+            
+         
+    
+  
+
 ```
 
 After validating the request, the web service looks up the assigned certificate template for the client, update it if needed, sends the PKCS\#10 requests to the CA, processes the response from the CA, constructs an OMA Client Provisioning XML format, and returns it in the RequestSecurityTokenResponse (RSTR).
@@ -479,64 +478,61 @@ After validating the request, the web service looks up the assigned certificate
 > [!Note]
 > The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
 
-Similar to the TokenType in the RST, the RSTR will use a custom ValueType in the BinarySecurityToken (http://schemas.microsoft.com/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc), because the token is more than an X.509 v3 certificate.
+Similar to the TokenType in the RST, the RSTR will use a custom ValueType in the BinarySecurityToken (`http://schemas.microsoft.com/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc`), because the token is more than an X.509 v3 certificate.
 
 The provisioning XML contains:
 
 -   The requested certificates (required)
 -   The DM client configuration (required)
 
-The client will install the client certificate, the enterprise root certificate, and intermediate CA certificate if there is one. The DM configuration includes the name and address of the DM server, which client certificate to use, and schedules when the DM client calls back to the server.
+The client will install the client certificate, the enterprise root certificate, and intermediate CA certificate if there's one. The DM configuration includes the name and address of the DM server, which client certificate to use, and schedules when the DM client calls back to the server.
 
-Enrollment provisioning XML should contain a maximum of one root certificate and one intermediate CA certificate that is needed to chain up the MDM client certificate. Additional root and intermediate CA certificates could be provisioned during an OMA DM session.
+Enrollment provisioning XML should contain a maximum of one root certificate and one intermediate CA certificate that is needed to chain up the MDM client certificate. More root and intermediate CA certificates could be provisioned during an OMA DM session.
 
-When provisioning root and intermediate CA certificates, the supported CSP node path is: CertificateStore/Root/System for root certificate provisioning, CertificateStore/My/User for intermediate CA certificate provisioning.
+When root and intermediate CA certificates are being provisioned, the supported CSP node path is: CertificateStore/Root/System for root certificate provisioning, CertificateStore/My/User for intermediate CA certificate provisioning.
 
-Here is a sample RSTR message and a sample of OMA client provisioning XML within RSTR. For more information about the configuration service providers (CSPs) used in provisioning XML, see the Enterprise settings, policies and app management section.
+Here's a sample RSTR message and a sample of OMA client provisioning XML within RSTR. For more information about the configuration service providers (CSPs) used in provisioning XML, see the Enterprise settings, policies and app management section.
 
 The following example shows the enrollment web service response.
 
 ```xml
-    
-       
-          
-             http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RSTRC/wstep
-          
-          urn:uuid:81a5419a-496b-474f-a627-5cdd33eed8ab
-          
-             
-                2012-08-02T00:32:59.420Z
-                2012-08-02T00:37:59.420Z
-             
-          
-       
-       
-          
-             
-                
-        http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken
-                
-                            
-                   
-                      B64EncodedSampleBinarySecurityToken
-                   
-                
-                0
-                
-             
-          
-       
-    
+
+   
+      
+         http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RSTRC/wstep
+      
+      urn:uuid:81a5419a-496b-474f-a627-5cdd33eed8ab
+      
+         
+            2012-08-02T00:32:59.420Z
+            2012-08-02T00:37:59.420Z
+         
+      
+   
+   
+      
+         
+            
+                http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken
+            
+             
+             
+               
+                  B64EncodedSampleBinarySecurityToken
+               
+            
+            0
+         
+      
+   
+
 ```
 
 The following code shows sample provisioning XML (presented in the preceding package as a security token):
@@ -558,12 +554,12 @@ The following code shows sample provisioning XML (presented in the preceding pac
             
                
             
-             
-                        
+            
+            
          
          
             
-             
+               
                
                
                
@@ -581,8 +577,7 @@ The following code shows sample provisioning XML (presented in the preceding pac
       
       
       
-      
+      
       
          
          
@@ -598,33 +593,37 @@ The following code shows sample provisioning XML (presented in the preceding pac
    
     
       
-
-    
-           
-             
+        
+        
+            
+            
+            
                 
                 
                 
                 
                 
-
-         
-         
- 
-        
-
+                
+                
+                
+            
+        
       
    
-   
+   
 
 ```
 
-**Notes**
-
--   <Parm name> and <characteristic type=> elements in the w7 APPLICATION CSP XML are case sensitive and must be all uppercase.
--   In w7 APPLICATION characteristic, both CLIENT and APPSRV credentials should be provided in XML.
--   Detailed descriptions of these settings are located in the [Enterprise settings, policies and app management](windows-mdm-enterprise-settings.md) section of this document.
--   The **PrivateKeyContainer** characteristic is required and must be present in the Enrollment provisioning XML by the enrollment. Other important settings are the **PROVIDER-ID**, **NAME**, and **ADDR** parameter elements, which need to contain the unique ID and NAME of your DM provider and the address where the device can connect for configuration provisioning. The ID and NAME can be arbitrary values, but they must be unique.
--   Also important is SSLCLIENTCERTSEARCHCRITERIA, which is used for selecting the certificate to be used for client authentication. The search is based on the subject attribute of the signed user certificate.
--   CertificateStore/WSTEP enables certificate renewal. If the server does not support it, do not set it.
\ No newline at end of file
+> [!NOTE]
+> 
+> -   `` and `` elements in the w7 APPLICATION CSP XML are case sensitive and must be all uppercase.
+> 
+> -   In w7 APPLICATION characteristic, both CLIENT and APPSRV credentials should be provided in XML.
+> 
+> -   Detailed descriptions of these settings are located in the [Enterprise settings, policies and app management](windows-mdm-enterprise-settings.md) section of this document.
+> 
+> -   The **PrivateKeyContainer** characteristic is required and must be present in the Enrollment provisioning XML by the enrollment. Other important settings are the **PROVIDER-ID**, **NAME**, and **ADDR** parameter elements, which need to contain the unique ID and NAME of your DM provider and the address where the device can connect for configuration provisioning. The ID and NAME can be arbitrary values, but they must be unique.
+> 
+> -   Also important is SSLCLIENTCERTSEARCHCRITERIA, which is used for selecting the certificate to be used for client authentication. The search is based on the subject attribute of the signed user certificate.
+> 
+> -   CertificateStore/WSTEP enables certificate renewal. If the server does not support it, do not set it.
diff --git a/windows/client-management/mdm/filesystem-csp.md b/windows/client-management/mdm/filesystem-csp.md
deleted file mode 100644
index 12547591ba..0000000000
--- a/windows/client-management/mdm/filesystem-csp.md
+++ /dev/null
@@ -1,100 +0,0 @@
----
-title: FileSystem CSP
-description: Learn how the FileSystem CSP is used to query, add, modify, and delete files, file directories, and file attributes on the mobile device.
-ms.assetid: 9117ee16-ca7a-4efa-9270-c9ac8547e541
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# FileSystem CSP
-
-The FileSystem configuration service provider is used to query, add, modify, and delete files, file directories, and file attributes on the mobile device. It can retrieve information about or manage files in ROM, files in persistent store and files on any removable storage card that is present in the device. It works for files that are hidden from the user as well as those that are visible to the user.
-
-> [!NOTE]
-> FileSystem CSP is only supported in Windows 10 Mobile.
-
-> [!NOTE]
-> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_OEM capabilities to be accessed from a network configuration application.
-
-The following diagram shows the FileSystem configuration service provider management object in tree format as used by OMA DM. The OMA Client Provisioning protocol is not supported by this configuration service provider.
-
-![filesystem csp (dm)](images/provisioning-csp-filesystem-dm.png)
-
-**FileSystem**
-Required. Defines the root of the file system management object. It functions as the root directory for file system queries.
-
-Recursive queries or deletes are not supported for this element. Add commands will add a new file or directory under the root path.
-
-The following properties are supported for the root node:
-
-- `Name`: The root node name. The Get command is the only supported command.
-
-- `Type`: The MIME type of the file, which is com.microsoft/windowsmobile/1.1/FileSystemMO. The Get command is the only supported command.
-
-- `Format`: The format, which is `node`. The Get command is the only supported command.
-
-- `TStamp`: A standard OMA property that indicates the last time the file directory was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
-
-- `Size`: Not supported.
-
-- `msft:SystemAttributes`: A custom property that contains file directory attributes. This value is an integer bit mask that corresponds to the FILE\_ATTRIBUTE values and flags defined in the header file winnt.h. This supports the Get command and the Replace command.
-
-***file directory***
-Optional. Returns the name of a directory in the device file system. Any *file directory* element can contain directories and files as child elements.
-
-The Get command returns the name of the file directory. The Get command with `?List=Struct` will recursively return all child element names (including sub-directory names). The Get command with `?list=StructData` query is not supported and returns a 406 error code.
-
-The Add command is used to create a new directory. Adding a new directory under the file system root is not supported and returns a 405 error code.
-
-The Replace command is not supported.
-
-The Delete command is used to delete all files and subfolders under this *file directory*.
-
-The following properties are supported for file directories:
-
-- `Name`: The file directory name. The Get command is the only supported command.
-
-- `Type`: The MIME type of the file, which is an empty string for directories that are not the root node. The Get command is the only supported command.
-
-- `Format`: The format, which is `node`. The Get command is the only supported command.
-
-- `TStamp`: A standard OMA property that indicates the last time the file directory was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
-
-- `Size`: Not supported.
-
-- `msft:SystemAttributes`: A custom property that contains file directory attributes. This value is an integer bit mask that corresponds to the FILE\_ATTRIBUTE values and flags defined in the header file `winnt.h`. This supports the Get command and the Replace command.
-
-***file name***
-Optional. Return a file in binary format. If the file is too large for the configuration service to return, it returns error code 413 (Request entity too large) instead.
-
-The Delete command deletes the file.
-
-The Replace command updates an entire file with new file contents.
-
-The Add command adds the file to the file directory
-
-The Get command is not supported on a *file name* element, only on the properties of the element.
-
-The following properties are supported for files:
-
-- `Name`: The file name. The Get command is the only supported command.
-
-- `Type`: The MIME type of the file. This value is always set to the generic MIME type: `application/octet-stream`. The Get command is the only supported command.
-
-- `Format`: The format, which is b64 encoded for binary data is sent over XML, and bin format for binary data sent over WBXML. The Get command is the only supported command.
-
-- `TStamp`: A standard OMA property that indicates the last time the file was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
-
-- `Size`: The unencoded file content size in bytes. The Get command is the only supported command.
-
-- `msft:SystemAttributes`: A custom property that contains file attributes. This value is an integer bit mask that corresponds to the FILE\_ATTRIBUTE values and flags defined in the header file winnt.h. This supports the Get command and the Replace command.
-
-## Related topics
-
-[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index 19fbe15c22..a9735120d7 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 01/26/2018
+ms.date: 11/29/2021
 ms.reviewer: 
 manager: dansimp
 ---
@@ -14,13 +14,13 @@ manager: dansimp
 # Firewall configuration service provider (CSP)
 
 
-The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, as well as the desired set of custom rules to be enforced on the device.  Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network.  This CSP was added Windows 10, version 1709.
+The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device.  Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network.  This CSP was added Windows 10, version 1709.
  
 Firewall rules in the FirewallRules section must be wrapped in an Atomic block in SyncML, either individually or collectively.
 
-For detailed information on some of the fields below see [[MS-FASP]: Firewall and Advanced Security Protocol documentation](/openspecs/windows_protocols/ms-winerrata/6521c5c4-1f76-4003-9ade-5cccfc27c8ac).
+For detailed information on some of the fields below, see [[MS-FASP]: Firewall and Advanced Security Protocol documentation](/openspecs/windows_protocols/ms-winerrata/6521c5c4-1f76-4003-9ade-5cccfc27c8ac).
 
-The following shows the Firewall configuration service provider in tree format. 
+The following example shows the Firewall configuration service provider in tree format. 
 ```
 ./Vendor/MSFT
 Firewall
@@ -98,73 +98,72 @@ Firewall
 ----------------EdgeTraversal
 ----------------LocalUserAuthorizationList
 ----------------FriendlyName
-----------------IcmpTypesAndCodes
 ----------------Status
 ----------------Name
 ```
 **./Vendor/MSFT/Firewall**
-
                  Root node for the Firewall configuration service provider.
                  
+
                  Root node for the Firewall configuration service provider.
                  
 
 **MdmStore**
-
                  Interior node.
                  
-
                  Supported operation is Get.
                  
+
                  Interior node.
                  
+
                  Supported operation is Get.
                  
 
 **MdmStore/Global**
-
                  Interior node.
                  
-
                  Supported operations are Get. 
                  
+
                  Interior node.
                  
+
                  Supported operations are Get. 
                  
 
 **MdmStore/Global/PolicyVersionSupported**
-
                  Integer value that contains the maximum policy version that the server host can accept. The version number is two octets in size. The lowest-order octet is the minor version; the second-to-lowest octet is the major version. This value is not merged and is always a fixed value for a particular firewall and advanced security components software build.
                  
-
                  Value type in integer. Supported operation is Get.
                  
+
                  Integer value that contains the maximum policy version that the server host can accept. The version number is two octets in size. The lowest-order octet is the minor version; the second-to-lowest octet is the major version. This value isn't merged and is always a fixed value for a particular firewall and advanced security components software build.
                  
+
                  Value type in integer. Supported operation is Get.
                  
 
 **MdmStore/Global/CurrentProfiles**
-
                  Integer value that contains a bitmask of the current enforced profiles that are maintained by the server firewall host. See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types. This value is available only in the dynamic store; therefore, it is not merged and has no merge law.
                  
-
                  Value type in integer. Supported operation is Get.
                  
+
                  Integer value that contains a bitmask of the current enforced profiles that are maintained by the server firewall host. See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types. This value is available only in the dynamic store; therefore, it's not merged and has no merge law.
                  
+
                  Value type in integer. Supported operation is Get.
                  
 
 **MdmStore/Global/DisableStatefulFtp**
-
                  Boolean value. If false, the firewall performs stateful File Transfer Protocol (FTP) filtering to allow secondary connections. True means stateful FTP is disabled. The merge law for this option is to let "true" values win.
                  
-
                  Default value is false.
                  
-
                  Data type is bool. Supported operations are Add, Get, Replace, and Delete. 
                  
+
                  Boolean value. If false, the firewall performs stateful File Transfer Protocol (FTP) filtering to allow secondary connections. True means stateful FTP is disabled. The merge law for this option is to let "true" values win.
                  
+
                  Default value is false.
                  
+
                  Data type is bool. Supported operations are Add, Get, Replace, and Delete. 
                  
 
 **MdmStore/Global/SaIdleTime**
-
                  This value configures the security association idle time, in seconds. Security associations are deleted after network traffic is not seen for this specified period of time. The value is integer and MUST be in the range of 300 to 3,600 inclusive. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.
                  
-
                  Default value is 300.
                  
-
                  Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  This value configures the security association idle time, in seconds. Security associations are deleted after network traffic isn't seen for this specified period of time. The value is integer and MUST be in the range of 300 to 3,600 inclusive. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value.
                  
+
                  Default value is 300.
                  
+
                  Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **MdmStore/Global/PresharedKeyEncoding**
-
                  Specifies the preshared key encoding that is used. The value is integer and MUST be a valid value from the PRESHARED_KEY_ENCODING_VALUES enumeration. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.
                  
-
                  Default value is 1.
                  
-
                  Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  Specifies the preshared key encoding that is used. The value is integer and MUST be a valid value from the PRESHARED_KEY_ENCODING_VALUES enumeration. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value.
                  
+
                  Default value is 1.
                  
+
                  Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **MdmStore/Global/IPsecExempt**
-
                  This value configures IPsec exceptions. The value is integer and MUST be a combination of the valid flags that are defined in IPSEC_EXEMPT_VALUES; therefore, the maximum value MUST always be IPSEC_EXEMPT_MAX-1 for servers supporting a schema version of 0x0201 and IPSEC_EXEMPT_MAX_V2_0-1 for servers supporting a schema version of 0x0200. If the maximum value is exceeded when the method RRPC_FWSetGlobalConfig (Opnum 4) is called, the method returns ERROR_INVALID_PARAMETER. This error code is returned if no other preceding error is discovered. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.
                  
-
                  Default value is 0.
                  
-
                  Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  This value configures IPsec exceptions. The value is integer and MUST be a combination of the valid flags that are defined in IPSEC_EXEMPT_VALUES; therefore, the maximum value MUST always be IPSEC_EXEMPT_MAX-1 for servers supporting a schema version of 0x0201 and IPSEC_EXEMPT_MAX_V2_0-1 for servers supporting a schema version of 0x0200. If the maximum value is exceeded when the method RRPC_FWSetGlobalConfig (Opnum 4) is called, the method returns ERROR_INVALID_PARAMETER. This error code is returned if no other preceding error is discovered. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value.
                  
+
                  Default value is 0.
                  
+
                  Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **MdmStore/Global/CRLcheck**
-
                  This value specifies how certificate revocation list (CRL) verification is enforced. The value is integer and MUST be 0, 1, or 2. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value. Valid valued:
                  
+
                  This value specifies how certificate revocation list (CRL) verification is enforced. The value is integer and MUST be 0, 1, or 2. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value. Valid valued:
                  
 
                    
 
                  • 0 disables CRL checking
                    • 
-
                  • 1 specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) do not cause certificate validation to fail.
                    • 
+
                  • 1 specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) don't cause certificate validation to fail.
                    • 
 
                  • 2 means that checking is required and that certificate validation fails if any error is encountered during CRL processing
                    • 
 
                  
-
                  Default value is 0.
                  
-
                  Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  Default value is 0.
                  
+
                  Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **MdmStore/Global/PolicyVersion**
-
                  This value contains the policy version of the policy store being managed. This value is not merged and therefore, has no merge law.
                  
-
                  Value type is string. Supported operation is Get.
                  
+
                  This value contains the policy version of the policy store being managed. This value isn't merged and therefore, has no merge law.
                  
+
                  Value type is string. Supported operation is Get.
                  
 
 **MdmStore/Global/BinaryVersionSupported**
-
                  This value contains the binary version of the structures and data types that are supported by the server. This value is not merged. In addition, this value is always a fixed value for a specific firewall and advanced security component's software build. This value identifies a policy configuration option that is supported only on servers that have a schema version of 0x0201.
                  
-
                  Value type is string. Supported operation is Get.
                  
+
                  This value contains the binary version of the structures and data types that are supported by the server. This value isn't merged. In addition, this value is always a fixed value for a specific firewall and advanced security component's software build. This value identifies a policy configuration option that is supported only on servers that have a schema version of 0x0201.
                  
+
                  Value type is string. Supported operation is Get.
                  
 
 **MdmStore/Global/OpportunisticallyMatchAuthSetPerKM**
-
                  This value is bool used as an on/off switch. When this option is false (off), keying modules MUST ignore the entire authentication set if they do not support all of the authentication suites specified in the set. When this option is true (on), keying modules MUST ignore only the authentication suites that they don’t support. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
                  
-
                  Boolean value. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  This value is bool used as an on/off switch. When this option is false (off), keying modules MUST ignore the entire authentication set if they don't support all of the authentication suites specified in the set. When this option is true (on), keying modules MUST ignore only the authentication suites that they don’t support. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
                  
+
                  Boolean value. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **MdmStore/Global/EnablePacketQueue**
-
                  This value specifies how scaling for the software on the receive side is enabled for both the encrypted receive and clear text forward path for the IPsec tunnel gateway scenario. Use of this option also ensures that the packet order is preserved. The data type for this option value is integer and is a combination of flags. Valid values:
                  
+
                  This value specifies how scaling for the software on the receive side is enabled for both the encrypted receive and clear text forward path for the IPsec tunnel gateway scenario. Use of this option also ensures that the packet order is preserved. The data type for this option value is integer and is a combination of flags. Valid values:
                  
 
 
                    
 
                  • 0x00 indicates that all queuing is to be disabled
                    • 
@@ -172,71 +171,71 @@ Firewall
 
                  • 0x02 specifies that packets are to be queued after decryption is performed for forwarding
                    • 
 
                  
 
-
                  Default value is 0.
                  
-
                  Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  Default value is 0.
                  
+
                  Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **MdmStore/DomainProfile**
-
                  Interior node. Supported operation is Get.
                  
+
                  Interior node. Supported operation is Get.
                  
 
 **MdmStore/PrivateProfile**
-
                  Interior node. Supported operation is Get.
                  
+
                  Interior node. Supported operation is Get.
                  
 
 **MdmStore/PublicProfile**
-
                  Interior node. Supported operation is Get.
                  
+
                  Interior node. Supported operation is Get.
                  
 
 **/EnableFirewall**
-
                  Boolean value for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
                  
-
                  Default value is true.
                  
-
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
+
                  Boolean value for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
                  
+
                  Default value is true.
                  
+
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
 
 **/DisableStealthMode**
-
                  Boolean value. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
                  
-
                  Default value is false.
                  
-
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
+
                  Boolean value. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
                  
+
                  Default value is false.
                  
+
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
 
 **/Shielded**
-
                  Boolean value. If this value is true and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "true" values win.
                  
-
                  Default value is false.
                  
-
                  Value type is bool. Supported operations are Get and Replace.
                  
+
                  Boolean value. If this value is true and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "true" values win.
                  
+
                  Default value is false.
                  
+
                  Value type is bool. Supported operations are Get and Replace.
                  
 
 **/DisableUnicastResponsesToMulticastBroadcast**
-
                  Boolean value. If it is true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
                  
-
                  Default value is false.
                  
-
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
+
                  Boolean value. If it's true, unicast responses to multicast broadcast traffic are blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
                  
+
                  Default value is false.
                  
+
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
 
 **/DisableInboundNotifications**
-
                  Boolean value. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port.  If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
                  
-
                  Default value is false.
                  
-
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
+
                  Boolean value. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port.  If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
                  
+
                  Default value is false.
                  
+
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
 
 **/AuthAppsAllowUserPrefMerge**
-
                  Boolean value. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
                  
-
                  Default value is true.
                  
-
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
+
                  Boolean value. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
                  
+
                  Default value is true.
                  
+
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
 
 **/GlobalPortsAllowUserPrefMerge**
-
                  Boolean value. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
                  
-
                  Default value is true.
                  
-
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
+
                  Boolean value. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it's set or enumerated in the Group Policy store or if it's enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
                  
+
                  Default value is true.
                  
+
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
 
 **/AllowLocalPolicyMerge**
-
                  Boolean value. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
                  
-
                  Default value is true.
                  
-
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
+
                  Boolean value. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
                  
+
                  Default value is true.
                  
+
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
 
 **/AllowLocalIpsecPolicyMerge**
-
                  Boolean value. If this value is false, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore.
                  
-
                  Default value is true.
                  
-
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
+
                  Boolean value. If this value is false, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore.
                  
+
                  Default value is true.
                  
+
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
 
 **/DefaultOutboundAction**
-
                  This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. DefaultOutboundAction will block all outbound traffic unless it is explicitly specified not to block.
                  
+
                  This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. DefaultOutboundAction will block all outbound traffic unless it's explicitly specified not to block.
                  
 
                    
 
                  • 0x00000000 - allow
                    • 
 
                  • 0x00000001 - block
                    • 
 
                  
-
                  Default value is 0 (allow).
                  
-
                  Value type is integer. Supported operations are Add, Get and Replace.
                  
+
                  Default value is 0 (allow).
                  
+
                  Value type is integer. Supported operations are Add, Get and Replace.
                  
 
 Sample syncxml to provision the firewall settings to evaluate
 
@@ -263,84 +262,84 @@ Sample syncxml to provision the firewall settings to evaluate
 
 ```
 **/DefaultInboundAction**
-
                  This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used.
                  
+
                  This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it's configured; otherwise, the local store value is used.
                  
 
                    
 
                  • 0x00000000 - allow
                    • 
 
                  • 0x00000001 - block
                    • 
 
                  
-
                  Default value is 1 (block).
                  
-
                  Value type is integer. Supported operations are Add, Get and Replace.
                  
+
                  Default value is 1 (block).
                  
+
                  Value type is integer. Supported operations are Add, Get and Replace.
                  
 
 **/DisableStealthModeIpsecSecuredPacketExemption**
-
                  Boolean value. This option is ignored if DisableStealthMode is true. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
                  
-
                  Default value is true.
                  
-
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
+
                  Boolean value. This option is ignored if DisableStealthMode is true. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
                  
+
                  Default value is true.
                  
+
                  Value type is bool. Supported operations are Add, Get and Replace.
                  
 
 **FirewallRules**
-
                  A list of rules controlling traffic through the Windows Firewall.  Each Rule ID is OR'ed.  Within each rule ID each Filter type is AND'ed.
                  
+
                  A list of rules controlling traffic through the Windows Firewall.  Each Rule ID is OR'ed.  Within each rule ID each Filter type is AND'ed.
                  
 
 **FirewallRules/_FirewallRuleName_**
-
                  Unique alpha numeric identifier for the rule.  The rule name must not include a forward slash (/).
                  
-
                  Supported operations are Add, Get, Replace, and Delete.
                  
+
                  Unique alpha numeric identifier for the rule.  The rule name must not include a forward slash (/).
                  
+
                  Supported operations are Add, Get, Replace, and Delete.
                  
 
 **FirewallRules/_FirewallRuleName_/App**
-
                  Rules that control connections for an app, program, or service. Specified based on the intersection of the following nodes:
                  
+
                  Rules that control connections for an app, program, or service. Specified based on the intersection of the following nodes:
                  
 
                    
 
                  • PackageFamilyName
                    • 
 
                  • FilePath
                    • 
 
                  • FQBN
                    • 
 
                  • ServiceName
                    • 
 
                  
-
                  If not specified, the default is All.
                  
-
                  Supported operation is Get.
                  
+
                  If not specified, the default is All.
                  
+
                  Supported operation is Get.
                  
 
 **FirewallRules/_FirewallRuleName_/App/PackageFamilyName**
-
                  This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Microsoft Store application.
                  
-
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Microsoft Store application.
                  
+
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **FirewallRules/_FirewallRuleName_/App/FilePath**
-
                  This App/Id value represents the full file path of the app. For example, C:\Windows\System\Notepad.exe.
                  
-
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  This App/Id value represents the full file path of the app. For example, C:\Windows\System\Notepad.exe.
                  
+
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **FirewallRules/_FirewallRuleName_/App/Fqbn**
-
                  Fully Qualified Binary Name
                  
-
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  Fully Qualified Binary Name
                  
+
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **FirewallRules/_FirewallRuleName_/App/ServiceName**
-
                  This is a service name used in cases when a service, not an application, is sending or receiving traffic.
                  
-
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  This parameter is a service name used in cases when a service, not an application, is sending or receiving traffic.
                  
+
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **FirewallRules/_FirewallRuleName_/Protocol**
-
                  0-255 number representing the ip protocol (TCP = 6, UDP = 17)
                  
-
                  If not specified, the default is All.
                  
-
                  Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  0-255 number representing the ip protocol (TCP = 6, UDP = 17)
                  
+
                  If not specified, the default is All.
                  
+
                  Value type is integer. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **FirewallRules/_FirewallRuleName_/LocalPortRanges**
-
                  Comma separated list of ranges. For example, 100-120,200,300-320.
                  
-
                  If not specified, the default is All.
                  
-
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  Comma separated list of ranges. For example, 100-120,200,300-320.
                  
+
                  If not specified, the default is All.
                  
+
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **FirewallRules/_FirewallRuleName_/RemotePortRanges**
-
                  Comma separated list of ranges, For example, 100-120,200,300-320.
                  
-
                  If not specified, the default is All.
                  
-
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  Comma separated list of ranges, For example, 100-120,200,300-320.
                  
+
                  If not specified, the default is All.
                  
+
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **FirewallRules/*FirewallRuleName*/LocalAddressRanges**
-
                  Comma separated list of local addresses covered by the rule. The default value is "*". Valid tokens include:
                  
+
                  Comma-separated list of local addresses covered by the rule. The default value is "*". Valid tokens include:
                  
 
                    
-
                  • "*" indicates any local address. If present, this must be the only token included.
                    • 
+
                  • "*" indicates any local address. If present, the local address must be the only token included.
                    • 
 
                  • A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.
                    • 
 
                  • A valid IPv6 address.
                    • 
 
                  • An IPv4 address range in the format of "start address - end address" with no spaces included.
                    • 
 
                  • An IPv6 address range in the format of "start address - end address" with no spaces included.
                    • 
 
                  
-
                  If not specified, the default is All.
                  
-
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  If not specified, the default is All.
                  
+
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **FirewallRules/*FirewallRuleName*/RemoteAddressRanges**
-
                  List of comma separated tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include:
                  
+
                  List of comma separated tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include:
                  
 
                    
-
                  • "*" indicates any remote address. If present, this must be the only token included.
                    • 
+
                  • "*" indicates any remote address. If present, the address must be the only token included.
                    • 
 
                  • "Defaultgateway"
                    • 
 
                  • "DHCP"
                    • 
 
                  • "DNS"
                    • 
@@ -349,76 +348,76 @@ Sample syncxml to provision the firewall settings to evaluate
 
                  • "RmtIntranet"
                    • 
 
                  • "Internet"
                    • 
 
                  • "Ply2Renders"
                    • 
-
                  • "LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive.
                    • 
+
                  • "LocalSubnet" indicates any local address on the local subnet. This token isn't case-sensitive.
                    • 
 
                  • A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
                    • 
 
                  • A valid IPv6 address.
                    • 
 
                  • An IPv4 address range in the format of "start address - end address" with no spaces included.
                    • 
 
                  • An IPv6 address range in the format of "start address - end address" with no spaces included.
                    • 
 
                  
-
                  If not specified, the default is All.
                  
-
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
-
                  The tokens "Intranet", "RmtIntranet", "Internet" and "Ply2Renders" are supported on Windows 10, version 1809, and later.
                  
+
                  If not specified, the default is All.
                  
+
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  The tokens "Intranet", "RmtIntranet", "Internet" and "Ply2Renders" are supported on Windows 10, version 1809, and later.
                  
 
 **FirewallRules/_FirewallRuleName_/Description**
-
                  Specifies the description of the rule.
                  
-
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  Specifies the description of the rule.
                  
+
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **FirewallRules/_FirewallRuleName_/Enabled**
-
                  Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
-
                  If not specified - a new rule is enabled by default.
                  
-
                  Boolean value. Supported operations are Get and Replace.
                  
+
                  Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
+
                  If not specified - a new rule is enabled by default.
                  
+
                  Boolean value. Supported operations are Get and Replace.
                  
 
 **FirewallRules/_FirewallRuleName_/Profiles**
-
                  Specifies the profiles to which the rule belongs: Domain, Private, Public. .  See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types.
                  
-
                  If not specified, the default is All.
                  
-
                  Value type is integer. Supported operations are Get and Replace.
                  
+
                  Specifies the profiles to which the rule belongs: Domain, Private, Public. .  See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types.
                  
+
                  If not specified, the default is All.
                  
+
                  Value type is integer. Supported operations are Get and Replace.
                  
 
 **FirewallRules/_FirewallRuleName_/Action**
-
                  Specifies the action for the rule.
                  
-
                  Supported operation is Get.
                  
+
                  Specifies the action for the rule.
                  
+
                  Supported operation is Get.
                  
 
 **FirewallRules/_FirewallRuleName_/Action/Type**
-
                  Specifies the action the rule enforces. Supported values:
                  
+
                  Specifies the action the rule enforces. Supported values:
                  
 
                    
 
                  • 0 - Block
                    • 
 
                  • 1 - Allow
                    • 
 
                  
-
                  If not specified, the default is allow.
                  
-
                  Value type is integer. Supported operations are Get and Replace.
                  
+
                  If not specified, the default is allow.
                  
+
                  Value type is integer. Supported operations are Get and Replace.
                  
 
 **FirewallRules/_FirewallRuleName_/Direction**
-
                  The rule is enabled based on the traffic direction as following. Supported values:
                  
+
                  The rule is enabled based on the traffic direction as following. Supported values:
                  
 
                    
 
                  • IN - the rule applies to inbound traffic.
                    • 
 
                  • OUT - the rule applies to outbound traffic.
                    • 
 
                  • If not specified, the default is Out.
                    • 
 
                  
-
                  Value type is string. Supported operations are Get and Replace.
                  
+
                  Value type is string. Supported operations are Get and Replace.
                  
 
 **FirewallRules/_FirewallRuleName_/InterfaceTypes**
-
                  Comma separated list of interface types. Valid values:
                  
+
                  Comma separated list of interface types. Valid values:
                  
 
                    
 
                  • RemoteAccess
                    • 
 
                  • Wireless
                    • 
 
                  • Lan
                    • 
 
                  
-
                  If not specified, the default is All.
                  
-
                  Value type is string. Supported operations are Get and Replace.
                  
+
                  If not specified, the default is All.
                  
+
                  Value type is string. Supported operations are Get and Replace.
                  
 
 **FirewallRules/_FirewallRuleName_/EdgeTraversal**
-
                  Indicates whether edge traversal is enabled or disabled for this rule.
                  
-
                  The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address.
                  
-
                  New rules have the EdgeTraversal property disabled by default.
                  
-
                  Value type is bool. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  Indicates whether edge traversal is enabled or disabled for this rule.
                  
+
                  The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address.
                  
+
                  New rules have the EdgeTraversal property disabled by default.
                  
+
                  Value type is bool. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **FirewallRules/_FirewallRuleName_/LocalUserAuthorizationList**
-
                  Specifies the list of authorized local users for this rule. This is a string in Security Descriptor Definition Language (SDDL) format.
                  
-
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  Specifies the list of authorized local users for this rule. This list is a string in Security Descriptor Definition Language (SDDL) format.
                  
+
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
 
 **FirewallRules/_FirewallRuleName_/Status**
-
                  Provides information about the specific version of the rule in deployment for monitoring purposes.
                  
-
                  Value type is string. Supported operation is Get.
                  
+
                  Provides information about the specific version of the rule in deployment for monitoring purposes.
                  
+
                  Value type is string. Supported operation is Get.
                  
 
 **FirewallRules/_FirewallRuleName_/Name**
-
                  Name of the rule.
                  
-
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
+
                  Name of the rule.
                  
+
                  Value type is string. Supported operations are Add, Get, Replace, and Delete.
                  
diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md
index 72829fc3a9..fa54a62a29 100644
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/get-inventory.md b/windows/client-management/mdm/get-inventory.md
index 94c9465267..1528b38039 100644
--- a/windows/client-management/mdm/get-inventory.md
+++ b/windows/client-management/mdm/get-inventory.md
@@ -11,7 +11,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/18/2017
 ---
 
@@ -21,143 +21,34 @@ The **Get Inventory** operation retrieves information from the Microsoft Store f
 
 ## Request
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  MethodRequest URI
                  GET
                  https://bspmts.mp.microsoft.com/V1/Inventory?continuationToken={ContinuationToken}&modifiedSince={ModifiedSince}&licenseTypes={LicenseType}&maxResults={MaxResults}
                  
-
-
- 
+**GET:**
 
+```http
+https://bspmts.mp.microsoft.com/V1/Inventory?continuationToken={ContinuationToken}&modifiedSince={ModifiedSince}&licenseTypes={LicenseType}&maxResults={MaxResults}
+```
 ### URI parameters
 
 The following parameters may be specified in the request URI.
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  





                  ParameterTypeDefault valueDescription
                  continuationToken
                  string
                  Null
                  modifiedSince
                  datetime
                  Null
                  Optional. Used to determine changes since a specific date.
                  licenseTypes
                  collection of LicenseType
                  {online,offline}
                  Optional. A collection of license types
                  maxResults
                  integer-32
                  25
                  Optional. Specifies the maximum number of applications returned in a single query.
                  
-
-
-
+|Parameter|Type|Default value|Description|
+|--- |--- |--- |--- |
+|continuationToken|string|Null||
+|modifiedSince|datetime|Null|Optional. Used to determine changes since a specific date.|
+|licenseTypes|collection of [LicenseType](data-structures-windows-store-for-business.md#licensetype)|{online,offline}|Optional. A collection of license types|
+|maxResults|integer-32|25|Optional. Specifies the maximum number of applications returned in a single query.|
 
 Here are some examples.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  Query typeExample query
                  Online and offline
                  https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&licenseTypes=offline&maxResults=25
                  Online only
                  https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&maxResults=25
                  Offline only
                  https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=offline&maxResults=25
                  Both license types and a time filter
                  https://bspmts.mp.microsoft.com/V1/Inventory?modifiedSince=2015-07-13T14%3a02%3a25.6863382-07%3a00&licenseTypes=online&licenseTypes=offline&maxResults=25
                  
-
-
-
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  





                  Error codeDescriptionRetryData field
                  400
                  Invalid parameters
                  No
                  Parameter name
                  
-
                  Invalid modified date, license, or continuationToken
                  
-
                  Details: String
                  
-
-
+|Query type|Example query|
+|--- |--- |
+|Online and offline|[https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&licenseTypes=offline&maxResults=25](https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&licenseTypes=offline&maxResults=25)|
+|Online only|[https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&maxResults=25](https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&maxResults=25)|
+|Offline only|[https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=offline&maxResults=25](https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=offline&maxResults=25)|
+|Both license types and a time filter|[https://bspmts.mp.microsoft.com/V1/Inventory?modifiedSince=2015-07-13T14%3a02%3a25.6863382-07%3a00&licenseTypes=online&licenseTypes=offline&maxResults=25](https://bspmts.mp.microsoft.com/V1/Inventory?modifiedSince=2015-07-13T14%3a02%3a25.6863382-07%3a00&licenseTypes=online&licenseTypes=offline&maxResults=25)|
 
+|Error code|Description|Retry|Data field|
+|--- |--- |--- |--- |
+|400|Invalid parameters|No|Parameter name

                  Invalid modified date, license, or continuationToken

                  Details: String|
 
 ## Response
 
diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/mdm/get-localized-product-details.md
index 52848ed620..42e72419df 100644
--- a/windows/client-management/mdm/get-localized-product-details.md
+++ b/windows/client-management/mdm/get-localized-product-details.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/07/2020
 ---
 
@@ -18,97 +18,27 @@ The **Get localized product details** operation retrieves the localization infor
 
 ## Request
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  MethodRequest URI
                  GET
                  https://bspmts.mp.microsoft.com/V1/Products/{ProductId}/{SkuId}/LocalizedDetails/{language}
                  
+**GET:**
+
+```http
+https://bspmts.mp.microsoft.com/V1/Products/{ProductId}/{SkuId}/LocalizedDetails/{language}
+```
 
 
 ### URI parameters
 
 The following parameters may be specified in the request URI.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  ParameterTypeDescription
                  productId
                  string
                  Required. Product identifier for an application that is used by the Store for Business.
                  skuId
                  string
                  Required. Product identifier that specifies a specific SKU of an application.
                  language
                  string
                  Required. Language in ISO format, such as en-us, en-ca.
                  
+|Parameter|Type|Description|
+|--- |--- |--- |
+|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
+|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
+|language|string|Required. Language in ISO format, such as en-us, en-ca.|
 
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  





                  Error codeDescriptionRetryData field
                  400
                  Invalid parameters
                  No
                  Parameter name
                  
-
                  Reason: Missing parameter or invalid parameter
                  
-
                  Details: String
                  404
                  Not found
                  Item type: productId, skuId, language
                  
-
- 
+|Error code|Description|Retry|Data field|
+|--- |--- |--- |--- |
+|400|Invalid parameters|No|Parameter name
                  Reason: Missing parameter or invalid parameter
                  Details: String|
+|404|Not found||Item type: productId, skuId, language|
 
 ## Response
 
diff --git a/windows/client-management/mdm/get-offline-license.md b/windows/client-management/mdm/get-offline-license.md
index 87699a8b11..b75fe48a08 100644
--- a/windows/client-management/mdm/get-offline-license.md
+++ b/windows/client-management/mdm/get-offline-license.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/18/2017
 ---
 
@@ -18,102 +18,27 @@ The **Get offline license** operation retrieves the offline license information
 
 ## Request
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  MethodRequest URI
                  POST
                  https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}/OfflineLicense/{contentId}
                  
+**POST:**
+
+```http
+https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}/OfflineLicense/{contentId}
+```
 
- 
 ### URI parameters
 
 The following parameters may be specified in the request URI.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  ParameterTypeDescription
                  productId
                  string
                  Required. Identifies a specific product that has been acquired.
                  skuId
                  string
                  Required. The SKU identifier.
                  contentId
                  string
                  Required. Identifies a specific application.
                  
+|Parameter|Type|Description|
+|--- |--- |--- |
+|productId|string|Required. Identifies a specific product that has been acquired.|
+|skuId|string|Required. The SKU identifier.|
+|contentId|string|Required. Identifies a specific application.|
    
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  





                  Error codeDescriptionRetryData field
                  400
                  Invalid parameters
                  No
                  Parameter name
                  
-
                  Reason: Missing parameter or invalid parameter
                  
-
                  Details: String
                  404
                  Not found
                  409
                  Conflict
                  Reason: Not owned, Not offline
                  
-
+|Error code|Description|Retry|Data field|
+|--- |--- |--- |--- |
+|400|Invalid parameters|No|Parameter name
                  Reason: Missing parameter or invalid parameter
                  Details: String|
+|404|Not found|||
+|409|Conflict||Reason: Not owned, Not offline|
 
 ## Response
 
diff --git a/windows/client-management/mdm/get-product-details.md b/windows/client-management/mdm/get-product-details.md
index 18a0174509..091c5884ce 100644
--- a/windows/client-management/mdm/get-product-details.md
+++ b/windows/client-management/mdm/get-product-details.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/18/2017
 ---
 
@@ -18,92 +18,26 @@ The **Get product details** operation retrieves the product information from the
 
 ## Request
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  MethodRequest URI
                  GET
                  https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}
                  
+**GET:**
 
+```http
+https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}
+```
 
 ### URI parameters
 
 The following parameters may be specified in the request URI.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  ParameterTypeDescription
                  productId
                  string
                  Required. Product identifier for an application that is used by the Store for Business.
                  skuId
                  string
                  Required. Product identifier that specifies a specific SKU of an application.
                  
+|Parameter|Type|Description|
+|--- |--- |--- |
+|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
+|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
 
+|Error code|Description|Retry|Data field|
+|--- |--- |--- |--- |
+|400|Invalid parameters|No|Parameter name
                  Reason: Missing parameter or invalid parameter
                  Details: String|
+|404|Not found|||
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  





                  Error codeDescriptionRetryData field
                  400
                  Invalid parameters
                  No
                  Parameter name
                  
-
                  Reason: Missing parameter or invalid parameter
                  
-
                  Details: String
                  404
                  Not found
                  
-
- 
 ## Response
 
 ### Response body
diff --git a/windows/client-management/mdm/get-product-package.md b/windows/client-management/mdm/get-product-package.md
index 662580acde..42061b81b9 100644
--- a/windows/client-management/mdm/get-product-package.md
+++ b/windows/client-management/mdm/get-product-package.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/18/2017
 ---
 
@@ -18,108 +18,27 @@ The **Get product package** operation retrieves the information about a specific
 
 ## Request
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  MethodRequest URI
                  GET
                  https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}/Packages/{packageId}
                  
+**GET:**
 
- 
+```http
+https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}/Packages/{packageId}
+```
 
 ### URI parameters
 
 The following parameters may be specified in the request URI.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  ParameterTypeDescription
                  productId
                  string
                  Required. Product identifier for an application that is used by the Store for Business.
                  skuId
                  string
                  Required. Product identifier that specifies a specific SKU of an application.
                  packageId
                  string
                  Required.
                  
-   
-
-
-------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  






                  Error codeDescriptionRetryData fieldDetails
                  400
                  Invalid parameters
                  No
                  Parameter name
                  
-
                  Reason: Invalid parameter
                  
-
                  Details: String
                  Can be productId, skuId, or packageId
                  404
                  Not found
                  Item type: Product/SKU
                  409
                  Conflict
                  Reason: Not owned
                  
+|Parameter|Type|Description|
+|--- |--- |--- |
+|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
+|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
+|packageId|string|Required.|
 
+|Error code|Description|Retry|Data field|Details|
+|--- |--- |--- |--- |--- |
+|400|Invalid parameters|No|Parameter name 
                   
                  Reason: Invalid parameter 
                   
                  Details: String|Can be productId, skuId, or packageId|
+|404|Not found|||Item type: Product/SKU|
+|409|Conflict||Reason: Not owned||
 
 ## Response
 
diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/mdm/get-product-packages.md
index 5ad2851bc5..3cb5f24efe 100644
--- a/windows/client-management/mdm/get-product-packages.md
+++ b/windows/client-management/mdm/get-product-packages.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/18/2017
 ---
 
@@ -18,97 +18,27 @@ The **Get product packages** operation retrieves the information about applicati
 
 ## Request
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  MethodRequest URI
                  GET
                  https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}/Packages
                  
+**GET:**
+
+```http
+https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}/Packages
+```
 
  
 ### URI parameters
 
 The following parameters may be specified in the request URI.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  ParameterTypeDescription
                  productId
                  string
                  Required. Product identifier for an application that is used by the Store for Business.
                  skuId
                  string
                  Required. Product identifier that specifies a specific SKU of an application.
                  
-   
- 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  





                  Error codeDescriptionRetryData field
                  400
                  Invalid parameters
                  No
                  Parameter name
                  
-
                  Reason: Missing parameter or invalid parameter
                  
-
                  Details: String
                  404
                  Not found
                  409
                  Conflict
                  Reason: Not owned
                  
+|Parameter|Type|Description|
+|--- |--- |--- |
+|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
+|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
 
+|Error code|Description|Retry|Data field|
+|--- |--- |--- |--- |
+|400|Invalid parameters|No|Parameter name 
                   
                  Reason: Missing parameter or invalid parameter 
                   
                  Details: String|
+|404|Not found|||
+|409|Conflict||Reason: Not owned|
 
 ## Response
 
diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/mdm/get-seat.md
index 598d24ea19..b8b6aa4fa6 100644
--- a/windows/client-management/mdm/get-seat.md
+++ b/windows/client-management/mdm/get-seat.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/18/2017
 ---
 
@@ -18,61 +18,21 @@ The **Get seat** operation retrieves the information about an active seat for a
 
 ## Request
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  MethodRequest URI
                  GET
                  https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}
                  
+**GET:**
 
+```http
+https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}
+```
 
 ### URI parameters
 
 The following parameters may be specified in the request URI.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  ParameterTypeDescription
                  productId
                  string
                  Required. Product identifier for an application that is used by the Store for Business.
                  skuId
                  string
                  Required. Product identifier that specifies a specific SKU of an application.
                  username
                  string
                  Requires UserPrincipalName (UPN). User name of the target user account.
                  
+|Parameter|Type|Description|
+|--- |--- |--- |
+|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
+|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
+|username|string|Requires UserPrincipalName (UPN). User name of the target user account.|
 
  
 ## Response
@@ -81,56 +41,8 @@ The following parameters may be specified in the request URI.
 
 The response body contains [SeatDetails](data-structures-windows-store-for-business.md#seatdetails).
 
-
-------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  






                  Error codeDescriptionRetryData fieldDetails
                  400
                  Invalid parameters
                  No
                  Parameter name
                  
-
                  Reason: Missing parameter or invalid parameter
                  
-
                  Details: String
                  Invalid can include productId, skuId or username
                  404
                  Not found
                  ItemType: Inventory, User, Seat
                  
-
                  Values: ProductId/SkuId, UserName, ProductId/SkuId/Username
                  409
                  Conflict
                  Reason: Not online
                  
-
- 
-
- 
-
-
-
-
-
+|Error code|Description|Retry|Data field|Details|
+|--- |--- |--- |--- |--- |
+|400|Invalid parameters|No|Parameter name 

                  Reason: Missing parameter or invalid parameter

                  Details: String|Invalid can include productId, skuId or username|
+|404|Not found|||ItemType: Inventory, User, Seat

                  Values: ProductId/SkuId, UserName, ProductId/SkuId/Username|
+|409|Conflict||Reason: Not online||
diff --git a/windows/client-management/mdm/get-seats-assigned-to-a-user.md b/windows/client-management/mdm/get-seats-assigned-to-a-user.md
index 016e2a8711..5f70d09f93 100644
--- a/windows/client-management/mdm/get-seats-assigned-to-a-user.md
+++ b/windows/client-management/mdm/get-seats-assigned-to-a-user.md
@@ -1,6 +1,6 @@
 ---
 title: Get seats assigned to a user
-description: The Get seats assigned to a user operation retrieves information about assigned seats in the Micosoft Store for Business.
+description: The Get seats assigned to a user operation retrieves information about assigned seats in the Microsoft Store for Business.
 ms.assetid: CB963E44-8C7C-46F9-A979-89BBB376172B
 ms.reviewer: 
 manager: dansimp
@@ -8,112 +8,43 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/18/2017
 ---
 
 # Get seats assigned to a user
 
-The **Get seats assigned to a user** operation retrieves information about assigned seats in the Micosoft Store for Business.
+The **Get seats assigned to a user** operation retrieves information about assigned seats in the Microsoft Store for Business.
 
 ## Request
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  MethodRequest URI
                  GET
                  https://bspmts.mp.microsoft.com/V1/Users/{username}/Seats?continuationToken={ContinuationToken}&maxResults={MaxResults}
                  
+**GET:**
 
+```http
+https://bspmts.mp.microsoft.com/V1/Users/{username}/Seats?continuationToken={ContinuationToken}&maxResults={MaxResults}
+```
 
 ### URI parameters
 
 The following parameters may be specified in the request URI.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  ParameterTypeDescription
                  useName
                  string
                  Requires UserPrincipalName (UPN). User name of the target user account.
                  continuationToken
                  string
                  Optional.
                  maxResults
                  inteter-32
                  Optional. Default = 25, Maximum = 100
                  
+|Parameter|Type|Description|
+|--- |--- |--- |
+|useName|string|Requires UserPrincipalName (UPN). User name of the target user account.|
+|continuationToken|string|Optional.|
+|maxResults|inteter-32|Optional. Default = 25, Maximum = 100|
 
  
 ## Response
 
 ### Response body
 
-The response body contain [SeatDetailsResultSet](data-structures-windows-store-for-business.md#seatdetailsresultset).
+The response body contains [SeatDetailsResultSet](data-structures-windows-store-for-business.md#seatdetailsresultset).
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  





                  Error codeDescriptionRetryData field
                  400
                  Invalid parameters
                  No
                  Parameter name
                  
-
                  Reason: Invalid parameter
                  
-
                  Details: String
                  404
                  Not found
                  Item type: User
                  
-
                  Values: UserName
                  
+|Error code|Description|Retry|Data field|
+|--- |--- |--- |--- |
+|400|Invalid parameters|No|Parameter name

                  Reason: Invalid parameter

                  Details: String|
+|404|Not found||Item type: User

                  Values: UserName|
 
  
 
diff --git a/windows/client-management/mdm/get-seats.md b/windows/client-management/mdm/get-seats.md
index a510b2460c..8872ddf1ec 100644
--- a/windows/client-management/mdm/get-seats.md
+++ b/windows/client-management/mdm/get-seats.md
@@ -1,6 +1,6 @@
 ---
 title: Get seats
-description: The Get seats operation retrieves the information about active seats in the Micorsoft Store for Business.
+description: The Get seats operation retrieves the information about active seats in the Microsoft Store for Business.
 ms.assetid: 32945788-47AC-4259-B616-F359D48F4F2F
 ms.reviewer: 
 manager: dansimp
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/18/2017
 ---
 
@@ -18,118 +18,34 @@ The **Get seats** operation retrieves the information about active seats in the
 
 ## Request
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  MethodRequest URI
                  GET
                  https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats?continuationToken={ContinuationToken}&maxResults={MaxResults}
                  
+**GET:**
+
+```http
+https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats?continuationToken={ContinuationToken}&maxResults={MaxResults}
+```
 
- 
 ### URI parameters
 
 The following parameters may be specified in the request URI.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  ParameterTypeDescription
                  productId
                  string
                  Required. Product identifier for an application that is used by the Store for Business.
                  skuId
                  string
                  Required. Product identifier that specifies a specific SKU of an application.
                  continuationToken
                  string
                  Optional.
                  maxResults
                  int32
                  Optional. Default = 25, Maximum = 100
                  
+|Parameter|Type|Description|
+|--- |--- |--- |
+|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
+|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
+|continuationToken|string|Optional.|
+|maxResults|int32|Optional. Default = 25, Maximum = 100|
 
- 
 ## Response
 
 ### Response body
 
 The response body contains [SeatDetailsResultSet](data-structures-windows-store-for-business.md#seatdetailsresultset).
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  





                  Error codeDescriptionRetryData field
                  400
                  Invalid parameters
                  No
                  Parameter name
                  
-
                  Reason: Missing parameter or invalid parameter
                  
-
                  Details: String
                  404
                  Not found
                  409
                  Conflict
                  Reason: Not online
                  
-
- 
-
- 
-
-
+|Error code|Description|Retry|Data field|
+|--- |--- |--- |--- |
+|400|Invalid parameters|No|Parameter name 
                   Reason: Missing parameter or invalid parameter 
                   Details: String|
+|404|Not found|||
+|409|Conflict||Reason: Not online|
 
 
 
diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index 9f691cab8c..4933026bdc 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -8,176 +8,541 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
+author: dansimp
+ms.date: 
 ---
 
 # Device HealthAttestation CSP
 
-The Device HealthAttestation configuration service provider (DHA-CSP) enables enterprise IT managers to assess if a device is booted to a trusted and compliant state, and take enterprise policy actions.
+The Device HealthAttestation configuration service provider (DHA-CSP) enables enterprise IT administrators to assess if a device is booted to a trusted and compliant state, and to take enterprise policy actions.
 
-The following is a list of functions performed by the Device HealthAttestation CSP:
+The following list is a description of the functions performed by the Device HealthAttestation CSP:
 
--   Collects device boot logs, TPM audit trails and the TPM certificate (DHA-BootData) from a managed device
--   Forwards DHA-BootData to Device Health Attestation Service (DHA-Service)
+-   Collects device boot logs, Trusted Platform Module (TPM) audit trails and the TPM certificate (DHA-BootData) from a managed device
+-   Forwards DHA-BootData to a Device Health Attestation Service (DHA-Service)
 -   Receives an encrypted blob (DHA-EncBlob) from DHA-Service, and stores it in a local cache on the device
--   Receives attestation requests (DHA-Requests) from a DHA-Enabled MDM, and replies with Device Health Attestation data (DHA-Data
+-   Receives attestation requests (DHA-Requests) from a DHA-Enabled MDM, and replies with Device Health Attestation data (DHA-Data)
 
-## Terms
+## Windows 11 Device health attestation
 
-**TPM (Trusted Platform Module)**
-
                  TPM is a specialized hardware-protected logic that performs a series of hardware protected security operations including providing protected storage, random number generation, encryption and signing. 
                  
+Windows 11 introduces an update to the device health attestation feature. This update helps add support for deeper insights to Windows boot security, supporting a zero trust approach to device security. Device health attestation on Windows can be accessed by using the HealthAttestation CSP. This CSP helps assess if a device is booted to a trusted and compliant state and then to take appropriate action. Windows 11 introduces more child nodes to the HealthAttestation node for the MDM providers to connect to the Microsoft Azure Attestation service, which provides a simplified approach to attestation.
 
-**DHA (Device HealthAttestation) feature**
-
                  The Device HealthAttestation (DHA) feature enables enterprise IT administrators to monitor the security posture of managed devices remotely by using hardware (TPM) protected and attested data via a tamper-resistant and tamper-evident communication channel.
                  
+The attestation report provides a health assessment of the boot-time properties of the device to ensure that the devices are automatically secure as soon as they power on. The health attestation result can then be used to allow or deny access to networks, apps, or services, depending on the health of the device.
 
-**DHA-Enabled device (Device HealthAttestation enabled device)**
-
                  A Device HealthAttestation enabled (DHA-Enabled) device is a computing device (phone, desktop, laptop, tablet, server) that runs Windows 10 and supports TPM version 1.2 or 2.0.
                  
+### Terms
 
-**DHA-Session (Device HealthAttestation session)**
-
                  The Device HealthAttestation session (DHA-Session) describes the end-to-end communication flow that is performed in one device health attestation session.
                  
+- **TPM (Trusted Platform Module)**: TPM is a specialized hardware-protected logic that performs a series of hardware protected security operations including providing protected storage, random number generation, encryption, and signing.
 
-
                  The following list of transactions is performed in one DHA-Session:
                  
-
                    
-
                  • DHA-CSP and DHA-Service communication:
-
                    • DHA-CSP forwards device boot data (DHA-BootData) to DHA-Service
                      • 
-
                    • DHA-Service replies with an encrypted data blob (DHA-EncBlob)
                      • 
-
                    • 
+- **DHA (Device HealthAttestation) feature**: The Device HealthAttestation (DHA) feature enables enterprise IT administrators to monitor the security posture of managed devices remotely by using hardware (TPM) protected and attested data via a tamper-resistant and tamper-evident communication channel.
 
-
                  • DHA-CSP and MDM-Server communication: 
-
                    • MDM-Server sends a device health verification request to DHA-CSP
                      • 
-
                    • DHA-CSP replies with a payload called DHA-Data that includes an encrypted (DHA-EncBlob) and a signed (DHA-SignedBlob) data blob 
                      • 
-
                    • 
+- **MAA-Session (Microsoft Azure Attestation service based device HealthAttestation session)**: The Microsoft Azure Attestation service-based device HealthAttestation session (MAA-Session) describes the end-to-end communication flow that is performed in one device health attestation session.
 
-
                  • MDM-Server and DHA-Service communication:
-
                    • MDM-Server posts data it receives from devices to DHA-Service
                      • 
-
                    • DHA-Service reviews the data it receives, and replies with a device health report (DHA-Report)
                      • 
-
                    • 
-
                  
+- **MAA-CSP Nodes (Microsoft Azure Attestation based Configuration Service Provider)**: The Configuration Service Provider nodes added to Windows 11 to integrate with Microsoft Azure Attestation Service.
 
-healthattestation session diagram
                  
-DHA session data (Device HealthAttestation session data)
-
                  The following list of data is produced or consumed in one DHA-Transaction:
                  
-
                    
-
                  • DHA-BootData: the device boot data (TCG logs, PCR values, device/TPM certificate, boot and TPM counters) that are required for validating device boot health.
                    • 
-
                  • DHA-EncBlob: an encrypted summary report that DHA-Service issues to a device after reviewing the DHA-BootData it receives from devices.
                    • 
-
                  • DHA-SignedBlob: it is a signed snapshot of the current state of a device’s runtime that is captured by DHA-CSP at device health attestation time.
                    • 
-
                  • DHA-Data: an XML formatted data blob that devices forward for device health validation to DHA-Service via MDM-Server. DHA-Data has 2 parts:
-
                       
-
                    • DHA-EncBlob: the encrypted data blob that the device receives from DHA-Service
                      • 
-
                    • DHA-SignedBlob: a current snapshot of the current security state of the device that is generated by DHA-CSP
                      • 
-
                    
-
                    • 
-
                  • DHA-Report: the report that is issued by DHA-Service to MDM-Server
                    • 
-
                  • Nonce: a crypto protected number that is generated by MDM-Server, which protects the DHA-Session from man-in-the-middle type attacks 
                    • 
-
                  
+  The following list of operations is performed by MAA-CSP:
 
-DHA-Enabled MDM (Device HealthAttestation enabled device management solution)
-
                  Device HealthAttestation enabled (DHA-Enabled) device management solution is a device management tool that is integrated with the DHA feature.
                  
-
                  DHA-Enabled device management solutions enable enterprise IT managers to raise the security protection bar for their managed devices based on hardware (TPM) protected data that can be trusted even if a device is compromised by advanced security threats or running a malicious (jailbroken) operating system.
                  
-
                  The following list of operations is performed by DHA-Enabled-MDM
                  
-
                    
-
                  • Enables the DHA feature on a DHA-Enabled device
                    • 
-
                  • Issues device health attestation requests to enrolled/managed devices
                    • 
-
                  • Collects device health attestation data (DHA-Data), and sends it to Device Health Attestation Service (DHA-Service) for verification
                    • 
-
                  • Gets the device health report (DHA-Report) from DHA-Service, which triggers compliance action
                    • 
-
                  
+  - Receives attestation trigger requests from a HealthAttestation enabled MDM provider.
+  - The device collects Attestation Evidence (device boot logs, TPM audit trails and the TPM certificate) from a managed device.
+  - Forwards the Attestation Evidence to the Azure Attestation Service instance as configured by the MDM provider.
+  - Receives a signed report from the Azure Attestation Service instance and stores it in a local cache on the device.
 
-DHA-CSP (Device HealthAttestation Configuration Service Provider)
-
                  The Device HealthAttestation Configuration Service Provider (DHA-CSP) uses a device’s TPM and firmware to measure critical security properties of the device’s BIOS and Windows boot, such that even on a system infected with kernel level malware or a rootkit, these properties cannot be spoofed.
                  
-
                  The following list of operations is performed by DHA-CSP:
                  
-
                    
-
                  • Collects device boot data (DHA-BootData) from a managed device
                    • 
-
                  • Forwards DHA-BootData to Device Health Attestation Service (DHA-Service)
                    • 
-
                  • Receives an encrypted blob (DHA-EncBlob) from DHA-Service, and stores it in a local cache on the device
                    • 
-
                  • Receives attestation requests (DHA-Requests) from a DHA-Enabled MDM, and replies with Device Health Attestation data (DHA-Data)
                    • 
-
                  
+- **MAA endpoint**: Microsoft Azure attestation service is an Azure resource, and every instance of the service gets administrator configured URL. The URI generated is unique in nature and for the purposes of device health attestation is known as the MAA endpoint.
 
-DHA-Service (Device HealthAttestation Service)
-
                  Device HealthAttestation Service (DHA-Service) validates the data it receives from DHA-CSP and issues a highly trusted hardware (TPM) protected report (DHA-Report) to DHA-Enabled device management solutions through a tamper resistant and tamper evident communication channel.
                  
+- **JWT (JSON Web Token)**: JSON Web Token (JWT) is an open standard RFC7519 method for securely transmitting information between parties as a JavaScript Object Notation (JSON) object. This information can be verified and trusted because it's digitally signed. JWTs can be signed using a secret or a public/private key pair.
 
-
                  DHA-Service is available in 2 flavors: “DHA-Cloud” and “DHA-Server2016”. DHA-Service supports a variety of implementation scenarios including cloud, on premises, air-gapped, and hybrid scenarios.
                  
-
                  The following list of operations is performed by DHA-Service:
                  
+### Attestation Flow with Microsoft Azure Attestation Service
 
-- Receives device boot data (DHA-BootData) from a DHA-Enabled device
                  • 
-- Forwards DHA-BootData to Device Health Attestation Service (DHA-Service) 
-- Receives an encrypted blob (DHA-EncBlob) from DHA-Service, and stores it in a local cache on the device
-- Receives attestation requests (DHA-Requests) from a DHA-Enabled-MDM, and replies with a device health report (DHA-Report)
+![Attestation Flow with Microsoft Azure Attestation Service](./images/maa-attestation-flow.png)
 
-![healthattestation service diagram](images/healthattestation_2.png)
+Attestation flow can be broadly in three main steps:
 
- 
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  DHA-Service typeDescriptionOperation cost
                  Device Health Attestation – Cloud 
                  (DHA-Cloud)
                  DHA-Cloud is a Microsoft owned and operated DHA-Service that is:
                  
-
                    
-
                  • Available in Windows for free
                    • 
-
                  • Running on a high-availability and geo-balanced cloud infrastructure 
                    • 
-
                  • Supported by most DHA-Enabled device management solutions as the default device attestation service provider
                    • 
-
                  • Accessible to all enterprise-managed devices via following:
-
                      
-
                    • FQDN = has.spserv.microsoft.com) port
                      • 
-
                    • Port = 443
                      • 
-
                    • Protocol = TCP
                      • 
-
                     
-
                    • 
-
                  
-                  		No cost
                  Device Health Attestation – On Premise
                  (DHA-OnPrem)
                  DHA-OnPrem refers to DHA-Service that is running on premises:
                  
-
                    
-
                  • Offered to Windows Server 2016 customer (no added licensing cost for enabling/running DHA-Service) 
                    • 
-
                  • Hosted on an enterprise owned and managed server device/hardware
                    • 
-
                  • Supported by 1st and 3rd party DHA-Enabled device management solution providers that support on-premises and hybrid (Cloud + OnPrem) hardware attestation scenarios
                    • 
-
                  • Accessible to all enterprise-managed devices via following:
                    
-
                      
-
                    • FQDN = (enterprise assigned)
                      • 
-
                    • Port = (enterprise assigned)
                      • 
-
                    • Protocol = TCP
                      • 
-
                    
-
                    • 
-
                  		The operation cost of running one or more instances of Server 2016 on-premises.
                  Device Health Attestation - Enterprise-Managed Cloud
                  (DHA-EMC)
                  DHA-EMC refers to an enterprise-managed DHA-Service that is running as a virtual host/service on a Windows Server 2016 compatible - enterprise-managed cloud service, such as Microsoft Azure.
                  
-
                    
-
                  • Offered to Windows Server 2016 customers with no additional licensing cost (no added licensing cost for enabling/running DHA-Service)
                    • 
-
                  • Supported by 1st and 3rd party DHA-Enabled device management solution providers that support on-premises and hybrid (Cloud + OnPrem) hardware attestation scenarios 
                    • 
-
                  • Accessible to all enterprise-managed devices via following:
                    
-
                      
-
                    • FQDN = (enterprise assigned)
                      • 
-
                    • Port = (enterprise assigned)
                      • 
-
                    • Protocol = TCP
                      • 
-
                    
-
                    • 
-
                  		The operation cost of running Server 2016 on a compatible cloud service, such as Microsoft Azure.
                  
+- An instance of the Azure Attestation service is set up with an appropriate attestation policy. The attestation policy allows the MDM provider to attest to particular events in the boot as well security features.
+- The MDM provider triggers a call to the attestation service, the device then performs an attestation check keeping the report ready to be retrieved.
+- The MDM provider after verifying the token is coming from the attestation service it can parse the attestation token to reflect on the attested state of the device.
 
-## CSP diagram and node descriptions  
+For more information, see [Attestation Protocol](/azure/attestation/virtualization-based-security-protocol).
 
+### Configuration Service Provider Nodes
+Windows 11 introduces additions to the HealthAttestation CSP node to integrate with Microsoft Azure Attestation service.
 
-The following shows the Device HealthAttestation configuration service provider in tree format.  
+```console
+./Vendor/MSFT
+HealthAttestation
+----...
+----TriggerAttestation                    |
+----AttestStatus                          | Added in Windows 11
+----GetAttestReport                       |
+----GetServiceCorrelationIDs              |
+----VerifyHealth
+----Status
+----ForceRetrieve
+----Certificate
+----Nonce
+----CorrelationID
+----HASEndpoint
+----TpmReadyStatus
+----CurrentProtocolVersion
+----PreferredMaxProtocolVersion
+----MaxSupportedProtocolVersion
 ```
+
+**./Vendor/MSFT/HealthAttestation**  
+
+The root node for the device HealthAttestation configuration service provider.
+
+**TriggerAttestation** (Required)  
+
+Node type: EXECUTE
+
+This node will trigger attestation flow by launching an attestation process. If the attestation process is launched successfully, this node will return code 202 indicating the request is received and being processed. Otherwise, an error will be returned.
+
+Templated SyncML Call:
+
+```xml
+
+    
+        
+            VERIFYHEALTHV2
+            
+                
+                    
+                        ./Vendor/MSFT/HealthAttestation/TriggerAttestation
+                    
+                
+                
+                    {
+                    rpID : "rpID", serviceEndpoint : "MAA endpoint",
+                    nonce : "nonce", aadToken : "aadToken", "cv" : "CorrelationVector"
+                    }                    
+                
+            
+        
+        
+    
+
+```
+
+Data fields:
+
+- rpID (Relying Party Identifier): This field contains an identifier that can be used to help determine the caller.
+- serviceEndpoint : This field contains the complete URL of the Microsoft Azure Attestation provider instance to be used for evaluation.
+- nonce: This field contains an arbitrary number that can be used only once in a cryptographic communication. It's often a random or pseudo-random number issued in an authentication protocol to ensure that old communications can't be reused in replay attacks.
+- aadToken: The AAD token to be used for authentication against the Microsoft Azure Attestation service.
+- cv: This field contains an identifier(Correlation Vector) that will be passed in to the service call, and that can be used for diagnostics purposes.
+
+Sample Data:
+
+```json
+
+{ 
+"rpid" : "https://www.contoso.com/attestation",
+"endpoint" : "https://contoso.eus.attest.azure.net/attest/tpm?api-version=2020-10-01",
+"nonce" : "5468697320697320612054657374204e6f6e6365",
+"aadToken" : "dummytokenstring",
+"cv" : "testonboarded" 
+}
+
+```
+
+**AttestStatus**
+
+Node type: GET
+
+This node will retrieve the status(HRESULT value) stored in registry updated by the attestation process triggered in the previous step.
+The status is always cleared prior to making the attest service call.
+
+Templated SyncML Call:
+
+```xml
+
+    
+    
+        
+        
+            
+            ./Device/Vendor/MSFT/HealthAttestation/AttestStatus
+            
+        
+        
+    
+     
+    
+
+```
+
+Sample Data:
+
+```console
+If Successful: 0
+If Failed: A corresponding HRESULT error code
+Example: 0x80072efd,  WININET_E_CANNOT_CONNECT
+```
+
+**GetAttestReport**
+
+Node type: GET
+
+This node will retrieve the attestation report per the call made by the TriggerAttestation, if there's any, for the given MDM provider. The report is stored in a registry key in the respective MDM enrollment store.
+
+Templated SyncML Call:
+
+```xml
+
+
+    
+    
+        
+        
+            ./Device/Vendor/MSFT/HealthAttestation/GetAttestReport
+        
+        
+    
+    
+     
+
+
+```
+
+Sample data:
+
+```console
+If Success:
+JWT token: aaaaaaaaaaaaa.bbbbbbbbbbbbb.cccccccccc
+If failed:
+Previously cached report if available (the token may have already expired per the attestation policy).
+OR Sync ML 404 error if not cached report available.
+```
+
+**GetServiceCorrelationIDs**
+
+Node type: GET
+
+This node will retrieve the service-generated correlation IDs for the given MDM provider. If there's more than one correlation ID, they're separated by “;” in the string.
+
+Templated SyncML Call:
+
+```xml
+
+
+    
+    
+        
+        
+            ./Device/Vendor/MSFT/HealthAttestation/GetServiceCorrelationIDs
+        
+        
+    
+    
+     
+
+
+```
+
+Sample data:
+
+```console
+If success:
+GUID returned by the attestation service: 1k9+vQOn00S8ZK33;CMc969r1JEuHwDpM
+If Trigger Attestation call failed and no previous data is present. The field remains empty.
+Otherwise, the last service correlation id will be returned. In a successful attestation there are two 
+calls between client and MAA and for each call the GUID is separated by semicolon.
+```
+
+> [!NOTE]
+> > MAA CSP nodes are available on arm64 but isn't currently supported.
+
+
+### MAA CSP Integration Steps
+
+1. Set up a MAA provider instance: MAA instance can be created following the steps at [Quickstart: Set up Azure Attestation by using the Azure portal](/azure/attestation/quickstart-portal].
+
+2. Update the provider with an appropriate policy: The MAA instance should be updated with an appropriate policy. For more information, see [How to author an Azure Attestation policy](/azure/attestation/claim-rule-grammar).
+
+    A Sample attestation policy:
+
+    ```console
+    version=1.2;
+
+    configurationrules{
+    };
+
+    authorizationrules { 
+    => permit();
+    };
+
+    issuancerules{
+
+    // SecureBoot enabled 
+    c:[type == "events", issuer=="AttestationService"] => add(type = "efiConfigVariables", value = JmesPath(c.value, "Events[?EventTypeString == 'EV_EFI_VARIABLE_DRIVER_CONFIG' && ProcessedData.VariableGuid == '8BE4DF61-93CA-11D2-AA0D-00E098032B8C']"));
+    c:[type == "efiConfigVariables", issuer=="AttestationPolicy"]=> issue(type = "secureBootEnabled", value = JsonToClaimValue(JmesPath(c.value, "[?ProcessedData.UnicodeName == 'SecureBoot'] | length(@) == `1` && @[0].ProcessedData.VariableData == 'AQ'")));
+    ![type=="secureBootEnabled", issuer=="AttestationPolicy"] => issue(type="secureBootEnabled", value=false);
+
+    // Retrieve bool properties
+    c:[type=="events", issuer=="AttestationService"] => add(type="boolProperties", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && (PcrIndex == `12` || PcrIndex == `13` || PcrIndex == `19` || PcrIndex == `20`)].ProcessedData.EVENT_TRUSTBOUNDARY"));
+    c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="codeIntegrityEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_CODEINTEGRITY")));
+    c:[type=="codeIntegrityEnabledSet", issuer=="AttestationPolicy"] => issue(type="codeIntegrityEnabled", value=ContainsOnlyValue(c.value, true));
+    ![type=="codeIntegrityEnabled", issuer=="AttestationPolicy"] => issue(type="codeIntegrityEnabled", value=false);
+
+    // Bitlocker Boot Status, The first non zero measurement or zero.
+    c:[type=="events", issuer=="AttestationService"] => add(type="srtmDrtmEventPcr", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && (PcrIndex == `12` || PcrIndex == `19`)].ProcessedData.EVENT_TRUSTBOUNDARY"));
+    c:[type=="srtmDrtmEventPcr", issuer=="AttestationPolicy"] => issue(type="bitlockerEnabledValue", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_BITLOCKER_UNLOCK | @[? Value != `0`].Value | @[0]")));
+    [type=="bitlockerEnabledValue"] => issue(type="bitlockerEnabled", value=true);
+    ![type=="bitlockerEnabledValue"] => issue(type="bitlockerEnabled", value=false);
+
+    // Elam Driver (windows defender) Loaded
+    c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="elamDriverLoaded", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_LOADEDMODULE_AGGREGATION[] | [? EVENT_IMAGEVALIDATED == `true` && (equals_ignore_case(EVENT_FILEPATH, '\\windows\\system32\\drivers\\wdboot.sys') || equals_ignore_case(EVENT_FILEPATH, '\\windows\\system32\\drivers\\wd\\wdboot.sys'))] | @ != `null`")));
+    [type=="elamDriverLoaded", issuer=="AttestationPolicy"] => issue(type="WindowsDefenderElamDriverLoaded", value=true);
+    ![type=="elamDriverLoaded", issuer=="AttestationPolicy"] => issue(type="WindowsDefenderElamDriverLoaded", value=false);
+
+    // Boot debugging
+    c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="bootDebuggingEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_BOOTDEBUGGING")));
+    c:[type=="bootDebuggingEnabledSet", issuer=="AttestationPolicy"] => issue(type="bootDebuggingDisabled", value=ContainsOnlyValue(c.value, false));
+    ![type=="bootDebuggingDisabled", issuer=="AttestationPolicy"] => issue(type="bootDebuggingDisabled", value=false);
+
+    // Kernel Debugging
+    c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="osKernelDebuggingEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_OSKERNELDEBUG")));
+    c:[type=="osKernelDebuggingEnabledSet", issuer=="AttestationPolicy"] => issue(type="osKernelDebuggingDisabled", value=ContainsOnlyValue(c.value, false));
+    ![type=="osKernelDebuggingDisabled", issuer=="AttestationPolicy"] => issue(type="osKernelDebuggingDisabled", value=false);
+
+    // DEP Policy
+    c:[type=="boolProperties", issuer=="AttestationPolicy"] => issue(type="depPolicy", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_DATAEXECUTIONPREVENTION.Value | @[-1]")));
+    ![type=="depPolicy"] => issue(type="depPolicy", value=0);
+
+    // Test Signing
+    c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="testSigningEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_TESTSIGNING")));
+    c:[type=="testSigningEnabledSet", issuer=="AttestationPolicy"] => issue(type="testSigningDisabled", value=ContainsOnlyValue(c.value, false));
+    ![type=="testSigningDisabled", issuer=="AttestationPolicy"] => issue(type="testSigningDisabled", value=false);
+
+    // Flight Signing
+    c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="flightSigningEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_FLIGHTSIGNING")));
+    c:[type=="flightSigningEnabledSet", issuer=="AttestationPolicy"] => issue(type="flightSigningNotEnabled", value=ContainsOnlyValue(c.value, false));
+    ![type=="flightSigningNotEnabled", issuer=="AttestationPolicy"] => issue(type="flightSigningNotEnabled", value=false);
+
+    // VSM enabled
+    c:[type=="events", issuer=="AttestationService"] => add(type="srtmDrtmEventPcr", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && (PcrIndex == `12` || PcrIndex == `19`)].ProcessedData.EVENT_TRUSTBOUNDARY"));
+    c:[type=="srtmDrtmEventPcr", issuer=="AttestationPolicy"] => add(type="vbsEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_VBS_VSM_REQUIRED")));
+    c:[type=="srtmDrtmEventPcr", issuer=="AttestationPolicy"] => add(type="vbsEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_VBS_MANDATORY_ENFORCEMENT")));
+    c:[type=="vbsEnabledSet", issuer=="AttestationPolicy"] => issue(type="vbsEnabled", value=ContainsOnlyValue(c.value, true));
+    ![type=="vbsEnabled", issuer=="AttestationPolicy"] => issue(type="vbsEnabled", value=false);
+    c:[type=="vbsEnabled", issuer=="AttestationPolicy"] => issue(type="vbsEnabled", value=c.value);
+
+    // HVCI
+    c:[type=="srtmDrtmEventPcr", issuer=="AttestationPolicy"] => add(type="hvciEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_VBS_HVCI_POLICY | @[?String == 'HypervisorEnforcedCodeIntegrityEnable'].Value")));
+    c:[type=="hvciEnabledSet", issuer=="AttestationPolicy"] => issue(type="hvciEnabled", value=ContainsOnlyValue(c.value, 1));
+    ![type=="hvciEnabled", issuer=="AttestationPolicy"] => issue(type="hvciEnabled", value=false);
+
+    // IOMMU
+    c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="iommuEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_VBS_IOMMU_REQUIRED")));
+    c:[type=="iommuEnabledSet", issuer=="AttestationPolicy"] => issue(type="iommuEnabled", value=ContainsOnlyValue(c.value, true));
+    ![type=="iommuEnabled", issuer=="AttestationPolicy"] => issue(type="iommuEnabled", value=false);
+
+    // Find the Boot Manager SVN, this is measured as part of a sequence and find the various measurements
+    // Find the first EV_SEPARATOR in PCR 12, 13, Or 14
+    c:[type=="events", issuer=="AttestationService"] => add(type="evSeparatorSeq", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_SEPARATOR' && (PcrIndex == `12` || PcrIndex == `13` || PcrIndex == `14`)] | @[0].EventSeq"));
+    c:[type=="evSeparatorSeq", value != "null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value=AppendString(AppendString("Events[? EventSeq < `", c.value), "`"));
+    [type=="evSeparatorSeq", value=="null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value="Events[? `true` "); 
+
+    // Find the first EVENT_APPLICATION_SVN. 
+    c:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] => add(type="bootMgrSvnSeqQuery", value=AppendString(c.value, " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `12` && ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_APPLICATION_SVN] | @[0].EventSeq"));
+    c1:[type=="bootMgrSvnSeqQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => add(type="bootMgrSvnSeq", value=JmesPath(c2.value, c1.value));
+    c:[type=="bootMgrSvnSeq", value!="null", issuer=="AttestationPolicy"] => add(type="bootMgrSvnQuery", value=AppendString(AppendString("Events[? EventSeq == `", c.value), "`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_APPLICATION_SVN | @[0]"));
+
+    // The first EVENT_APPLICATION_SVN. That value is the Boot Manager SVN
+    c1:[type=="bootMgrSvnQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => issue(type="bootMgrSvn", value=JsonToClaimValue(JmesPath(c2.value, c1.value)));
+
+    // OS Rev List Info
+    c:[type=="events", issuer=="AttestationService"] => issue(type="osRevListInfo", value=JsonToClaimValue(JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_OS_REVOCATION_LIST.RawData | @[0]")));
+
+    // Safe mode
+    c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="safeModeEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_SAFEMODE")));
+    c:[type=="safeModeEnabledSet", issuer=="AttestationPolicy"] => issue(type="notSafeMode", value=ContainsOnlyValue(c.value, false));
+    ![type=="notSafeMode", issuer=="AttestationPolicy"] => issue(type="notSafeMode", value=true);
+
+    // Win PE
+    c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="winPEEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_WINPE")));
+    c:[type=="winPEEnabledSet", issuer=="AttestationPolicy"] => issue(type="notWinPE", value=ContainsOnlyValue(c.value, false));
+    ![type=="notWinPE", issuer=="AttestationPolicy"] => issue(type="notWinPE", value=true);
+
+    // CI Policy
+    c:[type=="events", issuer=="AttestationService"] => issue(type="codeIntegrityPolicy", value=JsonToClaimValue(JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_SI_POLICY[].RawData")));
+
+    // Secure Boot Custom Policy
+    c:[type=="events", issuer=="AttestationService"] => issue(type="secureBootCustomPolicy", value=JsonToClaimValue(JmesPath(c.value, "Events[? EventTypeString == 'EV_EFI_VARIABLE_DRIVER_CONFIG' && PcrIndex == `7` && ProcessedData.UnicodeName == 'CurrentPolicy' && ProcessedData.VariableGuid == '77FA9ABD-0359-4D32-BD60-28F4E78F784B'].ProcessedData.VariableData | @[0]")));
+
+    // Find the first EV_SEPARATOR in PCR 12, 13, Or 14
+    c:[type=="events", issuer=="AttestationService"] => add(type="evSeparatorSeq", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_SEPARATOR' && (PcrIndex == `12` || PcrIndex == `13` || PcrIndex == `14`)] | @[0].EventSeq"));
+    c:[type=="evSeparatorSeq", value != "null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value=AppendString(AppendString("Events[? EventSeq < `", c.value), "`"));
+    [type=="evSeparatorSeq", value=="null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value="Events[? `true` "); // No restriction of EV_SEPARATOR in case it's not present
+
+    //Finding the Boot App SVN
+    // Find the first EVENT_TRANSFER_CONTROL with value 1 or 2 in PCR 12 which is before the EV_SEPARATOR
+    c1:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] && c2:[type=="bootMgrSvnSeq", value != "null", issuer=="AttestationPolicy"] => add(type="beforeEvSepAfterBootMgrSvnClause", value=AppendString(AppendString(AppendString(c1.value, "&& EventSeq >= `"), c2.value), "`"));
+    c:[type=="beforeEvSepAfterBootMgrSvnClause", issuer=="AttestationPolicy"] => add(type="tranferControlQuery", value=AppendString(c.value, " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `12`&& (ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_TRANSFER_CONTROL.Value == `1` || ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_TRANSFER_CONTROL.Value == `2`)] | @[0].EventSeq"));
+    c1:[type=="tranferControlQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => add(type="tranferControlSeq", value=JmesPath(c2.value, c1.value));
+
+    // Find the first non-null EVENT_MODULE_SVN in PCR 13 after the transfer control.
+    c:[type=="tranferControlSeq", value!="null", issuer=="AttestationPolicy"] => add(type="afterTransferCtrlClause", value=AppendString(AppendString(" && EventSeq > `", c.value), "`"));
+    c1:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] && c2:[type=="afterTransferCtrlClause", issuer=="AttestationPolicy"] => add(type="moduleQuery", value=AppendString(AppendString(c1.value, c2.value), " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13` && ((ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_LOADEDMODULE_AGGREGATION[].EVENT_MODULE_SVN | @[0]) || (ProcessedData.EVENT_LOADEDMODULE_AGGREGATION[].EVENT_MODULE_SVN | @[0]))].EventSeq | @[0]"));
+    c1:[type=="moduleQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => add(type="moduleSeq", value=JmesPath(c2.value, c1.value));
+
+    // Find the first EVENT_APPLICATION_SVN after EV_EVENT_TAG in PCR 12. 
+    c:[type=="moduleSeq", value!="null", issuer=="AttestationPolicy"] => add(type="applicationSvnAfterModuleClause", value=AppendString(AppendString(" && EventSeq > `", c.value), "`"));
+    c1:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] && c2:[type=="applicationSvnAfterModuleClause", issuer=="AttestationPolicy"] => add(type="bootAppSvnQuery", value=AppendString(AppendString(c1.value, c2.value), " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `12`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_APPLICATION_SVN | @[0]"));
+    c1:[type=="bootAppSvnQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => issue(type="bootAppSvn", value=JsonToClaimValue(JmesPath(c2.value, c1.value)));
+
+    // Finding the Boot Rev List Info
+    c:[type=="events", issuer=="AttestationService"] => issue(type="bootRevListInfo", value=JsonToClaimValue(JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_BOOT_REVOCATION_LIST.RawData | @[0]")));
+
+    };
+    ```
+
+3. Call TriggerAttestation with your rpid, AAD token and the attestURI: Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. For more information about the api version, see [Attestation - Attest Tpm - REST API](/rest/api/attestation/attestation/attest-tpm).
+
+4. Call GetAttestReport and decode and parse the report to ensure the attested report contains the required properties: GetAttestReport return the signed attestation token as a JWT. The JWT can be decoded to parse the information per the attestation policy.
+
+    ```json
+        {
+          "typ": "JWT",
+          "alg": "RS256",
+          "x5c": [
+            "MIIE.....=",
+            "MIIG.....=",
+            "MIIF.....="
+          ],
+          "kid": "8FUer20z6wzf1rod044wOAFdjsg"
+        }.{
+          "nbf": 1633664812,
+          "exp": 1634010712,
+          "iat": 1633665112,
+          "iss": "https://contosopolicy.eus.attest.azure.net",
+          "jti": "2b63663acbcafefa004d20969991c0b1f063c9be",
+          "ver": "1.0",
+          "x-ms-ver": "1.0",
+          "rp_data": "AQIDBA",
+          "nonce": "AQIDBA",
+          "cnf": {
+            "jwk": {
+              "kty": "RSA",
+              "n": "yZGC3-1rFZBt6n6vRHjRjvrOYlH69TftIQWOXiEHz__viQ_Z3qxWVa4TfrUxiQyDQnxJ8-f8tBRmlunMdFDIQWhnew_rc3-UYMUPNcTQ0IkrLBDG6qDjFFeEAMbn8gqr0rRWu_Qt7Cb_Cq1upoEBkv0RXk8yR6JXmFIvLuSdewGs-xCWlHhd5w3n1rVk0hjtRk9ZErlbPXt74E5l-ZZQUIyeYEZ1FmbivOIL-2f6NnKJ-cR4cdhEU8i9CH1YV0r578ry89nGvBJ5u4_3Ib9Ragdmxm259npH53hpnwf0I6V-_ZhGPyF6LBVUG_7x4CyxuHCU20uI0vXKXJNlbj1wsQ",
+              "e": "AQAB"
+            }
+          },
+          "x-ms-policy-hash": "GiGQCTOylCohHt4rd3pEppD9arh5mXC3ifF1m1hONh0",
+          "WindowsDefenderElamDriverLoaded": true,
+          "bitlockerEnabled": true,
+          "bitlockerEnabledValue": 4,
+          "bootAppSvn": 1,
+          "bootDebuggingDisabled": true,
+          "bootMgrSvn": 1,
+          "bootRevListInfo": "gHWqR2F-1wEgAAAACwBxrZXHbaiuTuO0PSaJ7WQMF8yz37Z2ATgSNTTlRkwcTw",
+          "codeIntegrityEnabled": true,
+          "codeIntegrityPolicy": [
+            "AAABAAAAAQBWAAsAIAAAAHsAOABmAGIANAA4ADYANQBlAC0AZQA5ADAAYgAtADQANAA0AGYALQBiADUAYgA1AC0AZQAyAGEAYQA1ADEAZAA4ADkAMABmAGQAfQAuAEMASQBQAAAAVnW86ERqAg5n9QT1UKFr-bOP2AlNtBaaHXjZODnNLlk", "AAAAAAAACgBWAAsAIAAAAHsAYgBjADQAYgBmADYAZAA3AC0AYwBjADYAMAAtADQAMABmADAALQA4ADYANAA0AC0AMQBlADYANAA5ADEANgBmADgAMQA4ADMAfQAuAEMASQBQAAAAQ7vOXuAbBRIMglSSg7g_LHNeHoR4GrY-M-2W5MNvf0o", "AAAAAAAACgBWAAsAIAAAAHsAYgAzADEAOAA5ADkAOQBhAC0AYgAxADMAZQAtADQANAA3ADUALQBiAGMAZgBkAC0AMQBiADEANgBlADMAMABlADYAMAAzADAAfQAuAEMASQBQAAAALTmwU3eadNtg0GyAyKIAkYed127RJCSgmfFmO1jN_aI", "AAAAAAAACgBWAAsAIAAAAHsAZgBlADgAMgBkADUAOAA5AC0ANwA3AGQAMQAtADQAYwA3ADYALQA5AGEANABhAC0AZQA0ADUANQA0ADYAOAA4ADkANAAxAGIAfQAuAEMASQBQAAAA8HGUwA85gHN_ThItTYtu6sw657gVuOb4fOhYl-YJRoc", "AACRVwAACgAmAAsAIAAAAEQAcgBpAHYAZQByAFMAaQBQAG8AbABpAGMAeQAuAHAANwBiAAAAYcVuY0HdW4Iqr5B-6Sl85kwIXRG9bqr43pVhkirg4qM"
+          ],
+          "depPolicy": 0,
+          "flightSigningNotEnabled": false,
+          "hvciEnabled": true,
+          "iommuEnabled": true,
+          "notSafeMode": true,
+          "notWinPE": true,
+          "osKernelDebuggingDisabled": true,
+          "osRevListInfo": "gHLuW2F-1wEgAAAACwDLyDTUQILjdz_RfNlShVgNYT9EghL7ceMReWg9TuwdKA",
+          "secureBootEnabled": true,
+          "testSigningDisabled": true,
+          "vbsEnabled": true
+        }.[Signature]
+    ```
+
+### Learn More 
+
+More information about TPM attestation can be found here: [Microsoft Azure Attestation](/azure/attestation/).
+
+
+## Windows 10 Device HealthAttestation
+
+### Terms
+
+- **TPM (Trusted Platform Module)**: TPM is a specialized hardware-protected logic that performs a series of hardware protected security operations including providing protected storage, random number generation, encryption, and signing.
+
+- **DHA (Device HealthAttestation) feature**: The Device HealthAttestation (DHA) feature enables enterprise IT administrators to monitor the security posture of managed devices remotely by using hardware (TPM) protected and attested data via a tamper-resistant and tamper-evident communication channel.
+
+- **DHA-Enabled device (Device HealthAttestation enabled device)**: A Device HealthAttestation enabled (DHA-Enabled) device is a computing device (phone, desktop, laptop, tablet, server) that runs Windows 10 and supports TPM version 1.2 or 2.0.
+
+- **DHA-Session (Device HealthAttestation session)**: The Device HealthAttestation session (DHA-Session) describes the end-to-end communication flow that is performed in one device health attestation session.
+
+  The following list of transactions is performed in one DHA-Session:
+
+  - DHA-CSP and DHA-Service communication:
+    - DHA-CSP forwards device boot data (DHA-BootData) to DHA-Service
+    - DHA-Service replies with an encrypted data blob (DHA-EncBlob)
+
+  - DHA-CSP and MDM-Server communication: 
+    - MDM-Server sends a device health verification request to DHA-CSP
+    - DHA-CSP replies with a payload called DHA-Data that includes an encrypted (DHA-EncBlob) and a signed (DHA-SignedBlob) data blob
+
+  - MDM-Server and DHA-Service communication:
+    - MDM-Server posts data it receives from devices to DHA-Service
+    - DHA-Service reviews the data it receives, and replies with a device health report (DHA-Report)
+
+  ![DHA session healthattestation session diagram](./images/HealthAttestation_1.png)
+
+- **DHA session data (Device HealthAttestation session data)**: The following list of data is produced or consumed in one DHA-Transaction:
+
+  - DHA-BootData: the device boot data (TCG logs, PCR values, device/TPM certificate, boot, and TPM counters) that are required for validating device boot health.
+  - DHA-EncBlob: an encrypted summary report that DHA-Service issues to a device after reviewing the DHA-BootData it receives from devices.
+  - DHA-SignedBlob: it's a signed snapshot of the current state of a device’s runtime that is captured by DHA-CSP at device health attestation time.
+  - DHA-Data: an XML formatted data blob that devices forward for device health validation to DHA-Service via MDM-Server. DHA-Data has two parts:
+
+    - DHA-EncBlob: the encrypted data blob that the device receives from DHA-Service
+    - DHA-SignedBlob: a current snapshot of the current security state of the device that is generated by DHA-CSP
+
+  - DHA-Report: the report that is issued by DHA-Service to MDM-Server
+  - Nonce: a crypto protected number that is generated by MDM-Server, which protects the DHA-Session from man-in-the-middle type attacks
+
+- **DHA-Enabled MDM (Device HealthAttestation enabled device management solution)**: Device HealthAttestation enabled (DHA-Enabled) device management solution is a device management tool that is integrated with the DHA feature.
+
+  DHA-Enabled device management solutions enable enterprise IT managers to raise the security protection bar for their managed devices based on hardware (TPM) protected data that can be trusted even if a device is compromised by advanced security threats or running a malicious (jailbroken) operating system.
+
+  The following list of operations is performed by DHA-Enabled-MDM
+
+  - Enables the DHA feature on a DHA-Enabled device
+  - Issues device health attestation requests to enrolled/managed devices
+  - Collects device health attestation data (DHA-Data), and sends it to Device Health Attestation Service (DHA-Service) for verification
+  - Gets the device health report (DHA-Report) from DHA-Service, which triggers compliance action
+
+- **DHA-CSP (Device HealthAttestation Configuration Service Provider)**: The Device HealthAttestation Configuration Service Provider (DHA-CSP) uses a device’s TPM and firmware to measure critical security properties of the device’s BIOS and Windows boot, such that even on a system infected with kernel level malware or a rootkit, these properties can't be spoofed.
+
+  The following list of operations is performed by DHA-CSP:
+
+  - Collects device boot data (DHA-BootData) from a managed device
+  - Forwards DHA-BootData to Device Health Attestation Service (DHA-Service)
+  - Receives an encrypted blob (DHA-EncBlob) from DHA-Service, and stores it in a local cache on the device
+  - Receives attestation requests (DHA-Requests) from a DHA-Enabled MDM, and replies with Device Health Attestation data (DHA-Data)
+
+- **DHA-Service (Device HealthAttestation Service)**: Device HealthAttestation Service (DHA-Service) validates the data it receives from DHA-CSP and issues a highly trusted hardware (TPM) protected report (DHA-Report) to DHA-Enabled device management solutions through a tamper resistant and tamper evident communication channel.
+
+  DHA-Service is available in two flavors: “DHA-Cloud” and “DHA-Server2016”. DHA-Service supports various implementation scenarios including cloud, on premises, air-gapped, and hybrid scenarios.
+
+  The following list of operations is performed by DHA-Service:
+
+  - Receives device boot data (DHA-BootData) from a DHA-Enabled device
+  - Forwards DHA-BootData to Device Health Attestation Service (DHA-Service)
+  - Receives an encrypted blob (DHA-EncBlob) from DHA-Service, and stores it in a local cache on the device
+  - Receives attestation requests (DHA-Requests) from a DHA-Enabled-MDM, and replies with a device health report (DHA-Report)
+
+![Health Attestation service diagram for the different DHS services](./images/HealthAttestation_2.png)
+
+|DHA-Service type|Description|Operation cost|
+|--- |--- |--- |
+|Device Health Attestation – Cloud (DHA-Cloud)|DHA-Cloud is a Microsoft owned and operated DHA-Service that is:
                • Available in Windows for free
                • Running on a high-availability and geo-balanced cloud infrastructure 
                • Supported by most DHA-Enabled device management solutions as the default device attestation service provider
                • Accessible to all enterprise-managed devices via following:
                  • FQDN = has.spserv.microsoft.com port
                  • Port = 443
                  • Protocol = TCP|No cost
                  • |
+|Device Health Attestation – On Premise(DHA-OnPrem)|DHA-OnPrem refers to DHA-Service that is running on premises:
                • Offered to Windows Server 2016 customer (no added licensing cost for enabling/running DHA-Service) 
                • Hosted on an enterprise owned and managed server device/hardware
                • Supported by 1st and 3rd party DHA-Enabled device management solution providers that support on-premises and hybrid (Cloud + OnPrem) hardware attestation scenarios
                • Accessible to all enterprise-managed devices via following settings:
                  • FQDN = (enterprise assigned)
                  • Port = (enterprise assigned)
                  • Protocol = TCP|The operation cost of running one or more instances of Server 2016 on-premises.
                  • |
+|Device Health Attestation - Enterprise-Managed Cloud(DHA-EMC)|DHA-EMC refers to an enterprise-managed DHA-Service that is running as a virtual host/service on a Windows Server 2016 compatible - enterprise-managed cloud service, such as Microsoft Azure.
                • Offered to Windows Server 2016 customers with no extra licensing cost (no added licensing cost for enabling/running DHA-Service)
                • Supported by 1st and 3rd party DHA-Enabled device management solution providers that support on-premises and hybrid (Cloud + OnPrem) hardware attestation scenarios 
                • Accessible to all enterprise-managed devices via following settings:
                     
                  • FQDN = (enterprise assigned)
                  • Port = (enterprise assigned)
                  • Protocol = TCP|The operation cost of running Server 2016 on a compatible cloud service, such as Microsoft Azure.
                  • |
+
+### CSP diagram and node descriptions  
+
+The following shows the Device HealthAttestation configuration service provider in tree format. 
+ 
+```console
 ./Vendor/MSFT
 HealthAttestation
 ----VerifyHealth
@@ -192,63 +557,72 @@ HealthAttestation
 ----PreferredMaxProtocolVersion
 ----MaxSupportedProtocolVersion
 ```
+
 **./Vendor/MSFT/HealthAttestation**  
-
                  The root node for the device HealthAttestation configuration service provider.
                  
+
+The root node for the device HealthAttestation configuration service provider.
 
 **VerifyHealth** (Required)  
-
                  Notifies the device to prepare a device health verification request.
                  
 
-
                  The supported operation is Execute.
                  
+Notifies the device to prepare a device health verification request.
+
+The supported operation is Execute.
 
 **Status** (Required)  
-
                  Provides the current status of the device health request.
                  
 
-
                  The supported operation is Get.
                  
+Provides the current status of the device health request.
 
-
                  The following list shows some examples of supported values. For the complete list of status see Device HealthAttestation CSP status and error codes.
                  
+The supported operation is Get.
+
+The following list shows some examples of supported values. For the complete list of status, see Device HealthAttestation CSP status and error codes.
 
 -   0 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_UNINITIALIZED): DHA-CSP is preparing a request to get a new DHA-EncBlob from DHA-Service
 -   1 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_REQUESTED): DHA-CSP is waiting for the DHA-Service to respond back, and issue a DHA-EncBlob to the device
--   2 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_FAILED): A valid DHA-EncBlob could not be retrieved from the DHA-Service for reasons other than discussed in the DHA error/status codes
--   3 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_COMPLETE): DHA-Data is ready for pick up
+-   2 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_FAILED): A valid DHA-EncBlob couldn't be retrieved from the DHA-Service for reasons other than discussed in the DHA error/status codes
+-   3 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_COMPLETE): DHA-Data is ready for pickup
 
 **ForceRetrieve** (Optional)  
-
                  Instructs the client to initiate a new request to DHA-Service, and get a new DHA-EncBlob (a summary of the boot state that is issued by DHA-Service). This option should only be used if the MDM server enforces a certificate freshness policy, which needs to force a device to get a fresh encrypted blob from DHA-Service.
                  
 
-
                  Boolean value. The supported operation is Replace.
                  
+Instructs the client to initiate a new request to DHA-Service, and get a new DHA-EncBlob (a summary of the boot state that is issued by DHA-Service). This option should only be used if the MDM server enforces a certificate freshness policy, which needs to force a device to get a fresh encrypted blob from DHA-Service.
+
+Boolean value. The supported operation is Replace.
 
 **Certificate** (Required)  
-
                  Instructs the DHA-CSP to forward DHA-Data to the MDM server.
                  
 
-
                  Value type is b64.The supported operation is Get.
                  
+Instructs the DHA-CSP to forward DHA-Data to the MDM server.
+
+Value type is b64. The supported operation is Get.
 
 **Nonce** (Required)  
-
                  Enables MDMs to protect the device health attestation communications from man-in-the-middle type (MITM) attacks with a crypt-protected random value that is generated by the MDM Server.
                  
 
-
                  The nonce is in hex format, with a minimum size of 8 bytes, and a maximum size of 32 bytes.
                  
+Enables MDMs to protect the device health attestation communications from man-in-the-middle type (MITM) attacks with a crypt-protected random value that is generated by the MDM Server.
 
-
                  The supported operations are Get and Replace.
                  
+The nonce is in hex format, with a minimum size of 8 bytes, and a maximum size of 32 bytes.
+
+The supported operations are Get and Replace.
 
 **CorrelationId** (Required)  
-
                  Identifies a unique device health attestation session. CorrelationId is used to correlate DHA-Service logs with the MDM server events and Client event logs for debug and troubleshooting.
                  
 
-
                  Value type is integer, the minimum value is - 2,147,483,648 and the maximum value is 2,147,483,647. The supported operation is Get.
                  
+Identifies a unique device health attestation session. CorrelationId is used to correlate DHA-Service logs with the MDM server events and Client event logs for debug and troubleshooting.
+
+Value type is integer, the minimum value is - 2,147,483,648 and the maximum value is 2,147,483,647. The supported operation is Get.
 
 **HASEndpoint** (Optional)
-
                  Identifies the fully qualified domain name (FQDN) of the DHA-Service that is assigned to perform attestation. If an FQDN is not assigned, DHA-Cloud (Microsoft owned and operated cloud service) will be used as the default attestation service.
                  
 
-
                  Value type is string. The supported operations are Get and Replace. The default value is has.spserv.microsoft.com.
                  
+Identifies the fully qualified domain name (FQDN) of the DHA-Service that is assigned to perform attestation. If an FQDN isn't assigned, DHA-Cloud (Microsoft owned and operated cloud service) will be used as the default attestation service.
+
+Value type is string. The supported operations are Get and Replace. The default value is has.spserv.microsoft.com.
 
 **TpmReadyStatus** (Required)
-
                  Added in Windows 10, version 1607 March service release. Returns a bitmask of information describing the state of TPM. It indicates whether the TPM of the device is in a ready and trusted state.
                  
-
                  Value type is integer. The supported operation is Get.
                  
 
-## **DHA-CSP integration steps**
+Added in Windows 10, version 1607 March service release. Returns a bitmask of information describing the state of TPM. It indicates whether the TPM of the device is in a ready and trusted state.
 
+Value type is integer. The supported operation is Get.
+
+### DHA-CSP integration steps
 
 The following list of validation and development tasks are required for integrating the Microsoft Device Health Attestation feature with a Windows Mobile device management solution (MDM):
 
-
 1.  [Verify HTTPS access](#verify-access)
 2.  [Assign an enterprise trusted DHA-Service](#assign-trusted-dha-service)
 3.  [Instruct client to prepare DHA-data for verification](#prepare-health-data)
@@ -260,14 +634,13 @@ The following list of validation and development tasks are required for integrat
 
 Each step is described in detail in the following sections of this topic.
 
-## **Step 1: Verify HTTPS access**
-
+### Step 1: Verify HTTPS access
 
 Validate that both the MDM server and the device (MDM client) can access has.spserv.microsoft.com using the TCP protocol over port 443 (HTTPS).
 
-You can use OpenSSL to validate access to DHA-Service. Here is a sample OpenSSL command and the response that was generated by DHA-Service:
+You can use OpenSSL to validate access to DHA-Service. Here's a sample OpenSSL command and the response that was generated by DHA-Service:
 
-``` syntax
+```console
 PS C:\openssl> ./openssl.exe s_client -connect has.spserv.microsoft.com:443
 CONNECTED(000001A8)
 ---
@@ -312,8 +685,7 @@ SSL-Session:
     Verify return code: 20 (unable to get local issuer certificate)
 ```
 
-
-## **Step 2: Assign an enterprise trusted DHA-Service**
+### Step 2: Assign an enterprise trusted DHA-Service
 
 There are three types of DHA-Service:
 - Device Health Attestation – Cloud (owned and operated by Microsoft)
@@ -338,9 +710,7 @@ The following example shows a sample call that instructs a managed device to com
 
 ```
 
-
-## **Step 3: Instruct client to prepare health data for verification**
-
+### Step 3: Instruct client to prepare health data for verification
 
 Send a SyncML call to start collection of the DHA-Data.
 
@@ -366,7 +736,7 @@ The following example shows a sample call that triggers collection and verificat
 
 ```
 
-## **Step 4: Take action based on the clients response**
+### Step 4: Take action based on the client's response
 
 
 After the client receives the health attestation request, it sends a response. The following list describes the responses, along with a recommended action to take.
@@ -374,7 +744,7 @@ After the client receives the health attestation request, it sends a response. T
 - If the response is HEALTHATTESTATION\_CERT_RETRIEVAL_COMPLETE (3) then proceed to the next section.
 - If the response is HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTED (1) or HEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZED (0) wait for an alert, then proceed to the next section.
 
-Here is a sample alert that is issued by DHA_CSP:
+Here's a sample alert that is issued by DHA_CSP:
 
 ```xml
 
@@ -392,14 +762,14 @@ Here is a sample alert that is issued by DHA_CSP:
     
 
 ```
-- If the response to the status node is not 0, 1 or 3, then troubleshoot the issue. For the complete list of status codes see [Device HealthAttestation CSP status and error codes](#device-healthattestation-csp-status-and-error-codes).
+- If the response to the status node isn't 0, 1 or 3, then troubleshoot the issue. For the complete list of status codes, see [Device HealthAttestation CSP status and error codes](#device-healthattestation-csp-status-and-error-codes).
 
-## **Step 5: Instruct the client to forward health attestation data for verification**
+### Step 5: Instruct the client to forward health attestation data for verification
 
 
 Create a call to the **Nonce**, **Certificate** and **CorrelationId** nodes, and pick up an encrypted payload that includes a health certificate and related data from the device.
 
-Here is an example:
+Here's an example:
 
 ```xml
 
@@ -431,39 +801,40 @@ Here is an example:
 
 ```
 
-## **Step 6: Forward device health attestation data to DHA-service**
-
+### Step 6: Forward device health attestation data to DHA-service
 
 In response to the request that was sent in the previous step, the MDM client forwards an XML formatted blob (response from ./Vendor/MSFT/HealthAttestation/Certificate node) and a call identifier called CorrelationId (response  to ./Vendor/MSFT/HealthAttestation/CorrelationId node).
 
-When the MDM-Server receives the above data, it must: 
+When the MDM-Server receives the above data, it must:
+
 - Log the CorrelationId it receives from the device (for future troubleshooting/reference), correlated to the call.
 - Decode the XML formatted data blob it receives from the device
 - Append the nonce that was generated by MDM service (add the nonce that was forwarded to the device in Step 5) to the XML structure that was forwarded by the device in following format:
 
-```xml
-
-
-    [INT]
-     [base64 blob, eg ‘ABc123+/…==’] 
-     [base64 blob, eg ‘ABc123+/...==’]
-    
-
-```
+  ```xml
+  
+  
+      [INT]
+       [base64 blob, eg ‘ABc123+/…==’] 
+       [base64 blob, eg ‘ABc123+/...==’]
+      
+  
+  ```
+
 - Forward (HTTP Post) the XML data struct (including the nonce that was appended in the previous step) to the assigned DHA-Service that runs on:
-    - DHA-Cloud (Microsoft owned and operated DHA-Service) scenario: https://has.spserv.microsoft.com/DeviceHealthAttestation/ValidateHealthCertificate/v3
-    - DHA-OnPrem or DHA-EMC: https://FullyQualifiedDomainName-FDQN/DeviceHealthAttestation/ValidateHealthCertificate/v3
+
+  - DHA-Cloud (Microsoft owned and operated DHA-Service) scenario: https://has.spserv.microsoft.com/DeviceHealthAttestation/ValidateHealthCertificate/v3
+  - DHA-OnPrem or DHA-EMC: https://FullyQualifiedDomainName-FDQN/DeviceHealthAttestation/ValidateHealthCertificate/v3
 
 
-## **Step 7: Receive response from the DHA-service**
+### Step 7: Receive response from the DHA-service
 
 When the Microsoft Device Health Attestation Service receives a request for verification, it performs the following steps:
 - Decrypts the encrypted data it receives.
 - Validates the data it has received 
 - Creates a report, and shares the evaluation results to the MDM server via SSL in XML format 
 
-## **Step 8: Take appropriate policy action based on evaluation results**
-
+### Step 8: Take appropriate policy action based on evaluation results
 
 After the MDM server receives the verified data, the information can be used to make policy decisions by evaluating the data. Some possible actions would be:
 
@@ -471,7 +842,7 @@ After the MDM server receives the verified data, the information can be used to
 -   Allow the device to access the resources, but flag the device for further investigation.
 -   Prevent a device from accessing resources.
 
-The following list of data points are verified by the DHA-Service in DHA-Report version 3:
+The following list of data points is verified by the DHA-Service in DHA-Report version 3:
 
 - [Issued](#issued ) 
 - [AIKPresent](#aikpresent)
@@ -503,113 +874,123 @@ The following list of data points are verified by the DHA-Service in DHA-Report
 
 \*  TPM 2.0 only   
 \*\*  Reports if BitLocker was enabled during initial boot.    
-\*\*\* The “Hybrid Resume” must be disabled on the device. Reports 1st party ELAM “Defender” was loaded during boot.  
+\*\*\* The "Hybrid Resume" must be disabled on the device. Reports first-party ELAM "Defender" was loaded during boot.
 
-Each of these are described in further detail in the following sections, along with the recommended actions to take.
+Each of these data points is described in further detail in the following sections, along with the recommended actions to take.
 
 **Issued**
-
                  The date and time DHA-report was evaluated or issued to MDM.
                  
+
+The date and time DHA-report was evaluated or issued to MDM.
 
 **AIKPresent**  
-
                  When an Attestation Identity Key (AIK) is present on a device, it indicates that the device has an endorsement key (EK) certificate. It can be trusted more than a device that doesn’t have an EK certificate.
                  
 
-
                  If AIKPresent = True (1), then allow access.
                  
+When an Attestation Identity Key (AIK) is present on a device, it indicates that the device has an endorsement key (EK) certificate. It can be trusted more than a device that doesn’t have an EK certificate.
 
-
                  If AIKPresent = False (0), then take one of the following actions that align with your enterprise policies:
                  
+If AIKPresent = True (1), then allow access.
 
--   Disallow all access
--   Disallow access to HBI assets
--   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a devices past activities and trust history.
--   Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
+If AIKPresent = False (0), then take one of the following actions that align with your enterprise policies:
+
+- Disallow all access
+- Disallow access to HBI assets
+- Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
+- Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
 
 **ResetCount** (Reported only for devices that support TPM 2.0)
-
                  This attribute reports the number of times a PC device has hibernated or resumed.
                  
+
+This attribute reports the number of times a PC device has hibernated or resumed.
 
 **RestartCount** (Reported only for devices that support TPM 2.0)
-
                  This attribute reports the number of times a PC device has rebooted
                  
+
+This attribute reports the number of times a PC device has rebooted.
 
 **DEPPolicy**  
-
                  A device can be trusted more if the DEP Policy is enabled on the device.
                  
 
-
                  Data Execution Prevention (DEP) Policy defines is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. Secure boot allows a limited list on x86/amd64 and on ARM NTOS locks it to on.
                  
+A device can be trusted more if the DEP Policy is enabled on the device.
 
-
                  DEPPolicy can be disabled or enabled by using the following commands in WMI or a PowerShell script:
                  
+Data Execution Prevention (DEP) Policy defines a set of hardware and software technologies that perform extra checks on memory to help prevent malicious code from running on a system. Secure boot allows a limited list on x86/amd64 and on ARM NTOS locks it to on.
+
+DEPPolicy can be disabled or enabled by using the following commands in WMI or a PowerShell script:
 
 -   To disable DEP, type **bcdedit.exe /set {current} nx AlwaysOff**
 -   To enable DEP, type **bcdedit.exe /set {current} nx AlwaysOn**
 
-
                  If DEPPolicy = 1 (On), then allow access.
                  
+If DEPPolicy = 1 (On), then allow access.
 
-
                  If DEPPolicy = 0 (Off), then take one of the following actions that align with your enterprise policies:
                  
+If DEPPolicy = 0 (Off), then take one of the following actions that align with your enterprise policies:
 
 -   Disallow all access
 -   Disallow access to HBI assets
--   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a devices past activities and trust history.
+-   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
 -   Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
 
 **BitLockerStatus** (at boot time) 
-
                  When BitLocker is reported "on" at boot time, the device is able to protect data that is stored on the drive from unauthorized access, when the system is turned off or goes to hibernation.
                  
 
-
                  Windows BitLocker Drive Encryption, encrypts all data stored on the Windows operating system volume. BitLocker uses the TPM to help protect the Windows operating system and user data and helps to ensure that a computer is not tampered with, even if it is left unattended, lost, or stolen.
                  
+When BitLocker is reported "on" at boot time, the device is able to protect data that is stored on the drive from unauthorized access, when the system is turned off or goes to hibernation.
 
-
                  If the computer is equipped with a compatible TPM, BitLocker uses the TPM to lock the encryption keys that protect the data. As a result, the keys cannot be accessed until the TPM has verified the state of the computer.
                  
+Windows BitLocker Drive Encryption, encrypts all data stored on the Windows operating system volume. BitLocker uses the TPM to help protect the Windows operating system and user data and helps to ensure that a computer isn't tampered with, even if it's left unattended, lost, or stolen.
 
-
                  If BitLockerStatus = 1 (On), then allow access.
                  
+If the computer is equipped with a compatible TPM, BitLocker uses the TPM to lock the encryption keys that protect the data. As a result, the keys can't be accessed until the TPM has verified the state of the computer.
 
-
                  If BitLockerStatus = 0 (Off), then take one of the following actions that align with your enterprise policies:
                  
+If BitLockerStatus = 1 (On), then allow access.
+
+If BitLockerStatus = 0 (Off), then take one of the following actions that align with your enterprise policies:
 
 -   Disallow all access
 -   Disallow access to HBI assets
--   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a devices past activities and trust history.
+-   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
 -   Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
 
 **BootManagerRevListVersion**
-
                  This attribute indicates the version of the Boot Manager that is running on the device, to allow you to track and manage the security of the boot sequence/environment.
                  
 
-
                  If BootManagerRevListVersion = [CurrentVersion], then allow access.
                  
+This attribute indicates the version of the Boot Manager that is running on the device, to allow you to track and manage the security of the boot sequence/environment.
 
-
                  If BootManagerRevListVersion != [CurrentVersion], then take one of the following actions that align with your enterprise policies:
                  
+If BootManagerRevListVersion = [CurrentVersion], then allow access.
+
+If BootManagerRevListVersion != [CurrentVersion], then take one of the following actions that align with your enterprise policies:
 
 -   Disallow all access
 -   Disallow access to HBI and MBI assets
 -   Place the device in a watch list to monitor the device more closely for potential risks.
--   Trigger a corrective action, such as such as informing the technical support team to contact the owner investigate the issue.
+-   Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
 
 **CodeIntegrityRevListVersion**
-
                  This attribute indicates the version of the code that is performing integrity checks during the boot sequence. Using this attribute can help you detect if the device is running the latest version of the code that performs integrity checks, or if it is exposed to security risks (revoked) and enforce an appropriate policy action.
                  
 
-
                  If CodeIntegrityRevListVersion = [CurrentVersion], then allow access.
                  
+This attribute indicates the version of the code that is performing integrity checks during the boot sequence. Using this attribute can help you detect if the device is running the latest version of the code that performs integrity checks, or if it's exposed to security risks (revoked), and enforce an appropriate policy action.
 
-
                  If CodeIntegrityRevListVersion != [CurrentVersion], then take one of the following actions that align with your enterprise policies:
                  
+If CodeIntegrityRevListVersion = [CurrentVersion], then allow access.
+
+If CodeIntegrityRevListVersion != [CurrentVersion], then take one of the following actions that align with your enterprise policies:
 
 -   Disallow all access
 -   Disallow access to HBI and MBI assets
 -   Place the device in a watch list to monitor the device more closely for potential risks.
--   Trigger a corrective action, such as such as informing the technical support team to contact the owner investigate the issue.
+-   Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
 
 **SecureBootEnabled**  
-
                  When Secure Boot is enabled the core components used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. The UEFI firmware verifies this before it lets the machine start. If any files have been tampered with, breaking their signature, the system will not boot.
                  
 
-
                  If SecureBootEnabled = 1 (True), then allow access.
                  
+When Secure Boot is enabled, the core components used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. The UEFI firmware verifies this requirement before it lets the machine start. If any files have been tampered with, breaking their signature, the system won't boot.
 
-
                  If SecurebootEnabled = 0 (False), then take one of the following actions that align with your enterprise policies:
                  
+If SecureBootEnabled = 1 (True), then allow access.
+
+If SecurebootEnabled = 0 (False), then take one of the following actions that align with your enterprise policies:
 
 -   Disallow all access
 -   Disallow access to HBI assets
--   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a devices past activities and trust history.
+-   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
 -   Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
 
 **BootDebuggingEnabled**
-
                  Boot debug enabled points to a device that is used in development and testing. Devices that are used for test and development typically are less secure: the device may run unstable code, or be configured with fewer security restrictions that is required for testing and development.
                  
 
-
                  Boot debugging can be disabled or enabled by using the following commands in WMI or a PowerShell script:
                  
+Boot debug-enabled points to a device that is used in development and testing. Devices that are used for test and development typically are less secure: the device may run unstable code, or be configured with fewer security restrictions that is required for testing and development.
+
+Boot debugging can be disabled or enabled by using the following commands in WMI or a PowerShell script:
 
 -   To disable boot debugging, type **bcdedit.exe /set {current} bootdebug off**
 -   To enable boot debugging, type **bcdedit.exe /set {current} bootdebug on**
 
-
                  If BootdebuggingEnabled = 0 (False), then allow access.
                  
+If BootdebuggingEnabled = 0 (False), then allow access.
 
-
                  If BootDebuggingEnabled = 1 (True), then take one of the following actions that align with your enterprise policies:
                  
+If BootDebuggingEnabled = 1 (True), then take one of the following actions that align with your enterprise policies:
 
 -   Disallow all access
 -   Disallow access to HBI assets
@@ -617,44 +998,47 @@ Each of these are described in further detail in the following sections, along w
 -   Trigger a corrective action, such as enabling VSM using WMI or a PowerShell script.  
 
 **OSKernelDebuggingEnabled**
-
                  OSKernelDebuggingEnabled points to a device that is used in development and testing. Devices that are used for test and development typically are less secure: they may run unstable code, or be configured with fewer security restrictions required for testing and development.
                  
 
-
                  If OSKernelDebuggingEnabled = 0 (False), then allow access.
                  
+OSKernelDebuggingEnabled points to a device that is used in development and testing. Devices that are used for test and development typically are less secure: they may run unstable code, or be configured with fewer security restrictions required for testing and development.
 
-
                  If OSKernelDebuggingEnabled = 1 (True), then take one of the following actions that align with your enterprise policies:
                  
+If OSKernelDebuggingEnabled = 0 (False), then allow access.
+
+If OSKernelDebuggingEnabled = 1 (True), then take one of the following actions that align with your enterprise policies:
 
 -   Disallow all access
 -   Disallow access to HBI assets
 -   Place the device in a watch list to monitor the device more closely for potential risks.
--   Trigger a corrective action, such as such as informing the technical support team to contact the owner investigate the issue.
+-   Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
 
 **CodeIntegrityEnabled**  
-
                  When code integrity is enabled, code execution is restricted to integrity verified code.
                  
 
-
                  Code integrity is a feature that validates the integrity of a driver or system file each time it is loaded into memory. Code integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with administrator privileges.
                  
+When code integrity is enabled, code execution is restricted to integrity verified code.
 
-
                  On x64-based versions of the operating system, kernel-mode drivers must be digitally signed.
                  
+Code integrity is a feature that validates the integrity of a driver or system file each time it's loaded into memory. Code integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with administrator privileges.
 
-
                  If CodeIntegrityEnabled = 1 (True), then allow access.
                  
+On x64-based versions of the operating system, kernel-mode drivers must be digitally signed.
 
-
                  If CodeIntegrityEnabled = 0 (False), then take one of the following actions that align with your enterprise policies:
                  
+If CodeIntegrityEnabled = 1 (True), then allow access.
+
+If CodeIntegrityEnabled = 0 (False), then take one of the following actions that align with your enterprise policies:
 
 -   Disallow all access
 -   Disallow access to HBI assets
--   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a devices past activities and trust history.
+-   Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
 -   Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
 
 **TestSigningEnabled**
-
                  When test signing is enabled, the device does not enforce signature validation during boot, and allows the unsigned drivers (such as unsigned UEFI modules) to load during boot.
                  
 
-
                  Test signing can be disabled or enabled by using the following commands in WMI or a PowerShell script:
                  
+When test signing is enabled, the device doesn't enforce signature validation during boot, and allows the unsigned drivers (such as unsigned UEFI modules) to load during boot.
+
+Test signing can be disabled or enabled by using the following commands in WMI or a PowerShell script:
 
 -   To disable boot debugging, type **bcdedit.exe /set {current} testsigning off**
 -   To enable boot debugging, type **bcdedit.exe /set {current} testsigning on**
 
-
                  If TestSigningEnabled = 0 (False), then allow access.
                  
+If TestSigningEnabled = 0 (False), then allow access.
 
-
                  If TestSigningEnabled = 1 (True), then take one of the following actions that align with your enterprise policies:
                  
+If TestSigningEnabled = 1 (True), then take one of the following actions that align with your enterprise policies:
 
 -   Disallow all access
 -   Disallow access to HBI and MBI assets
@@ -662,33 +1046,36 @@ Each of these are described in further detail in the following sections, along w
 -   Trigger a corrective action, such as enabling test signing using WMI or a PowerShell script.
 
 **SafeMode**  
-
                  Safe mode is a troubleshooting option for Windows that starts your computer in a limited state. Only the basic files and drivers necessary to run Windows are started.
                  
 
-
                  If SafeMode = 0 (False), then allow access.
                  
+Safe mode is a troubleshooting option for Windows that starts your computer in a limited state. Only the basic files and drivers necessary to run Windows are started.
 
-
                  If SafeMode = 1 (True), then take one of the following actions that align with your enterprise policies:
                  
+If SafeMode = 0 (False), then allow access.
+
+If SafeMode = 1 (True), then take one of the following actions that align with your enterprise policies:
 
 -   Disallow all access
 -   Disallow access to HBI assets
 -   Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
 
 **WinPE**  
-
                  Windows pre-installation Environment (Windows PE) is a minimal operating system with limited services that is used to prepare a computer for Windows installation, to copy disk images from a network file server, and to initiate Windows Setup.
                  
 
-
                  If WinPE = 0 (False), then allow access.
                  
+Windows pre-installation Environment (Windows PE) is a minimal operating system with limited services that is used to prepare a computer for Windows installation, to copy disk images from a network file server, and to initiate Windows Setup.
 
-
                  If WinPE = 1 (True), then limit access to remote resources that are required for Windows OS installation.
                  
+If WinPE = 0 (False), then allow access.
+
+If WinPE = 1 (True), then limit access to remote resources that are required for Windows OS installation.
 
 **ELAMDriverLoaded**  (Windows Defender)
-
                  To use this reporting feature you must disable "Hybrid Resume" on the device. Early launch anti-malware (ELAM) provides protection for the computers in your network when they start up and before third-party drivers initialize.
                  
 
-
                  In the current release, this attribute only monitors/reports if a Microsoft 1st party ELAM  (Windows Defender) was loaded during initial boot.
                  
+To use this reporting feature, you must disable "Hybrid Resume" on the device. Early launch anti-malware (ELAM) provides protection for the computers in your network when they start up and before third-party drivers initialize.
 
-
                  If a device is expected to use a 3rd party antivirus program, ignore the reported state.
                  
+In the current release, this attribute only monitors/reports if a Microsoft first-party ELAM  (Windows Defender) was loaded during initial boot.
 
-
                  If a device is expected to use Windows Defender and ELAMDriverLoaded = 1 (True), then allow access.
                  
+If a device is expected to use a third-party antivirus program, ignore the reported state.
 
-
                  If a device is expected to use Windows Defender and ELAMDriverLoaded = 0 (False), then take one of the following actions that align with your enterprise policies, also accounting for whether it is a desktop or mobile device:
                  
+If a device is expected to use Windows Defender and ELAMDriverLoaded = 1 (True), then allow access.
+
+If a device is expected to use Windows Defender and ELAMDriverLoaded = 0 (False), then take one of the following actions that align with your enterprise policies:
 
 -   Disallow all access
 -   Disallow access to HBI assets
@@ -696,339 +1083,257 @@ Each of these are described in further detail in the following sections, along w
 
 **Bcdedit.exe /set {current} vsmlaunchtype auto**
 
-
                  If ELAMDriverLoaded = 1 (True), then allow access.
                  
+If ELAMDriverLoaded = 1 (True), then allow access.
 
-
                  If ELAMDriverLoaded = 0 (False), then take one of the following actions that align with your enterprise policies:
                  
+If ELAMDriverLoaded = 0 (False), then take one of the following actions that align with your enterprise policies:
 
 -   Disallow all access
 -   Disallow access to HBI assets
 -   Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
 
 **VSMEnabled**  
-
                  Virtual Secure Mode (VSM) is a container that protects high value assets from a compromised kernel. VSM requires about 1GB of memory – it has just enough capability to run the LSA service that is used for all authentication brokering.
                  
 
-
                  VSM can be enabled by using the following command in WMI or a PowerShell script:
                  
+Virtual Secure Mode (VSM) is a container that protects high value assets from a compromised kernel. VSM requires about 1 GB of memory – it has enough capability to run the LSA service that is used for all authentication brokering.
 
-
                  bcdedit.exe /set {current} vsmlaunchtype auto
                  
+VSM can be enabled by using the following command in WMI or a PowerShell script:
 
-
                  If VSMEnabled = 1 (True), then allow access.
                  
-
                  If VSMEnabled = 0 (False), then take one of the following actions that align with your enterprise policies:
                  
+`bcdedit.exe /set {current} vsmlaunchtype auto`
+
+If VSMEnabled = 1 (True), then allow access.
+If VSMEnabled = 0 (False), then take one of the following actions that align with your enterprise policies:
 
 - Disallow all access
 - Disallow access to HBI assets
 - Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue
 
 **PCRHashAlgorithmID**
-
                  This attribute is an informational attribute that identifies the HASH algorithm that was used by TPM; no compliance action required.
                  
+
+This attribute is an informational attribute that identifies the HASH algorithm that was used by TPM; no compliance action required.
 
 **BootAppSVN**
-
                  This attribute identifies the security version number of the Boot Application that was loaded during initial boot on the attested device
                  
 
-
                  If reported BootAppSVN equals an accepted value, then allow access.
                  
+This attribute identifies the security version number of the Boot Application that was loaded during initial boot on the attested device
 
- 
                  If reported BootAppSVN does not equal an accepted value, then take one of the following actions that align with your enterprise policies:
                  
+If reported BootAppSVN equals an accepted value, then allow access.
+
+If reported BootAppSVN doesn't equal an accepted value, then take one of the following actions that align with your enterprise policies:
 
 - Disallow all access
 - Direct the device to an enterprise honeypot, to further monitor the device's activities.
 
 **BootManagerSVN**
-
                  This attribute identifies the security version number of the Boot Manager that was loaded during initial boot on the attested device.
                  
 
-
                  If reported BootManagerSVN equals an accepted value, then allow access.
                  
+This attribute identifies the security version number of the Boot Manager that was loaded during initial boot on the attested device.
 
-
                  If reported BootManagerSVN does not equal an accepted value, then take one of the following actions that align with your enterprise policies:
                  
+If reported BootManagerSVN equals an accepted value, then allow access.
+
+If reported BootManagerSVN doesn't equal an accepted value, then take one of the following actions that align with your enterprise policies:
 
 - Disallow all access
 - Direct the device to an enterprise honeypot, to further monitor the device's activities.
 
 **TPMVersion**
 
-
                  This attribute identifies the version of the TPM that is running on the attested device.
                  
-
                  TPMVersion node provides to replies "1" and "2":
                  
-
                    
-
                  • 1 means TPM specification version 1.2
                    • 
-
                  • 2 means TPM specification version 2.0
                    • 
-
                  
+This attribute identifies the version of the TPM that is running on the attested device. TPMVersion node provides to replies "1" and "2":
 
-
                  Based on the reply you receive from TPMVersion node:
                  
+- 1 means TPM specification version 1.2
+- 2 means TPM specification version 2.0
+
+Based on the reply you receive from TPMVersion node:
 
 - If reported TPMVersion equals an accepted value, then allow access.
-- If reported TPMVersion does not equal an accepted value, then take one of the following actions that align with your enterprise policies:
+- If reported TPMVersion doesn't equal an accepted value, then take one of the following actions that align with your enterprise policies:
     - Disallow all access
     - Direct the device to an enterprise honeypot, to further monitor the device's activities.
 
 **PCR0**
-
                  The measurement that is captured in PCR[0] typically represents a consistent view of the Host Platform between boot cycles. It contains a measurement of components that are provided by the host platform manufacturer.
                  
 
-
                  Enterprise managers can create a allow list of trusted PCR[0] values, compare the PCR[0] value of the managed devices (the value that is verified and reported by HAS) with the allow list, and then make a trust decision based on the result of the comparison.
                  
+The measurement that is captured in PCR[0] typically represents a consistent view of the Host Platform between boot cycles. It contains a measurement of components that are provided by the host platform manufacturer.
 
-
                  If your enterprise does not have a allow list of accepted PCR[0] values, then take no action.
                  
+Enterprise managers can create an allowlist of trusted PCR[0] values, compare the PCR[0] value of the managed devices (the value that is verified and reported by HAS) with the allowlist, and then make a trust decision based on the result of the comparison.
 
-
                  If PCR[0] equals an accepted allow list value, then allow access.
                  
+If your enterprise doesn't have an allowlist of accepted PCR[0] values, then take no action.
 
-
                  If PCR[0] does not equal any accepted listed value, then take one of the following actions that align with your enterprise policies:
                  
+If PCR[0] equals an accepted allowlist value, then allow access.
+
+If PCR[0] doesn't equal any accepted listed value, then take one of the following actions that align with your enterprise policies:
 
 -   Disallow all access
 -   Direct the device to an enterprise honeypot, to further monitor the device's activities.
 
 **SBCPHash**
-
                  SBCPHash is the finger print of the Custom Secure Boot Configuration Policy (SBCP) that was loaded during boot in Windows devices, except PCs.
                  
 
-
                  If SBCPHash is not present, or is an accepted allow-listed value, then allow access.
+SBCPHash is the finger print of the Custom Secure Boot Configuration Policy (SBCP) that was loaded during boot in Windows devices, except PCs.
 
-
                  If SBCPHash is present in DHA-Report, and is not a allow-listed value, then take one of the following actions that align with your enterprise policies:
                  
+If SBCPHash isn't present, or is an accepted allow-listed value, then allow access.
+
+If SBCPHash is present in DHA-Report, and isn't an allowlisted value, then take one of the following actions that align with your enterprise policies:
 
 - Disallow all access
 - Place the device in a watch list to monitor the device more closely for potential risks.
 
 **CIPolicy**
-
                  This attribute indicates the Code Integrity policy that is controlling the security of the boot environment.
                  
 
-
                  If CIPolicy is not present, or is an accepted allow-listed value, then allow access.
                  
+This attribute indicates the Code Integrity policy that is controlling the security of the boot environment.
 
-
                  If CIPolicy is present and is not a allow-listed value, then take one of the following actions that align with your enterprise policies:
                  
+If CIPolicy isn't present, or is an accepted allow-listed value, then allow access.
+
+If CIPolicy is present and isn't an allow-listed value, then take one of the following actions that align with your enterprise policies:
 
 - Disallow all access
 - Place the device in a watch list to monitor the device more closely for potential risks.
 
 **BootRevListInfo**
-
                  This attribute identifies the Boot Revision List that was loaded during initial boot on the attested device.
                  
 
-
                  If reported BootRevListInfo version equals an accepted value, then allow access.
                  
+This attribute identifies the Boot Revision List that was loaded during initial boot on the attested device.
 
-
                  If reported BootRevListInfo version does not equal an accepted value, then take one of the following actions that align with your enterprise policies:
                  
+If reported BootRevListInfo version equals an accepted value, then allow access.
+
+If reported BootRevListInfo version doesn't equal an accepted value, then take one of the following actions that align with your enterprise policies:
 
 - Disallow all access
 - Direct the device to an enterprise honeypot, to further monitor the device's activities.
 
 **OSRevListInfo**
-
                  This attribute identifies the Operating System Revision List that was loaded during initial boot on the attested device.
                  
 
-
                  If reported OSRevListInfo version equals an accepted value, then allow access.
                  
+This attribute identifies the Operating System Revision List that was loaded during initial boot on the attested device.
 
-
                  If reported OSRevListInfo version does not equal an accepted value, then take one of the following actions that align with your enterprise policies:
                  
+If reported OSRevListInfo version equals an accepted value, then allow access.
+
+If reported OSRevListInfo version doesn't equal an accepted value, then take one of the following actions that align with your enterprise policies:
 
 - Disallow all access
 - Direct the device to an enterprise honeypot, to further monitor the device's activities.  
 
 **HealthStatusMismatchFlags**
-
                  HealthStatusMismatchFlags attribute appears if DHA-Service detects an integrity issue (mismatch) in the DHA-Data it receives from device management solutions, for validation.
                  
 
-
                  In case of a detected issue a list of impacted DHA-report elements will be listed under the HealthStatusMismatchFlags attribute.
                  
+HealthStatusMismatchFlags attribute appears if DHA-Service detects an integrity issue (mismatch) in the DHA-Data it receives from device management solutions, for validation.
 
-## **Device HealthAttestation CSP status and error codes**
+If an issue is detected, a list of impacted DHA-report elements will be listed under the HealthStatusMismatchFlags attribute.
 
-
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
-    
-        
-        
-        
-    
+### Device HealthAttestation CSP status and error codes
 
-
                  Error codeError nameDescription
                  0HEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZEDThis is the initial state for devices that have never participated in a DHA-Session. 
                  1HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTEDThis state signifies that MDM client’s Exec call on the node VerifyHealth has been triggered and now the OS is trying to retrieve DHA-EncBlob from DHA-Server.
                  2HEALTHATTESTATION_CERT_RETRIEVAL_FAILEDThis state signifies that the device failed to retrieve DHA-EncBlob from DHA-Server.
                  3HEALTHATTESTATION_CERT_RETRIEVAL_COMPLETEThis state signifies that the device has successfully retrieved DHA-EncBlob from the DHA-Server.
                  4HEALTHATTESTATION_CERT_RETRIEVAL_PCR_FAILDeprecated in Windows 10, version 1607.
                  5HEALTHATTESTATION_CERT_RETRIEVAL_GETQUOTE_FAILDHA-CSP failed to get a claim quote.
                  6HEALTHATTESTATION_CERT_RETRIEVAL_DEVICE_NOT_READYDHA-CSP failed in opening a handle to Microsoft Platform Crypto Provider.
                  7HEALTHATTESTATION_CERT_RETRIEVAL_WINDOWS_AIK_FAILDHA-CSP failed in retrieving Windows AIK
                  8HEALTHATTESTATION_CERT_RETRIEVAL_FROM_WEB_FAILDeprecated in Windows 10, version 1607.
                  9HEALTHATTESTATION_CERT_RETRIEVAL_INVALID_TPM_VERSIONInvalid TPM version (TPM version is not 1.2 or 2.0)
                  10HEALTHATTESTATION_CERT_RETRIEVAL_GETNONCE_FAILNonce was not found in the registry.
                  11HEALTHATTESTATION_CERT_RETRIEVAL_GETCORRELATIONID_FAILCorrelation ID was not found in the registry.
                  12HEALTHATTESTATION_CERT_RETRIEVAL_GETCERT_FAILDeprecated in Windows 10, version 1607.
                  13HEALTHATTESTATION_CERT_RETRIEVAL_GETCLAIM_FAILDeprecated in Windows 10, version 1607.
                  14HEALTHATTESTATION_CERT_RETRIEVAL_ENCODING_FAILFailure in Encoding functions. (Extremely unlikely scenario)
                  15HEALTHATTESTATION_CERT_RETRIEVAL_ENDPOINTOVERRIDE_FAILDeprecated in Windows 10, version 1607.
                  16HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_LOAD_XMLDHA-CSP failed to load the payload it received from DHA-Service 
                  17HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CORRUPT_XMLDHA-CSP received a corrupted response from DHA-Service.
                  18HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_XMLDHA-CSP received an empty response from DHA-Service.
                  19HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_AES_EKDHA-CSP failed in decrypting the AES key from the EK challenge.
                  20HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_CERT_AES_EKDHA-CSP failed in decrypting the health cert with the AES key.
                  21HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EXPORT_AIKPUBDHA-CSP failed in exporting the AIK Public Key.
                  22HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_CLAIMAUTHORITYONLYDHA-CSP failed in trying to create a claim with AIK attestation data.
                  23HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_APPEND_AIKPUBDHA-CSP failed in appending the AIK Pub to the request blob.
                  24HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_APPEND_AIKCERTDHA-CSP failed in appending the AIK Cert to the request blob.
                  25HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_INIT_HTTPHANDLEDHA-CSP failed to obtain a Session handle.
                  26HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_GETTARGET_HTTPHANDLEDHA-CSP failed to connect to the DHA-Service.
                  27HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_HTTPHANDLEDHA-CSP failed to create a HTTP request handle.
                  28HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_SET_INTERNETOPTIONDHA-CSP failed to set options.
                  29HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_ADD_REQUESTHEADERSDHA-CSP failed to add request headers.
                  30HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_SEND_REQUESTDHA-CSP failed to send the HTTP request.
                  31HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_RECEIVE_RESPONSEDHA-CSP failed to receive a response from the DHA-Service.
                  32HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_QUERY_HEADERSDHA-CSP failed to query headers when trying to get HTTP status code.
                  33HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_RESPONSEDHA-CSP received an empty response from DHA-Service even though HTTP status was OK.
                  34HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_MISSING_RESPONSEDHA-CSP received an empty response along with a HTTP error code from DHA-Service.
                  35HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_IMPERSONATE_USERDHA-CSP failed to impersonate user.
                  36HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_ACQUIRE_PDCNETWORKACTIVATORDHA-CSP failed to acquire the PDC activators that are needed for network communication when the device is in Connected standby mode.
                  0xFFFFHEALTHATTESTATION_CERT_RETRIEVAL_FAILED_UNKNOWNDHA-CSP failed due to an unknown reason, this error is highly unlikely to occur.
                  400Bad_Request_From_ClientDHA-CSP has received a bad (malformed) attestation request.
                  404Endpoint_Not_ReachableDHA-Service is not reachable by DHA-CSP
                  
+Error code: 0 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZED  
+Error description: This state is the initial state for devices that have never participated in a DHA-Session.
 
-## DHA-Report V3 schema
+Error code: 1 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTED  
+Error description: This state signifies that MDM client’s Exec call on the node VerifyHealth has been triggered and now the OS is trying to retrieve DHA-EncBlob from DHA-Server.
 
+Error code: 2 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED  
+Error description: This state signifies that the device failed to retrieve DHA-EncBlob from DHA-Server.
+
+Error code: 3 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_COMPLETE  
+Error description: This state signifies that the device has successfully retrieved DHA-EncBlob from the DHA-Server.
+
+Error code: 4 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_PCR_FAIL  
+Error description: Deprecated in Windows 10, version 1607.
+
+Error code: 5 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETQUOTE_FAIL  
+Error description: DHA-CSP failed to get a claim quote.
+
+Error code: 6 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_DEVICE_NOT_READY  
+Error description: DHA-CSP failed in opening a handle to Microsoft Platform Crypto Provider.
+
+Error code: 7 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_WINDOWS_AIK_FAIL  
+Error description: DHA-CSP failed in retrieving Windows AIK
+
+Error code: 8 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FROM_WEB_FAIL  
+Error description: Deprecated in Windows 10, version 1607.
+
+Error code: 9 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_INVALID_TPM_VERSION  
+Error description: Invalid TPM version (TPM version isn't 1.2 or 2.0)
+
+Error code: 10 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETNONCE_FAIL  
+Error description: Nonce wasn't found in the registry.
+
+Error code: 11 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETCORRELATIONID_FAIL  
+Error description: Correlation ID wasn't found in the registry.
+
+Error code: 12 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETCERT_FAIL  
+Error description: Deprecated in Windows 10, version 1607.
+
+Error code: 13 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETCLAIM_FAIL  
+Error description: Deprecated in Windows 10, version 1607.
+
+Error code: 14 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_ENCODING_FAIL  
+Error description: Failure in Encoding functions. (Extremely unlikely scenario)
+
+Error code: 15 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_ENDPOINTOVERRIDE_FAIL  
+Error description: Deprecated in Windows 10, version 1607.
+
+Error code: 16 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_LOAD_XML  
+Error description: DHA-CSP failed to load the payload it received from DHA-Service
+
+Error code: 17 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CORRUPT_XML  
+Error description: DHA-CSP received a corrupted response from DHA-Service.
+
+Error code: 18 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_XML  
+Error description: DHA-CSP received an empty response from DHA-Service.
+
+Error code: 19 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_AES_EK  
+Error description: DHA-CSP failed in decrypting the AES key from the EK challenge.
+
+Error code: 20 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_CERT_AES_EK  
+Error description: DHA-CSP failed in decrypting the health cert with the AES key.
+
+Error code: 21 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EXPORT_AIKPUB  
+Error description: DHA-CSP failed in exporting the AIK Public Key.
+
+Error code: 22 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_CLAIMAUTHORITYONLY
+Error description: DHA-CSP failed in trying to create a claim with AIK attestation data.
+
+Error code: 23 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_APPEND_AIKPUB
+Error description: DHA-CSP failed in appending the AIK Pub to the request blob.
+
+Error code: 24 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_APPEND_AIKCERT
+Error description: DHA-CSP failed in appending the AIK Cert to the request blob.
+
+Error code: 25 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_INIT_HTTPHANDLE
+Error description: DHA-CSP failed to obtain a Session handle.
+
+Error code: 26 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_GETTARGET_HTTPHANDLE
+Error description: DHA-CSP failed to connect to the DHA-Service.
+
+Error code: 27 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_HTTPHAND
+Error description: DHA-CSP failed to create an HTTP request handle.
+
+Error code: 28 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_SET_INTERNETOPTION
+Error description: DHA-CSP failed to set options.
+
+Error code: 29 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_ADD_REQUESTHEADERS
+Error description: DHA-CSP failed to add request headers.
+
+Error code: 30 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_SEND_REQUEST
+Error description: DHA-CSP failed to send the HTTP request.
+
+Error code: 31 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_RECEIVE_RESPONSE
+Error description: DHA-CSP failed to receive a response from the DHA-Service.
+
+Error code: 32 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_QUERY_HEADERS
+Error description: DHA-CSP failed to query headers when trying to get HTTP status code.
+
+Error code: 33 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_RESPONSE
+Error description: DHA-CSP received an empty response from DHA-Service even though HTTP status was OK.
+
+Error code: 34 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_MISSING_RESPONSE
+Error description: DHA-CSP received an empty response along with an HTTP error code from DHA-Service.
+
+Error code: 35 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_IMPERSONATE_USER
+Error description: DHA-CSP failed to impersonate user.
+
+Error code: 36 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_ACQUIRE_PDCNETWORKACTIVATOR
+Error description: DHA-CSP failed to acquire the PDC activators that are needed for network communication when the device is in Connected standby mode.
+
+Error code: 0xFFFF | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_UNKNOWN
+Error description: DHA-CSP failed due to an unknown reason, this error is highly unlikely to occur.
+
+Error code: 400 | Error name: Bad_Request_From_Client
+Error description: DHA-CSP has received a bad (malformed) attestation request.
+
+Error code: 404 | Error name: Endpoint_Not_Reachable
+Error description: DHA-Service isn't reachable by DHA-CSP
+
+### DHA-Report V3 schema
 
 ```xml
 
@@ -1131,8 +1436,7 @@ Each of these are described in further detail in the following sections, along w
 
 ```
 
-## DHA-Report example
-
+### DHA-Report example
 
 ```xml
 
@@ -1169,10 +1473,10 @@ xmlns="http://schemas.microsoft.com/windows/security/healthcertificate/validatio
 
 ```
 
-
+## Security Considerations
+DHA anchors its trust in the TPM and its measurements. If TPM measurements can be spoofed or tampered, DHA can't provide any guarantee of device health for that device.
+For more information, see [PC Client TPM Certification](https://trustedcomputinggroup.org/resource/pc-client-tpm-certification/).
 
 ## Related topics
 
-
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md
index d7209b1cf2..6272e91bf1 100644
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
@@ -22,193 +22,430 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
 The XML below is the current version for this CSP.
 
 ```xml
-
-]>
-
-    1.2
-    
+
+
+  
+    
+      1.2
+      $(runtime.windows)\system32\hascsp.dll
+      
+      {9DCCCE22-C057-424E-B8D1-67935988B174}
+      
         HealthAttestation
         ./Vendor/MSFT
         
-            
-                
-            
-            
-                
-            
-            
-                
-            
-            
-                
-            
-            
-                com.microsoft/1.2/MDM/HealthAttestation
-            
+          
+            
+          
+          The root node for the device HealthAttestation configuration service provider.
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            com.microsoft/1.4/MDM/HealthAttestation
+          
+          
+            10.0.10586
+            1.0
+          
+          
+            
+            
+          
         
         
-            VerifyHealth
-            
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-            
+          VerifyHealth
+          
+            
+              
+            
+            Notifies the device to prepare a device health verification request.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+          
         
         
-            Status
-            
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    text/plain
-                
-            
+          Status
+          
+            
+              
+            
+            Provides the current status of the device health request.  For the complete list of status see https://docs.microsoft.com/en-us/windows/client-management/mdm/healthattestation-csp#device-healthattestation-csp-status-and-error-codes
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
         
         
-            ForceRetrieve
-            
-                
-                    
-                    
-                
-                False
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    text/plain
-                
-            
+          ForceRetrieve
+          
+            
+              
+              
+            
+            False
+            Instructs the client to initiate a new request to DHA-Service, and get a new DHA-EncBlob (a summary of the boot state that is issued by DHA-Service). This option should only be used if the MDM server enforces a certificate freshness policy, which needs to force a device to get a fresh encrypted blob from DHA-Service.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+              
+                false
+                False
+              
+              
+                true
+                True
+              
+            
+          
         
         
-            Certificate
-            
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-            
+          Certificate
+          
+            
+              
+            
+            Instructs the DHA-CSP to forward DHA-Data to the MDM server.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
         
         
-            Nonce
-            
-                
-                    
-                    
-                
-                \0
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    text/plain
-                
-            
+          Nonce
+          
+            
+              
+              
+            
+            \0
+            Enables MDMs to protect the device health attestation communications from man-in-the-middle type (MITM) attacks with a crypt-protected random value that is generated by the MDM Server. The nonce is in hex format, with a minimum size of 8 bytes, and a maximum size of 32 bytes.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            
+          
         
         
-            CorrelationID
-            
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    text/plain
-                
-            
+          CorrelationID
+          
+            
+              
+            
+            Identifies a unique device health attestation session. CorrelationId is used to correlate DHA-Service logs with the MDM server events and Client event logs for debug and troubleshooting.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            
+          
         
         
-            HASEndpoint
-            
-                
-                    
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    text/plain
-                
-            
+          HASEndpoint
+          
+            
+              
+              
+            
+            has.spserv.microsoft.com.
+            Identifies the fully qualified domain name (FQDN) of the DHA-Service that is assigned to perform attestation. If an FQDN is not assigned, DHA-Cloud (Microsoft owned and operated cloud service) will be used as the default attestation service.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            
+          
         
         
-            TpmReadyStatus
-            
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    text/plain
-                
-            
+          TpmReadyStatus
+          
+            
+              
+            
+             Returns a bitmask of information describing the state of TPM. It indicates whether the TPM of the device is in a ready and trusted state.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+              10.0.14393
+              1.1
+            
+          
         
-    
-
+        
+          CurrentProtocolVersion
+          
+            
+              
+            
+            Provides the current protocol version that the client is using to communicate with the Health Attestation Service.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+              10.0.16299
+              1.3
+            
+          
+        
+        
+          PreferredMaxProtocolVersion
+          
+            
+              
+              
+            
+            3
+            Provides the maximum preferred protocol version that the client is configured to communicate over. If this is higher than the protocol versions supported by the client it will use the highest protocol version available to it.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+              10.0.16299
+              1.3
+            
+            
+            
+          
+        
+        
+          MaxSupportedProtocolVersion
+          
+            
+              
+            
+            Returns the maximum protocol version that this client can support.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+              10.0.16299
+              1.3
+            
+          
+        
+        
+          TriggerAttestation
+          
+            
+              
+            
+            Notifies the device to trigger an attestation session asynchronously.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+              99.9.99999
+              1.4
+            
+            
+            
+          
+        
+        
+          GetAttestReport
+          
+            
+              
+            
+            Retrieve attestation session report if exists.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              99.9.99999
+              1.4
+            
+          
+        
+        
+          AttestStatus
+          
+            
+              
+            
+            AttestStatus maintains the success or failure status code for the last attestation session.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+              99.9.99999
+              1.4
+            
+          
+        
+        
+          GetServiceCorrelationIDs
+          
+            
+              
+            
+            Retrieve service correlation IDs if exist.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              99.9.99999
+              1.4
+            
+          
+        
+      
+    
+  
+
+
 
 ```
 
diff --git a/windows/client-management/mdm/hotspot-csp.md b/windows/client-management/mdm/hotspot-csp.md
deleted file mode 100644
index 36a979715e..0000000000
--- a/windows/client-management/mdm/hotspot-csp.md
+++ /dev/null
@@ -1,209 +0,0 @@
----
-title: HotSpot CSP
-description: Learn how HotSpot configuration service provider (CSP) is used to configure and enable Internet sharing on a device.
-ms.assetid: ec49dec1-fa79-420a-a9a7-e86668b3eebf
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# HotSpot CSP
-
-
-The HotSpot configuration service provider is used to configure and enable Internet sharing on the device, in which the device can be configured to share its cellular connection over Wi-Fi with up to eight client devices or computers.
-
-> **Note**  HotSpot CSP is only supported in Windows 10 Mobile.
-> 
-> 
-> 
-> **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION capability to be accessed from a network configuration application.
-
- 
-
-The following diagram shows the HotSpot configuration service provider management object in tree format as used by OMA Client Provisioning. The OMA DM protocol is not supported by this configuration service provider.
-
-![hotspot csp (cp)](images/provisioning-csp-hotspot-cp.png)
-
-**Enabled**
-Required. Specifies whether to enable Internet sharing on the device. The default is false.
-
-If this is initially set to false, the feature is turned off and the Internet sharing screen is removed from Settings so that the user cannot access it. Configuration changes or connection sharing state changes will not be possible.
-
-When this is set to true, the Internet sharing screen is added to Settings, though sharing is turned off by default until the user turns it on.
-
-This setting can be provisioned over the air, but it may require a reboot if Settings was open when this was enabled for the first time.
-
-**DedicatedConnections**
-Optional. Specifies the semicolon separated list of Connection Manager cellular connections that Internet sharing will use as the public connections.
-
-By default, any available connection will be used as a public connection. However, this node allows a mobile operator to specify one or more connection names to use as public connections.
-
-Specified connections will be mapped, by policy, to the Internet sharing service. All attempts to enumerate Connection Manager connections for the Internet sharing service will return only the mapped connections.
-
-> **Note**   The mapping policy will also include the connection specified in the **TetheringNAIConnection** value as well.
-
- 
-
-If the specified connections do not exist, Internet sharing will not start because it will not have any cellular connections available to share
-
-If the Internet sharing service is already in a sharing state, setting this node will not take effect until sharing is stopped and restarted.
-
-**TetheringNAIConnection**
-Optional. Specifies the CDMA TetheringNAI Connection Manager cellular connection that Internet sharing will use as a public connection.
-
-If a CDMA mobile operator requires using a Tethering NAI during Internet sharing, they must use the [CM\_CellularEntries configuration service provider](cm-cellularentries-csp.md) to provision a TetheringNAI connection and then specify the provisioned connection in this node.
-
-Specified connections will be mapped, by policy, to the Internet sharing service. All attempts to enumerate Connection Manager connections for the Internet sharing service will return only the mapped connections.
-
-> **Note**   The mapping policy will also include the connections specified in the **DedicatedConnections** as well.
-
- 
-
-If the specified connections do not exist, Internet sharing will not start because it will not have any cellular connections available to share
-
-If the Internet sharing service is already in a sharing state, setting this node will not take effect until sharing is stopped and restarted.
-
-**MaxUsers**
-Optional. Specifies the maximum number of simultaneous users that can be connected to a device while in a sharing state. The value must be between 1 and 8 inclusive. The default value is 5.
-
-If the Internet sharing service is already in a sharing state, setting this node will not take effect until sharing is stopped and restarted.
-
-**MaxBluetoothUsers**
-Optional. Specifies the maximum number of simultaneous Bluetooth users that can be connected to a device while sharing over Bluetooth. The value must be between 1 and 7 inclusive. The default value is 7.
-
-**MOHelpNumber**
-Optional. A mobile operator–specified device number that is displayed to the user when the Internet sharing service fails to start. The user interface displays a message informing the user that they can call the specified number for help.
-
-**MOInfoLink**
-Optional. A mobile operator–specified HTTP link that is displayed to the user when Internet sharing is disabled or the device is not entitled. The user interface displays a message informing the user that they can visit the specified link for more information about how to enable the feature.
-
-**MOAppLink**
-Optional. A Windows device application link that points to a preinstalled application, provided by the mobile operator, that will help a user to subscribe to the mobile operator’s Internet sharing service when Internet sharing is not provisioned or entitlement fails. The general format for the link is `app://MOapp`.
-
-**MOHelpMessage**
-Optional. Reference to a localized string, provided by the mobile operator, that is displayed when Internet sharing is not enabled due to entitlement failure. The node takes a language-neutral registry value string, which has the following form:
-
-`@,-`
-
-Where `` is the path to the resource dll that contains the string and `` is the string identifier. For more information on language-neutral string resource registry values, see [Using Registry String Redirection](/windows/win32/intl/using-registry-string-redirection) on MSDN.
-
-> **Note**  MOAppLink is required to use the MOHelpMessage setting.
-
- 
-
-**EntitlementRequired**
-Optional. Specifies whether the device requires an entitlement check to determine if Internet sharing should be enabled. This node is set to a Boolean value. The default value is **True**.
-
-By default the Internet sharing service will check entitlement every time an attempt is made to enable Internet sharing. Internet sharing should be set to **False** for carrier-unlocked devices.
-
-**EntitlementDll**
-Required if `EntitlementRequired` is set to true. The path to the entitlement DLL used to make entitlement checks that verify that the device is entitled to use the Internet sharing service on a mobile operator’s network. The value is a string that represents a valid file system path to the entitlement DLL. By default, the Internet sharing service fails entitlement checks if this setting is missing or empty. For more information, see [Creating an Entitlement DLL](#creating-entitlement-dll) later in this topic.
-
-**EntitlementInterval**
-Optional. The time interval, in seconds, between entitlement checks. The default value is 86,400 seconds (24 hours).
-
-If a periodic entitlement check fails, Internet sharing is automatically disabled.
-
-**PeerlessTimeout**
-Optional. The time-out period, in minutes, after which Internet sharing should automatically turn off if there are no longer any active clients. This node can be set to any value between 1 and 120 inclusive. A value of 0 is not supported. The default value is 5 minutes.
-
-A reboot may be required before changes to this node take effect.
-
-**PublicConnectionTimeout**
-Optional. The time-out value, in minutes, after which Internet sharing is automatically turned off if a cellular connection is not available. This node can be set to any value between 1 and 60 inclusive. The default value is 20 minutes. A time-out is required, so a value of 0 is not supported.
-
-Changes to this node require a reboot.
-
-**MinWifiKeyLength**
-> **Important**   This parm is no longer supported for Windows Phone 8.1. The enforced minimum allowed length of the Wi-Fi key is 8.
-
- 
-
-**MinWifiSSIDLength**
-> **Important**   This parm is no longer supported for Windows Phone 8.1. The enforced minimum allowed length of the Wi-Fi SSID is 1.
-
- 
-
-## Additional requirements for CDMA networks
-
-
-For CDMA networks that use a separate Network Access Identity (NAI) for Internet sharing, a new parm, TetheringNAI, has been added in the [CM\_CellularEntries configuration service provider](cm-cellularentries-csp.md) configuration service provider. The following sample demonstrates how to specify the connection.
-
-```xml
-
-    
-        
-            
-            
-            
-            
-        
-    
-    
-        
-        
-        
-    
-
-```
-
-> **Note**  CDMA devices are limited to one active data connection at a time. This means any application or service (such as email or MMS) that is bound to another connection may not work while Internet sharing is turned on.
-
- 
-
-## Creating an Entitlement DLL
-
-
-For mobile operator networks that require an entitlement check, the OEM must provide a DLL in the device image that implements a function with the following signature:
-
-`ICS_ENTITLEMENT_RESULT IsEntitled(void);`
-
-The `EntitlementDll` parm of the HotSpot configuration service provider must be set to a string that is the path to this DLL.
-
-The DLL must be code signed in a specific way, see [Sign binaries and packages](/previous-versions/windows/hardware/code-signing/dn789217(v=vs.85)).
-
-During an entitlement check the Internet Sharing service loads the specified DLL and then call the `IsEntitled` function. The function must connect to the server to perform any required validation, then return one of the following **ICS\_ENTITLEMENT\_RESULT** enumeration values.
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  ValueDescription
                  ENTITLEMENT_SUCCESS
                  The device is allowed to connect to the server.
                  ENTITLEMENT_FAILED
                  The device is not allowed to connect to the server
                  ENTITLEMENT_UNAVAILABLE
                  The entitlement check failed because the device could not contact the server or acquire a connection to verify entitlement.
                  
-
- 
-
-The definition for the **ICS\_ENTITLEMENT\_RESULT** is in the header file `IcsEntitlementh`, which ships with the Windows Adaptation Kit.
-
-## Related topics
-
-
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
diff --git a/windows/client-management/mdm/images/configlock-mem-createprofile.png b/windows/client-management/mdm/images/configlock-mem-createprofile.png
new file mode 100644
index 0000000000..f43f6b7ddb
Binary files /dev/null and b/windows/client-management/mdm/images/configlock-mem-createprofile.png differ
diff --git a/windows/client-management/mdm/images/configlock-mem-dev.png b/windows/client-management/mdm/images/configlock-mem-dev.png
new file mode 100644
index 0000000000..3ce6cd456d
Binary files /dev/null and b/windows/client-management/mdm/images/configlock-mem-dev.png differ
diff --git a/windows/client-management/mdm/images/configlock-mem-devstatus.png b/windows/client-management/mdm/images/configlock-mem-devstatus.png
new file mode 100644
index 0000000000..2e78bf58e5
Binary files /dev/null and b/windows/client-management/mdm/images/configlock-mem-devstatus.png differ
diff --git a/windows/client-management/mdm/images/configlock-mem-editrow.png b/windows/client-management/mdm/images/configlock-mem-editrow.png
new file mode 100644
index 0000000000..18595f86dc
Binary files /dev/null and b/windows/client-management/mdm/images/configlock-mem-editrow.png differ
diff --git a/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png b/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png
new file mode 100644
index 0000000000..1e315bc4b1
Binary files /dev/null and b/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png differ
diff --git a/windows/client-management/mdm/images/faq-max-devices.png b/windows/client-management/mdm/images/faq-max-devices.png
index bf101a0215..f2d177b92f 100644
Binary files a/windows/client-management/mdm/images/faq-max-devices.png and b/windows/client-management/mdm/images/faq-max-devices.png differ
diff --git a/windows/client-management/mdm/images/flow-configlock.png b/windows/client-management/mdm/images/flow-configlock.png
new file mode 100644
index 0000000000..4310537887
Binary files /dev/null and b/windows/client-management/mdm/images/flow-configlock.png differ
diff --git a/windows/client-management/mdm/images/maa-attestation-flow.png b/windows/client-management/mdm/images/maa-attestation-flow.png
new file mode 100644
index 0000000000..ac91ff242a
Binary files /dev/null and b/windows/client-management/mdm/images/maa-attestation-flow.png differ
diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/mdm/implement-server-side-mobile-application-management.md
index 08a455f462..35bed03a19 100644
--- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md
+++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md
@@ -18,17 +18,17 @@ The Windows version of mobile application management (MAM) is a lightweight solu
 
 ## Integration with Azure AD
 
-MAM on Windows is integrated with Azure Active Directory (Azure AD) identity service. The MAM service supports Azure AD integrated authentication for the user and the device during enrollment and the downloading of MAM policies. MAM integration with Azure AD is similar to mobile device management (MDM) integration. See [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md).  
+MAM on Windows is integrated with Azure Active Directory (Azure AD) identity service. The MAM service supports Azure AD-integrated authentication for the user and the device during enrollment and the downloading of MAM policies. MAM integration with Azure AD is similar to mobile device management (MDM) integration. See [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md).  
 
-MAM enrollment is integrated with adding a work account flow to a personal device. If both MAM and Azure AD integrated MDM services are provided in an organization, a users’ personal devices will be enrolled to MAM or MDM, depending on the user’s actions. If a user adds their work or school Azure AD account as a secondary account to the machine, their device will be enrolled to MAM. If a user joins their device to Azure AD, it will be enrolled to MDM.  In general, a device that has a personal account as its primary account is considered a personal device and should be enrolled to MAM. An Azure AD join, and enrollment to MDM, should be used to manage corporate devices.  
+MAM enrollment is integrated with adding a work account flow to a personal device. If both MAM and Azure AD-integrated MDM services are provided in an organization, a user's personal devices will be enrolled to MAM or MDM, depending on the user’s actions. If a user adds their work or school Azure AD account as a secondary account to the machine, their device will be enrolled to MAM. If a user joins their device to Azure AD, it will be enrolled to MDM.  In general, a device that has a personal account as its primary account is considered a personal device and should be enrolled to MAM. An Azure AD join, and enrollment to MDM, should be used to manage corporate devices.  
 
-On personal devices, users can add an Azure AD account as a secondary account to the device while keeping their personal account as primary. Users can add an Azure AD account to the device from a supported Azure AD integrated application, such as the next update of Microsoft Office 365 or Microsoft Office Mobile. Alternatively, users can add an Azure AD account from **Settings > Accounts > Access work or school**.  
+On personal devices, users can add an Azure AD account as a secondary account to the device while keeping their personal account as primary. Users can add an Azure AD account to the device from a supported Azure AD-integrated application, such as the next update of Microsoft Office 365 or Microsoft Office Mobile. Alternatively, users can add an Azure AD account from **Settings > Accounts > Access work or school**.  
 
 Regular non-admin users can enroll to MAM.  
 
 ## Integration with Windows Information Protection 
 
-MAM on Windows takes advantage of [built-in Windows Information Protection (WIP) policies](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, MAM limits enforcement of WIP policies to [enlightened apps](/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they do not handle personal data, and therefore it is safe for Windows to protect data on their behalf.  
+MAM on Windows takes advantage of [built-in Windows Information Protection (WIP) policies](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, MAM limits enforcement of WIP policies to [enlightened apps](/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they don't handle personal data, and therefore, it's safe for Windows to protect data on their behalf.  
 
 To make applications WIP-aware, app developers need to include the following data in the app resource file.  
 
@@ -42,22 +42,25 @@ To make applications WIP-aware, app developers need to include the following dat
 
 ## Configuring an Azure AD tenant for MAM enrollment
 
-MAM enrollment requires integration with Azure AD. The MAM service provider needs to publish the Management MDM app to the Azure AD app gallery. Starting with Azure AD in Windows 10, version 1703, the same cloud-based Management MDM app will support both MDM and MAM enrollments. If you have already published your MDM app, it needs to be updated to include MAM Enrollment and Terms of use URLs. The screenshot below illustrates the management app for an IT admin configuration.  
+MAM enrollment requires integration with Azure AD. The MAM service provider needs to publish the Management MDM app to the Azure AD app gallery. With Azure AD in Windows 10, version 1703, onward, the same cloud-based Management MDM app will support both MDM and MAM enrollments. If you've already published your MDM app, it needs to be updated to include MAM Enrollment and Terms of use URLs. The screenshot below illustrates the management app for an IT admin configuration.  
 
-![Mobile application management app](images/implement-server-side-mobile-application-management.png)
+:::image type="content" alt-text="Mobile application management app." source="images/implement-server-side-mobile-application-management.png":::
 
-MAM and MDM services in an organization could be provided by different vendors. Depending on the company configuration, IT admin typically needs to add one or two Azure AD Management apps to configure MAM and MDM policies. For example, if both MAM and MDM are provided by the same vendor, then an IT Admin needs to add one Management app from this vendor that will contain both MAM and MDM policies for the organization. Alternatively, if the MAM and MDM services in an organization are provided by two different vendors, then two Management apps from the two vendors need to be configured for the company in Azure AD: one for MAM and one for MDM. Please note: if the MDM service in an organization is not integrated with Azure AD and uses auto-discovery, only one Management app for MAM needs to be configured.  
+MAM and MDM services in an organization could be provided by different vendors. Depending on the company configuration, IT admin typically needs to add one or two Azure AD Management apps to configure MAM and MDM policies. For example, if both MAM and MDM are provided by the same vendor, then an IT Admin needs to add one Management app from this vendor that will contain both MAM and MDM policies for the organization. Alternatively, if the MAM and MDM services in an organization are provided by two different vendors, then two Management apps from the two vendors need to be configured for the company in Azure AD: one for MAM and one for MDM. 
+
+> [!NOTE]
+> If the MDM service in an organization isn't integrated with Azure AD and uses auto-discovery, only one Management app for MAM needs to be configured.  
 
 ## MAM enrollment
 
 MAM enrollment is based on the MAM extension of [[MS-MDE2] protocol](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692). MAM enrollment supports Azure AD [federated authentication](federated-authentication-device-enrollment.md) as the only authentication method.  
 
 Below are protocol changes for MAM enrollment:  
-- MDM discovery is not supported.  
+- MDM discovery isn't supported.  
 - APPAUTH node in [DMAcc CSP](dmacc-csp.md) is optional.
-- MAM enrollment variation of [MS-MDE2] protocol does not support the client authentication certificate, and therefore does not support the [MS-XCEP] protocol. Servers must use an Azure AD token for client authentication during policy syncs. Policy sync sessions must be performed over one-way SSL using server certificate authentication. 
+- MAM enrollment variation of [MS-MDE2] protocol doesn't support the client authentication certificate, and therefore doesn't support the [MS-XCEP] protocol. Servers must use an Azure AD token for client authentication during policy syncs. Policy sync sessions must be performed over one-way SSL using server certificate authentication. 
 
-Here is an example provisioning XML for MAM enrollment.  
+Here's an example provisioning XML for MAM enrollment.  
 
 ```xml
  
@@ -97,10 +100,10 @@ MAM on Windows supports the following configuration service providers (CSPs). Al
 
 MAM supports device lock policies similar to MDM. The policies are configured by DeviceLock area of Policy CSP and PassportForWork CSP. 
 
-We do not recommend configuring both Exchange ActiveSync (EAS) and MAM policies for the same device. However, if both are configured, the client will behave as follows: 
+We don't recommend configuring both Exchange ActiveSync (EAS) and MAM policies for the same device. However, if both are configured, the client will behave as follows: 
 
-- When EAS policies are sent to a device that already has MAM policies, Windows evaluates whether the existing MAM policies are compliant with the configured EAS policies and reports compliance to EAS.
-- If the device is found to be compliant, EAS will report compliance to the server to allow mail to sync. MAM supports mandatory EAS policies only. Checking EAS compliance does not require device admin rights.
+- When EAS policies are sent to a device that already has MAM policies, Windows evaluates whether the existing MAM policies are compliant with the configured EAS policies, and reports compliance with EAS.
+- If the device is found to be compliant, EAS will report compliance with the server to allow mail to sync. MAM supports mandatory EAS policies only. Checking EAS compliance doesn't require device admin rights.
 - If the device is found to be non-compliant, EAS will enforce its own policies to the device and the resultant set of policies will be a superset of both. Applying EAS policies to the device requires admin rights.
 - If a device that already has EAS policies is enrolled to MAM, the device will have both sets of policies: MAM and EAS, and the resultant set of policies will be a superset of both.
 
@@ -110,10 +113,10 @@ MAM policy syncs are modeled after MDM. The MAM client uses an Azure AD token to
 
 ## Change MAM enrollment to MDM
 
-Windows does not support applying both MAM and MDM policies to the same devices. If configured by the admin, a user can change his MAM enrollment to MDM.
+Windows doesn't support applying both MAM and MDM policies to the same devices. If configured by the admin, users can change their MAM enrollment to MDM.
 
 > [!NOTE]
-> When users upgrade from MAM to MDM on Windows Home edition, they lose access to WIP. On Windows Home edition, we do not recommend pushing MDM policies to enable users to upgrade.
+> When users upgrade from MAM to MDM on Windows Home edition, they lose access to WIP. On Windows Home edition, we don't recommend pushing MDM policies to enable users to upgrade.
 
 To configure MAM device for MDM enrollment, the admin needs to configure the MDM Discovery URL in the DMClient CSP. This URL will be used for MDM enrollment.
 
@@ -123,46 +126,14 @@ In the process of changing MAM enrollment to MDM, MAM policies will be removed f
 - EDP CSP Enterprise ID is the same for both MAM and MDM.
 - EDP CSP RevokeOnMDMHandoff is set to false.
 
-If the MAM device is properly configured for MDM enrollment, then the Enroll only to device management link will be displayed in **Settings > Accounts > Access work or school**. The user can select this link, provide their credentials, and the enrollment will be changed to MDM. Their Azure AD account will not be affected.
+If the MAM device is properly configured for MDM enrollment, then the Enroll only to device management link will be displayed in **Settings > Accounts > Access work or school**. The user can select this link, provide their credentials, and the enrollment will be changed to MDM. Their Azure AD account won't be affected.
 
 ## Skype for Business compliance with MAM
 
-We have updated Skype for Business to work with MAM. The following table explains Office release channels and release dates for Skype for Business compliance with the MAM feature.
+We've updated Skype for Business to work with MAM. The following table explains Office release channels and release dates for Skype for Business compliance with the MAM feature.
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  





                  Update channelPrimary purposeLOB Tattoo availabilityDefault update channel for the products
                  Current channelProvide pilot users and application compatibility testers the opportunity to test the next Deferred Channel. March 9 2017
                  Visio Pro for Office 365
                  
-
                  Project Desktop Client
                  
-
                  Microsoft 365 Apps for business (the version of Office that comes with some Microsoft 365 plans, such as Business Premium.)
                  Deferred channelProvide users with new features of Office only a few times a year.October 10 2017Microsoft 365 Apps for enterprise
                  First release for Deferred channelProvide pilot users and application compatibility testers the opportunity to test the next Deferred Channel. June 13 2017
                  
\ No newline at end of file
+|Update channel|Primary purpose|LOB Tattoo availability|Default update channel for the products|
+|--- |--- |--- |--- |
+|[Current channel](/deployoffice/overview-update-channels#BKMK_CB)|Provide pilot users and application compatibility testers the opportunity to test the next Deferred Channel.|March 9 2017|Visio Pro for Office 365
                  Project Desktop Client
                  Microsoft 365 Apps for business (the version of Office that comes with some Microsoft 365 plans, such as Business Premium.)|
+|[Deferred channel](/deployoffice/overview-update-channels#BKMK_CBB)|Provide users with new features of Office only a few times a year.|October 10 2017|Microsoft 365 Apps for enterprise|
+|[First release for deferred channel](/deployoffice/overview-update-channels#BKMK_FRCBB)|Provide pilot users and application compatibility testers the opportunity to test the next Deferred Channel.|June 13 2017||
diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md
index 4339466ef0..7fe9cd95eb 100644
--- a/windows/client-management/mdm/index.md
+++ b/windows/client-management/mdm/index.md
@@ -1,6 +1,6 @@
 ---
 title: Mobile device management
-description: Windows 10 provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy
+description: Windows 10 and Windows 11 provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy
 MS-HAID:
 - 'p\_phDeviceMgmt.provisioning\_and\_device\_management'
 - 'p\_phDeviceMgmt.mobile\_device\_management\_windows\_mdm'
@@ -10,51 +10,49 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: dansimp
+ms.collection: highpri
 ---
 
 # Mobile device management
 
+Windows 10 and Windows 11 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users' privacy on their personal devices. A built-in management component can communicate with the management server.
 
-Windows 10 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users’ privacy on their personal devices. A built-in management component can communicate with the management server.
-
-There are two parts to the Windows 10 management component:
+There are two parts to the Windows management component:
 
 -   The enrollment client, which enrolls and configures the device to communicate with the enterprise management server.
 -   The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT.
 
-Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a third-party server proxy that supports the protocols outlined in this document to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 10 users. MDM servers do not need to create or download a client to manage Windows 10. For details about the MDM protocols, see [\[MS-MDM\]: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692).
+Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a third-party server proxy that supports the protocols outlined in this document to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 10 users. MDM servers don't need to create or download a client to manage Windows 10. For details about the MDM protocols, see [\[MS-MDM\]: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692).
 
 ## MDM security baseline
 
-With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM security baseline that functions like the Microsoft GP-based security baseline. You can easily integrate this baseline into any MDM to support IT pros’ operational needs, addressing security concerns for modern cloud-managed devices.
-
-> [!NOTE]
->Intune support for the MDM security baseline is coming soon.
+With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM security baseline that functions like the Microsoft GP-based security baseline. You can easily integrate this baseline into any MDM to support IT pros' operational needs, addressing security concerns for modern cloud-managed devices.
 
 The MDM security baseline includes policies that cover the following areas:
 
-- Microsoft inbox security technology (not deprecated) such as BitLocker, Windows Defender SmartScreen, and DeviceGuard (virtual-based security), ExploitGuard, Defender, and Firewall
+- Microsoft inbox security technology (not deprecated) such as BitLocker, Windows Defender SmartScreen, and Device Guard (virtual-based security), Exploit Guard, Microsoft Defender Antivirus, and Firewall
 - Restricting remote access to devices
 - Setting credential requirements for passwords and PINs
 - Restricting use of legacy technology
 - Legacy technology policies that offer alternative solutions with modern technology
 - And much more
 
-For more details about the MDM policies defined in the MDM security baseline and what Microsoft’s recommended baseline policy values are, see:
+For more details about the MDM policies defined in the MDM security baseline and what Microsoft's recommended baseline policy values are, see:
 
+- [MDM Security baseline for Windows 11](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/Windows11-MDM-SecurityBaseLine-Document.zip)
 - [MDM Security baseline for Windows 10, version 2004](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/2004-MDM-SecurityBaseLine-Document.zip)
 - [MDM Security baseline for Windows 10, version 1909](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1909-MDM-SecurityBaseLine-Document.zip)
 - [MDM Security baseline for Windows 10, version 1903](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1903-MDM-SecurityBaseLine-Document.zip)
 
 - [MDM Security baseline for Windows 10, version 1809](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip)
 
-For information about the MDM policies defined in the Intune security baseline public preview, see [Windows security baseline settings for Intune](/intune/security-baseline-settings-windows).
+For information about the MDM policies defined in the Intune security baseline, see [Windows security baseline settings for Intune](/mem/intune/protect/security-baseline-settings-mdm-all).
 
 
 
 ## Learn about migrating to MDM
 
-When an organization wants to move to MDM to manage devices, they should prepare by analyzing their current Group Policy settings to see what they need to transition to MDM management. Microsoft created the [MDM Migration Analysis Tool](https://aka.ms/mmat/) (MMAT) to help. MMAT determines which Group Policies have been set for a target user or computer and then generates a report that lists the level of support for each policy settings in MDM equivalents. For more information, see [MMAT Instructions](https://github.com/WindowsDeviceManagement/MMAT/blob/master/MDM%20Migration%20Analysis%20Tool%20Instructions.pdf).
+When an organization wants to move to MDM to manage devices, they should prepare by analyzing their current Group Policy settings to see what they need to transition to MDM management. Microsoft created the [MDM Migration Analysis Tool](https://aka.ms/mmat/) (MMAT) to help. MMAT determines which Group Policies have been set for a target user or computer and then generates a report that lists the level of support for each policy setting in MDM equivalents. For more information, see [MMAT Instructions](https://github.com/WindowsDeviceManagement/MMAT/blob/master/MDM%20Migration%20Analysis%20Tool%20Instructions.pdf).
 
 
 ## Learn about device enrollment
@@ -84,6 +82,3 @@ When an organization wants to move to MDM to manage devices, they should prepare
 -   [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md)
 -   [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md)
 -   [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal)
-
- 
-
diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
index 12e50c7af7..d210a1ee7e 100644
--- a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
+++ b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
@@ -11,7 +11,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/27/2017
 ---
 
@@ -21,63 +21,52 @@ The Microsoft Store for Business has a new web service designed for the enterpri
 
 Here's the list of the available capabilities:
 
--   Support for enterprise identities – Enables end users within an organization to use the identity that has been provided to them within the organization. This enables an organization to retain control of the application and eliminates the need for an organization to maintain another set of identities for their users.
+-   Support for enterprise identities – Enables end users within an organization to use the identity that has been provided to them within the organization. This feature enables an organization to keep control of the application and eliminates the need for an organization to maintain another set of identities for their users.
 -   Bulk acquisition support of applications – Enables an IT administrator to acquire applications in bulk. IT departments can now take control over the procurement and distribution of applications. Previously, users acquire applications manually.
--   License reclaim and re-use – Enables an enterprise to retain value in their purchases by allowing the ability to un-assign access to an application, and then reassign the application to another user. In Microsoft Store today, when a user with a Microsoft account leaves the organization he retains ownership of the application.
--   Flexible distribution models for Microsoft Store apps – Allows the enterprise to integrate with an organization's infrastructure the processes to distribute applications to devices that are connected to Store for Business services and to devices without connectivity to the Store for Business services.
--   Custom Line of Business app support –Enables management and distribution of enterprise applications through the Store for Business.
--   Support for Windows desktop and mobile devices - The Store for Business supports both desktop and mobile devices.
+-   License reclaim and reuse – Enables an enterprise to keep value in their purchases by allowing the ability to unassign access to an application, and then reassign the application to another user. In Microsoft Store today, when a user with a Microsoft account leaves the organization, they keep ownership of the application.
+-   Flexible distribution models for Microsoft Store apps – Allows enterprises to integrate with an organization's infrastructure. It also allows the processes to distribute applications to devices that are connected to Store for Business services and to devices without connectivity to the Store for Business services.
+-   Custom Line of Business app support – Enables management and distribution of enterprise applications through the Store for Business.
+-   Support for Windows client devices - The Store for Business supports client devices.
 
-For additional information about Store for Business, see the TechNet topics in [Microsoft Store for Business](/microsoft-store/).
+For more information, see [Microsoft Store for Business and Education](/microsoft-store/).
 
 ## Management services
 
-The Store for Business provides services that enable a management tool to synchronize new and updated applications on behalf of an organization. Once synchronized, you can distribute new and updated applications using the Windows Management framework. The services provides several capabilities including providing application data, the ability to assign and reclaim applications, and the ability to download offline-licensed application packages.
+The Store for Business provides services that enable a management tool to synchronize new and updated applications for an organization. Once synchronized, you can distribute new and updated applications using the Windows Management framework. The services provide several features, including providing application data, can assign and reclaim applications, and can download offline-licensed application packages.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
                  



                  Application data
                  The Store for Business service provides metadata for the applications that have been acquired via the Store for Business. This includes the application identifier that is used to deploy online license applications, artwork for an application that is used to create a company portal, and localized descriptions for applications.
                  Licensing models
                  Offline vs. Online
                  
-
                  Online-licensed applications require connectivity to the Microsoft Store. Users require an Azure Active Directory identity and rely on the store services on the device to be able to acquire an application from the store. It is similar to how applications are acquired from the Microsoft Store using a Microsoft account. Assigning or reclaiming seats for an application require a call to the Store for Business services.
                  
-
                  Offline-licensed applications enable an organization to use the application for imaging and for devices that may not have connectivity to the store or may not have Azure Active Directory. Offline-licensed application do not require connectivity to the store, however it can be updated directly from the store if the device has connectivity and the app update policies allow updates to be distributed via the store.
                  
+- **Application data**: The Store for Business service provides metadata for the applications that have been acquired via the Store for Business. This metadata includes:
+  - The application identifier that's used to deploy online license applications
+  - Artwork for an application that's used to create a company portal
+  - Localized descriptions for applications
 
- 
+- **Licensing models**:
+
+  - **Online-licensed** applications require connectivity to the Microsoft Store. Users require an Azure Active Directory identity, and rely on the store services on the device to get an application from the store. It's similar to how applications are acquired from the Microsoft Store using a Microsoft account. Assigning or reclaiming seats for an application require a call to the Store for Business services.
+  - **Offline-licensed** applications enable an organization to use the application for imaging and for devices that may not have connectivity to the store or may not have Azure Active Directory. Offline-licensed applications don't require connectivity to the store. It can be updated directly from the store if the device has connectivity, and the app update policies allow updates to be distributed using the store.
 
 ### Offline-licensed application distribution
 
-The following diagram provides an overview of app distribution from acquisition of an offline-licensed application to distribution to a client. Once synchronized from the Store for Business, the management tool can use the Windows management framework to distribute applications to devices.
+The following diagram is an overview of app distribution, from getting an offline-licensed application to distributing to clients. Once the applications are synchronized from the Store for Business, the management tool can use the Windows management framework to distribute applications to devices.
 
-![business store offline app distribution](images/businessstoreportalservices2.png)
+![business store offline app distribution.](images/businessstoreportalservices2.png)
 
 ### Online-licensed application distribution
 
-The following diagram provides an overview of app distribution from acquisition of an online-licensed application to distribution to a client. Once synchronized from the Store for Business, the management tool can use the Windows management framework to distribute applications to devices. For online-licensed applications, the management tool calls back into the Store for Business management services to assign an application prior to issuing the policy to install the application.
+The following diagram is an overview of app distribution, from getting an online-licensed application to distributing to clients. Once the applications are synchronized from the Store for Business, the management tool can use the Windows management framework to distribute applications to devices. For online-licensed applications, the management tool calls back into the Store for Business management services to assign an application before issuing the policy to install the application.
 
-![business store online app distribution](images/businessstoreportalservices3.png)
+![business store online app distribution.](images/businessstoreportalservices3.png)
 
 ## Integrate with Azure Active Directory
 
-The Store for Business services rely on Azure Active Directory for authentication. The management tool must be registered as an Azure AD application within an organization tenant to authenticate against the Store for Business.
+The Store for Business services use Azure Active Directory for authentication. The management tool must be registered as an Azure AD application within an organization tenant to authenticate against the Store for Business.
 
-To learn more about Azure AD and how to register your application within Azure AD, here are some topics to get you started:
+The following articles have more information about Azure AD, and how to register your application within Azure AD:
 
 -   Adding an application to Azure Active Directory - [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md)
 -   Accessing other Web applications and configuring your application to access other APIs - [Integrating Applications with Azure Active Directory](/azure/active-directory/develop/quickstart-register-app)
 -   Authenticating to the Store for Business services via Azure AD - [Authentication Scenarios for Azure Active Directory](/azure/active-directory/develop/authentication-vs-authorization)
 
-For code samples, see [Microsoft Azure Active Directory Samples and Documentation](https://go.microsoft.com/fwlink/p/?LinkId=623024) in GitHub. Patterns are very similar to [Daemon-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=623025) and [ConsoleApp-GraphAPI-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=623026).
+For code samples, see [Microsoft Azure Active Directory Samples and Documentation](https://go.microsoft.com/fwlink/p/?LinkId=623024) in GitHub. Patterns are similar to [Daemon-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=623025) and [ConsoleApp-GraphAPI-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=623026).
 
 ## Configure your Azure AD application
 
@@ -89,23 +78,21 @@ MTS requires calls to be authenticated using an Azure AD OAuth bearer token. The
 
 Here are the details for requesting an authorization token:
 
--   Login Authority = https://login.windows.net/\
--   Resource/audience\* = https://onestore.microsoft.com
--   ClientId = your AAD application client id
--   ClientSecret = your AAD application client secret/key
-
-\* The token audience URI is meant as an identifier of the application for which the token is being generated, and it is not a URL for a service endpoint or a web-page.
+-   Login Authority = `https://login.windows.net/`
+-   Resource/audience = `https://onestore.microsoft.com`: The token audience URI is an application identifier for which the token is being generated. It's not a URL for a service endpoint or a web page.
+-   ClientId = your Azure AD application client ID
+-   ClientSecret = your Azure AD application client secret/key
 
 ## Using the management tool
 
-After registering your management tool with Azure AD, the management tool can call into the management services. There are a couple of call patterns:
+After you register your management tool with Azure AD, the management tool can call into the management services. There are a couple of call patterns:
 
 -   First the ability to get new or updated applications.
 -   Second the ability to assign or reclaim applications.
 
 The diagram below shows the call patterns for acquiring a new or updated application.
 
-![business store portal service flow diagram](images/businessstoreportalservicesflow.png)
+![business store portal service flow diagram.](images/businessstoreportalservicesflow.png)
 
 **Here is the list of available operations**:
 
diff --git a/windows/client-management/mdm/maps-csp.md b/windows/client-management/mdm/maps-csp.md
deleted file mode 100644
index 2fa6bccaa3..0000000000
--- a/windows/client-management/mdm/maps-csp.md
+++ /dev/null
@@ -1,175 +0,0 @@
----
-title: Maps CSP
-description: The Maps configuration service provider (CSP) is used to configure the maps to download to the device. This CSP was added in Windows 10, version 1511.
-ms.assetid: E5157296-7C31-4B08-8877-15304C9F6F26
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# Maps CSP
-
-
-The Maps configuration service provider (CSP) is used to configure the maps to download to the device. This CSP was added in Windows 10, version 1511.
-
-> **Note**  The Maps CSP is only supported in Windows 10 Mobile.
-
- 
-
-The following shows the Maps configuration service provider in tree format.
-```
-./Vendor/MSFT
-Maps
-----Packages
---------Package
-------------Status
-```
-**Maps**  
-Root node.
-
-**Packages**  
-Represents the map packages installed on the device.
-
-**Packages/***Package*  
-A GUID that represents a map package. When you add a *Package* node, Windows adds it to the queue for download to the device. See the table below for the list of various maps and corresponding GUIDS.
-
-**Packages/*Package*/Status**  
-Represents the stat of the package installed on the device.
-
-Valid values:
-
--   1 - the specified map package is queued for download.
--   2 - the specified map package is downloading or installed.
-
-Supported operation is Get. If the map is neither queued, downloading, or installed, then you will get a 404 from a Get request.
-
-## Examples
-
-
-Here is a list of GUIDs of the most downloaded reqions.
-
-| Region                        | GUID                                 |
-|-------------------------------|--------------------------------------|
-| **Germany**                   |                                      |
-| Baden-Wuerttemberg            | bab02b93-31c4-413a-b0fe-95a43e186d8c |
-| Bavaria                       | dceea482-12e9-458e-9f0f-21def9a70ed7 |
-| Berlin/Brandenburg            | d8a80d64-07ef-4145-82e5-97910f1012df |
-| Hesse                         | b28e2071-678b-4671-8eff-97e1c124f2fb |
-| Lower Saxony/Bremen           | e3ac0f21-7209-4f42-93bf-a0d12c7df2e5 |
-| Mecklenburg-Western Pomerania | 75760c3d-e651-4b4a-abfb-c22e2bf1ed93 |
-| North Rhine-Westphalia        | 3846905a-891e-46a9-bc6a-53ec43edcab0 |
-| Rhineland-Palatinate/Saarland | b4c18bb5-1bfe-4da8-a951-833046e37c90 |
-| Saxony                        | 8899e1a8-fc79-4f3a-a591-85f15dfb1adb |
-| Saxony-Anhalt                 | fdd9a3eb-4253-4c4b-b34d-66265775518d |
-| Schleswig-Holstein/Hamburg    | 74d868dd-99a7-492f-93ee-2b9c0a6b7ebc |
-| Thuringia                     | 399a3387-a545-4249-9925-04660426ef1c |
-| **United Kingdom**            |                                      |
-| England                       | bf612bb8-4094-4158-ac06-96171fa7ffdf |
-| Northern Ireland              | 07f1d10f-cd72-4801-912a-7ba75ef5a627 |
-| Scotland                      | cade44ea-4421-4023-9498-bf1f92025c9e |
-| Wales                         | 869f9131-e3c7-41df-b106-9d787c633a10 |
-| **USA**                       |                                      |
-| Alabama                       | 4fdaabf4-0160-4075-b7ad-7a8a71e69e7e |
-| Alaska                        | f691e35f-a6b9-4d6c-b657-0f092d5f2f0e |
-| Arizona                       | 4a179b8e-c993-4c4b-a242-51f69068d73b |
-| Arkansas                      | 4d152d48-92aa-4696-b8b2-c0bbacd421b6 |
-| California                    | 1859bd60-854a-40e3-9216-6e9cf1fcfdce |
-| Colorado                      | d7b4de3d-370c-44dc-8dc7-dcafe676d5ff |
-| Connecticut                   | 47fbdbe0-6c4d-4966-9a02-8decc94a5a1c |
-| Delaware                      | b2882156-e75c-4bdf-8f9f-45cbfac6b915 |
-| Florida                       | 1769c37c-f22a-4212-bd4b-47036693b034 |
-| Georgia                       | ad34ec5d-d84c-42fa-bec1-fe6143d2e68d |
-| Hawaii                        | 4019c8a1-0d8f-43c6-baa6-7ff5a7888f21 |
-| Idaho                         | 008d318b-5004-4e13-a4a4-f520e7969026 |
-| Illinois                      | a2c35505-daf5-432d-a4df-544a5c2987c2 |
-| Indiana                       | 4c3b6963-e380-45a9-8b25-2bdc4ce1ab26 |
-| Iowa                          | e07df1bc-01e6-4ffb-9a20-a142a6d38218 |
-| Kansas                        | 3397467d-3fb9-4ded-b6ad-3ab7313f8ff1 |
-| Kentucky                      | bc751324-a591-4ecd-b27a-af15b5518051 |
-| Louisiana                     | d11a119c-9e25-40d9-aef9-ed2f161113b0 |
-| Maine                         | db5e6077-f4dd-4548-b50e-ebd147d20c37 |
-| Maryland                      | 17739d09-a70a-4a23-859c-eabc57418d2f |
-| Massachusetts                 | d168d0d5-7683-45a4-afd4-767fd1359ad8 |
-| Michigan                      | 0abd961b-9602-4a2e-b093-c43a2a80aab5 |
-| Minnesota                     | 2946ed46-b171-4e38-9278-e33a6967f143 |
-| Mississippi                   | 78a38671-a8e8-48f1-a23b-3576df370437 |
-| Missouri                      | 5c885acb-5fdc-4305-84f1-e18d3163724b |
-| Montana                       | baf84353-89cf-4abd-9226-b932fd2294a4 |
-| Nebraska                      | e389c2f8-41a0-4121-a654-77c52fbd61ed |
-| Nevada                        | 8c321bdc-8e37-4be6-96e0-1d85c77c89f0 |
-| New Hampshire                 | 38c35895-98ce-4ee4-bb47-7291b5e8543a |
-| New Jersey                    | 70b1d647-ff93-415f-b2be-da06ee800516 |
-| New Mexico                    | b434ea36-03ca-405c-8332-044b602e7b49 |
-| New York                      | 93f2ba61-e03d-4b30-9be3-6e10728302d4 |
-| North Carolina                | d07208ed-50da-42f2-bade-cb26f283e113 |
-| North Dakota                  | 8c6f0ebb-f282-431e-b4be-8faca5f12be0 |
-| Ohio                          | 36553594-8197-497f-911e-f1cd976c2e00 |
-| Oklahoma                      | 4e3a77ff-9dca-4add-93e9-2a9d6bc244a6 |
-| Oregon                        | cf99c8ce-1b11-4972-9e12-f8c2717ade98 |
-| Pennsylvania                  | cb7c0dea-1f9d-41ae-b81c-e683488d260c |
-| Rhode Island                  | 737c2fca-efd3-4f5a-9359-0c301ecc0813 |
-| South Carolina                | c0a5542f-5efb-49ae-9d80-3914faa4cf77 |
-| South Dakota                  | dbd8268b-7502-4f71-ba1c-2d452d496b18 |
-| Tennessee                     | b51f7ae4-9eac-4a2b-b605-c2f9736b3481 |
-| Texas                         | 4cc26a23-596f-4164-b9c2-ce0267b1ada7 |
-| Utah                          | 50b2e947-e7b3-41b2-b595-8446f3f425ca |
-| Vermont                       | a888d9cc-9f2a-4f18-a00a-15fa860d355d |
-| Virginia                      | bfb4cce0-8fa5-4e70-a3c7-a69adce17fc9 |
-| Washington                    | 1734acf4-3f87-47db-aec2-2b24c08f5a60 |
-| Washington D.C.               | 271328d6-8409-4975-ba8c-ba44e02fd3e0 |
-| West Virginia                 | 638b6499-749b-4908-bfe6-1b9dcf5eb675 |
-| Wisconsin                     | 0b5a98f7-489d-4a07-859b-4e01fe9e1b32 |
-| Wyoming                       | 360e0c25-a3bb-4e29-939a-3631eae46e9a |
-
- 
-
-Here is an example queuing a map package of New York for download.
-
-```xml
-
-    
-       
-            1
-            
-                
-                    ./Vendor/MSFT/Maps/Packages/93f2ba61-e03d-4b30-9be3-6e10728302d4
-                
-            
-        
-        
-    
-
-```
-
-Here is an example that gets the status of the New York map package on the device.
-
-```xml
-
-    
-       
-            1
-            
-                
-                    ./Vendor/MSFT/Maps/Packages/93f2ba61-e03d-4b30-9be3-6e10728302d4/Status
-                
-            
-        
-        
-    
-
-```
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/maps-ddf-file.md b/windows/client-management/mdm/maps-ddf-file.md
deleted file mode 100644
index 517d02109c..0000000000
--- a/windows/client-management/mdm/maps-ddf-file.md
+++ /dev/null
@@ -1,125 +0,0 @@
----
-title: Maps DDF file
-description: This topic shows the OMA DM device description framework (DDF) for the Maps configuration service provider. This CSP was added in Windows 10, version 1511.
-ms.assetid: EF22DBB6-0578-4FD0-B8A6-19DC03288FAF
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 12/05/2017
----
-
-# Maps DDF file
-
-
-This topic shows the OMA DM device description framework (DDF) for the Maps configuration service provider. This CSP was added in Windows 10, version 1511.
-
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-
-The XML below is the current version for this CSP.
-
-```xml
-
-]>
-
-    1.2
-    
-        Maps
-        ./Vendor/MSFT
-        
-            
-                
-            
-            
-                
-            
-            
-                
-            
-            
-                
-            
-            
-                
-            
-        
-        
-            Packages
-            
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-            
-            
-                
-                
-                    
-                        
-                        
-                    
-                    
-                        
-                    
-                    
-                        
-                    
-                    
-                        
-                    
-                    Package
-                    
-                        
-                    
-                
-                
-                    Status
-                    
-                        
-                            
-                        
-                        
-                            
-                        
-                        
-                            
-                        
-                        
-                            
-                        
-                        
-                            text/plain
-                        
-                    
-                
-            
-        
-    
-
-```
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index d1e7b033f2..632623eed5 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -12,6 +12,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: dansimp
+ms.collection: highpri
 ---
 
 # MDM enrollment of Windows 10-based devices
@@ -23,32 +24,32 @@ In today’s cloud-first world, enterprise IT departments increasingly want to l
 
 ## Connect corporate-owned Windows 10-based devices
 
-You can connect corporate-owned devices to work by either joining the device to an Active Directory domain, or to an Azure Active Directory (Azure AD) domain. Windows 10 does not require a personal Microsoft account on devices joined to Azure AD or an on-premises Active Directory domain.
+You can connect corporate-owned devices to work by either joining the device to an Active Directory domain, or to an Azure Active Directory (Azure AD) domain. Windows 10 doesn't require a personal Microsoft account on devices joined to Azure AD or an on-premises Active Directory domain.
 
-![active directory azure ad signin](images/unifiedenrollment-rs1-1.png)
+![active directory azure ad signin.](images/unifiedenrollment-rs1-1.png)
 
 ### Connect your device to an Active Directory domain (join a domain)
 
 Devices running Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education can be connected to an Active Directory domain using the Settings app.
 
 > [!NOTE]
-> Mobile devices cannot be connected to an Active Directory domain.
+> Mobile devices can't be connected to an Active Directory domain.
 
 ### Out-of-box-experience 
 
-Joining your device to an Active Directory domain during the out-of-box-experience (OOBE) is not supported. To join a domain:
+Joining your device to an Active Directory domain during the out-of-box-experience (OOBE) isn't supported. To join a domain:
 
 1.  On the **Who Owns this PC?** page, select **My work or school owns it**.
 
-    ![oobe local account creation](images/unifiedenrollment-rs1-2.png)
+    ![oobe creation of a local account](images/unifiedenrollment-rs1-2.png)
 
 2.  Next, select **Join a domain**.
 
-    ![select domain or azure ad](images/unifiedenrollment-rs1-3.png)
+    ![select domain or azure-ad](images/unifiedenrollment-rs1-3.png)
 
 3.  You'll see a prompt to set up a local account on the device. Enter your local account details, and then select **Next** to continue.
 
-    ![create pc account](images/unifiedenrollment-rs1-4.png)
+    ![create pc account.](images/unifiedenrollment-rs1-4.png)
 
 ### Use the Settings app
 
@@ -56,38 +57,38 @@ To create a local account and connect the device:
 
 1.  Launch the Settings app.
 
-    ![windows settings page](images/unifiedenrollment-rs1-5.png)
+    ![windows settings screen](images/unifiedenrollment-rs1-5.png)
 
 2.  Next, select **Accounts**.
 
-    ![windows settings accounts select](images/unifiedenrollment-rs1-6.png)
+    ![windows settings accounts chosen](images/unifiedenrollment-rs1-6.png)
 
 3.  Navigate to **Access work or school**.
 
-    ![select access work or school](images/unifiedenrollment-rs1-7.png)
+    ![choose access work or school](images/unifiedenrollment-rs1-7.png)
 
 4.  Select **Connect**.
 
-    ![connect to work or school](images/unifiedenrollment-rs1-8.png)
+    ![connect to work or to school](images/unifiedenrollment-rs1-8.png)
 
 5.  Under **Alternate actions**, select **Join this device to a local Active Directory domain**.
 
-    ![join account to active directory domain](images/unifiedenrollment-rs1-9.png)
+    ![join account to active directory domain.](images/unifiedenrollment-rs1-9.png)
 
 6.  Type in your domain name, follow the instructions, and then select **Next** to continue. After you complete the flow and restart your device, it should be connected to your Active Directory domain. You can now sign in to the device using your domain credentials.
 
-    ![type in domain name](images/unifiedenrollment-rs1-10.png)
+    ![type in domain name.](images/unifiedenrollment-rs1-10.png)
 
 ### Help with connecting to an Active Directory domain
 
-There are a few instances where your device cannot be connected to an Active Directory domain.
+There are a few instances where your device can't be connected to an Active Directory domain.
 
 | Connection issue                                                | Description                                                                                                                                                                                                               |
 |-----------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Your device is already connected to an Active Directory domain. | Your device can only be connected to a single Active Directory domain at a time.                                                                                                                                          |
-| Your device is connected to an Azure AD domain.                 | Your device can either be connected to an Azure AD domain or an Active Directory domain. You cannot connect to both simultaneously.                                                                                       |
-| You are logged in as a standard user.                           | Your device can only be connected to an Azure AD domain if you are logged in as an administrative user. You’ll need to switch to an administrator account to continue.                                                    |
-| Your device is running Windows 10 Home.                         | This feature is not available on Windows 10 Home, so you will be unable to connect to an Active Directory domain. You will need to upgrade to Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education to continue. |
+| Your device is connected to an Azure AD domain.                 | Your device can either be connected to an Azure AD domain or an Active Directory domain. You can't connect to both simultaneously.                                                                                       |
+| You're logged in as a standard user.                           | Your device can only be connected to an Azure AD domain if you're logged in as an administrative user. You’ll need to switch to an administrator account to continue.                                                    |
+| Your device is running Windows 10 Home.                         | This feature isn't available on Windows 10 Home, so you'll be unable to connect to an Active Directory domain. You'll need to upgrade to Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education to continue. |
 
  
 
@@ -101,19 +102,19 @@ To join a domain:
 
 1.  Select **My work or school owns it**, then select **Next.**
 
-    ![oobe local account creation](images/unifiedenrollment-rs1-11.png)
+    ![oobe - local account creation](images/unifiedenrollment-rs1-11.png)
 
 2.  Select **Join Azure AD**, and then select **Next.**
 
-    ![select domain or azure ad](images/unifiedenrollment-rs1-12.png)
+    ![choose the domain or azure ad](images/unifiedenrollment-rs1-12.png)
 
-3.  Type in your Azure AD username. This is the email address you use to log into Microsoft Office 365 and similar services.
+3.  Type in your Azure AD username. This username is the email address you use to log into Microsoft Office 365 and similar services.
 
-    If the tenant is a cloud-only, password hash sync, or pass-through authentication tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly on this page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as Active Directory Federation Services (AD FS) for authentication.
+    If the tenant is a cloud-only, password hash sync, or pass-through authentication tenant, this page will change to show the organization's custom branding, and you'll be able to enter your password directly on this page. If the tenant is part of a federated domain, you'll be redirected to the organization's on-premises federation server, such as Active Directory Federation Services (AD FS) for authentication.
 
-    Based on IT policy, you may also be prompted to provide a second factor of authentication at this point. If your Azure AD tenant has auto-enrollment configured, your device will also be enrolled into MDM during this flow. For more information, see [these steps](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md). If your tenant is not configured for auto-enrollment, you will have to go through the enrollment flow a second time to connect your device to MDM. After you complete the flow, your device will be connected to your organization’s Azure AD domain.
+    Based on IT policy, you may also be prompted to provide a second factor of authentication at this point. If your Azure AD tenant has auto-enrollment configured, your device will also be enrolled into MDM during this flow. For more information, see [these steps](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md). If your tenant isn't configured for auto-enrollment, you'll have to go through the enrollment flow a second time to connect your device to MDM. After you complete the flow, your device will be connected to your organization’s Azure AD domain.
 
-    ![azure ad signin](images/unifiedenrollment-rs1-13.png)
+    ![azure ad signin.](images/unifiedenrollment-rs1-13.png)
 
 ### Use the Settings app
 
@@ -121,57 +122,57 @@ To create a local account and connect the device:
 
 1.  Launch the Settings app.
 
-    ![windows settings page](images/unifiedenrollment-rs1-14.png)
+    ![screen displaying windows settings](images/unifiedenrollment-rs1-14.png)
 
 2.  Next, navigate to **Accounts**.
 
-    ![windows settings accounts select](images/unifiedenrollment-rs1-15.png)
+    ![choose windows settings accounts](images/unifiedenrollment-rs1-15.png)
 
 3.  Navigate to **Access work or school**.
 
-    ![select access work or school](images/unifiedenrollment-rs1-16.png)
+    ![choose option of access work or school](images/unifiedenrollment-rs1-16.png)
 
 4.  Select **Connect**.
 
-    ![connect to work or school](images/unifiedenrollment-rs1-17.png)
+    ![Option of connect to work or school](images/unifiedenrollment-rs1-17.png)
 
-5.  Under **Alternate Actions**, selct **Join this device to Azure Active Directory**.
+5.  Under **Alternate Actions**, select **Join this device to Azure Active Directory**.
 
-    ![join work or school account to azure ad](images/unifiedenrollment-rs1-18.png)
+    ![option to join work or school account to azure ad](images/unifiedenrollment-rs1-18.png)
 
-6.  Type in your Azure AD username. This is the email address you use to log into Office 365 and similar services.
+6.  Type in your Azure AD username. This username is the email address you use to log into Office 365 and similar services.
 
-    ![azure ad sign in](images/unifiedenrollment-rs1-19.png)
+    ![azure ad sign in.](images/unifiedenrollment-rs1-19.png)
 
-7.  If the tenant is a cloud-only, password hash sync, or pass-through authentication tenant, this page changes to show the organization's custom branding, and you can enter your password directly on this page. If the tenant is part of a federated domain, you are redirected to the organization's on-premises federation server, such as AD FS, for authentication.
+7.  If the tenant is a cloud-only, password hash sync, or pass-through authentication tenant, this page changes to show the organization's custom branding, and you can enter your password directly on this page. If the tenant is part of a federated domain, you're redirected to the organization's on-premises federation server, such as AD FS, for authentication.
 
     Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
 
-    If your Azure AD tenant has auto-enrollment configured, your device will also be enrolled into MDM during this flow. For more information, see [this blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/). If your tenant is not configured for auto-enrollment, you will have to go through the enrollment flow a second time to connect your device to MDM.
+    If your Azure AD tenant has auto-enrollment configured, your device will also be enrolled into MDM during this flow. For more information, see [this blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/). If your tenant isn't configured for auto-enrollment, you'll have to go through the enrollment flow a second time to connect your device to MDM.
 
-    After you reach the end of the flow, your device should be connected to your organization’s Azure AD domain. You may now log out of your current account and sign in using your Azure AD username.
+    After you reach the end of the flow, your device should be connected to your organization’s Azure AD domain. You may now sign out of your current account and sign in using your Azure AD username.
 
-    ![corporate sign in](images/unifiedenrollment-rs1-20.png)
+    ![corporate sign in screen](images/unifiedenrollment-rs1-20.png)
 
 ### Help with connecting to an Azure AD domain
 
-There are a few instances where your device cannot be connected to an Azure AD domain.
+There are a few instances where your device can't be connected to an Azure AD domain.
 
 | Connection issue                                                | Description                                                                                                                                                                                                                |
 |-----------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Your device is connected to an Azure AD domain.                 | Your device can only be connected to a single Azure AD domain at a time.                                                                                                                                                   |
-| Your device is already connected to an Active Directory domain. | Your device can either be connected to an Azure AD domain or an Active Directory domain. You cannot connect to both simultaneously.                                                                                        |
-| Your device already has a user connected to a work account.     | You can either connect to an Azure AD domain or connect to a work or school account. You cannot connect to both simultaneously.                                                                                            |
-| You are logged in as a standard user.                           | Your device can only be connected to an Azure AD domain if you are logged in as an administrative user. You’ll need to switch to an administrator account to continue.                                                     |
+| Your device is already connected to an Active Directory domain. | Your device can either be connected to an Azure AD domain or an Active Directory domain. You can't connect to both simultaneously.                                                                                        |
+| Your device already has a user connected to a work account.     | You can either connect to an Azure AD domain or connect to a work or school account. You can't connect to both simultaneously.                                                                                            |
+| You're logged in as a standard user.                           | Your device can only be connected to an Azure AD domain if you're logged in as an administrative user. You’ll need to switch to an administrator account to continue.                                                     |
 | Your device is already managed by MDM.                          | The connect to Azure AD flow will attempt to enroll your device into MDM if your Azure AD tenant has a preconfigured MDM endpoint. Your device must be unenrolled from MDM to be able to connect to Azure AD in this case. |
-| Your device is running Windows 10 Home.                         | This feature is not available on Windows 10 Home, so you will be unable to connect to an Azure AD domain. You will need to upgrade to Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education to continue.          |
+| Your device is running Windows 10 Home.                         | This feature isn't available on Windows 10 Home, so you'll be unable to connect to an Azure AD domain. You'll need to upgrade to Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education to continue.          |
 
  
 
 ## Connect personally owned devices 
 
 
-Personally owned devices, also known as bring your own device (BYOD), can be connected to a work or school account, or to MDM. Windows 10 does not require a personal Microsoft account on devices to connect to work or school.
+Personally owned devices, also known as bring your own device (BYOD), can be connected to a work or school account, or to MDM. Windows 10 doesn't require a personal Microsoft account on devices to connect to work or school.
 
 ### Connect to a work or school account
 
@@ -183,33 +184,33 @@ To create a local account and connect the device:
 
 1.  Launch the Settings app, and then select **Accounts** >**Start** > **Settings** > **Accounts**.
 
-    ![windows settings page](images/unifiedenrollment-rs1-21-b.png)
+    ![screen of windows settings](images/unifiedenrollment-rs1-21-b.png)
 
 2.  Navigate to **Access work or school**.
 
-    ![select access work or school](images/unifiedenrollment-rs1-23-b.png)
+    ![user's option of access work or school](images/unifiedenrollment-rs1-23-b.png)
 
 3.  Select **Connect**.
 
-    ![connect to work or school](images/unifiedenrollment-rs1-24-b.png)
+    ![connect button to access the option of work or school.](images/unifiedenrollment-rs1-24-b.png)
 
-4.  Type in your Azure AD username. This is the email address you use to log into Office 365 and similar services.
+4.  Type in your Azure AD username. This username is the email address you use to log into Office 365 and similar services.
 
-    ![join work or school account to azure ad](images/unifiedenrollment-rs1-25-b.png)
+    ![sync work or school account to azure ad.](images/unifiedenrollment-rs1-25-b.png)
 
-5.  If the tenant is a cloud-only, password hash sync, or pass-through authentication tenant, this page changes to show the organization's custom branding, and can enter your password directly into the page. If the tenant is part of a federated domain, you are redirected to the organization's on-premises federation server, such as AD FS, for authentication.
+5.  If the tenant is a cloud-only, password hash sync, or pass-through authentication tenant, this page changes to show the organization's custom branding, and can enter your password directly into the page. If the tenant is part of a federated domain, you're redirected to the organization's on-premises federation server, such as AD FS, for authentication.
 
     Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
 
-    If your Azure AD tenant has auto-enrollment configured, your device will also be enrolled into MDM during this flow. For more information, see [this blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/). If your tenant is not configured for auto-enrollment, you will have to go through the enrollment flow a second time to connect your device to MDM.
+    If your Azure AD tenant has auto-enrollment configured, your device will also be enrolled into MDM during this flow. For more information, see [this blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/). If your tenant isn't configured for auto-enrollment, you'll have to go through the enrollment flow a second time to connect your device to MDM.
 
-    Starting in Windows 10, version 1709, you will see the status page that shows the progress of your device being set up.
+    Starting in Windows 10, version 1709, you'll see the status page that shows the progress of your device being set up.
 
-    ![corporate sign in](images/unifiedenrollment-rs1-26.png)
+    ![corporate sign in - screen and option](images/unifiedenrollment-rs1-26.png)
 
 6.  After you complete the flow, your Microsoft account will be connected to your work or school account.
 
-    ![account successfully added](images/unifiedenrollment-rs1-27.png)
+    ![account successfully added.](images/unifiedenrollment-rs1-27.png)
 
 ### Connect to MDM on a desktop (enrolling in device management)
 
@@ -221,29 +222,29 @@ To create a local account and connect the device:
 
 1. Launch the Settings app.
 
-   ![windows settings page](images/unifiedenrollment-rs1-28.png)
+   ![screen that displays windows settings](images/unifiedenrollment-rs1-28.png)
 
 2. Next, navigate to **Accounts**.
 
-   ![windows settings accounts page](images/unifiedenrollment-rs1-29.png)
+   ![windows settings accounts page.](images/unifiedenrollment-rs1-29.png)
 
 3. Navigate to **Access work or school**.
 
-   ![access work or school](images/unifiedenrollment-rs1-30.png)
+   ![access work or school.](images/unifiedenrollment-rs1-30.png)
 
 4. Select the **Enroll only in device management** link (available in servicing build 14393.82, KB3176934). For older builds, see [Connect your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link).
 
-   ![connect to work or school](images/unifiedenrollment-rs1-31.png)
+   ![connect to work or school screen](images/unifiedenrollment-rs1-31.png)
 
 5. Type in your work email address.
 
-   ![set up work or school account](images/unifiedenrollment-rs1-32.png)
+   ![set up work or school account screen](images/unifiedenrollment-rs1-32.png)
 
-6. If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you’ll be presented with a new window that will ask you for additional authentication information.
+6. If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you’ll be presented with a new window that will ask you for more authentication information.
 
-   Based on IT policy, you may also be prompted to provide a second factor of authentication at this point. Starting in Windows 10, version 1709, you will see the enrollment progress on screen.
+   Based on IT policy, you may also be prompted to provide a second factor of authentication at this point. Starting in Windows 10, version 1709, you'll see the enrollment progress on screen.
 
-   ![corporate sign in](images/unifiedenrollment-rs1-33-b.png)
+   ![screen to set up your device](images/unifiedenrollment-rs1-33-b.png)
 
    After you complete the flow, your device will be connected to your organization’s MDM.
    
@@ -254,10 +255,10 @@ There are a few instances where your device may not be able to connect to work.
 | Error Message                                                                                                                                                                              | Description                                                                                         |
 |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
 | Your device is already connected to your organization’s cloud.                                                                                                                             | Your device is already connected to either Azure AD, a work or school account, or an AD domain.     |
-| We could not find your identity in your organization’s cloud.                                                                                                                              | The username you entered was not found on your Azure AD tenant.                                     |
+| We couldn't find your identity in your organization’s cloud.                                                                                                                              | The username you entered wasn't found on your Azure AD tenant.                                     |
 | Your device is already being managed by an organization.                                                                                                                                   | Your device is either already managed by MDM or Microsoft Endpoint Configuration Manager.                |
-| You don’t have the right privileges to perform this operation. Please talk to your admin.                                                                                                  | You cannot enroll your device into MDM as a standard user. You must be on an administrator account. |
-| We couldn’t auto-discover a management endpoint matching the username entered. Please check your username and try again. If you know the URL to your management endpoint, please enter it. | You need to provide the server URL for your MDM or check the spelling of the username you entered.  |
+| You don’t have the right privileges to perform this operation. Talk to your admin.                                                                                                  | You can't enroll your device into MDM as a standard user. You must be on an administrator account. |
+| We couldn’t auto-discover a management endpoint matching the username entered. Check your username and try again. If you know the URL to your management endpoint, enter it. | You need to provide the server URL for your MDM or check the spelling of the username you entered.  |
 
  
 ## Connect your Windows 10-based device to work using a deep link
@@ -276,10 +277,10 @@ The deep link used for connecting your device to work will always use the follow
 | mode      | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| Mobile Device Management (MDM), Adding Work Account (AWA), and Azure Active Directory Joined (AADJ).                                       |
 |username  | Specifies the email address or UPN of the user who should be enrolled into MDM. Added in Windows 10, version 1703. | string |
 | servername | Specifies the MDM server URL that will be used to enroll the device. Added in Windows 10, version 1703. | string|
-| accesstoken | Custom parameter for MDM servers to use as they see fit. Typically, this can be used as a token to validate the enrollment request. Added in Windows 10, version 1703. | string |
-| deviceidentifier | Custom parameter for MDM servers to use as they see fit. Typically, this can be used to pass in a unique device identifier. Added in Windows 10, version 1703. | GUID |
-| tenantidentifier | Custom parameter for MDM servers to use as they see fit. Typically, this can be used to identify which tenant the device or user belongs to. Added in Windows 10, version 1703. | GUID or string |
-| ownership | Custom parameter for MDM servers to use as they see fit. Typically, this can be used to determine whether the device is BYOD or Corp Owned. Added in Windows 10, version 1703. | 1, 2, or 3. Where "1" means ownership is unknown, "2" means the device is personally owned, and "3" means the device is corporate-owned |
+| accesstoken | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used as a token to validate the enrollment request. Added in Windows 10, version 1703. | string |
+| deviceidentifier | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used to pass in a unique device identifier. Added in Windows 10, version 1703. | GUID |
+| tenantidentifier | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used to identify which tenant the device or user belongs to. Added in Windows 10, version 1703. | GUID or string |
+| ownership | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used to determine whether the device is BYOD or Corp Owned. Added in Windows 10, version 1703. | 1, 2, or 3. Where "1" means ownership is unknown, "2" means the device is personally owned, and "3" means the device is corporate-owned |
 
 > [!NOTE]
 > AWA and AADJ values for mode are only supported on Windows 10, version 1709 and later. 
@@ -290,17 +291,17 @@ The deep link used for connecting your device to work will always use the follow
 > [!NOTE]
 > Deep links only work with Internet Explorer or Microsoft Edge browsers. When connecting to MDM using a deep link, the URI you should use is:
 > **ms-device-enrollment:?mode=mdm** 
-> **ms-device-enrollment:?mode=mdm&username=someone@example.com&servername=**
+> **ms-device-enrollment:?mode=mdm&username=someone@example.com&servername=<`https://example.server.com`>**
 
 To connect your devices to MDM using deep links:
 
 1.  Starting with Windows 10, version 1607, create a link to launch the built-in enrollment app using the URI **ms-device-enrollment:?mode=mdm**, and user-friendly display text, such as **Click here to connect Windows to work**:
 
-    (Be aware that this will launch the flow equivalent to the Enroll into the device management option in Windows 10, version 1511.)
+    (This link will launch the flow equivalent to the Enroll into the device management option in Windows 10, version 1511.)
 
     - IT admins can add this link to a welcome email that users can select to enroll into MDM.
 
-      ![using enrollment deeplink in email](images/deeplinkenrollment1.png)
+      ![using enrollment deeplink in email.](images/deeplinkenrollment1.png)
 
     - IT admins can also add this link to an internal web page that users refer to enrollment instructions.
 
@@ -308,44 +309,44 @@ To connect your devices to MDM using deep links:
 
     Type in your work email address.
 
-    ![set up work or school account](images/deeplinkenrollment3.png)
+    ![set up a work or school account screen](images/deeplinkenrollment3.png)
 
-3.  If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you’ll be presented with a new window that will ask you for additional authentication information. Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
+3.  If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you’ll be presented with a new window that will ask you for more authentication information. Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
 
     After you complete the flow, your device will be connected to your organization's MDM.
 
-    ![corporate sign in](images/deeplinkenrollment4.png)
+    ![corporate sign-in screen](images/deeplinkenrollment4.png)
 
 ## Manage connections
 
 
 To manage your work or school connections, select **Settings** > **Accounts** > **Access work or school**. Your connections will show on this page and selecting one will expand options for that connection.
 
-![managing work or school account](images/unifiedenrollment-rs1-34-b.png)
+![managing work or school account.](images/unifiedenrollment-rs1-34-b.png)
 
 ### Info
 
-The **Info** button can be found on work or school connections involving MDM. This includes the following scenarios:
+The **Info** button can be found on work or school connections involving MDM. This button is included in the following scenarios:
 
 -   Connecting your device to an Azure AD domain that has auto-enroll into MDM configured.
 -   Connecting your device to a work or school account that has auto-enroll into MDM configured.
 -   Connecting your device to MDM.
 
-Selecting the **Info** button will open a new page in the Settings app that provides details about your MDM connection. You’ll be able to view your organization’s support information (if configured) on this page. You’ll also be able to start a sync session which forces your device to communicate to the MDM server and fetch any updates to policies if needed.
+Selecting the **Info** button will open a new page in the Settings app that provides details about your MDM connection. You’ll be able to view your organization’s support information (if configured) on this page. You’ll also be able to start a sync session that forces your device to communicate to the MDM server and fetch any updates to policies if needed.
 
-Starting in Windows 10, version 1709, selecting the **Info** button will show a list of policies and line-of-business apps installed by your organization. Here is an example screenshot.
+Starting in Windows 10, version 1709, selecting the **Info** button will show a list of policies and line-of-business apps installed by your organization. Here's an example screenshot.
 
-![work or school info](images/unifiedenrollment-rs1-35-b.png)
+![work or school info.](images/unifiedenrollment-rs1-35-b.png)
 
 > [!NOTE]
 > Starting in Windows 10, version 1709, the **Manage** button is no longer available. 
 
 ### Disconnect
 
-The **Disconnect** button can be found on all work connections. Generally, selecting the **Disconnect** button will remove the connection from the device. There are a few exceptions to this:
+The **Disconnect** button can be found on all work connections. Generally, selecting the **Disconnect** button will remove the connection from the device. There are a few exceptions to this functionality:
 
--   Devices that enforce the AllowManualMDMUnenrollment policy will not allow users to remove MDM enrollments. These connections must be removed by a server-initiated unenroll command.
--   On mobile devices, you cannot disconnect from Azure AD. These connections can only be removed by wiping the device.
+-   Devices that enforce the AllowManualMDMUnenrollment policy won't allow users to remove MDM enrollments. These connections must be removed by a server-initiated unenroll command.
+-   On mobile devices, you can't disconnect from Azure AD. These connections can only be removed by wiping the device.
 
 > [!WARNING]
 > Disconnecting might result in the loss of data on the device.
@@ -355,9 +356,9 @@ The **Disconnect** button can be found on all work connections. Generally, selec
 
 You can collect diagnostic logs around your work connections by going to **Settings** > **Accounts** > **Access work or school**, and then selecting the **Export your management logs** link under **Related Settings**. Next, select **Export**, and follow the path displayed to retrieve your management log files.
 
-Starting in Windows 10, version 1709, you can get the advanced diagnostic report by going to **Settings** > **Accounts** > **Access work or school**, and selecting the **Info** button. At the bottom of the Settings page, you will see the button to create a report, as shown here.
+Starting in Windows 10, version 1709, you can get the advanced diagnostic report by going to **Settings** > **Accounts** > **Access work or school**, and selecting the **Info** button. At the bottom of the Settings page, you'll see the button to create a report, as shown here.
 
-![collecting enrollment management log files](images/unifiedenrollment-rs1-37-c.png)
+![collecting enrollment management log files.](images/unifiedenrollment-rs1-37-c.png)
 
  
 
diff --git a/windows/client-management/mdm/messaging-csp.md b/windows/client-management/mdm/messaging-csp.md
index e9383e871f..b50647fabd 100644
--- a/windows/client-management/mdm/messaging-csp.md
+++ b/windows/client-management/mdm/messaging-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ms.reviewer: 
 manager: dansimp
@@ -15,42 +15,51 @@ manager: dansimp
 
 The Messaging configuration service provider is used to configure the ability to get text messages audited on a mobile device. This CSP was added in Windows 10, version 1703.
 
-The following diagram shows the Messaging configuration service provider in tree format.
+The following shows the Messaging configuration service provider in tree format.
 
-![messaging csp](images/provisioning-csp-messaging.png)
+```console
+./User/Vendor/MSFT
+Messaging
+----AuditingLevel
+----Auditing
+--------Messages
+----------Count
+----------RevisionId
+----------Data
+```
 
 **./User/Vendor/MSFT/Messaging**  
 
-
                  Root node for the Messaging configuration service provider.
                  
+
                  Root node for the Messaging configuration service provider.
                  
 
 **AuditingLevel**  
-
                  Turns on the "Text" auditing feature.
                  
-
                  The following list shows the supported values:
                  
+
                  Turns on the "Text" auditing feature.
                  
+
                  The following list shows the supported values:
                  
 
                    
 
                  • 0 (Default) - Off
                    • 
 
                  • 1 - On
                    • 
 
                  
-
                  Supported operations are Get and Replace.
                  
+
                  Supported operations are Get and Replace.
                  
 
 **Auditing**  
-
                  Node for auditing.
                  
-
                  Supported operation is Get.
                  
+
                  Node for auditing.
                  
+
                  Supported operation is Get.
                  
 
 **Messages**  
-
                  Node for messages.
                  
-
                  Supported operation is Get.
                  
+
                  Node for messages.
                  
+
                  Supported operation is Get.
                  
 
 **Count**  
-
                  The number of messages to return in the Data setting. The default is 100.
                  
-
                  Supported operations are Get and Replace.
                  
+
                  The number of messages to return in the Data setting. The default is 100.
                  
+
                  Supported operations are Get and Replace.
                  
 
 **RevisionId**  
-
                  Retrieves messages whose revision ID is greater than RevisionId.
                  
-
                  Supported operations are Get and Replace.
                  
+
                  Retrieves messages whose revision ID is greater than RevisionId.
                  
+
                  Supported operations are Get and Replace.
                  
 
 **Data**  
-
                  The JSON string of text messages on the device.
                  
-
                  Supported operations are Get and Replace.
                  
+
                  The JSON string of text messages on the device.
                  
+
                  Supported operations are Get and Replace.
                  
 
 
 **SyncML example**
diff --git a/windows/client-management/mdm/messaging-ddf.md b/windows/client-management/mdm/messaging-ddf.md
index 22207f104b..efdad0e72a 100644
--- a/windows/client-management/mdm/messaging-ddf.md
+++ b/windows/client-management/mdm/messaging-ddf.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/mobile-device-enrollment.md b/windows/client-management/mdm/mobile-device-enrollment.md
index 32f9b5ee66..7a55677360 100644
--- a/windows/client-management/mdm/mobile-device-enrollment.md
+++ b/windows/client-management/mdm/mobile-device-enrollment.md
@@ -8,8 +8,9 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/11/2017
+ms.collection: highpri
 ---
 
 # Mobile device enrollment
@@ -32,7 +33,7 @@ The enrollment process includes the following steps:
 
 ## Enrollment protocol
 
-There are a number of changes made to the enrollment protocol to better support a variety of scenarios across all platforms. For detailed information about the mobile device enrollment protocol, see [\[MS-MDM\]: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347).
+There are many changes made to the enrollment protocol to better support various scenarios across all platforms. For detailed information about the mobile device enrollment protocol, see [\[MS-MDM\]: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347).
 
 The enrollment process involves the following steps:
 
@@ -55,7 +56,7 @@ The following topics describe the end-to-end enrollment process using various au
 -   [On-premise authentication device enrollment](on-premise-authentication-device-enrollment.md)
 
 > [!Note]
-> As a best practice, do not use hardcoded server-side checks on values such as:
+> As a best practice, don't use hardcoded server-side checks on values such as:
 > -   User agent string
 > -   Any fixed URIs that are passed during enrollment
 > -   Specific formatting of any value unless otherwise noted, such as the format of the device ID.
@@ -66,33 +67,22 @@ Devices that are joined to an on-premises Active Directory can enroll into MDM v
 
 ## Disable MDM enrollments
 
-Starting in Windows 10, version 1607, IT admin can disable MDM enrollments for domain-joined PCs using Group Policy. Using the GP editor, the path is **Computer configuration** > **Administrative Templates** > **Windows Components** > **MDM** > **Disable MDM Enrollment**.
+In Windows 10 and Windows 11, IT admin can disable MDM enrollments for domain-joined PCs using Group Policy. With the GP editor being used, the path is **Computer configuration** > **Administrative Templates** > **Windows Components** > **MDM** > **Disable MDM Enrollment**.
 
-![Disable MDM enrollment policy in GP Editor](images/mdm-enrollment-disable-policy.png)
+![Disable MDM enrollment policy in GP Editor.](images/mdm-enrollment-disable-policy.png)
 
-Here is the corresponding registry key:
+Here's the corresponding registry key:
 
-Key: \\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\MDM
+HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM
 
 Value: DisableRegistration
 
 ## Enrollment scenarios not supported
 
-The following scenarios do not allow MDM enrollments:
+The following scenarios don't allow MDM enrollments:
 
--   Built-in administrator accounts on Windows desktop cannot enroll into MDM.
--   Standard users cannot enroll in MDM. Only admin users can enroll.
--   Windows 8.1 devices enrolled into MDM via enroll-on-behalf-of (EOBO) can upgrade to Windows 10, but the enrollment is not supported. We recommend performing a server initiated unenroll to remove these enrollments and then enrolling after the upgrade to Windows 10 is completed.
-
-## Enrollment migration
-
-**Desktop:** After the MDM client upgrade from Windows 8.1 to Windows 10, enrollment migration starts at the first client-initiated sync with the MDM service. The enrollment migration start time depends on the MDM server configuration. For example, for Intune it runs every 6 hours.
-
-Until the enrollment migration is completed, the user interface will show no enrollment and server push will not work.
-
-To manually trigger enrollment migration, you can run MDMMaintenenceTask.
-
-**Mobile devices:** After the MDM client upgrade from Windows Phone 8.1 to Windows 10 Mobile, enrollment migration is performed during the first boot after the upgrade.
+- Built-in administrator accounts on Windows desktop can't enroll into MDM.
+- Standard users can't enroll in MDM. Only admin users can enroll.
 
 ## Enrollment error messages
 
@@ -121,77 +111,51 @@ The enrollment server can decline enrollment messages using the SOAP Fault forma
 
 ```
 
-
-------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  






                  NamespaceSubcodeErrorDescriptionHRESULT
                  s:
                  MessageFormat
                  MENROLL_E_DEVICE_MESSAGE_FORMAT_ERROR
                  Message format is bad
                  80180001
                  s:
                  Authentication
                  MENROLL_E_DEVICE_AUTHENTICATION_ERROR
                  User not recognized
                  80180002
                  s:
                  Authorization
                  MENROLL_E_DEVICE_AUTHORIZATION_ERROR
                  User not allowed to enroll
                  80180003
                  s:
                  CertificateRequest
                  MENROLL_E_DEVICE_CERTIFCATEREQUEST_ERROR
                  Failed to get certificate
                  80180004
                  s:
                  EnrollmentServer
                  MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR
                  80180005
                  a:
                  InternalServiceFault
                  MENROLL_E_DEVICE_INTERNALSERVICE_ERROR
                  The server hit an unexpected issue
                  80180006
                  a:
                  InvalidSecurity
                  MENROLL_E_DEVICE_INVALIDSECURITY_ERROR
                  Cannot parse the security header
                  80180007
                  
+**Sample error messages**
 
-In Windows 10, version 1507, we added the deviceenrollmentserviceerror element. Here is an example:
+- **Namespace**: `s:`
+  - **Subcode**: MessageFormat
+  - **Error**: MENROLL_E_DEVICE_MESSAGE_FORMAT_ERROR
+  - **Description**: Invalid message from the Mobile Device Management (MDM) server.
+  - **HRESULT**: 80180001
+
+- **Namespace**: `s:`
+  - **Subcode**: Authentication
+  - **Error**: MENROLL_E_DEVICE_AUTHENTICATION_ERROR
+  - **Description**: The Mobile Device Management (MDM) server failed to authenticate the user. Try again or contact your system administrator.
+  - **HRESULT**: 80180002
+
+- **Namespace**: `s:`
+  - **Subcode**: Authorization
+  - **Error**: MENROLL_E_DEVICE_AUTHORIZATION_ERROR
+  - **Description**: The user isn't authorized to enroll to Mobile Device Management (MDM). Try again or contact your system administrator.
+  - **HRESULT**: 80180003
+
+- **Namespace**: `s:`
+  - **Subcode**: CertificateRequest
+  - **Error**: MENROLL_E_DEVICE_CERTIFICATEREQUEST_ERROR
+  - **Description**: The user has no permission for the certificate template or the certificate authority is unreachable. Try again or contact your system administrator.
+  - **HRESULT**: 80180004
+
+- **Namespace**: `s:`
+  - **Subcode**: EnrollmentServer
+  - **Error**: MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR
+  - **Description**: The Mobile Device Management (MDM) server encountered an error. Try again or contact your system administrator.
+  - **HRESULT**: 80180005
+
+- **Namespace**: `a:`
+  - **Subcode**: InternalServiceFault
+  - **Error**: MENROLL_E_DEVICE_INTERNALSERVICE_ERROR
+  - **Description**: There was an unhandled exception on the Mobile Device Management (MDM) server. Try again or contact your system administrator.
+  - **HRESULT**: 80180006
+
+- **Namespace**: `a:`
+  - **Subcode**: InvalidSecurity
+  - **Error**: MENROLL_E_DEVICE_INVALIDSECURITY_ERROR
+  - **Description**: The Mobile Device Management (MDM) server was not able to validate your account. Try again or contact your system administrator.
+  - **HRESULT**: 80180007
+
+In Windows 10, version 1507, we added the deviceenrollmentserviceerror element. Here's an example:
 
 ```xml
 
@@ -223,72 +187,48 @@ In Windows 10, version 1507, we added the deviceenrollmentserviceerror element.
 
 ```
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  





                  SubcodeErrorDescriptionHRESULT
                  DeviceCapReached
                  MENROLL_E_DEVICECAPREACHED
                  User already enrolled in too many devices. Delete or unenroll old ones to fix this error. The user can fix it without admin help.
                  80180013
                  DeviceNotSupported
                  MENROLL_E_DEVICENOTSUPPORTED
                  Specific platform (e.g. Windows) or version is not supported. There is no point retrying or calling admin. User could upgrade device.
                  80180014
                  NotSupported
                  MENROLL_E_NOTSUPPORTED
                  Mobile device management generally not supported (would save an admin call)
                  80180015
                  NotEligibleToRenew
                  MENROLL_E_NOTELIGIBLETORENEW
                  Device is trying to renew but server rejects the request. Client might show notification for this if Robo fails. Check time on device. The user can fix it by re-enrolling.
                  80180016
                  InMaintenance
                  MENROLL_E_INMAINTENANCE
                  Account is in maintenance, retry later. The user can retry later, but they may need to contact the admin because they would not know when problem is solved.
                  80180017
                  UserLicense
                  MENROLL_E_USERLICENSE
                  License of user is in bad state and blocking the enrollment. The user needs to call the admin.
                  80180018
                  InvalidEnrollmentData
                  MENROLL_E_ENROLLMENTDATAINVALID
                  The server rejected the enrollment data. The server may not be configured correctly.
                  80180019
                  
+**Sample error messages**
 
-TraceID is a freeform text node which is logged. It should identify the server side state for this enrollment attempt. This information may be used by support to look up why the server declined the enrollment.
+- **Subcode**: DeviceCapReached
+  - **Error**: MENROLL_E_DEVICECAPREACHED
+  - **Description**: The account has too many devices enrolled to Mobile Device Management (MDM). Delete or unenroll old devices to fix this error.
+  - **HRESULT**: 80180013
+
+- **Subcode**: DeviceNotSupported
+  - **Error**: MENROLL_E_DEVICENOTSUPPORTED
+  - **Description**: The Mobile Device Management (MDM) server doesn't support this platform or version, consider upgrading your device.
+  - **HRESULT**: 80180014
+
+- **Subcode**: NotSupported
+  - **Error**: MENROLL_E_NOT_SUPPORTED
+  - **Description**: Mobile Device Management (MDM) is generally not supported for this device.
+  - **HRESULT**: 80180015
+
+- **Subcode**: NotEligibleToRenew
+  - **Error**: MENROLL_E_NOTELIGIBLETORENEW
+  - **Description**: The device is attempting to renew the Mobile Device Management (MDM) certificate, but the server rejected the request. Check renew schedule on the device.
+  - **HRESULT**: 80180016
+
+- **Subcode**: InMaintenance
+  - **Error**: MENROLL_E_INMAINTENANCE
+  - **Description**: The Mobile Device Management (MDM) server states your account is in maintenance, try again later.
+  - **HRESULT**: 80180017
+
+- **Subcode**: UserLicense
+  - **Error**: MENROLL_E_USER_LICENSE
+  - **Description**: There was an error with your Mobile Device Management (MDM) user license. Contact your system administrator.
+  - **HRESULT**: 80180018
+
+- **Subcode**: InvalidEnrollmentData
+  - **Error**: MENROLL_E_ENROLLMENTDATAINVALID
+  - **Description**: The Mobile Device Management (MDM) server rejected the enrollment data. The server may not be configured correctly.
+  - **HRESULT**: 80180019
+
+TraceID is a freeform text node that is logged. It should identify the server side state for this enrollment attempt. This information may be used by support to look up why the server declined the enrollment.
 
 ## Related topics
 
 -   [MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)
 -   [Federated authentication device enrollment](federated-authentication-device-enrollment.md)
 -   [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md)
--   [On-premise authentication device enrollment](on-premise-authentication-device-enrollment.md)
\ No newline at end of file
+-   [On-premise authentication device enrollment](on-premise-authentication-device-enrollment.md)
diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md
index 4436e52fc7..aa2284255f 100644
--- a/windows/client-management/mdm/multisim-csp.md
+++ b/windows/client-management/mdm/multisim-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 03/22/2018
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/multisim-ddf.md b/windows/client-management/mdm/multisim-ddf.md
index 2e34159750..18b9586283 100644
--- a/windows/client-management/mdm/multisim-ddf.md
+++ b/windows/client-management/mdm/multisim-ddf.md
@@ -5,13 +5,13 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 02/27/2018
 ms.reviewer: 
 manager: dansimp
 ---
 
-# MultiSIM CSP 
+# MultiSIM DDF
 
 
 This topic shows the OMA DM device description framework (DDF) for the **MultiSIM** configuration service provider.
diff --git a/windows/client-management/mdm/nap-csp.md b/windows/client-management/mdm/nap-csp.md
index 89d18c8eff..c29289fd2b 100644
--- a/windows/client-management/mdm/nap-csp.md
+++ b/windows/client-management/mdm/nap-csp.md
@@ -8,23 +8,22 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
 # NAP CSP
 
-
 The NAP (Network Access Point) Configuration Service Provider is used to manage and query GPRS and CDMA connections.
 
-> **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
+> [!Note]
+> This configuration service provider requires the `ID_CAP_CSP_FOUNDATION` and `ID_CAP_NETWORKING_ADMIN` capabilities to be accessed from a network configuration application.
 
- 
+For the NAP CSP, you can't use the Replace command unless the node already exists.
 
-For the NAP CSP, you cannot use the Replace command unless the node already exists.
+The following example shows the NAP configuration service provider management object in tree format as used by OMA DM. The OMA Client Provisioning protocol isn't supported by this configuration service provider.
 
-The following shows the NAP configuration service provider management object in tree format as used by OMA DM. The OMA Client Provisioning protocol is not supported by this configuration service provider.
-```
+```console
 ./Vendor/MSFT
 NAP
 ----*
@@ -61,13 +60,14 @@ NAP
 ----------------Secure
 ----------------SecureLevel
 ```
+
 **./Vendor/MSFT/NAP**  
 Root node.
 
 ***NAPX***  
 Required. Defines the name of the network access point.
 
-It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two network access points, use "NAP0" and "NAP1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), but no spaces may appear in the name (use %20 instead).
+It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two network access points, use "NAP0" and "NAP1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), but no spaces may appear in the name (use %20 instead).
 
 ***NAPX*/NAPID**  
 Required. Specifies the identifier of the destination network.
@@ -87,34 +87,11 @@ Required. Specifies the type of address used to identify the destination network
 
 The following table shows some commonly used ADDRTYPE values and the types of connection that corresponds with each value.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  ADDRTYPE ValueConnection Type
                  E164
                  RAS connections
                  APN
                  GPRS connections
                  ALPHA
                  Wi-Fi-based connections
                  
-
- 
+|ADDRTYPE Value|Connection Type|
+|--- |--- |
+|E164|RAS connections|
+|APN|GPRS connections|
+|ALPHA|Wi-Fi-based connections|
 
 ***NAPX*/AuthInfo**  
 Optional node. Specifies the authentication information, including the protocol, user name, and password.
@@ -128,25 +105,15 @@ Optional. Specifies the user name and domain to be used during authentication. T
 ***NAPX*/AuthInfo/AuthSecret**  
 Optional. Specifies the password used during authentication.
 
-Queries of this field will return a string composed of sixteen asterisks (\*).
+Queries of this field will return a string composed of 16 asterisks (\*).
 
 ***NAPX*/Bearer**  
 Node.
 
 ***NAPX*/Bearer/BearerType**  
-Required. Specifies the network type of the destination network. This can be set to GPRS, CDMA2000, WCDMA, TDMA, CSD, DTPT, WiFi.
-
-## Related topics
+Required. Specifies the network type of the destination network. This parameter's value can be set to GPRS, CDMA2000, WCDMA, TDMA, CSD, DTPT, WiFi.
 
+## Related articles
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
  
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/napdef-csp.md b/windows/client-management/mdm/napdef-csp.md
index 1b5f5ecdd4..075e0f6619 100644
--- a/windows/client-management/mdm/napdef-csp.md
+++ b/windows/client-management/mdm/napdef-csp.md
@@ -8,30 +8,54 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
 # NAPDEF CSP
 
-
 The NAPDEF configuration service provider is used to add, modify, or delete WAP network access points (NAPs). For complete information about these settings, see the standard WAP specification WAP-183-ProvCont-20010724-a.
 
-> **Note**  You cannot use NAPDEF CSP on the desktop to update the Push Proxy Gateway (PPG) list.
+> [!Note]
+> You cannot use NAPDEF CSP on the desktop to update the Push Proxy Gateway (PPG) list.
 > 
-> 
-> 
-> **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
+> This configuration service provider requires the `ID_CAP_CSP_FOUNDATION` and `ID_CAP_NETWORKING_ADMIN` capabilities to be accessed from a network configuration application. 
 
- 
+The following shows the NAPDEF configuration service provider management object in tree format as used by OMA Client Provisioning for **initial bootstrapping of the phone**. The OMA DM protocol isn't supported by this configuration service provider.
 
-The following diagram shows the NAPDEF configuration service provider management object in tree format as used by OMA Client Provisioning for **initial bootstrapping of the phone**. The OMA DM protocol is not supported by this configuration service provider.
+```console
+NAPDEF
+----NAPAUTHINFO
+------AUTHNAME
+------AUTHSECRET
+------AUTHTYPE
+----BEARER
+----INTERNET
+----LOCAL-ADDR
+----LOCAL-ADDRTYPE
+----NAME
+----NAP-ADDRESS
+----NAP-ADDRTYPE
+----NAPID
+```
 
-![napdef csp (cp) (initial bootstrapping)](images/provisioning-csp-napdef-cp.png)
+The following shows the NAPDEF configuration service provider management object in tree format as used by OMA Client Provisioning for **updating the bootstrapping of the phone**. The OMA DM protocol isn't supported by this configuration service provider.
 
-The following diagram shows the NAPDEF configuration service provider management object in tree format as used by OMA Client Provisioning for **updating the bootstrapping of the phone**. The OMA DM protocol is not supported by this configuration service provider.
-
-![napdef csp (cp) (update bootstrapping)](images/provisioning-csp-napdef-cp-2.png)
+```console
+NAPDEF
+--NAPID
+----NAPAUTHINFO
+------AUTHNAME
+------AUTHSECRET
+------AUTHTYPE
+----BEARER
+----INTERNET
+----LOCAL-ADDR
+----LOCAL-ADDRTYPE
+----NAME
+----NAP-ADDRESS
+----NAP-ADDRTYPE
+```
 
 **NAPAUTHINFO**  
 Defines a group of authentication settings.
@@ -49,9 +73,8 @@ Specifies the protocol used to authenticate the user.
 
 The only permitted values for this element are "POP" (Password Authentication Protocol) and "CHAP" (Challenge Handshake Authentication Protocol) authentication protocols. Note
 
-> **Note**  **AuthName** and **AuthSecret** are not created if **AuthType** is not included in the initial device configuration. **AuthName** and **AuthSecret** cannot be changed if **AuthType** is not included in the provisioning XML used to make the change.
-
- 
+> [!Note]
+> **AuthName** and **AuthSecret** are not created if **AuthType** isn't included in the initial device configuration. **AuthName** and **AuthSecret** cannot be changed if **AuthType** isn't included in the provisioning XML used to make the change. 
 
 **BEARER**  
 Specifies the type of bearer.
@@ -59,11 +82,11 @@ Specifies the type of bearer.
 Only Global System for Mobile Communication (GSM) and GSM-General Packet Radio Services (GPRS) are supported.
 
 **INTERNET**  
-Optional. Specifies whether this is an AlwaysOn connection.
+Optional. Specifies whether this connection is an AlwaysOn connection.
 
-If **INTERNET** exists, the connection is an AlwaysOn connection and does not require a connection manager policy.
+If **INTERNET** exists, the connection is an AlwaysOn connection and doesn't require a connection manager policy.
 
-If **INTERNET** does not exist, the connection is not an AlwaysOn connection and the connection requires a connection manager connection policy to be set.
+If **INTERNET** doesn't exist, the connection isn't an AlwaysOn connection and the connection requires a connection manager connection policy to be set.
 
 **LOCAL-ADDR**  
 Required for GPRS. Specifies the local address of the WAP client for GPRS access points.
@@ -92,58 +115,19 @@ The maximum length of the **NAPID** value is 16 characters.
 ***NAPID***  
 Required for bootstrapping updating. Defines the name of the NAP.
 
-The name of the *NAPID* element is the same as the value passed during initial bootstrapping. In addition, the Microsoft format for NAPDEF contains the provisioning XML attribute mwid. This custom attribute is optional when adding a NAP or a proxy. It is required for *NAPID* when updating and deleting existing NAPs and proxies and must have its value set to 1.
+The name of the *NAPID* element is the same as the value passed during initial bootstrapping. In addition, the Microsoft format for NAPDEF contains the provisioning XML attribute mwid. This custom attribute is optional when adding a NAP or a proxy. It's required for *NAPID* when updating and deleting existing NAPs and proxies and must have its value set to 1.
 
 ## Microsoft Custom Elements
 
-
 The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  ELementsAvailable
                  parm-query
                  Yes
                  
-
                  Note that some GPRS parameters will not necessarily contain the exact same value as was set.
                  noparm
                  Yes
                  nocharacteristic
                  Yes
                  characteristic-query
                  Yes
                  
-
- 
-
-## Related topics
+|Elements|Available|
+|--- |--- |
+|Parm-query|Yes 
                  Some GPRS parameters won't necessarily contain the exact same value as was set.|
+|Noparm|Yes|
+|Nocharacteristic|Yes|
+|Characteristic-query|Yes|
 
+## Related articles
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md
index 4fa1f6289f..743fe416fa 100644
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/29/2018
 ms.reviewer: 
 manager: dansimp
@@ -15,21 +15,16 @@ manager: dansimp
 
 The NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections. These settings do not apply to VPN connections. This CSP was added in Windows 10, version 1703.
 
-> [!NOTE]
-> In Windows 10 Mobile, the NetworkProxy CSP only works in ethernet connections. Use the WiFi CSP to configure per-network proxy for Wi-Fi connections in mobile devices.  
-
 How the settings work:  
 
-
                    
-
                  1. If auto-detect is enabled, the system tries to find the path to a proxy auto config (PAC) script and download it.
                    2. 
-
                  2. If #1 fails and a setup script is specified, the system tries to download the explicitly configured PAC script.
                    3. 
-
                  3. If #2 fails and a proxy server is specified, the system tries to use the explicitly configured proxy server.
                    4. 
-
                  4. Otherwise, the system tries to reach the site directly.
                    5. 
-
                  
-
+- If auto-detect is enabled, the system tries to find the path to a proxy auto config (PAC) script and download it.
+- If #1 fails and a setup script is specified, the system tries to download the explicitly configured PAC script.
+- If #2 fails and a proxy server is specified, the system tries to use the explicitly configured proxy server.
+- Otherwise, the system tries to reach the site directly.
 
 The following shows the NetworkProxy configuration service provider in tree format.
-```
+
+```console
 ./Vendor/MSFT
 NetworkProxy
 ----ProxySettingsPerUser
@@ -40,8 +35,9 @@ NetworkProxy
 --------Exceptions
 --------UseProxyForLocalAddresses
 ```
+
 **./Vendor/MSFT/NetworkProxy**  
-The root node for the NetworkProxy configuration service provider..
+The root node for the NetworkProxy configuration service provider.
 
 **ProxySettingsPerUser**  
 Added in Windows 10, version 1803. When set to 0, it enables proxy configuration as global, machine wide.
@@ -55,10 +51,9 @@ Supported operations are Add, Get, Replace, and Delete.
 Automatically detect settings. If enabled, the system tries to find the path to a PAC script.
 
 Valid values:
-
                    
-
                  • 0 - Disabled
                    • 
-
                  • 1 (default) - Enabled
                    • 
-
                  
+
+- 0 - Disabled
+- 1 (default) - Enabled
 
 The data type is integer. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported.
 
@@ -84,17 +79,18 @@ The data type is string. Supported operations are Get and Replace. Starting in W
 
 **UseProxyForLocalAddresses**  
 Specifies whether the proxy server should be used for local (intranet) addresses. 
+
 Valid values:
-
                    
-
                  • 0 (default) - Use proxy server for local addresses
                    • 
-
                  • 1 - Do not use proxy server for local addresses
                    • 
-
                  
+
+- 0 (default) - Use proxy server for local addresses
+- 1 - Do not use proxy server for local addresses
 
 The data type is integer. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported.
 
 ## Configuration Example
 
 These generic code portions for the options **ProxySettingsPerUser**, **Autodetect**, and **SetupScriptURL** can be used for a specific operation, for example Replace.  Only enter the portion of code needed in the **Replace** section.
+
 ```xml
 
     1
diff --git a/windows/client-management/mdm/networkproxy-ddf.md b/windows/client-management/mdm/networkproxy-ddf.md
index 226b6ca0ba..2b5f2798f2 100644
--- a/windows/client-management/mdm/networkproxy-ddf.md
+++ b/windows/client-management/mdm/networkproxy-ddf.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md
index f0fadc3fe5..cf15fbcacc 100644
--- a/windows/client-management/mdm/networkqospolicy-csp.md
+++ b/windows/client-management/mdm/networkqospolicy-csp.md
@@ -1,11 +1,11 @@
 ---
 title: NetworkQoSPolicy CSP
-description: he NetworkQoSPolicy CSP applies the Quality of Service (QoS) policy for Microsoft Surface Hub. This CSP was added in Windows 10, version 1703.
+description: The NetworkQoSPolicy CSP applies the Quality of Service (QoS) policy for Microsoft Surface Hub. This CSP was added in Windows 10, version 1703.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 04/22/2021
 ms.reviewer: 
 manager: dansimp
@@ -29,9 +29,9 @@ The following actions are supported:
 > - Azure AD Hybrid joined devices.
 > - Devices that use both GPO and CSP at the same time.
 > 
-> The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub prior to Window 10, version 2004.
+> The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub prior to Windows 10, version 2004.
 
-The following shows the NetworkQoSPolicy configuration service provider in tree format.
+The following example shows the NetworkQoSPolicy configuration service provider in tree format.
 ```
 ./Device/Vendor/MSFT
 NetworkQoSPolicy
@@ -45,79 +45,79 @@ NetworkQoSPolicy
 --------DSCPAction
 ```
 **NetworkQoSPolicy**   
-
                  The root node for the NetworkQoSPolicy configuration service provider.
                  
+
                  The root node for the NetworkQoSPolicy configuration service provider.
                  
 
 **Version**  
-
                  Specifies the version information.
+
                  Specifies the version information.
 
-
                  The data type is int. 
+
                  The data type is int. 
 
-
                  The only supported operation is Get.
+
                  The only supported operation is Get.
 
 ***Name***  
-
                  Node for the QoS policy name.
+
                  Node for the QoS policy name.
 
 ***Name*/IPProtocolMatchCondition**  
-
                  Specifies the IP protocol used to match the network traffic. 
+
                  Specifies the IP protocol used to match the network traffic. 
 
-
                  Valid values are:
+
                  Valid values are:
 
 - 0 (default) - Both TCP and UDP 
 - 1 - TCP
 - 2 - UDP
 
-
                  The data type is int. 
+
                  The data type is int. 
 
-
                  The supported operations are Add, Get, Delete, and Replace.
+
                  The supported operations are Add, Get, Delete, and Replace.
 
 ***Name*/AppPathNameMatchCondition**  
-
                  Specifies the name of an application to be used to match the network traffic, such as application.exe or %ProgramFiles%\application.exe.
+
                  Specifies the name of an application to be used to match the network traffic, such as application.exe or %ProgramFiles%\application.exe.
 
-
                  The data type is char. 
+
                  The data type is char. 
 
-
                  The supported operations are Add, Get, Delete, and Replace.
+
                  The supported operations are Add, Get, Delete, and Replace.
 
 ***Name*/SourcePortMatchCondition**  
-
                  Specifies a single port or a range of ports to be used to match the network traffic source. 
+
                  Specifies a single port or a range of ports to be used to match the network traffic source. 
 
-
                  Valid values are: 
+
                  Valid values are: 
 
 -   A range of source ports: _[first port number]_-_[last port number]_
 -   A single source port: _[port number]_
    
-
                  The data type is char. 
+
                  The data type is char. 
 
-
                  The supported operations are Add, Get, Delete, and Replace.
+
                  The supported operations are Add, Get, Delete, and Replace.
 
 ***Name*/DestinationPortMatchCondition**  
-
                  Specifies a single source port or a range of ports to be used to match the network traffic destination.
+
                  Specifies a single source port or a range of ports to be used to match the network traffic destination.
 
-
                  Valid values are: 
+
                  Valid values are: 
 
 -   A range of destination ports: _[first port number]_-_[last port number]_
 -   A single destination port: _[port number]_
    
-
                  The data type is char. 
+
                  The data type is char. 
 
-
                  The supported operations are Add, Get, Delete, and Replace.
+
                  The supported operations are Add, Get, Delete, and Replace.
 
 ***Name*/PriorityValue8021Action**  
-
                  Specifies the IEEE 802.1p priority value to apply to matching network traffic.
+
                  Specifies the IEEE 802.1p priority value to apply to matching network traffic.
 
-
                  Valid values are 0-7.
+
                  Valid values are 0-7.
 
-
                  The data type is int.
+
                  The data type is int.
 
-
                  The supported operations are Add, Get, Delete, and Replace.
+
                  The supported operations are Add, Get, Delete, and Replace.
 
 ***Name*/DSCPAction**  
-
                  The differentiated services code point (DSCP) value to apply to matching network traffic.
+
                  The differentiated services code point (DSCP) value to apply to matching network traffic.
 
-
                  Valid values are 0-63.
+
                  Valid values are 0-63.
 
-
                  The data type is int.
+
                  The data type is int.
 
-
                  The supported operations are Add, Get, Delete, and Replace.
+
                  The supported operations are Add, Get, Delete, and Replace.
 
 
 ## Related topics
diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md
index c2d3ea4a5e..379f5051ca 100644
--- a/windows/client-management/mdm/networkqospolicy-ddf.md
+++ b/windows/client-management/mdm/networkqospolicy-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index ce79fdb702..90157cf9e6 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1,6 +1,6 @@
 ---
 title: What's new in MDM enrollment and management
-description: Discover what's new and breaking changes in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices.
+description: Discover what's new and breaking changes in Windows 10 and Windows 11 mobile device management (MDM) enrollment and management experience across all Windows 10 devices.
 MS-HAID:
 - 'p\_phdevicemgmt.mdm\_enrollment\_and\_management\_overview'
 - 'p\_phDeviceMgmt.new\_in\_windows\_mdm\_enrollment\_management'
@@ -11,240 +11,49 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 10/20/2020
 ---
 
 # What's new in mobile device enrollment and management
 
-This article provides information about what's new in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices. This article also provides details about the breaking changes and known issues and frequently asked questions.
+This article provides information about what's new in Windows 10 and Windows 11 mobile device management (MDM) enrollment and management experience across all Windows 10 and Windows 11 devices. This article also provides details about the breaking changes and known issues and frequently asked questions.
 
-For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347). 
+For details about Microsoft mobile device management protocols for Windows 10 and Windows 11, see [\[MS-MDM\]: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347). 
 
-## What’s new in MDM for Windows 10, version 20H2
+
+## What’s new in MDM for Windows 11, version 21H2
 
 |New or updated article|Description|
 |-----|-----|
-| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 20H2:
                  - [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent)
                  - [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
                  - [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
                  - [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
                  - [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
                  - [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
                  - [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
                  - [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) |
-| [SurfaceHub CSP](surfacehub-csp.md) | Added the following new node:
                  -Properties/SleepMode |
-| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Updated the description of the following node:
                  - Settings/AllowWindowsDefenderApplicationGuard |
+| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 11, version 21H2:
                  - NewsAndInterests/AllowNewsAndInterests
                  - Experiences/ConfigureChatIcon
                  - Start/ConfigureStartPins
                  - Virtualizationbasedtechnology/HypervisorEnforcedCodeIntegrity
                  - Virtualizationbasedtechnology/RequireUEFIMemoryAttributesTable |
+| [DMClient CSP](dmclient-csp.md) | Updated the description of the following node:
                  - Provider/ProviderID/ConfigLock/Lock
                  - Provider/ProviderID/ConfigLock/UnlockDuration
                  - Provider/ProviderID/ConfigLock/SecuredCore |
 
-## What’s new in MDM for Windows 10, version 2004
-
-| New or updated article | Description |
-|-----|-----|
-| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 2004: 
                  - [ApplicationManagement/BlockNonAdminUserInstall](policy-csp-applicationmanagement.md#applicationmanagement-blocknonadminuserinstall)
                  - [Bluetooth/SetMinimumEncryptionKeySize](policy-csp-bluetooth.md#bluetooth-setminimumencryptionkeysize)
                  - [DeliveryOptimization/DOCacheHostSource](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehostsource)
                  - [DeliveryOptimization/DOMaxBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxbackgrounddownloadbandwidth)
                  - [DeliveryOptimization/DOMaxForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxforegrounddownloadbandwidth)
                  - [Education/AllowGraphingCalculator](policy-csp-education.md#education-allowgraphingcalculator)
                  - [TextInput/ConfigureJapaneseIMEVersion](policy-csp-textinput.md#textinput-configurejapaneseimeversion)
                  - [TextInput/ConfigureSimplifiedChineseIMEVersion](policy-csp-textinput.md#textinput-configuresimplifiedchineseimeversion)
                  - [TextInput/ConfigureTraditionalChineseIMEVersion](policy-csp-textinput.md#textinput-configuretraditionalchineseimeversion)

                  Updated the following policy in Windows 10, version 2004:
                  - [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)

                  Deprecated the following policies in Windows 10, version 2004:
                  - [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
                  - [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
                  - [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth) |
-| [DevDetail CSP](devdetail-csp.md) | Added the following new node:
                  - Ext/Microsoft/DNSComputerName |
-| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added the following new node:
                  - IsStub |
-| [SUPL CSP](supl-csp.md) | Added the following new node:
                  - FullVersion |
-
-## What’s new in MDM for Windows 10, version 1909
-
-| New or updated article | Description |
-|-----|-----|
-| [BitLocker CSP](bitlocker-csp.md) | Added the following new nodes in Windows 10, version 1909:
                  - ConfigureRecoveryPasswordRotation
                  - RotateRecoveryPasswords
                  - RotateRecoveryPasswordsStatus
                  - RotateRecoveryPasswordsRequestID|
-
-## What’s new in MDM for Windows 10, version 1903
-
-| New or updated article | Description |
-|-----|-----|
-|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 1903:
                  - [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
                  - [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
                  - [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-allowdevicehealthmonitoring)
                  - [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringscope)
                  - [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
                  - [DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceinstanceids)
                  - [DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceinstanceids)
                  - [Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile)
                  - [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar)
                  - [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
                  - [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
                  - [InternetExplorer/DisableFeedsBackgroundSync](policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync)
                  - [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
                  - [InternetExplorer/DisableWebAddressAutoComplete](policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete)
                  - [InternetExplorer/NewTabDefaultPage](policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage)
                  - [Power/EnergySaverBatteryThresholdOnBattery](policy-csp-power.md#power-energysaverbatterythresholdonbattery)
                  - [Power/EnergySaverBatteryThresholdPluggedIn](policy-csp-power.md#power-energysaverbatterythresholdpluggedin)
                  - [Power/SelectLidCloseActionOnBattery](policy-csp-power.md#power-selectlidcloseactiononbattery)
                  - [Power/SelectLidCloseActionPluggedIn](policy-csp-power.md#power-selectlidcloseactionpluggedin)
                  - [Power/SelectPowerButtonActionOnBattery](policy-csp-power.md#power-selectpowerbuttonactiononbattery)
                  - [Power/SelectPowerButtonActionPluggedIn](policy-csp-power.md#power-selectpowerbuttonactionpluggedin)
                  - [Power/SelectSleepButtonActionOnBattery](policy-csp-power.md#power-selectsleepbuttonactiononbattery)
                  - [Power/SelectSleepButtonActionPluggedIn](policy-csp-power.md#power-selectsleepbuttonactionpluggedin)
                  - [Power/TurnOffHybridSleepOnBattery](policy-csp-power.md#power-turnoffhybridsleeponbattery)
                  - [Power/TurnOffHybridSleepPluggedIn](policy-csp-power.md#power-turnoffhybridsleeppluggedin)
                  - [Power/UnattendedSleepTimeoutOnBattery](policy-csp-power.md#power-unattendedsleeptimeoutonbattery)
                  - [Power/UnattendedSleepTimeoutPluggedIn](policy-csp-power.md#power-unattendedsleeptimeoutpluggedin)
                  - [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice)
                  - [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock)
                  - [Search/AllowFindMyFiles](policy-csp-search.md#search-allowfindmyfiles)
                  - [ServiceControlManager/SvchostProcessMitigation](policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation)
                  - [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline)
                  - [System/TurnOffFileHistory](policy-csp-system.md#system-turnofffilehistory)
                  - [TimeLanguageSettings/ConfigureTimeZone](policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone)
                  - [Troubleshooting/AllowRecommendations](policy-csp-troubleshooting.md#troubleshooting-allowrecommendations)
                  - [Update/AutomaticMaintenanceWakeUp](policy-csp-update.md#update-automaticmaintenancewakeup)
                  - [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates)
                  - [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)
                  - [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)
                  - [WindowsLogon/AllowAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon)
                  - [WindowsLogon/ConfigAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)
                  - [WindowsLogon/EnableFirstLogonAnimation](policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation)|
-| [Policy CSP - Audit](policy-csp-audit.md) | Added the new Audit policy CSP. |
-| [ApplicationControl CSP](applicationcontrol-csp.md) | Added the new CSP. |
-| [Defender CSP](defender-csp.md) | Added the following new nodes:
                  - Health/TamperProtectionEnabled
                  - Health/IsVirtualMachine
                  - Configuration
                  - Configuration/TamperProtection
                  - Configuration/EnableFileHashComputation |
-| [DiagnosticLog CSP](diagnosticlog-csp.md) 
                   [DiagnosticLog DDF](diagnosticlog-ddf.md) | Added version 1.4 of the CSP in Windows 10, version 1903. 
                  Added the new 1.4 version of the DDF. 
                  Added the following new nodes:
                  - Policy
                  - Policy/Channels
                  - Policy/Channels/ChannelName
                  - Policy/Channels/ChannelName/MaximumFileSize
                  - Policy/Channels/ChannelName/SDDL
                  - Policy/Channels/ChannelName/ActionWhenFull
                  - Policy/Channels/ChannelName/Enabled
                  - DiagnosticArchive
                  - DiagnosticArchive/ArchiveDefinition
                  - DiagnosticArchive/ArchiveResults |
-| [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) | Added the new CSP. |
-| [PassportForWork CSP](passportforwork-csp.md) | Added the following new nodes:
                  - SecurityKey
                  - SecurityKey/UseSecurityKeyForSignin |
-
-
-## What’s new in MDM for Windows 10, version 1809
-
-| New or updated article | Description |
-|-----|-----|
-|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policy settings in Windows 10, version 1809:
                  - ApplicationManagement/LaunchAppAfterLogOn
                  - ApplicationManagement/ScheduleForceRestartForUpdateFailures
                  - Authentication/EnableFastFirstSignIn (Preview mode only)
                  - Authentication/EnableWebSignIn (Preview mode only)
                  - Authentication/PreferredAadTenantDomainName
                  - Browser/AllowFullScreenMode
                  - Browser/AllowPrelaunch
                  - Browser/AllowPrinting
                  - Browser/AllowSavingHistory
                  - Browser/AllowSideloadingOfExtensions
                  - Browser/AllowTabPreloading
                  - Browser/AllowWebContentOnNewTabPage
                  - Browser/ConfigureFavoritesBar
                  - Browser/ConfigureHomeButton
                  - Browser/ConfigureKioskMode
                  - Browser/ConfigureKioskResetAfterIdleTimeout
                  - Browser/ConfigureOpenMicrosoftEdgeWith
                  - Browser/ConfigureTelemetryForMicrosoft365Analytics
                  - Browser/PreventCertErrorOverrides
                  - Browser/SetHomeButtonURL
                  - Browser/SetNewTabPageURL
                  - Browser/UnlockHomeButton
                  - Defender/CheckForSignaturesBeforeRunningScan
                  - Defender/DisableCatchupFullScan
                  - Defender/DisableCatchupQuickScan
                  - Defender/EnableLowCPUPriority
                  - Defender/SignatureUpdateFallbackOrder
                  - Defender/SignatureUpdateFileSharesSources
                  - DeviceGuard/ConfigureSystemGuardLaunch
                  - DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
                  - DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
                  - DeviceInstallation/PreventDeviceMetadataFromNetwork
                  - DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
                  - DmaGuard/DeviceEnumerationPolicy
                  - Experience/AllowClipboardHistory
                  - Experience/DoNotSyncBrowserSettings
                  - Experience/PreventUsersFromTurningOnBrowserSyncing
                  - Kerberos/UPNNameHints
                  - Privacy/AllowCrossDeviceClipboard
                  - Privacy/DisablePrivacyExperience
                  - Privacy/UploadUserActivities
                  - Security/RecoveryEnvironmentAuthentication
                  - System/AllowDeviceNameInDiagnosticData
                  - System/ConfigureMicrosoft365UploadEndpoint
                  - System/DisableDeviceDelete
                  - System/DisableDiagnosticDataViewer
                  - Storage/RemovableDiskDenyWriteAccess
                  - TaskManager/AllowEndTask
                  - Update/DisableWUfBSafeguards
                  - Update/EngagedRestartDeadlineForFeatureUpdates
                  - Update/EngagedRestartSnoozeScheduleForFeatureUpdates
                  - Update/EngagedRestartTransitionScheduleForFeatureUpdates
                  - Update/SetDisablePauseUXAccess
                  - Update/SetDisableUXWUAccess
                  - WindowsDefenderSecurityCenter/DisableClearTpmButton
                  - WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
                  - WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
                  - WindowsLogon/DontDisplayNetworkSelectionUI |
-| [BitLocker CSP](bitlocker-csp.md) | Added a new node AllowStandardUserEncryption in Windows 10, version 1809. Added support for Windows 10 Pro. |
-| [Defender CSP](defender-csp.md) | Added a new node Health/ProductStatus in Windows 10, version 1809. |
-| [DevDetail CSP](devdetail-csp.md) | Added a new node SMBIOSSerialNumber in Windows 10, version 1809. |
-| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added NonRemovable setting under AppManagement node in Windows 10, version 1809. |
-| [Office CSP](office-csp.md) | Added FinalStatus setting in Windows 10, version 1809. |
-| [PassportForWork CSP](passportforwork-csp.md) | Added new settings in Windows 10, version 1809. |
-| [RemoteWipe CSP](remotewipe-csp.md) | Added new settings in Windows 10, version 1809. |
-| [SUPL CSP](supl-csp.md) | Added 3 new certificate nodes in Windows 10, version 1809. |
-| [TenantLockdown CSP](tenantlockdown-csp.md) | Added new CSP in Windows 10, version 1809. |
-| [Wifi CSP](wifi-csp.md) | Added a new node WifiCost in Windows 10, version 1809. |
-| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Added new settings in Windows 10, version 1809. |
-| [WindowsLicensing CSP](windowslicensing-csp.md) | Added S mode settings and SyncML examples in Windows 10, version 1809. |
-| [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md) | Added new configuration service provider in Windows 10, version 1809. |
-
-
-## What’s new in MDM for Windows 10, version 1803
-
-| New or updated article | Description |
-|-----|-----|
-|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policies for Windows 10, version 1803:
                  - ApplicationDefaults/EnableAppUriHandlers
                  - ApplicationManagement/MSIAllowUserControlOverInstall
                  - ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
                  - Bluetooth/AllowPromptedProximalConnections
                  - Browser/AllowConfigurationUpdateForBooksLibrary
                  - Browser/AlwaysEnableBooksLibrary
                  - Browser/EnableExtendedBooksTelemetry
                  - Browser/UseSharedFolderForBooks
                  - Connectivity/AllowPhonePCLinking
                  - DeliveryOptimization/DODelayBackgroundDownloadFromHttp
                  - DeliveryOptimization/DODelayForegroundDownloadFromHttp
                  - DeliveryOptimization/DOGroupIdSource
                  - DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth
                  - DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth
                  - DeliveryOptimization/DORestrictPeerSelectionBy
                  - DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
                  - DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
                  - Display/DisablePerProcessDpiForApps
                  - Display/EnablePerProcessDpi
                  - Display/EnablePerProcessDpiForApps
                  - Experience/AllowWindowsSpotlightOnSettings
                  - KioskBrowser/BlockedUrlExceptions
                  - KioskBrowser/BlockedUrls
                  - KioskBrowser/DefaultURL
                  - KioskBrowser/EnableEndSessionButton
                  - KioskBrowser/EnableHomeButton
                  - KioskBrowser/EnableNavigationButtons
                  - KioskBrowser/RestartOnIdleTime
                  - LanmanWorkstation/EnableInsecureGuestLogons
                  - LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
                  - LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
                  - LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
                  - LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
                  - LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
                  - LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
                  - LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
                  - LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
                  - LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
                  - LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
                  - LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
                  - LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
                  - LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
                  - LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
                  - LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
                  - LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
                  - LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication
                  - LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic
                  - LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic
                  - LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers
                  - LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
                  - LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
                  - LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
                  - Notifications/DisallowCloudNotification
                  - RestrictedGroups/ConfigureGroupMembership
                  - Search/AllowCortanaInAAD
                  - Search/DoNotUseWebResults
                  - Security/ConfigureWindowsPasswords
                  - Start/DisableContextMenus
                  - System/FeedbackHubAlwaysSaveDiagnosticsLocally
                  - SystemServices/ConfigureHomeGroupListenerServiceStartupMode
                  - SystemServices/ConfigureHomeGroupProviderServiceStartupMode
                  - SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
                  - SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
                  - SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
                  - SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
                  - TaskScheduler/EnableXboxGameSaveTask
                  - TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
                  - TextInput/ForceTouchKeyboardDockedState
                  - TextInput/TouchKeyboardDictationButtonAvailability
                  - TextInput/TouchKeyboardEmojiButtonAvailability
                  - TextInput/TouchKeyboardFullModeAvailability
                  - TextInput/TouchKeyboardHandwritingModeAvailability
                  - TextInput/TouchKeyboardNarrowModeAvailability
                  - TextInput/TouchKeyboardSplitModeAvailability
                  - TextInput/TouchKeyboardWideModeAvailability
                  - Update/ConfigureFeatureUpdateUninstallPeriod
                  - Update/TargetReleaseVersion
                  - UserRights/AccessCredentialManagerAsTrustedCaller
                  - UserRights/AccessFromNetwork
                  - UserRights/ActAsPartOfTheOperatingSystem
                  - UserRights/AllowLocalLogOn
                  - UserRights/BackupFilesAndDirectories
                  - UserRights/ChangeSystemTime
                  - UserRights/CreateGlobalObjects
                  - UserRights/CreatePageFile
                  - UserRights/CreatePermanentSharedObjects
                  - UserRights/CreateSymbolicLinks
                  - UserRights/CreateToken
                  - UserRights/DebugPrograms
                  - UserRights/DenyAccessFromNetwork
                  - UserRights/DenyLocalLogOn
                  - UserRights/DenyRemoteDesktopServicesLogOn
                  - UserRights/EnableDelegation
                  - UserRights/GenerateSecurityAudits
                  - UserRights/ImpersonateClient
                  - UserRights/IncreaseSchedulingPriority
                  - UserRights/LoadUnloadDeviceDrivers
                  - UserRights/LockMemory
                  - UserRights/ManageAuditingAndSecurityLog
                  - UserRights/ManageVolume
                  - UserRights/ModifyFirmwareEnvironment
                  - UserRights/ModifyObjectLabel
                  - UserRights/ProfileSingleProcess
                  - UserRights/RemoteShutdown
                  - UserRights/RestoreFilesAndDirectories
                  - UserRights/TakeOwnership
                  - WindowsDefenderSecurityCenter/DisableAccountProtectionUI
                  - WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
                  - WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
                  - WindowsDefenderSecurityCenter/HideSecureBoot
                  - WindowsDefenderSecurityCenter/HideTPMTroubleshooting
                  - Security/RequireDeviceEncryption - updated to show it is supported in desktop. |
-| [Accounts CSP](accounts-csp.md) | Added a new CSP in Windows 10, version 1803. |
-| [AccountManagement CSP](accountmanagement-csp.md) | Added a new CSP in Windows 10, version 1803. |
-| [AssignedAccess CSP](assignedaccess-csp.md) | Added the following nodes in Windows 10, version 1803:
                  - Status
                  - ShellLauncher
                  - StatusConfiguration 

                  Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite. | 
-| [BitLocker CSP](bitlocker-csp.md) | Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803. |
-| [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download) | Added the DDF download of Windows 10, version 1803 configuration service providers. |
-| [Defender CSP](defender-csp.md) | Added new node (OfflineScan) in Windows 10, version 1803. |
-| [DeviceStatus CSP](devicestatus-csp.md) | Added the following node in Windows 10, version 1803:
                  - OS/Mode |
-| [DMClient CSP](dmclient-csp.md) | Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:
                  - AADSendDeviceToken
                  - BlockInStatusPage
                  - AllowCollectLogsButton
                  - CustomErrorText
                  - SkipDeviceStatusPage
                  - SkipUserStatusPage |
-| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added the following node in Windows 10, version 1803:
                  - MaintainProcessorArchitectureOnUpdate |
-| [eUICCs CSP](euiccs-csp.md) | Added the following node in Windows 10, version 1803:
                  - IsEnabled |
-| [MDM Migration Analysis Too (MMAT)](https://aka.ms/mmat) | MDM Migration Analysis Too (MMAT) 
                  Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies. |
-| [MultiSIM CSP](multisim-csp.md) | Added a new CSP in Windows 10, version 1803. |
-| [NetworkProxy CSP](networkproxy-csp.md) | Added the following node in Windows 10, version 1803:
                  - ProxySettingsPerUser |
-| [RootCATrustedCertificates CSP](rootcacertificates-csp.md) | Added the following node in Windows 10, version 1803:
                  - UntrustedCertificates |
-| [UEFI CSP](uefi-csp.md) | Added a new CSP in Windows 10, version 1803. |
-| [Update CSP](update-csp.md) | Added the following nodes in Windows 10, version 1803:
                  - Rollback
                  - Rollback/FeatureUpdate
                  - Rollback/QualityUpdateStatus
                  - Rollback/FeatureUpdateStatus |
-
-## What’s new in MDM for Windows 10, version 1709
-
-| New or updated article | Description |
-|-----|-----|
-| The [The [MS-MDE2]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692) | The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:
                  - UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
                  -ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
                  - DomainName - fully qualified domain name if the device is domain-joined. |
-| [Firewall CSP](firewall-csp.md) | Added new CSP in Windows 10, version 1709. |
-| [eUICCs CSP](euiccs-csp.md) | Added new CSP in Windows 10, version 1709. |
-| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)
                  [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md) | New CSP added in Windows 10, version 1709. Also added the DDF topic. |
-| [CM_ProxyEntries CSP](cm-proxyentries-csp.md) and [CMPolicy CSP](cmpolicy-csp.md) | In Windows 10, version 1709, support for desktop SKUs were added to these CSPs. |
-| [VPNv2 CSP](vpnv2-csp.md) | Added DeviceTunnel and RegisterDNS settings in Windows 10, version 1709. |
-| [DeviceStatus CSP](devicestatus-csp.md) | Added the following settings in Windows 10, version 1709:
                  - DeviceStatus/DomainName
                  - DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq
                  - DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus
                  - DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus |
-| [AssignedAccess CSP](assignedaccess-csp.md) | Added the following setting in Windows 10, version 1709: 
                  - Configuration 
                   Starting in Windows 10, version 1709, AssignedAccess CSP is supported in Windows 10 Pro. |
-| [DeviceManageability CSP](devicemanageability-csp.md) | Added the following settings in Windows 10, version 1709:
                  - Provider/_ProviderID_/ConfigInfo
                  - Provider/_ProviderID_/EnrollmentInfo |
-| [Office CSP](office-csp.md) | Added the following setting in Windows 10, version 1709:
                  - Installation/CurrentStatus |
-| [DMClient CSP](dmclient-csp.md) | Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF articles. |
-| [Bitlocker CSP](bitlocker-csp.md) | Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709. |
-| [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) | Added new policies. |
-| Microsoft Store for Business and Microsoft Store | Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store. |
-| [MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md) | New features in the Settings app:
                  - User sees installation progress of critical policies during MDM enrollment.
                  - User knows what policies, profiles, apps MDM has configured
                  - IT helpdesk can get detailed MDM diagnostic information using client tools 
                   For details, see [Managing connection](./mdm-enrollment-of-windows-devices.md#manage-connections) and [Collecting diagnostic logs](./mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs).|
-| [Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md) | Added new topic to introduce a new Group Policy for automatic MDM enrollment. |
-| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies for Windows 10, version 1709:
                  - Authentication/AllowAadPasswordReset
                  - Authentication/AllowFidoDeviceSignon
                  - Browser/LockdownFavorites
                  - Browser/ProvisionFavorites
                  - Cellular/LetAppsAccessCellularData
                  - Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
                  - Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
                  - Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
                  - CredentialProviders/DisableAutomaticReDeploymentCredentials
                  - DeviceGuard/EnableVirtualizationBasedSecurity
                  - DeviceGuard/RequirePlatformSecurityFeatures
                  - DeviceGuard/LsaCfgFlags
                  - DeviceLock/MinimumPasswordAge
                  - ExploitGuard/ExploitProtectionSettings
                  - Games/AllowAdvancedGamingServices
                  - Handwriting/PanelDefaultModeDocked
                  - LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
                  - LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
                  - LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
                  - LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
                  - LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
                  - LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
                  - LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
                  - LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
                  - LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
                  - LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
                  - LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
                  - LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM
                  - LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
                  - LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
                  - LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
                  - LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
                  - LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
                  - LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
                  - LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
                  - LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
                  - LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
                  - LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
                  - Power/DisplayOffTimeoutOnBattery
                  - Power/DisplayOffTimeoutPluggedIn
                  - Power/HibernateTimeoutOnBattery
                  - Power/HibernateTimeoutPluggedIn
                  - Power/StandbyTimeoutOnBattery
                  - Power/StandbyTimeoutPluggedIn
                  - Privacy/EnableActivityFeed
                  - Privacy/PublishUserActivities
                  - Defender/AttackSurfaceReductionOnlyExclusions
                  - Defender/AttackSurfaceReductionRules
                  - Defender/CloudBlockLevel
                  - Defender/CloudExtendedTimeout
                  - Defender/ControlledFolderAccessAllowedApplications
                  - Defender/ControlledFolderAccessProtectedFolders
                  - Defender/EnableControlledFolderAccess
                  - Defender/EnableNetworkProtection
                  - Education/DefaultPrinterName
                  - Education/PreventAddingNewPrinters
                  - Education/PrinterNames
                  - Search/AllowCloudSearch
                  - Security/ClearTPMIfNotReady
                  - Settings/AllowOnlineTips
                  - Start/HidePeopleBar
                  - Storage/AllowDiskHealthModelUpdates
                  - System/DisableEnterpriseAuthProxy
                  - System/LimitEnhancedDiagnosticDataWindowsAnalytics
                  - Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork
                  - Update/DisableDualScan
                  - Update/ManagePreviewBuilds
                  - Update/ScheduledInstallEveryWeek
                  - Update/ScheduledInstallFirstWeek
                  - Update/ScheduledInstallFourthWeek
                  - Update/ScheduledInstallSecondWeek
                  - Update/ScheduledInstallThirdWeek
                  - WindowsDefenderSecurityCenter/CompanyName
                  - WindowsDefenderSecurityCenter/DisableAppBrowserUI
                  - WindowsDefenderSecurityCenter/DisableEnhancedNotifications
                  - WindowsDefenderSecurityCenter/DisableFamilyUI
                  - WindowsDefenderSecurityCenter/DisableHealthUI
                  - WindowsDefenderSecurityCenter/DisableNetworkUI
                  - WindowsDefenderSecurityCenter/DisableNotifications
                  - WindowsDefenderSecurityCenter/DisableVirusUI
                  - WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride
                  - WindowsDefenderSecurityCenter/Email
                  - WindowsDefenderSecurityCenter/EnableCustomizedToasts
                  - WindowsDefenderSecurityCenter/EnableInAppCustomization
                  - WindowsDefenderSecurityCenter/Phone
                  - WindowsDefenderSecurityCenter/URL
                  - WirelessDisplay/AllowMdnsAdvertisement
                  - WirelessDisplay/AllowMdnsDiscovery |
-
-
-## What’s new in MDM for Windows 10, version 1703
-
-| New or updated article | Description |
-|-----|-----|
-| [Update CSP](update-csp.md) | Added the following nodes:
                  - FailedUpdates/_Failed Update Guid_/RevisionNumber
                  - InstalledUpdates/_Installed Update Guid_/RevisionNumber
                  - PendingRebootUpdates/_Pending Reboot Update Guid_/RevisionNumber |
-| [CM_CellularEntries CSP](cm-cellularentries-csp.md) | To PurposeGroups setting, added the following values:
                  - Purchase - 95522B2B-A6D1-4E40-960B-05E6D3F962AB
                  - Administrative - 2FFD9261-C23C-4D27-8DCF-CDE4E14A3364 |
-| [CertificateStore CSP](certificatestore-csp.md) | Added the following setting:
                  - My/WSTEP/Renew/RetryAfterExpiryInterval |
-| [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) | Added the following setting:
                  - SCEP/UniqueID/Install/AADKeyIdentifierList |
-| [DMAcc CSP](dmacc-csp.md) | Added the following setting:
                  - AccountUID/EXT/Microsoft/InitiateSession |
-| [DMClient CSP](dmclient-csp.md) | Added the following nodes and settings:
                  - HWDevID
                  - Provider/ProviderID/ManagementServerToUpgradeTo
                  - Provider/ProviderID/CustomEnrollmentCompletePage
                  - Provider/ProviderID/CustomEnrollmentCompletePage/Title
                  - Provider/ProviderID/CustomEnrollmentCompletePage/BodyText
                  - Provider/ProviderID/CustomEnrollmentCompletePage/HyperlinkHref
                  - Provider/ProviderID/CustomEnrollmentCompletePage/HyperlinkText |
-| [CellularSettings CSP](cellularsettings-csp.md)
                  [CM_CellularEntries CSP](cm-cellularentries-csp.md)
                  [EnterpriseAPN CSP](enterpriseapn-csp.md) | For these CSPs, support was added for Windows 10 Home, Pro, Enterprise, and Education editions. |
-| [SecureAssessment CSP](secureassessment-csp.md) | Added the following settings:
                  - AllowTextSuggestions
                  - RequirePrinting |
-| [EnterpriseAPN CSP](enterpriseapn-csp.md) | Added the following setting:
                  - Roaming |
-| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies:
                  - Accounts/AllowMicrosoftAccountSignInAssistant
                  - ApplicationDefaults/DefaultAssociationsConfiguration
                  - Browser/AllowAddressBarDropdown
                  - Browser/AllowFlashClickToRun
                  - Browser/AllowMicrosoftCompatibilityList
                  - Browser/AllowSearchEngineCustomization
                  - Browser/ClearBrowsingDataOnExit
                  - Browser/ConfigureAdditionalSearchEngines
                  - Browser/DisableLockdownOfStartPages
                  - Browser/PreventFirstRunPage
                  - Browser/PreventLiveTileDataCollection
                  - Browser/SetDefaultSearchEngine
                  - Browser/SyncFavoritesBetweenIEAndMicrosoftEdge
                  - Connectivity/AllowConnectedDevices
                  - DeliveryOptimization/DOAllowVPNPeerCaching
                  - DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload
                  - DeliveryOptimization/DOMinDiskSizeAllowedToPeer
                  - DeliveryOptimization/DOMinFileSizeToCache
                  - DeliveryOptimization/DOMinRAMAllowedToPeer
                  - DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay
                  - Display/TurnOffGdiDPIScalingForApps
                  - Display/TurnOnGdiDPIScalingForApps
                  - EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint
                  - EnterpriseCloudPrint/CloudPrintOAuthAuthority
                  - EnterpriseCloudPrint/CloudPrintOAuthClientId
                  - EnterpriseCloudPrint/CloudPrintResourceId
                  - EnterpriseCloudPrint/DiscoveryMaxPrinterLimit
                  - EnterpriseCloudPrint/MopriaDiscoveryResourceId
                  - Experience/AllowFindMyDevice
                  - Experience/AllowTailoredExperiencesWithDiagnosticData
                  - Experience/AllowWindowsSpotlightOnActionCenter
                  - Experience/AllowWindowsSpotlightWindowsWelcomeExperience
                  - Location/EnableLocation
                  - Messaging/AllowMMS
                  - Messaging/AllowRCS
                  - Privacy/LetAppsAccessTasks
                  - Privacy/LetAppsAccessTasks_ForceAllowTheseApps
                  - Privacy/LetAppsAccessTasks_ForceDenyTheseApps
                  - Privacy/LetAppsAccessTasks_UserInControlOfTheseApps
                  - Privacy/LetAppsGetDiagnosticInfo
                  - Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps
                  - Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps
                  - Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps
                  - Privacy/LetAppsRunInBackground
                  - Privacy/LetAppsRunInBackground_ForceAllowTheseApps
                  - Privacy/LetAppsRunInBackground_ForceDenyTheseApps
                  - Privacy/LetAppsRunInBackground_UserInControlOfTheseApps
                  - Settings/ConfigureTaskbarCalendar
                  - Settings/PageVisibilityList
                  - SmartScreen/EnableAppInstallControl
                  - SmartScreen/EnableSmartScreenInShell
                  - SmartScreen/PreventOverrideForFilesInShell
                  - Start/AllowPinnedFolderDocuments
                  - Start/AllowPinnedFolderDownloads
                  - Start/AllowPinnedFolderFileExplorer
                  - Start/AllowPinnedFolderHomeGroup
                  - Start/AllowPinnedFolderMusic
                  - Start/AllowPinnedFolderNetwork
                  - Start/AllowPinnedFolderPersonalFolder
                  - Start/AllowPinnedFolderPictures
                  - Start/AllowPinnedFolderSettings
                  - Start/AllowPinnedFolderVideos
                  - Start/HideAppList
                  - Start/HideChangeAccountSettings
                  - Start/HideFrequentlyUsedApps
                  - Start/HideHibernate
                  - Start/HideLock
                  - Start/HidePowerButton
                  - Start/HideRecentJumplists
                  - Start/HideRecentlyAddedApps
                  - Start/HideRestart
                  - Start/HideShutDown
                  - Start/HideSignOut
                  - Start/HideSleep
                  - Start/HideSwitchAccount
                  - Start/HideUserTile
                  - Start/ImportEdgeAssets
                  - Start/NoPinningToTaskbar
                  - System/AllowFontProviders
                  - System/DisableOneDriveFileSync
                  - TextInput/AllowKeyboardTextSuggestions
                  - TimeLanguageSettings/AllowSet24HourClock
                  - Update/ActiveHoursMaxRange
                  - Update/AutoRestartDeadlinePeriodInDays
                  - Update/AutoRestartNotificationSchedule
                  - Update/AutoRestartRequiredNotificationDismissal
                  - Update/DetectionFrequency
                  - Update/EngagedRestartDeadline
                  - Update/EngagedRestartSnoozeSchedule
                  - Update/EngagedRestartTransitionSchedule
                  - Update/IgnoreMOAppDownloadLimit
                  - Update/IgnoreMOUpdateDownloadLimit
                  - Update/PauseFeatureUpdatesStartTime
                  - Update/PauseQualityUpdatesStartTime
                  - Update/SetAutoRestartNotificationDisable
                  - Update/SetEDURestart
                  - WiFi/AllowWiFiDirect
                  - WindowsLogon/HideFastUserSwitching
                  - WirelessDisplay/AllowProjectionFromPC
                  - WirelessDisplay/AllowProjectionFromPCOverInfrastructure
                  - WirelessDisplay/AllowProjectionToPCOverInfrastructure
                  - WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver
                  Removed TextInput/AllowLinguisticDataCollection
                  Starting in Windows 10, version 1703, Update/UpdateServiceUrl is not supported in IoT Enterprise
                  Starting in Windows 10, version 1703, the maximum value of Update/DeferFeatureUpdatesPeriodInDays has been increased from 180 days, to 365 days.
                  Starting in Windows 10, version 1703, in Browser/HomePages you can use the "<about:blank>" value if you don’t want to send traffic to Microsoft.
                  Starting in Windows 10, version 1703, Start/StartLayout can now be set on a per-device basis in addition to the pre-existing per-user basis.
                  Added the ConfigOperations/ADMXInstall node and setting, which is used to ingest ADMX files. |
-| [DevDetail CSP](devdetail-csp.md) | Added the following setting:
                  - DeviceHardwareData |
-| [CleanPC CSP](cleanpc-csp.md) | Added the new CSP. |
-| [DeveloperSetup CSP](developersetup-csp.md) | Added the new CSP. |
-| [NetworkProxy CSP](networkproxy-csp.md) | Added the new CSP. |
-| [BitLocker CSP](bitlocker-csp.md) | Added the new CSP.
                  Added the following setting:
                  - AllowWarningForOtherDiskEncryption |
-| [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) | Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported.
                  Added the following settings:
                  - RevokeOnMDMHandoff
                  - SMBAutoEncryptedFileExtensions |
-| [DynamicManagement CSP](dynamicmanagement-csp.md) | Added the new CSP. |
-| [Implement server-side support for mobile application management on Windows](./implement-server-side-mobile-application-management.md) | New mobile application management (MAM) support added in Windows 10, version 1703. |
-| [PassportForWork CSP](passportforwork-csp.md) | Added the following new node and settings:
                  - _TenantId_/Policies/ExcludeSecurityDevices (only for ./Device/Vendor/MSFT)
                  - _TenantId_/Policies/ExcludeSecurityDevices/TPM12 (only for ./Device/Vendor/MSFT)
                  - _TenantId_/Policies/EnablePinRecovery |
-| [Office CSP](office-csp.md) | Added the new CSP. |
-| [Personalization CSP](personalization-csp.md) | Added the new CSP. |
-| [EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md) | Added the new CSP. |
-| [HealthAttestation CSP](healthattestation-csp.md) | Added the following settings:
                  - HASEndpoint - added in Windows 10, version 1607, but not documented
                  - TpmReadyStatus - added in the March service release of Windows 10, version 1607 |
-| [SurfaceHub CSP](surfacehub-csp.md) | Added the following nodes and settings:
                  - InBoxApps/SkypeForBusiness
                  - InBoxApps/SkypeForBusiness/DomainName
                  - InBoxApps/Connect
                  - InBoxApps/Connect/AutoLaunch
                  - Properties/DefaultVolume
                  - Properties/ScreenTimeout
                  - Properties/SessionTimeout
                  - Properties/SleepTimeout
                  - Properties/AllowSessionResume
                  - Properties/AllowAutoProxyAuth
                  - Properties/DisableSigninSuggestions
                  - Properties/DoNotShowMyMeetingsAndFiles |
-| [NetworkQoSPolicy CSP](networkqospolicy-csp.md) | Added the new CSP. |
-| [WindowsLicensing CSP](windowslicensing-csp.md) | Added the following setting:
                  - ChangeProductKey |
-| [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) | Added the following setting:
                  - Configuration/TelemetryReportingFrequency |
-| [DMSessionActions CSP](dmsessionactions-csp.md) | Added the new CSP. |
-| [SharedPC CSP](dmsessionactions-csp.md) | Added new settings in Windows 10, version 1703:
                  - RestrictLocalStorage
                  - KioskModeAUMID
                  - KioskModeUserTileDisplayText
                  - InactiveThreshold
                  - MaxPageFileSizeMB
                  The default value for SetEduPolicies changed to false. The default value for SleepTimeout changed to 300. |
-| [RemoteLock CSP](remotelock-csp.md) | Added following setting:
                  - LockAndRecoverPIN |
-| [NodeCache CSP](nodecache-csp.md) | Added following settings:
                  - ChangedNodesData
                  - AutoSetExpectedValue |
-| [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip) | Added a zip file containing the DDF XML files of the CSPs. The link to the download is available in the DDF articles of various CSPs. |
-| [RemoteWipe CSP](remotewipe-csp.md) | Added new setting in Windows 10, version 1703:
                  - doWipeProtected |
-| [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) | Added new classes and properties. |
-| [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md) | Added a section describing SyncML examples of various ADMX elements. |
-| [Win32 and Desktop Bridge app policy configuration](./win32-and-centennial-app-policy-configuration.md) | New article. |
-| [Deploy and configure App-V apps using MDM](./appv-deploy-and-config.md) | Added a new article describing how to deploy and configure App-V apps using MDM. |
-| [EnterpriseDesktopAppManagement CSP](enterprisedesktopappmanagement-csp.md) | Added new setting in the March service release of Windows 10, version 1607.
                  - MSI/UpgradeCode/[Guid] |
-| [Reporting CSP](reporting-csp.md) | Added new settings in Windows 10, version 1703.
                  - EnterpriseDataProtection/RetrieveByTimeRange/Type
                  - EnterpriseDataProtection/RetrieveByCount/Type |
-| [Connect your Windows 10-based device to work using a deep link](./mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link) | Added following deep link parameters to the table:
                  - Username
                  - Servername
                  - Accesstoken
                  - Deviceidentifier
                  - Tenantidentifier
                  - Ownership |
-| MDM support for Windows 10 S | Updated the following articles to indicate MDM support in Windows 10 S.
                  - [Configuration service provider reference](configuration-service-provider-reference.md)
                  - [Policy CSP](policy-configuration-service-provider.md) |
-| [TPMPolicy CSP](tpmpolicy-csp.md) | Added the new CSP. |
-
-## What’s new in MDM for Windows 10, version 1607
-
-| New or updated article | Description |
-|-----|-----|
-| Sideloading of apps | Starting in Windows 10, version 1607, sideloading of apps is only allowed through [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md). Product keys (5x5) will no longer be supported to enable sideloading on Windows 10, version 1607 devices. |
-| [NodeCache CSP](nodecache-csp.md) | The value of NodeCache root node starting in Windows 10, version 1607 is com.microsoft/1.0/MDM/NodeCache. |
-| [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) | New CSP. |
-| [Policy CSP](policy-configuration-service-provider.md) | Removed the following policies:
                  - DataProtection/AllowAzureRMSForEDP - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
                  - DataProtection/AllowUserDecryption - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
                  - DataProtection/EDPEnforcementLevel - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
                  - DataProtection/RequireProtectionUnderLockConfig - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
                  - DataProtection/RevokeOnUnenroll - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
                  - DataProtection/EnterpriseCloudResources - moved this policy to NetworkIsolation policy
                  - DataProtection/EnterpriseInternalProxyServers - moved this policy to NetworkIsolation policy
                  - DataProtection/EnterpriseIPRange - moved this policy to NetworkIsolation policy
                  - DataProtection/EnterpriseNetworkDomainNames - moved this policy to NetworkIsolation policy
                  - DataProtection/EnterpriseProxyServers - moved this policy to NetworkIsolation policy
                  - Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices - this policy has been deprecated.

                  Added the WiFi/AllowManualWiFiConfiguration and WiFi/AllowWiFi policies for Windows 10, version 1607:
                  - Windows 10 Pro
                  - Windows 10 Enterprise
                  - Windows 10 Education

                  Added the following new policies:
                  - AboveLock/AllowCortanaAboveLock
                  - ApplicationManagement/DisableStoreOriginatedApps
                  - Authentication/AllowSecondaryAuthenticationDevice
                  - Bluetooth/AllowPrepairing
                  - Browser/AllowExtensions
                  - Browser/PreventAccessToAboutFlagsInMicrosoftEdge
                  - Browser/ShowMessageWhenOpeningSitesInInternetExplorer
                  - DeliveryOptimization/DOAbsoluteMaxCacheSize
                  - DeliveryOptimization/DOMaxDownloadBandwidth
                  - DeliveryOptimization/DOMinBackgroundQoS
                  - DeliveryOptimization/DOModifyCacheDrive
                  - DeliveryOptimization/DOMonthlyUploadDataCap
                  - DeliveryOptimization/DOPercentageMaxDownloadBandwidth
                  - DeviceLock/EnforceLockScreenAndLogonImage
                  - DeviceLock/EnforceLockScreenProvider
                  - Defender/PUAProtection
                  - Experience/AllowThirdPartySuggestionsInWindowsSpotlight
                  - Experience/AllowWindowsSpotlight
                  - Experience/ConfigureWindowsSpotlightOnLockScreen
                  - Experience/DoNotShowFeedbackNotifications
                  - Licensing/AllowWindowsEntitlementActivation
                  - Licensing/DisallowKMSClientOnlineAVSValidation
                  - LockDown/AllowEdgeSwipe
                  - Maps/EnableOfflineMapsAutoUpdate
                  - Maps/AllowOfflineMapsDownloadOverMeteredConnection
                  - Messaging/AllowMessageSync
                  - NetworkIsolation/EnterpriseCloudResources
                  - NetworkIsolation/EnterpriseInternalProxyServers
                  - NetworkIsolation/EnterpriseIPRange
                  - NetworkIsolation/EnterpriseIPRangesAreAuthoritative
                  - NetworkIsolation/EnterpriseNetworkDomainNames
                  - NetworkIsolation/EnterpriseProxyServers
                  - NetworkIsolation/EnterpriseProxyServersAreAuthoritative
                  - NetworkIsolation/NeutralResources
                  - Notifications/DisallowNotificationMirroring
                  - Privacy/DisableAdvertisingId
                  - Privacy/LetAppsAccessAccountInfo
                  - Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps
                  - Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps
                  - Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps
                  - Privacy/LetAppsAccessCalendar
                  - Privacy/LetAppsAccessCalendar_ForceAllowTheseApps
                  - Privacy/LetAppsAccessCalendar_ForceDenyTheseApps
                  - Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps
                  - Privacy/LetAppsAccessCallHistory
                  - Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps
                  - Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps
                  - Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps
                  - Privacy/LetAppsAccessCamera
                  - Privacy/LetAppsAccessCamera_ForceAllowTheseApps
                  - Privacy/LetAppsAccessCamera_ForceDenyTheseApps
                  - Privacy/LetAppsAccessCamera_UserInControlOfTheseApps
                  - Privacy/LetAppsAccessContacts
                  - Privacy/LetAppsAccessContacts_ForceAllowTheseApps
                  - Privacy/LetAppsAccessContacts_ForceDenyTheseApps
                  - Privacy/LetAppsAccessContacts_UserInControlOfTheseApps
                  - Privacy/LetAppsAccessEmail
                  - Privacy/LetAppsAccessEmail_ForceAllowTheseApps
                  - Privacy/LetAppsAccessEmail_ForceDenyTheseApps
                  - Privacy/LetAppsAccessEmail_UserInControlOfTheseApps
                  - Privacy/LetAppsAccessLocation
                  - Privacy/LetAppsAccessLocation_ForceAllowTheseApps
                  - Privacy/LetAppsAccessLocation_ForceDenyTheseApps
                  - Privacy/LetAppsAccessLocation_UserInControlOfTheseApps
                  - Privacy/LetAppsAccessMessaging
                  - Privacy/LetAppsAccessMessaging_ForceAllowTheseApps
                  - Privacy/LetAppsAccessMessaging_ForceDenyTheseApps
                  - Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps
                  - Privacy/LetAppsAccessMicrophone
                  - Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps
                  - Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps
                  - Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps
                  - Privacy/LetAppsAccessMotion
                  - Privacy/LetAppsAccessMotion_ForceAllowTheseApps
                  - Privacy/LetAppsAccessMotion_ForceDenyTheseApps
                  - Privacy/LetAppsAccessMotion_UserInControlOfTheseApps
                  - Privacy/LetAppsAccessNotifications
                  - Privacy/LetAppsAccessNotifications_ForceAllowTheseApps
                  - Privacy/LetAppsAccessNotifications_ForceDenyTheseApps
                  - Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps
                  - Privacy/LetAppsAccessPhone
                  - Privacy/LetAppsAccessPhone_ForceAllowTheseApps
                  - Privacy/LetAppsAccessPhone_ForceDenyTheseApps
                  - Privacy/LetAppsAccessPhone_UserInControlOfTheseApps
                  - Privacy/LetAppsAccessRadios
                  - Privacy/LetAppsAccessRadios_ForceAllowTheseApps
                  - Privacy/LetAppsAccessRadios_ForceDenyTheseApps
                  - Privacy/LetAppsAccessRadios_UserInControlOfTheseApps
                  - Privacy/LetAppsAccessTrustedDevices
                  - Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps
                  - Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps
                  - Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps
                  - Privacy/LetAppsSyncWithDevices
                  - Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps
                  - Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps
                  - Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps
                  - Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices
                  - Settings/AllowEditDeviceName
                  - Speech/AllowSpeechModelUpdate
                  - System/TelemetryProxy
                  - Update/ActiveHoursStart
                  - Update/ActiveHoursEnd
                  - Update/AllowMUUpdateService
                  - Update/BranchReadinessLevel
                  - Update/DeferFeatureUpdatesPeriodInDays
                  - Update/DeferQualityUpdatesPeriodInDays
                  - Update/ExcludeWUDriversInQualityUpdate
                  - Update/PauseFeatureUpdates
                  - Update/PauseQualityUpdates
                  - Update/SetProxyBehaviorForUpdateDetection
                  - Update/UpdateServiceUrlAlternate (Added in the January service release of Windows 10, version 1607)
                  - WindowsInkWorkspace/AllowWindowsInkWorkspace
                  - WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace
                  - WirelessDisplay/AllowProjectionToPC
                  - WirelessDisplay/RequirePinForPairing

                  Updated the Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts description to remove outdated information.

                  Updated DeliveryOptimization/DODownloadMode to add new values.

                  Updated Experience/AllowCortana description to clarify what each supported value does.

                  Updated Security/AntiTheftMode description to clarify what each supported value does. |
-| [DMClient CSP](dmclient-csp.md) | Added the following settings:
                  - ManagementServerAddressList
                  - AADDeviceID
                  - EnrollmentType
                  - HWDevID
                  - CommercialID

                  Removed the EnrollmentID setting. |
-| [DeviceManageability CSP](devicemanageability-csp.md) | New CSP. |
-| [DeviceStatus CSP](devicestatus-csp.md) | Added the following new settings:
                  - DeviceStatus/TPM/SpecificationVersion
                  - DeviceStatus/OS/Edition
                  - DeviceStatus/Antivirus/SignatureStatus
                  - DeviceStatus/Antivirus/Status
                  - DeviceStatus/Antispyware/SignatureStatus
                  - DeviceStatus/Antispyware/Status
                  - DeviceStatus/Firewall/Status
                  - DeviceStatus/UAC/Status
                  - DeviceStatus/Battery/Status
                  - DeviceStatus/Battery/EstimatedChargeRemaining
                  - DeviceStatus/Battery/EstimatedRuntime |
-| [AssignedAccess CSP](assignedaccess-csp.md) | Added SyncML examples. |
-| [EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md) | Added a new Folder table entry in the AssignedAccess/AssignedAccessXml description.
                  Updated the DDF and XSD file sections. |
-| [SecureAssessment CSP](secureassessment-csp.md) | New CSP. |
-| [DiagnosticLog CSP](diagnosticlog-csp.md)
                  [DiagnosticLog DDF](diagnosticlog-ddf.md) | Added version 1.3 of the CSP with two new settings.

                  Added the new 1.3 version of the DDF.

                  Added the following new settings in Windows 10, version 1607
                  - DeviceStateData
                  - DeviceStateData/MdmConfiguration |
-| [Reboot CSP](reboot-csp.md) | New CSP. |
-| [CMPolicyEnterprise CSP](cmpolicyenterprise-csp.md) | New CSP. |
-| [VPNv2 CSP](vpnv2-csp.md) | Added the following settings for Windows 10, version 1607:
                  - _ProfileName_/RouteList/routeRowId/ExclusionRoute
                  - _ProfileName_/DomainNameInformationList/_dniRowId_/AutoTrigger
                  - _ProfileName_/DomainNameInformationList/dniRowId/Persistent
                  - _ProfileName_/ProfileXML
                  - _ProfileName_/DeviceCompliance/Enabled
                  - _ProfileName_/DeviceCompliance/Sso
                  - _ProfileName_/DeviceCompliance/Sso/Enabled
                  - _ProfileName_/DeviceCompliance/Sso/IssuerHash
                  - _ProfileName_/DeviceCompliance/Sso/Eku
                  - _ProfileName_/NativeProfile/CryptographySuite
                  - _ProfileName_/NativeProfile/CryptographySuite/AuthenticationTransformConstants
                  - _ProfileName_/NativeProfile/CryptographySuite/CipherTransformConstants
                  - _ProfileName_/NativeProfile/CryptographySuite/EncryptionMethod
                  - _ProfileName_/NativeProfile/CryptographySuite/IntegrityCheckMethod
                  - _ProfileName_/NativeProfile/CryptographySuite/DHGroup
                  - _ProfileName_/NativeProfile/CryptographySuite/PfsGroup
                  - _ProfileName_/NativeProfile/L2tpPsk |
-| [Win32AppInventory CSP](win32appinventory-csp.md) | New CSP. |
-| [SharedPC CSP](sharedpc-csp.md) | New CSP. |
-| [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) | New CSP. |
-| [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) | Added new classes for Windows 10, version 1607. |
-| [MDM enrollment of Windows devices](mdm-enrollment-of-windows-devices.md) | Article renamed from "Enrollment UI".

                  Completely updated enrollment procedures and screenshots. |
-| [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)
                  [UnifiedWriteFilter DDF File](unifiedwritefilter-ddf.md) | Added the following new setting for Windows 10, version 1607:
                  - NextSession/HORMEnabled |
-| [CertificateStore CSP](certificatestore-csp.md)
                  [CertificateStore DDF file](certificatestore-ddf-file.md) | Added the following new settings in Windows 10, version 1607:
                  - My/WSTEP/Renew/LastRenewalAttemptTime
                  - My/WSTEP/Renew/RenewNow |
-| [WindowsLicensing CSP](windowslicensing-csp.md) | Added the following new node and settings in Windows 10, version 1607, but not documented:
                  - Subscriptions
                  - Subscriptions/SubscriptionId
                  - Subscriptions/SubscriptionId/Status
                  - Subscriptions/SubscriptionId/Name |
-| [WiFi CSP](wifi-csp.md) | Deprecated the following node in Windows 10, version 1607:
                  - DisableInternetConnectivityChecks |
-
-## What’s new in MDM for Windows 10, version 1511
-
-| New or updated article | Description |
-|-----|-----|
-| New configuration service providers added in Windows 10, version 1511 | - [AllJoynManagement CSP](alljoynmanagement-csp.md)
                  - [Maps CSP](maps-csp.md)
                  - [Reporting CSP](reporting-csp.md)
                  - [SurfaceHub CSP](surfacehub-csp.md)
                  - [WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md) |
-| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policy settings:
                  - ApplicationManagement/AllowWindowsBridgeForAndroidAppsExecution
                  - Bluetooth/ServicesAllowedList
                  - DataProtection/AllowAzureRMSForEDP
                  - DataProtection/RevokeOnUnenroll
                  - DeviceLock/DevicePasswordExpiration
                  - DeviceLock/DevicePasswordHistory
                  - TextInput/AllowInputPanel
                  - Update/PauseDeferrals
                  - Update/RequireDeferUpdate
                  - Update/RequireUpdateApproval

                  Updated the following policy settings:
                  - System/AllowLocation
                  - Update/RequireDeferUpgrade

                  Deprecated the following policy settings:
                  - TextInput/AllowKoreanExtendedHanja
                  - WiFi/AllowWiFiHotSpotReporting |
-| Management tool for the Microsoft Store for Business | New articles. The Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. It enables several capabilities that are required for the enterprise to manage the lifecycle of applications from acquisition to updates. |
-| Custom header for generic alert | The MDM-GenericAlert is a new custom header that hosts one or more alert information provided in the http messages sent by the device to the server during an OMA DM session. The generic alert is sent if the session is triggered by the device due to one or more critical or fatal alerts. Here is alert format: `MDM-GenericAlert: `

                  If present, the MDM-GenericAlert is presented in every the outgoing MDM message in the same OMA DM session. For more information about generic alerts, see section 8.7 in the OMA Device Management Protocol, Approved Version 1.2.1 in this [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526). |
-| Alert message for slow client response | When the MDM server sends a configuration request, sometimes it takes the client longer than the HTTP timeout to get all information together and then the session ends unexpectedly due to timeout. By default, the MDM client does not send an alert that a DM request is pending.

                  To work around the timeout, you can use EnableOmaDmKeepAliveMessage setting to keep the session alive by sending a heartbeat message back to the server. This is achieved by sending a SyncML message with a specific device alert element in the body until the client is able to respond back to the server with the requested information. For details, see EnableOmaDmKeepAliveMessage node in the [DMClient CSP](dmclient-csp.md). |
-| [DMClient CSP](dmclient-csp.md) | Added a new node EnableOmaDmKeepAliveMessage to the [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) and updated the ManagementServerAddress to indicate that it can contain a list of URLs. |
-| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added the following new nodes:
                  - AppManagement/GetInventoryQuery
                  - AppManagement/GetInventoryResults
                  - .../_PackageFamilyName_/AppSettingPolicy/_SettingValue_
                  - AppLicenses/StoreLicenses/_LicenseID_/LicenseCategory
                  - AppLicenses/StoreLicenses/_LicenseID_/LicenseUsage
                  - AppLicenses/StoreLicenses/_LicenseID_/RequesterID
                  - AppLicenses/StoreLicenses/_LicenseID_/GetLicenseFromStore |
-| [EnterpriseExt CSP](enterpriseext-csp.md) | Added the following new nodes:
                  - DeviceCustomData (CustomID, CustomeString)
                  - Brightness (Default, MaxAuto)
                  - LedAlertNotification (State, Intensity, Period, DutyCycle, Cyclecount) |
-| [EnterpriseExtFileSystem CSP](enterpriseextfilessystem-csp.md) | Added the OemProfile node.
-| [PassportForWork CSP](passportforwork-csp.md) | Added the following new nodes:
                  - TenantId/Policies/PINComplexity/History
                  - TenantId/Policies/PINComplexity/Expiration
                  - TenantId/Policies/Remote/UseRemotePassport (only for ./Device/Vendor/MSFT)
                  - Biometrics/UseBiometrics (only for ./Device/Vendor/MSFT)
                  - Biometrics/FacialFeaturesUseEnhancedAntiSpoofing (only for ./Device/Vendor/MSFT) |
-| [EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md) | The following updates are done to the [EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md):
                  - In AssignedAccessXML node, added new page settings and quick action settings.
                  - In AssignedAccessXML node, added an example about how to pin applications in multiple app packages using the AUMID.
                  - Updated the [EnterpriseAssignedAccess XSD](enterpriseassignedaccess-xsd.md) article. |
-| [DevDetail CSP](devdetail-csp.md) | The following updates are done to [DevDetail CSP](devdetail-csp.md):
                  - Added TotalStore and TotalRAM settings.
                  - Added support for Replace command for the DeviceName setting. |
-| Handling large objects | Added support for the client to handle uploading of large objects to the server. |
 
 ## Breaking changes and known issues
 
-### Get command inside an atomic command is not supported
+### Get command inside an atomic command isn’t supported
 
-In Windows 10, a Get command inside an atomic command is not supported. This was allowed in Windows Phone 8 and Windows Phone 8.1.
-
-### Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10
-
-During an upgrade from Windows 8.1 to Windows 10, the notification channel URI information is not preserved. In addition, the MDM client loses the PFN, AppID, and client secret.
-
-After upgrading to Windows 10, you should call MDM\_WNSConfiguration class to recreate the notification channel URI.
+In Windows 10 and Windows 11, a Get command inside an atomic command isn't supported. 
 
 ### Apps installed using WMI classes are not removed
 
-Applications installed using WMI classes are not removed when the MDM account is removed from device.
+Applications installed using WMI classes aren't removed when the MDM account is removed from device.
 
 ### Passing CDATA in SyncML does not work
 
-Passing CDATA in data in SyncML to ConfigManager and CSPs does not work in Windows 10. It worked in Windows Phone 8.
+Passing CDATA in data in SyncML to ConfigManager and CSPs doesn't work in Windows 10 and Windows 11.
 
 ### SSL settings in IIS server for SCEP must be set to "Ignore"
 
-The certificate setting under "SSL Settings" in the IIS server for SCEP must be set to "Ignore" in Windows 10. In Windows Phone 8.1, when you set the client certificate to "Accept," it works fine.
+The certificate setting under "SSL Settings" in the IIS server for SCEP must be set to "Ignore" in Windows 10 and Windows 11. 
 
-![ssl settings](images/ssl-settings.png)
+![ssl settings.](images/ssl-settings.png)
 
-### MDM enrollment fails on the mobile device when traffic is going through proxy
+### MDM enrollment fails on the Windows device when traffic is going through proxy
 
-When the mobile device is configured to use a proxy that requires authentication, the enrollment will fail. To work around this issue, the user can use a proxy that does not require authentication or remove the proxy setting from the connected network.
+When the Windows device is configured to use a proxy that requires authentication, the enrollment will fail. To work around this issue, the user can use a proxy that doesn't require authentication or remove the proxy setting from the connected network.
 
 ### Server-initiated unenrollment failure
 
@@ -254,77 +63,49 @@ Remote server unenrollment is disabled for mobile devices enrolled via Azure Act
 
 ### Certificates causing issues with Wi-Fi and VPN
 
-Currently in Windows 10, version 1511, when using the ClientCertificateInstall to install certificates to the device store and the user store and both certificates are sent to the device in the same MDM payload, the certificate intended for the device store will also get installed in the user store. This may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We are working to fix this issue.
+In Windows 10 and Windows 11, when using the ClientCertificateInstall to install certificates to the device store and the user store and both certificates are sent to the device in the same MDM payload, the certificate intended for the device store will also get installed in the user store. This dual installation may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We're working to fix this issue.
 
-### Version information for mobile devices
+### Version information for Windows 11
 
-The software version information from **DevDetail/SwV** does not match the version in **Settings** under **System/About**.
+The software version information from **DevDetail/Ext/Microsoft/OSPlatform** doesn't match the version in **Settings** under **System/About**.
 
-### Upgrading Windows Phone 8.1 devices with app allow-listing using ApplicationRestriction policy has issues
+### Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 and Windows 11
 
--   When you upgrade Windows Phone 8.1 devices to Windows 10 Mobile using ApplicationRestrictions with a list of allowed apps, some Windows inbox apps get blocked causing unexpected behavior. To work around this issue, you must include the [inbox apps](applocker-csp.md#inboxappsandcomponents) that you need to your list of allowed apps.
+In your deployment, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned doesn't have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. The solution is to ensure that the Wi-Fi profile provisioned has strict filtering criteria such that it matches only one certificate.
 
-    Here's additional guidance for the upgrade process:
-
-    -   Use Windows 10 product IDs for the apps listed in [inbox apps](applocker-csp.md#inboxappsandcomponents).
-    -   Use the new Microsoft publisher name (PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") and Publisher="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" if you are using the publisher policy. Do not remove the Windows Phone 8.1 publisher rule if you are using it.
-    -   In the SyncML, you must use lowercase product ID.
-    -   Do not duplicate a product ID. Messaging and Skype Video use the same product ID. Duplicates cause an error.
-
-
--   Silverlight xaps may not install even if publisher policy is specified using Windows Phone 8.1 publisher rule. For example, Silverlight app "Level" will not install even if you specify <Publisher PublisherName=”Microsoft Corporation” />.
-
-    To workaround this issue, remove the Windows Phone 8.1 publisher rule and add the specific product ID for each Silverlight app you want to allow to the allowed app list.
-
--   Some apps (specifically those that are published in Microsoft Store as AppX Bundles) are blocked from installing even when they are included in the app list.
-
-    No workaround is available at this time. An OS update to fix this issue is coming soon.
-
-### Apps dependent on Microsoft Frameworks may get blocked in phones prior to build 10586.218
-
-Applies only to phone prior to build 10586.218: When ApplicationManagement/ApplicationRestrictions policy is deployed to Windows 10 Mobile, installation and update of apps dependent on Microsoft Frameworks may get blocked with error 0x80073CF9. To work around this issue, you must include the Microsoft Framework ID to your list of allowed apps.
-
-```xml
-
-```
-
-### Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile
-
-In your deployment, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. The solution is to ensure that the Wi-Fi profile provisioned has strict filtering criteria such that it matches only one certificate.
-
-Enterprises deploying certificate based EAP authentication for VPN/Wi-Fi can face a situation where there are multiple certificates that meet the default criteria for authentication. This can lead to issues such as:
+Enterprises deploying certificate-based EAP authentication for VPN/Wi-Fi can face a situation where there are multiple certificates that meet the default criteria for authentication. This situation can lead to issues such as:
 
 -   The user may be prompted to select the certificate.
 -   The wrong certificate may get auto selected and cause an authentication failure.
 
 A production ready deployment must have the appropriate certificate details as part of the profile being deployed. The following information explains how to create or update an EAP Configuration XML such that the extraneous certificates are filtered out and the appropriate certificate can be used for the authentication.
 
-EAP XML must be updated with relevant information for your environment This can be done either manually by editing the XML sample below, or by using the step by step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows:
+EAP XML must be updated with relevant information for your environment. This task can be done either manually by editing the XML sample below, or by using the step by step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows:
 
--   For Wi-Fi, look for the <EAPConfig> section of your current WLAN Profile XML (This is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags you will find the complete EAP configuration. Replace the section under <EAPConfig> with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
+-   For Wi-Fi, look for the <EAPConfig> section of your current WLAN Profile XML (This detail is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags, you'll find the complete EAP configuration. Replace the section under <EAPConfig> with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
 -   For VPN, EAP Configuration is a separate field in the MDM Configuration. Work with your MDM provider to identify and update the appropriate Field.
 
-For information about EAP Settings, see 
+For information about EAP Settings, see .
 
-For information about generating an EAP XML, see [EAP configuration](eap-configuration.md)
+For information about generating an EAP XML, see [EAP configuration](eap-configuration.md).
 
-For more information about extended key usage, see 
+For more information about extended key usage, see .
 
-For information about adding extended key usage (EKU) to a certificate, see 
+For information about adding extended key usage (EKU) to a certificate, see .
 
 The following list describes the prerequisites for a certificate to be used with EAP:
 
 -   The certificate must have at least one of the following EKU (Extended Key Usage) properties:
 
-    -   Client Authentication
-    -   As defined by RFC 5280, this is a well-defined OID with Value 1.3.6.1.5.5.7.3.2
-    -   Any Purpose
-    -   An EKU Defined and published by Microsoft, is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that additional non-critical or custom EKUs can still be added to the certificate for effective filtering.
-    -   All Purpose
-    -   As defined by RFC 5280, If a CA includes extended key usages to satisfy some application needs, but does not want to restrict usage of the key, the CA can add an Extended Key Usage Value of 0. A certificate with such an EKU can be used for all purposes.
--   The user or the computer certificate on the client chains to a trusted root CA
--   The user or the computer certificate does not fail any one of the checks that are performed by the CryptoAPI certificate store, and the certificate passes requirements in the remote access policy.
--   The user or the computer certificate does not fail any one of the certificate object identifier checks that are specified in the Internet Authentication Service (IAS)/Radius Server.
+    -   Client Authentication.
+    -   As defined by RFC 5280, this property is a well-defined OID with Value 1.3.6.1.5.5.7.3.2.
+    -   Any Purpose.
+    -   An EKU Defined and published by Microsoft, is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering.
+    -   All Purpose.
+    -   As defined by RFC 5280, If a CA includes extended key usages to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an Extended Key Usage Value of 0. A certificate with such an EKU can be used for all purposes.
+-   The user or the computer certificate on the client chains to a trusted root CA.
+-   The user or the computer certificate doesn't fail any one of the checks that are performed by the CryptoAPI certificate store, and the certificate passes requirements in the remote access policy.
+-   The user or the computer certificate doesn't fail any one of the certificate object identifier checks that are specified in the Internet Authentication Service (IAS)/Radius Server.
 -   The Subject Alternative Name (SubjectAltName) extension in the certificate contains the user principal name (UPN) of the user.
 
 The following XML sample explains the properties for the EAP TLS XML including certificate filtering.
@@ -436,73 +217,135 @@ The following XML sample explains the properties for the EAP TLS XML including c
 
 Alternatively you can use the following procedure to create an EAP Configuration XML.
 
-1.  Follow steps 1 through 7 in the [EAP configuration](eap-configuration.md) article.
-2.  In the Microsoft VPN SelfHost Properties dialog box, select **Microsoft : Smart Card or other Certificate** from the drop down (this selects EAP TLS.)
+1.  Follow steps 1 through 7 in [EAP configuration](eap-configuration.md).
 
-    ![vpn selfhost properties window](images/certfiltering1.png)
+2.  In the Microsoft VPN SelfHost Properties dialog box, select **Microsoft : Smart Card or other Certificate** from the drop-down menu (this drop-down menu selects EAP TLS.).
+
+    :::image type="content" alt-text="vpn selfhost properties window." source="images/certfiltering1.png":::
 
     > [!NOTE]
     > For PEAP or TTLS, select the appropriate method and continue following this procedure.
 
-3.  Click the **Properties** button underneath the drop down menu.
+3.  Click the **Properties** button underneath the drop-down menu.
+
 4.  In the **Smart Card or other Certificate Properties** menu, select the **Advanced** button.
 
-    ![smart card or other certificate properties window](images/certfiltering2.png)
+	:::image type="content" alt-text="smart card or other certificate properties window." source="images/certfiltering2.png":::
+
 5.  In the **Configure Certificate Selection** menu, adjust the filters as needed.
 
-    ![configure certificate selection window](images/certfiltering3.png)
+	:::image type="content" alt-text="configure certificate selection window." source="images/certfiltering3.png":::
+
 6.  Click **OK** to close the windows to get back to the main rasphone.exe dialog box.
+
 7.  Close the rasphone dialog box.
-8.  Continue following the procedure in the [EAP configuration](eap-configuration.md) article from Step 9 to get an EAP TLS profile with appropriate filtering.
+
+8.  Continue following the procedure in [EAP configuration](eap-configuration.md) from Step 9 to get an EAP TLS profile with appropriate filtering.
 
 > [!NOTE]
 > You can also set all the other applicable EAP Properties through this UI as well. A guide to what these properties mean can be found in [Extensible Authentication Protocol (EAP) Settings for Network Access](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh945104(v=ws.11)).
 
 
-### Remote PIN reset not supported in Azure Active Directory joined mobile devices
+### MDM client will immediately check in with the MDM server after client renews WNS channel URI
 
-In Windows 10 Mobile, remote PIN reset in Azure AD joined devices are not supported. Devices are wiped when you issue a remote PIN reset command using the RemoteLock CSP.
+After the MDM client automatically renews the WNS channel URI, the MDM client will immediately check-in with the MDM server. Henceforth, for every MDM client check-in, the MDM server should send a GET request for "ProviderID/Push/ChannelURI" to retrieve the latest channel URI and compare it with the existing channel URI; then update the channel URI if necessary.
 
-### MDM client will immediately check-in with the MDM server after client renews WNS channel URI
+### User provisioning failure in Azure Active Directory joined Windows 10 and Windows 11 devices
 
-Starting in Windows 10, after the MDM client automatically renews the WNS channel URI, the MDM client will immediately check-in with the MDM server. Henceforth, for every MDM client check-in, the MDM server should send a GET request for "ProviderID/Push/ChannelURI" to retrieve the latest channel URI and compare it with the existing channel URI; then update the channel URI if necessary.
-
-### User provisioning failure in Azure Active Directory joined Windows 10 PC
-
-In Azure AD joined Windows 10 PC, provisioning /.User resources fails when the user is not logged in as an Azure AD user. If you attempt to join Azure AD from **Settings** > **System** > **About** user interface, make sure to log off and log on with Azure AD credentials to get your organizational configuration from your MDM server. This behavior is by design.
+In Azure AD joined Windows 10 and Windows 11, provisioning /.User resources fails when the user isn't logged in as an Azure AD user. If you attempt to join Azure AD from **Settings** > **System** > **About** user interface, ensure to sign out and sign in with Azure AD credentials to get your organizational configuration from your MDM server. This behavior is by design.
 
 ### Requirements to note for VPN certificates also used for Kerberos Authentication
 
-If you want to use the certificate used for VPN authentication also for Kerberos authentication (required if you need access to on-premises resources using NTLM or Kerberos), the user's certificate must meet the requirements for smart card certificate, the Subject field should contain the DNS domain name in the DN or the SAN should contain a fully qualified UPN so that the DC can be located from the DNS registrations. If certificates that do not meet these requirements are used for VPN, users may fail to access resources that require Kerberos authentication. 
+If you want to use the certificate used for VPN authentication also for Kerberos authentication (required if you need access to on-premises resources using NTLM or Kerberos), the user's certificate must meet the requirements for smart card certificate, the Subject field should contain the DNS domain name in the DN or the SAN should contain a fully qualified UPN so that the DC can be located from the DNS registrations. If certificates that don't meet these requirements are used for VPN, users may fail to access resources that require Kerberos authentication. 
 
 ### Device management agent for the push-button reset is not working
 
 The DM agent for [push-button reset](/windows-hardware/manufacture/desktop/push-button-reset-overview) keeps the registry settings for OMA DM sessions, but deletes the task schedules. The client enrollment is retained, but it never syncs with the MDM service.
 
+
 ## Frequently Asked Questions
 
 
-### **Can there be more than one MDM server to enroll and manage devices in Windows 10?**
+### Can there be more than one MDM server to enroll and manage devices in Windows 10 or 11?
+
 No. Only one MDM is allowed.
 
-### **How do I set the maximum number of Azure Active Directory joined devices per user?**
-1.  Login to the portal as tenant admin: https://manage.windowsazure.com.
-2.  Click Active Directory on the left pane.
-3.  Choose your tenant.
-4.  Click **Configure**.
-5.  Set quota to unlimited.
+### How do I set the maximum number of Azure Active Directory joined devices per user?
 
-    ![aad maximum joined devices](images/faq-max-devices.png)
- 
+1. Sign in to the portal as tenant admin: https://portal.azure.com.
+2. Select Active Directory on the left pane.
+3. Choose your tenant.
+4. Select **Configure**.
+5. Set quota to unlimited.
 
-### **What is dmwappushsvc?**
+  :::image type="content" alt-text="aad maximum joined devices." source="images/faq-max-devices.png":::
+
+### What is dmwappushsvc?
 
 Entry | Description
 --------------- | --------------------
-What is dmwappushsvc? | It is a Windows service that ships in Windows 10 operating system as a part of the windows management platform. It is used internally by the operating system as a queue for categorizing and processing all WAP messages, which include Windows management messages, MMS, NabSync, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. |
-What data is handled by dmwappushsvc? | It is a component handling the internal workings of the management platform and involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further: MMS, NabSync, SI/SL. This service does not send telemetry.|
-How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and  required for the proper functioning of the device, we strongly recommend not to do this. Disabling this will cause your management to fail.|
+What is dmwappushsvc? | It's a Windows service that ships in Windows 10 and Windows 11 operating system as a part of the windows management platform. It's used internally by the operating system as a queue for categorizing and processing all WAP messages, which include Windows management messages, MMS, NabSync, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. |
+What data is handled by dmwappushsvc? | It's a component handling the internal workings of the management platform and involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further: MMS, NabSync, SI/SL. This service doesn't send telemetry.|
+How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this service is a component part of the OS and  required for the proper functioning of the device, we strongly recommend not to disable the service. Disabling this service will cause your management to fail.|
+
+
+
+## What’s new in MDM for Windows 10, version 20H2
+
+|New or updated article|Description|
+|-----|-----|
+| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 20H2:
                  - [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent)
                  - [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
                  - [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
                  - [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
                  - [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
                  - [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
                  - [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
                  - [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) |
+| [SurfaceHub CSP](surfacehub-csp.md) | Added the following new node:
                  - Properties/SleepMode |
+| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Updated the description of the following node:
                  - Settings/AllowWindowsDefenderApplicationGuard |
+
+## What’s new in MDM for Windows 10, version 2004
+
+| New or updated article | Description |
+|-----|-----|
+| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 2004: 
                  - [ApplicationManagement/BlockNonAdminUserInstall](policy-csp-applicationmanagement.md#applicationmanagement-blocknonadminuserinstall)
                  - [Bluetooth/SetMinimumEncryptionKeySize](policy-csp-bluetooth.md#bluetooth-setminimumencryptionkeysize)
                  - [DeliveryOptimization/DOCacheHostSource](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehostsource)
                  - [DeliveryOptimization/DOMaxBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxbackgrounddownloadbandwidth)
                  - [DeliveryOptimization/DOMaxForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxforegrounddownloadbandwidth)
                  - [Education/AllowGraphingCalculator](policy-csp-education.md#education-allowgraphingcalculator)
                  - [TextInput/ConfigureJapaneseIMEVersion](policy-csp-textinput.md#textinput-configurejapaneseimeversion)
                  - [TextInput/ConfigureSimplifiedChineseIMEVersion](policy-csp-textinput.md#textinput-configuresimplifiedchineseimeversion)
                  - [TextInput/ConfigureTraditionalChineseIMEVersion](policy-csp-textinput.md#textinput-configuretraditionalchineseimeversion)

                  Updated the following policy in Windows 10, version 2004:
                  - [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)

                  Deprecated the following policies in Windows 10, version 2004:
                  - [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
                  - [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
                  - [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth) |
+| [DevDetail CSP](devdetail-csp.md) | Added the following new node:
                  - Ext/Microsoft/DNSComputerName |
+| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added the following new node:
                  - IsStub |
+| [SUPL CSP](supl-csp.md) | Added the following new node:
                  - FullVersion |
+
+## What’s new in MDM for Windows 10, version 1909
+
+| New or updated article | Description |
+|-----|-----|
+| [BitLocker CSP](bitlocker-csp.md) | Added the following new nodes in Windows 10, version 1909:
                  - ConfigureRecoveryPasswordRotation
                  - RotateRecoveryPasswords
                  - RotateRecoveryPasswordsStatus
                  - RotateRecoveryPasswordsRequestID|
+
+## What’s new in MDM for Windows 10, version 1903
+
+| New or updated article | Description |
+|-----|-----|
+|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 1903:
                  - [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
                  - [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
                  - [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-allowdevicehealthmonitoring)
                  - [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringscope)
                  - [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
                  - [DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceinstanceids)
                  - [DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceinstanceids)
                  - [Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile)
                  - [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar)
                  - [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
                  - [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
                  - [InternetExplorer/DisableFeedsBackgroundSync](policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync)
                  - [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
                  - [InternetExplorer/DisableWebAddressAutoComplete](policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete)
                  - [InternetExplorer/NewTabDefaultPage](policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage)
                  - [Power/EnergySaverBatteryThresholdOnBattery](policy-csp-power.md#power-energysaverbatterythresholdonbattery)
                  - [Power/EnergySaverBatteryThresholdPluggedIn](policy-csp-power.md#power-energysaverbatterythresholdpluggedin)
                  - [Power/SelectLidCloseActionOnBattery](policy-csp-power.md#power-selectlidcloseactiononbattery)
                  - [Power/SelectLidCloseActionPluggedIn](policy-csp-power.md#power-selectlidcloseactionpluggedin)
                  - [Power/SelectPowerButtonActionOnBattery](policy-csp-power.md#power-selectpowerbuttonactiononbattery)
                  - [Power/SelectPowerButtonActionPluggedIn](policy-csp-power.md#power-selectpowerbuttonactionpluggedin)
                  - [Power/SelectSleepButtonActionOnBattery](policy-csp-power.md#power-selectsleepbuttonactiononbattery)
                  - [Power/SelectSleepButtonActionPluggedIn](policy-csp-power.md#power-selectsleepbuttonactionpluggedin)
                  - [Power/TurnOffHybridSleepOnBattery](policy-csp-power.md#power-turnoffhybridsleeponbattery)
                  - [Power/TurnOffHybridSleepPluggedIn](policy-csp-power.md#power-turnoffhybridsleeppluggedin)
                  - [Power/UnattendedSleepTimeoutOnBattery](policy-csp-power.md#power-unattendedsleeptimeoutonbattery)
                  - [Power/UnattendedSleepTimeoutPluggedIn](policy-csp-power.md#power-unattendedsleeptimeoutpluggedin)
                  - [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice)
                  - [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock)
                  - [Search/AllowFindMyFiles](policy-csp-search.md#search-allowfindmyfiles)
                  - [ServiceControlManager/SvchostProcessMitigation](policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation)
                  - [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline)
                  - [System/TurnOffFileHistory](policy-csp-system.md#system-turnofffilehistory)
                  - [TimeLanguageSettings/ConfigureTimeZone](policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone)
                  - [Troubleshooting/AllowRecommendations](policy-csp-troubleshooting.md#troubleshooting-allowrecommendations)
                  - [Update/AutomaticMaintenanceWakeUp](policy-csp-update.md#update-automaticmaintenancewakeup)
                  - [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates)
                  - [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)
                  - [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)
                  - [WindowsLogon/AllowAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon)
                  - [WindowsLogon/ConfigAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)
                  - [WindowsLogon/EnableFirstLogonAnimation](policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation)|
+| [Policy CSP - Audit](policy-csp-audit.md) | Added the new Audit policy CSP. |
+| [ApplicationControl CSP](applicationcontrol-csp.md) | Added the new CSP. |
+| [Defender CSP](defender-csp.md) | Added the following new nodes:
                  - Health/TamperProtectionEnabled
                  - Health/IsVirtualMachine
                  - Configuration
                  - Configuration/TamperProtection
                  - Configuration/EnableFileHashComputation |
+| [DiagnosticLog CSP](diagnosticlog-csp.md) 
                   [DiagnosticLog DDF](diagnosticlog-ddf.md) | Added version 1.4 of the CSP in Windows 10, version 1903. 
                  Added the new 1.4 version of the DDF. 
                  Added the following new nodes:
                  - Policy
                  - Policy/Channels
                  - Policy/Channels/ChannelName
                  - Policy/Channels/ChannelName/MaximumFileSize
                  - Policy/Channels/ChannelName/SDDL
                  - Policy/Channels/ChannelName/ActionWhenFull
                  - Policy/Channels/ChannelName/Enabled
                  - DiagnosticArchive
                  - DiagnosticArchive/ArchiveDefinition
                  - DiagnosticArchive/ArchiveResults |
+| [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) | Added the new CSP. |
+| [PassportForWork CSP](passportforwork-csp.md) | Added the following new nodes:
                  - SecurityKey
                  - SecurityKey/UseSecurityKeyForSignin |
+
+
+## What’s new in MDM for Windows 10, version 1809
+
+| New or updated article | Description |
+|-----|-----|
+|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policy settings in Windows 10, version 1809:
                  - ApplicationManagement/LaunchAppAfterLogOn
                  - ApplicationManagement/ScheduleForceRestartForUpdateFailures
                  - Authentication/EnableFastFirstSignIn (Preview mode only)
                  - Authentication/EnableWebSignIn (Preview mode only)
                  - Authentication/PreferredAadTenantDomainName
                  - Browser/AllowFullScreenMode
                  - Browser/AllowPrelaunch
                  - Browser/AllowPrinting
                  - Browser/AllowSavingHistory
                  - Browser/AllowSideloadingOfExtensions
                  - Browser/AllowTabPreloading
                  - Browser/AllowWebContentOnNewTabPage
                  - Browser/ConfigureFavoritesBar
                  - Browser/ConfigureHomeButton
                  - Browser/ConfigureKioskMode
                  - Browser/ConfigureKioskResetAfterIdleTimeout
                  - Browser/ConfigureOpenMicrosoftEdgeWith
                  - Browser/ConfigureTelemetryForMicrosoft365Analytics
                  - Browser/PreventCertErrorOverrides
                  - Browser/SetHomeButtonURL
                  - Browser/SetNewTabPageURL
                  - Browser/UnlockHomeButton
                  - Defender/CheckForSignaturesBeforeRunningScan
                  - Defender/DisableCatchupFullScan
                  - Defender/DisableCatchupQuickScan
                  - Defender/EnableLowCPUPriority
                  - Defender/SignatureUpdateFallbackOrder
                  - Defender/SignatureUpdateFileSharesSources
                  - DeviceGuard/ConfigureSystemGuardLaunch
                  - DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
                  - DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
                  - DeviceInstallation/PreventDeviceMetadataFromNetwork
                  - DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
                  - DmaGuard/DeviceEnumerationPolicy
                  - Experience/AllowClipboardHistory
                  - Experience/DoNotSyncBrowserSettings
                  - Experience/PreventUsersFromTurningOnBrowserSyncing
                  - Kerberos/UPNNameHints
                  - Privacy/AllowCrossDeviceClipboard
                  - Privacy/DisablePrivacyExperience
                  - Privacy/UploadUserActivities
                  - Security/RecoveryEnvironmentAuthentication
                  - System/AllowDeviceNameInDiagnosticData
                  - System/ConfigureMicrosoft365UploadEndpoint
                  - System/DisableDeviceDelete
                  - System/DisableDiagnosticDataViewer
                  - Storage/RemovableDiskDenyWriteAccess
                  - TaskManager/AllowEndTask
                  - Update/DisableWUfBSafeguards
                  - Update/EngagedRestartDeadlineForFeatureUpdates
                  - Update/EngagedRestartSnoozeScheduleForFeatureUpdates
                  - Update/EngagedRestartTransitionScheduleForFeatureUpdates
                  - Update/SetDisablePauseUXAccess
                  - Update/SetDisableUXWUAccess
                  - WindowsDefenderSecurityCenter/DisableClearTpmButton
                  - WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
                  - WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
                  - WindowsLogon/DontDisplayNetworkSelectionUI |
+| [BitLocker CSP](bitlocker-csp.md) | Added a new node AllowStandardUserEncryption in Windows 10, version 1809. Added support for Windows 10 Pro. |
+| [Defender CSP](defender-csp.md) | Added a new node Health/ProductStatus in Windows 10, version 1809. |
+| [DevDetail CSP](devdetail-csp.md) | Added a new node SMBIOSSerialNumber in Windows 10, version 1809. |
+| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added NonRemovable setting under AppManagement node in Windows 10, version 1809. |
+| [Office CSP](office-csp.md) | Added FinalStatus setting in Windows 10, version 1809. |
+| [PassportForWork CSP](passportforwork-csp.md) | Added new settings in Windows 10, version 1809. |
+| [RemoteWipe CSP](remotewipe-csp.md) | Added new settings in Windows 10, version 1809. |
+| [SUPL CSP](supl-csp.md) | Added three new certificate nodes in Windows 10, version 1809. |
+| [TenantLockdown CSP](tenantlockdown-csp.md) | Added new CSP in Windows 10, version 1809. |
+| [Wifi CSP](wifi-csp.md) | Added a new node WifiCost in Windows 10, version 1809. |
+| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Added new settings in Windows 10, version 1809. |
+| [WindowsLicensing CSP](windowslicensing-csp.md) | Added S mode settings and SyncML examples in Windows 10, version 1809. |
+| [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md) | Added new configuration service provider in Windows 10, version 1809. |
+
 
 ## Change history for MDM documentation
 
-To know what's changed in MDM documentation, see [Change history for MDM documentation](change-history-for-mdm-documentation.md).
\ No newline at end of file
+To know what's changed in MDM documentation, see [Change history for MDM documentation](change-history-for-mdm-documentation.md).
diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md
index ff47aa238d..039ac5d742 100644
--- a/windows/client-management/mdm/nodecache-csp.md
+++ b/windows/client-management/mdm/nodecache-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -25,9 +25,9 @@ application/x-nodemon-sha256
 
 ```
 
-NodeCache will hash the values and compare with a hash value that was sent down by the server. This supports checking a parent node and its children recursively.
+NodeCache will hash the values and compare with a hash value that was sent down by the server. This process supports checking a parent node and its children recursively.
 
-The following shows the NodeCache configuration service provider in tree format.
+The following example shows the NodeCache configuration service provider in tree format.
 ```
 ./User/Vendor/MSFT
 NodeCache
@@ -69,7 +69,7 @@ NodeCache
 ----------------AutoSetExpectedValue
 ```
 **./Device/Vendor/MSFT and ./User/Vendor/MSFT**  
-Required. The root node for the NodeCache object. Supported operation is Get. This configuration service provider is used for enterprise device management only. This is a predefined MIME type to identify this managed object in OMA DM syntax.
+Required. The root node for the NodeCache object. Supported operation is Get. This configuration service provider is used for enterprise device management only. This parameter's value is a predefined MIME type to identify this managed object in OMA DM syntax.
 
 ***ProviderID***  
 Optional. Group settings per DM server. Each group of settings is distinguished by the server’s Provider ID. It should be the same DM server **PROVIDER-ID** value that was supplied through the [w7 APPLICATION configuration service provider](w7-application-csp.md) XML during the enrollment process. Only one enterprise management server is supported. That is, there should be only one *ProviderID* node under **NodeCache**. Scope is dynamic.
@@ -82,14 +82,14 @@ Optional. Character string representing the cache version set by the server. Sco
 Data type is string. Supported operations are Get, Add, and Replace.
 
 ***ProviderID*/ChangedNodes**  
-Optional. List of nodes whose values do not match their expected values as specified in **/*NodeID*/ExpectedValue**. Scope is dynamic.
+Optional. List of nodes whose values don't match their expected values as specified in **/*NodeID*/ExpectedValue**. Scope is dynamic.
 
 Data type is string. Supported operation is Get.
 
 ***ProviderID*/ChangedNodesData**  
-Added in Windows 10, version 1703. Optional. XML containing nodes whose values do not match their expected values as specified in /NodeID/ExpectedValue.
+Added in Windows 10, version 1703. Optional. XML containing nodes whose values don't match their expected values as specified in /NodeID/ExpectedValue.
 
-Suppported operation is Get.
+Supported operation is Get.
 
 ***ProviderID*/Nodes**  
 Required. Root node for cached nodes. Scope is dynamic.
@@ -107,7 +107,7 @@ Required. This node's value is a complete OMA DM node URI. It can specify either
 Data type is string. Supported operations are Get, Add, and Delete.
 
 **/*NodeID*/ExpectedValue**  
-Required. This is the value that the server expects to be on the device. When the configuration service provider initiates a session, it checks the expected value against the node's actual value. Scope is dynamic. Supported values are string and x-nodemon-nonexistent.
+Required. The server expects this value to be on the device. When the configuration service provider initiates a session, it checks the expected value against the node's actual value. Scope is dynamic. Supported values are string and x-nodemon-nonexistent.
 
 Supported operations are Get, Add, and Delete.
 
@@ -129,7 +129,7 @@ Here's an example for setting the ExpectedValue to nonexistent.
 ```
 
 **/*NodeID*/AutoSetExpectedValue**  
-Added in Windows 10, version 1703. Required. This automatically sets the value on the device to match the actual value of the node. The node is specified in NodeURI.
+Added in Windows 10, version 1703. Required. This parameter's value automatically sets the value on the device to match the actual value of the node. The node is specified in NodeURI.
 
 Supported operations are Add, Get, and Delete.
 
@@ -166,7 +166,7 @@ Supported operations are Add, Get, and Delete.
 
     1.  If a value already exists in the server-side cache, retrieve the value from the server-side cache instead of going to the device.
 
-    2.  If a value does not exist in the server-side cache, do the following:
+    2.  If a value doesn't exist in the server-side cache, do the following tasks:
 
         1.  Create a new entry with a unique *NodeID* in the server-side cache.
 
@@ -370,12 +370,12 @@ For AutoSetExpectedValue, a Replace operation with empty data will query the ./D
 
 A Get operation on ./Vendor/MSFT/NodeCache/MDM%20SyncML%20Server/Nodes/20/ExpectedValue returns what the Device Name was when the AutoSet was called.
 
-A Get operation on the ChangedNodesData returns an encoded XML. Here is example:
+A Get operation on the ChangedNodesData returns an encoded XML. Here's an example:
 
 ```xml
 U09NRU5FV1ZBTFVF
 ```
-It represents this:
+It represents this example:
 
 ```xml
 
@@ -383,10 +383,10 @@ It represents this:
     U09NRU5FV1ZBTFVF
 
 ```
-Id is the node ID that was added by the MDM server, and Uri is the path that the node is tracking.
-If a Uri is not set, the node will always be reported as changed, as in Node id 10.
+Id is the node Id that was added by the MDM server, and Uri is the path that the node is tracking.
+If a Uri isn't set, the node will always be reported as changed, as in Node Id 10.
 
-The value inside of the node tag is the actual value returned by the Uri, which means that for Node Id 20 the DeviceName did not match what was previously expected, and the device name is now U09NRU5FV1ZBTFVF instead of what it was previously.
+The value inside of the node tag is the actual value returned by the Uri, which means that for Node Id 20 the DeviceName didn't match what was previously expected, and the device name is now U09NRU5FV1ZBTFVF instead of what it was previously.
 
 
 ## Related topics
diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md
index 06a74f2979..a344d5d843 100644
--- a/windows/client-management/mdm/nodecache-ddf-file.md
+++ b/windows/client-management/mdm/nodecache-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
@@ -57,7 +57,7 @@ The XML below is the current version for this CSP.
               
               
             
-            Group settings per DM server. Each group of settings is distinguished by the server's Provider ID. It should be the same DM server PROVIDER-ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. In Windows Phone 8, only one enterprise management server is supported. That is, there should be only one ProviderID node under NodeCache.
+            Group settings per DM server. Each group of settings is distinguished by the server's Provider ID. It should be the same DM server PROVIDER-ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process.
             
               
             
@@ -282,7 +282,7 @@ The XML below is the current version for this CSP.
               
               
             
-            Group settings per DM server. Each group of settings is distinguished by the server's Provider ID. It should be the same DM server PROVIDER-ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. In Windows Phone 8, only one enterprise management server is supported. That is, there should be only one ProviderID node under NodeCache.
+            Group settings per DM server. Each group of settings is distinguished by the server's Provider ID. It should be the same DM server PROVIDER-ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process.
             
               
             
diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md
index 7516e3c411..79204c2935 100644
--- a/windows/client-management/mdm/office-csp.md
+++ b/windows/client-management/mdm/office-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/15/2018
 ms.reviewer: 
 manager: dansimp
@@ -18,10 +18,11 @@ The Office configuration service provider (CSP) enables a Microsoft Office clien
 
 This CSP was added in Windows 10, version 1703.
 
-For additional information, see [Office DDF](office-ddf.md).
+For more information, see [Office DDF](office-ddf.md).
 
 The following shows the Office configuration service provider in tree format.
-```
+
+```console
 ./Vendor/MSFT
 Office
 ----Installation
@@ -46,6 +47,7 @@ Office
 ------------Install
 ------------Status
 ```
+
 **./Device/Vendor/MSFT/Office/ or ./User/Vendor/MSFT/Office**  
 The root node for the Office configuration service provider.
                  
 
@@ -78,7 +80,7 @@ Behavior:
 -  When Office CSP is triggered to install, it will first check if the FinalStatus node exists or not. If the node exists, delete it.
 -  When Office installation reaches any terminal states (either success or failure), this node is created that contains the following values:  
     - When status = 0: 70 (succeeded)
-    - When status != 0: 60 (failed)
+    - When status!= 0: 60 (failed)
 
 **Installation/CurrentStatus**  
 Returns an XML of current Office 365 installation status on the device.
@@ -151,140 +153,22 @@ To get the current status of Office 365 on the device.
 
 ## Status code
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  StatusDescriptionComment
                  0Installation succeededOK
                  997Installation in progress
                  13ERROR_INVALID_DATA 
-
                  Cannot verify signature of the downloaded Office Deployment Tool (ODT)
                  		Failure
                  1460ERROR_TIMEOUT 
-
                  Failed to download ODT
                  		Failure
                  1602 ERROR_INSTALL_USEREXIT 
-
                  User cancelled the installation 
                  		Failure
                  1603ERROR_INSTALL_FAILURE
-
                  Failed any pre-req check.
                  
-
                    
-
                  • SxS (Tried to install when 2016 MSI is installed)
                    • 
-
                  • Bit mismatch between the currently installed Office and the Office that was attempting to be installed (such as when you try to install a 32-bit version while 64-bit version is currently installed.)
                    • 
-
                  
-                  		Failure
                  17000ERROR_PROCESSPOOL_INITIALIZATION 
-
                  Failed to start C2RClient 
                  		Failure
                  17001ERROR_QUEUE_SCENARIO 
-
                  Failed to queue installation scenario in C2RClient
                  		Failure
                  17002ERROR_COMPLETING_SCENARIO 
-
                  Failed to complete the process. Possible reasons:
                  
-
                    
-
                  • Installation cancelled by user
                    • 
-
                  • Installation cancelled by another installation
                    • 
-
                  • Out of disk space during installation 
                    • 
-
                  • Unknown language ID
                    • 
-
                  		Failure
                  17003ERROR_ANOTHER_RUNNING_SCENARIO 
-
                  Another scenario is running
                  		Failure
                  17004ERROR_COMPLETING_SCENARIO_NEED_CLEAN_UP
-
                  Possible reasons:
                  
-
                     
-
                  • Unknown SKUs
                    • 
-
                  • Content does't exist on CDN
-
                    • such as trying to install an unsupported LAP, like zh-sg
                      • 
-
                    • CDN issue that content is not available
                    
-
                    • 
-
                  • Signature check issue, such as failed the signature check for Office content
                    • 
-
                  • User cancelled
-
                  
-                  		Failure
                  17005ERROR_SCENARIO_CANCELLED_AS_PLANNEDFailure
                  17006ERROR_SCENARIO_CANCELLED
-
                  Blocked update by running apps
                  		Failure
                  17007ERROR_REMOVE_INSTALLATION_NEEDED
-
                  The client is requesting client clean up in a "Remove Installation" scenario
                  		Failure
                  17100ERROR_HANDLING_COMMAND_LINE
-
                  C2RClient command line error 
                  		Failure
                  0x80004005E_FAIL 
-
                  ODT cannot be used to install Volume license
                  		Failure
                  0x8000ffff E_UNEXPECTED
-
                  Tried to uninstall when there is no C2R Office on the machine.
                  		Failure
                  
\ No newline at end of file
+|Status|Description|Comment|
+|--- |--- |--- |
+|0|Installation succeeded|OK|
+|997|Installation in progress||
+|13|ERROR_INVALID_DATA 
                  Cannot verify signature of the downloaded Office Deployment Tool (ODT)|Failure|
+|1460|ERROR_TIMEOUT 
                  Failed to download ODT|Failure|
+|1602|ERROR_INSTALL_USEREXIT 
                  User canceled the installation|Failure|
+|1603|ERROR_INSTALL_FAILURE
                  Failed any pre-req check.
                • SxS (Tried to install when 2016 MSI is installed)
                • Bit mismatch between the currently installed Office and the Office that was attempting to be installed (such as when you try to install a 32-bit version while 64-bit version is currently installed.)|Failure|
+|17000|ERROR_PROCESSPOOL_INITIALIZATION 
                  Failed to start C2RClient|Failure|
+|17001|ERROR_QUEUE_SCENARIO 
                  Failed to queue installation scenario in C2RClient|Failure|
+|17002|ERROR_COMPLETING_SCENARIO 
                  Failed to complete the process. Possible reasons:
                • Installation canceled by user
                • Installation canceled by another installation
                • Out of disk space during installation 
                • Unknown language ID|Failure|
+|17003|ERROR_ANOTHER_RUNNING_SCENARIO 
                  Another scenario is running|Failure|
+|17004|ERROR_COMPLETING_SCENARIO_NEED_CLEAN_UP
                  Possible reasons:
                • Unknown SKUs
                • Content does't exist on CDN
                  • Such as trying to install an unsupported LAP, like zh-sg
                  • CDN issue that content is not available
                • Signature check issue, such as failed the signature check for Office content
                • User canceled|Failure|
+|17005|ERROR_SCENARIO_CANCELLED_AS_PLANNED|Failure|
+|17006|ERROR_SCENARIO_CANCELLED
                  Blocked update by running apps|Failure|
+|17007|ERROR_REMOVE_INSTALLATION_NEEDED
                  The client is requesting client clean-up in a "Remove Installation" scenario|Failure|
+|17100|ERROR_HANDLING_COMMAND_LINE
                  C2RClient command-line error|Failure|
+|0x80004005|E_FAIL 
                  ODT cannot be used to install Volume license|Failure|
+|0x8000ffff|E_UNEXPECTED
                  Tried to uninstall when there is no C2R Office on the machine.|Failure|
diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md
index 88e2b4dee5..dedda7070e 100644
--- a/windows/client-management/mdm/office-ddf.md
+++ b/windows/client-management/mdm/office-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/15/2018
 ---
 
diff --git a/windows/client-management/mdm/oma-dm-protocol-support.md b/windows/client-management/mdm/oma-dm-protocol-support.md
index 40757af748..04d615adff 100644
--- a/windows/client-management/mdm/oma-dm-protocol-support.md
+++ b/windows/client-management/mdm/oma-dm-protocol-support.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -17,131 +17,21 @@ ms.date: 06/26/2017
 
 The OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload. This topic describes the OMA DM functionality that the DM client supports in general. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://www.openmobilealliance.org/release/DM/V1_2-20070209-A/OMA-TS-DM_Protocol-V1_2-20070209-A.pdf).
 
-
-## In this topic
-
--   [OMA DM standards](#oma-dm-standards)
-
--   [OMA DM protocol common elements](#protocol-common-elements)
-
--   [Device management session](#device-management-session)
-
--   [User targeted vs. Device targeted configuration](#user-targeted-vs-device-targeted-configuration)
-
--   [SyncML response codes](#syncml-response-codes)
-
-
 ## OMA DM standards
 
 The following table shows the OMA DM standards that Windows uses.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  General areaOMA DM standard that is supported
                  Data transport and session
                    
-
                  • Client-initiated remote HTTPS DM session over SSL.
                    • 
-
                  • Remote HTTPS DM session over SSL.
                    • 
-
                  • Remote DM server initiation notification using WAP Push over Short Message Service (SMS). Not used by enterprise management.
                    • 
-
                  • Remote bootstrap by using WAP Push over SMS. Not used by enterprise management.
                    • 
-
                  Bootstrap XML
                    
-
                  • OMA Client Provisioning XML.
                    • 
-
                  DM protocol commands
                  The following list shows the commands that are used by the device. For further information about the OMA DM command elements, see "SyncML Representation Protocol Device Management Usage (OMA-SyncML-DMRepPro-V1_1_2-20030613-A)" available from the OMA website.
                  
-
                    
-
                  • Add (Implicit Add supported)
                    • 
-
                  • Alert (DM alert): Generic alert (1226) is used by enterprise management client when the user triggers an MDM unenrollment action from the device or when a CSP finishes some asynchronous actions. Device alert (1224) is used to notify the server some device triggered event.
                    • 
-
                  • Atomic: Note that performing an Add command followed by Replace on the same node within an atomic element is not supported. Nested Atomic and Get commands are not allowed and will generate error code 500.
                    • 
-
                  • Delete: Removes a node from the DM tree, and the entire subtree beneath that node if one exists
                    • 
-
                  • Exec: Invokes an executable on the client device
                    • 
-
                  • Get: Retrieves data from the client device; for interior nodes, the child node names in the Data element are returned in URI-encoded format
                    • 
-
                  • Replace: Overwrites data on the client device
                    • 
-
                  • Result: Returns the data results of a Get command to the DM server
                    • 
-
                  • Sequence: Specifies the order in which a group of commands must be processed
                    • 
-
                  • Status: Indicates the completion status (success or failure) of an operation
                    • 
-
                  
-
                  If an XML element that is not a valid OMA DM command is under one of the following elements, the status code 400 is returned for that element:
                  
-
                    
-
                  • SyncBody
                    • 
-
                  • Atomic
                    • 
-
                  • Sequence
                    • 
-
                  
-
                  If no CmdID is provided in the DM command, the client returns blank in the status element and the status code 400.
                  
-
                  If Atomic elements are nested, the following status codes are returned:
                  
-
                    
-
                  • The nested Atomic command returns 500.
                    • 
-
                  • The parent Atomic command returns 507.
                    • 
-
                  
-
                  For more information about the Atomic command, see OMA DM protocol common elements.
                  
-
                  Performing an Add command followed by Replace on the same node within an Atomic element is not supported.
                  
-
                  LocURI cannot start with "/".
                  
-
                  Meta XML tag in SyncHdr is ignored by the device.
                  OMA DM standard objects
                    
-
                  • DevInfo
                    • 
-
                  • DevDetail
                    • 
-
                  • OMA DM DMS account objects (OMA DM version 1.2)
                    • 
-
                  Security
                    
-
                  • Authenticate DM server initiation notification SMS message (not used by enterprise management)
                    • 
-
                  • Application layer Basic and MD5 client authentication
                    • 
-
                  • Authenticate server with MD5 credential at application level
                    • 
-
                  • Data integrity and authentication with HMAC at application level
                    • 
-
                  • SSL level certificate based client/server authentication, encryption, and data integrity check
                    • 
-
                  Nodes
                  In the OMA DM tree, the following rules apply for the node name:
                  
-
                    
-
                  • "." can be part of the node name.
                    • 
-
                  • The node name cannot be empty.
                    • 
-
                  • The node name cannot be only the asterisk (*) character.
                    • 
-
                  Provisioning Files
                  Provisioning XML must be well formed and follow the definition in SyncML Representation Protocol specification.
                  
-
                  If an XML element that is not a valid OMA DM command is under SyncBody, the status code 400 is returned for that element.
                  
-
                  
-Note
                  To represent a Unicode string as a URI, first encode the string as UTF-8. Then encode each of the UTF-8 bytes using URI encoding.
                  
-
                  
-
                  
-
-
                  WBXML support
                  Windows supports sending and receiving SyncML in both XML format and encoded WBXML format. This is configurable by using the DEFAULTENCODING node under the w7 APPLICATION characteristic during enrollment. For more information about WBXML encoding, see section 8 of the SyncML Representation Protocol specification.
                  Handling of large objects
                  In Windows 10, version 1511, client support for uploading large objects to the server was added.
                  
+|General area|OMA DM standard that is supported|
+|--- |--- |
+|Data transport and session|
                • Client-initiated remote HTTPS DM session over SSL.
                • Remote HTTPS DM session over SSL.
                • Remote DM server initiation notification using WAP Push over Short Message Service (SMS). Not used by enterprise management.
                • Remote bootstrap by using WAP Push over SMS. Not used by enterprise management.|
+|Bootstrap XML|OMA Client Provisioning XML.|
+|DM protocol commands|The following list shows the commands that are used by the device. For more information about the OMA DM command elements, see "[OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/)" available from the OMA website.
                • Add (Implicit Add supported)
                • Alert (DM alert): Generic alert (1226) is used by enterprise management client when the user triggers an MDM unenrollment action from the device or when a CSP finishes some asynchronous actions. Device alert (1224) is used to notify the server some device triggered event.
                • Atomic: Performing an Add command followed by Replace on the same node within an atomic element isn't supported. Nested Atomic and Get commands aren't allowed and will generate error code 500.
                • Delete: Removes a node from the DM tree, and the entire subtree beneath that node if one exists
                • Exec: Invokes an executable on the client device
                • Get: Retrieves data from the client device; for interior nodes, the child node names in the Data element are returned in URI-encoded format
                • Replace: Overwrites data on the client device
                • Result: Returns the data results of a Get command to the DM server
                • Sequence: Specifies the order in which a group of commands must be processed
                • Status: Indicates the completion status (success or failure) of an operation

                  If an XML element that isn't a valid OMA DM command is under one of the following elements, the status code 400 is returned for that element:
                • SyncBody
                • Atomic
                • Sequence

                  If no CmdID is provided in the DM command, the client returns blank in the status element and the status code 400.

                  If Atomic elements are nested, the following status codes are returned:
                • The nested Atomic command returns 500.
                • The parent Atomic command returns 507.

                  For more information about the Atomic command, see OMA DM protocol common elements.
                  Performing an Add command followed by Replace on the same node within an Atomic element isn't supported.

                  LocURI can't start with `/`.

                  Meta XML tag in SyncHdr is ignored by the device.|
+|OMA DM standard objects|DevInfo
                • DevDetail
                • OMA DM DMS account objects (OMA DM version 1.2)|
+|Security|
                • Authenticate DM server initiation notification SMS message (not used by enterprise management)
                • Application layer Basic and MD5 client authentication
                • Authenticate server with MD5 credential at application level
                • Data integrity and authentication with HMAC at application level
                • SSL level certificate-based client/server authentication, encryption, and data integrity check|
+|Nodes|In the OMA DM tree, the following rules apply for the node name:
                • "." can be part of the node name.
                • The node name can't be empty.
                • The node name can't be only the asterisk (`*`) character.|
+|Provisioning Files|Provisioning XML must be well formed and follow the definition in [SyncML Representation Protocol](https://www.openmobilealliance.org/release/Common/V1_2_2-20090724-A/OMA-TS-SyncML-RepPro-V1_2_2-20090724-A.pdf).

                  If an XML element that isn't a valid OMA DM command is under SyncBody, the status code 400 is returned for that element.
                  **Note**
                  To represent a Unicode string as a URI, first encode the string as UTF-8. Then encode each of the UTF-8 bytes using URI encoding.
                  |
+|WBXML support|Windows supports sending and receiving SyncML in both XML format and encoded WBXML format. This dual-format support is configurable by using the DEFAULTENCODING node under the w7 APPLICATION characteristic during enrollment. For more information about WBXML encoding, see section 8 of the [SyncML Representation Protocol](https://www.openmobilealliance.org/release/Common/V1_2_2-20090724-A/OMA-TS-SyncML-RepPro-V1_2_2-20090724-A.pdf) specification.|
+|Handling of large objects|In Windows 10, version 1511, client support for uploading large objects to the server was added.|
 
 
 
@@ -149,164 +39,60 @@ The following table shows the OMA DM standards that Windows uses.
 
 Common elements are used by other OMA DM element types. The following table lists the OMA DM common elements used to configure the devices. For more information about OMA DM common elements, see "SyncML Representation Protocol Device Management Usage" (OMA-SyncML-DMRepPro-V1_1_2-20030613-A) available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/).
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  ElementDescription
                  Chal
                  Specifies an authentication challenge. The server or client can send a challenge to the other if no credentials or inadequate credentials were given in the original request message.
                  Cmd
                  Specifies the name of an OMA DM command referenced in a Status element.
                  CmdID
                  Specifies the unique identifier for an OMA DM command.
                  CmdRef
                  Specifies the ID of the command for which status or results information is being returned. This element takes the value of the CmdID element of the corresponding request message.
                  Cred
                  Specifies the authentication credential for the originator of the message.
                  Final
                  Indicates that the current message is the last message in the package.
                  LocName
                  Specifies the display name in the Target and Source elements, used for sending a user ID for MD5 authentication.
                  LocURI
                  Specifies the address of the target or source location. If the address contains a non-alphanumeric character, it must be properly escaped according to the URL encoding standard.
                  MsgID
                  Specifies a unique identifier for an OMA DM session message.
                  MsgRef
                  Specifies the ID of the corresponding request message. This element takes the value of the request message MsgID element.
                  RespURI
                  Specifies the URI that the recipient must use when sending a response to this message.
                  SessionID
                  Specifies the identifier of the OMA DM session associated with the containing message.
                  
-
                  
-Note  If the server does not notify the device that it supports a new version (through SyncApplicationVersion node in the DMClient CSP), the desktop client returns the SessionID in integer in decimal format and the mobile device client returns 2 bytes as a string. If the server supports DM session sync version 2.0, which is used in Windows 10, the desktop and mobile device client returns 2 bytes.
-
                  
-
                  
-
-
                  Source
                  Specifies the message source address.
                  SourceRef
                  Specifies the source of the corresponding request message. This element takes the value of the request message Source element and is returned in the Status or Results element.
                  Target
                  Specifies the address of the node, in the DM Tree, that is the target of the OMA DM command.
                  TargetRef
                  Specifies the target address in the corresponding request message. This element takes the value of the request message Target element and is returned in the Status or Results element.
                  VerDTD
                  Specifies the major and minor version identifier of the OMA DM representation protocol specification used to represent the message.
                  VerProto
                  Specifies the major and minor version identifier of the OMA DM protocol specification used with the message.
                  
-
+|Element|Description|
+|--- |--- |
+|Chal|Specifies an authentication challenge. The server or client can send a challenge to the other if no credentials or inadequate credentials were given in the original request message.|
+|Cmd|Specifies the name of an OMA DM command referenced in a Status element.|
+|CmdID|Specifies the unique identifier for an OMA DM command.|
+|CmdRef|Specifies the ID of the command for which status or results information is being returned. This element takes the value of the CmdID element of the corresponding request message.|
+|Cred|Specifies the authentication credential for the originator of the message.|
+|Final|Indicates that the current message is the last message in the package.|
+|LocName|Specifies the display name in the Target and Source elements, used for sending a user ID for MD5 authentication.|
+|LocURI|Specifies the address of the target or source location. If the address contains a non-alphanumeric character, it must be properly escaped according to the URL encoding standard.|
+|MsgID|Specifies a unique identifier for an OMA DM session message.|
+|MsgRef|Specifies the ID of the corresponding request message. This element takes the value of the request message MsgID element.|
+|RespURI|Specifies the URI that the recipient must use when sending a response to this message.|
+|SessionID|Specifies the identifier of the OMA DM session associated with the containing message.
                  **Note**
                    If the server doesn't notify the device that it supports a new version (through SyncApplicationVersion node in the DMClient CSP), the client returns the SessionID in integer in decimal format. If the server supports DM session sync version 2.0, which is used in Windows 10, the device client returns 2 bytes.
                  |
+|Source|Specifies the message source address.|
+|SourceRef|Specifies the source of the corresponding request message. This element takes the value of the request message Source element and is returned in the Status or Results element.|
+|Target|Specifies the address of the node, in the DM Tree, that is the target of the OMA DM command.|
+|TargetRef|Specifies the target address in the corresponding request message. This element takes the value of the request message Target element and is returned in the Status or Results element.|
+|VerDTD|Specifies the major and minor version identifier of the OMA DM representation protocol specification used to represent the message.|
+|VerProto|Specifies the major and minor version identifier of the OMA DM protocol specification used with the message.|
 
 ## Device management session
 
 A Device Management (DM) session consists of a series of commands exchanged between a DM server and a client device. The server sends commands indicating operations that must be performed on the client device's management tree. The client responds by sending commands that contain the results and any requested status information.
 
-A short DM session can be summarized as the following:
+A short DM session can be summarized as:
 
 A server sends a Get command to a client device to retrieve the contents of one of the nodes of the management tree. The device performs the operation and responds with a Result command that contains the requested contents.
 
 A DM session can be divided into two phases:
 1.  **Setup phase**: In response to a trigger event, a client device sends an initiating message to a DM server. The device and server exchange needed authentication and device information. This phase is represented by steps 1, 2, and 3 in the following table.
-2.  **Management phase**: The DM server is in control. It sends management commands to the device and the device responds. Phase two ends when the DM server stops sending commands and terminates the session. This phase is represented by steps 3, 4, and 5 in the following table.
+2.  **Management phase**: The DM server is in control. It sends management commands to the device and the device responds. Phase 2 ends when the DM server stops sending commands and terminates the session. This phase is represented by steps 3, 4, and 5 in the following table.
 
-The following table shows the sequence of events during a typical DM session.
+The following information shows the sequence of events during a typical DM session.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  StepActionDescription
                  1
                  DM client is invoked to call back to the management server
                  
-
                  Enterprise scenario – The device task schedule invokes the DM client.
                  The MO server sends a server trigger message to invoke the DM client.
                  
-
                  The trigger message includes the server ID and tells the client device to initiate a session with the server. The client device authenticates the trigger message and verifies that the server is authorized to communicate with it.
                  
-
                  Enterprise scenario - At the scheduled time, the DM client is invoked periodically to call back to the enterprise management server over HTTPS.
                  2
                  The device sends a message, over an IP connection, to initiate the session.
                  This message includes device information and credentials. The client and server do mutual authentication over an SSL channel or at the DM application level.
                  3
                  The DM server responds, over an IP connection (HTTPS).
                  The server sends initial device management commands, if any.
                  4
                  The device responds to server management commands.
                  This message includes the results of performing the specified device management operations.
                  5
                  The DM server terminates the session or sends another command.
                  The DM session ends, or Step 4 is repeated.
                  
+1. DM client is invoked to call back to the management server

                  Enterprise scenario – The device task schedule invokes the DM client.
 
+    The MO server sends a server trigger message to invoke the DM client.
 
+    The trigger message includes the server ID and tells the client device to initiate a session with the server. The client device authenticates the trigger message and verifies that the server is authorized to communicate with it.

                  Enterprise scenario - At the scheduled time, the DM client is invoked periodically to call back to the enterprise management server over HTTPS.
 
-The step numbers in the table do not represent message identification numbers (MsgID). All messages from the server must have a MsgID that is unique within the session, starting at 1 for the first message, and increasing by an increment of 1 for each additional message. For more information about MsgID and OMA SyncML protocol, see "OMA Device Management Representation Protocol" (DM_RepPro-V1_2-20070209-A) available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_2-20070209-A/).
+2. The device sends a message, over an IP connection, to initiate the session.
 
-During OMA DM application level mutual authentication, if the device response code to Cred element in the server request is 212, no further authentication is needed for the remainder of the DM session. In the case of the MD5 authentication, the Chal element can be returned. Then the next nonce in Chal must be used for the MD5 digest when the next DM session is started.
+    This message includes device information and credentials. The client and server do mutual authentication over an SSL channel or at the DM application level.
+
+3. The DM server responds, over an IP connection (HTTPS). The server sends initial device management commands, if any.
+
+4. The device responds to server management commands. This message includes the results of performing the specified device management operations.
+
+5. The DM server terminates the session or sends another command. The DM session ends, or Step 4 is repeated.
+
+The step numbers don't represent message identification numbers (MsgID). All messages from the server must have a MsgID that is unique within the session, starting at 1 for the first message, and increasing by an increment of 1 for each extra message. For more information about MsgID and OMA SyncML protocol, see [OMA Device Management Representation Protocol (DM_RepPro-V1_2-20070209-A)](https://www.openmobilealliance.org/release/DM/V1_2-20070209-A/).
+
+During OMA DM application level mutual authentication, if the device response code to Cred element in the server request is 212, no further authentication is needed for the remainder of the DM session. If the MD5 authentication occurs, the Chal element can be returned. Then the next nonce in Chal must be used for the MD5 digest when the next DM session is started.
 
 If a request includes credentials and the response code to the request is 200, the same credential must be sent within the next request. If the Chal element is included and the MD5 authentication is required, a new digest is created by using the next nonce via the Chal element for next request.
 
@@ -315,73 +101,63 @@ For more information about Basic or MD5 client authentication, MD5 server authen
 
 ## User targeted vs. Device targeted configuration
 
-For CSPs and policies that support per user configuration, the MDM server can send user targeted setting values to the device that a MDM-enrolled user is actively logged into. The device notifies the server of the login status via a device alert (1224) with Alert type = in DM pkg\#1.
+For CSPs and policies that support per user configuration, the MDM server can send user targeted setting values to the device that a MDM-enrolled user is actively logged into. The device notifies the server of the sign-in status via a device alert (1224) with Alert type = in DM pkg\#1.
 
 The data part of this alert could be one of following strings:
 
--   user – the user that enrolled the device is actively logged in. The MDM server could send user specific configuration for CSPs/policies that support per user configuration
--   others – another user login but that user does not have an MDM account. The server can only apply device wide configuration, e.g. configuration applies to all users in the device.
--   none – no active user login. The server can only apply device wide configuration and available configuration is restricted to the device environment (no active user login).
+- User: the user that enrolled the device is actively logged in. The MDM server could send user-specific configuration for CSPs/policies that support per user configuration
+- Others: another user sign in but that user doesn't have an MDM account. The server can only apply device-wide configuration, for example, configuration applies to all users in the device.
+- None: no active user sign in. The server can only apply device-wide configuration and available configuration is restricted to the device environment (no active user sign in).
 
 Below is an alert example:
 
-```
+```xml
 
-        1
-        1224
-        
-            
-                com.microsoft/MDM/LoginStatus
-                chr
-            
-            user
-        
-    
+    1
+    1224
+    
+        
+            com.microsoft/MDM/LoginStatus
+            chr
+        
+        user
+    
+
 ```
 
-The server notifies the device whether it is a user targeted or device targeted configuration by a prefix to the management node’s LocURL, with ./user for user targeted configuration, or ./device for device targeted configuration. By default, if no prefix with ./device or ./user, it is device targeted configuration.
+The server notifies the device whether it's a user-targeted or device-targeted configuration by a prefix to the management node's LocURL, with `./user` for user-targeted configuration, or `./device` for device-targeted configuration. By default, if no prefix with `./device` or `./user`, it's a device-targeted configuration.
 
-The following LocURL shows a per user CSP node configuration: **./user/vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/<PackageFamilyName>/StoreInstall**
+The following LocURL shows a per user CSP node configuration: `./user/vendor/MSFT/EnterpriseModernAppManagement/AppInstallation//StoreInstall`
 
-The following LocURL shows a per device CSP node configuration: **./device/vendor/MSFT/RemoteWipe/DoWipe**
+The following LocURL shows a per device CSP node configuration: `./device/vendor/MSFT/RemoteWipe/DoWipe`
 
 
 
 ## SyncML response status codes
 
-When using SyncML in OMA DM, there are standard response status codes that are returned. The following table lists the common SyncML response status codes you are likely to see. For more information about SyncML response status codes, see section 10 of the [SyncML Representation Protocol](https://openmobilealliance.org/release/Common/V1_2_2-20090724-A/OMA-TS-SyncML-RepPro-V1_2_2-20090724-A.pdf) specification.
-
-| Status code | Description                                                                                                                                                                                                                       |
-|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 200         | The SyncML command completed successfully.                                                                                                                                                                                        |
-| 202         | Accepted for processing. This is usually an asynchronous operation, such as a request to run a remote execution of an application.                                                                                                |
-| 212         | Authentication accepted. Normally you'll only see this in response to the SyncHdr element (used for authentication in the OMA-DM standard). You may see this if you look at OMA DM logs, but CSPs do not typically generate this. |
-| 214         | Operation cancelled. The SyncML command completed successfully, but no more commands will be processed within the session.                                                                                                        |
-| 215         | Not executed. A command was not executed as a result of user interaction to cancel the command.                                                                                                                                   |
-| 216         | `Atomic` roll back OK. A command was inside an `Atomic` element and `Atomic` failed. This command was rolled back successfully.                                                                                                   |
-| 400         | Bad request. The requested command could not be performed because of malformed syntax. CSPs do not usually generate this error, however you might see it if your SyncML is malformed.                                             |
-| 401         | Invalid credentials. The requested command failed because the requestor must provide proper authentication. CSPs do not usually generate this error.                                                                              |
-| 403         | Forbidden. The requested command failed, but the recipient understood the requested command.                                                                                                                                      |
-| 404         | Not found. The requested target was not found. This code will be generated if you query a node that does not exist.                                                                                                               |
-| 405         | Command not allowed. This respond code will be generated if you try to write to a read-only node.                                                                                                                                 |
-| 406         | Optional feature not supported. This response code will be generated if you try to access a property that the CSP doesn't support.                                                                                                |
-| 415         | Unsupported type or format. This response code can result from XML parsing or formatting errors.                                                                                                                                  |
-| 418         | Already exists. This response code occurs if you attempt to add a node that already exists.                                                                                                                                       |
-| 425         | Permission Denied. The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient. "Access denied" errors usually get translated to this response code.                 |
-| 500         | Command failed. Generic failure. The recipient encountered an unexpected condition which prevented it from fulfilling the request. This response code will occur when the SyncML DPU cannot map the originating error code.       |
-| 507         | `Atomic` failed. One of the operations in an `Atomic` block failed.                                                                                                                                                               |
-| 516         | `Atomic` roll back failed. An `Atomic` operation failed and the command was not rolled back successfully.                                                                                                                         |
-
+When using SyncML in OMA DM, there are standard response status codes that are returned. The following table lists the common SyncML response status codes you're likely to see. For more information about SyncML response status codes, see section 10 of the [SyncML Representation Protocol](https://openmobilealliance.org/release/Common/V1_2_2-20090724-A/OMA-TS-SyncML-RepPro-V1_2_2-20090724-A.pdf) specification.
 
+| Status code | Description |
+|---|----|
+| 200         | The SyncML command completed successfully.  |
+| 202         | Accepted for processing. This code denotes an asynchronous operation, such as a request to run a remote execution of an application.  |
+| 212         | Authentication accepted. Normally you'll only see this code in response to the SyncHdr element (used for authentication in the OMA-DM standard). You may see this code if you look at OMA DM logs, but CSPs don't typically generate this code. |
+| 214         | Operation canceled. The SyncML command completed successfully, but no more commands will be processed within the session. |
+| 215         | Not executed. A command wasn't executed as a result of user interaction to cancel the command.  |
+| 216         | `Atomic` roll back OK. A command was inside an `Atomic` element and `Atomic` failed. This command was rolled back successfully.  |
+| 400         | Bad request. The requested command couldn't be performed because of malformed syntax. CSPs don't usually generate this error, however you might see it if your SyncML is malformed.  |
+| 401         | Invalid credentials. The requested command failed because the requestor must provide proper authentication. CSPs don't usually generate this error.  |
+| 403         | Forbidden. The requested command failed, but the recipient understood the requested command.  |
+| 404         | Not found. The requested target wasn't found. This code will be generated if you query a node that doesn't exist.   |
+| 405         | Command not allowed. This respond code will be generated if you try to write to a read-only node.  |
+| 406         | Optional feature not supported. This response code will be generated if you try to access a property that the CSP doesn't support.  |
+| 415         | Unsupported type or format. This response code can result from XML parsing or formatting errors.  |
+| 418         | Already exists. This response code occurs if you attempt to add a node that already exists.  |
+| 425         | Permission Denied. The requested command failed because the sender doesn't have adequate access control permissions (ACL) on the recipient. "Access denied" errors usually get translated to this response code.  |
+| 500         | Command failed. Generic failure. The recipient encountered an unexpected condition, which prevented it from fulfilling the request. This response code will occur when the SyncML DPU can't map the originating error code.       |
+| 507         | `Atomic` failed. One of the operations in an `Atomic` block failed.  |
+| 516         | `Atomic` roll back failed. An `Atomic` operation failed and the command wasn't rolled back successfully.  |
 
 ## Related topics
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md
index 2ff94e841f..97f5528a43 100644
--- a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index c73d5fdc8d..21cc92b117 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -8,34 +8,87 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 07/19/2019
 ---
 
 # PassportForWork CSP
 
-The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work). It allows you to login to Windows using your Active Directory or Azure Active Directory account and replace passwords, smartcards, and virtual smart cards.
+The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work). It allows you to sign in to Windows using your Active Directory or Azure Active Directory account and replace passwords, smartcards, and virtual smart cards.
 
 > [!IMPORTANT]
 > Starting with Windows 10, version 1607 all devices only have one PIN associated with Windows Hello for Business. This means that any PIN on a device will be subject to the policies specified in the PassportForWork CSP. The values specified take precedence over any complexity rules set via Exchange ActiveSync (EAS) or the DeviceLock CSP.
  
 ### User configuration diagram
 
-The following diagram shows the PassportForWork configuration service provider in tree format.
+The following example shows the PassportForWork configuration service provider in tree format.
 
-![passportforwork csp](images/provisioning-csp-passportforwork.png)
+```console
+./User/Vendor/MSFT
+PassportForWork
+-------TenantId
+----------Policies
+-------------UsePassportForWork
+-------------RequireSecurityDevice
+-------------EnablePinRecovery
+-------------PINComplexity
+----------------MinimumPINLength
+----------------MaximumPINLength
+----------------UppercaseLetters
+----------------LowercaseLetters
+----------------SpecialCharecters
+----------------Digits
+----------------History
+----------------Expiration
+```
 
 ### Device configuration diagram
 
-The following diagram shows the PassportForWork configuration service provider in tree format.
+The following example shows the PassportForWork configuration service provider in tree format.
 
-![passportforwork diagram](images/provisioning-csp-passportforwork2.png)
+```console
+./Device/Vendor/MSFT
+PassportForWork
+-------TenantId
+----------Policies
+-------------UsePassportForWork
+-------------RequireSecurityDevice
+-------------ExcludeSecurityDevices
+----------------TPM12
+-------------EnablePinRecovery
+-------------UserCertificateForOnPremAuth
+-------------PINComplexity
+----------------MinimumPINLength
+----------------MaximumPINLength
+----------------UppercaseLetters
+----------------LowercaseLetters
+----------------SpecialCharacters
+----------------Digits
+----------------History
+----------------Expiration
+-------------Remote
+----------------UseRemotePassport
+-------------UseHelloCertificatesAsSmartCardCertificates
+-------UseBiometrics
+-------Biometrics
+----------UseBiometrics
+----------FacialFeatureUse
+-------DeviceUnlock
+----------GroupA
+----------GroupB
+----------Plugins
+-------DynamicLock
+----------DynamicLock
+----------Plugins
+-------SecurityKey
+----------UseSecurityKeyForSignin
+```
 
 **PassportForWork**  
 Root node for PassportForWork configuration service provider.
 
 ***TenantId***  
-A globally unique identifier (GUID), without curly braces ( { , } ), that is used as part of Windows Hello for Business provisioning and management. To get a GUID, use the PowerShell cmdlet [Get-AzureAccount](/powershell/module/servicemanagement/azure/get-azureaccount). For more information see [Get Windows Azure Active Directory Tenant ID in Windows PowerShell](https://devblogs.microsoft.com/scripting/get-windows-azure-active-directory-tenant-id-in-windows-powershell).
+A globally unique identifier (GUID), without curly braces (`{`, `}`), that's used as part of Windows Hello for Business provisioning and management. To get a GUID, use the PowerShell cmdlet [Get-AzureAccount](/powershell/module/servicemanagement/azure.service/get-azureaccount). For more information, see [Get Windows Azure Active Directory Tenant ID in Windows PowerShell](https://devblogs.microsoft.com/scripting/get-windows-azure-active-directory-tenant-id-in-windows-powershell).
 
 ***TenantId*/Policies**  
 Node for defining the Windows Hello for Business policy settings.
@@ -43,14 +96,14 @@ Node for defining the Windows Hello for Business policy settings.
 ***TenantId*/Policies/UsePassportForWork**  
 Boolean value that sets Windows Hello for Business as a method for signing into Windows.
 
-Default value is true. If you set this policy to false, the user cannot provision Windows Hello for Business except on Azure Active Directory joined mobile phones where provisioning is required.
+Default value is true. If you set this policy to false, the user can't provision Windows Hello for Business.
 
 Supported operations are Add, Get, Delete, and Replace.
 
 ***TenantId*/Policies/RequireSecurityDevice**  
-Boolean value that requires a Trusted Platform Module (TPM) for Windows Hello for Business. TPM provides an additional security benefit over software so that data stored in it cannot be used on other devices.
+Boolean value that requires a Trusted Platform Module (TPM) for Windows Hello for Business. TPM provides an extra security benefit over software so that data stored in it can't be used on other devices.
 
-Default value is false. If you set this policy to true, only devices with a usable TPM can provision Windows Hello for Business. If you set this policy to false, all devices can provision Windows Hello for Business using software even if there is not a usable TPM. If you do not configure this setting, all devices can provision Windows Hello for Business using software if the TPM is non-functional or unavailable.
+Default value is false. If you set this policy to true, only devices with a usable TPM can provision Windows Hello for Business. If you set this policy to false, all devices can provision Windows Hello for Business using software even if there isn't a usable TPM. If you don't configure this setting, all devices can provision Windows Hello for Business using software if the TPM is non-functional or unavailable.
 
 Supported operations are Add, Get, Delete, and Replace.
 
@@ -63,7 +116,7 @@ Added in Windows 10, version 1703. Some Trusted Platform Modules (TPMs) are comp
 
 Default value is false. If you enable this policy setting, TPM revision 1.2 modules will be disallowed from being used with Windows Hello for Business.
 
-If you disable or do not configure this policy setting, TPM revision 1.2 modules will be allowed to be used with Windows Hello for Business.
+If you disable or don't configure this policy setting, TPM revision 1.2 modules will be used with Windows Hello for Business.
 
 Supported operations are Add, Get, Delete, and Replace.
 
@@ -73,7 +126,7 @@ This cloud service encrypts a recovery secret, which is stored locally on the cl
 
 Default value is false. If you enable this policy setting, the PIN recovery secret will be stored on the device and the user can change their PIN if needed.
 
-If you disable or do not configure this policy setting, the PIN recovery secret will not be created or stored. If the user's PIN is forgotten, the only way to get a new PIN is by deleting the existing PIN and creating a new one, which will require the user to re-register with any services the old PIN provided access to.
+If you disable or don't configure this policy setting, the PIN recovery secret won't be created or stored. If the user's PIN is forgotten, the only way to get a new PIN is by deleting the existing PIN and creating a new one, which will require the user to re-register with any services the old PIN provided access to.
 
 Supported operations are Add, Get, Delete, and Replace.
 
@@ -82,7 +135,7 @@ Boolean value that enables Windows Hello for Business to use certificates to aut
 
 If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN.
 
-If you disable or do not configure this policy setting, the PIN will be provisioned when the user logs in, without waiting for a certificate payload.
+If you disable or don't configure this policy setting, the PIN will be provisioned when the user logs in, without waiting for a certificate payload.
 
 Supported operations are Add, Get, Delete, and Replace.
 
@@ -92,7 +145,7 @@ Node for defining PIN settings.
 ***TenantId*/Policies/PINComplexity/MinimumPINLength**  
 Integer value that sets the minimum number of characters required for the PIN. Default value is 4. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest.
 
-If you configure this policy setting, the PIN length must be greater than or equal to this number. If you disable or do not configure this policy setting, the PIN length must be greater than or equal to 4.
+If you configure this policy setting, the PIN length must be greater than or equal to this number. If you disable or don't configure this policy setting, the PIN length must be greater than or equal to 4.
 
 > [!NOTE]
 > If the conditions specified above for the minimum PIN length are not met, default values will be used for both the maximum and minimum PIN lengths.
@@ -103,7 +156,7 @@ Value type is int. Supported operations are Add, Get, Delete, and Replace.
 ***TenantId*/Policies/PINComplexity/MaximumPINLength**  
 Integer value that sets the maximum number of characters allowed for the PIN. Default value is 127. The largest number you can configure for this policy setting is 127. The lowest number you can configure must be larger than the number configured in the Minimum PIN length policy setting or the number 4, whichever is greater.
 
-If you configure this policy setting, the PIN length must be less than or equal to this number. If you disable or do not configure this policy setting, the PIN length must be less than or equal to 127.
+If you configure this policy setting, the PIN length must be less than or equal to this number. If you disable or don't configure this policy setting, the PIN length must be less than or equal to 127.
 
 > [!NOTE]
 > If the conditions specified above for the maximum PIN length are not met, default values will be used for both the maximum and minimum PIN lengths.
@@ -117,10 +170,10 @@ Integer value that configures the use of uppercase letters in the Windows Hello
 Valid values:
 
 -   0 - Allows the use of uppercase letters in PIN.
--   1 - Requires the use of at least one uppercase letters in PIN.
--   2 - Does not allow the use of uppercase letters in PIN.
+-   1 - Requires the use of at least one uppercase letter in PIN.
+-   2 - Doesn't allow the use of uppercase letters in PIN.
 
-Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply.
+Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets aren't allowed. If all character sets are allowed but none's explicitly required, then the default PIN complexity behavior will apply.
 
 Supported operations are Add, Get, Delete, and Replace.
 
@@ -130,10 +183,10 @@ Integer value that configures the use of lowercase letters in the Windows Hello
 Valid values:
 
 -   0 - Allows the use of lowercase letters in PIN.
--   1 - Requires the use of at least one lowercase letters in PIN.
--   2 - Does not allow the use of lowercase letters in PIN.
+-   1 - Requires the use of at least one lowercase letter in PIN.
+-   2 - Doesn't allow the use of lowercase letters in PIN.
 
-Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply.
+Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets aren't allowed. If all character sets are allowed but none's explicitly required, then the default PIN complexity behavior will apply.
 
 Supported operations are Add, Get, Delete, and Replace.
 
@@ -144,9 +197,9 @@ Valid values:
 
 -   0 - Allows the use of special characters in PIN.
 -   1 - Requires the use of at least one special character in PIN.
--   2 - Does not allow the use of special characters in PIN.
+-   2 - Doesn't allow the use of special characters in PIN.
 
-Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply.
+Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets aren't allowed. If all character sets are allowed but none's explicitly required, then the default PIN complexity behavior will apply.
 
 Supported operations are Add, Get, Delete, and Replace.
 
@@ -157,16 +210,16 @@ Valid values:
 
 -   0 - Allows the use of digits in PIN.
 -   1 - Requires the use of at least one digit in PIN.
--   2 - Does not allow the use of digits in PIN.
+-   2 - Doesn't allow the use of digits in PIN.
 
-Default value is 1. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply.
+Default value is 1. Default PIN complexity behavior is that digits are required and all other character sets aren't allowed. If all character sets are allowed but none's explicitly required, then the default PIN complexity behavior will apply.
 
 Supported operations are Add, Get, Delete, and Replace.
 
 ***TenantId*/Policies/PINComplexity/History**  
-Integer value that specifies the number of past PINs that can be associated to a user account that can’t be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs is not required. This node was added in Windows 10, version 1511.
+Integer value that specifies the number of past PINs that can be associated to a user account that can’t be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs isn't required. This node was added in Windows 10, version 1511.
 
-The current PIN of the user is included in the set of PINs associated with the user account. PIN history is not preserved through a PIN reset.
+The current PIN of the user is included in the set of PINs associated with the user account. PIN history isn't preserved through a PIN reset.
 
 Default value is 0.
 
@@ -195,7 +248,7 @@ Supported operations are Add, Get, Delete, and Replace.
 ***TenantId*/Policies/UseHelloCertificatesAsSmartCardCertificates** (only for ./Device/Vendor/MSFT)  
 Added in Windows 10, version 1809. If you enable this policy setting, applications use Windows Hello for Business certificates as smart card certificates. Biometric factors are unavailable when a user is asked to authorize the use of the certificate's private key. This policy setting is designed to allow compatibility with applications that rely exclusively on smart card certificates.
 
-If you disable or do not configure this policy setting, applications do not use Windows Hello for Business certificates as smart card certificates, and biometric factors are available when a user is asked to authorize the use of the certificate's private key.
+If you disable or don't configure this policy setting, applications don't use Windows Hello for Business certificates as smart card certificates, and biometric factors are available when a user is asked to authorize the use of the certificate's private key.
 
 Windows requires a user to lock and unlock their session after changing this setting if the user is currently signed in.
 
@@ -209,7 +262,7 @@ Node for defining biometric settings. This node was added in Windows 10, versi
 *Not supported on Windows Holographic and Windows Holographic for Business.*
 
 **Biometrics/UseBiometrics** (only for ./Device/Vendor/MSFT)  
-Boolean value used to enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business. Users must still configure a PIN if they configure biometric gestures to use in case of failures. This node was added in Windows 10, version 1511.
+Boolean value used to enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business. Users must still configure a PIN if they configure biometric gestures to use if there are failures. This node was added in Windows 10, version 1511.
 
 Default value is true, enabling the biometric gestures for use with Windows Hello for Business. If you set this policy to false, biometric gestures are disabled for use with Windows Hello for Business.
 
@@ -224,9 +277,9 @@ Boolean value used to enable or disable enhanced anti-spoofing for facial featur
 
 Default value is false. If you set this policy to false or don't configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication.
 
-If you set this policy to true, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. Windows Hello face authentication is disabled on devices that do not support enhanced anti-spoofing.
+If you set this policy to true, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. Windows Hello face authentication is disabled on devices that don't support enhanced anti-spoofing.
 
-Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices.
+Enhanced anti-spoofing for Windows Hello face authentication isn't required on unmanaged devices.
 
 Supported operations are Add, Get, Delete, and Replace.
 
@@ -271,7 +324,7 @@ Scope is permanent. Supported operation is Get.
 
 
 **SecurityKey/UseSecurityKeyForSignin** (only for ./Device/Vendor/MSFT)  
-Added in Windows 10, version 1903. Enables users to sign-in to their device with a [FIDO2 security key](/azure/active-directory/authentication/concept-authentication-passwordless#fido2-security-keys) that is compatible with Microsoft’s implementation.
+Added in Windows 10, version 1903. Enables users to sign in to their device with a [FIDO2 security key](/azure/active-directory/authentication/concept-authentication-passwordless#fido2-security-keys) that is compatible with Microsoft’s implementation.
 
 Scope is dynamic. Supported operations are Add, Get, Replace, and Delete.
 
@@ -497,7 +550,3 @@ Here's an example for setting Windows Hello for Business and setting the PIN pol
           
         
 ```
-
- 
-
- 
\ No newline at end of file
diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md
index f5b345d7d6..c8bf22bdf1 100644
--- a/windows/client-management/mdm/passportforwork-ddf.md
+++ b/windows/client-management/mdm/passportforwork-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 07/29/2019
 ---
 
diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md
index bf3d84f0f4..ff76751aef 100644
--- a/windows/client-management/mdm/personalization-csp.md
+++ b/windows/client-management/mdm/personalization-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ms.reviewer: 
 manager: dansimp
@@ -20,7 +20,7 @@ This CSP was added in Windows 10, version 1703.
 > [!Note]
 > Personalization CSP is supported in Windows 10 Enterprise and Education SKUs. It works in Windows 10 Pro and Windows 10 Pro in S mode if SetEduPolicies in [SharedPC CSP](sharedpc-csp.md) is set.
 
-The following shows the Personalization configuration service provider in tree format.
+The following example shows the Personalization configuration service provider in tree format.
 ```
 ./Vendor/MSFT
 Personalization
@@ -30,14 +30,14 @@ Personalization
 ----LockScreenImageStatus
 ```
 **./Vendor/MSFT/Personalization**  
-
                  Defines the root node for the Personalization configuration service provider.
                  
+
                  Defines the root node for the Personalization configuration service provider.
                  
 
 **DesktopImageUrl**  
-
                  Specify a jpg, jpeg or png image to be used as Desktop Image. This setting can take a http or https Url to a remote image to be downloaded, a file Url to a local image.
                  
-
                  Value type is string. Supported operations are Add, Get, Delete, and Replace.
                  
+
                  Specify a jpg, jpeg or png image to be used as Desktop Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.
                  
+
                  Value type is string. Supported operations are Add, Get, Delete, and Replace.
                  
 
 **DesktopImageStatus**  
-
                  Represents the status of the desktop image. Valid values:
                  
+
                  Represents the status of the desktop image. Valid values:
                  
 
                    
 
                  • 1 - Successfully downloaded or copied.
                    • 
 
                  • 2 - Download or copy in progress.
                    • 
@@ -47,18 +47,18 @@ Personalization
 
                  • 6 - Max retry failed.
                    • 
 
                  • 7 - Blocked, SKU not allowed
                    • 
 
                  
-
                  Supporter operation is Get.
                  
+
                  Supporter operation is Get.
                  
 
 > [!Note]
 > This setting is only used to query status. To set the image, use the DesktopImageUrl setting.
 
 **LockScreenImageUrl**  
-
                  Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take a http or https Url to a remote image to be downloaded, a file Url to a local image.
                  
-
                  Value type is string. Supported operations are Add, Get, Delete, and Replace.
                  
+
                  Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.
                  
+
                  Value type is string. Supported operations are Add, Get, Delete, and Replace.
                  
 
 
 **LockScreenImageStatus**  
-
                  Represents the status of the lock screen image. Valid values:
                  
+
                  Represents the status of the lock screen image. Valid values:
                  
 
                    
 
                  • 1 - Successfully downloaded or copied.
                    • 
 
                  • 2 - Download or copy in progress.
                    • 
@@ -68,7 +68,7 @@ Personalization
 
                  • 6 - Max retry failed.
                    • 
 
                  • 7 - Blocked, SKU not allowed
                    • 
 
                  
-
                  Supporter operation is Get.
                  
+
                  Supporter operation is Get.
                  
 
 > [!Note]
 > This setting is only used to query status. To set the image, use the LockScreenImageUrl setting.
diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md
index 5a9ac5cc69..bc7605048f 100644
--- a/windows/client-management/mdm/personalization-ddf.md
+++ b/windows/client-management/mdm/personalization-ddf.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 6c81fd4df2..96ba99c053 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -1,13 +1,13 @@
 ---
 title: ADMX-backed policies in Policy CSP
-description: ADMX-backed policies in Policy CSP
+description: Learn about the ADMX-backed policies in Policy CSP.
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 10/08/2020
 ---
@@ -33,6 +33,10 @@ ms.date: 10/08/2020
 - [ADMX_AddRemovePrograms/NoServices](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noservices)
 - [ADMX_AddRemovePrograms/NoSupportInfo](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-nosupportinfo)
 - [ADMX_AddRemovePrograms/NoWindowsSetupPage](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-nowindowssetuppage)
+- [ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy](./policy-csp-admx-admpwd.md#admx-admpwd-pol_admpwd_dontallowpwdexpirationbehindpolicy)
+- [ADMX_AdmPwd/POL_AdmPwd_Enabled](./policy-csp-admx-admpwd.md#admx-admpwd-pol_admpwd_enabled)
+- [ADMX_AdmPwd/POL_AdmPwd_AdminName](./policy-csp-admx-admpwd.md#admx-admpwd-pol_admpwd_adminname)
+- [ADMX_AdmPwd/POL_AdmPwd](./policy-csp-admx-admpwd.md#admx-admpwd-pol_admpwd)
 - [ADMX_AppCompat/AppCompatPrevent16BitMach](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatprevent16bitmach)
 - [ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatremoveprogramcompatproppage)
 - [ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffapplicationimpacttelemetry)
@@ -121,6 +125,8 @@ ms.date: 10/08/2020
 - [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr)
 - [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff)
 - [ADMX_DataCollection/CommercialIdPolicy](./policy-csp-admx-datacollection.md#admx-datacollection-commercialidpolicy)
+- [ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList](./policy-csp-admx-dcom.md#admx-dcom-dcomactivationsecuritycheckallowlocallist)
+- [ADMX_DCOM/DCOMActivationSecurityCheckExemptionList](./policy-csp-admx-dcom.md#admx-dcom-dcomactivationsecuritycheckexemptionlist)
 - [ADMX_Desktop/AD_EnableFilter](./policy-csp-admx-desktop.md#admx-desktop-ad-enablefilter)
 - [ADMX_Desktop/AD_HideDirectoryFolder](./policy-csp-admx-desktop.md#admx-desktop-ad-hidedirectoryfolder)
 - [ADMX_Desktop/AD_QueryLimit](./policy-csp-admx-desktop.md#admx-desktop-ad-querylimit)
@@ -150,6 +156,8 @@ ms.date: 10/08/2020
 - [ADMX_Desktop/sz_DB_DragDropClose](./policy-csp-admx-desktop.md#admx-desktop-sz-db-dragdropclose)
 - [ADMX_Desktop/sz_DB_Moving](./policy-csp-admx-desktop.md#admx-desktop-sz-db-moving)
 - [ADMX_Desktop/sz_DWP_NoHTMLPaper](./policy-csp-admx-desktop.md#admx-desktop-sz-dwp-nohtmlpaper)
+- [ADMX_DeviceCompat/DeviceFlags](./policy-csp-admx-devicecompat.md#admx-devicecompat-deviceflags)
+- [ADMX_DeviceCompat/DriverShims](./policy-csp-admx-devicecompat.md#admx-devicecompat-drivershims)
 - [ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-allowadmininstall)
 - [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-detailtext)
 - [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-simpletext)
@@ -158,10 +166,20 @@ ms.date: 10/08/2020
 - [ADMX_DeviceInstallation/DeviceInstall_Removable_Deny](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-removable-deny)
 - [ADMX_DeviceInstallation/DeviceInstall_SystemRestore](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-systemrestore)
 - [ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-classes-allowuser)
+- [ADMX_DeviceGuard/ConfigCIPolicy](./policy-csp-admx-deviceguard.md#admx-deviceguard-configcipolicy)
 - [ADMX_DeviceSetup/DeviceInstall_BalloonTips](./policy-csp-admx-devicesetup.md#admx-devicesetup-deviceinstall-balloontips)
 - [ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces-searchorderconfiguration)
 - [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-1)
 - [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-2)
+- [ADMX_DiskNVCache/BootResumePolicy](./policy-csp-admx-disknvcache.md#admx-disknvcache-bootresumepolicy)
+- [ADMX_DiskNVCache/FeatureOffPolicy](./policy-csp-admx-disknvcache.md#admx-disknvcache-featureoffpolicy)
+- [ADMX_DiskNVCache/SolidStatePolicy](./policy-csp-admx-disknvcache.md#admx-disknvcache-solidstatepolicy)
+- [ADMX_DiskQuota/DQ_RemovableMedia](./policy-csp-admx-diskquota.md#admx-diskquota-dq_removablemedia)
+- [ADMX_DiskQuota/DQ_Enable](./policy-csp-admx-diskquota.md#admx-diskquota-dq_enable)
+- [ADMX_DiskQuota/DQ_Enforce](./policy-csp-admx-diskquota.md#admx-diskquota-dq_enforce)
+- [ADMX_DiskQuota/DQ_LogEventOverLimit](./policy-csp-admx-diskquota.md#admx-diskquota-dq_logeventoverlimit)
+- [ADMX_DiskQuota/DQ_LogEventOverThreshold](./policy-csp-admx-diskquota.md#admx-diskquota-dq_logeventoverthreshold)
+- [ADMX_DiskQuota/DQ_Limit](./policy-csp-admx-diskquota.md#admx-diskquota-dq_limit)
 - [ADMX_DistributedLinkTracking/DLT_AllowDomainMode](./policy-csp-admx-distributedlinktracking.md#admx-distributedlinktracking-dlt_allowdomainmode)
 - [ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-allowfqdnnetbiosqueries)
 - [ADMX_DnsClient/DNS_AppendToMultiLabelName](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-appendtomultilabelname)
@@ -185,6 +203,7 @@ ms.date: 10/08/2020
 - [ADMX_DnsClient/DNS_UpdateTopLevelDomainZones](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-updatetopleveldomainzones)
 - [ADMX_DnsClient/DNS_UseDomainNameDevolution](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-usedomainnamedevolution)
 - [ADMX_DnsClient/Turn_Off_Multicast](./policy-csp-admx-dnsclient.md#admx-dnsclient-turn-off-multicast)
+- [ADMX_DFS/DFSDiscoverDC](./policy-csp-admx-dfs.md#admx-dfs-dfsdiscoverdc)
 - [ADMX_DWM/DwmDefaultColorizationColor_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdefaultcolorizationcolor-1)
 - [ADMX_DWM/DwmDefaultColorizationColor_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdefaultcolorizationcolor-2)
 - [ADMX_DWM/DwmDisallowAnimations_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowanimations-1)
@@ -203,6 +222,7 @@ ms.date: 10/08/2020
 - [ADMX_EAIME/L_TurnOnLexiconUpdate](./policy-csp-admx-eaime.md#admx-eaime-l-turnonlexiconupdate)
 - [ADMX_EAIME/L_TurnOnLiveStickers](./policy-csp-admx-eaime.md#admx-eaime-l-turnonlivestickers)
 - [ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport](./policy-csp-admx-eaime.md#admx-eaime-l-turnonmisconversionloggingformisconversionreport)
+- [ADMX_EventLogging/EnableProtectedEventLogging](./policy-csp-admx-eventlogging.md#admx-eventlogging-enableprotectedeventlogging)
 - [ADMX_EncryptFilesonMove/NoEncryptOnMove](./policy-csp-admx-encryptfilesonmove.md#admx-encryptfilesonmove-noencryptonmove)
 - [ADMX_EnhancedStorage/ApprovedEnStorDevices](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-approvedenstordevices)
 - [ADMX_EnhancedStorage/ApprovedSilos](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-approvedsilos)
@@ -262,22 +282,29 @@ ms.date: 10/08/2020
 - [ADMX_EventLog/Channel_Log_Retention_2](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-2)
 - [ADMX_EventLog/Channel_Log_Retention_3](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-3)
 - [ADMX_EventLog/Channel_Log_Retention_4](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-4)
+- [ADMX_EventViewer/EventViewer_RedirectionProgram](./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogram)
+- [ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters](./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters)
+- [ADMX_EventViewer/EventViewer_RedirectionURL](./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionurl)
 - [ADMX_Explorer/AdminInfoUrl](./policy-csp-admx-explorer.md#admx-explorer-admininfourl)
 - [ADMX_Explorer/AlwaysShowClassicMenu](./policy-csp-admx-explorer.md#admx-explorer-alwaysshowclassicmenu)
 - [ADMX_Explorer/DisableRoamedProfileInit](./policy-csp-admx-explorer.md#admx-explorer-disableroamedprofileinit)
 - [ADMX_Explorer/PreventItemCreationInUsersFilesFolder](./policy-csp-admx-explorer.md#admx-explorer-preventitemcreationinusersfilesfolder)
 - [ADMX_Explorer/TurnOffSPIAnimations](./policy-csp-admx-explorer.md#admx-explorer-turnoffspianimations)
+- [ADMX_ExternalBoot/PortableOperatingSystem_Hibernate](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_hibernate)
+- [ADMX_ExternalBoot/PortableOperatingSystem_Sleep](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_sleep)
+- [ADMX_ExternalBoot/PortableOperatingSystem_Launcher](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_launcher)
 - [ADMX_FileRecovery/WdiScenarioExecutionPolicy](./policy-csp-admx-filerecovery.md#admx-filerecovery-wdiscenarioexecutionpolicy)
 - [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol)
 - [ADMX_FileSys/DisableCompression](./policy-csp-admx-filesys.md#admx-filesys-disablecompression)
 - [ADMX_FileSys/DisableDeleteNotification](./policy-csp-admx-filesys.md#admx-filesys-disabledeletenotification)
-- ADMX_FileSys/DisableEncryption](./policy-csp-admx-filesys.md#admx-filesys-disableencryption)
+- [ADMX_FileSys/DisableEncryption](./policy-csp-admx-filesys.md#admx-filesys-disableencryption)
 - [ADMX_FileSys/EnablePagefileEncryption](./policy-csp-admx-filesys.md#admx-filesys-enablepagefileencryption)
 - [ADMX_FileSys/LongPathsEnabled](./policy-csp-admx-filesys.md#admx-filesys-longpathsenabled)
 - [ADMX_FileSys/ShortNameCreationSettings](./policy-csp-admx-filesys.md#admx-filesys-shortnamecreationsettings)
 - [ADMX_FileSys/SymlinkEvaluation](./policy-csp-admx-filesys.md#admx-filesys-symlinkevaluation)
 - [ADMX_FileSys/TxfDeprecatedFunctionality](./policy-csp-admx-filesys.md#admx-filesys-txfdeprecatedfunctionality)
 - [ADMX_FileRecovery/WdiScenarioExecutionPolicy](./policy-csp-admx-filerecovery.md#admx-filerecovery-wdiscenarioexecutionpolicy)
+- [ADMX_FileRevocation/DelegatedPackageFamilyNames](./policy-csp-admx-filerevocation.md#admx-filerevocation-delegatedpackagefamilynames)
 - [ADMX_FolderRedirection/DisableFRAdminPin](./policy-csp-admx-folderredirection.md#admx-folderredirection-disablefradminpin)
 - [ADMX_FolderRedirection/DisableFRAdminPinByFolder](./policy-csp-admx-folderredirection.md#admx-folderredirection-disablefradminpinbyfolder)
 - [ADMX_FolderRedirection/FolderRedirectionEnableCacheRename](./policy-csp-admx-folderredirection.md#admx-folderredirection-folderredirectionenablecacherename)
@@ -285,6 +312,9 @@ ms.date: 10/08/2020
 - [ADMX_FolderRedirection/LocalizeXPRelativePaths_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-localizexprelativepaths-2)
 - [ADMX_FolderRedirection/PrimaryComputer_FR_1](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-1)
 - [ADMX_FolderRedirection/PrimaryComputer_FR_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-2)
+- [ADMX_FramePanes/NoReadingPane](./policy-csp-admx-framepanes.md#admx-framepanes-noreadingpane)
+- [ADMX_FramePanes/NoPreviewPane](./policy-csp-admx-framepanes.md#admx-framepanes-nopreviewpane)
+- [ADMX_FTHSVC/WdiScenarioExecutionPolicy](./policy-csp-admx-fthsvc.md#admx-fthsvc-wdiscenarioexecutionpolicy)
 - [ADMX_Globalization/BlockUserInputMethodsForSignIn](./policy-csp-admx-globalization.md#admx-globalization-blockuserinputmethodsforsignin)
 - [ADMX_Globalization/CustomLocalesNoSelect_1](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-1)
 - [ADMX_Globalization/CustomLocalesNoSelect_2](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-2)
@@ -386,6 +416,10 @@ ms.date: 10/08/2020
 - [ADMX_ICM/ShellRemovePublishToWeb_2](./policy-csp-admx-icm.md#admx-icm-shellremovepublishtoweb-2)
 - [ADMX_ICM/WinMSG_NoInstrumentation_1](./policy-csp-admx-icm.md#admx-icm-winmsg_noinstrumentation-1)
 - [ADMX_ICM/WinMSG_NoInstrumentation_2](./policy-csp-admx-icm.md#admx-icm-winmsg_noinstrumentation-2)
+- [ADMX_IIS/PreventIISInstall](./policy-csp-admx-iis.md#admx-iis-preventiisinstall)
+- [ADMX_iSCSI/iSCSIGeneral_RestrictAdditionalLogins](./policy-csp-admx-iscsi.md#admx-iscsi-iscsigeneral_restrictadditionallogins)
+- [ADMX_iSCSI/iSCSIGeneral_ChangeIQNName](./policy-csp-admx-iscsi.md#admx-iscsi-iscsigeneral_changeiqnname)
+- [ADMX_iSCSI/iSCSISecurity_ChangeCHAPSecret](./policy-csp-admx-iscsi.md#admx-iscsi-iscsisecurity_changechapsecret)
 - [ADMX_kdc/CbacAndArmor](./policy-csp-admx-kdc.md#admx-kdc-cbacandarmor)
 - [ADMX_kdc/ForestSearch](./policy-csp-admx-kdc.md#admx-kdc-forestsearch)
 - [ADMX_kdc/PKINITFreshness](./policy-csp-admx-kdc.md#admx-kdc-pkinitfreshness)
@@ -407,8 +441,10 @@ ms.date: 10/08/2020
 - [ADMX_LanmanWorkstation/Pol_CipherSuiteOrder](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-ciphersuiteorder)
 - [ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-enablehandlecachingforcafiles)
 - [ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-enableofflinefilesforcashares)
+- [ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy](./policy-csp-admx-leakdiagnostic.md#admx-leakdiagnostic-wdiscenarioexecutionpolicy)
 - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablelltdio)
 - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablerspndr)
+- [ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1](./policy-csp-admx-locationprovideradm.md#admx-locationprovideradm-disablewindowslocationprovider_1)
 - [ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin](./policy-csp-admx-logon.md#admx-logon-blockuserfromshowingaccountdetailsonsignin)
 - [ADMX_Logon/DisableAcrylicBackgroundOnLogon](./policy-csp-admx-logon.md#admx-logon-disableacrylicbackgroundonlogon)
 - [ADMX_Logon/DisableExplorerRunLegacy_1](./policy-csp-admx-logon.md#admx-logon-disableexplorerrunlegacy-1)
@@ -626,6 +662,10 @@ ms.date: 10/08/2020
 - [ADMX_MMCSnapins/MMC_WiredNetworkPolicy](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirednetworkpolicy)
 - [ADMX_MMCSnapins/MMC_WirelessMon](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessmon)
 - [ADMX_MMCSnapins/MMC_WirelessNetworkPolicy](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessnetworkpolicy)
+- [ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1](./policy-csp-admx-mobilepcmobilitycenter.md#admx-mobilepcmobilitycenter-mobilitycenterenable_1)
+- [ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2](./policy-csp-admx-mobilepcmobilitycenter.md#admx-mobilepcmobilitycenter-mobilitycenterenable_2)
+- [ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1](./policy-csp-admx-mobilepcpresentationsettings.md#admx-mobilepcpresentationsettings-presentationsettingsenable_1)
+- [ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2](./policy-csp-admx-mobilepcpresentationsettings.md#admx-mobilepcpresentationsettings-presentationsettingsenable_2)
 - [ADMX_MSAPolicy/IncludeMicrosoftAccount_DisableUserAuthCmdLine](./policy-csp-admx-msapolicy.md#admx-msapolicy-microsoftaccount-disableuserauth)
 - [ADMX_msched/ActivationBoundaryPolicy](./policy-csp-admx-msched.md#admx-msched-activationboundarypolicy)
 - [ADMX_msched/RandomDelayPolicy](./policy-csp-admx-msched.md#admx-msched-randomdelaypolicy)
@@ -656,6 +696,7 @@ ms.date: 10/08/2020
 - [ADMX_MSI/SafeForScripting](./policy-csp-admx-msi.md#admx-msi-safeforscripting)
 - [ADMX_MSI/SearchOrder](./policy-csp-admx-msi.md#admx-msi-searchorder)
 - [ADMX_MSI/TransformsSecure](./policy-csp-admx-msi.md#admx-msi-transformssecure)
+- [ADMX_MsiFileRecovery/WdiScenarioExecutionPolicy](./policy-csp-admx-msifilerecovery.md#admx-msifilerecovery-wdiscenarioexecutionpolicy)
 - [ADMX_nca/CorporateResources](./policy-csp-admx-nca.md#admx-nca-corporateresources)
 - [ADMX_nca/CustomCommands](./policy-csp-admx-nca.md#admx-nca-customcommands)
 - [ADMX_nca/DTEs](./policy-csp-admx-nca.md#admx-nca-dtes)
@@ -779,6 +820,13 @@ ms.date: 10/08/2020
 - [ADMX_OfflineFiles/Pol_SyncOnCostedNetwork](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-synconcostednetwork)
 - [ADMX_OfflineFiles/Pol_WorkOfflineDisabled_1](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-workofflinedisabled-1)
 - [ADMX_OfflineFiles/Pol_WorkOfflineDisabled_2](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-workofflinedisabled-2)
+- [ADMX_pca/DetectDeprecatedCOMComponentFailuresPolicy](./policy-csp-admx-pca.md#admx-pca-detectdeprecatedcomcomponentfailurespolicy)
+- [ADMX_pca/DetectDeprecatedComponentFailuresPolicy](./policy-csp-admx-pca.md#admx-pca-detectdeprecatedcomponentfailurespolicy)
+- [ADMX_pca/DetectInstallFailuresPolicy](./policy-csp-admx-pca.md#admx-pca-detectinstallfailurespolicy)
+- [ADMX_pca/DetectUndetectedInstallersPolicy](./policy-csp-admx-pca.md#admx-pca-detectundetectedinstallerspolicy)
+- [ADMX_pca/DetectUpdateFailuresPolicy](./policy-csp-admx-pca.md#admx-pca-detectupdatefailurespolicy)
+- [ADMX_pca/DisablePcaUIPolicy](./policy-csp-admx-pca.md#admx-pca-disablepcauipolicy)
+- [ADMX_pca/DetectBlockedDriversPolicy](./policy-csp-admx-pca.md#admx-pca-detectblockeddriverspolicy)
 - [ADMX_PeerToPeerCaching/EnableWindowsBranchCache](./policy-csp-admx-peertopeercaching.md#admx-peertopeercaching-enablewindowsbranchcache)
 - [ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Distributed](./policy-csp-admx-peertopeercaching.md#admx-peertopeercaching-enablewindowsbranchcache-distributed)
 - [ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Hosted](./policy-csp-admx-peertopeercaching.md#admx-peertopeercaching-enablewindowsbranchcache-hosted)
@@ -788,6 +836,8 @@ ms.date: 10/08/2020
 - [ADMX_PeerToPeerCaching/SetCachePercent](./policy-csp-admx-peertopeercaching.md#admx-peertopeercaching-setcachepercent)
 - [ADMX_PeerToPeerCaching/SetDataCacheEntryMaxAge](./policy-csp-admx-peertopeercaching.md#admx-peertopeercaching-setdatacacheentrymaxage)
 - [ADMX_PeerToPeerCaching/SetDowngrading](./policy-csp-admx-peertopeercaching.md#admx-peertopeercaching-setdowngrading)
+- [ADMX_PenTraining/PenTrainingOff_1](./policy-csp-admx-pentraining.md#admx-pentraining-pentrainingoff_1)
+- [ADMX_PenTraining/PenTrainingOff_2](./policy-csp-admx-pentraining.md#admx-pentraining-pentrainingoff_2)
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_1](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-1)
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-2)
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-3)
@@ -821,6 +871,14 @@ ms.date: 10/08/2020
 - [ADMX_PowerShellExecutionPolicy/EnableScripts](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablescripts)
 - [ADMX_PowerShellExecutionPolicy/EnableTranscripting](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enabletranscripting)
 - [ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath)
+- [ADMX_PreviousVersions/DisableLocalPage_1](./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalpage_1)
+- [ADMX_PreviousVersions/DisableLocalPage_2](./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalpage_2)
+- [ADMX_PreviousVersions/DisableRemotePage_1](./policy-csp-admx-previousversions.md#admx-previousversions-disableremotepage_1)
+- [ADMX_PreviousVersions/DisableRemotePage_2](./policy-csp-admx-previousversions.md#admx-previousversions-disableremotepage_2)
+- [ADMX_PreviousVersions/HideBackupEntries_1](./policy-csp-admx-previousversions.md#admx-previousversions-hidebackupentries_1)
+- [ADMX_PreviousVersions/HideBackupEntries_2](./policy-csp-admx-previousversions.md#admx-previousversions-hidebackupentries_2)
+- [ADMX_PreviousVersions/DisableLocalRestore_1](./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalrestore_1)
+- [ADMX_PreviousVersions/DisableLocalRestore_2](./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalrestore_2)
 - [ADMX_Printing/AllowWebPrinting](./policy-csp-admx-printing.md#admx-printing-allowwebprinting)
 - [ADMX_Printing/ApplicationDriverIsolation](./policy-csp-admx-printing.md#admx-printing-applicationdriverisolation)
 - [ADMX_Printing/CustomizedSupportUrl](./policy-csp-admx-printing.md#admx-printing-customizedsupporturl)
@@ -921,12 +979,17 @@ ms.date: 10/08/2020
 - [ADMX_sdiageng/BetterWhenConnected](./policy-csp-admx-sdiageng.md#admx-sdiageng-betterwhenconnected)
 - [ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy](./policy-csp-admx-sdiageng.md#admx-sdiageng-scripteddiagnosticsexecutionpolicy)
 - [ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy](./policy-csp-admx-sdiageng.md#admx-sdiageng-scripteddiagnosticssecuritypolicy)
-- [ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain](/policy-csp-admx-securitycenter.md#admx-securitycenter-securitycenter-securitycenterindomain)
+- [ADMX_sdiagschd/ScheduledDiagnosticsExecutionPolicy](./policy-csp-admx-sdiagschd.md#admx-sdiagschd-scheduleddiagnosticsexecutionpolicy)
+- [ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain](./policy-csp-admx-securitycenter.md#admx-securitycenter-securitycenter-securitycenterindomain)
 - [ADMX_Sensors/DisableLocationScripting_1](./policy-csp-admx-sensors.md#admx-sensors-disablelocationscripting-1)
 - [ADMX_Sensors/DisableLocationScripting_2](./policy-csp-admx-sensors.md#admx-sensors-disablelocationscripting-2)
 - [ADMX_Sensors/DisableLocation_1](./policy-csp-admx-sensors.md#admx-sensors-disablelocation-1)
 - [ADMX_Sensors/DisableSensors_1](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-1)
 - [ADMX_Sensors/DisableSensors_2](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-2)
+- [ADMX_ServerManager/Do_not_display_Manage_Your_Server_page](./policy-csp-admx-servermanager.md#admx-servermanager-do_not_display_manage_your_server_page)
+- [ADMX_ServerManager/ServerManagerAutoRefreshRate](./policy-csp-admx-servermanager.md#admx-servermanager-servermanagerautorefreshrate)
+- [ADMX_ServerManager/DoNotLaunchInitialConfigurationTasks](./policy-csp-admx-servermanager.md#admx-servermanager-donotlaunchinitialconfigurationtasks)
+- [ADMX_ServerManager/DoNotLaunchServerManager](./policy-csp-admx-servermanager.md#admx-servermanager-donotlaunchservermanager)
 - [ADMX_Servicing/Servicing](./policy-csp-admx-servicing.md#admx-servicing-servicing)
 - [ADMX_SettingSync/DisableAppSyncSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disableappsyncsettingsync)
 - [ADMX_SettingSync/DisableApplicationSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disableapplicationsettingsync)
@@ -940,11 +1003,10 @@ ms.date: 10/08/2020
 - [ADMX_SharedFolders/PublishDfsRoots](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishdfsroots)
 - [ADMX_SharedFolders/PublishSharedFolders](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishsharedfolders)
 - [ADMX_Sharing/NoInplaceSharing](./policy-csp-admx-sharing.md#admx-sharing-noinplacesharing)
-- [ADMX_ShellCommandPromptRegEditTools/DisableCMD](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd)
-- [ADMX_ShellCommandPromptRegEditTools/DisableRegedit](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disableregedit)
 - [ADMX_ShellCommandPromptRegEditTools/DisallowApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disallowapps)
-- [ADMX_ShellCommandPromptRegEditTools/RestrictApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd)
-- [ADMX_SkyDrive/PreventNetworkTrafficPreUserSignIn](./policy-csp-admx-skydrive.md#admx-skydrive-preventnetworktrafficpreusersignin)
+- [ADMX_ShellCommandPromptRegEditTools/DisableRegedit](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disableregedit)
+- [ADMX_ShellCommandPromptRegEditTools/DisableCMD](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd)
+- [ADMX_ShellCommandPromptRegEditTools/RestrictApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-restrictapps)
 - [ADMX_Smartcard/AllowCertificatesWithNoEKU](./policy-csp-admx-smartcard.md#admx-smartcard-allowcertificateswithnoeku)
 - [ADMX_Smartcard/AllowIntegratedUnblock](./policy-csp-admx-smartcard.md#admx-smartcard-allowintegratedunblock)
 - [ADMX_Smartcard/AllowSignatureOnlyKeys](./policy-csp-admx-smartcard.md#admx-smartcard-allowsignatureonlykeys)
@@ -1032,6 +1094,8 @@ ms.date: 10/08/2020
 - [ADMX_StartMenu/StartMenuLogOff](./policy-csp-admx-startmenu.md#admx-startmenu-startmenulogoff)
 - [ADMX_StartMenu/StartPinAppsWhenInstalled](./policy-csp-admx-startmenu.md#admx-startmenu-startpinappswheninstalled)
 - [ADMX_SystemRestore/SR_DisableConfig](./policy-csp-admx-systemrestore.md#admx-systemrestore-sr-disableconfig)
+- [ADMX_TabletShell/DisableInkball_1](./policy-csp-admx-tabletshell.md#admx-tabletshell-disableinkball_1)
+- [ADMX_TabletShell/DisableNoteWriterPrinting_1](./policy-csp-admx-tabletshell.md#admx-tabletshell-disablenotewriterprinting_1)
 - [ADMX_Taskbar/DisableNotificationCenter](./policy-csp-admx-taskbar.md#admx-taskbar-disablenotificationcenter)
 - [ADMX_Taskbar/EnableLegacyBalloonNotifications](./policy-csp-admx-taskbar.md#admx-taskbar-enablelegacyballoonnotifications)
 - [ADMX_Taskbar/HideSCAHealth](./policy-csp-admx-taskbar.md#admx-taskbar-hidescahealth)
@@ -1067,9 +1131,103 @@ ms.date: 10/08/2020
 - [ADMX_tcpip/Teredo_Server_Name](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-server-name)
 - [ADMX_tcpip/Teredo_State](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-state)
 - [ADMX_tcpip/Windows_Scaling_Heuristics_State](./policy-csp-admx-tcpip.md#admx-tcpip-windows-scaling-heuristics-state)
+- [ADMX_TerminalServer/TS_AUTO_RECONNECT](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_auto_reconnect)
+- [ADMX_TerminalServer/TS_CAMERA_REDIRECTION](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_camera_redirection)
+- [ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_certificate_template_policy)
+- [ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_allow_signed_files_1)
+- [ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_allow_signed_files_2)
+- [ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_allow_unsigned_files_1)
+- [ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_allow_unsigned_files_2)
+- [ADMX_TerminalServer/TS_CLIENT_AUDIO](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_audio)
+- [ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_audio_capture)
+- [ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_audio_quality)
+- [ADMX_TerminalServer/TS_CLIENT_CLIPBOARD](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_clipboard)
+- [ADMX_TerminalServer/TS_CLIENT_COM](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_com)
+- [ADMX_TerminalServer/TS_CLIENT_DEFAULT_M](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_default_m)
+- [ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_disable_hardware_mode)
+- [ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_disable_password_saving_1)
+- [ADMX_TerminalServer/TS_CLIENT_LPT](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_lpt)
+- [ADMX_TerminalServer/TS_CLIENT_PNP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_pnp)
+- [ADMX_TerminalServer/TS_CLIENT_PRINTER](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_printer)
+- [ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_trusted_certificate_thumbprints_1)
+- [ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_trusted_certificate_thumbprints_2)
+- [ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_turn_off_udp)
+- [ADMX_TerminalServer/TS_COLORDEPTH](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_colordepth)
+- [ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_delete_roaming_user_profiles)
+- [ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_disable_remote_desktop_wallpaper)
+- [ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_dx_use_full_hwgpu)
+- [ADMX_TerminalServer/TS_EASY_PRINT](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_easy_print)
+- [ADMX_TerminalServer/TS_EASY_PRINT_User](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_easy_print_user)
+- [ADMX_TerminalServer/TS_EnableVirtualGraphics](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_enablevirtualgraphics)
+- [ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_fallbackprintdrivertype)
+- [ADMX_TerminalServer/TS_FORCIBLE_LOGOFF](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_forcible_logoff)
+- [ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_gateway_policy_enable)
+- [ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_gateway_policy_auth_method)
+- [ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_gateway_policy_server)
+- [ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_join_session_directory)
+- [ADMX_TerminalServer/TS_KEEP_ALIVE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_keep_alive)
+- [ADMX_TerminalServer/TS_LICENSE_SECGROUP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_license_secgroup)
+- [ADMX_TerminalServer/TS_LICENSE_SERVERS](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_license_servers)
+- [ADMX_TerminalServer/TS_LICENSE_TOOLTIP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_license_tooltip)
+- [ADMX_TerminalServer/TS_LICENSING_MODE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_licensing_mode)
+- [ADMX_TerminalServer/TS_MAX_CON_POLICY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_max_con_policy)
+- [ADMX_TerminalServer/TS_MAXDISPLAYRES](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_maxdisplayres)
+- [ADMX_TerminalServer/TS_MAXMONITOR](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_maxmonitor)
+- [ADMX_TerminalServer/TS_NoDisconnectMenu](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_nodisconnectmenu)
+- [ADMX_TerminalServer/TS_NoSecurityMenu](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_nosecuritymenu)
+- [ADMX_TerminalServer/TS_PreventLicenseUpgrade](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_preventlicenseupgrade)
+- [ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_promt_creds_client_comp)
+- [ADMX_TerminalServer/TS_RADC_DefaultConnection](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_radc_defaultconnection)
+- [ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_rdsappx_waitforregistration)
+- [ADMX_TerminalServer/TS_RemoteControl_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_remotecontrol_1)
+- [ADMX_TerminalServer/TS_RemoteControl_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_remotecontrol_2)
+- [ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_remotedesktopvirtualgraphics)
+- [ADMX_TerminalServer/TS_SD_ClustName](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sd_clustname)
+- [ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sd_expose_address)
+- [ADMX_TerminalServer/TS_SD_Loc](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sd_loc)
+- [ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_security_layer_policy)
+- [ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_select_network_detect)
+- [ADMX_TerminalServer/TS_SELECT_TRANSPORT](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_select_transport)
+- [ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_advanced_remotefx_remoteapp)
+- [ADMX_TerminalServer/TS_SERVER_AUTH](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_auth)
+- [ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_avc_hw_encode_preferred)
+- [ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_avc444_mode_preferred)
+- [ADMX_TerminalServer/TS_SERVER_COMPRESSOR](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_compressor)
+- [ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_image_quality)
+- [ADMX_TerminalServer/TS_SERVER_LEGACY_RFX](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_legacy_rfx)
+- [ADMX_TerminalServer/TS_SERVER_PROFILE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_profile)
+- [ADMX_TerminalServer/TS_SERVER_VISEXP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_visexp)
+- [ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_wddm_graphics_driver)
+- [ADMX_TerminalServer/TS_Session_End_On_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_session_end_on_limit_1)
+- [ADMX_TerminalServer/TS_Session_End_On_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_session_end_on_limit_2)
+- [ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_disconnected_timeout_1)
+- [ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_disconnected_timeout_2)
+- [ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_1)
+- [ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_2)
+- [ADMX_TerminalServer/TS_SESSIONS_Limits_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_limits_1)
+- [ADMX_TerminalServer/TS_SESSIONS_Limits_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_limits_2)
+- [ADMX_TerminalServer/TS_SINGLE_SESSION](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_single_session)
+- [ADMX_TerminalServer/TS_SMART_CARD](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_smart_card)
+- [ADMX_TerminalServer/TS_START_PROGRAM_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_start_program_1)
+- [ADMX_TerminalServer/TS_START_PROGRAM_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_start_program_2)
+- [ADMX_TerminalServer/TS_TEMP_DELETE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_temp_delete)
+- [ADMX_TerminalServer/TS_TEMP_PER_SESSION](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_temp_per_session)
+- [ADMX_TerminalServer/TS_TIME_ZONE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_time_zone)
+- [ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_tscc_permissions_policy)
+- [ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_turnoff_singleapp)
+- [ADMX_TerminalServer/TS_UIA](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_uia)
+- [ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_usb_redirection_disable)
+- [ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_user_authentication_policy)
+- [ADMX_TerminalServer/TS_USER_HOME](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_user_home)
+- [ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_user_mandatory_profiles)
+- [ADMX_TerminalServer/TS_USER_PROFILES](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_user_profiles)
 - [ADMX_Thumbnails/DisableThumbnails](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails)
 - [ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders)
 - [ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbsdbonnetworkfolders)
+- [ADMX_TouchInput/TouchInputOff_1](./policy-csp-admx-touchinput.md#admx-touchinput-touchinputoff_1)
+- [ADMX_TouchInput/TouchInputOff_2](./policy-csp-admx-touchinput.md#admx-touchinput-touchinputoff_2)
+- [ADMX_TouchInput/PanningEverywhereOff_1](./policy-csp-admx-touchinput.md#admx-touchinput-panningeverywhereoff_1)
+- [ADMX_TouchInput/PanningEverywhereOff_2](./policy-csp-admx-touchinput.md#admx-touchinput-panningeverywhereoff_2)
 - [ADMX_TPM/BlockedCommandsList_Name](./policy-csp-admx-tpm.md#admx-tpm-blockedcommandslist-name)
 - [ADMX_TPM/ClearTPMIfNotReady_Name](./policy-csp-admx-tpm.md#admx-tpm-cleartpmifnotready-name)
 - [ADMX_TPM/IgnoreDefaultList_Name](./policy-csp-admx-tpm.md#admx-tpm-ignoredefaultlist-name)
@@ -1221,9 +1379,10 @@ ms.date: 10/08/2020
 - [ADMX_WCM/WCM_DisablePowerManagement](./policy-csp-admx-wcm.md#admx-wcm-wcm-disablepowermanagement)
 - [ADMX_WCM/WCM_EnableSoftDisconnect](./policy-csp-admx-wcm.md#admx-wcm-wcm-enablesoftdisconnect)
 - [ADMX_WCM/WCM_MinimizeConnections](./policy-csp-admx-wcm.md#admx-wcm-wcm-minimizeconnections)
+- [ADMX_WDI/WdiDpsScenarioExecutionPolicy](./policy-csp-admx-wdi.md#admx-wdi-wdidpsscenarioexecutionpolicy)
+- [ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy](./policy-csp-admx-wdi.md#admx-wdi-wdidpsscenariodatasizelimitpolicy)
 - [ADMX_WinCal/TurnOffWinCal_1](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1)
 - [ADMX_WinCal/TurnOffWinCal_2](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2)
-- [ADMX_WindowsAnytimeUpgrade/Disabled](./policy-csp-admx-windowsanytimeupgrade.md#admx-windowsanytimeupgrade-disabled)
 - [ADMX_WindowsConnectNow/WCN_DisableWcnUi_1](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-1)
 - [ADMX_WindowsConnectNow/WCN_DisableWcnUi_2](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2)
 - [ADMX_WindowsConnectNow/WCN_EnableRegistrar](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar)
@@ -1298,10 +1457,6 @@ ms.date: 10/08/2020
 - [ADMX_WindowsExplorer/ShowSleepOption](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-showsleepoption)
 - [ADMX_WindowsExplorer/TryHarderPinnedLibrary](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedlibrary)
 - [ADMX_WindowsExplorer/TryHarderPinnedOpenSearch](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedopensearch)
--  [ADMX_WindowsFileProtection/WFPShowProgress](./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpshowprogress)
-- [ADMX_WindowsFileProtection/WFPQuota](./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpquota)
-- [ADMX_WindowsFileProtection/WFPScan](./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpscan)
-- [ADMX_WindowsFileProtection/WFPDllCacheDir](./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpdllcachedir)
 - [ADMX_WindowsMediaDRM/DisableOnline](./policy-csp-admx-windowsmediadrm.md#admx-windowsmediadrm-disableonline)
 - [ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurehttpproxysettings)
 - [ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configuremmsproxysettings)
@@ -1344,6 +1499,10 @@ ms.date: 10/08/2020
 - [ADMX_wlansvc/SetCost](./policy-csp-admx-wlansvc.md#admx-wlansvc-setcost)
 - [ADMX_wlansvc/SetPINEnforced](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinenforced)
 - [ADMX_wlansvc/SetPINPreferred](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinpreferred)
+- [ADMX_WordWheel/CustomSearch](./policy-csp-admx-wordwheel.md#admx-wordwheel-customsearch)
+- [ADMX_WorkFoldersClient/Pol_UserEnableTokenBroker](./policy-csp-admx-workfoldersclient.md#admx-workfoldersclient-pol_userenabletokenbroker)
+- [ADMX_WorkFoldersClient/Pol_UserEnableWorkFolders](./policy-csp-admx-workfoldersclient.md#admx-workfoldersclient-pol_userenableworkfolders)
+- [ADMX_WorkFoldersClient/Pol_MachineEnableWorkFolders](./policy-csp-admx-workfoldersclient.md#admx-workfoldersclient-pol_machineenableworkfolders)
 - [ADMX_WPN/NoCallsDuringQuietHours](./policy-csp-admx-wpn.md#admx-wpn-nocallsduringquiethours)
 - [ADMX_WPN/NoLockScreenToastNotification](./policy-csp-admx-wpn.md#admx-wpn-nolockscreentoastnotification)
 - [ADMX_WPN/NoQuietHours](./policy-csp-admx-wpn.md#admx-wpn-noquiethours)
@@ -1747,4 +1906,4 @@ ms.date: 10/08/2020
 
 ## Related topics
 
-[Policy CSP](policy-configuration-service-provider.md)
\ No newline at end of file
+[Policy CSP](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index d7d340e2b5..fe99b88a1c 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -1,13 +1,13 @@
 ---
 title: Policies in Policy CSP supported by Group Policy
-description: Policies in Policy CSP supported by Group Policy
+description: Learn about the policies in Policy CSP supported by Group Policy.
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
index 0c6853e5dd..58fffbd813 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
@@ -1,18 +1,18 @@
 ---
 title: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
-description: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
+description: Learn the policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite.
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/17/2019
 ---
 
-# Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
+# Policies in Policy CSP supported by HoloLens (first gen) Commercial Suite
 
 > [!div class="op_single_selector"]
 >
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
index 564838b14a..7d67b45cd3 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
@@ -1,18 +1,18 @@
 ---
 title: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
-description: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
+description: Learn about the policies in Policy CSP supported by HoloLens (1st gen) Development Edition.
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
+# Policies in Policy CSP supported by HoloLens (first gen) Development Edition
 
 > [!div class="op_single_selector"]
 >
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 507b737aa0..142d9058c1 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -1,15 +1,15 @@
 ---
 title: Policies in Policy CSP supported by HoloLens 2
-description: Policies in Policy CSP supported by HoloLens 2
+description: Learn about the policies in Policy CSP supported by HoloLens 2.
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
-ms.date: 10/08/2020
+ms.date: 03/01/2022
 ---
 
 # Policies in Policy CSP supported by HoloLens 2
@@ -51,6 +51,7 @@ ms.date: 10/08/2020
 - [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
 - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
 - [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) 9
+- [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) 10
 - [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) 9
 - [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) 9
 - [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) 9
@@ -101,7 +102,13 @@ ms.date: 10/08/2020
 - [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) 9
 - [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
 - [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
+- [Update/AutoRestartNotificationSchedule](policy-csp-update.md#update-autorestartnotificationschedule) 10
+- [Update/AutoRestartRequiredNotificationDismissal](policy-csp-update.md#update-autorestartrequirednotificationdismissal) 10
 - [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel)
+- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) 10
+- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) 10
+- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) 10
+- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) 10
 - [Update/DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#update-deferfeatureupdatesperiodindays)
 - [Update/DeferQualityUpdatesPeriodInDays](policy-csp-update.md#update-deferqualityupdatesperiodindays)
 - [Update/ManagePreviewBuilds](policy-csp-update.md#update-managepreviewbuilds)
@@ -109,8 +116,10 @@ ms.date: 10/08/2020
 - [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates)
 - [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
 - [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
+- [Update/ScheduleImminentRestartWarning](policy-csp-update.md#update-scheduleimminentrestartwarning) 10
+- [Update/ScheduleRestartWarning](policy-csp-update.md#update-schedulerestartwarning) 10
 - [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess)
-- [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
+- [Update/UpdateNotificationLevel](policy-csp-update.md#update-updatenotificationlevel) 10
 - [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
 - [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) 8
 
@@ -125,7 +134,8 @@ Footnotes:
 - 7 - Available in Windows 10, version 1909.
 - 8 - Available in Windows 10, version 2004.
 - 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes#windows-holographic-version-20h2)
+- 10 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)
 
 ## Related topics
 
-[Policy CSP](policy-configuration-service-provider.md)
\ No newline at end of file
+[Policy CSP](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
index bc1fef5bcc..0c5f378ed9 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
@@ -1,13 +1,13 @@
 ---
 title: Policies in Policy CSP supported by Windows 10 IoT Core
-description: Policies in Policy CSP supported by Windows 10 IoT Core
+description: Learn about the policies in Policy CSP supported by Windows 10 IoT Core.
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/16/2019
 ---
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
index 763534dad3..5ab411d317 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
@@ -1,13 +1,13 @@
 ---
 title: Policies in Policy CSP supported by Microsoft Surface Hub
-description: Policies in Policy CSP supported by Microsoft Surface Hub
+description: Learn about the policies in Policy CSP supported by Microsoft Surface Hub.
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 07/22/2020
 ---
@@ -29,7 +29,6 @@ ms.date: 07/22/2020
 - [Defender/AllowFullScanOnMappedNetworkDrives](policy-csp-defender.md#defender-allowfullscanonmappednetworkdrives)
 - [Defender/AllowFullScanRemovableDriveScanning](policy-csp-defender.md#defender-allowfullscanremovabledrivescanning)
 - [Defender/AllowIOAVProtection](policy-csp-defender.md#defender-allowioavprotection)
-- [Defender/AllowIntrusionPreventionSystem](policy-csp-defender.md#defender-allowintrusionpreventionsystem)
 - [Defender/AllowOnAccessProtection](policy-csp-defender.md#defender-allowonaccessprotection)
 - [Defender/AllowRealtimeMonitoring](policy-csp-defender.md#defender-allowrealtimemonitoring)
 - [Defender/AllowScanningNetworkFiles](policy-csp-defender.md#defender-allowscanningnetworkfiles)
@@ -65,7 +64,10 @@ ms.date: 07/22/2020
 - [DeliveryOptimization/DOMonthlyUploadDataCap](policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
 - [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth)
 - [Desktop/PreventUserRedirectionOfProfileFolders](policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
-- [RestrictedGroups/ConfigureGroupMembership](policy-csp-restrictedgroups.md)
+- [RestrictedGroups/ConfigureGroupMembership](policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership)
+- [System/AllowLocation](policy-csp-system.md#system-allowlocation)
+- [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard)
+- [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry)
 - [TextInput/AllowIMELogging](policy-csp-textinput.md#textinput-allowimelogging)
 - [TextInput/AllowIMENetworkAccess](policy-csp-textinput.md#textinput-allowimenetworkaccess)
 - [TextInput/AllowInputPanel](policy-csp-textinput.md#textinput-allowinputpanel)
@@ -77,11 +79,12 @@ ms.date: 07/22/2020
 - [TextInput/ExcludeJapaneseIMEExceptJIS0208](policy-csp-textinput.md#textinput-excludejapaneseimeexceptjis0208)
 - [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](policy-csp-textinput.md#textinput-excludejapaneseimeexceptjis0208andeudc)
 - [TextInput/ExcludeJapaneseIMEExceptShiftJIS](policy-csp-textinput.md#textinput-excludejapaneseimeexceptshiftjis)
+- [TimeLanguageSettings/ConfigureTimeZone](policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone)
 - [Wifi/AllowInternetSharing](policy-csp-wifi.md#wifi-allowinternetsharing)
 - [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
 - [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi)
-- [WiFi/AllowWiFiHotSpotReporting](policy-csp-wifi.md#wifi-allowwifihotspotreporting)
-- [WiFi/WLANScanMode](policy-csp-wifi.md#wifi-wlanscanmode)
+- [Wifi/AllowWiFiHotSpotReporting](policy-csp-wifi.md#wifi-allowwifihotspotreporting)
+- [Wifi/WLANScanMode](policy-csp-wifi.md#wifi-wlanscanmode)
 - [Wifi/AllowWiFiDirect](policy-csp-wifi.md#wifi-allowwifidirect)
 - [WirelessDisplay/AllowMdnsAdvertisement](policy-csp-wirelessdisplay.md#wirelessdisplay-allowmdnsadvertisement)
 - [WirelessDisplay/AllowMdnsDiscovery](policy-csp-wirelessdisplay.md#wirelessdisplay-allowmdnsdiscovery)
@@ -95,4 +98,4 @@ ms.date: 07/22/2020
 
 ## Related topics
 
-[Policy CSP](policy-configuration-service-provider.md)
\ No newline at end of file
+[Policy CSP](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
index 4fa3380c87..4f12cf7aec 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
@@ -1,13 +1,13 @@
 ---
 title: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
-description: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
+description: Learn about the policies in Policy CSP that can be set using Exchange Active Sync (EAS).
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 329281e328..2c89a44f21 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP
-description: Learn how the Policy configuration service provider (CSP) enables the enterprise to configure policies on Windows 10.
+description: Learn how the Policy configuration service provider (CSP) enables the enterprise to configure policies on Windows 10 and Windows 11.
 ms.assetid: 4F3A1134-D401-44FC-A583-6EDD3070BA4F
 ms.reviewer: 
 manager: dansimp
@@ -8,129 +8,147 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 07/18/2019
+ms.collection: highpri
 ---
 
 # Policy CSP
 
-The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies.
+The Policy configuration service provider enables the enterprise to configure policies on Windows 10 and Windows 11. Use this configuration service provider to configure any company policies.
 
 The Policy configuration service provider has the following sub-categories:
 
--   Policy/Config/*AreaName* – Handles the policy configuration request from the server.
--   Policy/Result/*AreaName* – Provides a read-only path to policies enforced on the device.
+- Policy/Config/*AreaName* – Handles the policy configuration request from the server.
+- Policy/Result/*AreaName* – Provides a read-only path to policies enforced on the device.
 
 
 
 > [!Important]
-> Policy scope is the level at which a policy can be configured. Some policies can only be configured at the device level, meaning the policy will take effect independent of who is logged into the device. Other policies can be configured at the user level, meaning the policy will only take effect for that user. 
+> Policy scope is the level at which a policy can be configured. Some policies can only be configured at the device level, meaning the policy will take effect independent of who is logged into the device. Other policies can be configured at the user level, meaning the policy will only take effect for that user.
 >
-> The allowed scope of a specific policy is represented below its table of supported Windows editions.  To configure a policy under a specific scope (user vs. device), please use the following paths:
+> The allowed scope of a specific policy is represented below its table of supported Windows editions. To configure a policy under a specific scope (user vs. device), please use the following paths:
 >
 > User scope:
-> -   **./User/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
-> -   **./User/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
+>
+> - **./User/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
+> - **./User/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
 >
 > Device scope:
-> -   **./Device/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
-> -   **./Device/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
+>
+> - **./Device/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
+> - **./Device/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
 >
 > For device wide configuration the **_Device/_**  portion may be omitted from the path, deeming the following paths respectively equivalent to the paths provided above:
 >
 > - **./Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
 > - **./Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
 
-The following diagram shows the Policy configuration service provider in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
+The following shows the Policy configuration service provider in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
 
-![policy csp diagram](images/provisioning-csp-policy.png)
+```console
+./Vendor/MSFT
+Policy
+-------Config
+----------AreaName
+-------------PolicyName
+-------Result
+----------AreaName
+-------------PolicyName
+-------ConfigOperations
+----------ADMXInstall
+-------------AppName
+----------------Policy
+------------------UniqueID
+----------------Preference
+------------------UniqueID
+```
 
 
 **./Vendor/MSFT/Policy**  
-
                  The root node for the Policy configuration service provider.
+The root node for the Policy configuration service provider.
 
-
                  Supported operation is Get.
+Supported operation is Get.
 
 **Policy/Config**  
-
                  Node for grouping all policies configured by one source. The configuration source can use this path to set policy values and later query any policy value that it previously set. One policy can be configured by multiple configuration sources. If a configuration source wants to query the result of conflict resolution (for example, if Exchange and MDM both attempt to set a value,) the configuration source can use the Policy/Result path to retrieve the resulting value.
+Node for grouping all policies configured by one source. The configuration source can use this path to set policy values and later query any policy value that it previously set. One policy can be configured by multiple configuration sources. If a configuration source wants to query the result of conflict resolution (for example, if Exchange and MDM both attempt to set a value) the configuration source can use the Policy/Result path to retrieve the resulting value.
 
-
                  Supported operation is Get.
+Supported operation is Get.
 
 **Policy/Config/_AreaName_**  
-
                  The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value.
+The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value.
 
-
                  Supported operations are Add, Get, and Delete.
+Supported operations are Add, Get, and Delete.
 
 **Policy/Config/_AreaName/PolicyName_**  
-
                  Specifies the name/value pair used in the policy.
+Specifies the name/value pair used in the policy.
 
-
                  The following list shows some tips to help you when configuring policies:
+The following list shows some tips to help you when configuring policies:
 
--   Separate substring values by the Unicode &\#xF000; in the XML file.
+- Separate substring values by the Unicode &\#xF000; in the XML file.
 
-> [!NOTE]
-> A query from a different caller could provide a different value as each caller could have different values for a named policy.
+    > [!NOTE]
+    > A query from a different caller could provide a different value as each caller could have different values for a named policy.
 
--   In SyncML, wrap this policy with the Atomic command so that the policy settings are treated as a single transaction.
--   Supported operations are Add, Get, Delete, and Replace.
--   Value type is string.
+- In SyncML, wrap this policy with the Atomic command so that the policy settings are treated as a single transaction.
+- Supported operations are Add, Get, Delete, and Replace.
+- Value type is string.
 
 **Policy/Result**  
-
                  Groups the evaluated policies from all providers that can be configured.
+Groups the evaluated policies from all providers that can be configured.
 
-
                  Supported operation is Get.
+Supported operation is Get.
 
 **Policy/Result/_AreaName_**  
-
                  The area group that can be configured by a single technology independent of the providers.
+The area group that can be configured by a single technology independent of the providers.
 
-
                  Supported operation is Get.
+Supported operation is Get.
 
 **Policy/Result/_AreaName/PolicyName_**  
-
                  Specifies the name/value pair used in the policy.
+Specifies the name/value pair used in the policy.
 
-
                  Supported operation is Get.
+Supported operation is Get.
 
 **Policy/ConfigOperations**  
-
                  Added in Windows 10, version 1703. The root node for grouping different configuration operations.
+Added in Windows 10, version 1703. The root node for grouping different configuration operations.
 
-
                  Supported operations are Add, Get, and Delete.
+Supported operations are Add, Get, and Delete.
 
 **Policy/ConfigOperations/ADMXInstall**  
-
                  Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see Win32 and Desktop Bridge app policy configuration.
+Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md).
 
 > [!NOTE]
 > The OPAX settings that are managed by the Microsoft Office Customization Tool are not supported by MDM. For more information about this tool, see [Office Customization Tool](/previous-versions/office/office-2013-resource-kit/cc179097(v=office.15)).
 
-
                  ADMX files that have been installed by using **ConfigOperations/ADMXInstall** can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}.
+ADMX files that have been installed by using **ConfigOperations/ADMXInstall** can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}.
 
-
                  Supported operations are Add, Get, and Delete.
+Supported operations are Add, Get, and Delete.
 
 **Policy/ConfigOperations/ADMXInstall/_AppName_**  
-
                  Added in Windows 10, version 1703. Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file. 
+Added in Windows 10, version 1703. Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file. 
 
-
                  Supported operations are Add, Get, and Delete.
+Supported operations are Add, Get, and Delete.
 
 **Policy/ConfigOperations/ADMXInstall/_AppName_/Policy**  
-
                  Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app policy is to be imported.
+Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app policy is to be imported.
 
-
                  Supported operations are Add, Get, and Delete.
+Supported operations are Add, Get, and Delete.
 
 **Policy/ConfigOperations/ADMXInstall/_AppName_/Policy/_UniqueID_** 
-
                  Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the policy to import.
+Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the policy to import.
 
-
                  Supported operations are Add and Get. Does not support Delete.
+Supported operations are Add and Get. Does not support Delete.
 
 **Policy/ConfigOperations/ADMXInstall/_AppName_/Preference**  
-
                  Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app preference is to be imported.
+Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app preference is to be imported.
 
-
                  Supported operations are Add, Get, and Delete.
+Supported operations are Add, Get, and Delete.
 
 **Policy/ConfigOperations/ADMXInstall/_AppName_/Preference/_UniqueID_**  
-
                  Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the preference to import.
-
-
                  Supported operations are Add and Get. Does not support Delete.
+Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the preference to import.
 
+Supported operations are Add and Get. Does not support Delete.
 
 ## Policies
 
@@ -213,6 +231,23 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
 
+### ADMX_AdmPwd policies
+
+
                  
+  
                  
+    ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy
+  
                  
+  
                  
+    ADMX_AdmPwd/POL_AdmPwd_Enabled
+  
                  
+  
                  
+    ADMX_AdmPwd/POL_AdmPwd_AdminName
+  
                  
+  
                  
+    ADMX_AdmPwd/POL_AdmPwd
+  
                  
+
                  
+
 ### ADMX_AppCompat policies
 
 
                  
@@ -555,7 +590,18 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
-### ADMX_Desktop policies  
+### ADMX_DCOM policies
+
+
                  
+  
                  
+    ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList
+  
                  
+  
                  
+    ADMX_DCOM/DCOMActivationSecurityCheckExemptionList
+  
                  
+
                  
+
+### ADMX_Desktop policies
 
 
                  
   
                  
@@ -647,6 +693,24 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
 
                  
 
+### ADMX_DeviceCompat policies
+
+
                  
+  
                  
+    ADMX_DeviceCompat/DeviceFlags
+  
                  
+  
                  
+    ADMX_DeviceCompat/DriverShims
+  
                  
+
                  
+
+### ADMX_DeviceGuard policies
+
+ 
                  
+    ADMX_DeviceGuard/ConfigCIPolicy
+  
                  
+
                  
+
 ### ADMX_DeviceInstallation policies  
 
 
                  
@@ -687,9 +751,19 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
-### ADMX_DigitalLocker policies
-
                  
+### ADMX_DFS policies
+
+
                  
   
                  
+    ADMX_DFS/DFSDiscoverDC
+  
                  
+
                  
+
+### ADMX_DigitalLocker policies
+
+
                    
+
                  
     ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1
   
                  
   
                  
@@ -697,6 +771,54 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
 
                  
 
+### ADMX_DiskDiagnostic policies
+
+
                  
+  
                  
+    ADMX_DiskDiagnostic/DfdAlertPolicy
+  
                  
+  
                  
+    ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy
+  
                  
+
                  
+
+### ADMX_DiskNVCache policies
+
+
                  
+  
                  
+    ADMX_DiskNVCache/BootResumePolicy
+  
                  
+  
                  
+    ADMX_DiskNVCache/FeatureOffPolicy
+  
                  
+  
                  
+    ADMX_DiskNVCache/SolidStatePolicy
+  
                  
+
                  
+
+### ADMX_DiskQuota policies
+
+
                  
+  
                  
+    ADMX_DiskQuota/DQ_RemovableMedia
+  
                  
+  
                  
+    ADMX_DiskQuota/DQ_Enable
+  
                  
+  
                  
+    ADMX_DiskQuota/DQ_Enforce
+  
                  
+  
                  
+    ADMX_DiskQuota/DQ_LogEventOverLimit
+  
                  
+  
                  
+    ADMX_DiskQuota/DQ_LogEventOverThreshold
+  
                  
+  
                  
+    ADMX_DiskQuota/DQ_Limit
+  
                  
+
                  
+
 ### ADMX_DistributedLinkTracking policies  
 
 
                  
@@ -705,6 +827,7 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+
 ### ADMX_DnsClient policies
 
 
                  
@@ -777,7 +900,6 @@ The following diagram shows the Policy configuration service provider in tree fo
 
                  
 
 ### ADMX_DWM policies
-
 
                  
   
                  
     ADMX_DWM/DwmDefaultColorizationColor_1
@@ -847,6 +969,13 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
 
                  
 
+### ADMX_EventLogging policies
+
                  
+  
                  
+    ADMX_EventLogging/EnableProtectedEventLogging
+  
                  
+
                  
+
 ### ADMX_EnhancedStorage policies  
 
 
                  
@@ -1041,6 +1170,19 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### ADMX_EventViewer policies  
+
+
                  
+  
                  
+    ADMX_EventViewer/EventViewer_RedirectionProgram
+  
                  
+  
                  
+    ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters
+  
                  
+  
                  
+    ADMX_EventViewer/EventViewer_RedirectionURL
+  
                  
+
 ### ADMX_Explorer policies  
 
 
                  
@@ -1061,6 +1203,19 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
 
                  
 
+### ADMX_ExternalBoot policies  
+
+
                  
+  
                  
+    ADMX_ExternalBoot/PortableOperatingSystem_Hibernate
+  
                  
+    ADMX_ExternalBoot/PortableOperatingSystem_Sleep
+  
+  
+    ADMX_ExternalBoot/PortableOperatingSystem_Launcher
+  
+
                  
+
 ### ADMX_FileRecovery policies
 
                  
   
                  
@@ -1068,6 +1223,13 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
 
                  
 
+### ADMX_FileRevocation policies
+
                  
+  
                  
+    ADMX_FileRevocation/DelegatedPackageFamilyNames
+  
                  
+
                  
+
 ### ADMX_FileServerVSSProvider policies
 
                  
   
                  
@@ -1128,6 +1290,23 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
 
                  
 
+### ADMX_FramePanes policies
+
                  
+  
                  
+    ADMX_FramePanes/NoReadingPane
+  
                  
+  
                  
+    ADMX_FramePanes/NoPreviewPane
+  
                  
+
                  
+
+### ADMX_FTHSVC policies
+
                  
+  
                  
+    ADMX_FTHSVC/WdiScenarioExecutionPolicy
+  
                  
+
                  
+
 ### ADMX_Help policies
 
                  
   
                  
@@ -1144,6 +1323,13 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
 
                  
 
+### ADMX_HotSpotAuth policies
+
                  
+  
                  
+    ADMX_HotSpotAuth/HotspotAuth_Enable
+  
                  
+
                  
+
 ### ADMX_Globalization policies  
 
 
                  
@@ -1455,6 +1641,35 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### ADMX_IIS policies
+
                  
+  
                  
+    ADMX_IIS/PreventIISInstall
+  
                  
+
                  
+
+### ADMX_iSCSI policies
+
+
                  
+  
                  
+    ADMX_iSCSI/iSCSIGeneral_RestrictAdditionalLogins
+  
                  
+  
                  
+    ADMX_iSCSI/iSCSIGeneral_ChangeIQNName
+  
                  
+  
                  
+    ADMX_iSCSI/iSCSISecurity_ChangeCHAPSecret
+  
                  
+
                  
+
 ### ADMX_kdc policies
 
                  
   
                  
@@ -1536,6 +1751,13 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
 
                  
 
+### ADMX_LeakDiagnostic policies
+
                  
+  
                  
+    ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy
+  
                  
+
                  
+
 ### ADMX_LinkLayerTopologyDiscovery policies
 
                  
   
                  
@@ -1546,6 +1768,14 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
 
                  
 
+### ADMX_LocationProviderAdm policies
+
+
                  
+  
                  
+    ADMX_LocationProviderAdm/BlockUserFromShowingAccountDetailsOnSignin
+  
                  
+
                  
+
 ### ADMX_Logon policies  
 
 
                  
@@ -2216,6 +2446,26 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### ADMX_MobilePCMobilityCenter policies
+
                  
+  
                  
+    ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1
+  
                  
+  
                  
+    ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2
+  
                  
+
                  
+
+### ADMX_MobilePCPresentationSettings policies
+
                  
+  
                  
+    ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1
+  
                  
+  
                  
+    ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2
+  
                  
+
                  
+
 ### ADMX_MSAPolicy policies
 
                  
   
                  
@@ -2325,6 +2575,13 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
 
                  
 
+### ADMX_MsiFileRecovery policies
+
                  
+  
                  
+    ADMX_MsiFileRecovery/WdiScenarioExecutionPolicy
+  
                  
+
                  
+
 ### ADMX_nca policies
 
                  
   
                  
@@ -2716,6 +2973,32 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
 
                  
 
+### ADMX_pca policies
+
+
                  
+  
                  
+    ADMX_pca/DetectDeprecatedCOMComponentFailuresPolicy
+  
                  
+  
                  
+    ADMX_pca/DetectDeprecatedComponentFailuresPolicy
+  
                  
+  
                  
+    ADMX_pca/DetectInstallFailuresPolicy
+  
                  
+  
                  
+    ADMX_pca/DetectUndetectedInstallersPolicy
+  
                  
+  
                  
+    ADMX_pca/DetectUpdateFailuresPolicy
+  
                  
+  
                  
+    ADMX_pca/DisablePcaUIPolicy
+  
                  
+
                  
+    ADMX_pca/DetectBlockedDriversPolicy
+
                  
+
                  
+
 ### ADMX_PeerToPeerCaching policies
 
 
                  
@@ -2748,6 +3031,17 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### ADMX_PenTraining policies
+
+
                  
+  
                  
+    ADMX_PenTraining/PenTrainingOff_1
+  
                  
+  
                  
+    ADMX_PenTraining/PenTrainingOff_2
+  
                  
+
                  
+
 ### ADMX_PerformanceDiagnostics policies
 
 
                  
@@ -2862,6 +3156,35 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### ADMX_PreviousVersions policies
+
+
                  
+  
                  
+    ADMX_PreviousVersions/DisableLocalPage_1
+  
                  
+  
                  
+    ADMX_PreviousVersions/DisableLocalPage_2
+  
                  
+  
                  
+    ADMX_PreviousVersions/DisableRemotePage_1
+  
                  
+  
                  
+    ADMX_PreviousVersions/DisableRemotePage_2
+  
                  
+  
                  
+    ADMX_PreviousVersions/HideBackupEntries_1
+  
                  
+  
                  
+    ADMX_PreviousVersions/HideBackupEntries_2
+  
                  
+  
                  
+    ADMX_PreviousVersions/DisableLocalRestore_1
+  
                  
+  
                  
+    ADMX_PreviousVersions/DisableLocalRestore_2
+  
                  
+
                  
+
 ### ADMX_Printing policies  
 
 
                  
@@ -3191,6 +3514,14 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### ADMX_sdiagschd policies
+
+
                  
+  
                  
+    ADMX_sdiagschd/ScheduledDiagnosticsExecutionPolicy
+  
                  
+
                  
+
 ### ADMX_sdiageng policies
 
 
                  
@@ -3233,6 +3564,23 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### ADMX_ServerManager policies
+
+
                  
+  
                  
+    ADMX_ServerManager/Do_not_display_Manage_Your_Server_page
+  
                  
+  
                  
+    ADMX_ServerManager/ServerManagerAutoRefreshRate
+  
                  
+  
                  
+    ADMX_ServerManager/DoNotLaunchInitialConfigurationTasks
+  
                  
+  
                  
+    ADMX_ServerManager/DoNotLaunchServerManager
+  
                  
+
                  
+
 ### ADMX_Servicing policies  
 
 
                  
@@ -3292,30 +3640,22 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
-##  ADMX_ShellCommandPromptRegEditTools policies
+### ADMX_ShellCommandPromptRegEditTools policies
 
 
                  
   
                  
-    ADMX_ShellCommandPromptRegEditTools/DisableCMD
+    ADMX_ShellCommandPromptRegEditTools/DisallowApps
   
                  
   
                  
     ADMX_ShellCommandPromptRegEditTools/DisableRegedit
   
                  
   
                  
-    ADMX_ShellCommandPromptRegEditTools/DisallowApps
+    ADMX_ShellCommandPromptRegEditTools/DisableCMD
   
                  
   
                  
-    ADMX_ShellCommandPromptRegEditTools/RestrictApps
+    ADMX_ShellCommandPromptRegEditTools/RestrictApps
   
                  
-
                  
-
-### ADMX_SkyDrive policies  
-
 
                  
-  
                  
-    ADMX_SkyDrive/PreventNetworkTrafficPreUserSignIn
-  
                  
-
                  
 
 ### ADMX_Smartcard policies
 
@@ -3383,6 +3723,8 @@ The following diagram shows the Policy configuration service provider in tree fo
     ADMX_Snmp/SNMP_Traps_Public
   
 
                  
+  
+
                  
 
 ### ADMX_StartMenu policies  
 
@@ -3598,6 +3940,17 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### ADMX_TabletShell policies
+
+
                  
+  
                  
+    ADMX_TabletShell/DisableInkball_1
+  
                  
+  
                  
+    ADMX_TabletShell/DisableNoteWriterPrinting_1
+  
                  
+
                  
+
 ### ADMX_Taskbar policies  
 
 
                  
@@ -3713,6 +4066,274 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### ADMX_TerminalServer policies
+
+
                  
+  
                  
+    ADMX_TerminalServer/TS_AUTO_RECONNECT
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CAMERA_REDIRECTION
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_AUDIO
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_CLIPBOARD
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_COM
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_DEFAULT_M
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_LPT
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_PNP
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_PRINTER
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_COLORDEPTH
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_EASY_PRINT
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_EASY_PRINT_User
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_EnableVirtualGraphics
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_FORCIBLE_LOGOFF
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER
+  
                   
+  
                  
+    ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY
+  
                   
+  
                  
+    ADMX_TerminalServer/TS_KEEP_ALIVE
+  
                   
+  
                  
+    ADMX_TerminalServer/TS_LICENSE_SECGROUP
+  
                   
+  
                  
+    ADMX_TerminalServer/TS_LICENSE_SERVERS
+  
                   
+  
                  
+    ADMX_TerminalServer/TS_LICENSE_TOOLTIP
+  
                   
+  
                  
+    ADMX_TerminalServer/TS_LICENSING_MODE
+  
                   
+  
                  
+    ADMX_TerminalServer/TS_MAX_CON_POLICY
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_MAXDISPLAYRES
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_MAXMONITOR
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_NoDisconnectMenu
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_NoSecurityMenu
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_PreventLicenseUpgrade
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_RADC_DefaultConnection
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_RemoteControl_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_RemoteControl_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SD_ClustName
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SD_Loc
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SELECT_TRANSPORT
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_AUTH
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_COMPRESSOR
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_LEGACY_RFX
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_PROFILE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_VISEXP
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_Session_End_On_Limit_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_Session_End_On_Limit_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2
+  
                  
+    ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1
+    
+  
                  
+    ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SINGLE_SESSION
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SMART_CARD
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_START_PROGRAM_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_START_PROGRAM_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_TEMP_DELETE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_TEMP_PER_SESSION
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_TIME_ZONE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_UIA
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_USER_HOME
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_USER_PROFILES
+  
                    
+
                  
+
 ### ADMX_Thumbnails policies  
 
 
                  
@@ -3727,6 +4348,23 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### ADMX_TouchInput policies
+
+
                  
+  
                  
+    ADMX_TouchInput/TouchInputOff_1
+  
                    
+  
                  
+    ADMX_TouchInput/TouchInputOff_2
+  
                  
+  
                  
+    ADMX_TouchInput/PanningEverywhereOff_1
+  
                  
+  
                  
+    ADMX_TouchInput/PanningEverywhereOff_2
+  
                  
+
                  
+
 ### ADMX_TPM policies  
 
 
                  
@@ -4205,6 +4843,17 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### ADMX_WDI Policies
+
+
                  
+  
                  
+    ADMX_WDI/WdiDpsScenarioExecutionPolicy
+  
                  
+  
                  
+    ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy
+  
                  
+
                  
+
 ### ADMX_WinCal policies  
 
 
                  
@@ -4216,14 +4865,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
-### ADMX_WindowsAnytimeUpgrade policies  
-
-
                  
-  
                  
-    ADMX_WindowsAnytimeUpgrade/Disabled
-  
                  
-
                  
-
 ### ADMX_WindowsConnectNow policies  
 
 
                  
@@ -4623,6 +5264,28 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### ADMX_WordWheel policies
+
+
                  
+  
                  
+    ADMX_WordWheel/CustomSearch
+  
                  
+
                  
+
+### ADMX_WorkFoldersClient policies
+
+
                  
+  
                  
+    ADMX_WorkFoldersClient/Pol_UserEnableTokenBroker
+  
                  
+  
                  
+    ADMX_WorkFoldersClient/Pol_UserEnableWorkFolders
+  
                  
+  
                  
+    ADMX_WorkFoldersClient/Pol_MachineEnableWorkFolders
+  
                  
+
                  
+
 ### ADMX_WPN policies  
 
 
                  
@@ -5437,9 +6100,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
     Defender/AllowIOAVProtection
   
                  
-  
                  
-    Defender/AllowIntrusionPreventionSystem
-  
                  
   
                  
     Defender/AllowOnAccessProtection
   
                  
@@ -5779,6 +6439,14 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### EAP policies
+
+
                  
+  
                  
+    EAP/AllowTLS1_3
+  
                  
+
                  
+
 ### Education policies
 
 
                  
@@ -5935,6 +6603,13 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### Feeds policies
+
                  
+  
                  
+    Feeds/FeedsEnabled
+  
                  
+
                  
+
 ### FileExplorer policies
 
 
                  
@@ -5962,6 +6637,20 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### HumanPresence policies
+
+
                  
+  
                  
+    HumanPresence/ForceInstantLock
+  
                  
+  
                  
+    HumanPresence/ForceInstantWake
+  
                  
+  
                  
+    HumanPresence/ForceLockTimeout
+  
                  
+
                  
+
 ### InternetExplorer policies
 
 
                  
@@ -6971,6 +7660,17 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### MemoryDump policies
+
+
                  
+  
                  
+    MemoryDump/AllowCrashDump
+  
                  
+  
                  
+    MemoryDump/AllowLiveDump
+  
                  
+
                  
+
 ### Messaging policies
 
 
                  
@@ -7076,6 +7776,26 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### NetworkListManager policies
+
+
                  
+  
                  
+    NetworkListManager/AllowedTlsAuthenticationEndpoints
+  
                  
+  
                  
+    NetworkListManager/ConfiguredTLSAuthenticationNetworkName
+  
                  
+  
                  
+
                  
+
+### NewsAndInterests policies
+
+
                  
+  
                  
+    NewsAndInterests/AllowNewsAndInterests
+  
                  
+
                  
+
 ### Notifications policies
 
 
                  
@@ -7479,6 +8199,17 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### RemoteDesktop policies
+
+
                  
+  
                  
+    RemoteDesktop/AutoSubscription
+  
                  
+  
                  
+    RemoteDesktop/LoadAadCredKeyFromProfile
+  
                  
+
                  
+
 ### RemoteDesktopServices policies
 
 
                  
@@ -7873,6 +8604,18 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
     Storage/RemovableDiskDenyWriteAccess
   
                  
+  
                  
+    Storage/WPDDevicesDenyReadAccessPerDevice
+  
                  
+  
                  
+    Storage/WPDDevicesDenyReadAccessPerUser
+  
                  
+  
                  
+    Storage/WPDDevicesDenyWriteAccessPerDevice
+  
                  
+  
                  
+    Storage/WPDDevicesDenyWriteAccessPerUser
+  
                  
 
                  
 
 ### System policies
@@ -7938,6 +8681,12 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
     System/FeedbackHubAlwaysSaveDiagnosticsLocally
   
                  
+  
                  
+    System/LimitDiagnosticLogCollection
+  
                  
+  
                  
+    System/LimitDumpCollection
+  
                  
   
                  
     System/LimitEnhancedDiagnosticDataWindowsAnalytics
   
                  
@@ -8027,6 +8776,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
     TextInput/AllowLinguisticDataCollection
   
                  
+  
                  
+    TextInput/AllowTextInputSuggestionUpdate
+  
                  
   
                  
     TextInput/ConfigureJapaneseIMEVersion
   
                  
@@ -8077,9 +8829,18 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### TimeLanguageSettings policies
 
 
                  
+  
                  
+    TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks
+  
                  
   
                  
     TimeLanguageSettings/ConfigureTimeZone
   
                  
+  
                  
+    TimeLanguageSettings/MachineUILanguageOverwrite
+  
                  
+  
                  
+    TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall
+  
                  
 
                  
 
 ### Troubleshooting policies
@@ -8144,6 +8905,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
     Update/ConfigureDeadlineGracePeriod
   
                  
+  
                  
+    Update/ConfigureDeadlineGracePeriodForFeatureUpdates
+  
                  
   
                  
     Update/ConfigureDeadlineNoAutoReboot
   
                  
@@ -8171,6 +8935,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
     Update/DisableWUfBSafeguards
   
                  
+  
                  
+    Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection
+  
                  
   
                  
     Update/EngagedRestartDeadline
   
                  
@@ -8267,6 +9034,18 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
     Update/SetEDURestart
   
                  
+  
                  
+    Update/SetPolicyDrivenUpdateSourceForDriver
+  
                  
+  
                  
+    Update/SetPolicyDrivenUpdateSourceForFeature
+  
                  
+  
                  
+    Update/SetPolicyDrivenUpdateSourceForOther
+  
                  
+  
                  
+    Update/SetPolicyDrivenUpdateSourceForQuality
+  
                  
   
                   
     Update/SetProxyBehaviorForUpdateDetection 
   
                  
@@ -8377,6 +9156,17 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### VirtualizationBasedTechnology policies
+
+
                  
+  
                  
+    VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity
+  
                  
+  
                  
+    VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable
+  
                  
+
                  
+
 ### Wifi policies
 
 
                  
@@ -8403,6 +9193,14 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
+### WindowsAutoPilot policies
+
+
                  
+  
                  
+    WindowsAutoPilot/EnableAgilityPostEnrollment
+  
                  
+
                  
+
 ### WindowsConnectionManager policies
 
 
                  
@@ -8482,23 +9280,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
                  
 
-### ADMX_WindowsFileProtection policies  
-
-
                  
-  
                  
-    ADMX_WindowsFileProtection/WFPShowProgress
-  
                  
-  
                  
-    ADMX_WindowsFileProtection/WFPQuota
-  
                  
-  
                  
-    ADMX_WindowsFileProtection/WFPScan
-  
                  
-  
                  
-    ADMX_WindowsFileProtection/WFPDllCacheDir
-  
                  
-
                  
-
 ### WindowsInkWorkspace policies
 
 
                  
@@ -8576,6 +9357,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   
                  
     WirelessDisplay/AllowMdnsDiscovery
   
                  
+  
                  
+    WirelessDisplay/AllowMovementDetectionOnInfrastructure
+  
                  
   
                  
     WirelessDisplay/AllowProjectionFromPC
   
                  
diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index 23c1bb8142..f23dbf7f6b 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/27/2019
 ms.reviewer: 
 manager: dansimp
@@ -14,8 +14,6 @@ manager: dansimp
 
 # Policy CSP - AboveLock
 
-
-
 
                  
 
 
@@ -38,32 +36,13 @@ manager: dansimp
 **AboveLock/AllowCortanaAboveLock**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -83,7 +62,7 @@ Added in Windows 10, version 1607. Specifies whether or not the user can intera
 
 
 ADMX Info:  
--   GP English name: *Allow Cortana above lock screen*
+-   GP Friendly name: *Allow Cortana above lock screen*
 -   GP name: *AllowCortanaAboveLock*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -104,32 +83,13 @@ The following list shows the supported values:
 **AboveLock/AllowToasts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes, starting in Windows 10, version 1607|Yes|
+|Enterprise|Yes, starting in Windows 10, version 1607|Yes|
+|Education|Yes, starting in Windows 10, version 1607|Yes|
 
 
 
                  
@@ -159,16 +119,8 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
+## Related topics
+
+[Policy CSP](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index 644ff6136e..2a640df633 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -1,12 +1,12 @@
 ---
 title: Policy CSP - Accounts
-description: Learn about the Policy configuration service provider (CSP). This articles describes account policies. 
+description: Learn about the Accounts policy configuration service provider (CSP). This article describes account policies. 
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/27/2019
 ms.reviewer: 
 manager: dansimp
@@ -40,40 +40,13 @@ manager: dansimp
 **Accounts/AllowAddingNonMicrosoftAccountsManually**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  Mobilecheck mark
                  Mobile Enterprisecheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -111,40 +84,14 @@ The following list shows the supported values:
 **Accounts/AllowMicrosoftAccountConnection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  Mobilecheck mark
                  Mobile Enterprisecheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -179,40 +126,14 @@ The following list shows the supported values:
 **Accounts/AllowMicrosoftAccountSignInAssistant**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  Mobilecheck mark2
                  Mobile Enterprisecheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -246,15 +167,10 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
-
\ No newline at end of file
+
+
+## Related topics
+
+[Policy CSP](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index d760021b1e..206b52f009 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -1,12 +1,12 @@
 ---
 title: Policy CSP - ActiveXControls
-description: Learn about various Policy configuration service provider (CSP) - ActiveXControls settings, including SyncML, for Windows 10.
+description: Learn about various Policy configuration service provider (CSP) - ActiveXControls settings, including SyncML, for Windows 10.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/27/2019
 ms.reviewer: 
 manager: dansimp
@@ -14,6 +14,12 @@ manager: dansimp
 
 # Policy CSP - ActiveXControls
 
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 
                  
@@ -34,32 +40,13 @@ manager: dansimp
 **ActiveXControls/ApprovedInstallationSites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -78,21 +65,16 @@ This policy setting determines which ActiveX installation sites standard users i
 
 If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL. 
 
-If you disable or do not configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation. 
+If you disable or don't configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation. 
 
-Note: Wild card characters cannot be used when specifying the host URLs.
+> [!Note]
+> Wild card characters can't be used when specifying the host URLs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Approved Installation Sites for ActiveX Controls*
+-   GP Friendly name: *Approved Installation Sites for ActiveX Controls*
 -   GP name: *ApprovedActiveXInstallSites*
 -   GP path: *Windows Components/ActiveX Installer Service*
 -   GP ADMX file name: *ActiveXInstallService.admx*
@@ -101,16 +83,9 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
index a4020d12f2..bc9d52e929 100644
--- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
+++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
@@ -1,20 +1,26 @@
 ---
 title: Policy CSP - ADMX_ActiveXInstallService
-description: Policy CSP - ADMX_ActiveXInstallService
+description: Learn about the Policy CSP - ADMX_ActiveXInstallService.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/09/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_ActiveXInstallService
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
                  
 
@@ -34,32 +40,14 @@ manager: dansimp
 **ADMX_ActiveXInstallService/AxISURLZonePolicies**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -74,28 +62,22 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the installation of ActiveX controls for sites in Trusted zone.
+This policy setting controls the installation of ActiveX controls for sites in Trusted zone.
 
 If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting.
 
-If you disable or do not configure this policy setting, ActiveX controls prompt the user before installation. 
+If you disable or don't configure this policy setting, ActiveX controls prompt the user before installation. 
 
-If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If you are aware that a trusted site has a certificate error but you want to trust it anyway you can select the certificate errors that you want to ignore.
+If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If a trusted site has a certificate error but you want to trust it anyway, you can select the certificate errors that you want to ignore.
 
 > [!NOTE]
 > This policy setting applies to all sites in Trusted zones.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Establish ActiveX installation policy for sites in Trusted zones*
+-   GP Friendly name: *Establish ActiveX installation policy for sites in Trusted zones*
 -   GP name: *AxISURLZonePolicies*
 -   GP path: *Windows Components\ActiveX Installer Service*
 -   GP ADMX file name: *ActiveXInstallService.admx*
@@ -104,8 +86,9 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
index 647cff6ce4..c31c112030 100644
--- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@@ -1,11 +1,11 @@
 ---
 title: Policy CSP - ADMX_AddRemovePrograms
-description: Policy CSP - ADMX_AddRemovePrograms 
+description: Learn about the Policy CSP - ADMX_AddRemovePrograms.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 08/13/2020
 ms.reviewer: 
@@ -14,8 +14,13 @@ manager: dansimp
 
 # Policy CSP - ADMX_AddRemovePrograms
 
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
                  
 
@@ -65,32 +70,10 @@ manager: dansimp
 **ADMX_AddRemovePrograms/DefaultCategory**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
 
 
 
                  
@@ -106,26 +89,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories. 
+The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories. 
 
 To use this setting, type the name of a category in the Category box for this setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation.
 
-If you disable this setting or do not configure it, all programs (Category: All) are displayed when the "Add New Programs" page opens. You can use this setting to direct users to the programs they are most likely to need. 
+If you disable this setting or don't configure it, all programs (Category: All) are displayed when the "Add New Programs" page opens. You can use this setting to direct users to the programs they're most likely to need.
 
 > [!NOTE]
 > This setting is ignored if either the "Remove Add or Remove Programs" setting or the "Hide Add New Programs page" setting is enabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
-- GP English name: *Specify default category for Add New Programs*
+- GP Friendly name: *Specify default category for Add New Programs*
 - GP name: *DefaultCategory*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -148,32 +125,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoAddFromCDorFloppy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|||
+|Enterprise|Yes|Yes|
+|Education|||
 
 
 
                  
@@ -189,24 +148,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.
+This policy setting removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This feature removal prevents users from using Add or Remove Programs to install programs from removable media.
 
-If you disable this setting or do not configure it, the "Add a program from CD-ROM or floppy disk" option is available to all users. This setting does not prevent users from using other tools and methods to add or remove program components.
+If you disable this setting or don't configure it, the "Add a program from CD-ROM or floppy disk" option is available to all users. This setting doesn't prevent users from using other tools and methods to add or remove program components.
 
 > [!NOTE]
-> If the "Hide Add New Programs page" setting is enabled, this setting is ignored. Also, if the "Prevent removable media source for any install" setting (located in User Configuration\Administrative Templates\Windows Components\Windows Installer) is enabled, users cannot add programs from removable media, regardless of this setting.
+> If the "Hide Add New Programs page" setting is enabled, this setting is ignored. Also, if the "Prevent removable media source for any install" setting (located in User Configuration\Administrative Templates\Windows Components\Windows Installer) is enabled, users can't add programs from removable media, regardless of this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
-- GP English name: *Hide the "Add a program from CD-ROM or floppy disk" option*
+- GP Friendly name: *Hide the "Add a program from CD-ROM or floppy disk" option*
 - GP name: *NoAddFromCDorFloppy*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -229,32 +182,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoAddFromInternet**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -270,24 +205,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.
+This policy setting removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.
 
-If you disable this setting or do not configure it, "Add programs from Microsoft" is available to all users. This setting does not prevent users from using other tools and methods to connect to Windows Update.
+If you disable this setting or don't configure it, "Add programs from Microsoft" is available to all users. This setting doesn't prevent users from using other tools and methods to connect to Windows Update.
 
 > [!NOTE]
 > If the "Hide Add New Programs page" setting is enabled, this setting is ignored.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
-- GP English name: *Hide the "Add programs from Microsoft" option*
+- GP Friendly name: *Hide the "Add programs from Microsoft" option*
 - GP name: *NoAddFromInternet*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -310,32 +240,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoAddFromNetwork**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -351,26 +263,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files. 
+This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files. 
 
-If you enable this setting, users cannot tell which programs have been published by the system administrator, and they cannot use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu. 
+If you enable this setting, users can't tell which programs have been published by the system administrator, and they can't use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu. 
 
-If you disable this setting or do not configure it, "Add programs from your network" is available to all users.
+If you disable this setting or don't configure it, "Add programs from your network" is available to all users.
 
 > [!NOTE]
 > If the "Hide Add New Programs page" setting is enabled, this setting is ignored.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
-- GP English name: *Hide the "Add programs from your network" option*
+- GP Friendly name: *Hide the "Add programs from your network" option*
 - GP name: *NoAddFromNetwork*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -392,32 +299,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoAddPage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -433,21 +322,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Add New Programs button lets users install programs published or assigned by a system administrator.
+This policy setting removes the Add New Programs button from the Add or Remove Programs bar. As a result, users can't view or change the attached page. The Add New Programs button lets users install programs published or assigned by a system administrator.
 
-If you disable this setting or do not configure it, the Add New Programs button is available to all users. This setting does not prevent users from using other tools and methods to install programs.
+If you disable this setting or don't configure it, the Add New Programs button is available to all users. This setting doesn't prevent users from using other tools and methods to install programs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
-- GP English name: *Hide Add New Programs page*
+- GP Friendly name: *Hide Add New Programs page*
 - GP name: *NoAddPage*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -470,32 +354,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoAddRemovePrograms**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -511,21 +377,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. 
+This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. 
 
-If you disable this setting or do not configure it, Add or Remove Programs is available to all users. When enabled, this setting takes precedence over the other settings in this folder. This setting does not prevent users from using other tools and methods to install or uninstall programs.
+If you disable this setting or don't configure it, Add or Remove Programs is available to all users. When enabled, this setting takes precedence over the other settings in this folder. This setting doesn't prevent users from using other tools and methods to install or uninstall programs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
-- GP English name: *Remove Add or Remove Programs*
+- GP Friendly name: *Remove Add or Remove Programs*
 - GP name: *NoAddRemovePrograms*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -548,32 +409,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoChooseProgramsPage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -589,22 +432,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations. 
+This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users can't view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations. 
 
-If you disable this setting or do not configure it, the Set Program Access and Defaults button is available to all users. This setting does not prevent users from using other tools and methods to change program access or defaults. This setting does not prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting.
+If you disable this setting or don't configure it, the **Set Program Access and Defaults** button is available to all users. This setting doesn't prevent users from using other tools and methods to change program access or defaults. This setting doesn't prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting.
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
-- GP English name: *Hide the Set Program Access and Defaults page*
+- GP Friendly name: *Hide the Set Program Access and Defaults page*
 - GP name: *NoChooseProgramsPage*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -627,32 +465,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoRemovePage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -668,21 +488,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.
+This policy setting removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users can't view or change the attached page. The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.
 
-If you disable this setting or do not configure it, the Change or Remove Programs page is available to all users. This setting does not prevent users from using other tools and methods to delete or uninstall programs.
+If you disable this setting or don't configure it, the Change or Remove Programs page is available to all users. This setting doesn't prevent users from using other tools and methods to delete or uninstall programs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
-- GP English name: *Hide Change or Remove Programs page*
+- GP Friendly name: *Hide Change or Remove Programs page*
 - GP name: *NoRemovePage*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -705,32 +520,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoServices**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -746,24 +543,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools.
+This policy setting prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that haven't been configured and offers users easy access to the configuration tools.
 
-If you disable this setting or do not configure it, "Set up services" appears only when there are unconfigured system services. If you enable this setting, "Set up services" never appears. This setting does not prevent users from using other methods to configure services.
+If you disable this setting or don't configure it, "Set up services" appears only when there are unconfigured system services. If you enable this setting, "Set up services" never appears. This setting doesn't prevent users from using other methods to configure services.
 
 > [!NOTE]
-> When "Set up services" does not appear, clicking the Add/Remove Windows Components button starts the Windows Component Wizard immediately. Because the only remaining option on the Add/Remove Windows Components page starts the wizard, that option is selected automatically, and the page is bypassed. To remove "Set up services" and prevent the Windows Component Wizard from starting, enable the "Hide Add/Remove Windows Components page" setting. If the "Hide Add/Remove Windows Components page" setting is enabled, this setting is ignored.
+> When "Set up services" doesn't appear, clicking the Add/Remove Windows Components button starts the Windows Component Wizard immediately. Because the only remaining option on the Add/Remove Windows Components page starts the wizard, that option is selected automatically, and the page is bypassed. To remove "Set up services" and prevent the Windows Component Wizard from starting, enable the "Hide Add/Remove Windows Components page" setting. If the "Hide Add/Remove Windows Components page" setting is enabled, this setting is ignored.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
-- GP English name: *Go directly to Components Wizard*
+- GP Friendly name: *Go directly to Components Wizard*
 - GP name: *NoServices*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -786,32 +578,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoSupportInfo**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -827,24 +601,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.
+This policy setting removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.
 
-If you disable this setting or do not configure it, the Support Info hyperlink appears.
+If you disable this setting or don't configure it, the Support Info hyperlink appears.
 
 > [!NOTE]
 > Not all programs provide a support information hyperlink.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
-- GP English name: *Remove Support Information*
+- GP Friendly name: *Remove Support Information*
 - GP name: *NoSupportInfo*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -867,32 +635,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoWindowsSetupPage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -908,21 +658,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files.
+This policy setting removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users can't view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files.
 
-If you disable this setting or do not configure it, the Add/Remove Windows Components button is available to all users. This setting does not prevent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user access to the Windows Component Wizard.
+If you disable this setting or don't configure it, the Add/Remove Windows Components button is available to all users. This setting doesn't prevent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user access to the Windows Component Wizard.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
-- GP English name: *Hide Add/Remove Windows Components page*
+- GP Friendly name: *Hide Add/Remove Windows Components page*
 - GP name: *NoWindowsSetupPage*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -939,8 +684,9 @@ ADMX Info:
 
 
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md
new file mode 100644
index 0000000000..f8dee79bd9
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md
@@ -0,0 +1,230 @@
+---
+title: Policy CSP - ADMX_AdmPwd
+description: Learn about the Policy CSP - ADMX_AdmPwd.
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 11/09/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_AdmPwd
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+
                  
+
+
+## ADMX_AdmPwd policies  
+
+
                  
+  
                  
+    ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy
+  
                  
+  
                  
+    ADMX_AdmPwd/POL_AdmPwd_Enabled
+  
                  
+  
                  
+    ADMX_AdmPwd/POL_AdmPwd_AdminName
+  
                  
+  
                  
+    ADMX_AdmPwd/POL_AdmPwd
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+When you enable this setting, planned password expiration longer than password age dictated by "Password Settings" policy is NOT allowed. When such expiration is detected, password is changed immediately and password expiration is set according to policy.
+
+When you disable or don't configure this setting, password expiration time may be longer than required by "Password Settings" policy.
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow password expiration time longer than required by policy*
+-   GP name: *POL_AdmPwd_DontAllowPwdExpirationBehindPolicy*
+-   GP path: *Windows Components\AdmPwd*
+-   GP ADMX file name: *AdmPwd.admx*
+
+
+
+
                  
+
+
+**ADMX_AdmPwd/POL_AdmPwd_Enabled**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+This policy enables the management of password for local administrator account
+
+If you enable this setting, local administrator password is managed.
+
+If you disable or not configure this setting, local administrator password is NOT managed.
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Enable local admin password management*
+-   GP name: *POL_AdmPwd_Enabled*
+-   GP path: *Windows Components\AdmPwd*
+-   GP ADMX file name: *AdmPwd.admx*
+
+
+
+
+
                  
+
+
+**ADMX_AdmPwd/POL_AdmPwd_AdminName**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+When you enable this setting, planned password expiration longer than password age dictated by "Password Settings" policy is NOT allowed. When such expiration is detected, password is changed immediately and password expiration is set according to policy.
+
+When you disable or don't configure this setting, password expiration time may be longer than required by "Password Settings" policy.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Name of administrator account to manage*
+-   GP name: *POL_AdmPwd_AdminName*
+-   GP path: *Windows Components\AdmPwd*
+-   GP ADMX file name: *AdmPwd.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_AdmPwd/POL_AdmPwd**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+This policy setting enables management of password for local administrator account
+
+If you enable this setting, local administrator password is managed
+
+If you disable or not configure this setting, local administrator password is NOT managed.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Password Settings*
+-   GP name: *POL_AdmPwd*
+-   GP path: *Windows Components\AdmPwd*
+-   GP ADMX file name: *AdmPwd.admx*
+
+
+
+
+
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
index ff2c292c54..09fc5c811d 100644
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 08/20/2020
 ms.reviewer: 
@@ -14,8 +14,12 @@ manager: dansimp
 
 # Policy CSP - ADMX_AppCompat
 
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -68,32 +72,14 @@ manager: dansimp
 **ADMX_AppCompat/AppCompatPrevent16BitMach**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -108,30 +94,24 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to prevent the MS-DOS subsystem (**ntvdm.exe**) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.
+This policy setting specifies whether to prevent the MS-DOS subsystem (**ntvdm.exe**) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.
 
 You can use this setting to turn off the MS-DOS subsystem, which will reduce resource usage and prevent users from running 16-bit applications. To run any 16-bit application or any application with 16-bit components, **ntvdm.exe** must be allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the MS-DOS subsystem is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased.
 
-If the status is set to Enabled, the MS-DOS subsystem is prevented from running, which then prevents any 16-bit applications from running. In addition, any 32-bit applications with 16-bit installers or other 16-bit components cannot run.
+If the status is set to Enabled, the MS-DOS subsystem is prevented from running, which then prevents any 16-bit applications from running. In addition, any 32-bit applications with 16-bit installers or other 16-bit components can't run.
 
 If the status is set to Disabled, the MS-DOS subsystem runs for all users on this computer.
 
-If the status is set to Not Configured, the OS falls back on a local policy set by the registry DWORD value **HKLM\System\CurrentControlSet\Control\WOW\DisallowedPolicyDefault**. If that value is non-0, this prevents all 16-bit applications from running. If that value is 0, 16-bit applications are allowed to run. If that value is also not present, on Windows 10 and above, the OS will launch the 16-bit application support control panel to allow an elevated administrator to make the decision; on Windows 7 and down-level, the OS will allow 16-bit applications to run.
+If the status is set to Not Configured, the OS falls back on a local policy set by the registry DWORD value **HKLM\System\CurrentControlSet\Control\WOW\DisallowedPolicyDefault**. If that value is non-0, this setting prevents all 16-bit applications from running. If that value is 0, 16-bit applications are allowed to run. If that value is also not present, on Windows 10 and above, the OS will launch the 16-bit application support control panel to allow an elevated administrator to make the decision; on Windows 7 and down-level, the OS will allow 16-bit applications to run.
 
 > [!NOTE]
 > This setting appears only in Computer Configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent access to 16-bit applications*
+-   GP Friendly name: *Prevent access to 16-bit applications*
 -   GP name: *AppCompatPrevent16BitMach*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -145,32 +125,14 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -185,24 +147,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.
+This policy setting controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.
 
 The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications.
 
-Enabling this policy setting removes the property page from the context-menus, but does not affect previous compatibility settings applied to application using this interface.
+Enabling this policy setting removes the property page from the context-menus, but doesn't affect previous compatibility settings applied to application using this interface.
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Remove Program Compatibility Property Page*
+-   GP Friendly name: *Remove Program Compatibility Property Page*
 -   GP name: *AppCompatRemoveProgramCompatPropPage*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -216,32 +172,14 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -256,28 +194,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. The policy setting controls the state of the Application Telemetry engine in the system.
+The policy setting controls the state of the Application Telemetry engine in the system.
 
 Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.
 
-Turning Application Telemetry off by selecting "enable" will stop the collection of usage data.
+Turning off Application Telemetry by selecting "enable" will stop the collection of usage data.
 
 If the customer Experience Improvement program is turned off, Application Telemetry will be turned off regardless of how this policy is set.
 
-Disabling telemetry will take effect on any newly launched applications. To ensure that telemetry collection has stopped for all applications, please reboot your machine.
+Disabling telemetry will take effect on any newly launched applications. To ensure that telemetry collection has stopped for all applications, reboot your machine.
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off Application Telemetry*
+-   GP Friendly name: *Turn off Application Telemetry*
 -   GP name: *AppCompatTurnOffApplicationImpactTelemetry*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -291,32 +223,14 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatTurnOffSwitchBack**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -331,29 +245,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. The policy setting controls the state of the Switchback compatibility engine in the system.
+The policy setting controls the state of the Switchback compatibility engine in the system.
 
-Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications.
+Switchback is a mechanism that provides generic compatibility mitigation to older applications by providing older behavior to old applications and new behavior to new applications.
 
 Switchback is on by default.
 
-If you enable this policy setting, Switchback will be turned off. Turning Switchback off may degrade the compatibility of older applications. This option is useful for server administrators who require performance and are aware of compatibility of the applications they are using.
+If you enable this policy setting, Switchback will be turned off. Turning off Switchback may degrade the compatibility of older applications. This option is useful for server administrators who require performance and are aware of compatibility of the applications they're using.
 
-If you disable or do not configure this policy setting, the Switchback will be turned on.
+If you disable or don't configure this policy setting, the Switchback will be turned on.
 
 Reboot the system after changing the setting to ensure that your system accurately reflects those changes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off SwitchBack Compatibility Engine*
+-   GP Friendly name: *Turn off SwitchBack Compatibility Engine*
 -   GP name: *AppCompatTurnOffSwitchBack*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -367,32 +275,13 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatTurnOffEngine**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -407,31 +296,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the application compatibility engine in the system.
+This policy setting controls the state of the application compatibility engine in the system.
 
-The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes, or displays an Application Help message if the application has a know problem.
+The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes, or displays an Application Help message if the application has a known problem.
 
-Turning off the application compatibility engine will boost system performance.  However, this will degrade the compatibility of many popular legacy applications, and will not block known incompatible applications from installing. For example, this may result in a blue screen if an old anti-virus application is installed.
+Turning off the application compatibility engine will boost system performance. However, this turn-off will degrade the compatibility of many popular legacy applications, and won't block known incompatible applications from installing. For example, this prevention of blocking may result in a blue screen if an old anti-virus application is installed.
 
-The Windows Resource Protection and User Account Control features of Windows use the application compatibility engine to provide mitigations for application problems. If the engine is turned off, these mitigations will not be applied to applications and their installers and these applications may fail to install or run properly.
+The Windows Resource Protection and User Account Control features of Windows use the application compatibility engine to provide mitigations for application problems. If the engine is turned off, these mitigations won't be applied to applications and their installers and these applications may fail to install or run properly.
 
-This option is useful to server administrators who require faster performance and are aware of the compatibility of the applications they are using.  It is particularly useful for a web server where applications may be launched several hundred times a second, and the performance of the loader is essential.
+This option is useful to server administrators who require faster performance and are aware of the compatibility of the applications they're using. It's useful for a web server where applications may be launched several hundred times a second, and the performance of the loader is essential.
 
 > [!NOTE]
 > Many system processes cache the value of this setting for performance reasons. If you make changes to this setting, reboot to ensure that your system accurately reflects those changes.
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off Application Compatibility Engine*
+-   GP Friendly name: *Turn off Application Compatibility Engine*
 -   GP name: *AppCompatTurnOffEngine*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -445,32 +328,14 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -485,20 +350,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
+This policy setting exists only for backward compatibility, and isn't valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off Program Compatibility Assistant*
+-   GP Friendly name: *Turn off Program Compatibility Assistant*
 -   GP name: *AppCompatTurnOffProgramCompatibilityAssistant_1*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -512,32 +371,14 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -552,27 +393,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
+This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
 
-If you enable this policy setting, the PCA will be turned off. The user will not be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues.
+If you enable this policy setting, the PCA will be turned off. The user won't be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues.
 
-If you disable or do not configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.  
+If you disable or don't configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.  
 
 > [!NOTE]
 > The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console.
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off Program Compatibility Assistant*
+-   GP Friendly name: *Turn off Program Compatibility Assistant*
 -   GP name: *AppCompatTurnOffProgramCompatibilityAssistant_2*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -586,32 +421,14 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatTurnOffUserActionRecord**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -626,26 +443,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of Steps Recorder.
+This policy setting controls the state of Steps Recorder.
 
 Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input, user interface data, and screenshots.  Steps Recorder includes an option to turn on and off data collection.
 
 If you enable this policy setting, Steps Recorder will be disabled.
 
-If you disable or do not configure this policy setting, Steps Recorder will be enabled.
+If you disable or don't configure this policy setting, Steps Recorder will be enabled.
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off Steps Recorder*
+-   GP Friendly name: *Turn off Steps Recorder*
 -   GP name: *AppCompatTurnOffUserActionRecord*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -659,32 +470,14 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatTurnOffProgramInventory**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -699,29 +492,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the Inventory Collector. 
+This policy setting controls the state of the Inventory Collector. 
 
 The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems.
 
-If you enable this policy setting, the Inventory Collector will be turned off and data will not be sent to Microsoft. Collection of installation data through the Program Compatibility Assistant is also disabled.
+If you enable this policy setting, the Inventory Collector will be turned off and data won't be sent to Microsoft. Collection of installation data through the Program Compatibility Assistant is also disabled.
 
-If you disable or do not configure this policy setting, the Inventory Collector will be turned on.
+If you disable or don't configure this policy setting, the Inventory Collector will be turned on.
 
 > [!NOTE]
 > This policy setting has no effect if the Customer Experience Improvement Program is turned off. The Inventory Collector will be off.
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off Inventory Collector*
+-   GP Friendly name: *Turn off Inventory Collector*
 -   GP name: *AppCompatTurnOffProgramInventory*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -729,8 +516,9 @@ ADMX Info:
 
 
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
index 9a4ac00b81..7dc13ae3e1 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
@@ -1,20 +1,25 @@
 ---
 title: Policy CSP - ADMX_AppxPackageManager
-description: Policy CSP - ADMX_AppxPackageManager
+description: Learn about the Policy CSP - ADMX_AppxPackageManager.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/10/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_AppxPackageManager
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+ > [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -34,32 +39,14 @@ manager: dansimp
 **ADMX_AppxPackageManager/AllowDeploymentInSpecialProfiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,30 +61,25 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the deployment of Windows Store apps when the user is signed in using a special profile. 
+This policy setting allows you to manage the deployment of Windows Store apps when the user is signed in using a special profile. 
 
-Special profiles are the following user profiles, where changes are discarded after the user signs off:  
+Special profiles are the following user profiles where changes are discarded after the user signs off:  
 
-- Roaming user profiles to which the "Delete cached copies of roaming profiles" Group Policy setting applies
-- Mandatory user profiles and super-mandatory profiles, which are created by an administrator
-- Temporary user profiles, which are created when an error prevents the correct profile from loading
-- User profiles for the Guest account and members of the Guests group
+- Roaming user profiles to which the "Delete cached copies of roaming profiles" Group Policy setting applies.
+- Mandatory user profiles and super-mandatory profiles, which are created by an administrator.
+- Temporary user profiles, which are created when an error prevents the correct profile from loading.
+- User profiles for the Guest account and members of the Guests group.
 
 If you enable this policy setting, Group Policy allows deployment operations (adding, registering, staging, updating, or removing an app package) of Windows Store apps when using a special profile.
 
-If you disable or do not configure this policy setting, Group Policy blocks deployment operations of Windows Store apps when using a special profile.
+If you disable or don't configure this policy setting, Group Policy blocks deployment operations of Windows Store apps when using a special profile.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow deployment operations in special profiles*
+-   GP Friendly name: *Allow deployment operations in special profiles*
 -   GP name: *AllowDeploymentInSpecialProfiles*
 -   GP path: *Windows Components\App Package Deployment*
 -   GP ADMX file name: *AppxPackageManager.admx*
@@ -106,7 +88,9 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
index de1358be57..4095c01ad1 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
@@ -1,20 +1,25 @@
 ---
 title: Policy CSP - ADMX_AppXRuntime
-description: Policy CSP - ADMX_AppXRuntime
+description: Learn about the Policy CSP - ADMX_AppXRuntime.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/10/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_AppXRuntime
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -43,32 +48,14 @@ manager: dansimp
 **ADMX_AppXRuntime/AppxRuntimeApplicationContentUriRules**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -83,23 +70,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you turn on Content URI Rules to supplement the static Content URI Rules that were defined as part of the app manifest and apply to all Windows Store apps that use the enterpriseAuthentication capability on a computer.
+This policy setting lets you turn on Content URI Rules to supplement the static Content URI Rules that were defined as part of the app manifest and apply to all Windows Store apps that use the enterpriseAuthentication capability on a computer.
 
-If you enable this policy setting, you can define additional Content URI Rules that all Windows Store apps that use the enterpriseAuthentication capability on a computer can use.
+If you enable this policy setting, you can define more Content URI Rules that all Windows Store apps that use the enterpriseAuthentication capability on a computer can use.
 
 If you disable or don't set this policy setting, Windows Store apps will only use the static Content URI Rules.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on dynamic Content URI Rules for Windows store apps*
+-   GP Friendly name: *Turn on dynamic Content URI Rules for Windows store apps*
 -   GP name: *AppxRuntimeApplicationContentUriRules*
 -   GP path: *Windows Components\App runtime*
 -   GP ADMX file name: *AppXRuntime.admx*
@@ -112,32 +94,14 @@ ADMX Info:
 **ADMX_AppXRuntime/AppxRuntimeBlockFileElevation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -153,23 +117,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you control whether Windows Store apps can open files using the default desktop app for a file type. Because desktop apps run at a higher integrity level than Windows Store apps, there is a risk that a Windows Store app might compromise the system by opening a file in the default desktop app for a file type.
+This policy setting lets you control whether Windows Store apps can open files using the default desktop app for a file type. Because desktop apps run at a higher integrity level than Windows Store apps, there's a risk that a Windows Store app might compromise the system by opening a file in the default desktop app for a file type.
 
-If you enable this policy setting, Windows Store apps cannot open files in the default desktop app for a file type; they can open files only in other Windows Store apps.
+If you enable this policy setting, Windows Store apps can't open files in the default desktop app for a file type; they can open files only in other Windows Store apps.
 
-If you disable or do not configure this policy setting, Windows Store apps can open files in the default desktop app for a file type.
+If you disable or don't configure this policy setting, Windows Store apps can open files in the default desktop app for a file type.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Block launching desktop apps associated with a file.*
+-   GP Friendly name: *Block launching desktop apps associated with a file.*
 -   GP name: *AppxRuntimeBlockFileElevation*
 -   GP path: *Windows Components\App runtime*
 -   GP ADMX file name: *AppXRuntime.admx*
@@ -182,32 +140,14 @@ ADMX Info:
 **ADMX_AppXRuntime/AppxRuntimeBlockHostedAppAccessWinRT**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -222,26 +162,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether Universal Windows apps with Windows Runtime API access directly from web content can be launched.
+This policy setting controls whether Universal Windows apps with Windows Runtime API access directly from web content can be launched.
 
-If you enable this policy setting, Universal Windows apps which declare Windows Runtime API access in ApplicationContentUriRules section of the manifest cannot be launched; Universal Windows apps which have not declared Windows Runtime API access in the manifest are not affected.
+If you enable this policy setting, Universal Windows apps that declare Windows Runtime API access in ApplicationContentUriRules section of the manifest can't be launched; Universal Windows apps that haven't declared Windows Runtime API access in the manifest aren't affected.
 
-If you disable or do not configure this policy setting, all Universal Windows apps can be launched.
+If you disable or don't configure this policy setting, all Universal Windows apps can be launched.
 
 > [!WARNING]
 > This policy should not be enabled unless recommended by Microsoft as a security response because it can cause severe app compatibility issues.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Block launching Universal Windows apps with Windows Runtime API access from hosted content.*
+-   GP Friendly name: *Block launching Universal Windows apps with Windows Runtime API access from hosted content.*
 -   GP name: *AppxRuntimeBlockHostedAppAccessWinRT*
 -   GP path: *Windows Components\App runtime*
 -   GP ADMX file name: *AppXRuntime.admx*
@@ -254,32 +188,14 @@ ADMX Info:
 **ADMX_AppXRuntime/AppxRuntimeBlockProtocolElevation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -295,26 +211,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than Windows Store apps, there is a risk that a URI scheme launched by a Windows Store app might compromise the system by launching a desktop app.  
+This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than Windows Store apps, there's a risk that a URI scheme launched by a Windows Store app might compromise the system by launching a desktop app.  
 
-If you enable this policy setting, Windows Store apps cannot open URIs in the default desktop app for a URI scheme; they can open URIs only in other Windows Store apps.
+If you enable this policy setting, Windows Store apps can't open URIs in the default desktop app for a URI scheme; they can open URIs only in other Windows Store apps.
 
-If you disable or do not configure this policy setting, Windows Store apps can open URIs in the default desktop app for a URI scheme.
+If you disable or don't configure this policy setting, Windows Store apps can open URIs in the default desktop app for a URI scheme.
 
 > [!NOTE]
 > Enabling this policy setting does not block Windows Store apps from opening the default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Block launching desktop apps associated with a URI scheme*
+-   GP Friendly name: *Block launching desktop apps associated with a URI scheme*
 -   GP name: *AppxRuntimeBlockProtocolElevation*
 -   GP path: *Windows Components\App runtime*
 -   GP ADMX file name: *AppXRuntime.admx*
@@ -323,8 +233,9 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
index 8bc9cf11ea..a54fcdbac7 100644
--- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
@@ -1,20 +1,25 @@
 ---
 title: Policy CSP - ADMX_AttachmentManager
-description: Policy CSP - ADMX_AttachmentManager
+description: Learn about the Policy CSP - ADMX_AttachmentManager.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/10/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_AttachmentManager
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -46,32 +51,14 @@ manager: dansimp
 **ADMX_AttachmentManager/AM_EstimateFileHandlerRisk**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -86,29 +73,23 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments.
+This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments.
 
 Preferring the file handler instructs Windows to use the file handler data over the file type data. For example, trust notepad.exe, but don't trust .txt files.
 
-Preferring the file type instructs Windows to use the file type data over the file handler data. For example, trust .txt files, regardless of the file handler.  Using both the file handler and type data is the most restrictive option. Windows chooses the more restrictive recommendation which will cause users to see more trust prompts than choosing the other options.
+Preferring the file type instructs Windows to use the file type data over the file handler data. For example, trust .txt files, regardless of the file handler.  Using both the file handler and type data is the most restrictive option. Windows chooses the more restrictive recommendation that will cause users to see more trust prompts than choosing the other options.
 
 If you enable this policy setting, you can choose the order in which Windows processes risk assessment data.
 
 If you disable this policy setting, Windows uses its default trust logic, which prefers the file handler over the file type.
 
-If you do not configure this policy setting, Windows uses its default trust logic, which prefers the file handler over the file type.
+If you don't configure this policy setting, Windows uses its default trust logic, which prefers the file handler over the file type.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Trust logic for file attachments*
+-   GP Friendly name: *Trust logic for file attachments*
 -   GP name: *AM_EstimateFileHandlerRisk*
 -   GP path: *Windows Components\Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*
@@ -121,32 +102,14 @@ ADMX Info:
 **ADMX_AttachmentManager/AM_SetFileRiskLevel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes
 
 
 
                  
@@ -161,31 +124,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments, you may also need to configure the trust logic for file attachments.
+This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments, you may also need to configure the trust logic for file attachments.
 
-High Risk: If the attachment is in the list of high-risk file types and is from the restricted zone, Windows blocks the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file.
-
-Moderate Risk: If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone, Windows prompts the user before accessing the file.
-
-Low Risk: If the attachment is in the list of low-risk file types, Windows will not prompt the user before accessing the file, regardless of the file's zone information.
+- High Risk: If the attachment is in the list of high-risk file types and is from the restricted zone, Windows blocks the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file.
+- Moderate Risk: If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone, Windows prompts the user before accessing the file.
+- Low Risk: If the attachment is in the list of low-risk file types, Windows won't prompt the user before accessing the file, regardless of the file's zone information.
 
 If you enable this policy setting, you can specify the default risk level for file types.
 
 If you disable this policy setting, Windows sets the default risk level to moderate.
 
-If you do not configure this policy setting, Windows sets the default risk level to moderate.
+If you don't configure this policy setting, Windows sets the default risk level to moderate.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Default risk level for file attachments*
+-   GP Friendly name: *Default risk level for file attachments*
 -   GP name: *AM_SetFileRiskLevel*
 -   GP path: *Windows Components\Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*
@@ -198,32 +153,14 @@ ADMX Info:
 **ADMX_AttachmentManager/AM_SetHighRiskInclusion**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -238,25 +175,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone, Windows blocks the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file. This inclusion list takes precedence over the medium-risk and low-risk inclusion lists (where an extension is listed in more than one inclusion list).
+This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone, Windows blocks the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file. This inclusion list takes precedence over the medium-risk and low-risk inclusion lists (where an extension is listed in more than one inclusion list).
 
 If you enable this policy setting, you can create a custom list of high-risk file types.
 
 If you disable this policy setting, Windows uses its built-in list of file types that pose a high risk.
 
-If you do not configure this policy setting, Windows uses its built-in list of high-risk file types.
+If you don't configure this policy setting, Windows uses its built-in list of high-risk file types.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Inclusion list for high risk file types*
+-   GP Friendly name: *Inclusion list for high risk file types*
 -   GP name: *AM_SetHighRiskInclusion*
 -   GP path: *Windows Components\Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*
@@ -269,32 +200,14 @@ ADMX Info:
 **ADMX_AttachmentManager/AM_SetLowRiskInclusion**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -309,25 +222,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types, Windows will not prompt the user before accessing the file, regardless of the file's zone information. This inclusion list overrides the list of high-risk file types built into Windows and has a lower precedence than the high-risk or medium-risk inclusion lists (where an extension is listed in more than one inclusion list).
+This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types, Windows won't prompt the user before accessing the file, regardless of the file's zone information. This inclusion list overrides the list of high-risk file types built into Windows and has a lower precedence than the high-risk or medium-risk inclusion lists (where an extension is listed in more than one inclusion list).
 
 If you enable this policy setting, you can specify file types that pose a low risk.
 
 If you disable this policy setting, Windows uses its default trust logic.
 
-If you do not configure this policy setting, Windows uses its default trust logic.
+If you don't configure this policy setting, Windows uses its default trust logic.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Inclusion list for low file types*
+-   GP Friendly name: *Inclusion list for low file types*
 -   GP name: *AM_SetLowRiskInclusion*
 -   GP path: *Windows Components\Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*
@@ -340,32 +247,14 @@ ADMX Info:
 **ADMX_AttachmentManager/AM_SetModRiskInclusion**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -380,25 +269,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone, Windows prompts the user before accessing the file. This inclusion list overrides the list of potentially high-risk file types built into Windows and it takes precedence over the low-risk inclusion list but has a lower precedence than the high-risk inclusion list (where an extension is listed in more than one inclusion list).
+This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone, Windows prompts the user before accessing the file. This inclusion list overrides the list of potentially high-risk file types built into Windows and it takes precedence over the low-risk inclusion list but has a lower precedence than the high-risk inclusion list (where an extension is listed in more than one inclusion list).
 
-If you enable this policy setting, you can specify file types which pose a moderate risk.
+If you enable this policy setting, you can specify file types that pose a moderate risk.
 
 If you disable this policy setting, Windows uses its default trust logic.
 
-If you do not configure this policy setting, Windows uses its default trust logic.
+If you don't configure this policy setting, Windows uses its default trust logic.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Inclusion list for moderate risk file types*
+-   GP Friendly name: *Inclusion list for moderate risk file types*
 -   GP name: *AM_SetModRiskInclusion*
 -   GP path: *Windows Components\Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*
@@ -407,7 +290,8 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
index 45e3546cb4..c55966c2f8 100644
--- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
@@ -1,20 +1,25 @@
 ---
 title: Policy CSP - ADMX_AuditSettings
-description: Policy CSP - ADMX_AuditSettings
+description: Learn about the Policy CSP - ADMX_AuditSettings.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/13/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
-# Policy CSP - ADMX_AuditSettings
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+# Policy CSP - ADMX_AuditSettings.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -34,32 +39,14 @@ manager: dansimp
 **ADMX_AuditSettings/IncludeCmdLine**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,11 +61,11 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled.
+This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled.
 
 If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied.
 
-If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events.  
+If you disable or don't configure this policy setting, the process's command line information won't be included in Audit Process Creation events.
 
 Default is Not configured.
 
@@ -86,16 +73,10 @@ Default is Not configured.
 > When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information, such as passwords or user data.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Include command line in process creation events*
+-   GP Friendly name: *Include command line in process creation events*
 -   GP name: *IncludeCmdLine*
 -   GP path: *System/Audit Process Creation*
 -   GP ADMX file name: *AuditSettings.admx*
@@ -104,8 +85,9 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md
index a9c4c671d0..5aaff2305b 100644
--- a/windows/client-management/mdm/policy-csp-admx-bits.md
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@@ -1,20 +1,25 @@
 ---
 title: Policy CSP - ADMX_Bits
-description: Policy CSP - ADMX_Bits
+description: Learn about the Policy CSP - ADMX_Bits.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/20/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Bits
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -73,32 +78,14 @@ manager: dansimp
 **ADMX_Bits/BITS_DisableBranchCache**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -113,26 +100,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer, BITS jobs on that computer can use Windows Branch Cache by default.
+This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer, BITS jobs on that computer can use Windows Branch Cache by default.
 
-If you enable this policy setting, the BITS client does not use Windows Branch Cache.
+If you enable this policy setting, the BITS client doesn't use Windows Branch Cache.
 
-If you disable or do not configure this policy setting, the BITS client uses Windows Branch Cache.
+If you disable or don't configure this policy setting, the BITS client uses Windows Branch Cache.
 
 > [!NOTE]
-> This policy setting does not affect the use of Windows Branch Cache by applications other than BITS. This policy setting does not apply to BITS transfers over SMB. This setting has no effect if the computer's administrative settings for Windows Branch Cache disable its use entirely.
-      
+> This policy setting doesn't affect the use of Windows Branch Cache by applications other than BITS. This policy setting doesn't apply to BITS transfers over SMB. This setting has no effect if the computer's administrative settings for Windows Branch Cache disable its use entirely.
+    
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not allow the BITS client to use Windows Branch Cache*
+-   GP Friendly name: *Do not allow the BITS client to use Windows Branch Cache*
 -   GP name: *BITS_DisableBranchCache*
 -   GP path: *Network\Background Intelligent Transfer Service (BITS)*
 -   GP ADMX file name: *Bits.admx*
@@ -145,32 +126,14 @@ ADMX Info:
 **ADMX_Bits/BITS_DisablePeercachingClient**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -185,26 +148,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the computer will act as a BITS peer caching client. By default, when BITS peer caching is enabled, the computer acts as both a peer caching server (offering files to its peers) and a peer caching client (downloading files from its peers).
+This policy setting specifies whether the computer will act as a BITS peer caching client. By default, when BITS peer caching is enabled, the computer acts as both a peer caching server (offering files to its peers) and a peer caching client (downloading files from its peers).
 
 If you enable this policy setting, the computer will no longer use the BITS peer caching feature to download files; files will be downloaded only from the origin server. However, the computer will still make files available to its peers.
 
-If you disable or do not configure this policy setting, the computer attempts to download peer-enabled BITS jobs from peer computers before reverting to the origin server.
+If you disable or don't configure this policy setting, the computer attempts to download peer-enabled BITS jobs from peer computers before reverting to the origin server.
 
 > [!NOTE]
 > This policy setting has no effect if the "Allow BITS peer caching" policy setting is disabled or not configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not allow the computer to act as a BITS Peercaching client*
+-   GP Friendly name: *Do not allow the computer to act as a BITS Peercaching client*
 -   GP name: *BITS_DisablePeercachingClient*
 -   GP path: *Network\Background Intelligent Transfer Service (BITS)*
 -   GP ADMX file name: *Bits.admx*
@@ -217,32 +175,14 @@ ADMX Info:
 **ADMX_Bits/BITS_DisablePeercachingServer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -257,26 +197,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the computer will act as a BITS peer caching server. By default, when BITS peer caching is enabled, the computer acts as both a peer caching server (offering files to its peers) and a peer caching client (downloading files from its peers).
+This policy setting specifies whether the computer will act as a BITS peer caching server. By default, when BITS peer caching is enabled, the computer acts as both a peer caching server (offering files to its peers) and a peer caching client (downloading files from its peers).
 
 If you enable this policy setting, the computer will no longer cache downloaded files and offer them to its peers. However, the computer will still download files from peers.
 
-If you disable or do not configure this policy setting, the computer will offer downloaded and cached files to its peers.
+If you disable or don't configure this policy setting, the computer will offer downloaded and cached files to its peers.
 
 > [!NOTE]
 > This setting has no effect if the "Allow BITS peer caching" setting is disabled or not configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not allow the computer to act as a BITS Peercaching server*
+-   GP Friendly name: *Do not allow the computer to act as a BITS Peercaching server*
 -   GP name: *BITS_DisablePeercachingServer*
 -   GP path: *Network\Background Intelligent Transfer Service (BITS)*
 -   GP ADMX file name: *Bits.admx*
@@ -290,32 +225,14 @@ ADMX Info:
 **ADMX_Bits/BITS_EnablePeercaching**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -330,25 +247,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific computer. By default, the files in a BITS job are downloaded only from the origin server specified by the job's owner.
+This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific computer. By default, the files in a BITS job are downloaded only from the origin server specified by the job's owner.
 
-If BITS peer caching is enabled, BITS caches downloaded files and makes them available to other BITS peers. When transferring a download job, BITS first requests the files for the job from its peers in the same IP subnet. If none of the peers in the subnet have the requested files, BITS downloads them from the origin server.
+If BITS peer caching is enabled, BITS caches downloaded files and makes them available to other BITS peers. When a download job is being transferred, BITS first requests the files for the job from its peers in the same IP subnet. If none of the peers in the subnet have the requested files, BITS downloads them from the origin server.
 
-If you enable this policy setting, BITS downloads files from peers, caches the files, and responds to content requests from peers. Using the "Do not allow the computer to act as a BITS peer caching server" and "Do not allow the computer to act as a BITS peer caching client" policy settings, it is possible to control BITS peer caching functionality at a more detailed level. However, it should be noted that the "Allow BITS peer caching" policy setting must be enabled for the other two policy settings to have any effect.
+If you enable this policy setting, BITS downloads files from peers, caches the files, and responds to content requests from peers. Using the "Do not allow the computer to act as a BITS peer caching server" and "Do not allow the computer to act as a BITS peer caching client" policy settings, it's possible to control BITS peer caching functionality at a more detailed level. However, it should be noted that the "Allow BITS peer caching" policy setting must be enabled for the other two policy settings to have any effect.
 
-If you disable or do not configure this policy setting, the BITS peer caching feature will be disabled, and BITS will download files directly from the origin server.
+If you disable or don't configure this policy setting, the BITS peer caching feature will be disabled, and BITS will download files directly from the origin server.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow BITS Peercaching*
+-   GP Friendly name: *Allow BITS Peercaching*
 -   GP name: *BITS_EnablePeercaching*
 -   GP path: *Network\Background Intelligent Transfer Service (BITS)*
 -   GP ADMX file name: *Bits.admx*
@@ -362,32 +274,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxBandwidthServedForPeers**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -402,30 +296,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers from the origin server).
+This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting doesn't affect transfers from the origin server).
 
-To prevent any negative impact to a computer caused by serving other peers, by default BITS will use up to 30 percent of the bandwidth of the slowest active network interface. For example, if a computer has both a 100 Mbps network card and a 56 Kbps modem, and both are active, BITS will use a maximum of 30 percent of 56 Kbps. 
+To prevent any negative impact to a computer caused by serving other peers, by default, BITS will use up to 30 percent of the bandwidth of the slowest active network interface. For example, if a computer has both a 100-Mbps network card and a 56-Kbps modem, and both are active, BITS will use a maximum of 30 percent of 56 Kbps.
 
 You can change the default behavior of BITS, and specify a fixed maximum bandwidth that BITS will use for peer caching.
 
 If you enable this policy setting, you can enter a value in bits per second (bps) between 1048576 and 4294967200 to use as the maximum network bandwidth used for peer caching.
 
-If you disable this policy setting or do not configure it, the default value of 30 percent of the slowest active network interface will be used.
+If you disable this policy setting or don't configure it, the default value of 30 percent of the slowest active network interface will be used.
 
 > [!NOTE] 
 > This setting has no effect if the "Allow BITS peer caching" policy setting is disabled or not configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Limit the maximum network bandwidth used for Peercaching*
+-   GP Friendly name: *Limit the maximum network bandwidth used for Peercaching*
 -   GP name: *BITS_MaxBandwidthServedForPeers*
 -   GP path: *Network\Background Intelligent Transfer Service (BITS)*
 -   GP ADMX file name: *Bits.admx*
@@ -438,32 +326,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxBandwidthV2_Maintenance**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -478,28 +348,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the maintenance days and hours. Maintenance schedules further limit the network bandwidth that is used for background transfers.
+This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the maintenance days and hours. Maintenance schedules further limit the network bandwidth that is used for background transfers.
 
 If you enable this policy setting, you can define a separate set of network bandwidth limits and set up a schedule for the maintenance period.
 
 You can specify a limit to use for background jobs during a maintenance schedule. For example, if normal priority jobs are currently limited to 256 Kbps on a work schedule, you can further limit the network bandwidth of normal priority jobs to 0 Kbps from 8:00 A.M. to 10:00 A.M. on a maintenance schedule.
 
-If you disable or do not configure this policy setting, the limits defined for work or non-work schedules will be used.
+If you disable or don't configure this policy setting, the limits defined for work or non-work schedules will be used.
 
 > [!NOTE]
 > The bandwidth limits that are set for the maintenance period supersede any limits defined for work and other schedules.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers*
+-   GP Friendly name: *Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers*
 -   GP name: *BITS_MaxBandwidthV2_Maintenance*
 -   GP path: *Network\Background Intelligent Transfer Service (BITS)*
 -   GP ADMX file name: *Bits.admx*
@@ -513,32 +377,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxBandwidthV2_Work**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -553,25 +399,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the work and non-work days and hours. The work schedule is defined using a weekly calendar, which consists of days of the week and hours of the day. All hours and days that are not defined in a work schedule are considered non-work hours.
+This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the work and non-work days and hours. The work schedule is defined using a weekly calendar, which consists of days of the week and hours of the day. All hours and days that aren't defined in a work schedule are considered non-work hours.
 
 If you enable this policy setting, you can set up a schedule for limiting network bandwidth during both work and non-work hours. After the work schedule is defined, you can set the bandwidth usage limits for each of the three BITS background priority levels: high, normal, and low.
 
 You can specify a limit to use for background jobs during a work schedule. For example, you can limit the network bandwidth of low priority jobs to 128 Kbps from 8:00 A.M. to 5:00 P.M. on Monday through Friday, and then set the limit to 512 Kbps for non-work hours.
 
-If you disable or do not configure this policy setting, BITS uses all available unused bandwidth for background job transfers.
+If you disable or don't configure this policy setting, BITS uses all available unused bandwidth for background job transfers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers*
+-   GP Friendly name: *Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers*
 -   GP name: *BITS_MaxBandwidthV2_Work*
 -   GP path: *Network\Background Intelligent Transfer Service (BITS)*
 -   GP ADMX file name: *Bits.admx*
@@ -585,32 +425,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxCacheSize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -625,26 +447,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits the maximum amount of disk space that can be used for the BITS peer cache, as a percentage of the total system disk size. BITS will add files to the peer cache and make those files available to peers until the cache content reaches the specified cache size. By default, BITS will use 1 percent of the total system disk for the peercache.
+This policy setting limits the maximum amount of disk space that can be used for the BITS peer cache, as a percentage of the total system disk size. BITS will add files to the peer cache and make those files available to peers until the cache content reaches the specified cache size. By default, BITS will use 1 percent of the total system disk for the peercache.
 
 If you enable this policy setting, you can enter the percentage of disk space to be used for the BITS peer cache. You can enter a value between 1 percent and 80 percent.
 
-If you disable or do not configure this policy setting, the default size of the BITS peer cache is 1 percent of the total system disk size.
+If you disable or don't configure this policy setting, the default size of the BITS peer cache is 1 percent of the total system disk size.
 
 > [!NOTE]
 > This policy setting has no effect if the "Allow BITS peer caching" setting is disabled or not configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Limit the BITS Peercache size*
+-   GP Friendly name: *Limit the BITS Peercache size*
 -   GP name: *BITS_MaxCacheSize*
 -   GP path: *Network\Background Intelligent Transfer Service (BITS)*
 -   GP ADMX file name: *Bits.admx*
@@ -657,32 +473,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxContentAge**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -697,26 +495,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space, by default BITS removes any files in the peer cache that have not been accessed in the past 90 days.
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space, by default, BITS removes any files in the peer cache that haven't been accessed in the past 90 days.
 
 If you enable this policy setting, you can specify in days the maximum age of files in the cache. You can enter a value between 1 and 120 days.
 
-If you disable or do not configure this policy setting, files that have not been accessed for the past 90 days will be removed from the peer cache.
+If you disable or don't configure this policy setting, files that haven't been accessed for the past 90 days will be removed from the peer cache.
 
 > [!NOTE]
 > This policy setting has no effect if the "Allow BITS Peercaching" policy setting is disabled or not configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Limit the age of files in the BITS Peercache*
+-   GP Friendly name: *Limit the age of files in the BITS Peercache*
 -   GP name: *BITS_MaxContentAge*
 -   GP path: *Network\Background Intelligent Transfer Service (BITS)*
 -   GP ADMX file name: *Bits.admx*
@@ -729,32 +521,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxDownloadTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -769,27 +543,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job.
+This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job.
 
 The time limit applies only to the time that BITS is actively downloading files. When the cumulative download time exceeds this limit, the job is placed in the error state.
 
-By default BITS uses a maximum download time of 90 days (7,776,000 seconds).
+By default, BITS uses a maximum download time of 90 days (7,776,000 seconds).
 
 If you enable this policy setting, you can set the maximum job download time to a specified number of seconds.
 
-If you disable or do not configure this policy setting, the default value of 90 days (7,776,000 seconds) will be used.
+If you disable or don't configure this policy setting, the default value of 90 days (7,776,000 seconds) will be used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Limit the maximum BITS job download time*
+-   GP Friendly name: *Limit the maximum BITS job download time*
 -   GP name: *BITS_MaxDownloadTime*
 -   GP path: *Network\Background Intelligent Transfer Service (BITS)*
 -   GP ADMX file name: *Bits.admx*
@@ -802,32 +571,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxFilesPerJob**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -842,26 +593,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits the number of files that a BITS job can contain. By default, a BITS job is limited to 200 files. You can use this setting to raise or lower the maximum number of files a BITS jobs can contain.
+This policy setting limits the number of files that a BITS job can contain. By default, a BITS job is limited to 200 files. You can use this setting to raise or lower the maximum number of files a BITS job can contain.
 
 If you enable this policy setting, BITS will limit the maximum number of files a job can contain to the specified number.
 
-If you disable or do not configure this policy setting, BITS will use the default value of 200 for the maximum number of files a job can contain.
+If you disable or don't configure this policy setting, BITS will use the default value of 200 for the maximum number of files a job can contain.
 
 > [!NOTE]
-> BITS Jobs created by services and the local administrator account do not count toward this limit.
+> BITS Jobs created by services and the local administrator account don't count toward this limit.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Limit the maximum number of files allowed in a BITS job*
+-   GP Friendly name: *Limit the maximum number of files allowed in a BITS job*
 -   GP name: *BITS_MaxFilesPerJob*
 -   GP path: *Network\Background Intelligent Transfer Service (BITS)*
 -   GP ADMX file name: *Bits.admx*
@@ -874,32 +620,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxJobsPerMachine**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -914,26 +642,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits the number of BITS jobs that can be created for all users of the computer. By default, BITS limits the total number of jobs that can be created on the computer to 300 jobs. You can use this policy setting to raise or lower the maximum number of user BITS jobs.
+This policy setting limits the number of BITS jobs that can be created for all users of the computer. By default, BITS limits the total number of jobs that can be created on the computer to 300 jobs. You can use this policy setting to raise or lower the maximum number of user BITS jobs.
 
 If you enable this policy setting, BITS will limit the maximum number of BITS jobs to the specified number.
 
-If you disable or do not configure this policy setting, BITS will use the default BITS job limit of 300 jobs.
+If you disable or don't configure this policy setting, BITS will use the default BITS job limit of 300 jobs.
 
 > [!NOTE]
-> BITS jobs created by services and the local administrator account do not count toward this limit.
+> BITS jobs created by services and the local administrator account don't count toward this limit.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Limit the maximum number of BITS jobs for this computer*
+-   GP Friendly name: *Limit the maximum number of BITS jobs for this computer*
 -   GP name: *BITS_MaxJobsPerMachine*
 -   GP path: *Network\Background Intelligent Transfer Service (BITS)*
 -   GP ADMX file name: *Bits.admx*
@@ -946,32 +669,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxJobsPerUser**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -986,26 +691,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits the number of BITS jobs that can be created by a user. By default, BITS limits the total number of jobs that can be created by a user to 60 jobs. You can use this setting to raise or lower the maximum number of BITS jobs a user can create.
+This policy setting limits the number of BITS jobs that can be created by a user. By default, BITS limits the total number of jobs that can be created by a user to 60 jobs. You can use this setting to raise or lower the maximum number of BITS jobs a user can create.
 
 If you enable this policy setting, BITS will limit the maximum number of BITS jobs a user can create to the specified number.
 
-If you disable or do not configure this policy setting, BITS will use the default user BITS job limit of 300 jobs.
+If you disable or don't configure this policy setting, BITS will use the default user BITS job limit of 300 jobs.
 
 > [!NOTE]
-> This limit must be lower than the setting specified in the "Maximum number of BITS jobs for this computer" policy setting, or 300 if the "Maximum number of BITS jobs for this computer" policy setting is not configured. BITS jobs created by services and the local administrator account do not count toward this limit.
+> This limit must be lower than the setting specified in the "Maximum number of BITS jobs for this computer" policy setting, or 300 if the "Maximum number of BITS jobs for this computer" policy setting is not configured. BITS jobs created by services and the local administrator account don't count toward this limit.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Limit the maximum number of BITS jobs for each user*
+-   GP Friendly name: *Limit the maximum number of BITS jobs for each user*
 -   GP name: *BITS_MaxJobsPerUser*
 -   GP path: *Network\Background Intelligent Transfer Service (BITS)*
 -   GP ADMX file name: *Bits.admx*
@@ -1018,32 +718,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxRangesPerFile**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1058,26 +740,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits the number of ranges that can be added to a file in a BITS job. By default, files in a BITS job are limited to 500 ranges per file. You can use this setting to raise or lower the maximum number ranges per file.
+This policy setting limits the number of ranges that can be added to a file in a BITS job. By default, files in a BITS job are limited to 500 ranges per file. You can use this setting to raise or lower the maximum number ranges per file.
 
 If you enable this policy setting, BITS will limit the maximum number of ranges that can be added to a file to the specified number.
 
-If you disable or do not configure this policy setting, BITS will limit ranges to 500 ranges per file.
+If you disable or don't configure this policy setting, BITS will limit ranges to 500 ranges per file.
 
 > [!NOTE]
-> BITS Jobs created by services and the local administrator account do not count toward this limit.
+> BITS Jobs created by services and the local administrator account don't count toward this limit.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Limit the maximum number of ranges that can be added to the file in a BITS job*
+-   GP Friendly name: *Limit the maximum number of ranges that can be added to the file in a BITS job*
 -   GP name: *BITS_MaxRangesPerFile*
 -   GP path: *Network\Background Intelligent Transfer Service (BITS)*
 -   GP ADMX file name: *Bits.admx*
@@ -1086,8 +763,9 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index b258029bba..91b1d7c6aa 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -1,12 +1,12 @@
 ---
 title: Policy CSP - ADMX_CipherSuiteOrder
-description: Policy CSP - ADMX_CipherSuiteOrder
+description: Learn about the Policy CSP - ADMX_CipherSuiteOrder.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/17/2020
 ms.reviewer: 
 manager: dansimp
@@ -14,8 +14,12 @@ manager: dansimp
 
 # Policy CSP - ADMX_CipherSuiteOrder
 
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -38,32 +42,14 @@ manager: dansimp
 **ADMX_CipherSuiteOrder/SSLCipherSuiteOrder**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -78,7 +64,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).
+This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).
 
 If you enable this policy setting, SSL cipher suites are prioritized in the order specified.
 
@@ -87,16 +73,11 @@ If you disable or do not configure this policy setting, default cipher suite ord
 For information about supported cipher suites, see [Cipher Suites in TLS/SSL (Schannel SSP)](/windows/win32/secauthn/cipher-suites-in-schannel).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *SSL Cipher Suite Order*
+-   GP Friendly name: *SSL Cipher Suite Order*
 -   GP name: *SSLCipherSuiteOrder*
 -   GP path: *Network/SSL Configuration Settings*
 -   GP ADMX file name: *CipherSuiteOrder.admx*
@@ -111,32 +92,14 @@ ADMX Info:
 **ADMX_CipherSuiteOrder/SSLCurveOrder**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -151,7 +114,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
+This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
 
 If you enable this policy setting, ECC curves are prioritized in the order specified. Enter one curve name per line.
 
@@ -170,16 +133,10 @@ CertUtil.exe -DisplayEccCurve
 ```
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *ECC Curve Order*
+-   GP Friendly name: *ECC Curve Order*
 -   GP name: *SSLCurveOrder*
 -   GP path: *Network/SSL Configuration Settings*
 -   GP ADMX file name: *CipherSuiteOrder.admx*
@@ -188,7 +145,9 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md
index fe5fda7a65..45c2e3e28b 100644
--- a/windows/client-management/mdm/policy-csp-admx-com.md
+++ b/windows/client-management/mdm/policy-csp-admx-com.md
@@ -1,12 +1,12 @@
 ---
 title: Policy CSP - ADMX_COM
-description: Policy CSP - ADMX_COM
+description: Learn about the Policy CSP - ADMX_COM.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/18/2020
 ms.reviewer: 
 manager: dansimp
@@ -14,8 +14,12 @@ manager: dansimp
 
 # Policy CSP - ADMX_COM
 
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -38,32 +42,14 @@ manager: dansimp
 **ADMX_COM/AppMgmt_COM_SearchForCLSID_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -78,27 +64,22 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
+This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
 
-Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.
+Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs can't perform all their functions unless Windows has internally registered the required components.
 
-If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly.
+If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it's found, downloads it. The resulting searches might make some programs start or run slowly.
 
-If you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop.
+If you disable or don't configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Download missing COM components*
+-   GP Friendly name: *Download missing COM components*
 -   GP name: *AppMgmt_COM_SearchForCLSID_1*
 -   GP path: *System*
 -   GP ADMX file name: *COM.admx*
@@ -113,32 +94,14 @@ ADMX Info:
 **ADMX_COM/AppMgmt_COM_SearchForCLSID_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -153,27 +116,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
+This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
 
-Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.
+Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs can't perform all their functions unless Windows has internally registered the required components.
 
-If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly.
+If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it's found, downloads it. The resulting searches might make some programs start or run slowly.
 
-If you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop.
+If you disable or don't configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Download missing COM components*
+-   GP Friendly name: *Download missing COM components*
 -   GP name: *AppMgmt_COM_SearchForCLSID_2*
 -   GP path: *System*
 -   GP ADMX file name: *COM.admx*
@@ -182,7 +139,8 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
index e2b1569c90..8f008a5bcd 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
@@ -1,20 +1,25 @@
 ---
 title: Policy CSP - ADMX_ControlPanel
-description: Policy CSP - ADMX_ControlPanel
+description: Learn about the Policy CSP - ADMX_ControlPanel.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/05/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_ControlPanel
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -43,32 +48,14 @@ manager: dansimp
 **ADMX_ControlPanel/DisallowCpls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -83,7 +70,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting allows you to display or hide specified Control Panel items, such as Mouse, System, or Personalization, from the Control Panel window and the Start screen. The setting affects the Start screen and Control Panel window, as well as other ways to access Control Panel items, such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.
+This setting allows you to display or hide specified Control Panel items, such as Mouse, System, or Personalization, from the Control Panel window and the Start screen. The setting affects the Start screen and Control Panel window, as well as other ways to access Control Panel items, such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.
 
 If you enable this setting, you can select specific items not to display on the Control Panel window and the Start screen.
 
@@ -95,19 +82,16 @@ To hide a Control Panel item, enable this policy setting and click Show to acces
 If both the "Hide specified Control Panel items" setting and the "Show only specified Control Panel items" setting are enabled, the "Show only specified Control Panel items" setting is ignored.
 
 > [!NOTE]
-> The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead.  Note: To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration.
+> The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead.  
+>
+>To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide specified Control Panel items*
+-   GP Friendly name: *Hide specified Control Panel items*
 -   GP name: *DisallowCpls*
 -   GP path: *Control Panel*
 -   GP ADMX file name: *ControlPanel.admx*
@@ -120,32 +104,14 @@ ADMX Info:
 **ADMX_ControlPanel/ForceClassicControlPanel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -160,28 +126,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the default Control Panel view, whether by category or icons. 
+This policy setting controls the default Control Panel view, whether by category or icons. 
 
 If this policy setting is enabled, the Control Panel opens to the icon view.
 
 If this policy setting is disabled, the Control Panel opens to the category view.
 
-If this policy setting is not configured, the Control Panel opens to the view used in the last Control Panel session.
+If this policy setting isn't configured, the Control Panel opens to the view used in the last Control Panel session.
 
 > [!NOTE]
 > Icon size is dependent upon what the user has set it to in the previous session.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Always open All Control Panel Items when opening Control Panel*
+-   GP Friendly name: *Always open All Control Panel Items when opening Control Panel*
 -   GP name: *ForceClassicControlPanel*
 -   GP path: *Control Panel*
 -   GP ADMX file name: *ControlPanel.admx*
@@ -194,32 +155,14 @@ ADMX Info:
 **ADMX_ControlPanel/NoControlPanel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -236,7 +179,7 @@ ADMX Info:
 
 Available in the latest Windows 10 Insider Preview Build. Disables all Control Panel programs and the PC settings app.
 
-This setting prevents Control.exe and SystemSettings.exe, the program files for Control Panel and PC settings, from starting. As a result, users cannot start Control Panel or PC settings, or run any of their items.
+This setting prevents Control.exe and SystemSettings.exe, the program files for Control Panel and PC settings, from starting. As a result, users can't start Control Panel or PC settings, or run any of their items.
 
 This setting removes Control Panel from:
 
@@ -253,16 +196,11 @@ This setting removes PC settings from:
 If users try to select a Control Panel item from the Properties item on a context menu, a message appears explaining that a setting prevents the action.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit access to Control Panel and PC settings*
+-   GP Friendly name: *Prohibit access to Control Panel and PC settings*
 -   GP name: *NoControlPanel*
 -   GP path: *Control Panel*
 -   GP ADMX file name: *ControlPanel.admx*
@@ -275,32 +213,14 @@ ADMX Info:
 **ADMX_ControlPanel/RestrictCpls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -315,7 +235,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls which Control Panel items such as Mouse, System, or Personalization, are displayed on the Control Panel window and the Start screen. The only items displayed in Control Panel are those you specify in this setting. This setting affects the Start screen and Control Panel, as well as other ways to access Control Panel items such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.
+This policy setting controls which Control Panel items such as Mouse, System, or Personalization, are displayed on the Control Panel window and the Start screen. The only items displayed in Control Panel are those items you specify in this setting. This setting affects the Start screen and Control Panel, as well as other ways to access Control Panel items such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.
 
 To display a Control Panel item, enable this policy setting and click Show to access the list of allowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter Microsoft.Mouse, Microsoft.System, or Microsoft.Personalization.
 
@@ -330,16 +250,10 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec
 > To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Show only specified Control Panel items*
+-   GP Friendly name: *Show only specified Control Panel items*
 -   GP name: *RestrictCpls*
 -   GP path: *Control Panel*
 -   GP ADMX file name: *ControlPanel.admx*
@@ -348,7 +262,8 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
-
\ No newline at end of file
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
index 970899b339..e8e6178c75 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@@ -1,20 +1,25 @@
 ---
 title: Policy CSP - ADMX_ControlPanelDisplay
-description: Policy CSP - ADMX_ControlPanelDisplay
+description: Learn about the Policy CSP - ADMX_ControlPanelDisplay.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/05/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_ControlPanelDisplay
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -103,32 +108,14 @@ manager: dansimp
 **ADMX_ControlPanelDisplay/CPL_Display_Disable**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -143,23 +130,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Disables the Display Control Panel.
+This policy setting disables the Display Control Panel.
 
-If you enable this setting, the Display Control Panel does not run. When users try to start Display, a message appears explaining that a setting prevents the action.
+If you enable this setting, the Display Control Panel doesn't run. When users try to start Display, a message appears explaining that a setting prevents the action.
 
 Also, see the "Prohibit access to the Control Panel" (User Configuration\Administrative Templates\Control Panel) and "Remove programs on Settings menu" (User Configuration\Administrative Templates\Start Menu & Taskbar) settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Disable the Display Control Panel*
+-   GP Friendly name: *Disable the Display Control Panel*
 -   GP name: *CPL_Display_Disable*
 -   GP path: *Control Panel\Display*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -172,32 +154,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Display_HideSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -212,21 +176,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes the Settings tab from Display in Control Panel.
+This setting removes the Settings tab from Display in Control Panel.
 
 This setting prevents users from using Control Panel to add, configure, or change the display settings on the computer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide Settings tab*
+-   GP Friendly name: *Hide Settings tab*
 -   GP name: *CPL_Display_HideSettings*
 -   GP path: *Control Panel\Display*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -239,32 +198,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_DisableColorSchemeChoice**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -279,25 +220,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting forces the theme color scheme to be the default color scheme.
+This setting forces the theme color scheme to be the default color scheme.
 
-If you enable this setting, a user cannot change the color scheme of the current desktop theme.
+If you enable this setting, a user can't change the color scheme of the current desktop theme.
 
-If you disable or do not configure this setting, a user may change the color scheme of the current desktop theme.
+If you disable or don't configure this setting, a user may change the color scheme of the current desktop theme.
 
 For Windows 7 and later, use the "Prevent changing color and appearance" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent changing color scheme*
+-   GP Friendly name: *Prevent changing color scheme*
 -   GP name: *CPL_Personalization_DisableColorSchemeChoice*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -310,32 +245,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_DisableThemeChange**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -350,26 +267,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting disables the theme gallery in the Personalization Control Panel.
+This setting disables the theme gallery in the Personalization Control Panel.
 
-If you enable this setting, users cannot change or save a theme. Elements of a theme such as the desktop background, color, sounds, and screen saver can still be changed (unless policies are set to turn them off).
+If you enable this setting, users can't change or save a theme. Elements of a theme such as the desktop background, color, sounds, and screen saver can still be changed (unless policies are set to turn them off).
 
-If you disable or do not configure this setting, there is no effect.
+If you disable or don't configure this setting, there's no effect.
 
 > [!NOTE]
-> If you enable this setting but do not specify a theme using the "load a specific theme" setting, the theme defaults to whatever the user previously set or the system default.
+> If you enable this setting but don't specify a theme using the "load a specific theme" setting, the theme defaults to whatever the user previously set or the system default.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent changing theme*
+-   GP Friendly name: *Prevent changing theme*
 -   GP name: *CPL_Personalization_DisableThemeChange*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -382,32 +293,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_DisableVisualStyle**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -422,23 +315,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.
+This policy setting prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.
 
 When enabled on Windows XP, this setting disables the "Windows and buttons" drop-down list on the Appearance tab in Display Properties.
 
 When enabled on Windows XP and later systems, this setting prevents users and applications from changing the visual style through the command line.  Also, a user may not apply a different visual style when changing themes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent changing visual style for windows and buttons*
+-   GP Friendly name: *Prevent changing visual style for windows and buttons*
 -   GP name: *CPL_Personalization_DisableVisualStyle*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -451,32 +338,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_EnableScreenSaver**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -491,27 +360,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Enables desktop screen savers.
+This policy setting enables desktop screen savers.
 
-If you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options.
+If you disable this setting, screen savers don't run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users can't change the screen saver options.
 
-If you do not configure it, this setting has no effect on the system.
+If you don't configure it, this setting has no effect on the system.
 
 If you enable it, a screen saver runs, provided the following two conditions hold: First, a valid screen saver on the client is specified through the "Screen Saver executable name" setting or through Control Panel on the client computer. Second, the screen saver timeout is set to a nonzero value through the setting or Control Panel.
 
 Also, see the "Prevent changing Screen Saver" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enable screen saver*
+-   GP Friendly name: *Enable screen saver*
 -   GP name: *CPL_Personalization_EnableScreenSaver*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -524,32 +387,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_ForceDefaultLockScreen**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -564,27 +409,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting allows you to force a specific default lock screen and logon image by entering the path (location) of the image file. The same image will be used for both the lock and logon screens.
+This setting allows you to force a specific default lock screen and sign-in image by entering the path (location) of the image file. The same image will be used for both the lock and sign-in screens.
 
-This setting lets you specify the default lock screen and logon image shown when no user is signed in, and also sets the specified image as the default for all users (it replaces the inbox default image).
+This setting lets you specify the default lock screen and sign-in image shown when no user is signed in, and also sets the specified image as the default for all users (it replaces the inbox default image).
 
-To use this setting, type the fully qualified path and name of the file that stores the default lock screen and logon image. You can type a local path, such as C:\Windows\Web\Screen\img104.jpg or a UNC path, such as `\\Server\Share\Corp.jpg`.
+To use this setting, type the fully qualified path and name of the file that stores the default lock screen and sign-in image. You can type a local path, such as C:\Windows\Web\Screen\img104.jpg or a UNC path, such as `\\Server\Share\Corp.jpg`.
 
-This can be used in conjunction with the "Prevent changing lock screen and logon image" setting to always force the specified lock screen and logon image to be shown.
+This setting can be used in conjunction with the "Prevent changing lock screen and logon image" setting to always force the specified lock screen and sign-in image to be shown.
 
-Note: This setting only applies to Enterprise, Education, and Server SKUs.
+>[!NOTE]
+> This setting only applies to Enterprise, Education, and Server SKUs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Force a specific default lock screen and logon image*
+-   GP Friendly name: *Force a specific default lock screen and logon image*
 -   GP name: *CPL_Personalization_ForceDefaultLockScreen*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -597,32 +438,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_LockFontSize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -637,23 +460,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the size of the font in the windows and buttons displayed on their screens.
+This setting prevents users from changing the size of the font in the windows and buttons displayed on their screens.
 
 If this setting is enabled, the "Font size" drop-down list on the Appearance tab in Display Properties is disabled. 
 
-If you disable or do not configure this setting, a user may change the font size using the "Font size" drop-down list on the Appearance tab.
+If you disable or don't configure this setting, a user may change the font size using the "Font size" drop-down list on the Appearance tab.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prohibit selection of visual style font size*
+-   GP Friendly name: *Prohibit selection of visual style font size*
 -   GP name: *CPL_Personalization_LockFontSize*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -666,32 +483,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingLockScreen**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -706,23 +505,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the background image shown when the machine is locked or when on the logon screen.
+Prevents users from changing the background image shown when the machine is locked or when on the sign-in screen.
 
-By default, users can change the background image shown when the machine is locked or displaying the logon screen.
+By default, users can change the background image shown when the machine is locked or displaying the sign-in screen.
 
-If you enable this setting, the user will not be able to change their lock screen and logon image, and they will instead see the default image.
+If you enable this setting, the user won't be able to change their lock screen and sign-in image, and they'll instead see the default image.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent changing lock screen and logon image*
+-   GP Friendly name: *Prevent changing lock screen and logon image*
 -   GP name: *CPL_Personalization_NoChangingLockScreen*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -735,32 +528,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingStartMenuBackground**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -775,27 +550,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the look of their start menu background, such as its color or accent.
+This setting prevents users from changing the look of their start menu background, such as its color or accent.
 
 By default, users can change the look of their start menu background, such as its color or accent.
 
-If you enable this setting, the user will be assigned the default start menu background and colors and will not be allowed to change them.
+If you enable this setting, the user will be assigned the default start menu background and colors and won't be allowed to change them.
 
 If the "Force a specific background and accent color" policy is also set on a supported version of Windows, then those colors take precedence over this policy.
 
 If the "Force a specific Start background" policy is also set on a supported version of Windows, then that background takes precedence over this policy.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent changing start menu background*
+-   GP Friendly name: *Prevent changing start menu background*
 -   GP name: *CPL_Personalization_NoChangingStartMenuBackground*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -808,32 +577,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoColorAppearanceUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -848,25 +599,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Disables the Color (or Window Color) page in the Personalization Control Panel, or the Color Scheme dialog in the Display Control Panel on systems where the Personalization feature is not available.
+This setting disables the Color (or Window Color) page in the Personalization Control Panel, or the Color Scheme dialog in the Display Control Panel on systems where the Personalization feature isn't available.
 
-This setting prevents users from using Control Panel to change the window border and taskbar color (on Windows 8), glass color (on Windows Vista and Windows 7), system colors, or color scheme of the desktop and windows.
+This setting also prevents users from using Control Panel to change the window border and taskbar color (on Windows 8), glass color (on Windows Vista and Windows 7), system colors, or color scheme of the desktop and windows.
 
 If this setting is disabled or not configured, the Color (or Window Color) page or Color Scheme dialog is available in the Personalization or Display Control Panel.
 
-For systems prior to Windows Vista, this setting hides the Appearance and Themes tabs in the in Display in Control Panel.
+For systems prior to Windows Vista, this setting hides the Appearance and Themes tabs in the Display in Control Panel.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent changing color and appearance*
+-   GP Friendly name: *Prevent changing color and appearance*
 -   GP name: *CPL_Personalization_NoColorAppearanceUI*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -879,32 +624,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopBackgroundUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -919,7 +646,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from adding or changing the background design of the desktop.
+This setting prevents users from adding or changing the background design of the desktop.
 
 By default, users can use the Desktop Background page in the Personalization or Display Control Panel to add a background design (wallpaper) to their desktop.
 
@@ -927,21 +654,16 @@ If you enable this setting, none of the Desktop Background settings can be chang
 
 To specify wallpaper for a group, use the "Desktop Wallpaper" setting.
 
-Note: You must also enable the "Desktop Wallpaper" setting to prevent users from changing the desktop wallpaper. Refer to KB article: Q327998 for more information.
+>[!NOTE]
+>You must also enable the "Desktop Wallpaper" setting to prevent users from changing the desktop wallpaper. Refer to KB article: Q327998 for more information.
 
 Also, see the "Allow only bitmapped wallpaper" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent changing desktop background*
+-   GP Friendly name: *Prevent changing desktop background*
 -   GP name: *CPL_Personalization_NoDesktopBackgroundUI*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -954,32 +676,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopIconsUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -994,7 +698,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the desktop icons.
+This setting prevents users from changing the desktop icons.
 
 By default, users can use the Desktop Icon Settings dialog in the Personalization or Display Control Panel to show, hide, or change the desktop icons.
 
@@ -1003,16 +707,10 @@ If you enable this setting, none of the desktop icons can be changed by the user
 For systems prior to Windows Vista, this setting also hides the Desktop tab in the Display Control Panel.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent changing desktop icons*
+-   GP Friendly name: *Prevent changing desktop icons*
 -   GP name: *CPL_Personalization_NoDesktopIconsUI*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -1025,32 +723,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoLockScreen**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1067,21 +747,15 @@ ADMX Info:
 
 Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the lock screen appears for users.
 
-If you enable this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see their selected tile after locking their PC.
+If you enable this policy setting, users that aren't required to press CTRL + ALT + DEL before signing in will see their selected tile after locking their PC.
 
-If you disable or do not configure this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see a lock screen after locking their PC. They must dismiss the lock screen using touch, the keyboard, or by dragging it with the mouse.
+If you disable or don't configure this policy setting, users that aren't required to press CTRL + ALT + DEL before signing in will see a lock screen after locking their PC. They must dismiss the lock screen using touch, the keyboard, or by dragging it with the mouse.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not display the lock screen*
+-   GP Friendly name: *Do not display the lock screen*
 -   GP name: *CPL_Personalization_NoLockScreen*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -1094,32 +768,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoMousePointersUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1134,23 +790,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the mouse pointers.
+Available in the latest Windows 10 Insider Preview Build. This setting prevents users from changing the mouse pointers.
 
 By default, users can use the Pointers tab in the Mouse Control Panel to add, remove, or change the mouse pointers.
 
 If you enable this setting, none of the mouse pointer scheme settings can be changed by the user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent changing mouse pointers*
+-   GP Friendly name: *Prevent changing mouse pointers*
 -   GP name: *CPL_Personalization_NoMousePointersUI*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -1163,32 +813,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoScreenSaverUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1203,21 +835,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel.
+This setting prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel.
 
-This setting prevents users from using Control Panel to add, configure, or change the screen saver on the computer. It does not prevent a screen saver from running.
+This setting also prevents users from using Control Panel to add, configure, or change the screen saver on the computer. It doesn't prevent a screen saver from running.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent changing screen saver*
+-   GP Friendly name: *Prevent changing screen saver*
 -   GP name: *CPL_Personalization_NoScreenSaverUI*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -1230,32 +856,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoSoundSchemeUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1270,23 +878,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the sound scheme.
+This setting prevents users from changing the sound scheme.
 
 By default, users can use the Sounds tab in the Sound Control Panel to add, remove, or change the system Sound Scheme.
 
 If you enable this setting, none of the Sound Scheme settings can be changed by the user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent changing sounds*
+-   GP Friendly name: *Prevent changing sounds*
 -   GP name: *CPL_Personalization_NoSoundSchemeUI*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -1299,32 +901,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_PersonalColors**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1339,23 +923,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Forces Windows to use the specified colors for the background and accent. The color values are specified in hex as #RGB.
+This setting forces Windows to use the specified colors for the background and accent. The color values are specified in hex as #RGB.
 
 By default, users can change the background and accent colors.
 
-If this setting is enabled, the background and accent colors of Windows will be set to the specified colors and users cannot change those colors. This setting will not be applied if the specified colors do not meet a contrast ratio of 2:1 with white text.
+If this setting is enabled, the background and accent colors of Windows will be set to the specified colors and users can't change those colors. This setting won't be applied if the specified colors don't meet a contrast ratio of 2:1 with white text.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Force a specific background and accent color*
+-   GP Friendly name: *Force a specific background and accent color*
 -   GP name: *CPL_Personalization_PersonalColors*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -1368,32 +946,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverIsSecure**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1408,13 +968,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Determines whether screen savers used on the computer are password protected.
+This setting determines whether screen savers used on the computer are password protected.
 
-If you enable this setting, all screen savers are password protected. If you disable this setting, password protection cannot be set on any screen saver.
+If you enable this setting, all screen savers are password protected. If you disable this setting, password protection can't be set on any screen saver.
 
 This setting also disables the "Password protected" checkbox on the Screen Saver dialog in the Personalization or Display Control Panel, preventing users from changing the password protection setting.
 
-If you do not configure this setting, users can choose whether or not to set password protection on each screen saver.
+If you don't configure this setting, users can choose whether or not to set password protection on each screen saver.
 
 To ensure that a computer will be password protected, enable the "Enable Screen Saver" setting and specify a timeout via the "Screen Saver timeout" setting.
 
@@ -1422,16 +982,10 @@ To ensure that a computer will be password protected, enable the "Enable Screen
 > To remove the Screen Saver dialog, use the "Prevent changing Screen Saver" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Password protect the screen saver*
+-   GP Friendly name: *Password protect the screen saver*
 -   GP name: *CPL_Personalization_ScreenSaverIsSecure*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -1444,32 +998,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverTimeOut**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1484,33 +1020,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Specifies how much user idle time must elapse before the screen saver is launched.
+Specifies how much user idle time must elapse before the screen saver is launched.
 
-When configured, this idle time can be set from a minimum of 1 second to a maximum of 86,400 seconds, or 24 hours. If set to zero, the screen saver will not be started.
+When configured, this idle time can be set from a minimum of 1 second to a maximum of 86,400 seconds, or 24 hours. If set to zero, the screen saver won't be started.
 
 This setting has no effect under any of the following circumstances:
 
 - The setting is disabled or not configured.
-
 - The wait time is set to zero.
-
 - The "Enable Screen Saver" setting is disabled.
 
-- Neither the "Screen saver executable name" setting nor the Screen Saver dialog of the client computer's Personalization or Display Control Panel specifies a valid existing screen saver program on the client.
+- The "Screen saver executable name" setting and the Screen Saver dialog of the client computer's Personalization or Display Control Panel don't specify a valid existing screen saver program on the client.
 
 When not configured, whatever wait time is set on the client through the Screen Saver dialog in the Personalization or Display Control Panel is used. The default is 15 minutes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Screen saver timeout*
+-   GP Friendly name: *Screen saver timeout*
 -   GP name: *CPL_Personalization_ScreenSaverTimeOut*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -1523,32 +1051,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_SetScreenSaver**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1563,30 +1073,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Specifies the screen saver for the user's desktop.
+This setting specifies the screen saver for the user's desktop.
 
 If you enable this setting, the system displays the specified screen saver on the user's desktop. Also, this setting disables the drop-down list of screen savers in the Screen Saver dialog in the Personalization or Display Control Panel, which prevents users from changing the screen saver.
 
-If you disable this setting or do not configure it, users can select any screen saver.
+If you disable this setting or don't configure it, users can select any screen saver.
 
-If you enable this setting, type the name of the file that contains the screen saver, including the .scr file name extension. If the screen saver file is not in the %Systemroot%\System32 directory, type the fully qualified path to the file.
+If you enable this setting, type the name of the file that contains the screen saver, including the .scr file name extension. If the screen saver file isn't in the %Systemroot%\System32 directory, type the fully qualified path to the file.
 
-If the specified screen saver is not installed on a computer to which this setting applies, the setting is ignored.
+If the specified screen saver isn't installed on a computer to which this setting applies, the setting is ignored.
 
 > [!NOTE]
-> This setting can be superseded by the "Enable Screen Saver" setting.  If the "Enable Screen Saver" setting is disabled, this setting is ignored, and screen savers do not run.
+> This setting can be superseded by the "Enable Screen Saver" setting.  If the "Enable Screen Saver" setting is disabled, this setting is ignored, and screen savers don't run.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Force specific screen saver*
+-   GP Friendly name: *Force specific screen saver*
 -   GP name: *CPL_Personalization_SetScreenSaver*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -1599,32 +1103,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_SetTheme**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1641,21 +1127,15 @@ ADMX Info:
 
 Available in the latest Windows 10 Insider Preview Build. Specifies which theme file is applied to the computer the first time a user logs on.
 
-If you enable this setting, the theme that you specify will be applied when a new user logs on for the first time.  This policy does not prevent the user from changing the theme or any of the theme elements such as the desktop background, color, sounds, or screen saver after the first logon.
+If you enable this setting, the theme that you specify will be applied when a new user signs in for the first time.  This policy doesn't prevent the user from changing the theme or any of the theme elements such as the desktop background, color, sounds, or screen saver after the first sign in.
 
-If you disable or do not configure this setting, the default theme will be applied at the first logon.
+If you disable or don't configure this setting, the default theme will be applied at the first sign in.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Load a specific theme*
+-   GP Friendly name: *Load a specific theme*
 -   GP name: *CPL_Personalization_SetTheme*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -1668,32 +1148,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_SetVisualStyle**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1708,32 +1170,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.
+This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.
 
-This can be a local computer visual style (aero.msstyles), or a file located on a remote server using a UNC path (\\Server\Share\aero.msstyles).
+This file can be a local computer visual style (aero.msstyles) one, or a file located on a remote server using a UNC path (\\Server\Share\aero.msstyles).
 
 If you enable this setting, the visual style file that you specify will be used. Also, a user may not apply a different visual style when changing themes.
 
-If you disable or do not configure this setting, the users can select the visual style that they want to use by changing themes (if the Personalization Control Panel is available).
+If you disable or don't configure this setting, the users can select the visual style that they want to use by changing themes (if the Personalization Control Panel is available).
 
 > [!NOTE]
-> If this setting is enabled and the file is not available at user logon, the default visual style is loaded.
+> If this setting is enabled and the file isn't available at user logon, the default visual style is loaded.
 >
 > When running Windows XP, you can select the Luna visual style by typing %windir%\resources\Themes\Luna\Luna.msstyles.
 >
-> To select the Windows Classic visual style, leave the box blank beside "Path to Visual Style:" and enable this setting. When running Windows 8 or Windows RT, you cannot apply the Windows Classic visual style.
+> To select the Windows Classic visual style, leave the box blank beside "Path to Visual Style:" and enable this setting. When running Windows 8 or Windows RT, you can't apply the Windows Classic visual style.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Force a specific visual style file or force Windows Classic*
+-   GP Friendly name: *Force a specific visual style file or force Windows Classic*
 -   GP name: *CPL_Personalization_SetVisualStyle*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -1746,32 +1202,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_StartBackground**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1786,23 +1224,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Forces the Start screen to use one of the available backgrounds, 1 through 20, and prevents the user from changing it.
+Forces the Start screen to use one of the available backgrounds, 1 through 20, and prevents the user from changing it.
 
 If this setting is set to zero or not configured, then Start uses the default background, and users can change it.
 
-If this setting is set to a nonzero value, then Start uses the specified background, and users cannot change it. If the specified background is not supported, the default background is used.
+If this setting is set to a nonzero value, then Start uses the specified background, and users can't change it. If the specified background isn't supported, the default background is used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Force a specific Start background*
+-   GP Friendly name: *Force a specific Start background*
 -   GP name: *CPL_Personalization_StartBackground*
 -   GP path: *Control Panel\Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -1811,7 +1243,9 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
-
\ No newline at end of file
+
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md
index 765b443616..19f04975a7 100644
--- a/windows/client-management/mdm/policy-csp-admx-cpls.md
+++ b/windows/client-management/mdm/policy-csp-admx-cpls.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/26/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Cpls
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -34,32 +39,14 @@ manager: dansimp
 **ADMX_Cpls/UseDefaultTile**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,7 +61,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
+This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
 
 > [!NOTE] 
 > The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed.
@@ -84,16 +71,11 @@ If you enable this policy setting, the default user account picture will display
 If you disable or do not configure this policy setting, users will be able to customize their account pictures.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Apply the default account picture to all users*
+-   GP Friendly name: *Apply the default account picture to all users*
 -   GP name: *UseDefaultTile*
 -   GP path: *Control Panel/User Accounts*
 -   GP ADMX file name: *Cpls.admx*
@@ -102,8 +84,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
index 21edb1f061..92381f92cc 100644
--- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/11/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_CredentialProviders
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -40,32 +45,15 @@ manager: dansimp
 **ADMX_CredentialProviders/AllowDomainDelayLock**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -80,7 +68,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether a user can change the time before a password is required when a Connected Standby device screen turns off.
+This policy setting allows you to control whether a user can change the time before a password is required when a Connected Standby device screen turns off.
 
 If you enable this policy setting, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose.
 
@@ -91,16 +79,11 @@ If you don't configure this policy setting on a domain-joined device, a user can
 If you don't configure this policy setting on a workgroup device, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow users to select when a password is required when resuming from connected standby*
+-   GP Friendly name: *Allow users to select when a password is required when resuming from connected standby*
 -   GP name: *AllowDomainDelayLock*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *CredentialProviders.admx*
@@ -113,32 +96,14 @@ ADMX Info:
 **ADMX_CredentialProviders/DefaultCredentialProvider**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -153,7 +118,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to assign a specified credential provider as the default credential provider.
+This policy setting allows the administrator to assign a specified credential provider as the default credential provider.
 
 If you enable this policy setting, the specified credential provider is selected on other user tile.
 
@@ -163,16 +128,10 @@ If you disable or do not configure this policy setting, the system picks the def
 > A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Assign a default credential provider*
+-   GP Friendly name: *Assign a default credential provider*
 -   GP name: *DefaultCredentialProvider*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *CredentialProviders.admx*
@@ -186,32 +145,14 @@ ADMX Info:
 **ADMX_CredentialProviders/ExcludedCredentialProviders**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -226,7 +167,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to exclude the specified credential providers from use during authentication.  
+This policy setting allows the administrator to exclude the specified credential providers from use during authentication.  
 
 > [!NOTE]
 > Credential providers are used to process and validate user credentials during logon or when authentication is required. Windows Vista provides two default credential providers: Password and Smart Card. An administrator can install additional credential providers for different sets of credentials (for example, to support biometric authentication).
@@ -236,16 +177,10 @@ If you enable this policy, an administrator can specify the CLSIDs of the creden
 If you disable or do not configure this policy, all installed and otherwise enabled credential providers are available for authentication purposes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Exclude credential providers*
+-   GP Friendly name: *Exclude credential providers*
 -   GP name: *ExcludedCredentialProviders*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *CredentialProviders.admx*
@@ -254,9 +189,5 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are for upcoming release.
 
-
-
-These policies are currently only available as part of a Windows Insider release.
\ No newline at end of file
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md
index 2cc80b3bec..18929d3fd6 100644
--- a/windows/client-management/mdm/policy-csp-admx-credssp.md
+++ b/windows/client-management/mdm/policy-csp-admx-credssp.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/12/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_CredSsp
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -64,32 +69,14 @@ manager: dansimp
 **ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -104,13 +91,13 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
 This policy setting applies when server authentication was achieved via NTLM.
 
-If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows).
+If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those credentials that you use when first signing in to Windows).
 
-If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any machine.
+If you disable or don't configure (by default) this policy setting, delegation of default credentials isn't permitted to any machine.
 
 > [!NOTE]
 > The "Allow delegating default credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated.  The use of a single wildcard character is permitted when specifying the SPN.
@@ -122,16 +109,11 @@ If you disable or do not configure (by default) this policy setting, delegation
 > - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow delegating default credentials with NTLM-only server authentication*
+-   GP Friendly name: *Allow delegating default credentials with NTLM-only server authentication*
 -   GP name: *AllowDefCredentialsWhenNTLMOnly*
 -   GP path: *System\Credentials Delegation*
 -   GP ADMX file name: *CredSsp.admx*
@@ -144,32 +126,14 @@ ADMX Info:
 **ADMX_CredSsp/AllowDefaultCredentials**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -184,15 +148,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
 This policy setting applies when server authentication was achieved by using a trusted X509 certificate or Kerberos.
 
-If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows).
+If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those credentials that you use when first logging on to Windows).
 
 The policy becomes effective the next time the user signs on to a computer running Windows.
 
-If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB.
+If you disable or don't configure (by default) this policy setting, delegation of default credentials isn't permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB.
 
 FWlink for KB:
 https://go.microsoft.com/fwlink/?LinkId=301508
@@ -207,16 +171,10 @@ https://go.microsoft.com/fwlink/?LinkId=301508
 > - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow delegating default credentials*
+-   GP Friendly name: *Allow delegating default credentials*
 -   GP name: *AllowDefaultCredentials*
 -   GP path: *System\Credentials Delegation*
 -   GP ADMX file name: *CredSsp.admx*
@@ -229,32 +187,14 @@ ADMX Info:
 **ADMX_CredSsp/AllowEncryptionOracle**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -269,34 +209,28 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection).
 
 Some versions of the CredSSP protocol are vulnerable to an encryption oracle attack against the client.  This policy controls compatibility with vulnerable clients and servers.  This policy allows you to set the level of protection desired for the encryption oracle vulnerability.
 
 If you enable this policy setting, CredSSP version support will be selected based on the following options:
 
-- Force Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. 
+- Force Updated Clients: Client applications that use CredSSP won't be able to fall back to the insecure versions and services using CredSSP won't accept unpatched clients. 
 
     > [!NOTE]
     > This setting should not be deployed until all remote hosts support the newest version.
 
-- Mitigated: Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients.
+- Mitigated: Client applications that use CredSSP won't be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients.
 
-- Vulnerable: Client applications which use CredSSP will expose the remote servers to attacks by supporting fall back to the insecure versions and services using CredSSP will accept unpatched clients.
+- Vulnerable: Client applications that use CredSSP will expose the remote servers to attacks by supporting a fallback to the insecure versions and services using CredSSP will accept unpatched clients.
 
 For more information about the vulnerability and servicing requirements for protection, see https://go.microsoft.com/fwlink/?linkid=866660
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Encryption Oracle Remediation*
+-  GP Friendly name: *Encryption Oracle Remediation*
 -   GP name: *AllowEncryptionOracle*
 -   GP path: *System\Credentials Delegation*
 -   GP ADMX file name: *CredSsp.admx*
@@ -309,32 +243,14 @@ ADMX Info:
 **ADMX_CredSsp/AllowFreshCredentials**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -349,15 +265,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
 This policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos.
 
-If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application).
+If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those credentials that you're prompted for when executing the application).
 
-If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
+If you don't configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
 
-If you disable this policy setting, delegation of fresh credentials is not permitted to any machine.
+If you disable this policy setting, delegation of fresh credentials isn't permitted to any machine.
 
 > [!NOTE]
 > The "Allow delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard is permitted when specifying the SPN.
@@ -369,16 +285,10 @@ If you disable this policy setting, delegation of fresh credentials is not permi
 > - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow delegating fresh credentials*
+-   GP Friendly name: *Allow delegating fresh credentials*
 -   GP name: *AllowFreshCredentials*
 -   GP path: *System\Credentials Delegation*
 -   GP ADMX file name: *CredSsp.admx*
@@ -391,32 +301,14 @@ ADMX Info:
 **ADMX_CredSsp/AllowFreshCredentialsWhenNTLMOnly**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -431,15 +323,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
 This policy setting applies when server authentication was achieved via NTLM.
 
-If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application).
+If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those credentials that you're prompted for when executing the application).
 
-If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
+If you don't configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
 
-If you disable this policy setting, delegation of fresh credentials is not permitted to any machine.
+If you disable this policy setting, delegation of fresh credentials isn't permitted to any machine.
 
 > [!NOTE]
 > The "Allow delegating fresh credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.
@@ -451,16 +343,10 @@ If you disable this policy setting, delegation of fresh credentials is not permi
 > - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow delegating fresh credentials with NTLM-only server authentication*
+-   GP Friendly name: *Allow delegating fresh credentials with NTLM-only server authentication*
 -   GP name: *AllowFreshCredentialsWhenNTLMOnly*
 -   GP path: *System\Credentials Delegation*
 -   GP ADMX file name: *CredSsp.admx*
@@ -473,32 +359,14 @@ ADMX Info:
 **ADMX_CredSsp/AllowSavedCredentials**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -513,15 +381,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
 This policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos.
 
-If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).
+If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those credentials that you elect to save/remember using the Windows credential manager).
 
-If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
+If you don't configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
 
-If you disable this policy setting, delegation of saved credentials is not permitted to any machine.
+If you disable this policy setting, delegation of saved credentials isn't permitted to any machine.
 
 > [!NOTE]
 > The "Allow delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.
@@ -533,16 +401,10 @@ If you disable this policy setting, delegation of saved credentials is not permi
 > - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow delegating saved credentials*
+-   GP Friendly name: *Allow delegating saved credentials*
 -   GP name: *AllowSavedCredentials*
 -   GP path: *System\Credentials Delegation*
 -   GP ADMX file name: *CredSsp.admx*
@@ -555,32 +417,14 @@ ADMX Info:
 **ADMX_CredSsp/AllowSavedCredentialsWhenNTLMOnly**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -595,15 +439,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
 This policy setting applies when server authentication was achieved via NTLM.
 
-If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).
+If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those credentials that you elect to save/remember using the Windows credential manager).
 
-If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*) if the client machine is not a member of any domain. If the client is domain-joined, by default the delegation of saved credentials is not permitted to any machine.
+If you don't configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*) if the client machine isn't a member of any domain. If the client is domain-joined, by default, the delegation of saved credentials isn't permitted to any machine.
 
-If you disable this policy setting, delegation of saved credentials is not permitted to any machine.
+If you disable this policy setting, delegation of saved credentials isn't permitted to any machine.
 
 > [!NOTE]
 > The "Allow delegating saved credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.
@@ -615,16 +459,10 @@ If you disable this policy setting, delegation of saved credentials is not permi
 > - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow delegating saved credentials with NTLM-only server authentication*
+-   GP Friendly name: *Allow delegating saved credentials with NTLM-only server authentication*
 -   GP name: *AllowSavedCredentialsWhenNTLMOnly*
 -   GP path: *System\Credentials Delegation*
 -   GP ADMX file name: *CredSsp.admx*
@@ -637,32 +475,14 @@ ADMX Info:
 **ADMX_CredSsp/DenyDefaultCredentials**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -677,14 +497,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
-If you enable this policy setting, you can specify the servers to which the user's default credentials cannot be delegated (default credentials are those that you use when first logging on to Windows).
+If you enable this policy setting, you can specify the servers to which the user's default credentials can't be delegated (default credentials are those credentials that you use when first logging on to Windows).
 
-If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.
+If you disable or don't configure (by default) this policy setting, this policy setting doesn't specify any server.
 
 > [!NOTE]
-> The "Deny delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.
+> The "Deny delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can't be delegated. The use of a single wildcard character is permitted when specifying the SPN.
 >
 > For Example:
 >
@@ -695,16 +515,10 @@ If you disable or do not configure (by default) this policy setting, this policy
 This policy setting can be used in combination with the "Allow delegating default credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating default credentials" server list.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Deny delegating default credentials*
+-   GP Friendly name: *Deny delegating default credentials*
 -   GP name: *DenyDefaultCredentials*
 -   GP path: *System\Credentials Delegation*
 -   GP ADMX file name: *CredSsp.admx*
@@ -717,32 +531,14 @@ ADMX Info:
 **ADMX_CredSsp/DenyFreshCredentials**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -757,14 +553,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
-If you enable this policy setting, you can specify the servers to which the user's fresh credentials cannot be delegated (fresh credentials are those that you are prompted for when executing the application).
+If you enable this policy setting, you can specify the servers to which the user's fresh credentials can't be delegated (fresh credentials are those credentials that you're prompted for when executing the application).
 
-If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.
+If you disable or don't configure (by default) this policy setting, this policy setting doesn't specify any server.
 
 > [!NOTE]
-> The "Deny delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.
+> The "Deny delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can't be delegated. The use of a single wildcard character is permitted when specifying the SPN.
 >
 > For Example:
 >
@@ -775,16 +571,10 @@ If you disable or do not configure (by default) this policy setting, this policy
 This policy setting can be used in combination with the "Allow delegating fresh credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating fresh credentials" server list.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Deny delegating fresh credentials*
+-   GP Friendly name: *Deny delegating fresh credentials*
 -   GP name: *DenyFreshCredentials*
 -   GP path: *System\Credentials Delegation*
 -   GP ADMX file name: *CredSsp.admx*
@@ -797,32 +587,14 @@ ADMX Info:
 **ADMX_CredSsp/DenySavedCredentials**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -837,14 +609,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
-If you enable this policy setting, you can specify the servers to which the user's saved credentials cannot be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).
+If you enable this policy setting, you can specify the servers to which the user's saved credentials can't be delegated (saved credentials are those credentials that you elect to save/remember using the Windows credential manager).
 
-If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.
+If you disable or don't configure (by default) this policy setting, this policy setting doesn't specify any server.
 
 > [!NOTE]
-> The "Deny delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.
+> The "Deny delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can't be delegated. The use of a single wildcard character is permitted when specifying the SPN.
 >
 > For Example:
 >
@@ -855,16 +627,10 @@ If you disable or do not configure (by default) this policy setting, this policy
 This policy setting can be used in combination with the "Allow delegating saved credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating saved credentials" server list.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Deny delegating saved credentials*
+-   GP Friendly name: *Deny delegating saved credentials*
 -   GP name: *DenySavedCredentials*
 -   GP path: *System\Credentials Delegation*
 -   GP ADMX file name: *CredSsp.admx*
@@ -877,32 +643,14 @@ ADMX Info:
 **ADMX_CredSsp/RestrictedRemoteAdministration**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -917,7 +665,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. When running in Restricted Admin or Remote Credential Guard mode, participating apps do not expose signed in or supplied credentials to a remote host. Restricted Admin limits access to resources located on other servers or networks from the remote host because credentials are not delegated. Remote Credential Guard does not limit access to resources because it redirects all requests back to the client device.
+When the participating applications are running in Restricted Admin or Remote Credential Guard mode, participating applications don't expose signed in or supplied credentials to a remote host. Restricted Admin limits access to resources located on other servers or networks from the remote host because credentials aren't delegated. Remote Credential Guard doesn't limit access to resources because it redirects all requests back to the client device.
 
 Participating apps:
 Remote Desktop Client
@@ -928,24 +676,18 @@ If you enable this policy setting, the following options are supported:
 - Require Remote Credential Guard: Participating applications must use Remote Credential Guard to connect to remote hosts.
 - Require Restricted Admin: Participating applications must use Restricted Admin to connect to remote hosts.
 
-If you disable or do not configure this policy setting, Restricted Admin and Remote Credential Guard mode are not enforced and participating apps can delegate credentials to remote devices.
+If you disable or don't configure this policy setting, Restricted Admin and Remote Credential Guard mode aren't enforced and participating apps can delegate credentials to remote devices.
 
 > [!NOTE]
 > To disable most credential delegation, it may be sufficient to deny delegation in Credential Security Support Provider (CredSSP) by modifying Administrative template settings (located at Computer Configuration\Administrative Templates\System\Credentials Delegation).
 >
-> On Windows 8.1 and Windows Server 2012 R2, enabling this policy will enforce Restricted Administration mode, regardless of the mode chosen. These versions do not support Remote Credential Guard.
+> On Windows 8.1 and Windows Server 2012 R2, enabling this policy will enforce Restricted Administration mode, regardless of the mode chosen. These versions don't support Remote Credential Guard.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Restrict delegation of credentials to remote servers*
+-   GP Friendly name: *Restrict delegation of credentials to remote servers*
 -   GP name: *RestrictedRemoteAdministration*
 -   GP path: *System\Credentials Delegation*
 -   GP ADMX file name: *CredSsp.admx*
@@ -954,8 +696,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md
index f897258fbe..a62ce22ddd 100644
--- a/windows/client-management/mdm/policy-csp-admx-credui.md
+++ b/windows/client-management/mdm/policy-csp-admx-credui.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/09/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_CredUI
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -37,32 +42,14 @@ manager: dansimp
 **ADMX_CredUI/EnableSecureCredentialPrompting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -77,26 +64,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user’s Windows credentials.
+This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user’s Windows credentials.
 
 > [!NOTE]
 > This policy affects nonlogon authentication tasks only. As a security best practice, this policy should be enabled.
 
-If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop by means of the trusted path mechanism.
+If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop through the trusted path mechanism.
 
-If you disable or do not configure this policy setting, users will enter Windows credentials within the user’s desktop session, potentially allowing malicious code access to the user’s Windows credentials.
+If you disable or don't configure this policy setting, users will enter Windows credentials within the user’s desktop session, potentially allowing malicious code access to the user’s Windows credentials.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Require trusted path for credential entry*
+-   GP Friendly name: *Require trusted path for credential entry*
 -   GP name: *EnableSecureCredentialPrompting*
 -   GP path: *Windows Components\Credential User Interface*
 -   GP ADMX file name: *CredUI.admx*
@@ -109,32 +90,14 @@ ADMX Info:
 **ADMX_CredUI/NoLocalPasswordResetQuestions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -149,29 +112,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you turn this policy setting on, local users won’t be able to set up and use security questions to reset their passwords.
+Available in the latest Windows 10 Insider Preview Build. If you turn on this policy setting, local users won’t be able to set up and use security questions to reset their passwords.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent the use of security questions for local accounts*
+-   GP Friendly name: *Prevent the use of security questions for local accounts*
 -   GP name: *NoLocalPasswordResetQuestions*
 -   GP path: *Windows Components\Credential User Interface*
 -   GP ADMX file name: *CredUI.admx*
 
 
 
-
                  
-
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
+<
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
index b8b9047875..89ce54faf5 100644
--- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
+++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/26/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_CtrlAltDel
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -43,32 +48,14 @@ manager: dansimp
 **ADMX_CtrlAltDel/DisableChangePassword**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -83,23 +70,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from changing their Windows password on demand.
+This policy setting prevents users from changing their Windows password on demand.
 
-If you enable this policy setting, the 'Change Password' button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del.
+If you enable this policy setting, the **Change Password** button on the Windows Security dialog box won't appear when you press Ctrl+Alt+Del.
 
 However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Change Password*
+-   GP Friendly name: *Remove Change Password*
 -   GP name: *DisableChangePassword*
 -   GP path: *System/Ctrl+Alt+Del Options*
 -   GP ADMX file name: *CtrlAltDel.admx*
@@ -113,32 +95,14 @@ ADMX Info:
 **ADMX_CtrlAltDel/DisableLockComputer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -153,28 +117,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from locking the system.
+This policy setting prevents users from locking the system.
 
-While locked, the desktop is hidden and the system cannot be used. Only the user who locked the system or the system administrator can unlock it.
+While locked, the desktop is hidden and the system can't be used. Only the user who locked the system or the system administrator can unlock it.
 
-If you enable this policy setting, users cannot lock the computer from the keyboard using Ctrl+Alt+Del.
+If you enable this policy setting, users can't lock the computer from the keyboard using Ctrl+Alt+Del.
 
-If you disable or do not configure this policy setting, users will be able to lock the computer from the keyboard using Ctrl+Alt+Del.
+If you disable or don't configure this policy setting, users will be able to lock the computer from the keyboard using Ctrl+Alt+Del.
 
 > [!TIP]
 > To lock a computer without configuring a setting, press Ctrl+Alt+Delete, and then click Lock this computer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Remove Lock Computer*
+-   GP Friendly name: *Remove Lock Computer*
 -   GP name: *DisableLockWorkstation*
 -   GP path: *System/Ctrl+Alt+Del Options*
 -   GP ADMX file name: *CtrlAltDel.admx*
@@ -186,32 +144,14 @@ ADMX Info:
 
 **ADMX_CtrlAltDel/DisableTaskMgr**  
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -226,25 +166,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from starting Task Manager.
+This policy setting prevents users from starting Task Manager.
 
 Task Manager (**taskmgr.exe**) lets users start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run.
 
-If you enable this policy setting, users will not be able to access Task Manager. If users try to start Task Manager, a message appears explaining that a policy prevents the action.
+If you enable this policy setting, users won't be able to access Task Manager. If users try to start Task Manager, a message appears explaining that a policy prevents the action.
 
-If you disable or do not configure this policy setting, users can access Task Manager to start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run.
+If you disable or don't configure this policy setting, users can access Task Manager to start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Remove Task Manager*
+-   GP Friendly name: *Remove Task Manager*
 -   GP name: *DisableTaskMgr*
 -   GP path: *System/Ctrl+Alt+Del Options*
 -   GP ADMX file name: *CtrlAltDel.admx*
@@ -257,32 +191,14 @@ ADMX Info:
 **ADMX_CtrlAltDel/NoLogoff**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -297,25 +213,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting disables or removes all menu items and buttons that log the user off the system.
+This policy setting disables or removes all menu items and buttons that log the user off the system.
 
-If you enable this policy setting, users will not see the Log off menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shutdown the computer, or clicking Log off from the Start menu.
+If you enable this policy setting, users won't see the Log off menu item when they press Ctrl+Alt+Del. This scenario will prevent them from logging off unless they restart or shut down the computer, or clicking Log off from the Start menu.
 
 Also, see the 'Remove Logoff on the Start Menu' policy setting.
 
-If you disable or do not configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del.
+If you disable or don't configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Remove Logoff*
+-   GP Friendly name: *Remove Logoff*
 -   GP name: *NoLogoff*
 -   GP path: *System/Ctrl+Alt+Del Options*
 -   GP ADMX file name: *CtrlAltDel.admx*
@@ -324,8 +234,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md
index 28d46d0d21..33f7687705 100644
--- a/windows/client-management/mdm/policy-csp-admx-datacollection.md
+++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md
@@ -6,21 +6,26 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/01/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_DataCollection
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
                  
 
 
 ## ADMX_DataCollection policies  
 
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
                  
   
                  
     ADMX_DataCollection/CommercialIdPolicy
@@ -34,32 +39,14 @@ manager: dansimp
 **ADMX_DataCollection/CommercialIdPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,23 +61,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines the identifier used to uniquely associate this device’s telemetry data as belonging to a given organization.
+This policy setting defines the identifier used to uniquely associate this device’s telemetry data as belonging to a given organization.
 
-If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program.
+If your organization is participating in a program that requires this device to be identified as belonging to your organization, then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program.
 
-If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its telemetry data with your organization.
+If you disable or don't configure this policy setting, then Microsoft won't be able to use this identifier to associate this machine and its telemetry data with your organization.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure the Commercial ID*
+-   GP Friendly name: *Configure the Commercial ID*
 -   GP name: *CommercialIdPolicy*
 -   GP path: *Windows Components\Data Collection and Preview Builds*
 -   GP ADMX file name: *DataCollection.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md
new file mode 100644
index 0000000000..510d934391
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-dcom.md
@@ -0,0 +1,156 @@
+---
+title: Policy CSP - ADMX_DCOM
+description: Policy CSP - ADMX_DCOM
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/08/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DCOM
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_DCOM policies  
+
+
                  
+  
                  
+    ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList
+  
                  
+  
                  
+    ADMX_DCOM/DCOMActivationSecurityCheckExemptionList
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.
+  
+- If you enable this policy setting, and DCOM doesn't find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
+
+- If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list.  
+If you don't configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy isn't configured.
+
+> [!NOTE]
+> This policy setting applies to all sites in Trusted zones.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow local activation security check exemptions*
+-   GP name: *DCOMActivationSecurityCheckAllowLocalList*
+-   GP path: *Windows Components\AppCompat!AllowLocalActivationSecurityCheckExemptionList*
+-   GP ADMX file name: *DCOM.admx*
+
+
+
+
                  
+
+
+**ADMX_DCOM/DCOMActivationSecurityCheckExemptionList**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to view and change a list of DCOM server application IDs (app IDs), which are exempted from the DCOM Activation security check.  
+DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators.  
+DCOM ignores the second list when this policy setting is configured, unless the "Allow local activation security check exemptions" policy is enabled. 
+DCOM server application IDs added to this policy must be listed in curly brace format.
+
+For example, `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`.
+If you enter a non-existent or improperly formatted application, ID DCOM will add it to the list without checking for errors.  
+- If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings. 
+
+If you add an application ID to this list and set its value to one, DCOM won't enforce the Activation security check for that DCOM server.   
+If you add an application ID to this list and set its value to 0, DCOM will always enforce the Activation security check for that DCOM server regardless of local 
+settings.  
+- If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.  
+
+If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used.  Notes:  The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.   
+This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries, then the object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead.  
+
+The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short term as an application compatibility deployment aid.  
+DCOM servers added to this exemption list are only exempted if their custom launch permissions don't contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups.  
+
+> [!NOTE]
+> Exemptions for DCOM Server Application IDs added to this list will apply to both 32-bit and 64-bit versions of the server if present.
+> 
+> [!NOTE]
+> This policy setting applies to all sites in Trusted zones.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow local activation security check exemptions*
+-   GP name: *DCOMActivationSecurityCheckExemptionList*
+-   GP path: *Windows Components\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList*
+-   GP ADMX file name: *DCOM.admx*
+
+
+
+
                  
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md
index 60c1836ab2..a7ea8ccda9 100644
--- a/windows/client-management/mdm/policy-csp-admx-desktop.md
+++ b/windows/client-management/mdm/policy-csp-admx-desktop.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/02/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Desktop
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -118,32 +123,14 @@ manager: dansimp
 **ADMX_Desktop/AD_EnableFilter**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -158,25 +145,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.
+Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying more filters to search results.
 
 If you enable this setting, the filter bar appears when the Active Directory Find dialog box opens, but users can hide it.
 
-If you disable this setting or do not configure it, the filter bar does not appear, but users can display it by selecting "Filter" on the "View" menu.
+If you disable this setting or don't configure it, the filter bar doesn't appear, but users can display it by selecting "Filter" on the "View" menu.
 
-To see the filter bar, open Network Locations, click Entire Network, and then click Directory. Right-click the name of a Windows domain, and click Find. Type the name of an object in the directory, such as  "Administrator." If the filter bar does not appear above the resulting display, on the View menu, click Filter.
+To see the filter bar, open Network Locations, click Entire Network, and then click Directory. Right-click the name of a Windows domain, and click Find. Type the name of an object in the directory, such as  "Administrator." If the filter bar doesn't appear above the resulting display, on the View menu, click Filter.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable filter in Find dialog box*
+-   GP Friendly name: *Enable filter in Find dialog box*
 -   GP name: *AD_EnableFilter*
 -   GP path: *Desktop\Active Directory*
 -   GP ADMX file name: *Desktop.admx*
@@ -189,32 +171,14 @@ ADMX Info:
 **ADMX_Desktop/AD_HideDirectoryFolder**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -229,27 +193,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Hides the Active Directory folder in Network Locations.
+Hides the Active Directory folder in Network Locations.
 
 The Active Directory folder displays Active Directory objects in a browse window.
 
-If you enable this setting, the Active Directory folder does not appear in the Network Locations folder.
+If you enable this setting, the Active Directory folder doesn't appear in the Network Locations folder.
 
-If you disable this setting or do not configure it, the Active Directory folder appears in the Network Locations folder.
+If you disable this setting or don't configure it, the Active Directory folder appears in the Network Locations folder.
 
 This setting is designed to let users search Active Directory but not tempt them to casually browse Active Directory.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide Active Directory folder*
+-   GP Friendly name: *Hide Active Directory folder*
 -   GP name: *AD_HideDirectoryFolder*
 -   GP path: *Desktop\Active Directory*
 -   GP ADMX file name: *Desktop.admx*
@@ -262,32 +221,14 @@ ADMX Info:
 **ADMX_Desktop/AD_QueryLimit**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -302,25 +243,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This setting affects all browse displays associated with Active Directory, such as those in Local Users and Groups, Active Directory Users and Computers, and dialog boxes used to set permissions for user or group objects in Active Directory.
+Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This setting affects all browse displays associated with Active Directory, such as those displays in Local Users and Groups, Active Directory Users and Computers, and dialog boxes used to set permissions for user or group objects in Active Directory.
 
 If you enable this setting, you can use the "Number of objects returned" box to limit returns from an Active Directory search.
 
-If you disable this setting or do not configure it, the system displays up to 10,000 objects. This consumes approximately 2 MB of memory or disk space.
+If you disable this setting or don't configure it, the system displays up to 10,000 objects. This screen-display consumes approximately 2 MB of memory or disk space.
 
 This setting is designed to protect the network and the domain controller from the effect of expansive searches.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Maximum size of Active Directory searches*
+-   GP Friendly name: *Maximum size of Active Directory searches*
 -   GP name: *AD_QueryLimit*
 -   GP path: *Desktop\Active Directory*
 -   GP ADMX file name: *Desktop.admx*
@@ -333,32 +269,14 @@ ADMX Info:
 **ADMX_Desktop/ForceActiveDesktopOn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -373,26 +291,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Enables Active Desktop and prevents users from disabling it.
+Enables Active Desktop and prevents users from disabling it.
 
 This setting prevents users from trying to enable or disable Active Desktop while a policy controls it.
 
-If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.
+If you disable this setting or don't configure it, Active Desktop is disabled by default, but users can enable it.
 
 > [!NOTE]
 > If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored.  If the "Turn on Classic Shell" setting (in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both of these policies are ignored.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enable Active Desktop*
+-   GP Friendly name: *Enable Active Desktop*
 -   GP name: *ForceActiveDesktopOn*
 -   GP path: *Desktop\Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -405,32 +317,14 @@ ADMX Info:
 **ADMX_Desktop/NoActiveDesktop**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -445,26 +339,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Disables Active Desktop and prevents users from enabling it.
+Disables Active Desktop and prevents users from enabling it.
 
 This setting prevents users from trying to enable or disable Active Desktop while a policy controls it.
 
-If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.
+If you disable this setting or don't configure it, Active Desktop is disabled by default, but users can enable it.
 
 > [!NOTE]
 > If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Classic Shell" setting (in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both these policies are ignored.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Disable Active Desktop*
+-   GP Friendly name: *Disable Active Desktop*
 -   GP name: *NoActiveDesktop*
 -   GP path: *Desktop\Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -477,32 +366,14 @@ ADMX Info:
 **ADMX_Desktop/NoActiveDesktopChanges**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -517,21 +388,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents the user from enabling or disabling Active Desktop or changing the Active Desktop configuration.
+Prevents the user from enabling or disabling Active Desktop or changing the Active Desktop configuration.
 
-This is a comprehensive setting that locks down the configuration you establish by using other policies in this folder. This setting removes the Web tab from Display in Control Panel. As a result, users cannot enable or disable Active Desktop. If Active Desktop is already enabled, users cannot add, remove, or edit Web content or disable, lock, or synchronize Active Desktop components.
+This setting is a comprehensive one that locks down the configuration you establish by using other policies in this folder. This setting removes the Web tab from Display in Control Panel. As a result, users can't enable or disable Active Desktop. If Active Desktop is already enabled, users can't add, remove, or edit Web content or disable, lock, or synchronize Active Desktop components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prohibit changes*
+-   GP Friendly name: *Prohibit changes*
 -   GP name: *NoActiveDesktopChanges*
 -   GP path: *Desktop\Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -544,32 +409,14 @@ ADMX Info:
 **ADMX_Desktop/NoDesktop**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -584,23 +431,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes icons, shortcuts, and other default and user-defined items from the desktop, including Briefcase, Recycle Bin, Computer, and Network Locations.
+Removes icons, shortcuts, and other default and user-defined items from the desktop, including Briefcase, Recycle Bin, Computer, and Network Locations.
 
-Removing icons and shortcuts does not prevent the user from using another method to start the programs or opening the items they represent.
+Removing icons and shortcuts doesn't prevent the user from using another method to start the programs or opening the items they represent.
 
-Also, see "Items displayed in Places Bar" in User Configuration\Administrative Templates\Windows Components\Common Open File Dialog to remove the Desktop icon from the Places Bar. This will help prevent users from saving data to the Desktop.
+Also, see "Items displayed in Places Bar" in User Configuration\Administrative Templates\Windows Components\Common Open File Dialog to remove the Desktop icon from the Places Bar. The removal of the Desktop icon will help prevent users from saving data to the Desktop.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide and disable all items on the desktop*
+-   GP Friendly name: *Hide and disable all items on the desktop*
 -   GP name: *NoDesktop*
 -   GP path: *Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -613,32 +455,14 @@ ADMX Info:
 **ADMX_Desktop/NoDesktopCleanupWizard**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -653,26 +477,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from using the Desktop Cleanup Wizard.
+Prevents users from using the Desktop Cleanup Wizard.
 
-If you enable this setting, the Desktop Cleanup wizard does not automatically run on a users workstation every 60 days. The user will also not be able to access the Desktop Cleanup Wizard.
+If you enable this setting, the Desktop Cleanup wizard doesn't automatically run on a user's workstation every 60 days. The user will also not be able to access the Desktop Cleanup Wizard.
 
-If you disable this setting or do not configure it, the default behavior of the Desktop Clean Wizard running every 60 days occurs.
+If you disable this setting or don't configure it, the default behavior of the Desktop Clean Wizard running every 60 days occurs.
 
 > [!NOTE]
-> When this setting is not enabled, users can run the Desktop Cleanup Wizard, or have it run automatically every 60 days from Display, by clicking the Desktop tab and then clicking the Customize Desktop button.
+> When this setting isn't enabled, users can run the Desktop Cleanup Wizard, or have it run automatically every 60 days from Display, by clicking the Desktop tab and then clicking the Customize Desktop button.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove the Desktop Cleanup Wizard*
+-   GP Friendly name: *Remove the Desktop Cleanup Wizard*
 -   GP name: *NoDesktopCleanupWizard*
 -   GP path: *Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -685,32 +504,14 @@ ADMX Info:
 **ADMX_Desktop/NoInternetIcon**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -725,21 +526,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.
+Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.
 
-This setting does not prevent the user from starting Internet Explorer by using other methods.
+This setting doesn't prevent the user from starting Internet Explorer by using other methods.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide Internet Explorer icon on desktop*
+-   GP Friendly name: *Hide Internet Explorer icon on desktop*
 -   GP name: *NoInternetIcon*
 -   GP path: *Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -752,32 +548,14 @@ ADMX Info:
 **ADMX_Desktop/NoMyComputerIcon**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -792,28 +570,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting hides Computer from the desktop and from the new Start menu. It also hides links to Computer in the Web view of all Explorer windows, and it hides Computer in the Explorer folder tree pane. If the user navigates into Computer via the "Up" button while this setting is enabled, they view an empty Computer folder. This setting allows administrators to restrict their users from seeing Computer in the shell namespace, allowing them to present their users with a simpler desktop environment.
+This setting hides Computer from the desktop and from the new Start menu. It also hides links to Computer in the Web view of all Explorer windows, and it hides Computer in the Explorer folder tree pane. If the user navigates into Computer via the "Up" button while this setting is enabled, they view an empty Computer folder. This setting allows administrators to restrict their users from seeing Computer in the shell namespace, allowing them to present their users with a simpler desktop environment.
 
 If you enable this setting, Computer is hidden on the desktop, the new Start menu, the Explorer folder tree pane, and the Explorer Web views. If the user manages to navigate to Computer, the folder will be empty.
 
 If you disable this setting, Computer is displayed as usual, appearing as normal on the desktop, Start menu, folder tree pane, and Web views, unless restricted by another setting.
 
-If you do not configure this setting, the default is to display Computer as usual.
+If you don't configure this setting, the default is to display Computer as usual.
 
 > [!NOTE]
-> In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Computer icon. Hiding Computer and its contents does not hide the contents of the child folders of Computer. For example, if the users navigate into one of their hard drives, they see all of their folders and files there, even if this setting is enabled.
+> In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Computer icon. Hiding Computer and its contents doesn't hide the contents of the child folders of Computer. For example, if the users navigate into one of their hard drives, they see all of their folders and files there, even if this setting is enabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Computer icon on the desktop*
+-   GP Friendly name: *Remove Computer icon on the desktop*
 -   GP name: *NoMyComputerIcon*
 -   GP path: *Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -826,32 +599,14 @@ ADMX Info:
 **ADMX_Desktop/NoMyDocumentsIcon**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -866,28 +621,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes most occurrences of the My Documents icon.
+Removes most occurrences of the My Documents icon.
 
 This setting removes the My Documents icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box.
 
-This setting does not prevent the user from using other methods to gain access to the contents of the My Documents folder.
+This setting doesn't prevent the user from using other methods to gain access to the contents of the My Documents folder.
 
-This setting does not remove the My Documents icon from the Start menu. To do so, use the "Remove My Documents icon from Start Menu" setting.
+This setting doesn't remove the My Documents icon from the Start menu. To do so, use the "Remove My Documents icon from Start Menu" setting.
 
 > [!NOTE]
 > To make changes to this setting effective, you must log off from and log back on to Windows 2000 Professional.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Remove My Documents icon on the desktop*
+-   GP Friendly name: *Remove My Documents icon on the desktop*
 -   GP name: *NoMyDocumentsIcon*
 -   GP path: *Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -900,32 +649,14 @@ ADMX Info:
 **ADMX_Desktop/NoNetHood**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -940,24 +671,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes the Network Locations icon from the desktop.
+Removes the Network Locations icon from the desktop.
 
-This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network.
+This setting only affects the desktop icon. It doesn't prevent users from connecting to the network or browsing for shared computers on the network.
 
 > [!NOTE]
 > In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Network Places icon.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide Network Locations icon on desktop*
+-   GP Friendly name: *Hide Network Locations icon on desktop*
 -   GP name: *NoNetHood*
 -   GP path: *Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -970,32 +696,14 @@ ADMX Info:
 **ADMX_Desktop/NoPropertiesMyComputer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1010,23 +718,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting hides Properties on the context menu for Computer.
+This setting hides Properties on the context menu for Computer.
 
-If you enable this setting, the Properties option will not be present when the user right-clicks My Computer or clicks Computer and then goes to the File menu.  Likewise, Alt-Enter does nothing when Computer is selected.
+If you enable this setting, the Properties option won't be present when the user right-clicks My Computer or clicks Computer and then goes to the File menu.  Likewise, Alt-Enter does nothing when Computer is selected.
 
-If you disable or do not configure this setting, the Properties option is displayed as usual.
+If you disable or don't configure this setting, the Properties option is displayed as usual.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Properties from the Computer icon context menu*
+-   GP Friendly name: *Remove Properties from the Computer icon context menu*
 -   GP name: *NoPropertiesMyComputer*
 -   GP path: *Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -1039,32 +742,14 @@ ADMX Info:
 **ADMX_Desktop/NoPropertiesMyDocuments**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1079,27 +764,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting hides the Properties menu command on the shortcut menu for the My Documents icon.
+This policy setting hides the Properties menu command on the shortcut menu for the My Documents icon.
 
-If you enable this policy setting, the Properties menu command will not be displayed when the user does any of the following:
+If you enable this policy setting, the Properties menu command won't be displayed when the user does any of the following tasks:
 
 - Right-clicks the My Documents icon.
 - Clicks the My Documents icon, and then opens the File menu.
 - Clicks the My Documents icon, and then presses ALT+ENTER.
 
-If you disable or do not configure this policy setting, the Properties menu command is displayed.
+If you disable or don't configure this policy setting, the Properties menu command is displayed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Properties from the Documents icon context menu*
+-   GP Friendly name: *Remove Properties from the Documents icon context menu*
 -   GP name: *NoPropertiesMyDocuments*
 -   GP path: *Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -1112,32 +792,14 @@ ADMX Info:
 **ADMX_Desktop/NoRecentDocsNetHood**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1152,23 +814,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Remote shared folders are not added to Network Locations whenever you open a document in the shared folder.
+Remote shared folders aren't added to Network Locations whenever you open a document in the shared folder.
 
-If you disable this setting or do not configure it, when you open a document in a remote shared folder, the system adds a connection to the shared folder to Network Locations.
+If you disable this setting or don't configure it, when you open a document in a remote shared folder, the system adds a connection to the shared folder to Network Locations.
 
-If you enable this setting, shared folders are not added to Network Locations automatically when you open a document in the shared folder.
+If you enable this setting, shared folders aren't added to Network Locations automatically when you open a document in the shared folder.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not add shares of recently opened documents to Network Locations*
+-   GP Friendly name: *Do not add shares of recently opened documents to Network Locations*
 -   GP name: *NoRecentDocsNetHood*
 -   GP path: *Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -1181,32 +838,14 @@ ADMX Info:
 **ADMX_Desktop/NoRecycleBinIcon**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1221,26 +860,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes most occurrences of the Recycle Bin icon.
+Removes most occurrences of the Recycle Bin icon.
 
 This setting removes the Recycle Bin icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box.
 
-This setting does not prevent the user from using other methods to gain access to the contents of the Recycle Bin folder.
+This setting doesn't prevent the user from using other methods to gain access to the contents of the Recycle Bin folder.
 
 > [!NOTE]
 > To make changes to this setting effective, you must log off and then log back on.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Remove Recycle Bin icon from desktop*
+-   GP Friendly name: *Remove Recycle Bin icon from desktop*
 -   GP name: *NoRecycleBinIcon*
 -   GP path: *Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -1253,32 +886,14 @@ ADMX Info:
 **ADMX_Desktop/NoRecycleBinProperties**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1293,23 +908,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes the Properties option from the Recycle Bin context menu.
+Removes the Properties option from the Recycle Bin context menu.
 
-If you enable this setting, the Properties option will not be present when the user right-clicks on Recycle Bin or opens Recycle Bin and then clicks File. Likewise, Alt-Enter does nothing when Recycle Bin is selected.
+If you enable this setting, the Properties option won't be present when the user right-clicks on Recycle Bin or opens Recycle Bin and then clicks File. Likewise, Alt-Enter does nothing when Recycle Bin is selected.
 
-If you disable or do not configure this setting, the Properties option is displayed as usual.
+If you disable or don't configure this setting, the Properties option is displayed as usual.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Properties from the Recycle Bin context menu*
+-   GP Friendly name: *Remove Properties from the Recycle Bin context menu*
 -   GP name: *NoRecycleBinProperties*
 -   GP path: *Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -1322,32 +932,14 @@ ADMX Info:
 **ADMX_Desktop/NoSaveSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1362,21 +954,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from saving certain changes to the desktop.
+Prevents users from saving certain changes to the desktop.
 
-If you enable this setting, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, are not saved when users log off. However, shortcuts placed on the desktop are always saved.
+If you enable this setting, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, aren't saved when users sign out. However, shortcuts placed on the desktop are always saved.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Don't save settings at exit*
+-   GP Friendly name: *Don't save settings at exit*
 -   GP name: *NoSaveSettings*
 -   GP path: *Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -1389,32 +976,14 @@ ADMX Info:
 **ADMX_Desktop/NoWindowMinimizingShortcuts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1429,23 +998,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse.
+Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse.
 
-If you enable this policy, application windows will not be minimized or restored when the active window is shaken back and forth with the mouse.
+If you enable this policy, application windows won't be minimized or restored when the active window is shaken back and forth with the mouse.
 
-If you disable or do not configure this policy, this window minimizing and restoring gesture will apply.
+If you disable or don't configure this policy, this window minimizing and restoring gesture will apply.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off Aero Shake window minimizing mouse gesture*
+-   GP Friendly name: *Turn off Aero Shake window minimizing mouse gesture*
 -   GP name: *NoWindowMinimizingShortcuts*
 -   GP path: *Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -1458,32 +1021,14 @@ ADMX Info:
 **ADMX_Desktop/Wallpaper**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1498,30 +1043,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Specifies the desktop background ("wallpaper") displayed on all users' desktops.
+Specifies the desktop background ("wallpaper") displayed on all users' desktops.
 
 This setting lets you specify the wallpaper on users' desktops and prevents users from changing the image or its presentation. The wallpaper you specify can be stored in a bitmap (*.bmp) or JPEG (*.jpg) file.
 
-To use this setting, type the fully qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\Windows\web\wallpaper\home.jpg or a UNC path, such as \\\Server\Share\Corp.jpg. If the specified file is not available when the user logs on, no wallpaper is displayed. Users cannot specify alternative wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched. Users cannot change this specification.
+To use this setting, type the fully qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\Windows\web\wallpaper\home.jpg or a UNC path, such as \\\Server\Share\Corp.jpg. If the specified file isn't available when the user logs on, no wallpaper is displayed. Users can't specify alternative wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched. Users can't change this specification.
 
-If you disable this setting or do not configure it, no wallpaper is displayed. However, users can select the wallpaper of their choice.
+If you disable this setting or don't configure it, no wallpaper is displayed. However, users can select the wallpaper of their choice.
 
 Also, see the "Allow only bitmapped wallpaper" in the same location, and the "Prevent changing wallpaper" setting in User Configuration\Administrative Templates\Control Panel.
 
 > [!NOTE]
-> This setting does not apply to remote desktop server sessions.
+> This setting doesn't apply to remote desktop server sessions.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Desktop Wallpaper*
+-   GP Friendly name: *Desktop Wallpaper*
 -   GP name: *Wallpaper*
 -   GP path: *Desktop\Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -1534,32 +1073,14 @@ ADMX Info:
 **ADMX_Desktop/sz_ATC_DisableAdd**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1574,23 +1095,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from adding Web content to their Active Desktop.
+Prevents users from adding Web content to their Active Desktop.
 
-This setting removes the "New" button from Web tab in Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop. This setting does not remove existing Web content from their Active Desktop, or prevent users from removing existing Web content.
+This setting removes the "New" button from Web tab in Display in Control Panel. As a result, users can't add Web pages or pictures from the Internet or an intranet to the desktop. This setting doesn't remove existing Web content from their Active Desktop, or prevent users from removing existing Web content.
 
 Also, see the "Disable all items" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prohibit adding items*
+-   GP Friendly name: *Prohibit adding items*
 -   GP name: *sz_ATC_DisableAdd*
 -   GP path: *Desktop\Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -1603,32 +1118,14 @@ ADMX Info:
 **ADMX_Desktop/sz_ATC_DisableClose**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1643,26 +1140,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from removing Web content from their Active Desktop.
+Prevents users from removing Web content from their Active Desktop.
 
-In Active Desktop, you can add items to the desktop but close them so they are not displayed.
+In Active Desktop, you can add items to the desktop but close them so they aren't displayed.
 
-If you enable this setting, items added to the desktop cannot be closed; they always appear on the desktop. This setting removes the check boxes from items on the Web tab in Display in Control Panel.
+If you enable this setting, items added to the desktop can't be closed; they always appear on the desktop. This setting removes the check boxes from items on the Web tab in Display in Control Panel.
 
 > [!NOTE]
-> This setting does not prevent users from deleting items from their Active Desktop.
+> This setting doesn't prevent users from deleting items from their Active Desktop.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit closing items*
+-   GP Friendly name: *Prohibit closing items*
 -   GP name: *sz_ATC_DisableClose*
 -   GP path: *Desktop\Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -1675,32 +1167,14 @@ ADMX Info:
 **ADMX_Desktop/sz_ATC_DisableDel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1715,25 +1189,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from deleting Web content from their Active Desktop.
+Prevents users from deleting Web content from their Active Desktop.
 
 This setting removes the Delete button from the Web tab in Display in Control Panel. As a result, users can temporarily remove, but not delete, Web content from their Active Desktop.
 
-This setting does not prevent users from adding Web content to their Active Desktop.
+This setting doesn't prevent users from adding Web content to their Active Desktop.
 
 Also, see the "Prohibit closing items" and "Disable all items" settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit deleting items*
+-   GP Friendly name: *Prohibit deleting items*
 -   GP name: *sz_ATC_DisableDel*
 -   GP path: *Desktop\Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -1746,32 +1215,14 @@ ADMX Info:
 **ADMX_Desktop/sz_ATC_DisableEdit**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1786,21 +1237,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the properties of Web content items on their Active Desktop.
+Prevents users from changing the properties of Web content items on their Active Desktop.
 
-This setting disables the Properties button on the Web tab in Display in Control Panel. Also, it removes the Properties item from the menu for each item on the Active Desktop. As a result, users cannot change the properties of an item, such as its synchronization schedule, password, or display characteristics.
+This setting disables the Properties button on the Web tab in Display in Control Panel. Also, it removes the Properties item from the menu for each item on the Active Desktop. As a result, users can't change the properties of an item, such as its synchronization schedule, password, or display characteristics.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit editing items*
+-   GP Friendly name: *Prohibit editing items*
 -   GP name: *sz_ATC_DisableEdit*
 -   GP path: *Desktop\Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -1813,32 +1259,14 @@ ADMX Info:
 **ADMX_Desktop/sz_ATC_NoComponents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1853,24 +1281,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes Active Desktop content and prevents users from adding Active Desktop content. 
+Removes Active Desktop content and prevents users from adding Active Desktop content. 
 
-This setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users cannot add Web pages or  pictures from the Internet or an intranet to the desktop.
+This setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users can't add Web pages or  pictures from the Internet or an intranet to the desktop.
 
 > [!NOTE]
-> This setting does not disable Active Desktop. Users can  still use image formats, such as JPEG and GIF, for their desktop wallpaper.
+> This setting doesn't disable Active Desktop. Users can  still use image formats, such as JPEG and GIF, for their desktop wallpaper.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Disable all items*
+-   GP Friendly name: *Disable all items*
 -   GP name: *sz_ATC_NoComponents*
 -   GP path: *Desktop\Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -1883,32 +1306,14 @@ ADMX Info:
 **ADMX_Desktop/sz_AdminComponents_Title**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1923,29 +1328,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Adds and deletes specified Web content items.
+Adds and deletes specified Web content items.
 
 You can use the "Add" box in this setting to add particular Web-based items or shortcuts to users' desktops. Users can close or delete the items (if settings allow), but the items are added again each time the setting is refreshed.
 
 You can also use this setting to delete particular Web-based items from users' desktops. Users can add the item again (if settings allow), but the item is deleted each time the setting is refreshed.
 
 > [!NOTE]
-> Removing an item from the "Add" list for this setting is not the same as deleting it. Items that are removed from the "Add" list are not removed from the desktop. They are simply not added again.
+> Removing an item from the "Add" list for this setting isn't the same as deleting it. Items that are removed from the "Add" list aren't removed from the desktop. They are simply not added again.
 
 > [!NOTE]
-> For this setting to take affect, you must log off and log on to the system.
+> For this setting to take effect, you must log off and log on to the system.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Add/Delete items*
+-   GP Friendly name: *Add/Delete items*
 -   GP name: *sz_AdminComponents_Title*
 -   GP path: *Desktop\Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -1958,32 +1358,14 @@ ADMX Info:
 **ADMX_Desktop/sz_DB_DragDropClose**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1998,9 +1380,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from manipulating desktop toolbars.
+Prevents users from manipulating desktop toolbars.
 
-If you enable this setting, users cannot add or remove toolbars from the desktop. Also, users cannot drag toolbars on to or off of docked toolbars.
+If you enable this setting, users can't add or remove toolbars from the desktop. Also, users can't drag toolbars onto or off from the docked toolbars.
 
 > [!NOTE]
 > If users have added or removed toolbars, this setting prevents them from restoring the default configuration.
@@ -2011,16 +1393,11 @@ If you enable this setting, users cannot add or remove toolbars from the desktop
 Also, see the "Prohibit adjusting desktop toolbars" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent adding, dragging, dropping and closing the Taskbar's toolbars*
+-   GP Friendly name: *Prevent adding, dragging, dropping and closing the Taskbar's toolbars*
 -   GP name: *sz_DB_DragDropClose*
 -   GP path: *Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -2033,32 +1410,14 @@ ADMX Info:
 **ADMX_Desktop/sz_DB_Moving**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2073,9 +1432,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from adjusting the length of desktop toolbars. Also, users cannot reposition items or toolbars on docked toolbars.
+Prevents users from adjusting the length of desktop toolbars. Also, users can't reposition items or toolbars on docked toolbars.
 
-This setting does not prevent users from adding or removing toolbars on the desktop.
+This setting doesn't prevent users from adding or removing toolbars on the desktop.
 
 > [!NOTE]
 > If users have adjusted their toolbars, this setting prevents them from restoring the default configuration.
@@ -2083,16 +1442,11 @@ This setting does not prevent users from adding or removing toolbars on the desk
 Also, see the "Prevent adding, dragging, dropping and closing the Taskbar's toolbars" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit adjusting desktop toolbars*
+-   GP Friendly name: *Prohibit adjusting desktop toolbars*
 -   GP name: *sz_DB_Moving*
 -   GP path: *Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -2105,32 +1459,14 @@ ADMX Info:
 **ADMX_Desktop/sz_DWP_NoHTMLPaper**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2145,21 +1481,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Permits only bitmap images for wallpaper. This setting limits the desktop background ("wallpaper") to bitmap (.bmp) files. If users select files with other image formats, such as JPEG, GIF, PNG, or HTML, through the Browse button on the Desktop tab, the wallpaper does not load. Files that are autoconverted to a .bmp format, such as JPEG, GIF, and PNG, can be set as Wallpaper by right-clicking the image and selecting "Set as Wallpaper".
+Permits only bitmap images for wallpaper. This setting limits the desktop background ("wallpaper") to bitmap (.bmp) files. If users select files with other image formats, such as JPEG, GIF, PNG, or HTML, through the Browse button on the Desktop tab, the wallpaper doesn't load. Files that are autoconverted to a .bmp format, such as JPEG, GIF, and PNG, can be set as Wallpaper by right-clicking the image and selecting "Set as Wallpaper".
 
 Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User Configuration\Administrative Templates\Control Panel\Display) settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow only bitmapped wallpaper*
+-   GP Friendly name: *Allow only bitmapped wallpaper*
 -   GP name: *sz_DWP_NoHTMLPaper*
 -   GP path: *Desktop\Desktop*
 -   GP ADMX file name: *Desktop.admx*
@@ -2168,7 +1499,5 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
new file mode 100644
index 0000000000..b1ccc54155
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
@@ -0,0 +1,121 @@
+---
+title: Policy CSP - ADMX_DeviceCompat
+description: Policy CSP - ADMX_DeviceCompat
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 08/09/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DeviceCompat
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_DeviceCompat policies  
+
+
                  
+  
                  
+    ADMX_DeviceCompat/DeviceFlags
+  
                  
+  
                  
+    ADMX_DeviceCompat/DriverShims
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_DeviceCompat/DeviceFlags**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+Changes behavior of Microsoft bus drivers to work with specific devices.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Device compatibility settings*
+-   GP name: *DeviceFlags*
+-   GP path: *Windows Components\Device and Driver Compatibility*
+-   GP ADMX file name: *DeviceCompat.admx*
+
+
+
+
                  
+
+
+**ADMX_DeviceCompat/DriverShims**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+Changes behavior of third-party drivers to work around incompatibilities introduced between OS versions.		
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Driver compatibility settings*
+-   GP name: *DriverShims*
+-   GP path: *Windows Components\Device and Driver Compatibility*
+-   GP ADMX file name: *DeviceCompat.admx*
+
+
+
+
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
new file mode 100644
index 0000000000..5ac4d423c2
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@@ -0,0 +1,91 @@
+---
+title: Policy CSP - ADMX_DeviceGuard
+description: Policy CSP - ADMX_DeviceGuard
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 09/08/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DeviceGuard
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_DeviceGuard policies  
+
+
                  
+  
                  
+    ADMX_DeviceGuard/ConfigCIPolicy
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_DeviceGuard/ConfigCIPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting lets you deploy a Code Integrity Policy to a machine to control what is allowed to run on that machine.  
+
+If you deploy a Code Integrity Policy, Windows will restrict what can run in both kernel mode and on the Windows Desktop based on the policy. 
+
+To enable this policy, the machine must be rebooted.  
+The file path must be either a UNC path (for example, `\\ServerName\ShareName\SIPolicy.p7b`),
+or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`. 
+ 
+The local machine account (LOCAL SYSTEM) must have access permission to the policy file.    
+If using a signed and protected policy, then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:  
+1. First update the policy to a non-protected policy and then disable the setting.  
+2. Disable the setting and then remove the policy from each computer, with a physically present user.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Deploy Windows Defender Application Control*
+-   GP name: *ConfigCIPolicy*
+-   GP path: *Windows Components/DeviceGuard!DeployConfigCIPolicy*
+-   GP ADMX file name: *DeviceGuard.admx*
+
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
index 6dbde4ba7a..62efd762ae 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/19/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_DeviceInstallation
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -55,32 +60,14 @@ manager: dansimp
 **ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -95,23 +82,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to determine whether members of the Administrators group can install and update the drivers for any device, regardless of other policy settings.
+This policy setting allows you to determine whether members of the Administrators group can install and update the drivers for any device, regardless of other policy settings.
 
 If you enable this policy setting, members of the Administrators group can use the Add Hardware wizard or the Update Driver wizard to install and update the drivers for any device. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
 
-If you disable or do not configure this policy setting, members of the Administrators group are subject to all policy settings that restrict device installation.
+If you disable or don't configure this policy setting, members of the Administrators group are subject to all policy settings that restrict device installation.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow administrators to override Device Installation Restriction policies*
+-   GP Friendly name: *Allow administrators to override Device Installation Restriction policies*
 -   GP name: *DeviceInstall_AllowAdminInstall*
 -   GP path: *System\Device Installation\Device Installation Restrictions*
 -   GP ADMX file name: *DeviceInstallation.admx*
@@ -124,32 +106,14 @@ ADMX Info:
 **ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -164,23 +128,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and a policy setting prevents the installation.
+This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and a policy setting prevents the installation.
 
 If you enable this policy setting, Windows displays the text you type in the Detail Text box when a policy setting prevents device installation.
 
-If you disable or do not configure this policy setting, Windows displays a default message when a policy setting prevents device installation.
+If you disable or don't configure this policy setting, Windows displays a default message when a policy setting prevents device installation.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Display a custom message when installation is prevented by a policy setting*
+-   GP Friendly name: *Display a custom message when installation is prevented by a policy setting*
 -   GP name: *DeviceInstall_DeniedPolicy_DetailText*
 -   GP path: *System\Device Installation\Device Installation Restrictions*
 -   GP ADMX file name: *DeviceInstallation.admx*
@@ -193,32 +152,14 @@ ADMX Info:
 **ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -233,23 +174,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a policy setting prevents the installation.
+This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a policy setting prevents the installation.
 
 If you enable this policy setting, Windows displays the text you type in the Main Text box as the title text of a notification when a policy setting prevents device installation.
 
-If you disable or do not configure this policy setting, Windows displays a default title in a notification when a policy setting prevents device installation.
+If you disable or don't configure this policy setting, Windows displays a default title in a notification when a policy setting prevents device installation.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Display a custom message title when device installation is prevented by a policy setting*
+-   GP Friendly name: *Display a custom message title when device installation is prevented by a policy setting*
 -   GP name: *DeviceInstall_DeniedPolicy_SimpleText*
 -   GP path: *System\Device Installation\Device Installation Restrictions*
 -   GP ADMX file name: *DeviceInstallation.admx*
@@ -262,32 +198,14 @@ ADMX Info:
 **ADMX_DeviceInstallation/DeviceInstall_InstallTimeout**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -302,23 +220,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. 
+This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. 
 
 If you enable this policy setting, Windows waits for the number of seconds you specify before terminating the installation.
 
-If you disable or do not configure this policy setting, Windows waits 240 seconds for a device installation task to complete before terminating the installation.
+If you disable or don't configure this policy setting, Windows waits 240 seconds for a device installation task to complete before terminating the installation.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure device installation time-out*
+-   GP Friendly name: *Configure device installation time-out*
 -   GP name: *DeviceInstall_InstallTimeout*
 -   GP path: *System\Device Installation*
 -   GP ADMX file name: *DeviceInstallation.admx*
@@ -331,32 +244,14 @@ ADMX Info:
 **ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -371,25 +266,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting establishes the amount of time (in seconds) that the system will wait to reboot in order to enforce a change in device installation restriction policies.
+This policy setting establishes the amount of time (in seconds) that the system will wait to reboot in order to enforce a change in device installation restriction policies.
 
-If you enable this policy setting, set the amount of seconds you want the system to wait until a reboot.
+If you enable this policy setting, set the number of seconds you want the system to wait until a reboot.
 
-If you disable or do not configure this policy setting, the system does not force a reboot.
+If you disable or don't configure this policy setting, the system doesn't force a reboot.
 
-Note: If no reboot is forced, the device installation restriction right will not take effect until the system is restarted.
+Note: If no reboot is forced, the device installation restriction right won't take effect until the system is restarted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Time (in seconds) to force reboot when required for policy changes to take effect*
+-   GP Friendly name: *Time (in seconds) to force reboot when required for policy changes to take effect*
 -   GP name: *DeviceInstall_Policy_RebootTime*
 -   GP path: *System\Device Installation\Device Installation Restrictions*
 -   GP ADMX file name: *DeviceInstallation.admx*
@@ -402,32 +292,14 @@ ADMX Info:
 **ADMX_DeviceInstallation/DeviceInstall_Removable_Deny**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -442,22 +314,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the drivers for the USB hub to which the device is connected. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
+This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it's connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the drivers for the USB hub to which the device is connected. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
 
-If you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices cannot have their drivers updated. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop client to the remote desktop server.
+If you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices can't have their drivers updated. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop client to the remote desktop server.
 
-If you disable or do not configure this policy setting, Windows can install and update device drivers for removable devices as allowed or prevented by other policy settings.
+If you disable or don't configure this policy setting, Windows can install and update device drivers for removable devices as allowed or prevented by other policy settings.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent installation of removable devices*
+-   GP Friendly name: *Prevent installation of removable devices*
 -   GP name: *DeviceInstall_Removable_Deny*
 -   GP path: *System\Device Installation\Device Installation Restrictions*
 -   GP ADMX file name: *DeviceInstallation.admx*
@@ -470,32 +337,14 @@ ADMX Info:
 **ADMX_DeviceInstallation/DeviceInstall_SystemRestore**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -510,23 +359,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A system restore point enables you to more easily restore your system to its state before the activity. 
+This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A system restore point enables you to more easily restore your system to its state before the activity. 
 
-If you enable this policy setting, Windows does not create a system restore point when one would normally be created.
+If you enable this policy setting, Windows doesn't create a system restore point when one would normally be created.
 
-If you disable or do not configure this policy setting, Windows creates a system restore point as it normally would.
+If you disable or don't configure this policy setting, Windows creates a system restore point as it normally would.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point*
+-   GP Friendly name: *Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point*
 -   GP name: *DeviceInstall_SystemRestore*
 -   GP path: *System\Device Installation*
 -   GP ADMX file name: *DeviceInstallation.admx*
@@ -539,32 +383,14 @@ ADMX Info:
 **ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -579,24 +405,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies a list of device setup class GUIDs describing device drivers that non-administrator members of the built-in Users group may install on the system.
+This policy setting specifies a list of device setup class GUIDs describing device drivers that non-administrator members of the built-in Users group may install on the system.
 
 If you enable this policy setting, members of the Users group may install new drivers for the specified device setup classes. The drivers must be signed according to Windows Driver Signing Policy, or be signed by publishers already in the TrustedPublisher store.
 
-If you disable or do not configure this policy setting, only members of the Administrators group are allowed to install new device drivers on the system.
+If you disable or don't configure this policy setting, only members of the Administrators group are allowed to install new device drivers on the system.
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow non-administrators to install drivers for these device setup classes*
+-   GP Friendly name: *Allow non-administrators to install drivers for these device setup classes*
 -   GP name: *DriverInstall_Classes_AllowUser*
 -   GP path: *System\Device Installation*
 -   GP ADMX file name: *DeviceInstallation.admx*
@@ -605,6 +426,4 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
index 99a7d7da64..c54fe1375e 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/19/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_DeviceSetup
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -37,32 +42,14 @@ manager: dansimp
 **ADMX_DeviceSetup/DeviceInstall_BalloonTips**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -77,23 +64,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off "Found New Hardware" balloons during device installation.
+This policy setting allows you to turn off "Found New Hardware" balloons during device installation.
 
-If you enable this policy setting, "Found New Hardware" balloons do not appear while a device is being installed.
+If you enable this policy setting, "Found New Hardware" balloons don't appear while a device is being installed.
 
-If you disable or do not configure this policy setting, "Found New Hardware" balloons appear while a device is being installed, unless the driver for the device suppresses the balloons.
+If you disable or don't configure this policy setting, "Found New Hardware" balloons appear while a device is being installed, unless the driver for the device suppresses the balloons.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off "Found New Hardware" balloons during device installation*
+-   GP Friendly name: *Turn off "Found New Hardware" balloons during device installation*
 -   GP name: *DeviceInstall_BalloonTips*
 -   GP path: *System\Device Installation*
 -   GP ADMX file name: *DeviceSetup.admx*
@@ -106,32 +88,14 @@ ADMX Info:
 **ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -146,25 +110,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the order in which Windows searches source locations for device drivers.
+This policy setting allows you to specify the order in which Windows searches source locations for device drivers.
 
 If you enable this policy setting, you can select whether Windows searches for drivers on Windows Update unconditionally, only if necessary, or not at all.
 
-Note that searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows will not continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching only if needed is specified, then Windows will search for a driver only if a driver is not locally available on the system.
+Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching only if needed is specified, then Windows will search for a driver only if a driver isn't locally available on the system.
 
-If you disable or do not configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers.
+If you disable or don't configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify search order for device driver source locations*
+-   GP Friendly name: *Specify search order for device driver source locations*
 -   GP name: *DriverSearchPlaces_SearchOrderConfiguration*
 -   GP path: *System\Device Installation*
 -   GP ADMX file name: *DeviceSetup.admx*
@@ -173,7 +131,5 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
new file mode 100644
index 0000000000..49774e691d
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -0,0 +1,89 @@
+---
+title: Policy CSP - ADMX_DFS
+description: Policy CSP - ADMX_DFS
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/08/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DFS
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
                  
+
+
+## ADMX_DFS policies 
+
+
                  
+  
                  
+    ADMX_DFS/DFSDiscoverDC
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_DFS/DFSDiscoverDC**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. 
+By default, a DFS client attempts to discover domain controllers every 15 minutes.  
+
+- If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. 
+This value is specified in minutes.  
+
+- If you disable or do not configure this policy setting, the default value of 15 minutes applies.  
+
+> [!NOTE]
+> The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure how often a DFS client discovers domain controllers*
+-   GP name: *DFSDiscoverDC*
+-   GP path: *Windows Components\ActiveX Installer Service*
+-   GP ADMX file name: *DFS.admx*
+
+
+
+
                  
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
index 3bd65a3fa2..fafc357e89 100644
--- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md
+++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/31/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_DigitalLocker
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -37,32 +42,14 @@ manager: dansimp
 **ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -77,25 +64,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Digital Locker can run.
+This policy setting specifies whether Digital Locker can run.
 
 Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.
 
-If you enable this setting, Digital Locker will not run.
+If you enable this setting, Digital Locker won't run.
 
-If you disable or do not configure this setting, Digital Locker can be run.
+If you disable or don't configure this setting, Digital Locker can be run.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not allow Digital Locker to run*
+-   GP Friendly name: *Do not allow Digital Locker to run*
 -   GP name: *Digitalx_DiableApplication_TitleText_1*
 -   GP path: *Windows Components/Digital Locker*
 -   GP ADMX file name: *DigitalLocker.admx*
@@ -108,32 +90,14 @@ ADMX Info:
 **ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -148,25 +112,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Digital Locker can run.
+This policy setting specifies whether Digital Locker can run.
 
 Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.
 
-If you enable this setting, Digital Locker will not run.
+If you enable this setting, Digital Locker won't run.
 
-If you disable or do not configure this setting, Digital Locker can be run.
+If you disable or don't configure this setting, Digital Locker can be run.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not allow Digital Locker to run*
+-   GP Friendly name: *Do not allow Digital Locker to run*
 -   GP name: *Digitalx_DiableApplication_TitleText_2*
 -   GP path: *Windows Components/Digital Locker*
 -   GP ADMX file name: *DigitalLocker.admx*
@@ -175,8 +134,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
new file mode 100644
index 0000000000..312e6550d5
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
@@ -0,0 +1,149 @@
+---
+title: Policy CSP - ADMX_DiskDiagnostic
+description: Policy CSP - ADMX_DiskDiagnostic
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/08/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DiskDiagnostic
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_DiskDiagnostic policies  
+
+
                  
+  
                  
+    ADMX_DiskDiagnostic/DfdAlertPolicy
+  
                  
+  
                  
+    ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_DiskDiagnostic/DfdAlertPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.
+
+- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
+- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message. 
+
+No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. 
+
+This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. 
+The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+
+> [!NOTE]
+> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure custom alert text*
+-   GP name: *DfdAlertPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
+-   GP ADMX file name: *DiskDiagnostic.admx*
+
+
+
+
                  
+
                  
+
+
+**ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting determines the execution level for S.M.A.R.T.-based disk diagnostics. 
+
+Self-Monitoring And Reporting Technology (S.M.A.R.T.) is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S.M.A.R.T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur.
+  
+- If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.  
+- If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken. 
+- If you do not configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.  
+
+No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. 
+This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. 
+
+> [!NOTE]
+> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
+			
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure execution level*
+-   GP name: *WdiScenarioExecutionPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
+-   GP ADMX file name: *DiskDiagnostic.admx*
+
+
+
+
                  
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
new file mode 100644
index 0000000000..6e82fec127
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
@@ -0,0 +1,194 @@
+---
+title: Policy CSP - ADMX_DiskNVCache
+description: Policy CSP - ADMX_DiskNVCache
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 08/12/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DiskNVCache
+
+
+
                  
+
+
+## ADMX_DiskNVCache policies  
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+
                  
+  
                  
+    ADMX_DiskNVCache/BootResumePolicy
+  
                  
+  
                  
+    ADMX_DiskNVCache/FeatureOffPolicy
+  
                  
+  
                  
+    ADMX_DiskNVCache/SolidStatePolicy
+  
                   
+
                  
+
+
+
                  
+
+
+**ADMX_DiskNVCache/BootResumePolicy**  
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting turns off the boot and resumes optimizations for the hybrid hard disks in the system.  
+
+If you enable this policy setting, the system doesn't use the non-volatile (NV) cache to optimize boot and resume.  
+
+If you disable this policy setting, the system uses the NV cache to achieve faster boot and resume. 
+The system determines the data that will be stored in the NV cache to optimize boot and resume. 
+
+The required data is stored in the NV cache during shutdown and hibernate, respectively. This storage in such a location might cause a slight increase in the time taken for shutdown and hibernate.  If you don't configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations. 
+
+This policy setting is applicable only if the NV cache feature is on.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off boot and resume optimizations*
+-   GP name: *BootResumePolicy*
+-   GP path: *System\Disk NV Cache*
+-   GP ADMX file name: *DiskNVCache.admx*
+
+
+
+
                  
+
+**ADMX_DiskNVCache/FeatureOffPolicy**  
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. 
+
+To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache.  
+
+If you enable this policy setting, the system won't manage the NV cache and won't enable NV cache power saving mode.  
+
+If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured. 
+
+This policy setting will take effect on next boot.  If you don't configure this policy setting, the default behavior is to turn on support for the NV cache.
+
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off non-volatile cache feature*
+-   GP name: *FeatureOffPolicy*
+-   GP path: *System\Disk NV Cache*
+-   GP ADMX file name: *DiskNVCache.admx*
+
+
+
+
+
                  
+
+
+**ADMX_DiskNVCache/SolidStatePolicy**  
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting turns off the solid state mode for the hybrid hard disks.  
+
+If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache.  
+
+If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This storage allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power.
+
+This usage can cause increased wear of the NV cache.  If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.  Note: This policy setting is applicable only if the NV cache feature is on.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off solid state mode*
+-   GP name: *SolidStatePolicy*
+-   GP path: *System\Disk NV Cache*
+-   GP ADMX file name: *DiskNVCache.admx*
+
+
+
+
+
                  
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md
new file mode 100644
index 0000000000..5982c438b4
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md
@@ -0,0 +1,356 @@
+---
+title: Policy CSP - ADMX_DiskQuota
+description: Policy CSP - ADMX_DiskQuota
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 08/12/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DiskQuota
+
+
+
                  
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+## ADMX_DiskQuota policies  
+
+
+
                  
+  
                  
+    ADMX_DiskQuota/DQ_RemovableMedia
+  
                  
+  
                  
+    ADMX_DiskQuota/DQ_Enable
+  
                  
+  
                  
+    ADMX_DiskQuota/DQ_Enforce
+  
                  
+  
                  
+    ADMX_DiskQuota/DQ_LogEventOverLimit
+  
                  
+  
                  
+    ADMX_DiskQuota/DQ_LogEventOverThreshold
+  
                  
+  
                  
+    ADMX_DiskQuota/DQ_Limit
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_DiskQuota/DQ_RemovableMedia**  
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting extends the disk quota policies in this folder to NTFS file system volumes on the removable media.  
+
+If you disable or don't configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only. 
+
+When this policy setting is applied, the computer will apply the disk quota to both fixed and removable media.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Apply policy to removable media*
+-   GP name: *DQ_RemovableMedia*
+-   GP path: *System\Disk Quotas*
+-   GP ADMX file name: *DiskQuota.admx*
+
+
+
+
+
                  
+
+
+**ADMX_DiskQuota/DQ_Enable**  
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting.  
+
+If you enable this policy setting, disk quota management is turned on, and users can't turn it off.
+
+If you disable the policy setting, disk quota management is turned off, and users can't turn it on. When this policy setting isn't configured then the disk quota management is turned off by default, and the administrators can turn it on. 
+
+To prevent users from changing the setting while a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes.
+
+This policy setting turns on disk quota management but doesn't establish or enforce a particular disk quota limit. 
+
+To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit. 
+
+To turn on or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click Properties, click the Quota tab, and then click "Enable quota management."
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Enable disk quotas*
+-   GP name: *DQ_Enable*
+-   GP path: *System\Disk Quotas*
+-   GP ADMX file name: *DiskQuota.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_DiskQuota/DQ_Enforce**  
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting.  
+
+If you enable this policy setting, disk quota limits are enforced. 
+
+If you disable this policy setting, disk quota limits aren't enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceed quota limit" option on the Quota tab. Therefore, the administrators can't make changes while the setting is in effect. 
+
+If you don't configure this policy setting, the disk quota limit isn't enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes. However, the users can continue to write to the volume as long as physical space is available. 
+
+This policy setting overrides user settings that enable or disable quota enforcement on their volumes. 
+
+To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Enforce disk quota limit*
+-   GP name: *DQ_Enforce*
+-   GP path: *System\Disk Quotas*
+-   GP ADMX file name: *DiskQuota.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_DiskQuota/DQ_LogEventOverLimit**  
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting.  
+
+If you enable this policy setting, the system records an event when the user reaches their limit. 
+
+If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators can't change the setting while a setting is in effect. If you don't configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting. 
+
+This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit. Also, this policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their limit, because their status in the Quota Entries window changes. 
+
+To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Log event when quota limit is exceeded*
+-   GP name: *DQ_LogEventOverLimit*
+-   GP path: *System\Disk Quotas*
+-   GP ADMX file name: *DiskQuota.admx*
+
+
+
+
                  
+
+
+
+**ADMX_DiskQuota/DQ_LogEventOverThreshold**  
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.  
+
+If you enable this policy setting, the system records an event.
+
+If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators can't change logging while a policy setting is in effect.  
+
+If you don't configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. This policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their warning level because their status in the Quota Entries window changes. 
+
+To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Log event when quota warning level is exceeded*
+-   GP name: *DQ_LogEventOverThreshold*
+-   GP path: *System\Disk Quotas*
+-   GP ADMX file name: *DiskQuota.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_DiskQuota/DQ_Limit**  
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting specifies the default disk quota limit and warning level for new users of the volume.  
+This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit. 
+
+This setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab. 
+This policy setting applies to all new users as soon as they write to the volume. It doesn't affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).  
+
+If you disable or don't configure this policy setting, the disk space available to users isn't limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it's reasonable for the range of volumes in the group. 
+
+This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas aren't enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Specify default quota limit and warning level*
+-   GP name: *DQ_Limit*
+-   GP path: *System\Disk Quotas*
+-   GP ADMX file name: *DiskQuota.admx*
+
+
+
+
+
                  
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
index d1e758c1e7..ff67fc4f25 100644
--- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
+++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 03/22/2021
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_DistributedLinkTracking
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -34,32 +39,14 @@ manager: dansimp
 **ADMX_DistributedLinkTracking/DLT_AllowDomainMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,25 +61,19 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers.  
+This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers.  
 The DLT client enables programs to track linked  files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on  another computer.   
 The DLT client can more reliably track links when allowed to use the DLT server.  
-This policy should not be set unless the DLT server is running on all domain controllers in the domain.
+This policy shouldn't be set unless the DLT server is running on all domain controllers in the domain.
 
 > [!NOTE]
 > This policy setting applies to all sites in Trusted zones.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow Distributed Link Tracking clients to use domain resources*
+-   GP Friendly name: *Allow Distributed Link Tracking clients to use domain resources*
 -   GP name: *DLT_AllowDomainMode*
 -   GP path: *Windows\System!DLT_AllowDomainMode*
 -   GP ADMX file name: *DistributedLinkTracking.admx*
@@ -101,8 +82,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
index 9eab8af0c7..8410109042 100644
--- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/12/2020
 ms.reviewer: 
 manager: dansimp
@@ -14,8 +14,12 @@ manager: dansimp
 
 # Policy CSP - ADMX_DnsClient
 
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -97,32 +101,14 @@ manager: dansimp
 
 **ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries**  
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -137,23 +123,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualified domain names.
+This policy setting specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualified domain names.
 
 If you enable this policy setting, NetBT queries will be issued for multi-label and fully qualified domain names, such as "www.example.com" in addition to single-label names.
 
-If you disable this policy setting, or if you do not configure this policy setting, NetBT queries will only be issued for single-label names, such as "example" and not for multi-label and fully qualified domain names.
+If you disable this policy setting, or if you don't configure this policy setting, NetBT queries will only be issued for single-label names, such as "example" and not for multi-label and fully qualified domain names.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow NetBT queries for fully qualified domain names*
+-   GP Friendly name: *Allow NetBT queries for fully qualified domain names*
 -   GP name: *DNS_AllowFQDNNetBiosQueries*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -165,32 +146,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_AppendToMultiLabelName**  
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -205,7 +168,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that computers may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails.
+This policy setting specifies that computers may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails.
 
 A name containing dots, but not dot-terminated, is called an unqualified multi-label name, for example "server.corp" is an unqualified multi-label name. The name "server.corp.contoso.com." is an example of a fully qualified name because it contains a terminating dot.
 
@@ -217,19 +180,13 @@ If you enable this policy setting, suffixes are allowed to be appended to an unq
 
 If you disable this policy setting, no suffixes are appended to unqualified multi-label name queries if the original name query fails.
 
-If you do not configure this policy setting, computers will use their local DNS client settings to determine the query behavior for unqualified multi-label names.
+If you don't configure this policy setting, computers will use their local DNS client settings to determine the query behavior for unqualified multi-label names.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow DNS suffix appending to unqualified multi-label name queries*
+-   GP Friendly name: *Allow DNS suffix appending to unqualified multi-label name queries*
 -   GP name: *DNS_AppendToMultiLabelName*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -242,32 +199,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_Domain**  
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -282,23 +221,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes, and those configured using DHCP. To use this policy setting, click Enabled, and then enter a string value representing the DNS suffix.
+This policy setting specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes, and those configured using DHCP. To use this policy setting, click Enabled, and then enter a string value representing the DNS suffix.
 
 If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting.  
 
-If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured.
+If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Connection-specific DNS suffix*
+-   GP Friendly name: *Connection-specific DNS suffix*
 -   GP name: *DNS_Domain*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -311,32 +245,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_DomainNameDevolutionLevel**  
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -351,40 +267,35 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if the devolution level that DNS clients will use if they perform primary DNS suffix devolution during the name resolution process.
+This policy setting specifies if the devolution level that DNS clients will use if they perform primary DNS suffix devolution during the name resolution process.
 
 With devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the primary DNS suffix name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name.
 
 The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box.
 
-Devolution is not enabled if a global suffix search list is configured using Group Policy.
+Devolution isn't enabled if a global suffix search list is configured using Group Policy.
 
-If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:  
+If a global suffix search list isn't configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:  
 
 - The primary DNS suffix, as specified on the Computer Name tab of the System control panel.
 - Each connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection.
 
 For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server.
 
-If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
+If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
 
-For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default devolution level is two.
+For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix can't be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default devolution level is two.
 
 If you enable this policy setting and DNS devolution is also enabled, DNS clients use the DNS devolution level that you specify.
 
-If you disable this policy setting or do not configure it, DNS clients use the default devolution level of two provided that DNS devolution is enabled.
+If you disable this policy setting or don't configure it, DNS clients use the default devolution level of two if DNS devolution is enabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Primary DNS suffix devolution level*
+-   GP Friendly name: *Primary DNS suffix devolution level*
 -   GP name: *DNS_DomainNameDevolutionLevel*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -398,32 +309,14 @@ ADMX Info:
 **ADMX_DnsClient/DNS_IdnEncoding**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -438,23 +331,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured.
+This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured.
 
-If this policy setting is enabled, IDNs are not converted to Punycode.
+If this policy setting is enabled, IDNs aren't converted to Punycode.
 
-If this policy setting is disabled, or if this policy setting is not configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured.
+If this policy setting is disabled, or if this policy setting isn't configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off IDN encoding*
+-   GP Friendly name: *Turn off IDN encoding*
 -   GP name: *DNS_IdnEncoding*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -467,32 +355,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_IdnMapping**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -507,23 +377,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to the Nameprep form, a canonical Unicode representation of the string.
+This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to the Nameprep form, a canonical Unicode representation of the string.
 
 If this policy setting is enabled, IDNs are converted to the Nameprep form.
 
-If this policy setting is disabled, or if this policy setting is not configured, IDNs are not converted to the Nameprep form.
+If this policy setting is disabled, or if this policy setting isn't configured, IDNs aren't converted to the Nameprep form.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *IDN mapping*
+-   GP Friendly name: *IDN mapping*
 -   GP name: *DNS_IdnMapping*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -536,32 +401,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_NameServer**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -576,25 +423,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP.
+This policy setting defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP.
 
 To use this policy setting, click Enabled, and then enter a space-delimited list of IP addresses in the available field. To use this policy setting, you must enter at least one IP address.
 
 If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting. 
 
-If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured.
+If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *DNS servers*
+-   GP Friendly name: *DNS servers*
 -   GP name: *DNS_NameServer*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -607,32 +449,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_PreferLocalResponsesOverLowerOrderDns**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -647,26 +471,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that responses from link local name resolution protocols received over a network interface that is higher in the binding order are preferred over DNS responses from network interfaces lower in the binding order. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).
+This policy setting specifies that responses from link local name resolution protocols received over a network interface that is higher in the binding order are preferred over DNS responses from network interfaces lower in the binding order. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).
 
 If you enable this policy setting, responses from link local protocols will be preferred over DNS responses if the local responses are from a network with a higher binding order.
 
-If you disable this policy setting, or if you do not configure this policy setting, then DNS responses from networks lower in the binding order will be preferred over responses from link local protocols received from networks higher in the binding order.
+If you disable this policy setting, or if you don't configure this policy setting, then DNS responses from networks lower in the binding order will be preferred over responses from link local protocols received from networks higher in the binding order.
 
 > [!NOTE]
 > This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prefer link local responses over DNS when received over a network with higher precedence*
+-  GP Friendly name: *Prefer link local responses over DNS when received over a network with higher precedence*
 -   GP name: *DNS_PreferLocalResponsesOverLowerOrderDns*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -680,32 +498,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_PrimaryDnsSuffix**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -720,7 +520,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution.
+This policy setting specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution.
 
 To use this policy setting, click Enabled and enter the entire primary DNS suffix you want to assign. For example: microsoft.com.
 
@@ -731,18 +531,13 @@ If you enable this policy setting, it supersedes the primary DNS suffix configur
 
 You can use this policy setting to prevent users, including local administrators, from changing the primary DNS suffix.
 
-If you disable this policy setting, or if you do not configure this policy setting, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it is joined.
+If you disable this policy setting, or if you don't configure this policy setting, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it's joined.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Primary DNS suffix*
+-   GP Friendly name: *Primary DNS suffix*
 -   GP name: *DNS_PrimaryDnsSuffix*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -755,32 +550,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_RegisterAdapterName**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -795,28 +572,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix.
+This policy setting specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix.
 
 By default, a DNS client performing dynamic DNS registration registers A and PTR resource records with a concatenation of its computer name and the primary DNS suffix. For example, a computer name of mycomputer and a primary DNS suffix of microsoft.com will be registered as: mycomputer.microsoft.com.
 
-If you enable this policy setting, a computer will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS suffix. This applies to all network connections used by computers that receive this policy setting.
+If you enable this policy setting, a computer will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS suffix. This suffix-update applies to all network connections used by computers that receive this policy setting.
 
 For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, a computer will register A and PTR resource records for mycomputer.VPNconnection and mycomputer.microsoft.com when this policy setting is enabled.
 
 Important: This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled.
 
-If you disable this policy setting, or if you do not configure this policy setting, a DNS client computer will not register any A and PTR resource records using a connection-specific DNS suffix.
+If you disable this policy setting, or if you don't configure this policy setting, a DNS client computer won't register any A and PTR resource records using a connection-specific DNS suffix.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Register DNS records with connection-specific DNS suffix*
+-   GP Friendly name: *Register DNS records with connection-specific DNS suffix*
 -   GP name: *DNS_RegisterAdapterName*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -829,32 +601,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_RegisterReverseLookup**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -869,7 +623,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if DNS client computers will register PTR resource records.
+This policy setting specifies if DNS client computers will register PTR resource records.
 
 By default, DNS clients configured to perform dynamic DNS registration will attempt to register PTR resource record only if they successfully registered the corresponding A resource record.
 
@@ -877,22 +631,17 @@ If you enable this policy setting, registration of PTR records will be determine
 
 To use this policy setting, click Enabled, and then select one of the following options from the drop-down list:
 
-- Do not register: Computers will not attempt to register PTR resource records
-- Register: Computers will attempt to register PTR resource records even if registration of the corresponding A records was not successful.
+- don't register: Computers won't attempt to register PTR resource records
+- Register: Computers will attempt to register PTR resource records even if registration of the corresponding A records wasn't successful.
 - Register only if A record registration succeeds: Computers will attempt to register PTR resource records only if registration of the corresponding A records was successful.
 
-If you disable this policy setting, or if you do not configure this policy setting, computers will use locally configured settings.
+If you disable this policy setting, or if you don't configure this policy setting, computers will use locally configured settings.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Register PTR records*
+-   GP Friendly name: *Register PTR records*
 -   GP name: *DNS_RegisterReverseLookup*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -905,32 +654,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_RegistrationEnabled**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -945,23 +676,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.
+This policy setting specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.
 
-If you enable this policy setting, or you do not configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting must not be disabled.
+If you enable this policy setting, or you don't configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting must not be disabled.
 
 If you disable this policy setting, computers may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network connections.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Dynamic update*
+-   GP Friendly name: *Dynamic update*
 -   GP name: *DNS_RegistrationEnabled*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -974,32 +700,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_RegistrationOverwritesInConflict**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1014,27 +722,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.
+This policy setting specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.
 
-This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.
+This policy setting is designed for computers that register address (A) resource records in DNS zones that don't use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and doesn't allow a DNS client to overwrite records that are registered by other computers.
 
-During dynamic update of resource records in a zone that does not use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address.
+During dynamic update of resource records in a zone that doesn't use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address.
 
-If you enable this policy setting or if you do not configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource records during dynamic update.
+If you enable this policy setting or if you don't configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource records during dynamic update.
 
-If you disable this policy setting, existing A resource records that contain conflicting IP addresses will not be replaced during a dynamic update, and an error will be recorded in Event Viewer.
+If you disable this policy setting, existing A resource records that contain conflicting IP addresses won't be replaced during a dynamic update, and an error will be recorded in Event Viewer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Replace addresses in conflicts*
+-   GP Friendly name: *Replace addresses in conflicts*
 -   GP name: *DNS_RegistrationOverwritesInConflict*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -1047,32 +750,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_RegistrationRefreshInterval**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1087,9 +772,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.
+This policy setting specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.
 
-Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record has not changed. This reregistration is required to indicate to DNS servers that records are current and should not be automatically removed (scavenged) when a DNS server is configured to delete stale records.
+Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record hasn't changed. This reregistration is required to indicate to DNS servers that records are current and shouldn't be automatically removed (scavenged) when a DNS server is configured to delete stale records.
 
 > [!WARNING]
 > If record scavenging is enabled on the zone, the value of this policy setting should never be longer than the value of the DNS zone refresh interval. Configuring the registration refresh interval to be longer than the refresh interval of the DNS zone might result in the undesired deletion of A and PTR resource records.
@@ -1098,19 +783,14 @@ To specify the registration refresh interval, click Enabled and then enter a val
 
 If you enable this policy setting, registration refresh interval that you specify will be applied to all network connections used by computers that receive this policy setting.
 
-If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied setting. By default, client computers configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed.
+If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied setting. By default, client computers configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Registration refresh interval*
+-   GP Friendly name: *Registration refresh interval*
 -   GP name: *DNS_RegistrationRefreshInterval*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -1123,32 +803,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_RegistrationTtl**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1163,25 +825,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.
+This policy setting specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.
 
 To specify the TTL, click Enabled and then enter a value in seconds (for example, 900 is 15 minutes).
 
 If you enable this policy setting, the TTL value that you specify will be applied to DNS resource records registered for all network connections used by computers that receive this policy setting.
 
-If you disable this policy setting, or if you do not configure this policy setting, computers will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes).
+If you disable this policy setting, or if you don't configure this policy setting, computers will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *TTL value for A and PTR records*
+-   GP Friendly name: *TTL value for A and PTR records*
 -   GP name: *DNS_RegistrationTtl*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -1194,32 +851,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_SearchList**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1234,9 +873,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.
+This policy setting specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.
 
-An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."
+An unqualified single-label name contains no dots. The name "example" is a single-label name. This name is different from a fully qualified domain name such as "example.microsoft.com."
 
 Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example, a DNS query for the single-label name "example" will be modified to "example.microsoft.com" before sending the query to a DNS server if this policy setting is enabled with a suffix of "microsoft.com."
 
@@ -1244,19 +883,14 @@ To use this policy setting, click Enabled, and then enter a string value represe
 
 If you enable this policy setting, one DNS suffix is attached at a time for each query. If a query is unsuccessful, a new DNS suffix is added in place of the failed suffix, and this new query is submitted. The values are used in the order they appear in the string, starting with the leftmost value and proceeding to the right until a query is successful or all suffixes are tried.
 
-If you disable this policy setting, or if you do not configure this policy setting, the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries.
+If you disable this policy setting, or if you don't configure this policy setting, the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *DNS suffix search list*
+-   GP Friendly name: *DNS suffix search list*
 -   GP name: *DNS_SearchList*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -1270,32 +904,14 @@ ADMX Info:
 **ADMX_DnsClient/DNS_SmartMultiHomedNameResolution**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1310,23 +926,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. In the event that multiple positive responses are received, the network binding order is used to determine which response to accept.
+This policy setting specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. If multiple positive responses are received, the network binding order is used to determine which response to accept.
 
-If you enable this policy setting, the DNS client will not perform any optimizations.  DNS queries will be issued across all networks first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail.
+If you enable this policy setting, the DNS client won't perform any optimizations.  DNS queries will be issued across all networks first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail.
 
-If you disable this policy setting, or if you do not configure this policy setting, name resolution will be optimized when issuing DNS, LLMNR and NetBT queries.
+If you disable this policy setting, or if you don't configure this policy setting, name resolution will be optimized when issuing DNS, LLMNR and NetBT queries.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off smart multi-homed name resolution*
+-   GP Friendly name: *Turn off smart multi-homed name resolution*
 -   GP name: *DNS_SmartMultiHomedNameResolution*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -1339,32 +950,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_SmartProtocolReorder**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1379,26 +972,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over DNS responses when issuing queries for flat names. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).
+This policy setting specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over DNS responses when issuing queries for flat names. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).
 
 If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks.  
 
-If you disable this policy setting, or if you do not configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks. 
+If you disable this policy setting, or if you don't configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks. 
 
 > [!NOTE]
 > This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off smart protocol reordering*
+-   GP Friendly name: *Turn off smart protocol reordering*
 -   GP name: *DNS_SmartProtocolReorder*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -1411,32 +998,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_UpdateSecurityLevel**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1451,7 +1020,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security level for dynamic DNS updates.
+This policy setting specifies the security level for dynamic DNS updates.
 
 To use this policy setting, click Enabled and then select one of the following values:
 
@@ -1461,19 +1030,14 @@ To use this policy setting, click Enabled and then select one of the following v
 
 If you enable this policy setting, computers that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting.
 
-If you disable this policy setting, or if you do not configure this policy setting, computers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update.
+If you disable this policy setting, or if you don't configure this policy setting, computers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Update security level*
+-   GP Friendly name: *Update security level*
 -   GP name: *DNS_UpdateSecurityLevel*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -1486,32 +1050,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_UpdateTopLevelDomainZones**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1526,25 +1072,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com."
+This policy setting specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com."
 
 By default, a DNS client that is configured to perform dynamic DNS update will update the DNS zone that is authoritative for its DNS resource records unless the authoritative zone is a top-level domain or root zone.
 
 If you enable this policy setting, computers send dynamic updates to any zone that is authoritative for the resource records that the computer needs to update, except the root zone.
 
-If you disable this policy setting, or if you do not configure this policy setting, computers do not send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the computer needs to update.
+If you disable this policy setting, or if you don't configure this policy setting, computers don't send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the computer needs to update.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Update top level domain zones*
+-   GP Friendly name: *Update top level domain zones*
 -   GP name: *DNS_UpdateTopLevelDomainZones*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -1557,32 +1098,14 @@ ADMX Info:
 
 **ADMX_DnsClient/DNS_UseDomainNameDevolution**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1597,15 +1120,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if the DNS client performs primary DNS suffix devolution during the name resolution process.
+This policy setting specifies if the DNS client performs primary DNS suffix devolution during the name resolution process.
 
 With devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the primary DNS suffix name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name.
 
 The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box.
 
-Devolution is not enabled if a global suffix search list is configured using Group Policy.
+Devolution isn't enabled if a global suffix search list is configured using Group Policy.
 
-If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:
+If a global suffix search list isn't configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:
 
 The primary DNS suffix, as specified on the Computer Name tab of the System control panel.
 
@@ -1613,25 +1136,20 @@ Each connection-specific DNS suffix, assigned either through DHCP or specified i
 
 For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server.
 
-If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
+If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
 
-For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using the primary DNS suffix devolution level policy setting. The default devolution level is two.
+For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix can't be devolved beyond a devolution level of two. The devolution level can be configured using the primary DNS suffix devolution level policy setting. The default devolution level is two.
 
-If you enable this policy setting, or if you do not configure this policy setting, DNS clients attempt to resolve single-label names using concatenations of the single-label name to be resolved and the devolved primary DNS suffix.
+If you enable this policy setting, or if you don't configure this policy setting, DNS clients attempt to resolve single-label names using concatenations of the single-label name to be resolved and the devolved primary DNS suffix.
 
-If you disable this policy setting, DNS clients do not attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS suffix.
+If you disable this policy setting, DNS clients don't attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS suffix.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Primary DNS suffix devolution*
+-   GP Friendly name: *Primary DNS suffix devolution*
 -   GP name: *DNS_UseDomainNameDevolution*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -1644,32 +1162,14 @@ ADMX Info:
 
 **ADMX_DnsClient/Turn_Off_Multicast**
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1684,25 +1184,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that link local multicast name resolution (LLMNR) is disabled on client computers.
+This policy setting specifies that link local multicast name resolution (LLMNR) is disabled on client computers.
 
-LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR does not require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution is not possible.
+LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR doesn't require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution isn't possible.
 
 If you enable this policy setting, LLMNR will be disabled on all available network adapters on the client computer.
 
-If you disable this policy setting, or you do not configure this policy setting, LLMNR will be enabled on all available network adapters.
+If you disable this policy setting, or you don't configure this policy setting, LLMNR will be enabled on all available network adapters.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off multicast name resolution*
+-   GP Friendly name: *Turn off multicast name resolution*
 -   GP name: *Turn_Off_Multicast*
 -   GP path: *Network/DNS Client*
 -   GP ADMX file name: *DnsClient.admx*
@@ -1710,7 +1205,5 @@ ADMX Info:
 
 
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md
index faa2117abe..10b9761d52 100644
--- a/windows/client-management/mdm/policy-csp-admx-dwm.md
+++ b/windows/client-management/mdm/policy-csp-admx-dwm.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/31/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_DWM
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -49,32 +54,14 @@ manager: dansimp
 **ADMX_DWM/DwmDefaultColorizationColor_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -89,26 +76,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the default color for window frames when the user does not specify a color. 
+This policy setting controls the default color for window frames when the user doesn't specify a color. 
 
-If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. 
+If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color. 
 
-If you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color. 
+If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color. 
 
 > [!NOTE]
 > This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify a default color*
+-   GP Friendly name: *Specify a default color*
 -   GP name: *DwmDefaultColorizationColor_1*
 -   GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
 -   GP ADMX file name: *DWM.admx*
@@ -122,32 +103,14 @@ ADMX Info:
 **ADMX_DWM/DwmDefaultColorizationColor_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -162,26 +125,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the default color for window frames when the user does not specify a color. 
+This policy setting controls the default color for window frames when the user doesn't specify a color. 
 
-If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. 
+If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color. 
 
-If you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color. 
+If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color. 
 
 > [!NOTE]
 > This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify a default color*
+-   GP Friendly name: *Specify a default color*
 -   GP name: *DwmDefaultColorizationColor_2*
 -   GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
 -   GP ADMX file name: *DWM.admx*
@@ -194,32 +152,14 @@ ADMX Info:
 **ADMX_DWM/DwmDisallowAnimations_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -234,25 +174,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. 
+This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. 
 
 If you enable this policy setting, window animations are turned off. 
 
-If you disable or do not configure this policy setting, window animations are turned on. 
+If you disable or don't configure this policy setting, window animations are turned on. 
 
-Changing this policy setting requires a logoff for it to be applied.
+Changing this policy setting requires a sign out for it to be applied.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not allow window animations*
+-   GP Friendly name: *Do not allow window animations*
 -   GP name: *DwmDisallowAnimations_1*
 -   GP path: *Windows Components/Desktop Window Manager*
 -   GP ADMX file name: *DWM.admx*
@@ -265,32 +200,14 @@ ADMX Info:
 **ADMX_DWM/DwmDisallowAnimations_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -305,25 +222,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. 
+This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. 
 
 If you enable this policy setting, window animations are turned off. 
 
-If you disable or do not configure this policy setting, window animations are turned on. 
+If you disable or don't configure this policy setting, window animations are turned on. 
 
-Changing this policy setting requires a logoff for it to be applied.
+Changing this policy setting requires out a sign for it to be applied.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not allow window animations*
+-   GP Friendly name: *Do not allow window animations*
 -   GP name: *DwmDisallowAnimations_2*
 -   GP path: *Windows Components/Desktop Window Manager*
 -   GP ADMX file name: *DWM.admx*
@@ -336,32 +248,14 @@ ADMX Info:
 **ADMX_DWM/DwmDisallowColorizationColorChanges_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -376,26 +270,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability to change the color of window frames. 
+This policy setting controls the ability to change the color of window frames. 
 
 If you enable this policy setting, you prevent users from changing the default window frame color. 
 
-If you disable or do not configure this policy setting, you allow users to change the default window frame color. 
+If you disable or don't configure this policy setting, you allow users to change the default window frame color. 
 
 > [!NOTE]
 > This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not allow color changes*
+-   GP Friendly name: *Do not allow color changes*
 -   GP name: *DwmDisallowColorizationColorChanges_1*
 -   GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
 -   GP ADMX file name: *DWM.admx*
@@ -408,32 +297,14 @@ ADMX Info:
 **ADMX_DWM/DwmDisallowColorizationColorChanges_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -448,26 +319,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability to change the color of window frames. 
+This policy setting controls the ability to change the color of window frames. 
 
 If you enable this policy setting, you prevent users from changing the default window frame color. 
 
-If you disable or do not configure this policy setting, you allow users to change the default window frame color. 
+If you disable or don't configure this policy setting, you allow users to change the default window frame color. 
 
 > [!NOTE] 
 > This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not allow color changes*
+-   GP Friendly name: *Do not allow color changes*
 -   GP name: *DwmDisallowColorizationColorChanges_2*
 -   GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
 -   GP ADMX file name: *DWM.admx*
@@ -476,7 +341,5 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md
index 8a85ec79d6..21ee8c0b36 100644
--- a/windows/client-management/mdm/policy-csp-admx-eaime.md
+++ b/windows/client-management/mdm/policy-csp-admx-eaime.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/19/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_EAIME
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -67,32 +72,14 @@ manager: dansimp
 **ADMX_EAIME/L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -107,11 +94,11 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to include the Non-Publishing Standard Glyph in the candidate list when Publishing Standard Glyph for the word exists.
+This policy setting allows you to include the Non-Publishing Standard Glyph in the candidate list when Publishing Standard Glyph for the word exists.
 
-If you enable this policy setting, Non-Publishing Standard Glyph is not included in the candidate list when Publishing Standard Glyph for the word exists.
+If you enable this policy setting, Non-Publishing Standard Glyph isn't included in the candidate list when Publishing Standard Glyph for the word exists.
 
-If you disable or do not configure this policy setting, both Publishing Standard Glyph and Non-Publishing Standard Glyph are included in the candidate list.
+If you disable or don't configure this policy setting, both Publishing Standard Glyph and Non-Publishing Standard Glyph are included in the candidate list.
 
 This policy setting applies to Japanese Microsoft IME only.
 
@@ -119,16 +106,11 @@ This policy setting applies to Japanese Microsoft IME only.
 > Changes to this setting will not take effect until the user logs off.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not include Non-Publishing Standard Glyph in the candidate list*
+-   GP Friendly name: *Do not include Non-Publishing Standard Glyph in the candidate list*
 -   GP name: *L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList*
 -   GP path: *Windows Components\IME*
 -   GP ADMX file name: *EAIME.admx*
@@ -141,32 +123,14 @@ ADMX Info:
 **ADMX_EAIME/L_RestrictCharacterCodeRangeOfConversion**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -181,7 +145,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict character code range of conversion by setting character filter.
+This policy setting allows you to restrict character code range of conversion by setting character filter.
 
 If you enable this policy setting, then only the character code ranges specified by this policy setting are used for conversion of IME.  You can specify multiple ranges by setting a value combined with a bitwise OR of following values:
 
@@ -197,7 +161,7 @@ If you enable this policy setting, then only the character code ranges specified
 - 0x1000 // IVS char
 - 0xFFFF // no definition.
 
-If you disable or do not configure this policy setting, no range of characters are filtered by default.
+If you disable or don't configure this policy setting, no range of characters are filtered by default.
 
 This policy setting applies to Japanese Microsoft IME only.
 
@@ -205,16 +169,11 @@ This policy setting applies to Japanese Microsoft IME only.
 > Changes to this setting will not take effect until the user logs off.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Restrict character code range of conversion*
+-   GP Friendly name: *Restrict character code range of conversion*
 -   GP name: *L_RestrictCharacterCodeRangeOfConversion*
 -   GP path: *Windows Components\IME*
 -   GP ADMX file name: *EAIME.admx*
@@ -227,32 +186,14 @@ ADMX Info:
 **ADMX_EAIME/L_TurnOffCustomDictionary**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -267,11 +208,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off the ability to use a custom dictionary.
+This policy setting allows you to turn off the ability to use a custom dictionary.
 
-If you enable this policy setting, you cannot add, edit, and delete words in the custom dictionary either with GUI tools or APIs. A word registered in the custom dictionary before enabling this policy setting can continue to be used for conversion.
+If you enable this policy setting, you can't add, edit, and delete words in the custom dictionary either with GUI tools or APIs. A word registered in the custom dictionary before enabling this policy setting can continue to be used for conversion.
 
-If you disable or do not configure this policy setting, the custom dictionary can be used by default.
+If you disable or don't configure this policy setting, the custom dictionary can be used by default.
 
 For Japanese Microsoft IME, [Clear auto-tuning information] works, even if this policy setting is enabled, and it clears self-tuned words from the custom dictionary.
 
@@ -281,16 +222,11 @@ This policy setting is applied to Japanese Microsoft IME.
 > Changes to this setting will not take effect until the user logs off.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off custom dictionary*
+-   GP Friendly name: *Turn off custom dictionary*
 -   GP name: *L_TurnOffCustomDictionary*
 -   GP path: *Windows Components\IME*
 -   GP ADMX file name: *EAIME.admx*
@@ -303,32 +239,14 @@ ADMX Info:
 **ADMX_EAIME/L_TurnOffHistorybasedPredictiveInput**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -343,11 +261,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off history-based predictive input.
+This policy setting allows you to turn off history-based predictive input.
 
 If you enable this policy setting, history-based predictive input is turned off.
 
-If you disable or do not configure this policy setting, history-based predictive input is on by default.
+If you disable or don't configure this policy setting, history-based predictive input is on by default.
 
 This policy setting applies to Japanese Microsoft IME only.
 
@@ -355,16 +273,10 @@ This policy setting applies to Japanese Microsoft IME only.
 > Changes to this setting will not take effect until the user logs off.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off history-based predictive input*
+-   GP Friendly name: *Turn off history-based predictive input*
 -   GP name: *L_TurnOffHistorybasedPredictiveInput*
 -   GP path: *Windows Components\IME*
 -   GP ADMX file name: *EAIME.admx*
@@ -377,32 +289,14 @@ ADMX Info:
 **ADMX_EAIME/L_TurnOffInternetSearchIntegration**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -417,13 +311,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off Internet search integration.
+This policy setting allows you to turn off Internet search integration.
 
 Search integration includes both using Search Provider (Japanese Microsoft IME) and performing Bing search from predictive input for Japanese Microsoft IME.
 
-If you enable this policy setting, you cannot use search integration.
+If you enable this policy setting, you can't use search integration.
 
-If you disable or do not configure this policy setting, the search integration function can be used by default.
+If you disable or don't configure this policy setting, the search integration function can be used by default.
 
 This policy setting applies to Japanese Microsoft IME.
 
@@ -431,16 +325,11 @@ This policy setting applies to Japanese Microsoft IME.
 > Changes to this setting will not take effect until the user logs off.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Internet search integration*
+-   GP Friendly name: *Turn off Internet search integration*
 -   GP name: *L_TurnOffInternetSearchIntegration*
 -   GP path: *Windows Components\IME*
 -   GP ADMX file name: *EAIME.admx*
@@ -453,32 +342,14 @@ ADMX Info:
 **ADMX_EAIME/L_TurnOffOpenExtendedDictionary**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -493,27 +364,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off Open Extended Dictionary.
+This policy setting allows you to turn off Open Extended Dictionary.
 
-If you enable this policy setting, Open Extended Dictionary is turned off. You cannot add a new Open Extended Dictionary.
+If you enable this policy setting, Open Extended Dictionary is turned off. You can't add a new Open Extended Dictionary.
 
-For Japanese Microsoft IME, an Open Extended Dictionary that is added before enabling this policy setting is not used for conversion.
+For Japanese Microsoft IME, an Open Extended Dictionary that is added before enabling this policy setting isn't used for conversion.
 
-If you disable or do not configure this policy setting, Open Extended Dictionary can be added and used by default.
+If you disable or don't configure this policy setting, Open Extended Dictionary can be added and used by default.
 
 This policy setting is applied to Japanese Microsoft IME.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Open Extended Dictionary*
+-   GP Friendly name: *Turn off Open Extended Dictionary*
 -   GP name: *L_TurnOffOpenExtendedDictionary*
 -   GP path: *Windows Components\IME*
 -   GP ADMX file name: *EAIME.admx*
@@ -526,32 +392,14 @@ ADMX Info:
 **ADMX_EAIME/L_TurnOffSavingAutoTuningDataToFile**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -566,25 +414,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off saving the auto-tuning result to file.
+This policy setting allows you to turn off saving the auto-tuning result to file.
 
-If you enable this policy setting, the auto-tuning data is not saved to file.
+If you enable this policy setting, the auto-tuning data isn't saved to file.
 
-If you disable or do not configure this policy setting, auto-tuning data is saved to file by default.
+If you disable or don't configure this policy setting, auto-tuning data is saved to file by default.
 
 This policy setting applies to Japanese Microsoft IME only.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off saving auto-tuning data to file*
+-   GP Friendly name: *Turn off saving auto-tuning data to file*
 -   GP name: *L_TurnOffSavingAutoTuningDataToFile*
 -   GP path: *Windows Components\IME*
 -   GP ADMX file name: *EAIME.admx*
@@ -597,32 +440,14 @@ ADMX Info:
 **ADMX_EAIME/L_TurnOnCloudCandidate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -637,7 +462,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the cloud candidates feature, which uses an online service to provide input suggestions that don't exist in a PC's local dictionary.
+This policy setting controls the cloud candidates feature, which uses an online service to provide input suggestions that don't exist in a PC's local dictionary.
 
 If you enable this policy setting, the functionality associated with this feature is turned on, the user's keyboard input is sent to Microsoft to generate the suggestions, and the user won't be able to turn it off.
 
@@ -648,16 +473,11 @@ If you don't configure this policy setting, it will be turned off by default, an
 This Policy setting applies to Microsoft CHS Pinyin IME and JPN IME.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on cloud candidate*
+-   GP Friendly name: *Turn on cloud candidate*
 -   GP name: *L_TurnOnCloudCandidate*
 -   GP path: *Windows Components\IME*
 -   GP ADMX file name: *EAIME.admx*
@@ -670,32 +490,14 @@ ADMX Info:
 **ADMX_EAIME/L_TurnOnCloudCandidateCHS**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -710,7 +512,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the cloud candidates feature, which uses an online service to provide input suggestions that don't exist in a PC's local dictionary.
+This policy setting controls the cloud candidates feature, which uses an online service to provide input suggestions that don't exist in a PC's local dictionary.
 
 If you enable this policy setting, the functionality associated with this feature is turned on, the user's keyboard input is sent to Microsoft to generate the suggestions, and the user won't be able to turn it off.
 
@@ -721,16 +523,11 @@ If you don't configure this policy setting, it will be turned off by default, an
 This Policy setting applies only to Microsoft CHS Pinyin IME.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on cloud candidate for CHS*
+-   GP Friendly name: *Turn on cloud candidate for CHS*
 -   GP name: *L_TurnOnCloudCandidateCHS*
 -   GP path: *Windows Components\IME*
 -   GP ADMX file name: *EAIME.admx*
@@ -743,32 +540,14 @@ ADMX Info:
 **ADMX_EAIME/L_TurnOnLexiconUpdate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -783,7 +562,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the lexicon update feature, which downloads hot and popular words lexicon to local PC.
+This policy setting controls the lexicon update feature, which downloads hot and popular words lexicon to local PC.
 
 If you enable this policy setting, the functionality associated with this feature is turned on, hot and popular words lexicon can be downloaded to local PC, the user is able to turn it on or off in settings.
 
@@ -794,16 +573,11 @@ If you don't configure this policy setting, it will be turned on by default, and
 This Policy setting applies only to Microsoft CHS Pinyin IME.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on lexicon update*
+-   GP Friendly name: *Turn on lexicon update*
 -   GP name: *L_TurnOnLexiconUpdate*
 -   GP path: *Windows Components\IME*
 -   GP ADMX file name: *EAIME.admx*
@@ -816,32 +590,14 @@ ADMX Info:
 **ADMX_EAIME/L_TurnOnLiveStickers**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -856,7 +612,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the live sticker feature, which uses an online service to provide stickers online.
+This policy setting controls the live sticker feature, which uses an online service to provide stickers online.
 
 If you enable this policy setting, the functionality associated with this feature is turned on, the user's keyboard input is sent to Microsoft to generate the live stickers, and the user won't be able to turn it off.
 
@@ -867,16 +623,11 @@ If you don't configure this policy setting, it will be turned off by default, an
 This Policy setting applies only to Microsoft CHS Pinyin IME.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on Live Sticker*
+-   GP Friendly name: *Turn on Live Sticker*
 -   GP name: *L_TurnOnLiveStickers*
 -   GP path: *Windows Components\IME*
 -   GP ADMX file name: *EAIME.admx*
@@ -889,32 +640,14 @@ ADMX Info:
 **ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -929,25 +662,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on logging of misconversion for the misconversion report.
+This policy setting allows you to turn on logging of misconversion for the misconversion report.
 
 If you enable this policy setting, misconversion logging is turned on.
 
-If you disable or do not configure this policy setting, misconversion logging is turned off.
+If you disable or don't configure this policy setting, misconversion logging is turned off.
 
 This policy setting applies to Japanese Microsoft IME and Traditional Chinese IME.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on misconversion logging for misconversion report*
+-   GP Friendly name: *Turn on misconversion logging for misconversion report*
 -   GP name: *L_TurnOnMisconversionLoggingForMisconversionReport*
 -   GP path: *Windows Components\IME*
 -   GP ADMX file name: *EAIME.admx*
@@ -956,7 +684,5 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
index 96abbdd6f2..00a8db9920 100644
--- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
+++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/02/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_EncryptFilesonMove
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -34,32 +39,14 @@ manager: dansimp
 **ADMX_EncryptFilesonMove/NoEncryptOnMove**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,7 +61,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder.
+This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder.
 
 If you enable this policy setting, File Explorer will not automatically encrypt files that are moved to an encrypted folder.
 
@@ -83,16 +70,11 @@ If you disable or do not configure this policy setting, File Explorer automatica
 This setting applies only to files moved within a volume. When files are moved to other volumes, or if you create a new file in an encrypted folder, File Explorer encrypts those files automatically.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not automatically encrypt files moved to encrypted folders*
+-   GP Friendly name: *Do not automatically encrypt files moved to encrypted folders*
 -   GP name: *NoEncryptOnMove*
 -   GP path: *System*
 -   GP ADMX file name: *EncryptFilesonMove.admx*
@@ -101,8 +83,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
index 01df1bdf33..2ab763817c 100644
--- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/23/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_EnhancedStorage
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -49,32 +54,14 @@ manager: dansimp
 **ADMX_EnhancedStorage/ApprovedEnStorDevices**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -89,23 +76,17 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a list of Enhanced Storage devices by manufacturer and product ID that are usable on your computer.
+This policy setting allows you to configure a list of Enhanced Storage devices by manufacturer and product ID that are usable on your computer.
 
 If you enable this policy setting, only Enhanced Storage devices that contain a manufacturer and product ID specified in this policy are usable on your computer.
 
-If you disable or do not configure this policy setting, all Enhanced Storage devices are usable on your computer.
+If you disable or don't configure this policy setting, all Enhanced Storage devices are usable on your computer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure list of Enhanced Storage devices usable on your computer*
+-   GP Friendly name: *Configure list of Enhanced Storage devices usable on your computer*
 -   GP name: *ApprovedEnStorDevices*
 -   GP path: *System\Enhanced Storage Access*
 -   GP ADMX file name: *EnhancedStorage.admx*
@@ -118,32 +99,14 @@ ADMX Info:
 **ADMX_EnhancedStorage/ApprovedSilos**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -158,23 +121,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to create a list of IEEE 1667 silos, compliant with the Institute of Electrical and Electronics Engineers, Inc. (IEEE) 1667 specification, that are usable on your computer.
+This policy setting allows you to create a list of IEEE 1667 silos, compliant with the Institute of Electrical and Electronics Engineers, Inc. (IEEE) 1667 specification, that are usable on your computer.
 
 If you enable this policy setting, only IEEE 1667 silos that match a silo type identifier specified in this policy are usable on your computer.
 
-If you disable or do not configure this policy setting, all IEEE 1667 silos on Enhanced Storage devices are usable on your computer.
+If you disable or don't configure this policy setting, all IEEE 1667 silos on Enhanced Storage devices are usable on your computer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure list of IEEE 1667 silos usable on your computer*
+-   GP Friendly name: *Configure list of IEEE 1667 silos usable on your computer*
 -   GP name: *ApprovedSilos*
 -   GP path: *System\Enhanced Storage Access*
 -   GP ADMX file name: *EnhancedStorage.admx*
@@ -187,32 +144,14 @@ ADMX Info:
 **ADMX_EnhancedStorage/DisablePasswordAuthentication**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -227,23 +166,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device.
+This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device.
 
-If you enable this policy setting, a password cannot be used to unlock an Enhanced Storage device.
+If you enable this policy setting, a password can't be used to unlock an Enhanced Storage device.
 
-If you disable or do not configure this policy setting, a password can be used to unlock an Enhanced Storage device.
+If you disable or don't configure this policy setting, a password can be used to unlock an Enhanced Storage device.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not allow password authentication of Enhanced Storage devices*
+-   GP Friendly name: *Do not allow password authentication of Enhanced Storage devices*
 -   GP name: *DisablePasswordAuthentication*
 -   GP path: *System\Enhanced Storage Access*
 -   GP ADMX file name: *EnhancedStorage.admx*
@@ -256,32 +189,14 @@ ADMX Info:
 **ADMX_EnhancedStorage/DisallowLegacyDiskDevices**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -296,23 +211,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer.
+This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer.
 
-If you enable this policy setting, non-Enhanced Storage removable devices are not allowed on your computer.
+If you enable this policy setting, non-Enhanced Storage removable devices aren't allowed on your computer.
 
-If you disable or do not configure this policy setting, non-Enhanced Storage removable devices are allowed on your computer.
+If you disable or don't configure this policy setting, non-Enhanced Storage removable devices are allowed on your computer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not allow non-Enhanced Storage removable devices*
+-   GP Friendly name: *Do not allow non-Enhanced Storage removable devices*
 -   GP name: *DisallowLegacyDiskDevices*
 -   GP path: *System\Enhanced Storage Access*
 -   GP ADMX file name: *EnhancedStorage.admx*
@@ -325,32 +234,14 @@ ADMX Info:
 **ADMX_EnhancedStorage/LockDeviceOnMachineLock**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -365,25 +256,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting locks Enhanced Storage devices when the computer is locked.
+This policy setting locks Enhanced Storage devices when the computer is locked.
 
 This policy setting is supported in Windows Server SKUs only.
 
 If you enable this policy setting, the Enhanced Storage device remains locked when the computer is locked.
 
-If you disable or do not configure this policy setting, the Enhanced Storage device state is not changed when the computer is locked.
+If you disable or don't configure this policy setting, the Enhanced Storage device state isn't changed when the computer is locked.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Lock Enhanced Storage when the computer is locked*
+-   GP Friendly name: *Lock Enhanced Storage when the computer is locked*
 -   GP name: *LockDeviceOnMachineLock*
 -   GP path: *System\Enhanced Storage Access*
 -   GP ADMX file name: *EnhancedStorage.admx*
@@ -396,32 +281,14 @@ ADMX Info:
 **ADMX_EnhancedStorage/RootHubConnectedEnStorDevices**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -436,23 +303,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device.
+This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device.
 
 If you enable this policy setting, only USB root hub connected Enhanced Storage devices are allowed.
 
-If you disable or do not configure this policy setting, USB Enhanced Storage devices connected to both USB root hubs and non-root hubs will be allowed.
+If you disable or don't configure this policy setting, USB Enhanced Storage devices connected to both USB root hubs and non-root hubs will be allowed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow only USB root hub connected Enhanced Storage devices*
+-   GP Friendly name: *Allow only USB root hub connected Enhanced Storage devices*
 -   GP name: *RootHubConnectedEnStorDevices*
 -   GP path: *System\Enhanced Storage Access*
 -   GP ADMX file name: *EnhancedStorage.admx*
@@ -461,8 +322,5 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
index 3757e328fa..7e72497d05 100644
--- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
@@ -6,21 +6,26 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/23/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_ErrorReporting
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
                  
 
 
 ## ADMX_ErrorReporting policies  
 
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
                  
   
                  
     ADMX_ErrorReporting/PCH_AllOrNoneDef
@@ -118,32 +123,14 @@ manager: dansimp
 **ADMX_ErrorReporting/PCH_AllOrNoneDef**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -158,29 +145,23 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether errors in general applications are included in reports when Windows Error Reporting is enabled.
+This policy setting controls whether errors in general applications are included in reports when Windows Error Reporting is enabled.
 
 If you enable this policy setting, you can instruct Windows Error Reporting in the Default pull-down menu to report either all application errors (the default setting), or no application errors.
 
 If the Report all errors in Microsoft applications check box is filled, all errors in Microsoft applications are reported, regardless of the setting in the Default pull-down menu. When the Report all errors in Windows check box is filled, all errors in Windows applications are reported, regardless of the setting in the Default dropdown list. The Windows applications category is a subset of Microsoft applications.
 
-If you disable or do not configure this policy setting, users can enable or disable Windows Error Reporting in Control Panel. The default setting in Control Panel is Upload all applications.
+If you disable or don't configure this policy setting, users can enable or disable Windows Error Reporting in Control Panel. The default setting in Control Panel is Upload all applications.
 
 This policy setting is ignored if the Configure Error Reporting policy setting is disabled or not configured.
 
 For related information, see the Configure Error Reporting and Report Operating System Errors policy settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Default application reporting settings*
+-   GP Friendly name: *Default application reporting settings*
 -   GP name: *PCH_AllOrNoneDef*
 -   GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -193,32 +174,14 @@ ADMX Info:
 **ADMX_ErrorReporting/PCH_AllOrNoneEx**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -233,25 +196,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.
+This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.
 
-If you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. Errors that are generated by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors.
+If you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. Errors that are generated by applications in this list aren't reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors.
 
 If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence. If an application is listed both in the List of applications to always report errors for policy setting, and in the exclusion list in this policy setting, the application is excluded from error reporting. You can also use the exclusion list in this policy setting to exclude specific Microsoft applications or parts of Windows if the check boxes for these categories are filled in the Default application reporting settings policy setting.
 
-If you disable or do not configure this policy setting, the Default application reporting settings policy setting takes precedence.
+If you disable or don't configure this policy setting, the Default application reporting settings policy setting takes precedence.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *List of applications to never report errors for*
+-   GP Friendly name: *List of applications to never report errors for*
 -   GP name: *PCH_AllOrNoneEx*
 -   GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -264,32 +221,14 @@ ADMX Info:
 **ADMX_ErrorReporting/PCH_AllOrNoneInc**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -304,31 +243,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies applications for which Windows Error Reporting should always report errors.
+This policy setting specifies applications for which Windows Error Reporting should always report errors.
 
-To create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). Errors that are generated by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors.
+To create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). Errors that are generated by applications in this list aren't reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors.
 
 If you enable this policy setting, you can create a list of applications that are always included in error reporting. To add applications to the list, click Show under the Report errors for applications on this list setting, and edit the list of application file names in the Show Contents dialog box. The file names must include the .exe file name extension (for example, notepad.exe). Errors that are generated by applications on this list are always reported, even if the Default dropdown in the Default application reporting policy setting is set to report no application errors.
 
 If the Report all errors in Microsoft applications or Report all errors in Windows components check boxes in the Default Application Reporting policy setting are filled, Windows Error Reporting reports errors as if all applications in these categories were added to the list in this policy setting. (Note: The Microsoft applications category includes the Windows components category.)
 
-If you disable this policy setting or do not configure it, the Default application reporting settings policy setting takes precedence.
+If you disable this policy setting or don't configure it, the Default application reporting settings policy setting takes precedence.
 
 Also see the "Default Application Reporting" and "Application Exclusion List" policies.
 
 This setting will be ignored if the 'Configure Error Reporting' setting is disabled or not configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *List of applications to always report errors for*
+-   GP Friendly name: *List of applications to always report errors for*
 -   GP name: *PCH_AllOrNoneInc*
 -   GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -341,32 +275,14 @@ ADMX Info:
 **ADMX_ErrorReporting/PCH_ConfigureReport**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -381,44 +297,38 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures how errors are reported to Microsoft, and what information is sent when Windows Error Reporting is enabled.
+This policy setting configures how errors are reported to Microsoft, and what information is sent when Windows Error Reporting is enabled.
 
-This policy setting does not enable or disable Windows Error Reporting. To turn Windows Error Reporting on or off, see the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings.
+This policy setting doesn't enable or disable Windows Error Reporting. To turn Windows Error Reporting on or off, see the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings.
 
 > [!IMPORTANT]
-> If the Turn off Windows Error Reporting policy setting is not configured, then Control Panel settings for Windows Error Reporting override this policy setting.
+> If the Turn off Windows Error Reporting policy setting isn't configured, then Control Panel settings for Windows Error Reporting override this policy setting.
 
-If you enable this policy setting, the setting overrides any user changes made to Windows Error Reporting settings in Control Panel, and default values are applied for any Windows Error Reporting policy settings that are not configured (even if users have changed settings by using Control Panel). If you enable this policy setting, you can configure the following settings in the policy setting:
+If you enable this policy setting, the setting overrides any user changes made to Windows Error Reporting settings in Control Panel, and default values are applied for any Windows Error Reporting policy settings that aren't configured (even if users have changed settings by using Control Panel). If you enable this policy setting, you can configure the following settings in the policy setting:
 
-- "Do not display links to any Microsoft ‘More information’ websites": Select this option if you do not want error dialog boxes to display links to Microsoft websites.
+- "Do not display links to any Microsoft ‘More information’ websites": Select this option if you don't want error dialog boxes to display links to Microsoft websites.
 
-- "Do not collect additional files": Select this option if you do not want additional files to be collected and included in error reports.
+- "Do not collect additional files": Select this option if you don't want extra files to be collected and included in error reports.
 
-- "Do not collect additional computer data": Select this if you do not want additional information about the computer to be collected and included in error reports.
+- "Do not collect additional computer data": Select this option if you don't want additional information about the computer to be collected and included in error reports.
 
-- "Force queue mode for application errors": Select this option if you do not want users to report errors. When this option is selected, errors are stored in a queue directory, and the next administrator to log on to the computer can send the error reports to Microsoft.
+- "Force queue mode for application errors": Select this option if you don't want users to report errors. When this option is selected, errors are stored in a queue directory, and the next administrator to sign in to the computer can send the error reports to Microsoft.
 
-- "Corporate file path": Type a UNC path to enable Corporate Error Reporting.  All errors are stored at the specified location instead of being sent directly to Microsoft, and the next administrator to log onto the computer can send the error reports to Microsoft.
+- "Corporate file path": Type a UNC path to enable Corporate Error Reporting.  All errors are stored at the specified location instead of being sent directly to Microsoft, and the next administrator to sign in to the computer can send the error reports to Microsoft.
 
 - "Replace instances of the word ‘Microsoft’ with":  You can specify text with which to customize your error report dialog boxes.  The word ""Microsoft"" is replaced with the specified text.
 
-If you do not configure this policy setting, users can change Windows Error Reporting settings in Control Panel. By default, these settings are Enable Reporting on computers that are running Windows XP, and Report to Queue on computers that are running Windows Server 2003.
+If you don't configure this policy setting, users can change Windows Error Reporting settings in Control Panel. By default, these settings are Enable Reporting on computers that are running Windows XP, and Report to Queue on computers that are running Windows Server 2003.
 
 If you disable this policy setting, configuration settings in the policy setting are left blank.
 
 See related policy settings Display Error Notification (same folder as this policy setting), and Turn off Windows Error Reporting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure Error Reporting*
+-   GP Friendly name: *Configure Error Reporting*
 -   GP name: *PCH_ConfigureReport*
 -   GP path: *Windows Components\Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -431,32 +341,14 @@ ADMX Info:
 **ADMX_ErrorReporting/PCH_ReportOperatingSystemFaults**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -471,27 +363,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether errors in the operating system are included Windows Error Reporting is enabled.
+This policy setting controls whether errors in the operating system are included Windows Error Reporting is enabled.
 
 If you enable this policy setting, Windows Error Reporting includes operating system errors.
 
-If you disable this policy setting, operating system errors are not included in error reports.
+If you disable this policy setting, operating system errors aren't included in error reports.
 
-If you do not configure this policy setting, users can change this setting in Control Panel. By default, Windows Error Reporting settings in Control Panel are set to upload operating system errors.
+If you don't configure this policy setting, users can change this setting in Control Panel. By default, Windows Error Reporting settings in Control Panel are set to upload operating system errors.
 
 See also the Configure Error Reporting policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Report operating system errors*
+-   GP Friendly name: *Report operating system errors*
 -   GP name: *PCH_ReportOperatingSystemFaults*
 -   GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -504,32 +390,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerArchive_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -544,23 +412,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the behavior of the Windows Error Reporting archive.
+This policy setting controls the behavior of the Windows Error Reporting archive.
 
 If you enable this policy setting, you can configure Windows Error Reporting archiving behavior. If Archive behavior is set to Store all, all data collected for each error report is stored in the appropriate location. If Archive behavior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automatically deleted.
 
-If you disable or do not configure this policy setting, no Windows Error Reporting information is stored.
+If you disable or don't configure this policy setting, no Windows Error Reporting information is stored.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure Report Archive*
+-   GP Friendly name: *Configure Report Archive*
 -   GP name: *WerArchive_1*
 -   GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -573,32 +435,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerArchive_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|No|No|
 
 
 
                  
@@ -613,23 +457,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the behavior of the Windows Error Reporting archive.
+This policy setting controls the behavior of the Windows Error Reporting archive.
 
 If you enable this policy setting, you can configure Windows Error Reporting archiving behavior. If Archive behavior is set to Store all, all data collected for each error report is stored in the appropriate location. If Archive behavior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automatically deleted.
 
-If you disable or do not configure this policy setting, no Windows Error Reporting information is stored.
+If you disable or don't configure this policy setting, no Windows Error Reporting information is stored.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure Report Archive*
+-   GP Friendly name: *Configure Report Archive*
 -   GP name: *WerArchive_2*
 -   GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -642,32 +480,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerAutoApproveOSDumps_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -682,23 +502,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps.
+This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy doesn't apply to error reports generated by 3rd-party products, or to data other than memory dumps.
 
-If you enable or do not configure this policy setting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user.
+If you enable or don't configure this policy setting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user.
 
 If you disable this policy setting, then all memory dumps are uploaded according to the default consent and notification settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatically send memory dumps for OS-generated error reports*
+-   GP Friendly name: *Automatically send memory dumps for OS-generated error reports*
 -   GP name: *WerAutoApproveOSDumps_1*
 -   GP path: *Windows Components\Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -711,32 +525,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerAutoApproveOSDumps_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|No|No|
 
 
 
                  
@@ -751,23 +547,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps.
+This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy doesn't apply to error reports generated by 3rd-party products, or to data other than memory dumps.
 
-If you enable or do not configure this policy setting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user.
+If you enable or don't configure this policy setting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user.
 
 If you disable this policy setting, then all memory dumps are uploaded according to the default consent and notification settings.
 
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
 
 ADMX Info:  
--   GP English name: *Automatically send memory dumps for OS-generated error reports*
+-   GP Friendly name: *Automatically send memory dumps for OS-generated error reports*
 -   GP name: *WerAutoApproveOSDumps_2*
 -   GP path: *Windows Components\Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -780,32 +568,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerBypassDataThrottling_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -820,23 +590,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server.
+This policy setting determines whether Windows Error Reporting (WER) sends more first-level report data, accompanied by second-level report data, even if a CAB file containing data about the same event types has already been uploaded to the server.
 
-If you enable this policy setting, WER does not throttle data; that is, WER uploads additional CAB files that can contain data about the same event types as an earlier uploaded report.
+If you enable this policy setting, WER doesn't throttle data; that is, WER uploads more CAB files that can contain data about the same event types as an earlier uploaded report.
 
-If you disable or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a report that contains data about the same event types.
+If you disable or don't configure this policy setting, WER throttles data by default; that is, WER doesn't upload more than one CAB file for a report that contains data about the same event types.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not throttle additional data*
+-   GP Friendly name: *Do not throttle additional data*
 -   GP name: *WerBypassDataThrottling_1*
 -   GP path: *Windows Components\Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -849,32 +613,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerBypassDataThrottling_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -889,23 +635,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server.
+This policy setting determines whether Windows Error Reporting (WER) sends more first-level report data, accompanied by second-level report data, even if a CAB file containing data about the same event types has already been uploaded to the server.
 
-If you enable this policy setting, WER does not throttle data; that is, WER uploads additional CAB files that can contain data about the same event types as an earlier uploaded report.
+If you enable this policy setting, WER doesn't throttle data; that is, WER uploads more CAB files that can contain data about the same event types as an earlier uploaded report.
 
-If you disable or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a report that contains data about the same event types.
+If you disable or don't configure this policy setting, WER throttles data by default; that is, WER doesn't upload more than one CAB file for a report that contains data about the same event types.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not throttle additional data*
+-   GP Friendly name: *Do not throttle additional data*
 -   GP name: *WerBypassDataThrottling_2*
 -   GP path: *Windows Components\Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -918,32 +658,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerBypassNetworkCostThrottling_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -958,23 +680,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network.
+This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network.
 
-If you enable this policy setting, WER does not check for network cost policy restrictions, and transmits data even if network cost is restricted.
+If you enable this policy setting, WER doesn't check for network cost policy restrictions, and transmits data even if network cost is restricted.
 
-If you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the network profile is changed.
+If you disable or don't configure this policy setting, WER doesn't send data, but will check the network cost policy again if the network profile is changed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Send data when on connected to a restricted/costed network*
+-   GP Friendly name: *Send data when on connected to a restricted/costed network*
 -   GP name: *WerBypassNetworkCostThrottling_1*
 -   GP path: *Windows Components\Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -987,32 +703,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerBypassNetworkCostThrottling_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1027,23 +725,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network.
+This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network.
 
-If you enable this policy setting, WER does not check for network cost policy restrictions, and transmits data even if network cost is restricted.
+If you enable this policy setting, WER doesn't check for network cost policy restrictions, and transmits data even if network cost is restricted.
 
-If you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the network profile is changed.
+If you disable or don't configure this policy setting, WER doesn't send data, but will check the network cost policy again if the network profile is changed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Send data when on connected to a restricted/costed network*
+-   GP Friendly name: *Send data when on connected to a restricted/costed network*
 -   GP name: *WerBypassNetworkCostThrottling_2*
 -   GP path: *Windows Components\Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -1056,32 +748,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerBypassPowerThrottling_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1096,23 +770,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more permanent power source.
+This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but doesn't upload extra report data until the computer is connected to a more permanent power source.
 
-If you enable this policy setting, WER does not determine whether the computer is running on battery power, but checks for solutions and uploads report data normally.
+If you enable this policy setting, WER doesn't determine whether the computer is running on battery power, but checks for solutions and uploads report data normally.
 
-If you disable or do not configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data until the computer is connected to a more permanent power source.
+If you disable or don't configure this policy setting, WER checks for solutions while a computer is running on battery power, but doesn't upload report data until the computer is connected to a more permanent power source.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Send additional data when on battery power*
+-   GP Friendly name: *Send additional data when on battery power*
 -   GP name: *WerBypassPowerThrottling_1*
 -   GP path: *Windows Components\Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -1125,32 +793,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerBypassPowerThrottling_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1165,23 +815,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more permanent power source.
+This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but doesn't upload extra report data until the computer is connected to a more permanent power source.
 
-If you enable this policy setting, WER does not determine whether the computer is running on battery power, but checks for solutions and uploads report data normally.
+If you enable this policy setting, WER doesn't determine whether the computer is running on battery power, but checks for solutions and uploads report data normally.
 
-If you disable or do not configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data until the computer is connected to a more permanent power source.
+If you disable or don't configure this policy setting, WER checks for solutions while a computer is running on battery power, but doesn't upload report data until the computer is connected to a more permanent power source.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Send additional data when on battery power*
+-   GP Friendly name: *Send additional data when on battery power*
 -   GP name: *WerBypassPowerThrottling_2*
 -   GP path: *Windows Components\Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -1194,32 +838,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerCER**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1234,23 +860,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies a corporate server to which Windows Error Reporting sends reports (if you do not want to send error reports to Microsoft).
+This policy setting specifies a corporate server to which Windows Error Reporting sends reports (if you don't want to send error reports to Microsoft).
 
 If you enable this policy setting, you can specify the name or IP address of an error report destination server on your organization’s network. You can also select Connect using SSL to transmit error reports over a Secure Sockets Layer (SSL) connection, and specify a port number on the destination server for transmission.
 
-If you disable or do not configure this policy setting, Windows Error Reporting sends error reports to Microsoft.
+If you disable or don't configure this policy setting, Windows Error Reporting sends error reports to Microsoft.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure Corporate Windows Error Reporting*
+-   GP Friendly name: *Configure Corporate Windows Error Reporting*
 -   GP name: *WerCER*
 -   GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -1263,32 +883,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerConsentCustomize_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1303,33 +905,27 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the consent behavior of Windows Error Reporting for specific event types.
+This policy setting determines the consent behavior of Windows Error Reporting for specific event types.
 
-If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4.
+If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those types meant for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4.
 
 - 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type.
 
 - 1 (Always ask before sending data): Windows prompts the user for consent to send reports.
 
-- 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft.
+- 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send more data requested by Microsoft.
 
-- 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high probability) does not contain personally identifiable data, and prompts the user for consent to send any additional data requested by Microsoft.
+- 3 (Send parameters and safe extra data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and data which Windows has determined (within a high probability) doesn't contain personally identifiable data, and prompts the user for consent to send more data requested by Microsoft.
 
 - 4 (Send all data): Any data requested by Microsoft is sent automatically.
 
-If you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting.
+If you disable or don't configure this policy setting, then the default consent settings that are applied are those settings specified by the user in Control Panel, or in the Configure Default Consent policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Customize consent settings*
+-   GP Friendly name: *Customize consent settings*
 -   GP name: *WerConsentCustomize_1*
 -   GP path: *Windows Components\Windows Error Reporting\Consent*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -1342,32 +938,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerConsentOverride_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|No|No|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1382,23 +960,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.
+This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.
 
 If you enable this policy setting, the default consent levels of Windows Error Reporting always override any other consent policy setting.
 
-If you disable or do not configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports.
+If you disable or don't configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Ignore custom consent settings*
+-   GP Friendly name: *Ignore custom consent settings*
 -   GP name: *WerConsentOverride_1*
 -   GP path: *Windows Components\Windows Error Reporting\Consent*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -1411,32 +983,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerConsentOverride_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1451,23 +1005,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.
+This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.
 
 If you enable this policy setting, the default consent levels of Windows Error Reporting always override any other consent policy setting.
 
-If you disable or do not configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports.
+If you disable or don't configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Ignore custom consent settings*
+-   GP Friendly name: *Ignore custom consent settings*
 -   GP name: *WerConsentOverride_2*
 -   GP path: *Windows Components\Windows Error Reporting\Consent*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -1480,32 +1028,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerDefaultConsent_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1520,31 +1050,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the default consent behavior of Windows Error Reporting.
+This policy setting determines the default consent behavior of Windows Error Reporting.
 
 If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting:
 
 - Always ask before sending data: Windows prompts users for consent to send reports.
 
-- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send any additional data that is requested by Microsoft.
+- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send more data that is requested by Microsoft.
 
-- Send parameters and safe additional data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) does not contain personally-identifiable information is sent automatically, and Windows prompts the user for consent to send any additional data that is requested by Microsoft.
+- Send parameters and safe extra data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally identifiable information is sent automatically, and Windows prompts the user for consent to send more data that is requested by Microsoft.
 
 - Send all data: any error reporting data requested by Microsoft is sent automatically.
 
 If this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sending data.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure Default consent*
+-   GP Friendly name: *Configure Default consent*
 -   GP name: *WerDefaultConsent_1*
 -   GP path: *Windows Components\Windows Error Reporting\Consent*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -1557,32 +1081,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerDefaultConsent_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1597,31 +1103,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the default consent behavior of Windows Error Reporting.
+This policy setting determines the default consent behavior of Windows Error Reporting.
 
 If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting:
 
 - Always ask before sending data: Windows prompts users for consent to send reports.
 
-- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send any additional data that is requested by Microsoft.
+- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send more data that is requested by Microsoft.
 
-- Send parameters and safe additional data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) does not contain personally-identifiable information is sent automatically, and Windows prompts the user for consent to send any additional data that is requested by Microsoft.
+- Send parameters and safe extra data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) doesn't contain personally identifiable information is sent automatically, and Windows prompts the user for consent to send more data that is requested by Microsoft.
 
 - Send all data: any error reporting data requested by Microsoft is sent automatically.
 
 If this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sending data.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure Default consent*
+-   GP Friendly name: *Configure Default consent*
 -   GP name: *WerDefaultConsent_2*
 -   GP path: *Windows Components\Windows Error Reporting\Consent*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -1634,32 +1134,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerDisable_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1674,23 +1156,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.
+This policy setting turns off Windows Error Reporting, so that reports aren't collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.
 
-If you enable this policy setting, Windows Error Reporting does not send any problem information to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel.
+If you enable this policy setting, Windows Error Reporting doesn't send any problem information to Microsoft. Additionally, solution information isn't available in Security and Maintenance in Control Panel.
 
-If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied.
+If you disable or don't configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disable Windows Error Reporting*
+-   GP Friendly name: *Disable Windows Error Reporting*
 -   GP name: *WerDisable_1*
 -   GP path: *Windows Components\Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -1703,32 +1179,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerExlusion_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1743,24 +1201,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.
+This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.
 
 If you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. To remove an application from the list, click the name, and then press DELETE. If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence.
 
-If you disable or do not configure this policy setting, errors are reported on all Microsoft and Windows applications by default.
+If you disable or don't configure this policy setting, errors are reported on all Microsoft and Windows applications by default.
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *List of applications to be excluded*
+-   GP Friendly name: *List of applications to be excluded*
 -   GP name: *WerExlusion_1*
 -   GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -1773,32 +1225,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerExlusion_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1813,23 +1247,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.
+This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.
 
 If you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. To remove an application from the list, click the name, and then press DELETE. If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence.
 
-If you disable or do not configure this policy setting, errors are reported on all Microsoft and Windows applications by default.
+If you disable or don't configure this policy setting, errors are reported on all Microsoft and Windows applications by default.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *List of applications to be excluded*
+-   GP Friendly name: *List of applications to be excluded*
 -   GP name: *WerExlusion_2*
 -   GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -1842,32 +1270,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerNoLogging_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1882,23 +1292,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.
+This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.
 
-If you enable this policy setting, Windows Error Reporting events are not recorded in the system event log.
+If you enable this policy setting, Windows Error Reporting events aren't recorded in the system event log.
 
-If you disable or do not configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs.
+If you disable or don't configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disable logging*
+-   GP Friendly name: *Disable logging*
 -   GP name: *WerNoLogging_1*
 -   GP path: *Windows Components\Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -1911,32 +1315,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerNoLogging_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1951,23 +1337,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.
+This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.
 
-If you enable this policy setting, Windows Error Reporting events are not recorded in the system event log.
+If you enable this policy setting, Windows Error Reporting events aren't recorded in the system event log.
 
-If you disable or do not configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs.
+If you disable or don't configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disable logging*
+-   GP Friendly name: *Disable logging*
 -   GP name: *WerNoLogging_2*
 -   GP path: *Windows Components\Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -1980,32 +1360,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerNoSecondLevelData_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2020,23 +1382,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.
+This policy setting controls whether more data in support of error reports can be sent to Microsoft automatically.
 
-If you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user.
+If you enable this policy setting, any extra-data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user.
 
-If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.
+If you disable or don't configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not send additional data*
+-   GP Friendly name: *Do not send additional data*
 -   GP name: *WerNoSecondLevelData_1*
 -   GP path: *Windows Components\Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -2049,32 +1405,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerQueue_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2089,25 +1427,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of the Windows Error Reporting report queue.
+This policy setting determines the behavior of the Windows Error Reporting report queue.
 
 If you enable this policy setting, you can configure report queue behavior by using the controls in the policy setting. When the Queuing behavior pull-down list is set to Default, Windows determines, when a problem occurs, whether the report should be placed in the reporting queue, or the user should be prompted to send it immediately. When Queuing behavior is set to Always queue, all reports are added to the queue until the user is prompted to send the reports, or until the user sends problem reports by using the Solutions to Problems page in Control Panel.
 
 The Maximum number of reports to queue setting determines how many reports can be queued before older reports are automatically deleted. The setting for Number of days between solution check reminders determines the interval time between the display of system notifications that remind the user to check for solutions to problems. A value of 0 disables the reminder.
 
-If you disable or do not configure this policy setting, Windows Error Reporting reports are not queued, and users can only send reports at the time that a problem occurs.
+If you disable or don't configure this policy setting, Windows Error Reporting reports aren't queued, and users can only send reports at the time that a problem occurs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure Report Queue*
+-   GP Friendly name: *Configure Report Queue*
 -   GP name: *WerQueue_1*
 -   GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -2120,32 +1452,14 @@ ADMX Info:
 **ADMX_ErrorReporting/WerQueue_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2160,25 +1474,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of the Windows Error Reporting report queue.
+This policy setting determines the behavior of the Windows Error Reporting report queue.
 
 If you enable this policy setting, you can configure report queue behavior by using the controls in the policy setting. When the Queuing behavior pull-down list is set to Default, Windows determines, when a problem occurs, whether the report should be placed in the reporting queue, or the user should be prompted to send it immediately. When Queuing behavior is set to Always queue, all reports are added to the queue until the user is prompted to send the reports, or until the user sends problem reports by using the Solutions to Problems page in Control Panel. If Queuing behavior is set to Always queue for administrator, reports are queued until an administrator is prompted to send them, or until the administrator sends them by using the Solutions to Problems page in Control Panel.
 
 The Maximum number of reports to queue setting determines how many reports can be queued before older reports are automatically deleted. The setting for Number of days between solution check reminders determines the interval time between the display of system notifications that remind the user to check for solutions to problems. A value of 0 disables the reminder.
 
-If you disable or do not configure this policy setting, Windows Error Reporting reports are not queued, and users can only send reports at the time that a problem occurs.
+If you disable or don't configure this policy setting, Windows Error Reporting reports aren't queued, and users can only send reports at the time that a problem occurs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure Report Queue*
+-   GP Friendly name: *Configure Report Queue*
 -   GP name: *WerQueue_2*
 -   GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -2187,7 +1495,5 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
index f07d3af050..ffd209aa8f 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/17/2020
 ms.reviewer: 
 manager: dansimp
@@ -14,14 +14,19 @@ manager: dansimp
 
 # Policy CSP - ADMX_EventForwarding
 
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
                  
 
 
 ## ADMX_EventForwarding policies  
 
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
                  
   
                  
     ADMX_EventForwarding/ForwarderResourceUsage
@@ -38,32 +43,14 @@ manager: dansimp
 **ADMX_EventForwarding/ForwarderResourceUsage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -78,25 +65,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector.
+This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector.
 
-If you enable this policy setting, you can control the volume of events sent to the Event Collector by the source computer. This may be required in high volume environments.
+If you enable this policy setting, you can control the volume of events sent to the Event Collector by the source computer. This volume-control may be required in high-volume environments.
 
-If you disable or do not configure this policy setting, forwarder resource usage is not specified.
+If you disable or don't configure this policy setting, forwarder resource usage isn't specified.
 
 This setting applies across all subscriptions for the forwarder (source computer).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure forwarder resource usage*
+-   GP Friendly name: *Configure forwarder resource usage*
 -   GP name: *ForwarderResourceUsage*
 -   GP path: *Windows Components/Event Forwarding*
 -   GP ADMX file name: *EventForwarding.admx*
@@ -111,32 +93,14 @@ ADMX Info:
 **ADMX_EventForwarding/SubscriptionManager**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -151,7 +115,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager.
+This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager.
 
 If you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics.
 
@@ -164,19 +128,13 @@ Server=https://:5986/wsman/SubscriptionManager/WEC,Refres
 
 When using the HTTP protocol, use port 5985.
 
-If you disable or do not configure this policy setting, the Event Collector computer will not be specified.
+If you disable or don't configure this policy setting, the Event Collector computer won't be specified.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure target Subscription Manager*
+-   GP Friendly name: *Configure target Subscription Manager*
 -   GP name: *SubscriptionManager*
 -   GP path: *Windows Components/Event Forwarding*
 -   GP ADMX file name: *EventForwarding.admx*
@@ -185,8 +143,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md
index bdeee9c870..5156768413 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlog.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md
@@ -6,21 +6,26 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/01/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_EventLog
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
                  
 
 
 ## ADMX_EventLog policies  
 
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
                  
   
                  
     ADMX_EventLog/Channel_LogEnabled
@@ -94,32 +99,14 @@ manager: dansimp
 **ADMX_EventLog/Channel_LogEnabled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -134,23 +121,17 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns on logging.
+This policy setting turns on logging.
 
-If you enable or do not configure this policy setting, then events can be written to this log.
+If you enable or don't configure this policy setting, then events can be written to this log.
 
 If the policy setting is disabled, then no new events can be logged. Events can always be read from the log, regardless of this policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on logging*
+-   GP Friendly name: *Turn on logging*
 -   GP name: *Channel_LogEnabled*
 -   GP path: *Windows Components\Event Log Service\Setup*
 -   GP ADMX file name: *EventLog.admx*
@@ -163,32 +144,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_LogFilePath_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -203,23 +166,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
+This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
 
 If you enable this policy setting, the Event Log uses the path specified in this policy setting.
 
-If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.
+If you disable or don't configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Control the location of the log file*
+-   GP Friendly name: *Control the location of the log file*
 -   GP name: *Channel_LogFilePath_1*
 -   GP path: *Windows Components\Event Log Service\Application*
 -   GP ADMX file name: *EventLog.admx*
@@ -232,32 +189,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_LogFilePath_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -272,23 +211,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
+This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
 
 If you enable this policy setting, the Event Log uses the path specified in this policy setting.
 
-If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.
+If you disable or don't configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Control the location of the log file*
+-   GP Friendly name: *Control the location of the log file*
 -   GP name: *Channel_LogFilePath_2*
 -   GP path: *Windows Components\Event Log Service\Security*
 -   GP ADMX file name: *EventLog.admx*
@@ -301,32 +234,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_LogFilePath_3**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -341,23 +256,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
+This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
 
 If you enable this policy setting, the Event Log uses the path specified in this policy setting.
 
-If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.
+If you disable or don't configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Control the location of the log file*
+-   GP Friendly name: *Control the location of the log file*
 -   GP name: *Channel_LogFilePath_3*
 -   GP path: *Windows Components\Event Log Service\Setup*
 -   GP ADMX file name: *EventLog.admx*
@@ -370,32 +279,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_LogFilePath_4**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -410,23 +301,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
+This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
 
 If you enable this policy setting, the Event Log uses the path specified in this policy setting.
 
-If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.
+If you disable or don't configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on logging*
+-   GP Friendly name: *Turn on logging*
 -   GP name: *Channel_LogFilePath_4*
 -   GP path: *Windows Components\Event Log Service\System*
 -   GP ADMX file name: *EventLog.admx*
@@ -439,32 +324,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_LogMaxSize_3**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -479,23 +346,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the maximum size of the log file in kilobytes.
+This policy setting specifies the maximum size of the log file in kilobytes.
 
-If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes), in kilobyte increments.
+If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2,147,483,647 kilobytes), in kilobyte increments.
 
-If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte.
+If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify the maximum log file size (KB)*
+-   GP Friendly name: *Specify the maximum log file size (KB)*
 -   GP name: *Channel_LogMaxSize_3*
 -   GP path: *Windows Components\Event Log Service\Setup*
 -   GP ADMX file name: *EventLog.admx*
@@ -508,32 +369,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_Log_AutoBackup_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -548,25 +391,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
+This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
 
-If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.
+If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it's full. A new file is then started.
 
 If you disable this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and old events are retained.
 
-If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
+If you don't configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Back up log automatically when full*
+-   GP Friendly name: *Back up log automatically when full*
 -   GP name: *Channel_Log_AutoBackup_1*
 -   GP path: *Windows Components\Event Log Service\Application*
 -   GP ADMX file name: *EventLog.admx*
@@ -579,32 +416,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_Log_AutoBackup_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -619,25 +438,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
+This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
 
-If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.
+If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it's full. A new file is then started.
 
 If you disable this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and old events are retained.
 
-If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
+If you don't configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Back up log automatically when full*
+-   GP Friendly name: *Back up log automatically when full*
 -   GP name: *Channel_Log_AutoBackup_2*
 -   GP path: *Windows Components\Event Log Service\Security*
 -   GP ADMX file name: *EventLog.admx*
@@ -650,32 +463,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_Log_AutoBackup_3**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -690,25 +485,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
+This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
 
-If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.
+If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it's full. A new file is then started.
 
 If you disable this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and old events are retained.
 
-If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
+If you don't configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Back up log automatically when full*
+-   GP Friendly name: *Back up log automatically when full*
 -   GP name: *Channel_Log_AutoBackup_3*
 -   GP path: *Windows Components\Event Log Service\Setup*
 -   GP ADMX file name: *EventLog.admx*
@@ -721,32 +510,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_Log_AutoBackup_4**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -761,25 +532,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
+This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
 
-If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.
+If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it's full. A new file is then started.
 
 If you disable this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and old events are retained.
 
-If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
+If you don't configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Back up log automatically when full*
+-   GP Friendly name: *Back up log automatically when full*
 -   GP name: *Channel_Log_AutoBackup_4*
 -   GP path: *Windows Components\Event Log Service\System*
 -   GP ADMX file name: *EventLog.admx*
@@ -792,32 +557,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_Log_FileLogAccess_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -832,26 +579,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.
 
 If you enable this policy setting, only those users matching the security descriptor can access the log.
 
-If you disable or do not configure this policy setting, all authenticated users and system services can write, read, or clear this log.
+If you disable or don't configure this policy setting, all authenticated users and system services can write, read, or clear this log.
 
 > [!NOTE]
 > If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure log access*
+-   GP Friendly name: *Configure log access*
 -   GP name: *Channel_Log_FileLogAccess_1*
 -   GP path: *Windows Components\Event Log Service\Application*
 -   GP ADMX file name: *EventLog.admx*
@@ -864,32 +605,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_Log_FileLogAccess_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -904,26 +627,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You can't configure write permissions for this log. You must set both "configure log access" policy settings for this log in order to affect both modern and legacy tools.
 
 If you enable this policy setting, only those users whose security descriptor matches the configured specified value can access the log.
 
-If you disable or do not configure this policy setting, only system software and administrators can read or clear this log.
+If you disable or don't configure this policy setting, only system software and administrators can read or clear this log.
 
 > [!NOTE]
 > If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure log access*
+-   GP Friendly name: *Configure log access*
 -   GP name: *Channel_Log_FileLogAccess_2*
 -   GP path: *Windows Components\Event Log Service\Security*
 -   GP ADMX file name: *EventLog.admx*
@@ -936,32 +653,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_Log_FileLogAccess_3**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -976,26 +675,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.
 
 If you enable this policy setting, only those users matching the security descriptor can access the log.
 
-If you disable or do not configure this policy setting, all authenticated users and system services can write, read, or clear this log.
+If you disable or don't configure this policy setting, all authenticated users and system services can write, read, or clear this log.
 
 > [!NOTE]
 > If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure log access*
+-   GP Friendly name: *Configure log access*
 -   GP name: *Channel_Log_FileLogAccess_3*
 -   GP path: *Windows Components\Event Log Service\Setup*
 -   GP ADMX file name: *EventLog.admx*
@@ -1008,32 +701,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_Log_FileLogAccess_4**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1048,26 +723,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect both modern and legacy tools.
 
 If you enable this policy setting, only users whose security descriptor matches the configured value can access the log.
 
-If you disable or do not configure this policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it.
+If you disable or don't configure this policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it.
 
 > [!NOTE]
 > If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure log access*
+-   GP Friendly name: *Configure log access*
 -   GP name: *Channel_Log_FileLogAccess_4*
 -   GP path: *Windows Components\Event Log Service\System*
 -   GP ADMX file name: *EventLog.admx*
@@ -1080,32 +749,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_Log_FileLogAccess_5**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1120,25 +771,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect both modern and legacy tools.
 
 If you enable this policy setting, only those users matching the security descriptor can access the log.
 
 If you disable this policy setting, all authenticated users and system services can write, read, or clear this log.
 
-If you do not configure this policy setting, the previous policy setting configuration remains in effect.
+If you don't configure this policy setting, the previous policy setting configuration remains in effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure log access (legacy)*
+-   GP Friendly name: *Configure log access (legacy)*
 -   GP name: *Channel_Log_FileLogAccess_5*
 -   GP path: *Windows Components\Event Log Service\Application*
 -   GP ADMX file name: *EventLog.admx*
@@ -1151,32 +796,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_Log_FileLogAccess_6**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1191,25 +818,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You can't configure write permissions for this log.
 
 If you enable this policy setting, only those users whose security descriptor matches the configured specified value can access the log.
 
 If you disable this policy setting, only system software and administrators can read or clear this log.
 
-If you do not configure this policy setting, the previous policy setting configuration remains in effect.
+If you don't configure this policy setting, the previous policy setting configuration remains in effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure log access (legacy)*
+-   GP Friendly name: *Configure log access (legacy)*
 -   GP name: *Channel_Log_FileLogAccess_6*
 -   GP path: *Windows Components\Event Log Service\Security*
 -   GP ADMX file name: *EventLog.admx*
@@ -1222,32 +843,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_Log_FileLogAccess_7**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1262,25 +865,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect both modern and legacy tools.
 
 If you enable this policy setting, only those users matching the security descriptor can access the log.
 
 If you disable this policy setting, all authenticated users and system services can write, read, or clear this log.
 
-If you do not configure this policy setting, the previous policy setting configuration remains in effect.
+If you don't configure this policy setting, the previous policy setting configuration remains in effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure log access (legacy)*
+-   GP Friendly name: *Configure log access (legacy)*
 -   GP name: *Channel_Log_FileLogAccess_7*
 -   GP path: *Windows Components\Event Log Service\Setup*
 -   GP ADMX file name: *EventLog.admx*
@@ -1293,32 +890,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_Log_FileLogAccess_8**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1333,25 +912,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.
 
 If you enable this policy setting, only users whose security descriptor matches the configured value can access the log.
 
 If you disable this policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it.
 
-If you do not configure this policy setting, the previous policy setting configuration remains in effect.
+If you don't configure this policy setting, the previous policy setting configuration remains in effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure log access (legacy)*
+-   GP Friendly name: *Configure log access (legacy)*
 -   GP name: *Channel_Log_FileLogAccess_8*
 -   GP path: *Windows Components\Event Log Service\System*
 -   GP ADMX file name: *EventLog.admx*
@@ -1364,32 +937,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_Log_Retention_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|No|No|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1404,25 +959,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size.
+This policy setting controls Event Log behavior when the log file reaches its maximum size.
 
-If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.
+If you enable this policy setting and a log file reaches its maximum size, new events aren't written to the log and are lost.
 
-If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
+If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
 
 Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Control Event Log behavior when the log file reaches its maximum size*
+-   GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size*
 -   GP name: *Channel_Log_Retention_2*
 -   GP path: *Windows Components\Event Log Service\Security*
 -   GP ADMX file name: *EventLog.admx*
@@ -1435,32 +984,14 @@ ADMX Info:
 **ADMX_EventLog/Channel_Log_Retention_3**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1475,25 +1006,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size.
+This policy setting controls Event Log behavior when the log file reaches its maximum size.
 
-If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.
+If you enable this policy setting and a log file reaches its maximum size, new events aren't written to the log and are lost.
 
-If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
+If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
 
 Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Control Event Log behavior when the log file reaches its maximum size*
+-   GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size*
 -   GP name: *Channel_Log_Retention_3*
 -   GP path: *Windows Components\Event Log Service\Setup*
 -   GP ADMX file name: *EventLog.admx*
@@ -1503,35 +1028,18 @@ ADMX Info:
 
                  
 
 
-**ADMX_EventLog/Channel_Log_Retention_4**  
+**ADMX_EventLog/Channel_Log_Retention_4** 
+
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1546,25 +1054,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size.
+This policy setting controls Event Log behavior when the log file reaches its maximum size.
 
-If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.
+If you enable this policy setting and a log file reaches its maximum size, new events aren't written to the log and are lost.
 
-If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
+If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
 
 Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Control Event Log behavior when the log file reaches its maximum size*
+-   GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size*
 -   GP name: *Channel_Log_Retention_4*
 -   GP path: *Windows Components\Event Log Service\System*
 -   GP ADMX file name: *EventLog.admx*
@@ -1573,7 +1075,5 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
new file mode 100644
index 0000000000..135c65ed8f
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
@@ -0,0 +1,87 @@
+---
+title: Policy CSP - ADMX_EventLogging
+description: Policy CSP - ADMX_EventLogging
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/12/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_EventLogging
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_EventLogging policies  
+
+
                  
+  
                  
+    ADMX_EventLogging/EnableProtectedEventLogging
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_EventLogging/EnableProtectedEventLogging**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting lets you configure Protected Event Logging.  
+
+- If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide. 
+
+You can use the Unprotect-CmsMessage PowerShell cmdlet to decrypt these encrypted messages, if you have access to the private key corresponding to the public key that they were encrypted with.  
+
+- If you disable or don't configure this policy setting, components won't encrypt event log messages before writing them to the event log.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Enable Protected Event Logging*
+-   GP name: *EnableProtectedEventLogging*
+-   GP path: *Windows Components\Event Logging*
+-   GP ADMX file name: *EventLogging.admx*
+
+
+
+
                  
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
new file mode 100644
index 0000000000..b5dd4d7f65
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
@@ -0,0 +1,172 @@
+---
+title: Policy CSP - ADMX_EventViewer
+description: Policy CSP - ADMX_EventViewer
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/13/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_EventViewer
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_EventViewer policies  
+
+
                  
+  
                  
+    ADMX_EventViewer/EventViewer_RedirectionProgram
+  
                  
+  
                  
+    ADMX_EventViewer_RedirectionProgramCommandLineParameters
+  
                  
+  
                  
+    ADMX_EventViewer/EventViewer_RedirectionURL
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_EventViewer/EventViewer_RedirectionProgram**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This program is the one that will be invoked when the user clicks the `events.asp` link.
+
+
+ 
+  
+
+ADMX Info:  
+-   GP Friendly name: *Events.asp program*
+-   GP name: *EventViewer_RedirectionProgram*
+-   GP path: *Windows Components\Event Viewer*
+-   GP ADMX file name: *EventViewer.admx*
+
+
+
+
                  
+
+
+**ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This program specifies the command line parameters that will be passed to the `events.asp` program.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Events.asp program command line parameters*
+-   GP name: *EventViewer_RedirectionProgramCommandLineParameters*
+-   GP path: *Windows Components\Event Viewer*
+-   GP ADMX file name: *EventViewer.admx*
+
+
+
+
                  
+
+
+**ADMX_EventViewer/EventViewer_RedirectionURL**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This URL is the one that will be passed to the Description area in the Event Properties dialog box. 
+Change this value if you want to use a different Web server to handle event information requests.
+
+
+ 
+
+
+ADMX Info:  
+-   GP Friendly name: *Events.asp URL*
+-   GP name: *EventViewer_RedirectionURL*
+-   GP path: *Windows Components\Event Viewer*
+-   GP ADMX file name: *EventViewer.admx*
+
+
+
+
                  
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md
index 36140f5eeb..cc7f6818aa 100644
--- a/windows/client-management/mdm/policy-csp-admx-explorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-explorer.md
@@ -6,21 +6,26 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/08/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Explorer
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
                  
 
 
 ## ADMX_Explorer policies  
 
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
                  
   
                  
     ADMX_Explorer/AdminInfoUrl
@@ -46,32 +51,14 @@ manager: dansimp
 **ADMX_Explorer/AdminInfoUrl**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -86,19 +73,13 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.
+Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set a support web page link*
+-   GP Friendly name: *Set a support web page link*
 -   GP name: *AdminInfoUrl*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *Explorer.admx*
@@ -111,32 +92,14 @@ ADMX Info:
 **ADMX_Explorer/AlwaysShowClassicMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -158,22 +121,14 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting co
 
 If you enable this policy setting, the menu bar will be displayed in File Explorer.
 
-If you disable or do not configure this policy setting, the menu bar will not be displayed in File Explorer.  
+If you disable or don't configure this policy setting, the menu bar won't be displayed in File Explorer.  
 
 > [!NOTE]
 > When the menu bar is not displayed, users can access the menu bar by pressing the 'ALT' key.
 
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
 
 ADMX Info:  
--   GP English name: *Display the menu bar in File Explorer*
+-   GP Friendly name: *Display the menu bar in File Explorer*
 -   GP name: *AlwaysShowClassicMenu*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *Explorer.admx*
@@ -186,32 +141,14 @@ ADMX Info:
 **ADMX_Explorer/DisableRoamedProfileInit**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -226,21 +163,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows administrators who have configured roaming profile in conjunction with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer will not reinitialize default program associations and other settings to default values.
+This policy setting allows administrators who have configured roaming profile in conjunction with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer won't reinitialize default program associations and other settings to default values.
 
-If you enable this policy setting on a machine that does not contain all programs installed in the same manner as it was on the machine on which the user had last logged on, unexpected behavior could occur.
+If you enable this policy setting on a machine that doesn't contain all programs installed in the same manner as it was on the machine on which the user had last logged on, unexpected behavior could occur.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not reinitialize a pre-existing roamed user profile when it is loaded on a machine for the first time*
+-   GP Friendly name: *Do not reinitialize a pre-existing roamed user profile when it is loaded on a machine for the first time*
 -   GP name: *DisableRoamedProfileInit*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *Explorer.admx*
@@ -253,32 +184,14 @@ ADMX Info:
 **ADMX_Explorer/PreventItemCreationInUsersFilesFolder**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -293,26 +206,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.
+This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.
 
 If you enable this policy setting, users will no longer be able to add new items such as files or folders to the root of their Users Files folder in File Explorer.
 
-If you disable or do not configure this policy setting, users will be able to add new items such as files or folders to the root of their Users Files folder in File Explorer.
+If you disable or don't configure this policy setting, users will be able to add new items such as files or folders to the root of their Users Files folder in File Explorer.
 
 > [!NOTE]
-> Enabling this policy setting does not prevent the user from being able to add new items such as files and folders to their actual file system profile folder at %userprofile%.
+> Enabling this policy setting doesn't prevent the user from being able to add new items such as files and folders to their actual file system profile folder at %userprofile%.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent users from adding files to the root of their Users Files folder.*
+-   GP Friendly name: *Prevent users from adding files to the root of their Users Files folder.*
 -   GP name: *PreventItemCreationInUsersFilesFolder*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *Explorer.admx*
@@ -325,32 +232,14 @@ ADMX Info:
 **ADMX_Explorer/TurnOffSPIAnimations**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -365,19 +254,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy is similar to settings directly available to computer users.  Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios.
+This policy is similar to settings directly available to computer users.  Disabling animations can improve usability for users with some visual disabilities, and also improve performance and battery life in some scenarios.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off common control and window animations*
+-   GP Friendly name: *Turn off common control and window animations*
 -   GP name: *TurnOffSPIAnimations*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *Explorer.admx*
@@ -386,6 +269,4 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md
new file mode 100644
index 0000000000..88a074cba8
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md
@@ -0,0 +1,187 @@
+---
+title: Policy CSP - ADMX_ExternalBoot
+description: Policy CSP - ADMX_ExternalBoot
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.localizationpriority: medium
+ms.date: 09/13/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_ExternalBoot
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## Policy CSP - ADMX_ExternalBoot  
+
+
                  
+  
                  
+    ADMX_ExternalBoot/PortableOperatingSystem_Hibernate
+    
+  
                  
+  
                  
+    ADMX_ExternalBoot/PortableOperatingSystem_Sleep
+    
+  
                  
+  
                  
+    ADMX_ExternalBoot/PortableOperatingSystem_Launcher
+    
+  
                  
+
                  
+
+
                  
+
+
+**ADMX_ExternalBoot/PortableOperatingSystem_Hibernate**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace.  
+
+- If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC.  
+
+- If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, and can't hibernate the PC.
+
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow hibernate (S4) when starting from a Windows To Go workspace*
+-   GP name: *PortableOperatingSystem_Hibernate*
+-   GP path: *Windows Components\Portable Operating System*
+-   GP ADMX file name: *ExternalBoot.admx*
+
+
+
+
+
                  
+
+
+**ADMX_ExternalBoot/PortableOperatingSystem_Sleep**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy specifies whether the PC can use standby sleep states (S1-S3) when starting from a Windows To Go workspace.  
+
+If you enable this setting, Windows, when started from a Windows To Go workspace, can't use standby states to make the PC sleep.  
+
+If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, can use standby states to make the PC sleep.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace*
+-   GP name: *PortableOperatingSystem_Sleep*
+-   GP path: *Windows Components\Portable Operating System*
+-   GP ADMX file name: *ExternalBoot.admx*
+
+
+
+
+
                  
+
+
+**ADMX_ExternalBoot/PortableOperatingSystem_Launcher**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item.  
+
+- If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users won't be able to make changes using the Windows To Go Startup Options Control Panel item.  
+
+- If you disable this setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the BIOS or other boot order configuration.  
+
+If you don't configure this setting, users who are members of the Administrators group can make changes using the Windows To Go Startup Options Control Panel item.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Windows To Go Default Startup Options*
+-   GP name: *PortableOperatingSystem_Launcher*
+-   GP path: *Windows Components\Portable Operating System*
+-   GP ADMX file name: *ExternalBoot.admx*
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
index 7f2635d2ab..74cc4f3f50 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
@@ -6,16 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 03/24/2021
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_FileRecovery
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
                  
 
 
@@ -32,32 +36,14 @@ manager: dansimp
 **ADMX_FileRecovery/WdiScenarioExecutionPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -75,12 +61,7 @@ manager: dansimp
 > This policy setting applies to all sites in Trusted zones.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
@@ -90,8 +71,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
new file mode 100644
index 0000000000..3fd0807394
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
@@ -0,0 +1,87 @@
+---
+title: Policy CSP - ADMX_FileRevocation
+description: Policy CSP - ADMX_FileRevocation
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/13/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_FileRevocation
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+
                  
+  
                  
+    ADMX_FileRevocation/DelegatedPackageFamilyNames
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_FileRevocation/DelegatedPackageFamilyNames**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+Windows Runtime applications can protect content that has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that is protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format.   
+Example value: `Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy` 
+
+- If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device.    
+
+- If you disable or don't configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app.  
+
+Any other Windows Runtime application will only be able to revoke access to content it protected.  
+
+> [!NOTE]
+> Information the user should notice even if skimmingFile revocation applies to all content protected under the same second level domain as the provided enterprise identifier. Therefore, revoking an enterprise ID of `mail.contoso.com` will revoke the user’s access to all content protected under the contoso.com hierarchy.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow Windows Runtime apps to revoke enterprise data.*
+-   GP name: *DelegatedPackageFamilyNames*
+-   GP path: *Windows Components\File Revocation*
+-   GP ADMX file name: *FileRevocation.admx*
+
+
+
+
                  
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
index 856646d7d1..18ddd06906 100644
--- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
+++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/02/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_FileServerVSSProvider
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -34,32 +39,14 @@ manager: dansimp
 **ADMX_FileServerVSSProvider/Pol_EncryptProtocol**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,7 +61,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled.
+This policy setting determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled.
 
 VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares.
 
@@ -84,16 +71,10 @@ By default, the RPC protocol message between File Server VSS provider and File S
 > To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.*
+-   GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.*
 -   GP name: *Pol_EncryptProtocol*
 -   GP path: *System/File Share Shadow Copy Provider*
 -   GP ADMX file name: *FileServerVSSProvider.admx*
@@ -102,8 +83,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md
index b3759a2b16..ab0c455e6b 100644
--- a/windows/client-management/mdm/policy-csp-admx-filesys.md
+++ b/windows/client-management/mdm/policy-csp-admx-filesys.md
@@ -6,20 +6,25 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/02/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_FileSys
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
                  
 
 
-## ADMX_FileSys policies  
+## ADMX_FileSys policies 
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). 
 
 
                  
   
                  
@@ -53,32 +58,14 @@ manager: dansimp
 
 
 **ADMX_FileSys/DisableCompression**  
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -93,19 +80,14 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. 
+Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not allow compression on all NTFS volumes*
+-   GP Friendly name: *Do not allow compression on all NTFS volumes*
 -   GP name: *DisableCompression*
 -   GP path: *System/Filesystem/NTFS*
 -   GP ADMX file name: *FileSys.admx*
@@ -117,32 +99,14 @@ ADMX Info:
 
 **ADMX_FileSys/DisableDeleteNotification**  
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -157,23 +121,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.
+Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.
 
 A value of 0, the default, will enable delete notifications for all volumes.
 
 A value of 1 will disable delete notifications for all volumes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disable delete notifications on all volumes*
+-   GP Friendly name: *Disable delete notifications on all volumes*
 -   GP name: *DisableDeleteNotification*
 -   GP path: *System/Filesystem*
 -   GP ADMX file name: *FileSys.admx*
@@ -184,32 +142,14 @@ ADMX Info:
 
 
 **ADMX_FileSys/DisableEncryption**  
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -224,19 +164,12 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files.
+Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files.
 
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not allow encryption on all NTFS volumes*
+-   GP Friendly name: *Do not allow encryption on all NTFS volumes*
 -   GP name: *DisableEncryption*
 -   GP path: *System/Filesystem/NTFS*
 -   GP ADMX file name: *FileSys.admx*
@@ -247,32 +180,14 @@ ADMX Info:
 
 
 **ADMX_FileSys/EnablePagefileEncryption**  
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -287,19 +202,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted.
+Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enable NTFS pagefile encryption*
+-   GP Friendly name: *Enable NTFS pagefile encryption*
 -   GP name: *EnablePagefileEncryption*
 -   GP path: *System/Filesystem/NTFS*
 -   GP ADMX file name: *FileSys.admx*
@@ -310,32 +219,14 @@ ADMX Info:
 
 
 **ADMX_FileSys/LongPathsEnabled**  
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -350,19 +241,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process.
+Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enable Win32 long paths*
+-   GP Friendly name: *Enable Win32 long paths*
 -   GP name: *LongPathsEnabled*
 -   GP path: *System/Filesystem*
 -   GP ADMX file name: *FileSys.admx*
@@ -373,32 +258,14 @@ ADMX Info:
 
 
 **ADMX_FileSys/ShortNameCreationSettings**  
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -413,21 +280,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.
+This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.
 
-If you enable short names on all volumes then short names will always be generated. If you disable them on all volumes then they will never be generated. If you set short name creation to be configurable on a per volume basis then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes then short names will only be generated for files created on the system volume.
+If you enable short names on all volumes, then short names will always be generated. If you disable them on all volumes, then they'll never be generated. If you set short name creation to be configurable on a per volume basis, then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes, then short names will only be generated for files created on the system volume.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Short name creation options*
+-   GP Friendly name: *Short name creation options*
 -   GP name: *ShortNameCreationSettings*
 -   GP path: *System/Filesystem/NTFS*
 -   GP ADMX file name: *FileSys.admx*
@@ -439,32 +300,14 @@ ADMX Info:
 
 **ADMX_FileSys/SymlinkEvaluation**  
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -479,29 +322,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:  
+Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:  
 
 - Local Link to a Local Target
 - Local Link to a Remote Target
 - Remote Link to Remote Target
 - Remote Link to Local Target
 
-For more information, refer to the Windows Help section.
+For more information, see the Windows Help section.
 
 > [!NOTE]
 > If this policy is disabled or not configured, local administrators may select the types of symbolic links to be evaluated.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Selectively allow the evaluation of a symbolic link*
+-   GP Friendly name: *Selectively allow the evaluation of a symbolic link*
 -   GP name: *SymlinkEvaluation*
 -   GP path: *System/Filesystem*
 -   GP ADMX file name: *FileSys.admx*
@@ -512,32 +349,14 @@ ADMX Info:
 
 
 **ADMX_FileSys/TxfDeprecatedFunctionality**  
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -552,19 +371,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Enable it if you want to use the APIs.
+TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Enable it if you want to use the APIs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable / disable TXF deprecated features*
+-   GP Friendly name: *Enable / disable TXF deprecated features*
 -   GP name: *TxfDeprecatedFunctionality*
 -   GP path: *System/Filesystem/NTFS*
 -   GP ADMX file name: *FileSys.admx*
@@ -573,8 +387,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
index cfada38cac..cebe91fbd3 100644
--- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md
+++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
@@ -6,21 +6,26 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/02/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_FolderRedirection
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
                  
 
 
 ## ADMX_FolderRedirection policies  
 
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
                  
   
                  
     ADMX_FolderRedirection/DisableFRAdminPin
@@ -51,32 +56,14 @@ manager: dansimp
 
 **ADMX_FolderRedirection/DisableFRAdminPin**  
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -91,30 +78,24 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default.
+This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default.
 
 If you enable this policy setting, users must manually select the files they wish to make available offline.  
 
-If you disable or do not configure this policy setting, redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline.  
+If you disable or don't configure this policy setting, redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline.  
 
 > [!NOTE]
 > This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface.  
 >
-> Do not enable this policy setting if users will need access to their redirected files if the network or server holding the redirected files becomes unavailable.
+> Don't enable this policy setting if users will need access to their redirected files if the network or server holding the redirected files becomes unavailable.
 >
 > If one or more valid folder GUIDs are specified in the policy setting "Do not automatically make specific redirected folders available offline", that setting will override the configured value of "Do not automatically make all redirected folders available offline".
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not automatically make all redirected folders available offline*
+-   GP Friendly name: *Do not automatically make all redirected folders available offline*
 -   GP name: *DisableFRAdminPin*
 -   GP path: *System/Folder Redirection*
 -   GP ADMX file name: *FolderRedirection.admx*
@@ -126,32 +107,14 @@ ADMX Info:
 
 **ADMX_FolderRedirection/DisableFRAdminPinByFolder**  
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -166,11 +129,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether individual redirected shell folders are available offline by default.
+This policy setting allows you to control whether individual redirected shell folders are available offline by default.
 
 For the folders affected by this setting, users must manually select the files they wish to make available offline.
 
-If you disable or do not configure this policy setting, all redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline.
+If you disable or don't configure this policy setting, all redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline.
 
 > [!NOTE]
 > This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface.
@@ -178,16 +141,10 @@ If you disable or do not configure this policy setting, all redirected shell fol
 > The configuration of this policy for any folder will override the configured value of "Do not automatically make all redirected folders available offline".
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not automatically make specific redirected folders available offline*
+-   GP Friendly name: *Do not automatically make specific redirected folders available offline*
 -   GP name: *DisableFRAdminPinByFolder*
 -   GP path: *System/Folder Redirection*
 -   GP ADMX file name: *FolderRedirection.admx*
@@ -200,32 +157,14 @@ ADMX Info:
 **ADMX_FolderRedirection/FolderRedirectionEnableCacheRename**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -240,23 +179,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or simply renamed in the Offline Files cache when a folder is redirected to a new location.
+This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or renamed in the Offline Files cache when a folder is redirected to a new location.
 
 If you enable this policy setting, when the path to a redirected folder is changed from one network location to another and Folder Redirection is configured to move the content to the new location, instead of copying the content to the new location, the cached content is renamed in the local cache and not copied to the new location. To use this policy setting, you must move or restore the server content to the new network location using a method that preserves the state of the files, including their timestamps, before updating the Folder Redirection location.
 
-If you disable or do not configure this policy setting, when the path to a redirected folder is changed and Folder Redirection is configured to move the content to the new location, Windows copies the contents of the local cache to the new network location, then deleted the content from the old network location.
+If you disable or don't configure this policy setting, when the path to a redirected folder is changed and Folder Redirection is configured to move the content to the new location, Windows copies the contents of the local cache to the new network location, then deleted the content from the old network location.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enable optimized move of contents in Offline Files cache on Folder Redirection server path change*
+-   GP Friendly name: *Enable optimized move of contents in Offline Files cache on Folder Redirection server path change*
 -   GP name: *FolderRedirectionEnableCacheRename*
 -   GP path: *System/Folder Redirection*
 -   GP ADMX file name: *FolderRedirection.admx*
@@ -269,32 +202,14 @@ ADMX Info:
 **ADMX_FolderRedirection/LocalizeXPRelativePaths_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -309,7 +224,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
+This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
 
 If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder.
 
@@ -319,16 +234,10 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
 > This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirection policy already deployed for these folders in your existing localized environment.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Use localized subfolder names when redirecting Start Menu and My Documents*
+-   GP Friendly name: *Use localized subfolder names when redirecting Start Menu and My Documents*
 -   GP name: *LocalizeXPRelativePaths_1*
 -   GP path: *System/Folder Redirection*
 -   GP ADMX file name: *FolderRedirection.admx*
@@ -341,32 +250,14 @@ ADMX Info:
 **ADMX_FolderRedirection/LocalizeXPRelativePaths_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -381,7 +272,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
+This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
 
 If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder.
 
@@ -391,16 +282,10 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
 > This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirection policy already deployed for these folders in your existing localized environment.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Use localized subfolder names when redirecting Start Menu and My Documents*
+-   GP Friendly name: *Use localized subfolder names when redirecting Start Menu and My Documents*
 -   GP name: *LocalizeXPRelativePaths_2*
 -   GP path: *System/Folder Redirection*
 -   GP ADMX file name: *FolderRedirection.admx*
@@ -412,32 +297,14 @@ ADMX Info:
 
 **ADMX_FolderRedirection/PrimaryComputer_FR_1**  
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -452,28 +319,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
+This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve sign-in performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
 
 To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function.
 
 If you enable this policy setting and the user has redirected folders, such as the Documents and Pictures folders, the folders are redirected on the user's primary computer only.
 
-If you disable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user logs on to.
+If you disable or don't configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user signs in to.
 
 > [!NOTE]
 > If you enable this policy setting in Computer Configuration and User Configuration, the Computer Configuration policy setting takes precedence.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Redirect folders on primary computers only*
+-   GP Friendly name: *Redirect folders on primary computers only*
 -   GP name: *PrimaryComputer_FR_1*
 -   GP path: *System/Folder Redirection*
 -   GP ADMX file name: *FolderRedirection.admx*
@@ -485,32 +346,14 @@ ADMX Info:
 
 **ADMX_FolderRedirection/PrimaryComputer_FR_2**  
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -525,28 +368,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
+This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve sign-in performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
 
 To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function.
 
 If you enable this policy setting and the user has redirected folders, such as the Documents and Pictures folders, the folders are redirected on the user's primary computer only.
 
-If you disable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user logs on to.
+If you disable or don't configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user signs in to.
 
 > [!NOTE]
 > If you enable this policy setting in Computer Configuration and User Configuration, the Computer Configuration policy setting takes precedence.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Redirect folders on primary computers only*
+-   GP Friendly name: *Redirect folders on primary computers only*
 -   GP name: *PrimaryComputer_FR_2*
 -   GP path: *System/Folder Redirection*
 -   GP ADMX file name: *FolderRedirection.admx*
@@ -555,8 +393,5 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md
new file mode 100644
index 0000000000..4b83f0c105
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md
@@ -0,0 +1,134 @@
+---
+title: Policy CSP - ADMX_FramePanes
+description: Policy CSP - ADMX_FramePanes
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/14/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_FramePanes
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
                  
+
+
+## ADMX_FramePanes policies  
+
+
                  
+  
                  
+    ADMX_FramePanes/NoReadingPane
+  
                  
+  
                  
+    ADMX_FramePanes/NoPreviewPane
+  
                    
+
                  
+
+
+
                  
+
+
+**ADMX_FramePanes/NoReadingPane**  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting shows or hides the Details Pane in File Explorer.  
+
+- If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and can't be turned on by the user.  
+
+- If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and can't be hidden by the user. 
+
+> [!NOTE]
+> This has a side effect of not being able to toggle to the Preview Pane since the two can't be displayed at the same time.  
+
+- If you disable, or don't configure this policy setting, the Details Pane is hidden by default and can be displayed by the user.
+
+This setting is the default policy setting.
+
+ 
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn on or off details pane*
+-   GP name: *NoReadingPane*
+-   GP path: *Windows Components\File Explorer\Explorer Frame Pane*
+-   GP ADMX file name: *FramePanes.admx*
+
+
+
+
                  
+
+
+**ADMX_FramePanes/NoPreviewPane**  
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+Hides the Preview Pane in File Explorer.  
+
+- If you enable this policy setting, the Preview Pane in File Explorer is hidden and can't be turned on by the user.  
+
+- If you disable, or don't configure this setting, the Preview Pane is hidden by default and can be displayed by the user.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off Preview Pane*
+-   GP name: *NoPreviewPane*
+-   GP path: *Windows Components\File Explorer\Explorer Frame Pane*
+-   GP ADMX file name: *FramePanes.admx*
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
new file mode 100644
index 0000000000..3cf5694548
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
@@ -0,0 +1,89 @@
+---
+title: Policy CSP - ADMX_FTHSVC
+description: Policy CSP - ADMX_FTHSVC
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/15/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_FTHSVC
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_FTHSVC policies  
+
+
                  
+  
                  
+    ADMX_FTHSVC/WdiScenarioExecutionPolicy
+  
                  
+
                  
+
+
                  
+
+
+**ADMX_FTHSVC/WdiScenarioExecutionPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+
                  
+
+
+
+This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems.  
+
+- If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems.  
+
+- If you disable this policy setting, Windows cannot detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS.  
+If you do not configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default.  
+This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.  
+This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. 
+The DPS can be configured with the Services snap-in to the Microsoft Management Console.  
+No system restart or service restart is required for this policy setting to take effect: changes take effect immediately.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure Scenario Execution Level*
+-   GP name: *WdiScenarioExecutionPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Fault Tolerant Heap*
+-   GP ADMX file name: *FTHSVC.admx*
+
+
+
+
+
                  
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md
index b37e84f406..45623d01c7 100644
--- a/windows/client-management/mdm/policy-csp-admx-globalization.md
+++ b/windows/client-management/mdm/policy-csp-admx-globalization.md
@@ -6,21 +6,26 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/14/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Globalization
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
                  
 
 
 ## ADMX_Globalization policies  
 
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
                  
   
                  
     ADMX_Globalization/BlockUserInputMethodsForSignIn
@@ -103,32 +108,14 @@ manager: dansimp
 **ADMX_Globalization/BlockUserInputMethodsForSignIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -143,25 +130,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy prevents automatic copying of user input methods to the system account for use on the sign-in screen. The user is restricted to the set of input methods that are enabled in the system account.
+This policy prevents automatic copying of user input methods to the system account for use on the sign-in screen. The user is restricted to the set of input methods that are enabled in the system account.
 
-Note this does not affect the availability of user input methods on the lock screen or with the UAC prompt.
+This confinement doesn't affect the availability of user input methods on the lock screen or with the UAC prompt.
 
 If the policy is Enabled, then the user will get input methods enabled for the system account on the sign-in page.
 
 If the policy is Disabled or Not Configured, then the user will be able to use input methods enabled for their user account on the sign-in page.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Disallow copying of user input methods to the system account for sign-in*
+-   GP Friendly name: *Disallow copying of user input methods to the system account for sign-in*
 -   GP name: *BlockUserInputMethodsForSignIn*
 -   GP path: *System\Locale Services*
 -   GP ADMX file name: *Globalization.admx*
@@ -174,32 +156,14 @@ ADMX Info:
 **ADMX_Globalization/CustomLocalesNoSelect_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -214,31 +178,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.
+This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.
 
-This does not affect the selection of replacement locales. To prevent the selection of replacement locales, adjust the permissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users.
+This confinement doesn't affect the selection of replacement locales. To prevent the selection of replacement locales, adjust the permissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users.
 
-The policy setting "Restrict user locales" can also be enabled to disallow selection of a custom locale, even if this policy setting is not configured.
+The policy setting "Restrict user locales" can also be enabled to disallow selection of a custom locale, even if this policy setting isn't configured.
 
-If you enable this policy setting, the user cannot select a custom locale as their user locale, but they can still select a replacement locale if one is installed.
+If you enable this policy setting, the user can't select a custom locale as their user locale, but they can still select a replacement locale if one is installed.
 
-If you disable or do not configure this policy setting, the user can select a custom locale as their user locale.
+If you disable or don't configure this policy setting, the user can select a custom locale as their user locale.
 
-If this policy setting is enabled at the machine level, it cannot be disabled by a per-user policy setting. If this policy setting is disabled at the machine level, the per-user policy setting will be ignored. If this policy setting is not configured at the machine level, restrictions will be based on per-user policy settings.
+If this policy setting is enabled at the machine level, it can't be disabled by a per-user policy setting. If this policy setting is disabled at the machine level, the per-user policy setting will be ignored. If this policy setting isn't configured at the machine level, restrictions will be based on per-user policy settings.
 
-To set this policy setting on a per-user basis, make sure that you do not configure the per-machine policy setting.
+To set this policy setting on a per-user basis, make sure that you don't configure the per-machine policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disallow selection of Custom Locales*
+-   GP Friendly name: *Disallow selection of Custom Locales*
 -   GP name: *CustomLocalesNoSelect_1*
 -   GP path: *System\Locale Services*
 -   GP ADMX file name: *Globalization.admx*
@@ -251,32 +209,14 @@ ADMX Info:
 **ADMX_Globalization/CustomLocalesNoSelect_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -291,31 +231,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.
+This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.
 
-This does not affect the selection of replacement locales. To prevent the selection of replacement locales, adjust the permissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users.
+This confinement doesn't affect the selection of replacement locales. To prevent the selection of replacement locales, adjust the permissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users.
 
-The policy setting "Restrict user locales" can also be enabled to disallow selection of a custom locale, even if this policy setting is not configured.
+The policy setting "Restrict user locales" can also be enabled to disallow selection of a custom locale, even if this policy setting isn't configured.
 
-If you enable this policy setting, the user cannot select a custom locale as their user locale, but they can still select a replacement locale if one is installed.
+If you enable this policy setting, the user can't select a custom locale as their user locale, but they can still select a replacement locale if one is installed.
 
-If you disable or do not configure this policy setting, the user can select a custom locale as their user locale.
+If you disable or don't configure this policy setting, the user can select a custom locale as their user locale.
 
-If this policy setting is enabled at the machine level, it cannot be disabled by a per-user policy setting. If this policy setting is disabled at the machine level, the per-user policy setting will be ignored. If this policy setting is not configured at the machine level, restrictions will be based on per-user policy settings.
+If this policy setting is enabled at the machine level, it can't be disabled by a per-user policy setting. If this policy setting is disabled at the machine level, the per-user policy setting will be ignored. If this policy setting isn't configured at the machine level, restrictions will be based on per-user policy settings.
 
-To set this policy setting on a per-user basis, make sure that you do not configure the per-machine policy setting.
+To set this policy setting on a per-user basis, make sure that you don't configure the per-machine policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disallow selection of Custom Locales*
+-   GP Friendly name: *Disallow selection of Custom Locales*
 -   GP name: *CustomLocalesNoSelect_2*
 -   GP path: *System\Locale Services*
 -   GP ADMX file name: *Globalization.admx*
@@ -328,32 +262,14 @@ ADMX Info:
 **ADMX_Globalization/HideAdminOptions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -368,31 +284,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Administrative options from the Region settings control panel.
+This policy setting removes the Administrative options from the Region settings control panel.
 
-Administrative options include interfaces for setting system locale and copying settings to the default user. This policy setting does not, however, prevent an administrator or another application from changing these values programmatically.
+Administrative options include interfaces for setting system locale and copying settings to the default user. This policy setting doesn't, however, prevent an administrator or another application from changing these values programmatically.
 
 This policy setting is used only to simplify the Regional Options control panel.
 
-If you enable this policy setting, the user cannot see the Administrative options.
+If you enable this policy setting, the user can't see the Administrative options.
 
-If you disable or do not configure this policy setting, the user can see the Administrative options.
+If you disable or don't configure this policy setting, the user can see the Administrative options.
 
 > [!NOTE]
 > Even if a user can see the Administrative options, other policies may prevent them from modifying the values.
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Hide Regional and Language Options administrative options*
+-   GP Friendly name: *Hide Regional and Language Options administrative options*
 -   GP name: *HideAdminOptions*
 -   GP path: *Control Panel\Regional and Language Options*
 -   GP ADMX file name: *Globalization.admx*
@@ -405,32 +315,14 @@ ADMX Info:
 **ADMX_Globalization/HideCurrentLocation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -445,28 +337,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control panel.
+This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control panel.
 
 This policy setting is used only to simplify the Regional Options control panel.
 
-If you enable this policy setting, the user does not see the option to change the GeoID. This does not prevent the user or an application from changing the GeoID programmatically.
+If you enable this policy setting, the user doesn't see the option to change the GeoID. This lack of display doesn't prevent the user or an application from changing the GeoID programmatically.
 
-If you disable or do not configure this policy setting, the user sees the option for changing the user location (GeoID).
+If you disable or don't configure this policy setting, the user sees the option for changing the user location (GeoID).
 
 > [!NOTE]
 > Even if a user can see the GeoID option, the "Disallow changing of geographical location" option can prevent them from actually changing their current geographical location.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Hide the geographic location option*
+-   GP Friendly name: *Hide the geographic location option*
 -   GP name: *HideCurrentLocation*
 -   GP path: *Control Panel\Regional and Language Options*
 -   GP ADMX file name: *Globalization.admx*
@@ -479,32 +365,14 @@ ADMX Info:
 **ADMX_Globalization/HideLanguageSelection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -519,27 +387,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.
+This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.
 
 This policy setting is used only to simplify the Regional Options control panel.
 
-If you enable this policy setting, the user does not see the option for changing the UI language. This does not prevent the user or an application from changing the UI language programmatically.  If you disable or do not configure this policy setting, the user sees the option for changing the UI language.
+If you enable this policy setting, the user doesn't see the option for changing the UI language. This lack of display doesn't prevent the user or an application from changing the UI language programmatically.  If you disable or don't configure this policy setting, the user sees the option for changing the UI language.
 
 > [!NOTE]
 > Even if a user can see the option to change the UI language, other policy settings can prevent them from changing their UI language.
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Hide the select language group options*
+-   GP Friendly name: *Hide the select language group options*
 -   GP name: *HideLanguageSelection*
 -   GP path: *Control Panel\Regional and Language Options*
 -   GP ADMX file name: *Globalization.admx*
@@ -552,32 +414,14 @@ ADMX Info:
 **ADMX_Globalization/HideLocaleSelectAndCustomize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -592,25 +436,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the regional formats interface from the Region settings control panel.
+This policy setting removes the regional formats interface from the Region settings control panel.
 
 This policy setting is used only to simplify the Regional and Language Options control panel.
 
-If you enable this policy setting, the user does not see the regional formats options. This does not prevent the user or an application from changing their user locale or user overrides programmatically.
+If you enable this policy setting, the user doesn't see the regional formats options. This lack of display doesn't prevent the user or an application from changing their user locale or user overrides programmatically.
 
-If you disable or do not configure this policy setting, the user sees the regional formats options for changing and customizing the user locale.
+If you disable or don't configure this policy setting, the user sees the regional formats options for changing and customizing the user locale.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Hide user locale selection and customization options*
+-   GP Friendly name: *Hide user locale selection and customization options*
 -   GP name: *HideLocaleSelectAndCustomize*
 -   GP path: *Control Panel\Regional and Language Options*
 -   GP ADMX file name: *Globalization.admx*
@@ -623,32 +461,14 @@ ADMX Info:
 **ADMX_Globalization/ImplicitDataCollectionOff_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -663,18 +483,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the automatic learning component of handwriting recognition personalization.
+This policy setting turns off the automatic learning component of handwriting recognition personalization.
 
-Automatic learning enables the collection and storage of text and ink written by the user in order to help adapt handwriting recognition to the vocabulary and handwriting style of the user.  Text that is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content or the browser history does not delete the stored personalization data. Ink entered through Input Panel is collected and stored.
+Automatic learning enables the collection and storage of text and ink written by the user in order to help adapt handwriting recognition to the vocabulary and handwriting style of the user.  Text that is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, and URLs from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content or the browser history doesn't delete the stored personalization data. Ink entered through Input Panel is collected and stored.
 
 > [!NOTE]
-> Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. See Tablet PC Help for more information.
+> Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. For more information, see Tablet PC Help.
 
-If you enable this policy setting, automatic learning stops and any stored data is deleted. Users cannot configure this setting in Control Panel.
+If you enable this policy setting, automatic learning stops and any stored data is deleted. Users can't configure this setting in Control Panel.
 
-If you disable this policy setting, automatic learning is turned on. Users cannot configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on.
+If you disable this policy setting, automatic learning is turned on. Users can't configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on.
 
-If you do not configure this policy, users can choose to enable or disable automatic learning either from the Handwriting tab in the Tablet Settings in Control Panel or from the opt-in dialog.
+If you don't configure this policy, users can choose to enable or disable automatic learning either from the Handwriting tab in the Tablet Settings in Control Panel or from the opt-in dialog.
 
 This policy setting is related to the "Turn off handwriting personalization" policy setting.
 
@@ -684,16 +504,10 @@ This policy setting is related to the "Turn off handwriting personalization" pol
 > Handwriting personalization works only for Microsoft handwriting recognizers, and not with third-party recognizers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off automatic learning*
+-   GP Friendly name: *Turn off automatic learning*
 -   GP name: *ImplicitDataCollectionOff_1*
 -   GP path: *Control Panel\Regional and Language Options\Handwriting personalization*
 -   GP ADMX file name: *Globalization.admx*
@@ -706,32 +520,14 @@ ADMX Info:
 **ADMX_Globalization/ImplicitDataCollectionOff_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -746,18 +542,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the automatic learning component of handwriting recognition personalization.
+This policy setting turns off the automatic learning component of handwriting recognition personalization.
 
-Automatic learning enables the collection and storage of text and ink written by the user in order to help adapt handwriting recognition to the vocabulary and handwriting style of the user.  Text that is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content or the browser history does not delete the stored personalization data. Ink entered through Input Panel is collected and stored.
+Automatic learning enables the collection and storage of text and ink written by the user in order to help adapt handwriting recognition to the vocabulary and handwriting style of the user.  Text that is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, and URLs from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content or the browser history doesn't delete the stored personalization data. Ink entered through Input Panel is collected and stored.
 
 > [!NOTE]
-> Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. See Tablet PC Help for more information.
+> Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. For more information, see Tablet PC Help.
 
-If you enable this policy setting, automatic learning stops and any stored data is deleted. Users cannot configure this setting in Control Panel.
+If you enable this policy setting, automatic learning stops and any stored data is deleted. Users can't configure this setting in Control Panel.
 
-If you disable this policy setting, automatic learning is turned on. Users cannot configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on.
+If you disable this policy setting, automatic learning is turned on. Users can't configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handwriting personalization is turned on.
 
-If you do not configure this policy, users can choose to enable or disable automatic learning either from the Handwriting tab in the Tablet Settings in Control Panel or from the opt-in dialog.
+If you don't configure this policy, users can choose to enable or disable automatic learning either from the Handwriting tab in the Tablet Settings in Control Panel or from the opt-in dialog.
 
 This policy setting is related to the "Turn off handwriting personalization" policy setting.
 
@@ -767,16 +563,10 @@ This policy setting is related to the "Turn off handwriting personalization" pol
 > Handwriting personalization works only for Microsoft handwriting recognizers, and not with third-party recognizers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off automatic learning*
+-   GP Friendly name: *Turn off automatic learning*
 -   GP name: *ImplicitDataCollectionOff_2*
 -   GP path: *Control Panel\Regional and Language Options\Handwriting personalization*
 -   GP ADMX file name: *Globalization.admx*
@@ -789,32 +579,14 @@ ADMX Info:
 **ADMX_Globalization/LocaleSystemRestrict**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -829,25 +601,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts the permitted system locales to the specified list. If the list is empty, it locks the system locale to its current value. This policy setting does not change the existing system locale; however, the next time that an administrator attempts to change the computer's system locale, they will be restricted to the specified list.
+This policy setting restricts the permitted system locales to the specified list. If the list is empty, it locks the system locale to its current value. This policy setting doesn't change the existing system locale; however, the next time that an administrator attempts to change the computer's system locale, they'll be restricted to the specified list.
 
 The locale list is specified using language names, separated by a semicolon (;). For example, en-US is English (United States). Specifying "en-US;en-CA" would restrict the system locale to English (United States) and English (Canada).
 
 If you enable this policy setting, administrators can select a system locale only from the specified system locale list.
 
-If you disable or do not configure this policy setting, administrators can select any system locale shipped with the operating system.
+If you disable or don't configure this policy setting, administrators can select any system locale shipped with the operating system.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Restrict system locales*
+-   GP Friendly name: *Restrict system locales*
 -   GP name: *LocaleSystemRestrict*
 -   GP path: *System\Locale Services*
 -   GP ADMX file name: *Globalization.admx*
@@ -860,32 +626,14 @@ ADMX Info:
 **ADMX_Globalization/LocaleUserRestrict_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -900,27 +648,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting does not change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list.
+This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting doesn't change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list.
 
-To set this policy setting on a per-user basis, make sure that you do not configure the per-computer policy setting.
+To set this policy setting on a per-user basis, make sure that you don't configure the per-computer policy setting.
 
 The locale list is specified using language tags, separated by a semicolon (;). For example, en-US is English (United States). Specifying "en-CA;fr-CA" would restrict the user locale to English (Canada) and French (Canada).
 
 If you enable this policy setting, only locales in the specified locale list can be selected by users.
 
-If you disable or do not configure this policy setting, users can select any locale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting.  If this policy setting is enabled at the computer level, it cannot be disabled by a per-user policy. If this policy setting is disabled at the computer level, the per-user policy is ignored. If this policy setting is not configured at the computer level, restrictions are based on per-user policies.
+If you disable or don't configure this policy setting, users can select any locale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting.  If this policy setting is enabled at the computer level, it can't be disabled by a per-user policy. If this policy setting is disabled at the computer level, the per-user policy is ignored. If this policy setting isn't configured at the computer level, restrictions are based on per-user policies.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Restrict user locales*
+-   GP Friendly name: *Restrict user locales*
 -   GP name: *LocaleUserRestrict_1*
 -   GP path: *System\Locale Services*
 -   GP ADMX file name: *Globalization.admx*
@@ -933,32 +675,14 @@ ADMX Info:
 **ADMX_Globalization/LocaleUserRestrict_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -973,29 +697,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting does not change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list.
+This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting doesn't change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list.
 
-To set this policy setting on a per-user basis, make sure that you do not configure the per-computer policy setting.
+To set this policy setting on a per-user basis, make sure that you don't configure the per-computer policy setting.
 
 The locale list is specified using language tags, separated by a semicolon (;). For example, en-US is English (United States). Specifying "en-CA;fr-CA" would restrict the user locale to English (Canada) and French (Canada).
 
 If you enable this policy setting, only locales in the specified locale list can be selected by users.
 
-If you disable or do not configure this policy setting, users can select any locale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting.
+If you disable or don't configure this policy setting, users can select any locale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting.
 
-If this policy setting is enabled at the computer level, it cannot be disabled by a per-user policy. If this policy setting is disabled at the computer level, the per-user policy is ignored. If this policy setting is not configured at the computer level, restrictions are based on per-user policies.
+If this policy setting is enabled at the computer level, it can't be disabled by a per-user policy. If this policy setting is disabled at the computer level, the per-user policy is ignored. If this policy setting isn't configured at the computer level, restrictions are based on per-user policies.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Restrict user locales*
+-   GP Friendly name: *Restrict user locales*
 -   GP name: *LocaleUserRestrict_2*
 -   GP path: *System\Locale Services*
 -   GP ADMX file name: *Globalization.admx*
@@ -1008,32 +726,14 @@ ADMX Info:
 **ADMX_Globalization/LockMachineUILanguage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1048,25 +748,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts the Windows UI language for all users.
+This policy setting restricts the Windows UI language for all users.
 
-This is a policy setting for computers with more than one UI language installed.
+This policy setting is meant for computers with more than one UI language installed.
 
-If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language will follow the language specified by the administrator as the system UI languages. The UI language selected by the user will be ignored if it is different than any of the system UI languages.
+If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language will follow the language specified by the administrator as the system UI languages. The UI language selected by the user will be ignored if it's different than any of the system UI languages.
 
-If you disable or do not configure this policy setting, the user can specify which UI language is used.
+If you disable or don't configure this policy setting, the user can specify which UI language is used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Restricts the UI language Windows uses for all logged users*
+-   GP Friendly name: *Restricts the UI language Windows uses for all logged users*
 -   GP name: *LockMachineUILanguage*
 -   GP path: *Control Panel\Regional and Language Options*
 -   GP ADMX file name: *Globalization.admx*
@@ -1079,32 +773,14 @@ ADMX Info:
 **ADMX_Globalization/LockUserUILanguage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1119,27 +795,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts the Windows UI language for specific users.
+This policy setting restricts the Windows UI language for specific users.
 
 This policy setting applies to computers with more than one UI language installed.
 
-If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language for the selected user. If the specified language is not installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the user.
+If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language for the selected user. If the specified language isn't installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the user.
 
-If you disable or do not configure this policy setting, there is no restriction on which language users should use.
+If you disable or don't configure this policy setting, there's no restriction on which language users should use.
 
 To enable this policy setting in Windows Server 2003, Windows XP, or Windows 2000, to use the "Restrict selection of Windows menus and dialogs language" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Restricts the UI languages Windows should use for the selected user*
+-   GP Friendly name: *Restricts the UI languages Windows should use for the selected user*
 -   GP name: *LockUserUILanguage*
 -   GP path: *Control Panel\Regional and Language Options*
 -   GP ADMX file name: *Globalization.admx*
@@ -1152,32 +822,14 @@ ADMX Info:
 **ADMX_Globalization/PreventGeoIdChange_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1192,27 +844,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from changing their user geographical location (GeoID).
+This policy setting prevents users from changing their user geographical location (GeoID).
 
-If you enable this policy setting, users cannot change their GeoID.
+If you enable this policy setting, users can't change their GeoID.
 
-If you disable or do not configure this policy setting, users may select any GeoID.
+If you disable or don't configure this policy setting, users may select any GeoID.
 
-If you enable this policy setting at the computer level, it cannot be disabled by a per-user policy setting. If you disable this policy setting at the computer level, the per-user policy is ignored. If you do not configure this policy setting at the computer level, restrictions are based on per-user policy settings.
+If you enable this policy setting at the computer level, it can't be disabled by a per-user policy setting. If you disable this policy setting at the computer level, the per-user policy is ignored. If you don't configure this policy setting at the computer level, restrictions are based on per-user policy settings.
 
-To set this policy setting on a per-user basis, make sure that the per-computer policy setting is not configured.
+To set this policy setting on a per-user basis, make sure that the per-computer policy setting isn't configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disallow changing of geographic location*
+-   GP Friendly name: *Disallow changing of geographic location*
 -   GP name: *PreventGeoIdChange_1*
 -   GP path: *System\Locale Services*
 -   GP ADMX file name: *Globalization.admx*
@@ -1225,32 +871,14 @@ ADMX Info:
 **ADMX_Globalization/PreventGeoIdChange_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1265,27 +893,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from changing their user geographical location (GeoID).
+This policy setting prevents users from changing their user geographical location (GeoID).
 
-If you enable this policy setting, users cannot change their GeoID.
+If you enable this policy setting, users can't change their GeoID.
 
-If you disable or do not configure this policy setting, users may select any GeoID.
+If you disable or don't configure this policy setting, users may select any GeoID.
 
-If you enable this policy setting at the computer level, it cannot be disabled by a per-user policy setting. If you disable this policy setting at the computer level, the per-user policy is ignored. If you do not configure this policy setting at the computer level, restrictions are based on per-user policy settings.
+If you enable this policy setting at the computer level, it can't be disabled by a per-user policy setting. If you disable this policy setting at the computer level, the per-user policy is ignored. If you don't configure this policy setting at the computer level, restrictions are based on per-user policy settings.
 
-To set this policy setting on a per-user basis, make sure that the per-computer policy setting is not configured.
+To set this policy setting on a per-user basis, make sure that the per-computer policy setting isn't configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disallow changing of geographic location*
+-   GP Friendly name: *Disallow changing of geographic location*
 -   GP name: *PreventGeoIdChange_2*
 -   GP path: *System\Locale Services*
 -   GP ADMX file name: *Globalization.admx*
@@ -1298,32 +920,14 @@ ADMX Info:
 **ADMX_Globalization/PreventUserOverrides_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1338,31 +942,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the user from customizing their locale by changing their user overrides.
+This policy setting prevents the user from customizing their locale by changing their user overrides.
 
 Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides, first reset the user(s) values to the defaults and then apply this policy.
 
-When this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable to customize those choices.
+When this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they'll be unable to customize those choices.
 
-The user cannot customize their user locale with user overrides.
+The user can't customize their user locale with user overrides.
 
 If this policy setting is disabled or not configured, then the user can customize their user locale overrides.
 
-If this policy is set to Enabled at the computer level, then it cannot be disabled by a per-User policy. If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. If this policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies.
+If this policy is set to Enabled at the computer level, then it can't be disabled by a per-User policy. If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. If this policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies.
 
 To set this policy on a per-user basis, make sure that the per-computer policy is set to Not Configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disallow user override of locale settings*
+-   GP Friendly name: *Disallow user override of locale settings*
 -   GP name: *PreventUserOverrides_1*
 -   GP path: *System\Locale Services*
 -   GP ADMX file name: *Globalization.admx*
@@ -1375,32 +973,14 @@ ADMX Info:
 **ADMX_Globalization/PreventUserOverrides_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1415,31 +995,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the user from customizing their locale by changing their user overrides.
+This policy setting prevents the user from customizing their locale by changing their user overrides.
 
 Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides, first reset the user(s) values to the defaults and then apply this policy.
 
-When this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable to customize those choices.
+When this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they'll be unable to customize those choices.
 
-The user cannot customize their user locale with user overrides.
+The user can't customize their user locale with user overrides.
 
 If this policy setting is disabled or not configured, then the user can customize their user locale overrides.
 
-If this policy is set to Enabled at the computer level, then it cannot be disabled by a per-User policy. If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. If this policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies.
+If this policy is set to Enabled at the computer level, then it can't be disabled by a per-User policy. If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. If this policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies.
 
 To set this policy on a per-user basis, make sure that the per-computer policy is set to Not Configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disallow user override of locale settings*
+-   GP Friendly name: *Disallow user override of locale settings*
 -   GP name: *PreventUserOverrides_2*
 -   GP path: *System\Locale Services*
 -   GP ADMX file name: *Globalization.admx*
@@ -1452,32 +1026,14 @@ ADMX Info:
 **ADMX_Globalization/RestrictUILangSelect**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1492,25 +1048,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language is not installed on the target computer, the language selection defaults to English.
+This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language isn't installed on the target computer, the language selection defaults to English.
 
-If you enable this policy setting, the dialog box controls in the Regional and Language Options control panel are not accessible to the logged on user. This prevents users from specifying a language different than the one used.
+If you enable this policy setting, the dialog box controls in the Regional and Language Options control panel aren't accessible to the signed-in user. This prevention of access prevents users from specifying a language different than the one used.
 
 To enable this policy setting in Windows Vista, use the "Restricts the UI languages Windows should use for the selected user" policy setting.
 
-If you disable or do not configure this policy setting, the logged-on user can access the dialog box controls in the Regional and Language Options control panel to select any available UI language.
+If you disable or don't configure this policy setting, the logged-on user can access the dialog box controls in the Regional and Language Options control panel to select any available UI language.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Restrict selection of Windows menus and dialogs language*
+-   GP Friendly name: *Restrict selection of Windows menus and dialogs language*
 -   GP name: *RestrictUILangSelect*
 -   GP path: *Control Panel\Regional and Language Options*
 -   GP ADMX file name: *Globalization.admx*
@@ -1523,32 +1073,14 @@ ADMX Info:
 **ADMX_Globalization/TurnOffAutocorrectMisspelledWords**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1563,7 +1095,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy turns off the autocorrect misspelled words option. This does not, however, prevent the user or an application from changing the setting programmatically.
+This policy turns off the autocorrect misspelled words option. This turn off doesn't, however, prevent the user or an application from changing the setting programmatically.
 
 The autocorrect misspelled words option controls whether or not errors in typed text will be automatically corrected.
 
@@ -1571,18 +1103,12 @@ If the policy is Enabled, then the option will be locked to not autocorrect miss
 
 If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.
 
-Note that the availability and function of this setting is dependent on supported languages being enabled.
+The availability and function of this setting is dependent on supported languages being enabled.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off autocorrect misspelled words*
+-   GP Friendly name: *Turn off autocorrect misspelled words*
 -   GP name: *TurnOffAutocorrectMisspelledWords*
 -   GP path: *Control Panel\Regional and Language Options*
 -   GP ADMX file name: *Globalization.admx*
@@ -1595,32 +1121,14 @@ ADMX Info:
 **ADMX_Globalization/TurnOffHighlightMisspelledWords**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1635,7 +1143,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy turns off the highlight misspelled words option. This does not, however, prevent the user or an application from changing the setting programmatically.
+This policy turns off the highlight misspelled words option. This turn off doesn't, however, prevent the user or an application from changing the setting programmatically.
 
 The highlight misspelled words option controls whether or next spelling errors in typed text will be highlighted.
 
@@ -1643,19 +1151,13 @@ If the policy is Enabled, then the option will be locked to not highlight misspe
 
 If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.
 
-Note that the availability and function of this setting is dependent on supported languages being enabled.
+The availability and function of this setting is dependent on supported languages being enabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off highlight misspelled words*
+-   GP Friendly name: *Turn off highlight misspelled words*
 -   GP name: *TurnOffHighlightMisspelledWords*
 -   GP path: *Control Panel\Regional and Language Options*
 -   GP ADMX file name: *Globalization.admx*
@@ -1668,32 +1170,14 @@ ADMX Info:
 **ADMX_Globalization/TurnOffInsertSpace**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1708,7 +1192,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy turns off the insert a space after selecting a text prediction option. This does not, however, prevent the user or an application from changing the setting programmatically.
+This policy turns off the insert a space after selecting a text prediction option. This turn off doesn't, however, prevent the user or an application from changing the setting programmatically.
 
 The insert a space after selecting a text prediction option controls whether or not a space will be inserted after the user selects a text prediction candidate when using the on-screen keyboard.
 
@@ -1716,18 +1200,12 @@ If the policy is Enabled, then the option will be locked to not insert a space a
 
 If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.
 
-Note that the availability and function of this setting is dependent on supported languages being enabled.
+The availability and function of this setting is dependent on supported languages being enabled.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off insert a space after selecting a text prediction*
+-   GP Friendly name: *Turn off insert a space after selecting a text prediction*
 -   GP name: *TurnOffInsertSpace*
 -   GP path: *Control Panel\Regional and Language Options*
 -   GP ADMX file name: *Globalization.admx*
@@ -1740,32 +1218,14 @@ ADMX Info:
 **ADMX_Globalization/TurnOffOfferTextPredictions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1780,7 +1240,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy turns off the offer text predictions as I type option. This does not, however, prevent the user or an application from changing the setting programmatically.
+This policy turns off the offer text predictions as I type option. This turn off doesn't, however, prevent the user or an application from changing the setting programmatically.
 
 The offer text predictions as I type option controls whether or not text prediction suggestions will be presented to the user on the on-screen keyboard.
 
@@ -1788,19 +1248,13 @@ If the policy is Enabled, then the option will be locked to not offer text predi
 
 If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference.
 
-Note that the availability and function of this setting is dependent on supported languages being enabled.
+The availability and function of this setting is dependent on supported languages being enabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off offer text predictions as I type*
+-   GP Friendly name: *Turn off offer text predictions as I type*
 -   GP name: *TurnOffOfferTextPredictions*
 -   GP path: *Control Panel\Regional and Language Options*
 -   GP ADMX file name: *Globalization.admx*
@@ -1813,32 +1267,14 @@ ADMX Info:
 **ADMX_Globalization/Y2K**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1853,27 +1289,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how programs interpret two-digit years.
+This policy setting determines how programs interpret two-digit years.
 
-This policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program does not interpret two-digit years correctly, consult the documentation or manufacturer of the program.
+This policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program doesn't interpret two-digit years correctly, consult the documentation or manufacturer of the program.
 
 If you enable this policy setting, the system specifies the largest two-digit year interpreted as being preceded by 20. All numbers less than or equal to the specified value are interpreted as being preceded by 20. All numbers greater than the specified value are interpreted as being preceded by 19.
 
 For example, the default value, 2029, specifies that all two-digit years less than or equal to 29 (00 to 29) are interpreted as being preceded by 20, that is 2000 to 2029. Conversely, all two-digit years greater than 29 (30 to 99) are interpreted as being preceded by 19, that is, 1930 to 1999.
 
-If you disable or do not configure this policy setting, Windows does not interpret two-digit year formats using this scheme for the program.
+If you disable or don't configure this policy setting, Windows doesn't interpret two-digit year formats using this scheme for the program.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Century interpretation for Year 2000*
+-   GP Friendly name: *Century interpretation for Year 2000*
 -   GP name: *Y2K*
 -   GP path: *System*
 -   GP ADMX file name: *Globalization.admx*
@@ -1882,7 +1312,4 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
index 45abf7cdd0..f3e83e48f1 100644
--- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/21/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_GroupPolicy
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -160,32 +164,14 @@ manager: dansimp
 **ADMX_GroupPolicy/AllowX-ForestPolicy-and-RUP**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -195,37 +181,33 @@ manager: dansimp
 
 > [!div class = "checklist"]
 > * Device
+> * User
 
 
                  
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows user-based policy processing, roaming user profiles, and user object logon scripts for interactive logons across forests.
+This policy setting allows user-based policy processing, roaming user profiles, and user object logon scripts for interactive logons across forests.
 
-This policy setting affects all user accounts that interactively log on to a computer in a different forest when a trust across forests or a two-way forest trust exists.
+This policy setting affects all user accounts that interactively sign in to a computer in a different forest when a trust across forests or a two-way forest trust exists.
 
-If you do not configure this policy setting:
+If you don't configure this policy setting:
 
 - No user-based policy settings are applied from the user's forest.
-- Users do not receive their roaming profiles; they receive a local profile on the computer from the local forest. A warning message appears to the user, and an event log message (1529) is posted.
+- Users don't receive their roaming profiles; they receive a local profile on the computer from the local forest. A warning message appears to the user, and an event log message (1529) is posted.
 - Loopback Group Policy processing is applied, using the Group Policy Objects (GPOs) that are scoped to the computer.
 - An event log message (1109) is posted, stating that loopback was invoked in Replace mode.
 
 If you enable this policy setting, the behavior is exactly the same as in Windows 2000: user policy is applied, and a roaming user profile is allowed from the trusted forest.
 
-If you disable this policy setting, the behavior is the same as if it is not configured.
+If you disable this policy setting, the behavior is the same as if it isn't configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow cross-forest user policy and roaming user profiles*
+-   GP Friendly name: *Allow cross-forest user policy and roaming user profiles*
 -   GP name: *AllowX-ForestPolicy-and-RUP*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -238,32 +220,14 @@ ADMX Info:
 **ADMX_GroupPolicy/CSE_AppMgmt**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -278,29 +242,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when software installation policies are updated.
+This policy setting determines when software installation policies are updated.
 
 This policy setting affects all policy settings that use the software installation component of Group Policy, such as policy settings in Software Settings\Software Installation. You can set software installation policy only for Group Policy Objects stored in Active Directory, not for Group Policy Objects on the local computer.
 
 This policy setting overrides customized settings that the program implementing the software installation policy set when it was installed.
 
-If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.
+If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or don't configure this policy setting, it has no effect on the system.
 
 The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.
 
-The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy setting implementations specify that they are updated only when changed. However, you might want to update unchanged policy settings, such as reapplying a desired policies in case a user has changed it.
+The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies haven't changed. Many policy setting implementations specify that they're updated only when changed. However, you might want to update unchanged policy settings, such as reapplying a desired policy in case a user has changed it.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure software Installation policy processing*
+-   GP Friendly name: *Configure software Installation policy processing*
 -   GP name: *CSE_AppMgmt*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -313,32 +272,14 @@ ADMX Info:
 **ADMX_GroupPolicy/CSE_DiskQuota**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -353,31 +294,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when disk quota policies are updated.
+This policy setting determines when disk quota policies are updated.
 
-This policy setting affects all policies that use the disk quota component of Group Policy, such as those in Computer Configuration\Administrative Templates\System\Disk Quotas.
+This policy setting affects all policies that use the disk quota component of Group Policy, such as those policies in Computer Configuration\Administrative Templates\System\Disk Quotas.
 
 This policy setting overrides customized settings that the program implementing the disk quota policy set when it was installed.
 
-If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.
+If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or don't configure this policy setting, it has no effect on the system.
 
 The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.
 
-The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.
+The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user sign in or system restart.
 
-The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
+The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure disk quota policy processing*
+-   GP Friendly name: *Configure disk quota policy processing*
 -   GP name: *CSE_DiskQuota*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -390,32 +326,14 @@ ADMX Info:
 **ADMX_GroupPolicy/CSE_EFSRecovery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -430,31 +348,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when encryption policies are updated.
+This policy setting determines when encryption policies are updated.
 
 This policy setting affects all policies that use the encryption component of Group Policy, such as policies related to encryption in Windows Settings\Security Settings.
 
 It overrides customized settings that the program implementing the encryption policy set when it was installed.
 
-If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.
+If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or don't configure this policy setting, it has no effect on the system.
 
 The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.
 
-The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.
+The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user sign in or system restart.
 
-The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
+The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure EFS recovery policy processing*
+-   GP Friendly name: *Configure EFS recovery policy processing*
 -   GP name: *CSE_EFSRecovery*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -467,32 +380,14 @@ ADMX Info:
 **ADMX_GroupPolicy/CSE_FolderRedirection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -507,29 +402,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when folder redirection policies are updated.
+This policy setting determines when folder redirection policies are updated.
 
-This policy setting affects all policies that use the folder redirection component of Group Policy, such as those in WindowsSettings\Folder Redirection. You can only set folder redirection policy for Group Policy objects, stored in Active Directory, not for Group Policy objects on the local computer.
+This policy setting affects all policies that use the folder redirection component of Group Policy, such as those policies in WindowsSettings\Folder Redirection. You can only set folder redirection policy for Group Policy objects, stored in Active Directory, not for Group Policy objects on the local computer.
 
 This policy setting overrides customized settings that the program implementing the folder redirection policy setting set when it was installed.
 
-If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.
+If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or don't configure this policy setting, it has no effect on the system.
 
 The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.
 
-The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
+The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure folder redirection policy processing*
+-   GP Friendly name: *Configure folder redirection policy processing*
 -   GP name: *CSE_FolderRedirection*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -542,32 +432,14 @@ ADMX Info:
 **ADMX_GroupPolicy/CSE_IEM**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -582,31 +454,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when Internet Explorer Maintenance policies are updated.
+This policy setting determines when Internet Explorer Maintenance policies are updated.
 
-This policy setting affects all policies that use the Internet Explorer Maintenance component of Group Policy, such as those in Windows Settings\Internet Explorer Maintenance.
+This policy setting affects all policies that use the Internet Explorer Maintenance component of Group Policy, such as those policies in Windows Settings\Internet Explorer Maintenance.
 
 This policy setting overrides customized settings that the program implementing the Internet Explorer Maintenance policy set when it was installed.
 
-If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.
+If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or don't configure this policy setting, it has no effect on the system.
 
 The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.
 
-The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.
+The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user sign in or system restart.
 
-The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
+The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Internet Explorer Maintenance policy processing*
+-   GP Friendly name: *Configure Internet Explorer Maintenance policy processing*
 -   GP name: *CSE_IEM*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -619,32 +486,14 @@ ADMX Info:
 **ADMX_GroupPolicy/CSE_IPSecurity**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -659,31 +508,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when IP security policies are updated.
+This policy setting determines when IP security policies are updated.
 
 This policy setting affects all policies that use the IP security component of Group Policy, such as policies in Computer Configuration\Windows Settings\Security Settings\IP Security Policies on Local Machine.
 
 This policy setting overrides customized settings that the program implementing the IP security policy set when it was installed.
 
-If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.
+If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or don't configure this policy setting, it has no effect on the system.
 
 The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.
 
-The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.
+The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user sign in or system restart.
 
-The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
+The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure IP security policy processing*
+-   GP Friendly name: *Configure IP security policy processing*
 -   GP name: *CSE_IPSecurity*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -696,32 +540,14 @@ ADMX Info:
 **ADMX_GroupPolicy/CSE_Registry**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -736,27 +562,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when registry policies are updated.
+This policy setting determines when registry policies are updated.
 
 This policy setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed.
 
-If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.
+If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or don't configure this policy setting, it has no effect on the system.
 
-The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.
+The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user sign in or system restart.
 
-The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
+The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure registry policy processing*
+-   GP Friendly name: *Configure registry policy processing*
 -   GP name: *CSE_Registry*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -769,32 +590,14 @@ ADMX Info:
 **ADMX_GroupPolicy/CSE_Scripts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -809,29 +612,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when policies that assign shared scripts are updated.
+This policy setting determines when policies that assign shared scripts are updated.
 
-This policy setting affects all policies that use the scripts component of Group Policy, such as those in WindowsSettings\Scripts. It overrides customized settings that the program implementing the scripts policy set when it was installed.
+This policy setting affects all policies that use the scripts component of Group Policy, such as those policies in WindowsSettings\Scripts. It overrides customized settings that the program implementing the scripts policy set when it was installed.
 
-If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this setting, it has no effect on the system.
+If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or don't configure this setting, it has no effect on the system.
 
 The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.
 
-The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.
+The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user sign in or system restart.
 
-The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
+The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure scripts policy processing*
+-   GP Friendly name: *Configure scripts policy processing*
 -   GP name: *CSE_Scripts*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -844,32 +642,14 @@ ADMX Info:
 **ADMX_GroupPolicy/CSE_Security**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -884,29 +664,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when security policies are updated.
+This policy setting determines when security policies are updated.
 
-This policy setting affects all policies that use the security component of Group Policy, such as those in Windows Settings\Security Settings.
+This policy setting affects all policies that use the security component of Group Policy, such as those policies in Windows Settings\Security Settings.
 
 This policy setting overrides customized settings that the program implementing the security policy set when it was installed.
 
-If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.
+If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or don't configure this policy setting, it has no effect on the system.
 
-The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.
+The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user sign in or system restart.
 
-The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they be updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
+The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they be updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure security policy processing*
+-   GP Friendly name: *Configure security policy processing*
 -   GP name: *CSE_Security*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -919,32 +694,14 @@ ADMX Info:
 **ADMX_GroupPolicy/CSE_Wired**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -959,33 +716,28 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when policies that assign wired network settings are updated.
+This policy setting determines when policies that assign wired network settings are updated.
 
-This policy setting affects all policies that use the wired network component of Group Policy, such as those in Windows Settings\Wired Network Policies.
+This policy setting affects all policies that use the wired network component of Group Policy, such as those policies in Windows Settings\Wired Network Policies.
 
 It overrides customized settings that the program implementing the wired network set when it was installed.
 
 If you enable this policy, you can use the check boxes provided to change the options.
 
-If you disable this setting or do not configure it, it has no effect on the system.
+If you disable this setting or don't configure it, it has no effect on the system.
 
 The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.
 
-The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.
+The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user sign in or system restart.
 
-The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
+The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure wired policy processing*
+-   GP Friendly name: *Configure wired policy processing*
 -   GP name: *CSE_Wired*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -998,32 +750,14 @@ ADMX Info:
 **ADMX_GroupPolicy/CSE_Wireless**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1038,33 +772,28 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when policies that assign wireless network settings are updated.
+This policy setting determines when policies that assign wireless network settings are updated.
 
-This policy setting affects all policies that use the wireless network component of Group Policy, such as those in WindowsSettings\Wireless Network Policies.
+This policy setting affects all policies that use the wireless network component of Group Policy, such as those policies in WindowsSettings\Wireless Network Policies.
 
 It overrides customized settings that the program implementing the wireless network set when it was installed.
 
 If you enable this policy, you can use the check boxes provided to change the options.
 
-If you disable this setting or do not configure it, it has no effect on the system.
+If you disable this setting or don't configure it, it has no effect on the system.
 
 The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.
 
-The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.
+The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes won't take effect until the next user sign in or system restart.
 
-The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
+The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies haven't changed. Many policy implementations specify that they're updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure wireless policy processing*
+-   GP Friendly name: *Configure wireless policy processing*
 -   GP name: *CSE_Wireless*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -1077,32 +806,14 @@ ADMX Info:
 **ADMX_GroupPolicy/CorpConnSyncWaitTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1117,23 +828,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies how long Group Policy should wait for workplace connectivity notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until workplace connectivity is available or the wait time is reached. If the startup policy processing is asynchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times.
+This policy setting specifies how long Group Policy should wait for workplace connectivity notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until workplace connectivity is available or the wait time is reached. If the startup policy processing is asynchronous, the computer isn't blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times.
 
 If you enable this policy setting, Group Policy uses this administratively configured maximum wait time for workplace connectivity, and overrides any default or system-computed wait time.
 
-If you disable or do not configure this policy setting, Group Policy will use the default wait time of 60 seconds on computers running Windows operating systems greater than Windows 7 configured for workplace connectivity.
+If you disable or don't configure this policy setting, Group Policy will use the default wait time of 60 seconds on computers running Windows operating systems greater than Windows 7 configured for workplace connectivity.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify workplace connectivity wait time for policy processing*
+-   GP Friendly name: *Specify workplace connectivity wait time for policy processing*
 -   GP name: *CorpConnSyncWaitTime*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -1146,32 +852,14 @@ ADMX Info:
 **ADMX_GroupPolicy/DenyRsopToInteractiveUser_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1186,32 +874,27 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.
+This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.
 
 By default, interactively logged on users can view their own Resultant Set of Policy (RSoP) data.
 
-If you enable this policy setting, interactive users cannot generate RSoP data.
+If you enable this policy setting, interactive users can't generate RSoP data.
 
-If you disable or do not configure this policy setting, interactive users can generate RSoP.
+If you disable or don't configure this policy setting, interactive users can generate RSoP.
 
 > [!NOTE]
-> This policy setting does not affect administrators. If you enable or disable this policy setting, by default administrators can view RSoP data.
+> This policy setting doesn't affect administrators. If you enable or disable this policy setting, by default administrators can view RSoP data.
 >
 > To view RSoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the command line by typing RSOP.msc.
 >
 > This policy setting exists as both a User Configuration and Computer Configuration setting.  Also, see the "Turn off Resultant set of Policy logging" policy setting in Computer Configuration\Administrative Templates\System\GroupPolicy.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Determine if interactive users can generate Resultant Set of Policy data*
+-   GP Friendly name: *Determine if interactive users can generate Resultant Set of Policy data*
 -   GP name: *DenyRsopToInteractiveUser_1*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -1224,32 +907,14 @@ ADMX Info:
 **ADMX_GroupPolicy/DenyRsopToInteractiveUser_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1264,32 +929,27 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.
+This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.
 
 By default, interactively logged on users can view their own Resultant Set of Policy (RSoP) data.
 
-If you enable this policy setting, interactive users cannot generate RSoP data.
+If you enable this policy setting, interactive users can't generate RSoP data.
 
-If you disable or do not configure this policy setting, interactive users can generate RSoP
+If you disable or don't configure this policy setting, interactive users can generate RSoP
 
 > [!NOTE]
-> This policy setting does not affect administrators. If you enable or disable this policy setting, by default administrators can view RSoP data.
+> This policy setting doesn't affect administrators. If you enable or disable this policy setting, by default administrators can view RSoP data.
 >
 > To view RSoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the command line by typing RSOP.msc.
 >
 > This policy setting exists as both a User Configuration and Computer Configuration setting. Also, see the "Turn off Resultant set of Policy logging" policy setting in Computer Configuration\Administrative Templates\System\GroupPolicy.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Determine if interactive users can generate Resultant Set of Policy data*
+-   GP Friendly name: *Determine if interactive users can generate Resultant Set of Policy data*
 -   GP name: *DenyRsopToInteractiveUser_2*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -1302,32 +962,14 @@ ADMX Info:
 **ADMX_GroupPolicy/DisableAOACProcessing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1342,19 +984,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the Group Policy Client Service from stopping when idle.
+This policy setting prevents the Group Policy Client Service from stopping when idle.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Group Policy Client Service AOAC optimization*
+-   GP Friendly name: *Turn off Group Policy Client Service AOAC optimization*
 -   GP name: *DisableAOACProcessing*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -1367,32 +1004,14 @@ ADMX Info:
 **ADMX_GroupPolicy/DisableAutoADMUpdate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1407,13 +1026,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents the system from updating the Administrative Templates source files automatically when you open the Group Policy Object Editor.
+Prevents the system from updating the Administrative Templates source files automatically when you open the Group Policy Object Editor.
 
-Administrators might want to use this if they are concerned about the amount of space used on the system volume of a DC.
+Administrators might want to use this option if they're concerned about the amount of space used on the system volume of a DC.
 
 By default, when you start the Group Policy Object Editor, a timestamp comparison is performed on the source files in the local %SYSTEMROOT%\inf directory and the source files stored in the GPO.
 
-If the local files are newer, they are copied into the GPO.
+If the local files are newer, they're copied into the GPO.
 
 Changing the status of this setting to Enabled will keep any source files from copying to the GPO.
 
@@ -1425,16 +1044,11 @@ Files will always be copied to the GPO if they have a later timestamp.
 > If the Computer Configuration policy setting, "Always use local ADM files for the Group Policy Object Editor" is enabled, the state of this setting is ignored and always treated as Enabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off automatic update of ADM files*
+-   GP Friendly name: *Turn off automatic update of ADM files*
 -   GP name: *DisableAutoADMUpdate*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -1447,32 +1061,14 @@ ADMX Info:
 **ADMX_GroupPolicy/DisableBackgroundPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1487,26 +1083,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group Policy for computers, users, and domain controllers.
+This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group Policy for computers, users, and domain controllers.
 
-If you enable this policy setting, the system waits until the current user logs off the system before updating the computer and user settings.
+If you enable this policy setting, the system waits until the current user signs out the system before updating the computer and user settings.
 
-If you disable or do not configure this policy setting, updates can be applied while users are working. The frequency of updates is determined by the "Set Group Policy refresh interval for computers" and "Set Group Policy refresh interval for users" policy settings.
+If you disable or don't configure this policy setting, updates can be applied while users are working. The frequency of updates is determined by the "Set Group Policy refresh interval for computers" and "Set Group Policy refresh interval for users" policy settings.
 
 > [!NOTE]
 > If you make changes to this policy setting, you must restart your computer for it to take effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off background refresh of Group Policy*
+-   GP Friendly name: *Turn off background refresh of Group Policy*
 -   GP name: *DisableBackgroundPolicy*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -1519,32 +1110,14 @@ ADMX Info:
 **ADMX_GroupPolicy/DisableLGPOProcessing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1559,28 +1132,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied.
+This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied.
 
 By default, the policy settings in Local GPOs are applied before any domain-based GPO policy settings. These policy settings can apply to both users and the local computer. You can disable the processing and application of all Local GPOs to ensure that only domain-based GPOs are applied.
 
-If you enable this policy setting, the system does not process and apply any Local GPOs.
+If you enable this policy setting, the system doesn't process and apply any Local GPOs.
 
-If you disable or do not configure this policy setting, Local GPOs continue to be applied.
+If you disable or don't configure this policy setting, Local GPOs continue to be applied.
 
 > [!NOTE]
-> For computers joined to a domain, it is strongly recommended that you only configure this policy setting  in domain-based GPOs. This policy setting will be ignored on computers that are joined to a workgroup.
+> For computers joined to a domain, it's strongly recommended that you only configure this policy setting  in domain-based GPOs. This policy setting will be ignored on computers that are joined to a workgroup.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Local Group Policy Objects processing*
+-   GP Friendly name: *Turn off Local Group Policy Objects processing*
 -   GP name: *DisableLGPOProcessing*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -1593,32 +1161,14 @@ ADMX Info:
 **ADMX_GroupPolicy/DisableUsersFromMachGP**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1633,13 +1183,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control a user's ability to invoke a computer policy refresh.
+This policy setting allows you to control a user's ability to invoke a computer policy refresh.
 
-If you enable this policy setting, users are not able to invoke a refresh of computer policy. Computer policy will still be applied at startup or when an official policy refresh occurs.
+If you enable this policy setting, users aren't able to invoke a refresh of computer policy. Computer policy will still be applied at startup or when an official policy refresh occurs.
 
-If you disable or do not configure this policy setting, the default behavior applies. By default, computer policy is applied when the computer starts up. It also applies at a specified refresh interval or when manually invoked by the user.
+If you disable or don't configure this policy setting, the default behavior applies. By default, computer policy is applied when the computer starts up. It also applies at a specified refresh interval or when manually invoked by the user.
 
-Note: This policy setting applies only to non-administrators. Administrators can still invoke a refresh of computer policy at any time, no matter how this policy setting is configured.
+> [!NOTE]
+> This policy setting applies only to non-administrators. Administrators can still invoke a refresh of computer policy at any time, no matter how this policy setting is configured.
 
 Also, see the "Set Group Policy refresh interval for computers" policy setting to change the policy refresh interval.
 
@@ -1647,16 +1198,11 @@ Also, see the "Set Group Policy refresh interval for computers" policy setting t
 > If you make changes to this policy setting, you must restart your computer for it to take effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove users' ability to invoke machine policy refresh*
+-   GP Friendly name: *Remove users' ability to invoke machine policy refresh*
 -   GP name: *DisableUsersFromMachGP*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -1669,32 +1215,14 @@ ADMX Info:
 **ADMX_GroupPolicy/EnableCDP**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1709,25 +1237,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the Windows device is allowed to participate in cross-device experiences (continue experiences).
+This policy setting determines whether the Windows device is allowed to participate in cross-device experiences (continue experiences).
 
 If you enable this policy setting, the Windows device is discoverable by other Windows devices that belong to the same user, and can participate in cross-device experiences.
 
-If you disable this policy setting, the Windows device is not discoverable by other devices, and cannot participate in cross-device experiences.
+If you disable this policy setting, the Windows device isn't discoverable by other devices, and can't participate in cross-device experiences.
 
-If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
+If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Continue experiences on this device*
+-   GP Friendly name: *Continue experiences on this device*
 -   GP name: *EnableCDP*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -1740,32 +1263,14 @@ ADMX Info:
 **ADMX_GroupPolicy/EnableLogonOptimization**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1780,27 +1285,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Group Policy caching behavior.
+This policy setting allows you to configure Group Policy caching behavior.
 
-If you enable or do not configure this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior.)
+If you enable or don't configure this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior.)
 
 The slow link value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds.
 
-The timeout value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. The default is 5000 milliseconds.
+The timeout value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before determining that there's no network connectivity. This waiting period stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or sign in. The default is 5000 milliseconds.
 
-If you disable this policy setting, the Group Policy client will not cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior.)
+If you disable this policy setting, the Group Policy client won't cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior.)
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Group Policy Caching*
+-   GP Friendly name: *Configure Group Policy Caching*
 -   GP name: *EnableLogonOptimization*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -1813,32 +1313,14 @@ ADMX Info:
 **ADMX_GroupPolicy/EnableLogonOptimizationOnServerSKU**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1853,27 +1335,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Group Policy caching behavior on Windows Server machines.
+This policy setting allows you to configure Group Policy caching behavior on Windows Server machines.
 
 If you enable this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior.)
 
 The slow link value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds.
 
-The timeout value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. The default is 5000 milliseconds.
+The timeout value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before determining that there's no network connectivity. This waiting period stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or sign in. The default is 5000 milliseconds.
 
-If you disable or do not configure this policy setting, the Group Policy client will not cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior.)
+If you disable or don't configure this policy setting, the Group Policy client won't cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior.)
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable Group Policy Caching for Servers*
+-   GP Friendly name: *Enable Group Policy Caching for Servers*
 -   GP name: *EnableLogonOptimizationOnServerSKU*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -1886,32 +1363,14 @@ ADMX Info:
 **ADMX_GroupPolicy/EnableMMX**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1926,25 +1385,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue reading, emailing and other tasks that requires linking between Phone and PC.
+This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue reading, emailing and other tasks that require linking between Phone and PC.
 
 If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in Continue on PC experiences.
 
-If you disable this policy setting, the Windows device is not allowed to be linked to Phones, will remove itself from the device list of any linked Phones, and cannot participate in Continue on PC experiences.
+If you disable this policy setting, the Windows device isn't allowed to be linked to Phones, will remove itself from the device list of any linked Phones, and can't participate in Continue on PC experiences.
 
-If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
+If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Phone-PC linking on this device*
+-   GP Friendly name: *Phone-PC linking on this device*
 -   GP name: *EnableMMX*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -1957,32 +1411,14 @@ ADMX Info:
 **ADMX_GroupPolicy/EnforcePoliciesOnly**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1997,13 +1433,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents administrators from viewing or using Group Policy preferences.
+This policy setting prevents administrators from viewing or using Group Policy preferences.
 
-A Group Policy administration (.adm) file can contain both true settings and preferences. True settings, which are fully supported by Group Policy, must use registry entries in the Software\Policies or Software\Microsoft\Windows\CurrentVersion\Policies registry subkeys. Preferences, which are not fully supported, use registry entries in other subkeys.
+A Group Policy administration (.adm) file can contain both true settings and preferences. True settings, which are fully supported by Group Policy, must use registry entries in the Software\Policies or Software\Microsoft\Windows\CurrentVersion\Policies registry subkeys. Preferences, which aren't fully supported, use registry entries in other subkeys.
 
-If you enable this policy setting, the "Show Policies Only" command is turned on, and administrators cannot turn it off. As a result, Group Policy Object Editor displays only true settings; preferences do not appear.
+If you enable this policy setting, the "Show Policies Only" command is turned on, and administrators can't turn it off. As a result, Group Policy Object Editor displays only true settings; preferences don't appear.
 
-If you disable or do not configure this policy setting, the "Show Policies Only" command is turned on by default, but administrators can view preferences by turning off the "Show Policies Only" command.
+If you disable or don't configure this policy setting, the "Show Policies Only" command is turned on by default, but administrators can view preferences by turning off the "Show Policies Only" command.
 
 > [!NOTE]
 > To find the "Show Policies Only" command, in Group Policy Object Editor, click the Administrative Templates folder (either one), right-click the same folder, and then point to "View."
@@ -2011,16 +1447,11 @@ If you disable or do not configure this policy setting, the "Show Policies Only"
 In Group Policy Object Editor, preferences have a red icon to distinguish them from true settings, which have a blue icon.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enforce Show Policies Only*
+-   GP Friendly name: *Enforce Show Policies Only*
 -   GP name: *EnforcePoliciesOnly*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -2033,32 +1464,14 @@ ADMX Info:
 **ADMX_GroupPolicy/FontMitigation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2073,21 +1486,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory. 
+This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory. 
 
-This feature can be configured to be in 3 modes: On, Off, and Audit. By default, it is Off and no fonts are blocked. If you aren't quite ready to deploy this feature into your organization, you can run it in Audit mode to see if blocking untrusted fonts causes any usability or compatibility issues.
+This feature can be configured to be in three modes: On, Off, and Audit. By default, it's Off and no fonts are blocked. If you aren't ready to deploy this feature into your organization, you can run it in Audit mode to see if blocking untrusted fonts causes any usability or compatibility issues.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Untrusted Font Blocking*
+-   GP Friendly name: *Untrusted Font Blocking*
 -   GP name: *DisableUsersFromMachGP*
 -   GP path: *System\Mitigation Options*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -2100,32 +1508,14 @@ ADMX Info:
 **ADMX_GroupPolicy/GPDCOptions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2140,9 +1530,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines which domain controller the Group Policy Object Editor snap-in uses.
+This policy setting determines which domain controller the Group Policy Object Editor snap-in uses.
 
-If you enable this setting, you can which domain controller is used according to these options:
+If you enable this setting, you can know which domain controller is used according to these options:
 
 "Use the Primary Domain Controller" indicates that the Group Policy Object Editor snap-in reads and writes changes to the domain controller designated as the PDC Operations Master for the domain.
 
@@ -2150,22 +1540,17 @@ If you enable this setting, you can which domain controller is used according to
 
 "Use any available domain controller" indicates that the Group Policy Object Editor snap-in can read and write changes to any available domain controller.
 
-If you disable this setting or do not configure it, the Group Policy Object Editor snap-in uses the domain controller designated as the PDC Operations Master for the domain.
+If you disable this setting or don't configure it, the Group Policy Object Editor snap-in uses the domain controller designated as the PDC Operations Master for the domain.
 
 > [!NOTE]
 > To change the PDC Operations Master for a domain, in Active Directory Users and Computers, right-click a domain, and then click "Operations Masters."
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Group Policy domain controller selection*
+-   GP Friendly name: *Configure Group Policy domain controller selection*
 -   GP name: *GPDCOptions*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -2178,32 +1563,14 @@ ADMX Info:
 **ADMX_GroupPolicy/GPTransferRate_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2218,31 +1585,29 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines a slow connection for purposes of applying and updating Group Policy.
+This policy setting defines a slow connection for purposes of applying and updating Group Policy.
 
 If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting, the system considers the connection to be slow.
 
-The system's response to a slow policy connection varies among policies. The program implementing the policy can specify the response to a slow link. Also, the policy processing settings in this folder lets you override the programs' specified responses to slow links.
+The system's response to a slow policy connection varies among policies. The program implementing the policy can specify the response to a slow link. Also, the policy processing settings in this folder let you override the programs' specified responses to slow links.
 
 If you enable this setting, you can, in the "Connection speed" box, type a decimal number between 0 and 4,294,967,200, indicating a transfer rate in kilobits per second. Any connection slower than this rate is considered to be slow. If you type 0, all connections are considered to be fast.
 
-If you disable this setting or do not configure it, the system uses the default value of 500 kilobits per second.
+If you disable this setting or don't configure it, the system uses the default value of 500 kilobits per second.
 
 This setting appears in the Computer Configuration and User Configuration folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder.
 
-Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile. Note: If the profile server has IP connectivity, the connection speed setting is used. If the profile server does not have IP connectivity, the SMB timing is used.
+Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile.
+
+> [!NOTE]
+> If the profile server has IP connectivity, the connection speed setting is used. If the profile server doesn't have IP connectivity, the SMB timing is used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Group Policy slow link detection*
+-   GP Friendly name: *Configure Group Policy slow link detection*
 -   GP name: *GPTransferRate_1*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -2255,32 +1620,14 @@ ADMX Info:
 **ADMX_GroupPolicy/GPTransferRate_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2295,31 +1642,29 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines a slow connection for purposes of applying and updating Group Policy.
+This policy setting defines a slow connection for purposes of applying and updating Group Policy.
 
 If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting, the system considers the connection to be slow.
 
-The system's response to a slow policy connection varies among policies. The program implementing the policy can specify the response to a slow link. Also, the policy processing settings in this folder lets you override the programs' specified responses to slow links.
+The system's response to a slow policy connection varies among policies. The program implementing the policy can specify the response to a slow link. Also, the policy processing settings in this folder let you override the programs' specified responses to slow links.
 
 If you enable this setting, you can, in the "Connection speed" box, type a decimal number between 0 and 4,294,967,200, indicating a transfer rate in kilobits per second. Any connection slower than this rate is considered to be slow. If you type 0, all connections are considered to be fast.
 
-If you disable this setting or do not configure it, the system uses the default value of 500 kilobits per second.
+If you disable this setting or don't configure it, the system uses the default value of 500 kilobits per second.
 
 This setting appears in the Computer Configuration and User Configuration folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder.
 
-Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile. Note: If the profile server has IP connectivity, the connection speed setting is used. If the profile server does not have IP connectivity, the SMB timing is used.
+Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile. 
+
+> [!NOTE]
+> If the profile server has IP connectivity, the connection speed setting is used. If the profile server doesn't have IP connectivity, the SMB timing is used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Group Policy slow link detection*
+-   GP Friendly name: *Configure Group Policy slow link detection*
 -   GP name: *GPTransferRate_2*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -2332,32 +1677,14 @@ ADMX Info:
 **ADMX_GroupPolicy/GroupPolicyRefreshRate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2372,13 +1699,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies how often Group Policy for computers is updated while the computer is in use (in the background). This setting specifies a background update rate only for Group Policies in the Computer Configuration folder.
+This policy setting specifies how often Group Policy for computers is updated while the computer is in use (in the background). This setting specifies a background update rate only for Group Policies in the Computer Configuration folder.
 
 In addition to background updates, Group Policy for the computer is always updated when the system starts.
 
 By default, computer Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes.
 
-If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations.
+If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals aren't appropriate for most installations.
 
 If you disable this setting, Group Policy is updated every 90 minutes (the default). To specify that Group Policy should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" policy.
 
@@ -2386,22 +1713,17 @@ The Set Group Policy refresh interval for computers policy also lets you specify
 
 This setting establishes the update rate for computer Group Policy. To set an update rate for user policies, use the "Set Group Policy refresh interval for users" setting (located in User Configuration\Administrative Templates\System\Group Policy).
 
-This setting is only used when the "Turn off background refresh of Group Policy" setting is not enabled.
+This setting is only used when the "Turn off background refresh of Group Policy" setting isn't enabled.
 
 > [!NOTE]
 > Consider notifying users that their policy is updated periodically so that they recognize the signs of a policy update. When Group Policy is updated, the Windows desktop is refreshed; it flickers briefly and closes open menus. Also, restrictions imposed by Group Policies, such as those that limit the programs users can run, might interfere with tasks in progress.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set Group Policy refresh interval for computers*
+-   GP Friendly name: *Set Group Policy refresh interval for computers*
 -   GP name: *GroupPolicyRefreshRate*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -2414,32 +1736,14 @@ ADMX Info:
 **ADMX_GroupPolicy/GroupPolicyRefreshRateDC**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2454,13 +1758,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies how often Group Policy is updated on domain controllers while they are running (in the background). The updates specified by this setting occur in addition to updates performed when the system starts.
+This policy setting specifies how often Group Policy is updated on domain controllers while they're running (in the background). The updates specified by this setting occur in addition to updates performed when the system starts.
 
 By default, Group Policy on the domain controllers is updated every five minutes.
 
-If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations.
+If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals aren't appropriate for most installations.
 
-If you disable or do not configure this setting, the domain controller updates Group Policy every 5 minutes (the default). To specify that Group Policies for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" setting.
+If you disable or don't configure this setting, the domain controller updates Group Policy every 5 minutes (the default). To specify that Group Policies for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" setting.
 
 This setting also lets you specify how much the actual update interval varies. To prevent domain controllers with the same update interval from requesting updates simultaneously, the system varies the update interval for each controller by a random number of minutes. The number you type in the random time box sets the upper limit for the range of variance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes. Typing a large number establishes a broad range and makes it less likely that update requests overlap. However, updates might be delayed significantly.
 
@@ -2468,16 +1772,11 @@ This setting also lets you specify how much the actual update interval varies. T
 > This setting is used only when you are establishing policy for a domain, site, organizational unit (OU), or customized group. If you are establishing policy for a local computer only, the system ignores this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set Group Policy refresh interval for domain controllers*
+-   GP Friendly name: *Set Group Policy refresh interval for domain controllers*
 -   GP name: *GroupPolicyRefreshRateDC*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -2490,32 +1789,14 @@ ADMX Info:
 **ADMX_GroupPolicy/GroupPolicyRefreshRateUser**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2530,13 +1811,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies how often Group Policy for users is updated while the computer is in use (in the background). This setting specifies a background update rate only for the Group Policies in the User Configuration folder.
+This policy setting specifies how often Group Policy for users is updated while the computer is in use (in the background). This setting specifies a background update rate only for the Group Policies in the User Configuration folder.
 
-In addition to background updates, Group Policy for users is always updated when users log on.
+In addition to background updates, Group Policy for users is always updated when users sign in.
 
 By default, user Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes.
 
-If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations.
+If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals aren't appropriate for most installations.
 
 If you disable this setting, user Group Policy is updated every 90 minutes (the default). To specify that Group Policy for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" setting.
 
@@ -2552,16 +1833,11 @@ This setting also lets you specify how much the actual update interval varies. T
 > Consider notifying users that their policy is updated periodically so that they recognize the signs of a policy update. When Group Policy is updated, the Windows desktop is refreshed; it flickers briefly and closes open menus. Also, restrictions imposed by Group Policies, such as those that limit the programs a user can run, might interfere with tasks in progress.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set Group Policy refresh interval for users*
+-   GP Friendly name: *Set Group Policy refresh interval for users*
 -   GP name: *GroupPolicyRefreshRateUser*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -2574,32 +1850,14 @@ ADMX Info:
 **ADMX_GroupPolicy/LogonScriptDelay**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2614,29 +1872,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Enter “0” to disable Logon Script Delay.
+Enter “0” to disable Logon Script Delay.
 
-This policy setting allows you to configure how long the Group Policy client waits after logon before running scripts.
+This policy setting allows you to configure how long the Group Policy client waits after a sign in before running scripts.
 
-By default, the Group Policy client waits five minutes before running logon scripts. This helps create a responsive desktop environment by preventing disk contention.
+By default, the Group Policy client waits 5 minutes before running logon scripts. This 5-minute wait helps create a responsive desktop environment by preventing disk contention.
 
 If you enable this policy setting, Group Policy will wait for the specified amount of time before running logon scripts.
 
-If you disable this policy setting, Group Policy will run scripts immediately after logon.
+If you disable this policy setting, Group Policy will run scripts immediately after a sign in.
 
-If you do not configure this policy setting, Group Policy will wait five minutes before running logon scripts.
+If you don't configure this policy setting, Group Policy will wait five minutes before running logon scripts.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Logon Script Delay*
+-   GP Friendly name: *Configure Logon Script Delay*
 -   GP name: *LogonScriptDelay*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -2649,32 +1902,14 @@ ADMX Info:
 **ADMX_GroupPolicy/NewGPODisplayName**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2689,7 +1924,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set the default display name for new Group Policy objects.
+This policy setting allows you to set the default display name for new Group Policy objects.
 
 This setting allows you to specify the default name for new Group Policy objects created from policy compliant Group Policy Management tools including the Group Policy tab in Active Directory tools and the GPO browser.
 
@@ -2698,16 +1933,11 @@ The display name can contain environment variables and can be a maximum of 255 c
 If this setting is Disabled or Not Configured, the default display name of New Group Policy object is used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set default name for new Group Policy objects*
+-   GP Friendly name: *Set default name for new Group Policy objects*
 -   GP name: *NewGPODisplayName*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -2720,32 +1950,14 @@ ADMX Info:
 **ADMX_GroupPolicy/NewGPOLinksDisabled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2760,23 +1972,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to create new Group Policy object links in the disabled state.
+This policy setting allows you to create new Group Policy object links in the disabled state.
 
 If you enable this setting, you can create all new Group Policy object links in the disabled state by default. After you configure and test the new object links by using a policy compliant Group Policy management tool such as  Active Directory Users and Computers or Active Directory Sites and Services, you can enable the object links for use on the system.
 
-If you disable this setting or do not configure it, new Group Policy object links are created in the enabled state. If you do not want them to be effective until they are configured and tested, you must disable the object link.
+If you disable this setting or don't configure it, new Group Policy object links are created in the enabled state. If you don't want them to be effective until they're configured and tested, you must disable the object link.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Create new Group Policy Object links disabled by default*
+-   GP Friendly name: *Create new Group Policy Object links disabled by default*
 -   GP name: *NewGPOLinksDisabled*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -2789,32 +1996,14 @@ ADMX Info:
 **ADMX_GroupPolicy/OnlyUseLocalAdminFiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2829,11 +2018,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you always use local ADM files for the Group Policy snap-in.
+This policy setting lets you always use local ADM files for the Group Policy snap-in.
 
-By default, when you edit a Group Policy Object (GPO) using the Group Policy Object Editor snap-in, the ADM files are loaded from that GPO into the Group Policy Object Editor snap-in. This allows you to use the same version of the ADM files that were used to create the GPO while editing this GPO.
+By default, when you edit a Group Policy Object (GPO) using the Group Policy Object Editor snap-in, the ADM files are loaded from that GPO into the Group Policy Object Editor snap-in. This edit-option allows you to use the same version of the ADM files that were used to create the GPO while editing this GPO.
 
-This leads to the following behavior:
+This edit-option leads to the following behavior:
 
 - If you originally created the GPO with, for example, an English system, the GPO contains English ADM files.
 
@@ -2843,26 +2032,21 @@ You can change this behavior by using this setting.
 
 If you enable this setting, the Group Policy Object Editor snap-in always uses local ADM files in your %windir%\inf directory when editing GPOs.
 
-This leads to the following behavior:
+This pattern leads to the following behavior:
 
 - If you had originally created the GPO with an English system, and then you edit the GPO with a Japanese system, the Group Policy Object Editor snap-in uses the local Japanese ADM files, and you see the text in Japanese under Administrative Templates.
 
-If you disable or do not configure this setting, the Group Policy Object Editor snap-in always loads all ADM files from the actual GPO.
+If you disable or don't configure this setting, the Group Policy Object Editor snap-in always loads all ADM files from the actual GPO.
 
 > [!NOTE]
-> If the ADMs that you require are not all available locally in your %windir%\inf directory, you might not be able to see all the settings that have been configured in the GPO that you are editing.
+> If the ADMs that you require aren't all available locally in your %windir%\inf directory, you might not be able to see all the settings that have been configured in the GPO that you are editing.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Always use local ADM files for Group Policy Object Editor*
+-   GP Friendly name: *Always use local ADM files for Group Policy Object Editor*
 -   GP name: *OnlyUseLocalAdminFiles*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -2875,32 +2059,14 @@ ADMX Info:
 **ADMX_GroupPolicy/ProcessMitigationOptions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2916,7 +2082,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This security feature provides a means to override individual process MitigationOptions settings. This can be used to enforce a number of security policies specific to applications. The application name is specified as the Value name, including extension. The Value is specified as a bit field with a series of flags in particular positions. Bits can be set to either 0 (setting is forced off), 1 (setting is forced on), or ? (setting retains its existing value prior to GPO evaluation). The recognized bit locations are:
+This security feature provides a means to override individual process MitigationOptions settings. This security feature can be used to enforce many security policies specific to applications. The application name is specified as the Value name, including extension. The Value is specified as a bit field with a series of flags in particular positions. Bits can be set to either 0 (setting is forced off), 1 (setting is forced on), or ? (setting retains its existing value prior to GPO evaluation). The recognized bit locations are:
 
 PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE (0x00000001)
 Enables data execution prevention (DEP) for the child process
@@ -2928,7 +2094,7 @@ PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x00000004)
 Enables structured exception handler overwrite protection (SEHOP) for the child process. SEHOP blocks exploits that use the structured exception handler (SEH) overwrite technique.
 
 PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000100)
-The force Address Space Layout Randomization (ASLR) policy forcibly rebases images that are not dynamic base compatible by acting as though an image base collision happened at load time. If relocations are required, images that do not have a base relocation section will not be loaded.
+The force Address Space Layout Randomization (ASLR) policy forcibly rebases images that aren't dynamic base compatible by acting as though an image base collision happened at load time. If relocations are required, images that don't have a base relocation section won't be loaded.
 
 PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00010000)
 PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000)
@@ -2940,16 +2106,11 @@ For instance, to enable PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE and PROCES
 Setting flags not specified here to any value other than ? results in undefined behavior.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Process Mitigation Options*
+-   GP Friendly name: *Process Mitigation Options*
 -   GP name: *ProcessMitigationOptions*
 -   GP path: *System\Mitigation Options*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -2962,32 +2123,14 @@ ADMX Info:
 **ADMX_GroupPolicy/RSoPLogging**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3002,28 +2145,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.
+This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.
 
 RSoP logs information on Group Policy settings that have been applied to the client. This information includes details such as which Group Policy Objects (GPO) were applied, where they came from, and the client-side extension settings that were included.
 
 If you enable this setting, RSoP logging is turned off.
 
-If you disable or do not configure this setting, RSoP logging is turned on. By default, RSoP logging is always on.
+If you disable or don't configure this setting, RSoP logging is turned on. By default, RSoP logging is always on.
 
 > [!NOTE]
 > To view the RSoP information logged on a client computer, you can use the RSoP snap-in in the Microsoft Management Console (MMC).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Resultant Set of Policy logging*
+-   GP Friendly name: *Turn off Resultant Set of Policy logging*
 -   GP name: *RSoPLogging*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -3036,32 +2174,14 @@ ADMX Info:
 **ADMX_GroupPolicy/ResetDfsClientInfoDuringRefreshPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3076,19 +2196,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Enabling this setting will cause the Group Policy Client to connect to the same domain controller for DFS shares as is being used for Active Directory.
+Enabling this setting will cause the Group Policy Client to connect to the same domain controller for DFS shares as is being used for Active Directory.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable AD/DFS domain controller synchronization during policy refresh*
+-   GP Friendly name: *Enable AD/DFS domain controller synchronization during policy refresh*
 -   GP name: *ResetDfsClientInfoDuringRefreshPolicy*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -3101,32 +2216,14 @@ ADMX Info:
 **ADMX_GroupPolicy/SlowLinkDefaultForDirectAccess**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3141,28 +2238,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows an administrator to define the Direct Access connection to be considered a fast network connection for the purposes of applying and updating Group Policy.
+This policy setting allows an administrator to define the Direct Access connection to be considered a fast network connection for the purposes of applying and updating Group Policy.
 
 When Group Policy detects the bandwidth speed of a Direct Access connection, the detection can sometimes fail to provide any bandwidth speed information. If Group Policy detects a bandwidth speed, Group Policy will follow the normal rules for evaluating if the Direct Access connection is a fast or slow network connection. If no bandwidth speed is detected, Group Policy will default to a slow network connection. This policy setting allows the administrator the option to override the default to slow network connection and instead default to using a fast network connection in the case that no network bandwidth speed is determined.
 
 > [!NOTE]
 > When Group Policy detects a slow network connection, Group Policy will only process those client side extensions configured for processing across a slow link (slow network connection).
 
-If you enable this policy, when Group Policy cannot determine the bandwidth speed across Direct Access, Group Policy will evaluate the network connection as a fast link and process all client side extensions.
+If you enable this policy, when Group Policy can't determine the bandwidth speed across Direct Access, Group Policy will evaluate the network connection as a fast link and process all client side extensions.
 
-If you disable this setting or do not configure it, Group Policy will evaluate the network connection as a slow link and process only those client side extensions configured to process over a slow link.
+If you disable this setting or don't configure it, Group Policy will evaluate the network connection as a slow link and process only those client side extensions configured to process over a slow link.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Direct Access connections as a fast network connection*
+-   GP Friendly name: *Configure Direct Access connections as a fast network connection*
 -   GP name: *SlowLinkDefaultForDirectAccess*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -3175,32 +2267,14 @@ ADMX Info:
 **ADMX_GroupPolicy/SlowlinkDefaultToAsync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3215,13 +2289,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (that is, whether computers wait for the network to be fully initialized during computer startup and user logon) when a slow network connection is detected.
+This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (that is, whether computers wait for the network to be fully initialized during computer startup and user sign in) when a slow network connection is detected.
 
 If you enable this policy setting, when a slow network connection is detected, Group Policy processing will always run in an asynchronous manner.
-Client computers will not wait for the network to be fully initialized at startup and logon. Existing users will be logged on using cached credentials,
-which will result in shorter logon times. Group Policy will be applied in the background after the network becomes available.
-Note that because this is a background refresh, extensions requiring synchronous processing such as Software Installation, Folder Redirection
-and Drive Maps preference extension will not be applied.
+Client computers won't wait for the network to be fully initialized at startup and sign in. Existing users will be signed in using cached credentials, which will result in shorter sign-in times. Group Policy will be applied in the background after the network becomes available.
+Because this policy setting enables a background refresh, extensions requiring synchronous processing such as Software Installation, Folder Redirection and Drive Maps preference extension won't be applied.
 
 > [!NOTE]
 > There are two conditions that will cause Group Policy to be processed synchronously even if this policy setting is enabled:
@@ -3229,19 +2301,14 @@ and Drive Maps preference extension will not be applied.
 > - 1 - At the first computer startup after the client computer has joined the domain.
 > - 2 - If the policy setting "Always wait for the network at computer startup and logon" is enabled.
 
-If you disable or do not configure this policy setting, detecting a slow network connection will not affect whether Group Policy processing will be synchronous or asynchronous.
+If you disable or don't configure this policy setting, detecting a slow network connection won't affect whether Group Policy processing will be synchronous or asynchronous.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Change Group Policy processing to run asynchronously when a slow network connection is detected.*
+-   GP Friendly name: *Change Group Policy processing to run asynchronously when a slow network connection is detected.*
 -   GP name: *SlowlinkDefaultToAsync*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -3254,32 +2321,14 @@ ADMX Info:
 **ADMX_GroupPolicy/SyncWaitTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3294,23 +2343,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until the network is available or the default wait time is reached. If the startup policy processing is asynchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times.
+This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until the network is available or the default wait time is reached. If the startup policy processing is asynchronous, the computer isn't blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times.
 
 If you enable this policy setting, Group Policy will use this administratively configured maximum wait time and override any default or system-computed wait time.
 
-If you disable or do not configure this policy setting, Group Policy will use the default wait time of 30 seconds on computers running Windows Vista operating system.
+If you disable or don't configure this policy setting, Group Policy will use the default wait time of 30 seconds on computers running Windows Vista operating system.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify startup policy processing wait time*
+-   GP Friendly name: *Specify startup policy processing wait time*
 -   GP name: *SyncWaitTime*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -3323,32 +2367,14 @@ ADMX Info:
 **ADMX_GroupPolicy/UserPolicyMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3363,9 +2389,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used.
+This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who signs in to a computer affected by this setting. It's intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used.
 
-By default, the user's Group Policy Objects determine which user settings apply. If this setting is enabled, then, when a user logs on to this computer, the computer's Group Policy Objects determine which set of Group Policy Objects applies.
+By default, the user's Group Policy Objects determine which user settings apply. If this setting is enabled, then, when a user signs in to this computer, the computer's Group Policy Objects determine which set of Group Policy Objects applies.
 
 If you enable this setting, you can select one of the following modes from the Mode box:
 
@@ -3373,22 +2399,17 @@ If you enable this setting, you can select one of the following modes from the M
 
 "Merge" indicates that the user settings defined in the computer's Group Policy Objects and the user settings normally applied to the user are combined. If the settings conflict, the user settings in the computer's Group Policy Objects take precedence over the user's normal settings.
 
-If you disable this setting or do not configure it, the user's Group Policy Objects determines which user settings apply.
+If you disable this setting or don't configure it, the user's Group Policy Objects determines which user settings apply.
 
 > [!NOTE]
 > This setting is effective only when both the computer account and the user account are in at least Windows 2000 domains.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure user Group Policy loopback processing mode*
+-   GP Friendly name: *Configure user Group Policy loopback processing mode*
 -   GP name: *UserPolicyMode*
 -   GP path: *System\Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -3397,6 +2418,5 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md
index f1ea850871..3bdf5aa985 100644
--- a/windows/client-management/mdm/policy-csp-admx-help.md
+++ b/windows/client-management/mdm/policy-csp-admx-help.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/03/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Help
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -43,32 +47,14 @@ manager: dansimp
 **ADMX_Help/DisableHHDEP**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -83,25 +69,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention.
+This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention.
 
 Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely.
 
-If you enable this policy setting, DEP for HTML Help Executable is turned off. This will allow certain legacy ActiveX controls to function without DEP shutting down HTML Help Executable.
+If you enable this policy setting, DEP for HTML Help Executable is turned off. This turn off will allow certain legacy ActiveX controls to function without DEP shutting down HTML Help Executable.
 
-If you disable or do not configure this policy setting, DEP is turned on for HTML Help Executable. This provides an additional security benefit, but HTML Help stops if DEP detects system memory abnormalities.
+If you disable or don't configure this policy setting, DEP is turned on for HTML Help Executable. This turn on provides one more security benefit, but HTML Help stops if DEP detects system memory abnormalities.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Data Execution Prevention for HTML Help Executible*
+-   GP Friendly name: *Turn off Data Execution Prevention for HTML Help Executible*
 -   GP name: *DisableHHDEP*
 -   GP path: *System*
 -   GP ADMX file name: *Help.admx*
@@ -114,32 +95,14 @@ ADMX Info:
 **ADMX_Help/HelpQualifiedRootDir_Comp**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -154,37 +117,32 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It is strongly recommended that only folders requiring administrative privileges be added to this policy setting.
+This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It's recommended that only folders requiring administrative privileges be added to this policy setting.
 
 If you enable this policy setting, the commands function only for .chm files in the specified folders and their subfolders.
 
 To restrict the commands to one or more folders, enable the policy setting and enter the desired folders in the text box on the Settings tab of the Policy Properties dialog box. Use a semicolon to separate folders. For example, to restrict the commands to only .chm files in the %windir%\help folder and D:\somefolder, add the following string to the edit box: "%windir%\help;D:\somefolder".
 
 > [!NOTE]
-> An environment variable may be used, (for example, %windir%), as long as it is defined on the system. For example, %programfiles% is not defined on some early versions of Windows.
+> An environment variable may be used, (for example, %windir%), as long as it's defined on the system. For example, %programfiles% is not defined on some early versions of Windows.
 
 The "Shortcut" command is used to add a link to a Help topic, and runs executables that are external to the Help file. The "WinHelp" command is used to add a link to a Help topic, and runs a WinHLP32.exe Help (.hlp) file.
 
 To disallow the "Shortcut" and "WinHelp" commands on the entire local system, enable the policy setting and leave the text box on the Settings tab of the Policy Properties dialog box blank.
 
-If you disable or do not configure this policy setting, these commands are fully functional for all Help files.
+If you disable or don't configure this policy setting, these commands are fully functional for all Help files.
 
 > [!NOTE]
 > Only folders on the local computer can be specified in this policy setting. You cannot use this policy setting to enable the "Shortcut" and "WinHelp" commands for .chm files that are stored on mapped drives or accessed using UNC paths.
 
-For additional options, see the "Restrict these programs from being launched from Help" policy.
+For more options, see the "Restrict these programs from being launched from Help" policy.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Restrict potentially unsafe HTML Help functions to specified folders*
+-   GP Friendly name: *Restrict potentially unsafe HTML Help functions to specified folders*
 -   GP name: *HelpQualifiedRootDir_Comp*
 -   GP path: *System*
 -   GP ADMX file name: *Help.admx*
@@ -197,32 +155,14 @@ ADMX Info:
 **ADMX_Help/RestrictRunFromHelp**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -237,11 +177,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict programs from being run from online Help.
+This policy setting allows you to restrict programs from being run from online Help.
 
-If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas.
+If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names of the programs you want to restrict, separated by commas.
 
-If you disable or do not configure this policy setting, users can run all applications from online Help.
+If you disable or don't configure this policy setting, users can run all applications from online Help.
 
 > [!NOTE]
 > You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings.
@@ -249,16 +189,11 @@ If you disable or do not configure this policy setting, users can run all applic
 > This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Restrict these programs from being launched from Help*
+-   GP Friendly name: *Restrict these programs from being launched from Help*
 -   GP name: *RestrictRunFromHelp*
 -   GP path: *System*
 -   GP ADMX file name: *Help.admx*
@@ -271,32 +206,14 @@ ADMX Info:
 **ADMX_Help/RestrictRunFromHelp_Comp**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -311,27 +228,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict programs from being run from online Help.
+This policy setting allows you to restrict programs from being run from online Help.
 
-If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas.
+If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names of the programs you want to restrict, separated by commas.
 
-If you disable or do not configure this policy setting, users can run all applications from online Help.
+If you disable or don't configure this policy setting, users can run all applications from online Help.
 
 > [!NOTE]
 > You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings.
 > 
 > This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Restrict these programs from being launched from Help*
+-   GP Friendly name: *Restrict these programs from being launched from Help*
 -   GP name: *RestrictRunFromHelp_Comp*
 -   GP path: *System*
 -   GP ADMX file name: *Help.admx*
@@ -340,8 +252,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
index bd11b4a210..806207275f 100644
--- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
+++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/03/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_HelpAndSupport
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -43,32 +47,14 @@ manager: dansimp
 **ADMX_HelpAndSupport/ActiveHelp**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -83,23 +69,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links.
+This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links.
 
 If you enable this policy setting, active content links are not rendered. The text is displayed, but there are no clickable links for these elements.
 
 If you disable or do not configure this policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Active Help*
+-   GP Friendly name: *Turn off Active Help*
 -   GP name: *ActiveHelp*
 -   GP path: *Windows Components/Online Assistance*
 -   GP ADMX file name: *HelpAndSupport.admx*
@@ -112,32 +93,14 @@ ADMX Info:
 **ADMX_HelpAndSupport/HPExplicitFeedback**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -152,7 +115,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can provide ratings for Help content.
+This policy setting specifies whether users can provide ratings for Help content.
 
 If you enable this policy setting, ratings controls are not added to Help content.
 
@@ -161,16 +124,11 @@ If you disable or do not configure this policy setting, ratings controls are add
 Users can use the control to provide feedback on the quality and usefulness of the Help and Support content.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Help Ratings*
+-   GP Friendly name: *Turn off Help Ratings*
 -   GP name: *HPExplicitFeedback*
 -   GP path: *System/Internet Communication Management/Internet Communication settings*
 -   GP ADMX file name: *HelpAndSupport.admx*
@@ -182,32 +140,14 @@ ADMX Info:
 
 **ADMX_HelpAndSupport/HPImplicitFeedback**  
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -222,23 +162,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.
+This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.
 
 If you enable this policy setting, users cannot participate in the Help Experience Improvement program.
 
 If you disable or do not configure this policy setting, users can turn on the Help Experience Improvement program feature from the Help and Support settings page.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Help Experience Improvement Program*
+-   GP Friendly name: *Turn off Help Experience Improvement Program*
 -   GP name: *HPImplicitFeedback*
 -   GP path: *System/Internet Communication Management/Internet Communication settings*
 -   GP ADMX file name: *HelpAndSupport.admx*
@@ -251,32 +186,14 @@ ADMX Info:
 **ADMX_HelpAndSupport/HPOnlineAssistance**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -291,23 +208,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.
+This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.
 
 If you enable this policy setting, users are prevented from accessing online assistance content from Windows Online.
 
 If you disable or do not configure this policy setting, users can access online assistance if they have a connection to the Internet and have not disabled Windows Online from the Help and Support Options page.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Windows Online*
+-   GP Friendly name: *Turn off Windows Online*
 -   GP name: *HPOnlineAssistance*
 -   GP path: *System/Internet Communication Management/Internet Communication settings*
 -   GP ADMX file name: *HelpAndSupport.admx*
@@ -316,8 +228,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
new file mode 100644
index 0000000000..bf33f5110d
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
@@ -0,0 +1,89 @@
+---
+title: Policy CSP - ADMX_HotSpotAuth
+description: Policy CSP - ADMX_HotSpotAuth
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/15/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_HotSpotAuth
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_HotSpotAuth policies  
+
+
                  
+  
                  
+    ADMX_HotSpotAuth/HotspotAuth_Enable
+  
                  
+
                  
+
+
                  
+
+
+**ADMX_HotSpotAuth/HotspotAuth_Enable**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+
                  
+
+
+
+This policy setting defines whether WLAN hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol support.  
+
+- If a WLAN hotspot supports the WISPr protocol, users can submit credentials when manually connecting to the network. 
+
+- If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators.  
+
+- If you enable this policy setting, or if you do not configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support.  
+
+- If you disable this policy setting, WLAN hotspots are not probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Enable Hotspot Authentication*
+-   GP name: *HotspotAuth_Enable*
+-   GP path: *Network\Hotspot Authentication*
+-   GP ADMX file name: *HotSpotAuth.admx*
+
+
+
+
+
                  
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md
index eecfadc85d..2f9b7183ac 100644
--- a/windows/client-management/mdm/policy-csp-admx-icm.md
+++ b/windows/client-management/mdm/policy-csp-admx-icm.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/17/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_ICM
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -109,32 +113,14 @@ manager: dansimp
 **ADMX_ICM/CEIPEnable**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -149,25 +135,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name, address, or any other personally identifiable information. There are no surveys to complete, no salesperson will call, and you can continue working without interruption. It is simple and user-friendly.
+This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft won't collect your name, address, or any other personally identifiable information. There are no surveys to complete, no salesperson will call, and you can continue working without interruption. It's simple and user-friendly.
 
 If you enable this policy setting, all users are opted out of the Windows Customer Experience Improvement Program.
 
 If you disable this policy setting, all users are opted into the Windows Customer Experience Improvement Program.
 
-If you do not configure this policy setting, the administrator can use the Problem Reports and Solutions component in Control Panel to enable Windows Customer Experience Improvement Program for all users.
+If you don't configure this policy setting, the administrator can use the Problem Reports and Solutions component in Control Panel to enable Windows Customer Experience Improvement Program for all users.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Windows Customer Experience Improvement Program*
+-   GP Friendly name: *Turn off Windows Customer Experience Improvement Program*
 -   GP name: *CEIPEnable*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -180,32 +161,14 @@ ADMX Info:
 **ADMX_ICM/CertMgr_DisableAutoRootUpdates**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -220,25 +183,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to automatically update root certificates using the Windows Update website. 
+This policy setting specifies whether to automatically update root certificates using the Windows Update website. 
 
 Typically, a certificate is used when you use a secure website or when you send and receive secure email. Anyone can issue certificates, but to have transactions that are as secure as possible, certificates must be issued by a trusted certificate authority (CA). Microsoft has included a list in Windows XP and other products of companies and organizations that it considers trusted authorities.
 
-If you enable this policy setting, when you are presented with a certificate issued by an untrusted root authority, your computer will not contact the Windows Update website to see if Microsoft has added the CA to its list of trusted authorities.
+If you enable this policy setting, when you're presented with a certificate issued by an untrusted root authority, your computer won't contact the Windows Update website to see if Microsoft has added the CA to its list of trusted authorities.
 
-If you disable or do not configure this policy setting, your computer will contact the Windows Update website.
+If you disable or don't configure this policy setting, your computer will contact the Windows Update website.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Automatic Root Certificates Update*
+-   GP Friendly name: *Turn off Automatic Root Certificates Update*
 -   GP name: *CertMgr_DisableAutoRootUpdates*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -251,32 +209,14 @@ ADMX Info:
 **ADMX_ICM/DisableHTTPPrinting_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -291,28 +231,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to allow printing over HTTP from this client.
+This policy setting specifies whether to allow printing over HTTP from this client.
 
-Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.
+Printing over HTTP allows a client to print to printers on the intranet and the Internet.
 
 > [!NOTE]
-> This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.
+> This policy setting affects the client side of Internet printing only. It doesn't prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.
 
 If you enable this policy setting, it prevents this client from printing to Internet printers over HTTP.
 
-If you disable or do not configure this policy setting, users can choose to print to Internet printers over HTTP.  Also, see the "Web-based printing" policy setting in Computer Configuration/Administrative Templates/Printers.
+If you disable or don't configure this policy setting, users can choose to print to Internet printers over HTTP.  Also, see the "Web-based printing" policy setting in Computer Configuration/Administrative Templates/Printers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off printing over HTTP*
+-   GP  Friendly name: *Turn off printing over HTTP*
 -   GP name: *DisableHTTPPrinting_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -325,32 +260,14 @@ ADMX Info:
 **ADMX_ICM/DisableWebPnPDownload_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -365,30 +282,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to allow this client to download print driver packages over HTTP.
+This policy setting specifies whether to allow this client to download print driver packages over HTTP.
 
 To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.
 
 > [!NOTE]
-> This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP.
+> This policy setting doesn't prevent the client from printing to printers on the Intranet or the Internet over HTTP.
 
-It only prohibits downloading drivers that are not already installed locally.
+It only prohibits downloading drivers that aren't already installed locally.
 
-If you enable this policy setting, print drivers cannot be downloaded over HTTP.
+If you enable this policy setting, print drivers can't be downloaded over HTTP.
 
-If you disable or do not configure this policy setting, users can download print drivers over HTTP.
+If you disable or don't configure this policy setting, users can download print drivers over HTTP.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off downloading of print drivers over HTTP*
+-   GP Friendly name: *Turn off downloading of print drivers over HTTP*
 -   GP name: *DisableWebPnPDownload_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -401,32 +313,14 @@ ADMX Info:
 **ADMX_ICM/DriverSearchPlaces_DontSearchWindowsUpdate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -441,30 +335,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present.
+This policy setting specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present.
 
-If you enable this policy setting, Windows Update is not searched when a new device is installed.
+If you enable this policy setting, Windows Update isn't searched when a new device is installed.
 
 If you disable this policy setting, Windows Update is always searched for drivers when no local drivers are present.
 
-If you do not configure this policy setting, searching Windows Update is optional when installing a device.
+If you don't configure this policy setting, searching Windows Update is optional when installing a device.
 
-Also see "Turn off Windows Update device driver search prompt" in "Administrative Templates/System," which governs whether an administrator is prompted before searching Windows Update for device drivers if a driver is not found locally.
+Also see "Turn off Windows Update device driver search prompt" in "Administrative Templates/System," which governs whether an administrator is prompted before searching Windows Update for device drivers if a driver isn't found locally.
 
 > [!NOTE]
 > This policy setting is replaced by "Specify Driver Source Search Order" in "Administrative Templates/System/Device Installation" on newer versions of Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Windows Update device driver searching*
+-   GP Friendly name: *Turn off Windows Update device driver searching*
 -   GP name: *DriverSearchPlaces_DontSearchWindowsUpdate*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -477,32 +366,14 @@ ADMX Info:
 **ADMX_ICM/EventViewer_DisableLinks**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -517,27 +388,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application.
+This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application.
 
 The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate the Internet browser when clicked. In addition, "More Information" is placed at the end of the description text if the event is created by a Microsoft component. This text contains a link (URL) that, if clicked, sends information about the event to Microsoft, and allows users to learn more about why that event occurred.
 
-If you enable this policy setting, event description hyperlinks are not activated and the text "More Information" is not displayed at the end of the description.
+If you enable this policy setting, event description hyperlinks aren't activated and the text "More Information" isn't displayed at the end of the description.
 
-If you disable or do not configure this policy setting, the user can click the hyperlink, which prompts the user and then sends information about the event over the Internet to Microsoft.
+If you disable or don't configure this policy setting, the user can click the hyperlink, which prompts the user and then sends information about the event over the Internet to Microsoft.
 
 Also, see "Events.asp URL", "Events.asp program", and "Events.asp Program Command Line Parameters" settings in "Administrative Templates/Windows Components/Event Viewer".
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Event Viewer "Events.asp" links*
+-   GP Friendly name: *Turn off Event Viewer "Events.asp" links*
 -   GP name: *EventViewer_DisableLinks*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -550,32 +416,14 @@ ADMX Info:
 **ADMX_ICM/HSS_HeadlinesPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -590,27 +438,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to show the "Did you know?" section of Help and Support Center.
+This policy setting specifies whether to show the "Did you know?" section of Help and Support Center.
 
 This content is dynamically updated when users who are connected to the Internet open Help and Support Center, and provides up-to-date information about Windows and the computer.
 
 If you enable this policy setting, the Help and Support Center no longer retrieves nor displays "Did you know?" content.
 
-If you disable or do not configure this policy setting, the Help and Support Center retrieves and displays "Did you know?" content.
+If you disable or don't configure this policy setting, the Help and Support Center retrieves and displays "Did you know?" content.
 
-You might want to enable this policy setting for users who do not have Internet access, because the content in the "Did you know?" section will remain static indefinitely without an Internet connection.
+You might want to enable this policy setting for users who don't have Internet access, because the content in the "Did you know?" section will remain static indefinitely without an Internet connection.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Help and Support Center "Did you know?" content*
+-   GP Friendly name: *Turn off Help and Support Center "Did you know?" content*
 -   GP name: *HSS_HeadlinesPolicy*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -623,32 +466,14 @@ ADMX Info:
 **ADMX_ICM/HSS_KBSearchPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -663,25 +488,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.
+This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.
 
 The Knowledge Base is an online source of technical support information and self-help tools for Microsoft products, and is searched as part of all Help and Support Center searches with the default search options.
 
 If you enable this policy setting, it removes the Knowledge Base section from the Help and Support Center "Set search options" page, and only Help content on the local computer is searched.
 
-If you disable or do not configure this policy setting, the Knowledge Base is searched if the user has a connection to the Internet and has not disabled the Knowledge Base search from the Search Options page.
+If you disable or don't configure this policy setting, the Knowledge Base is searched if the user has a connection to the Internet and hasn't disabled the Knowledge Base search from the Search Options page.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Help and Support Center Microsoft Knowledge Base search*
+-   GP Friendly name: *Turn off Help and Support Center Microsoft Knowledge Base search*
 -   GP name: *HSS_KBSearchPolicy*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -694,32 +514,14 @@ ADMX Info:
 **ADMX_ICM/InternetManagement_RestrictCommunication_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -734,25 +536,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.
+This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.
 
-If you enable this setting, all of the the policy settings listed in the "Internet Communication settings" section are set such that their respective features cannot access the Internet.
+If you enable this setting, all of the policy settings listed in the "Internet Communication settings" section are set such that their respective features can't access the Internet.
 
-If you disable this policy setting, all of the the policy settings listed in the "Internet Communication settings" section are set such that their respective features can access the Internet.
+If you disable this policy setting, all of the policy settings listed in the "Internet Communication settings" section are set such that their respective features can access the Internet.
 
-If you do not configure this policy setting, all of the the policy settings in the "Internet Communication settings" section are set to not configured.
+If you don't configure this policy setting, all of the policy settings in the "Internet Communication settings" section are set to not configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Restrict Internet communication*
+-   GP Friendly name: *Restrict Internet communication*
 -   GP name: *InternetManagement_RestrictCommunication_1*
 -   GP path: *System\Internet Communication Management*
 -   GP ADMX file name: *ICM.admx*
@@ -765,32 +562,14 @@ ADMX Info:
 **ADMX_ICM/InternetManagement_RestrictCommunication_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -805,24 +584,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.
+This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.
 
-If you enable this setting, all of the the policy settings listed in the "Internet Communication settings" section are set such that their respective features cannot access the Internet.
+If you enable this setting, all of the policy settings listed in the "Internet Communication settings" section are set such that their respective features can't access the Internet.
 
-If you disable this policy setting, all of the the policy settings listed in the "Internet Communication settings" section are set such that their respective features can access the Internet.
+If you disable this policy setting, all of the policy settings listed in the "Internet Communication settings" section are set such that their respective features can access the Internet.
 
-If you do not configure this policy setting, all of the the policy settings in the "Internet Communication settings" section are set to not configured.
+If you don't configure this policy setting, all of the policy settings in the "Internet Communication settings" section are set to not configured.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Restrict Internet communication*
+-   GP Friendly name: *Restrict Internet communication*
 -   GP name: *InternetManagement_RestrictCommunication_2*
 -   GP path: *System\Internet Communication Management*
 -   GP ADMX file name: *ICM.admx*
@@ -835,32 +609,14 @@ ADMX Info:
 **ADMX_ICM/NC_ExitOnISP**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -875,23 +631,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).
+This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).
 
-If you enable this policy setting, the "Choose a list of Internet Service Providers" path in the Internet Connection Wizard causes the wizard to exit. This prevents users from retrieving the list of ISPs, which resides on Microsoft servers.
+If you enable this policy setting, the "Choose a list of Internet Service Providers" path in the Internet Connection Wizard causes the wizard to exit. This exit prevents users from retrieving the list of ISPs, which resides on Microsoft servers.
 
-If you disable or do not configure this policy setting, users can connect to Microsoft to download a list of ISPs for their area.
+If you disable or don't configure this policy setting, users can connect to Microsoft to download a list of ISPs for their area.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com*
+-   GP Friendly name: *Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com*
 -   GP name: *NC_ExitOnISP*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -904,32 +655,14 @@ ADMX Info:
 **ADMX_ICM/NC_NoRegistration**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -944,25 +677,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration.
+This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration.
 
-If you enable this policy setting, it blocks users from connecting to Microsoft.com for online registration and users cannot register their copy of Windows online.
+If you enable this policy setting, it blocks users from connecting to Microsoft.com for online registration and users can't register their copy of Windows online.
 
-If you disable or do not configure this policy setting, users can connect to Microsoft.com to complete the online Windows Registration.
+If you disable or don't configure this policy setting, users can connect to Microsoft.com to complete the online Windows Registration.
 
-Note that registration is optional and involves submitting some personal information to Microsoft. However, Windows Product Activation is required but does not involve submitting any personal information (except the country/region you live in).
+Registration is optional and involves submitting some personal information to Microsoft. However, Windows Product Activation is required but doesn't involve submitting any personal information (except the country/region you live in).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Registration if URL connection is referring to Microsoft.com*
+-   GP Friendly name: *Turn off Registration if URL connection is referring to Microsoft.com*
 -   GP name: *NC_NoRegistration*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -975,32 +703,14 @@ ADMX Info:
 **ADMX_ICM/PCH_DoNotReport**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1015,29 +725,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not errors are reported to Microsoft.
+This policy setting controls whether or not errors are reported to Microsoft.
 
 Error Reporting is used to report information about a system or application that has failed or has stopped responding and is used to improve the quality of the product.
 
-If you enable this policy setting, users are not given the option to report errors.
+If you enable this policy setting, users aren't given the option to report errors.
 
-If you disable or do not configure this policy setting, the errors may be reported to Microsoft via the Internet or to a corporate file share.
+If you disable or don't configure this policy setting, the errors may be reported to Microsoft via the Internet or to a corporate file share.
 
 This policy setting overrides any user setting made from the Control Panel for error reporting.  
 
 Also see the "Configure Error Reporting", "Display Error Notification" and "Disable Windows Error Reporting" policy settings under Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Windows Error Reporting*
+-   GP Friendly name: *Turn off Windows Error Reporting*
 -   GP name: *PCH_DoNotReport*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1050,32 +755,14 @@ ADMX Info:
 **ADMX_ICM/RemoveWindowsUpdate_ICM**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1090,26 +777,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove access to Windows Update.
+This policy setting allows you to remove access to Windows Update.
 
-If you enable this policy setting, all Windows Update features are removed. This includes blocking access to the Windows Update website at https://windowsupdate.microsoft.com, from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update website.
+If you enable this policy setting, all Windows Update features are removed. This list of features includes blocking access to the Windows Update website at https://windowsupdate.microsoft.com, from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you won't get notified or receive critical updates from Windows Update. This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update website.
 
-If you disable or do not configure this policy setting, users can access the Windows Update website and enable automatic updating to receive notifications and critical updates from Windows Update.
+If you disable or don't configure this policy setting, users can access the Windows Update website and enable automatic updating to receive notifications and critical updates from Windows Update.
 
 > [!NOTE]
 > This policy applies only when this PC is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off access to all Windows Update features*
+-   GP Friendly name: *Turn off access to all Windows Update features*
 -   GP name: *RemoveWindowsUpdate_ICM*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1122,32 +804,14 @@ ADMX Info:
 **ADMX_ICM/SearchCompanion_DisableFileUpdates**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1162,28 +826,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.
+This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.
 
-When users search the local computer or the Internet, Search Companion occasionally connects to Microsoft to download an updated privacy policy and additional content files used to format and display results.
+When users search the local computer or the Internet, Search Companion occasionally connects to Microsoft to download an updated privacy policy and more content files used to format and display results.
 
-If you enable this policy setting, Search Companion does not download content updates during searches.
+If you enable this policy setting, Search Companion doesn't download content updates during searches.
 
-If you disable or do not configure this policy setting, Search Companion downloads content updates unless the user is using Classic Search.
+If you disable or don't configure this policy setting, Search Companion downloads content updates unless the user is using Classic Search.
 
 > [!NOTE]
 > Internet searches still send the search text and information about the search to Microsoft and the chosen search provider. Choosing Classic Search turns off the Search Companion feature completely.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Search Companion content file updates*
+-   GP Friendly name: *Turn off Search Companion content file updates*
 -   GP name: *SearchCompanion_DisableFileUpdates*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1196,32 +855,14 @@ ADMX Info:
 **ADMX_ICM/ShellNoUseInternetOpenWith_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1236,25 +877,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association.
+This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association.
 
-When a user opens a file that has an extension that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Web service to find an application.
+When a user opens a file that has an extension that isn't associated with any applications on the computer, the user is given the choice to select a local application or use the Web service to find an application.
 
 If you enable this policy setting, the link and the dialog for using the Web service to open an unhandled file association are removed.
 
-If you disable or do not configure this policy setting, the user is allowed to use the Web service.
+If you disable or don't configure this policy setting, the user is allowed to use the Web service.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Internet File Association service*
+-   GP Friendly name: *Turn off Internet File Association service*
 -   GP name: *ShellNoUseInternetOpenWith_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1267,32 +903,14 @@ ADMX Info:
 **ADMX_ICM/ShellNoUseInternetOpenWith_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1307,25 +925,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association.
+This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association.
 
-When a user opens a file that has an extension that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Web service to find an application.
+When a user opens a file that has an extension that isn't associated with any applications on the computer, the user is given the choice to select a local application or use the Web service to find an application.
 
 If you enable this policy setting, the link and the dialog for using the Web service to open an unhandled file association are removed.
 
-If you disable or do not configure this policy setting, the user is allowed to use the Web service.
+If you disable or don't configure this policy setting, the user is allowed to use the Web service.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Internet File Association service*
+-   GP Friendly name: *Turn off Internet File Association service*
 -   GP name: *ShellNoUseInternetOpenWith_2*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1338,32 +951,14 @@ ADMX Info:
 **ADMX_ICM/ShellNoUseStoreOpenWith_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1378,25 +973,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association.
+This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association.
 
-When a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Store service to find an application.
+When a user opens a file type or protocol that isn't associated with any applications on the computer, the user is given the choice to select a local application or use the Store service to find an application.
 
 If you enable this policy setting, the "Look for an app in the Store" item in the Open With dialog is removed.
 
-If you disable or do not configure this policy setting, the user is allowed to use the Store service and the Store item is available in the Open With dialog.
+If you disable or don't configure this policy setting, the user is allowed to use the Store service and the Store item is available in the Open With dialog.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off access to the Store*
+-   GP Friendly name: *Turn off access to the Store*
 -   GP name: *ShellNoUseStoreOpenWith_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1409,32 +999,14 @@ ADMX Info:
 **ADMX_ICM/ShellNoUseStoreOpenWith_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1449,25 +1021,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association.
+This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association.
 
-When a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Store service to find an application.
+When a user opens a file type or protocol that isn't associated with any applications on the computer, the user is given the choice to select a local application or use the Store service to find an application.
 
 If you enable this policy setting, the "Look for an app in the Store" item in the Open With dialog is removed.
 
-If you disable or do not configure this policy setting, the user is allowed to use the Store service and the Store item is available in the Open With dialog.
+If you disable or don't configure this policy setting, the user is allowed to use the Store service and the Store item is available in the Open With dialog.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off access to the Store*
+-   GP Friendly name: *Turn off access to the Store*
 -   GP name: *ShellNoUseStoreOpenWith_2*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1480,32 +1047,14 @@ ADMX Info:
 **ADMX_ICM/ShellPreventWPWDownload_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1520,25 +1069,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.  These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry.
+This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.  These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry.
 
-If you enable this policy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed.
+If you enable this policy setting, Windows doesn't download providers, and only the service providers that are cached in the local registry are displayed.
 
-If you disable or do not configure this policy setting, a list of providers are downloaded when the user uses the web publishing or online ordering wizards.
+If you disable or don't configure this policy setting, a list of providers is downloaded when the user uses the web publishing or online ordering wizards.
 
-See the documentation for the web publishing and online ordering wizards for more information, including details on specifying service providers in the registry.
+For more information, including details on specifying service providers in the registry, see the documentation for the web publishing and online ordering wizards.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Internet download for Web publishing and online ordering wizards*
+-   GP Friendly name: *Turn off Internet download for Web publishing and online ordering wizards*
 -   GP name: *ShellPreventWPWDownload_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1551,32 +1095,14 @@ ADMX Info:
 **ADMX_ICM/ShellRemoveOrderPrints_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1591,23 +1117,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.
+This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.
 
 The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.  If you enable this policy setting, the task "Order Prints Online" is removed from Picture Tasks in File Explorer folders.
 
-If you disable or do not configure this policy setting, the task is displayed.
+If you disable or don't configure this policy setting, the task is displayed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off the "Order Prints" picture task*
+-   GP Friendly name: *Turn off the "Order Prints" picture task*
 -   GP name: *ShellRemoveOrderPrints_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1620,32 +1141,14 @@ ADMX Info:
 **ADMX_ICM/ShellRemoveOrderPrints_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1660,25 +1163,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.
+This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.
 
 The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.
 
 If you enable this policy setting, the task "Order Prints Online" is removed from Picture Tasks in File Explorer folders.
 
-If you disable or do not configure this policy setting, the task is displayed.
+If you disable or don't configure this policy setting, the task is displayed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off the "Order Prints" picture task*
+-   GP Friendly name: *Turn off the "Order Prints" picture task*
 -   GP name: *ShellRemoveOrderPrints_2*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1691,32 +1189,14 @@ ADMX Info:
 **ADMX_ICM/ShellRemovePublishToWeb_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1731,23 +1211,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the selected items to the Web" are available from File and Folder Tasks in Windows folders.
+This policy setting specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the selected items to the Web" are available from File and Folder Tasks in Windows folders.
 
 The Web Publishing Wizard is used to download a list of providers and allow users to publish content to the web.
 
-If you enable this policy setting, these tasks are removed from the File and Folder tasks in Windows folders. If you disable or do not configure this policy setting, the tasks are shown.
+If you enable this policy setting, these tasks are removed from the File and Folder tasks in Windows folders. If you disable or don't configure this policy setting, the tasks are shown.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off the "Publish to Web" task for files and folders*
+-   GP Friendly name: *Turn off the "Publish to Web" task for files and folders*
 -   GP name: *ShellRemovePublishToWeb_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1760,32 +1235,14 @@ ADMX Info:
 **ADMX_ICM/ShellRemovePublishToWeb_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1800,25 +1257,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the selected items to the Web" are available from File and Folder Tasks in Windows folders.
+This policy setting specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the selected items to the Web" are available from File and Folder Tasks in Windows folders.
 
 The Web Publishing Wizard is used to download a list of providers and allow users to publish content to the web.
 
 If you enable this policy setting, these tasks are removed from the File and Folder tasks in Windows folders.
 
-If you disable or do not configure this policy setting, the tasks are shown.
+If you disable or don't configure this policy setting, the tasks are shown.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off the "Publish to Web" task for files and folders*
+-   GP Friendly name: *Turn off the "Publish to Web" task for files and folders*
 -   GP name: *ShellRemovePublishToWeb_2*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1831,32 +1283,14 @@ ADMX Info:
 **ADMX_ICM/WinMSG_NoInstrumentation_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1871,27 +1305,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.
+This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service are used.
 
 With the Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used.
 
 This information is used to improve the product in future releases.
 
-If you enable this policy setting, Windows Messenger does not collect usage information, and the user settings to enable the collection of usage information are not shown.
+If you enable this policy setting, Windows Messenger doesn't collect usage information, and the user settings to enable the collection of usage information aren't shown.
 
-If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting is not shown.  If you do not configure this policy setting, users have the choice to opt in and allow information to be collected.
+If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting isn't shown. If you don't configure this policy setting, users have the choice to opt in and allow information to be collected.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off the Windows Messenger Customer Experience Improvement Program*
+-   GP Friendly name: *Turn off the Windows Messenger Customer Experience Improvement Program*
 -   GP name: *WinMSG_NoInstrumentation_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1904,32 +1333,14 @@ ADMX Info:
 **ADMX_ICM/WinMSG_NoInstrumentation_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1944,29 +1355,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.
+This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service are used.
 
 With the Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used.
 
 This information is used to improve the product in future releases.
 
-If you enable this policy setting, Windows Messenger does not collect usage information, and the user settings to enable the collection of usage information are not shown.
+If you enable this policy setting, Windows Messenger doesn't collect usage information, and the user settings to enable the collection of usage information aren't shown.
 
-If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting is not shown.
+If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting isn't shown.
 
-If you do not configure this policy setting, users have the choice to opt in and allow information to be collected.
+If you don't configure this policy setting, users have the choice to opt in and allow information to be collected.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off the Windows Messenger Customer Experience Improvement Program*
+-   GP Friendly name: *Turn off the Windows Messenger Customer Experience Improvement Program*
 -   GP name: *WinMSG_NoInstrumentation_2*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1975,8 +1381,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md
new file mode 100644
index 0000000000..424b4a38f2
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-iis.md
@@ -0,0 +1,88 @@
+---
+title: Policy CSP - ADMX_IIS
+description: Policy CSP - ADMX_IIS
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/17/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_IIS
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_IIS policies  
+
+
                  
+  
                  
+    ADMX_IIS/PreventIISInstall
+  
                  
+
                  
+
+
                  
+
+
+**ADMX_IIS/PreventIISInstall**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+
                  
+
+
+
+This policy setting prevents installation of Internet Information Services (IIS) on this computer. 
+
+- If you enable this policy setting, Internet Information Services (IIS) can't be installed, and you'll not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS can't be installed because of this Group Policy setting. 
+
+Enabling this setting won't have any effect on IIS if IIS is already installed on the computer. 
+
+- If you disable or don't configure this policy setting, IIS can be installed, and all the programs and applications that require IIS to run."
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Prevent IIS installation*
+-   GP name: *PreventIISInstall*
+-   GP path: *Windows Components\Internet Information Services*
+-   GP ADMX file name: *IIS.admx*
+
+
+
+
+
                  
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md
new file mode 100644
index 0000000000..c9465d3231
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md
@@ -0,0 +1,177 @@
+---
+title: Policy CSP - ADMX_iSCSI
+description: Policy CSP - ADMX_iSCSI
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 12/17/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_iSCSI
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_iSCSI policies  
+
+
                  
+  
                  
+    ADMX_iSCSI/iSCSIGeneral_RestrictAdditionalLogins
+  
                  
+  
                  
+    ADMX_iSCSI/iSCSIGeneral_ChangeIQNName
+  
                  
+  
                  
+    ADMX_iSCSI/iSCSISecurity_ChangeCHAPSecret
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_iSCSI/iSCSIGeneral_RestrictAdditionalLogins**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. 
+
+If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow manual configuration of iSNS servers*
+-   GP name: *iSCSIGeneral_RestrictAdditionalLogins*
+-   GP path: *System\iSCSI\iSCSI Target Discovery*
+-   GP ADMX file name: *iSCSI.admx*
+
+
+
+
                  
+
+
+**ADMX_iSCSI/iSCSIGeneral_ChangeIQNName**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. 
+
+If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow manual configuration of target portals*
+-   GP name: *iSCSIGeneral_ChangeIQNName*
+-   GP path: *System\iSCSI\iSCSI Target Discovery*
+-   GP ADMX file name: *iSCSI.admx*
+
+
+
+
                  
+
+
+**ADMX_iSCSI/iSCSISecurity_ChangeCHAPSecret**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+If enabled then don't allow the initiator CHAP secret to be changed. 
+
+If disabled then the initiator CHAP secret may be changed.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow changes to initiator CHAP secret*
+-   GP name: *iSCSISecurity_ChangeCHAPSecret*
+-   GP path: *System\iSCSI\iSCSI Security*
+-   GP ADMX file name: *iSCSI.admx*
+
+
+
+
                  
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md
index 76d11f5aa4..1173ca86f8 100644
--- a/windows/client-management/mdm/policy-csp-admx-kdc.md
+++ b/windows/client-management/mdm/policy-csp-admx-kdc.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/13/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_kdc
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -49,32 +53,14 @@ manager: dansimp
 **ADMX_kdc/CbacAndArmor**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -89,22 +75,22 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication.
+This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication.
 
 If you enable this policy setting, client computers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. 
 
-If you disable or do not configure this policy setting, the domain controller does not support claims, compound authentication or armoring.
+If you disable or don't configure this policy setting, the domain controller doesn't support claims, compound authentication or armoring.
 
-If you configure the "Not supported" option, the domain controller does not support claims, compound authentication or armoring which is the default behavior for domain controllers running Windows Server 2008 R2 or earlier operating systems.
+If you configure the "Not supported" option, the domain controller doesn't support claims, compound authentication or armoring, which is the default behavior for domain controllers running Windows Server 2008 R2 or earlier operating systems.
 
 > [!NOTE]
-> For the following options of this KDC policy to be effective, the Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must be enabled on supported systems. If the Kerberos policy setting is not enabled, Kerberos authentication messages will not use these features.  
+> For the following options of this KDC policy to be effective, the Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must be enabled on supported systems. If the Kerberos policy setting isn't enabled, Kerberos authentication messages won't use these features.  
 
 If you configure "Supported", the domain controller supports claims, compound authentication and Kerberos armoring. The domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring. 
 
 **Domain functional level requirements**
 
-For the options "Always provide claims" and "Fail unarmored authentication requests", when the domain functional level is set to Windows Server 2008 R2 or earlier then domain controllers behave as if the "Supported" option is selected. 
+For the options "Always provide claims" and "Fail unarmored authentication requests", when the domain functional level is set to Windows Server 2008 R2 or earlier, then domain controllers behave as if the "Supported" option is selected. 
 
 When the domain functional level is set to Windows Server 2012 then the domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring, and:
 
@@ -112,27 +98,22 @@ When the domain functional level is set to Windows Server 2012 then the domain c
 - If you set the "Fail unarmored authentication requests" option, rejects unarmored Kerberos messages.
 
 > [!WARNING]
-> When "Fail unarmored authentication requests" is set, then client computers which do not support Kerberos armoring will fail to authenticate to the domain controller.
+> When "Fail unarmored authentication requests" is set, then client computers which don't support Kerberos armoring will fail to authenticate to the domain controller.
 
 To ensure this feature is effective, deploy enough domain controllers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware to handle the authentication requests. Insufficient number of domain controllers that support this policy result in authentication failures whenever Dynamic Access Control or Kerberos armoring is required (that is, the "Supported" option is enabled).
 
 Impact on domain controller performance when this policy setting is enabled:
 
-- Secure Kerberos domain capability discovery is required resulting in additional message exchanges.
-- Claims and compound authentication for Dynamic Access Control increases the size and complexity of the data in the message which results in more processing time and greater Kerberos service ticket size.
-- Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors which results in increased processing time, but does not change the service ticket size.
+- Secure Kerberos domain capability discovery is required, resulting in more message exchanges.
+- Claims and compound authentication for Dynamic Access Control increase the size and complexity of the data in the message, which results in more processing time and greater Kerberos service ticket size.
+- Kerberos armoring fully encrypts Kerberos messages and signs Kerberos errors, which results in increased processing time, but doesn't change the service ticket size.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *KDC support for claims, compound authentication and Kerberos armoring*
+-   GP Friendly name: *KDC support for claims, compound authentication and Kerberos armoring*
 -   GP name: *CbacAndArmor*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
@@ -145,32 +126,14 @@ ADMX Info:
 **ADMX_kdc/ForestSearch**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -185,25 +148,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs).
+This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs).
 
-If you enable this policy setting, the KDC will search the forests in this list if it is unable to resolve a two-part SPN in the local forest. The forest search is performed by using a global catalog or name suffix hints. If a match is found, the KDC will return a referral ticket to the client for the appropriate domain.
+If you enable this policy setting, the KDC will search the forests in this list if it's unable to resolve a two-part SPN in the local forest. The forest search is performed by using a global catalog or name suffix hints. If a match is found, the KDC will return a referral ticket to the client for the appropriate domain.
 
-If you disable or do not configure this policy setting, the KDC will not search the listed forests to resolve the SPN. If the KDC is unable to resolve the SPN because the name is not found, NTLM authentication might be used.
+If you disable or don't configure this policy setting, the KDC won't search the listed forests to resolve the SPN. If the KDC is unable to resolve the SPN because the name isn't found, NTLM authentication might be used.
 
 To ensure consistent behavior, this policy setting must be supported and set identically on all domain controllers in the domain.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Use forest search order*
+-   GP Friendly name: *Use forest search order*
 -   GP name: *ForestSearch*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
@@ -216,32 +174,14 @@ ADMX Info:
 **ADMX_kdc/PKINITFreshness**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -256,7 +196,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Support for PKInit Freshness Extension requires Windows Server 2016 domain functional level (DFL). If the domain controller’s domain is not at Windows Server 2016 DFL or higher this policy will not be applied.
+Support for PKInit Freshness Extension requires Windows Server 2016 domain functional level (DFL). If the domain controller’s domain isn't at Windows Server 2016 DFL or higher, this policy won't be applied.
 
 This policy setting allows you to configure a domain controller (DC) to support the PKInit Freshness Extension.
 
@@ -264,21 +204,16 @@ If you enable this policy setting, the following options are supported:
 
 Supported: PKInit Freshness Extension is supported on request. Kerberos clients successfully authenticating with the PKInit Freshness Extension will get the fresh public key identity SID.
 
-Required: PKInit Freshness Extension is required for successful authentication. Kerberos clients which do not support the PKInit Freshness Extension will always fail when using public key credentials.
+Required: PKInit Freshness Extension is required for successful authentication. Kerberos clients that don't support the PKInit Freshness Extension will always fail when using public key credentials.
 
 If you disable or not configure this policy setting, then the DC will never offer the PKInit Freshness Extension and  accept valid authentication requests without checking for freshness. Users will never receive the fresh public key identity SID.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *KDC support for PKInit Freshness Extension*
+-   GP Friendly name: *KDC support for PKInit Freshness Extension*
 -   GP name: *PKINITFreshness*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
@@ -291,32 +226,14 @@ ADMX Info:
 **ADMX_kdc/RequestCompoundId**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -331,26 +248,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a domain controller to request compound authentication.
+This policy setting allows you to configure a domain controller to request compound authentication.
 
 > [!NOTE]
 > For a domain controller to request compound authentication, the policy "KDC support for claims, compound authentication, and Kerberos armoring" must be configured and enabled. 
 
 If you enable this policy setting, domain controllers will request compound authentication. The returned service ticket will contain compound authentication only when the account is explicitly configured. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. 
 
-If you disable or do not configure this policy setting, domain controllers will return service tickets that contain compound authentication any time the client sends a compound authentication request regardless of the account configuration.
+If you disable or don't configure this policy setting, domain controllers will return service tickets that contain compound authentication anytime the client sends a compound authentication request regardless of the account configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Request compound authentication*
+-   GP Friendly name: *Request compound authentication*
 -   GP name: *RequestCompoundId*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
@@ -363,32 +275,14 @@ ADMX Info:
 **ADMX_kdc/TicketSizeThreshold** 
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -403,23 +297,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure at what size Kerberos tickets will trigger the warning event issued during Kerberos authentication. The ticket size warnings are logged in the System log.
+This policy setting allows you to configure at what size Kerberos tickets will trigger the warning event issued during Kerberos authentication. The ticket size warnings are logged in the System log.
 
-If you enable this policy setting, you can set the threshold limit for Kerberos ticket which trigger the warning events. If set too high, then authentication failures might be occurring even though warning events are not being logged. If set too low, then there will be too many ticket warnings in the log to be useful for analysis. This value should be set to the same value as the Kerberos policy "Set maximum Kerberos SSPI context token buffer size" or the smallest MaxTokenSize used in your environment if you are not configuring using Group Policy.
+If you enable this policy setting, you can set the threshold limit for Kerberos ticket, which triggers the warning events. If set too high, then authentication failures might be occurring even though warning events aren't being logged. If set too low, then there will be too many ticket warnings in the log to be useful for analysis. This value should be set to the same value as the Kerberos policy "Set maximum Kerberos SSPI context token buffer size" or the smallest MaxTokenSize used in your environment if you aren't configuring using Group Policy.
 
-If you disable or do not configure this policy setting, the threshold value defaults to 12,000 bytes, which is the default Kerberos MaxTokenSize for Windows 7, Windows Server 2008 R2 and prior versions.
+If you disable or don't configure this policy setting, the threshold value defaults to 12,000 bytes, which is the default Kerberos MaxTokenSize for Windows 7, Windows Server 2008 R2 and prior versions.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Warning for large Kerberos tickets*
+-   GP Friendly name: *Warning for large Kerberos tickets*
 -   GP name: *TicketSizeThreshold*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
@@ -432,32 +321,14 @@ ADMX Info:
 **ADMX_kdc/emitlili** 
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -472,28 +343,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the domain controller provides information about previous logons to client computers.
+This policy setting controls whether the domain controller provides information about previous logons to client computers.
 
 If you enable this policy setting, the domain controller provides the information message about previous logons.
 
-For Windows Logon to leverage this feature, the "Display information about previous logons during user logon" policy setting located in the Windows Logon Options node under Windows Components also needs to be enabled.
+For Windows Logon to use this feature, the "Display information about previous logons during user logon" policy setting located in the Windows Logon Options node under Windows Components also needs to be enabled.
 
-If you disable or do not configure this policy setting, the domain controller does not provide information about previous logons unless the "Display information about previous logons during user logon" policy setting is enabled.
+If you disable or don't configure this policy setting, the domain controller doesn't provide information about previous logons unless the "Display information about previous logons during user logon" policy setting is enabled.
 
 > [!NOTE]
-> Information about previous logons is provided only if the domain functional level is Windows Server 2008. In domains with a domain functional level of Windows Server 2003, Windows 2000 native, or Windows 2000 mixed, domain controllers cannot provide information about previous logons, and enabling this policy setting does not affect anything.
+> Information about previous logons is provided only if the domain functional level is Windows Server 2008. In domains with a domain functional level of Windows Server 2003, Windows 2000 native, or Windows 2000 mixed, domain controllers cannot provide information about previous logons, and enabling this policy setting doesn't affect anything.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Provide information about previous logons to client computers*
+-   GP Friendly name: *Provide information about previous logons to client computers*
 -   GP name: *emitlili*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
@@ -502,8 +368,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md
index 0546c527b2..998eb8189d 100644
--- a/windows/client-management/mdm/policy-csp-admx-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/12/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Kerberos
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -55,32 +59,14 @@ manager: dansimp
 **ADMX_Kerberos/AlwaysSendCompoundId**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -95,26 +81,21 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether a device always sends a compound authentication request when the resource domain requests compound identity.
+This policy setting controls whether a device always sends a compound authentication request when the resource domain requests compound identity.
 
 > [!NOTE]
 > For a domain controller to request compound authentication, the policies "KDC support for claims, compound authentication, and Kerberos armoring" and "Request compound authentication" must be configured and enabled in the resource account domain. 
 
 If you enable this policy setting and the resource domain requests compound authentication, devices that support compound authentication always send a compound authentication request. 
 
-If you disable or do not configure this policy setting and the resource domain requests compound authentication, devices will send a non-compounded authentication request first then a compound authentication request when the service requests compound authentication.
+If you disable or don't configure this policy setting and the resource domain requests compound authentication, devices will send a non-compounded authentication request first then a compound authentication request when the service requests compound authentication.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Always send compound authentication first*
+-   GP Friendly name: *Always send compound authentication first*
 -   GP name: *AlwaysSendCompoundId*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -127,32 +108,14 @@ ADMX Info:
 **ADMX_Kerberos/DevicePKInitEnabled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -167,30 +130,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Support for device authentication using certificate will require connectivity to a DC in the device account domain which supports certificate authentication for computer accounts.
+Support for device authentication using certificate will require connectivity to a DC in the device account domain that supports certificate authentication for computer accounts.
 
 This policy setting allows you to set support for Kerberos to attempt authentication using the certificate for the device to the domain.
 
 If you enable this policy setting, the device's credentials will be selected based on the following options:
 
-- Automatic: Device will attempt to authenticate using its certificate. If the DC does not support computer account authentication using certificates then authentication with password will be attempted.
-- Force: Device will always authenticate using its certificate. If a DC cannot be found which support computer account authentication using certificates then authentication will fail.
+- Automatic: Device will attempt to authenticate using its certificate. If the DC doesn't support computer account authentication using certificates, then authentication with password will be attempted.
+- Force: Device will always authenticate using its certificate. If a DC can't be found which support computer account authentication using certificates, then authentication will fail.
 
 If you disable this policy setting, certificates will never be used.
 
-If you do not configure this policy setting, Automatic will be used.
+If you don't configure this policy setting, Automatic will be used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Support device authentication using certificate*
+-   GP Friendly name: *Support device authentication using certificate*
 -   GP name: *DevicePKInitEnabled*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -203,32 +161,14 @@ ADMX Info:
 **ADMX_Kerberos/HostToRealm**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -243,25 +183,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify which DNS host names and which DNS suffixes are mapped to a Kerberos realm.
+This policy setting allows you to specify which DNS host names and which DNS suffixes are mapped to a Kerberos realm.
 
 If you enable this policy setting, you can view and change the list of DNS host names and DNS suffixes mapped to a Kerberos realm as defined by Group Policy. To view the list of mappings, enable the policy setting and then click the Show button. To add a mapping, enable the policy setting, note the syntax, and then click Show. In the Show Contents dialog box in the Value Name column, type a realm name. In the Value column, type the list of DNS host names and DNS suffixes using the appropriate syntax format. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters.
 
 If you disable this policy setting, the host name-to-Kerberos realm mappings list defined by Group Policy is deleted.
 
-If you do not configure this policy setting, the system uses the host name-to-Kerberos realm mappings that are defined in the local registry, if they exist.
+If you don't configure this policy setting, the system uses the host name-to-Kerberos realm mappings that are defined in the local registry, if they exist.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Define host name-to-Kerberos realm mappings*
+-   GP Friendly name: *Define host name-to-Kerberos realm mappings*
 -   GP name: *HostToRealm*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -274,32 +209,14 @@ ADMX Info:
 **ADMX_Kerberos/KdcProxyDisableServerRevocationCheck**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -314,24 +231,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to disable revocation check for the SSL certificate of the targeted KDC proxy server.
+This policy setting allows you to disable revocation check for the SSL certificate of the targeted KDC proxy server.
 
 If you enable this policy setting, revocation check for the SSL certificate of the KDC proxy server is ignored by the Kerberos client. This policy setting should only be used in troubleshooting KDC proxy connections. 
-Warning: When revocation check is ignored, the server represented by the certificate is not guaranteed valid. 
+> [!WARNING]
+> When revocation check is ignored, the server represented by the certificate isn't guaranteed valid.
 
-If you disable or do not configure this policy setting, the Kerberos client enforces the revocation check for the SSL certificate. The connection to the KDC proxy server is not established if the revocation check fails.
+If you disable or don't configure this policy setting, the Kerberos client enforces the revocation check for the SSL certificate. The connection to the KDC proxy server isn't established if the revocation check fails.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Disable revocation checking for the SSL certificate of KDC proxy servers*
+-   GP Friendly name: *Disable revocation checking for the SSL certificate of KDC proxy servers*
 -   GP name: *KdcProxyDisableServerRevocationCheck*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -344,32 +257,14 @@ ADMX Info:
 **ADMX_Kerberos/KdcProxyServer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -384,23 +279,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the Kerberos client's mapping to KDC proxy servers for domains based on their DNS suffix names.
+This policy setting configures the Kerberos client's mapping to KDC proxy servers for domains based on their DNS suffix names.
 
-If you enable this policy setting, the Kerberos client will use the KDC proxy server for a domain when a domain controller cannot be located based on the configured mappings. To map a KDC proxy server to a domain, enable the policy setting, click Show, and then map the KDC proxy server name(s) to the DNS name for the domain using the syntax described in the options pane. In the Show Contents dialog box in the Value Name column, type a DNS suffix name. In the Value column, type the list of proxy servers using the appropriate syntax format. To view the list of mappings, enable the policy setting and then click the Show button. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters.
+If you enable this policy setting, the Kerberos client will use the KDC proxy server for a domain when a domain controller can't be located based on the configured mappings. To map a KDC proxy server to a domain, enable the policy setting, click Show, and then map the KDC proxy server name(s) to the DNS name for the domain using the syntax described in the options pane. In the Show Contents dialog box in the Value Name column, type a DNS suffix name. In the Value column, type the list of proxy servers using the appropriate syntax format. To view the list of mappings, enable the policy setting and then click the Show button. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters.
 
-If you disable or do not configure this policy setting, the Kerberos client does not have KDC proxy servers settings defined by Group Policy.
+If you disable or don't configure this policy setting, the Kerberos client doesn't have KDC proxy servers settings defined by Group Policy.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify KDC proxy servers for Kerberos clients*
+-   GP Friendly name: *Specify KDC proxy servers for Kerberos clients*
 -   GP name: *KdcProxyServer*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -413,32 +303,14 @@ ADMX Info:
 **ADMX_Kerberos/MitRealms**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -453,25 +325,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the Kerberos client so that it can authenticate with interoperable Kerberos V5 realms, as defined by this policy setting.
+This policy setting configures the Kerberos client so that it can authenticate with interoperable Kerberos V5 realms, as defined by this policy setting.
 
 If you enable this policy setting, you can view and change the list of interoperable Kerberos V5 realms and their settings. To view the list of interoperable Kerberos V5 realms, enable the policy setting and then click the Show button. To add an interoperable Kerberos V5 realm, enable the policy setting, note the syntax, and then click Show. In the Show Contents dialog box in the Value Name column, type the interoperable Kerberos V5 realm name. In the Value column, type the realm flags and host names of the host KDCs using the appropriate syntax format. To remove an interoperable Kerberos V5 realm Value Name or Value entry from the list, click the entry, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters.
 
 If you disable this policy setting, the interoperable Kerberos V5 realm settings defined by Group Policy are deleted.
 
-If you do not configure this policy setting, the system uses the interoperable Kerberos V5 realm settings that are defined in the local registry, if they exist.
+If you don't configure this policy setting, the system uses the interoperable Kerberos V5 realm settings that are defined in the local registry, if they exist.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Define interoperable Kerberos V5 realm settings*
+-   GP Friendly name: *Define interoperable Kerberos V5 realm settings*
 -   GP name: *MitRealms*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -484,32 +351,14 @@ ADMX Info:
 **ADMX_Kerberos/ServerAcceptsCompound**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -524,9 +373,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls configuring the device's Active Directory account for compound authentication.
+This policy setting controls configuring the device's Active Directory account for compound authentication.
 
-Support for providing compound authentication which is used for access control will require enough domain controllers in the resource account domains to support the requests. The Domain Administrator must configure the policy "Support Dynamic Access Control and Kerberos armoring" on all the domain controllers to support this policy.
+Support for providing compound authentication that is used for access control will require enough domain controllers in the resource account domains to support the requests. The Domain Administrator must configure the policy "Support Dynamic Access Control and Kerberos armoring" on all the domain controllers to support this policy.
 
 If you enable this policy setting, the device's Active Directory account will be configured for compound authentication by the following options:
 
@@ -536,19 +385,14 @@ If you enable this policy setting, the device's Active Directory account will be
 
 If you disable this policy setting, Never will be used.
 
-If you do not configure this policy setting, Automatic will be used.
+If you don't configure this policy setting, Automatic will be used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Support compound authentication*
+-   GP Friendly name: *Support compound authentication*
 -   GP name: *ServerAcceptsCompound*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -561,32 +405,14 @@ ADMX Info:
 **ADMX_Kerberos/StrictTarget**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -601,23 +427,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN), computers running Windows 7 or later attempt to use Kerberos by generating an SPN.
+This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN), computers running Windows 7 or later attempt to use Kerberos by generating an SPN.
 
 If you enable this policy setting, only services running as LocalSystem or NetworkService are allowed to accept these connections. Services running as identities different from LocalSystem or NetworkService might fail to authenticate.
 
-If you disable or do not configure this policy setting, any service is allowed to accept incoming connections by using this system-generated SPN.
+If you disable or don't configure this policy setting, any service is allowed to accept incoming connections by using this system-generated SPN.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Require strict target SPN match on remote procedure calls*
+-   GP Friendly name: *Require strict target SPN match on remote procedure calls*
 -   GP name: *StrictTarget*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -625,7 +446,6 @@ ADMX Info:
 
 
 
                  
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
index e8d00a28cb..a905d94c9a 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/13/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_LanmanServer
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -43,32 +47,14 @@ manager: dansimp
 **ADMX_LanmanServer/Pol_CipherSuiteOrder**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -83,11 +69,11 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the cipher suites used by the SMB server.
+This policy setting determines the cipher suites used by the SMB server.
 
 If you enable this policy setting, cipher suites are prioritized in the order specified.
 
-If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used.
+If you enable this policy setting and don't specify at least one supported cipher suite, or if you disable or don't configure this policy setting, the default cipher suite order is used.
 
 SMB 3.11 cipher suites:  
 
@@ -106,16 +92,11 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in
 > When configuring this security setting, changes will not take effect until you restart Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Cipher suite order*
+-   GP Friendly name: *Cipher suite order*
 -   GP name: *Pol_CipherSuiteOrder*
 -   GP path: *Network/Lanman Server*
 -   GP ADMX file name: *LanmanServer.admx*
@@ -132,32 +113,14 @@ ADMX Info:
 **ADMX_LanmanServer/Pol_HashPublication**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -172,13 +135,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that is stored in shared folders. This policy setting must be applied to server computers that have the File Services role and both the File Server and the BranchCache for Network Files role services installed.
+This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that is stored in shared folders. This policy setting must be applied to server computers that have the File Services role and both the File Server and the BranchCache for Network Files role services installed.
 
 Policy configuration
 
-Select one of the following:
+Select one of the following options:
 
-- Not Configured. With this selection, hash publication settings are not applied to file servers. In the circumstance where file servers are domain members but you do not want to enable BranchCache on all file servers, you can specify Not Configured for this domain Group Policy setting, and then configure local machine policy to enable BranchCache on individual file servers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual servers where you want to enable BranchCache.
+- Not Configured. With this selection, hash publication settings aren't applied to file servers. In the circumstance where file servers are domain members but you don't want to enable BranchCache on all file servers, you can specify Not Configured for this domain Group Policy setting, and then configure local machine policy to enable BranchCache on individual file servers. Because the domain Group Policy setting isn't configured, it will not over-write the enabled setting that you use on individual servers where you want to enable BranchCache.
 - Enabled. With this selection, hash publication is turned on for all file servers where Group Policy is applied. For example, if Hash Publication for BranchCache is enabled in domain Group Policy, hash publication is turned on for all domain member file servers to which the policy is applied. The file servers are then able to create content information for all content that is stored in BranchCache-enabled file shares.
 - Disabled. With this selection, hash publication is turned off for all file servers where Group Policy is applied.
 
@@ -186,19 +149,14 @@ In circumstances where this policy setting is enabled, you can also select the f
 
 - Allow hash publication for all shared folders. With this option, BranchCache generates content information for all content in all shares on the file server.
 - Allow hash publication only for shared folders on which BranchCache is enabled. With this option, content information is generated only for shared folders on which BranchCache is enabled. If you use this setting, you must enable BranchCache for individual shares in Share and Storage Management on the file server.
-- Disallow hash publication on all shared folders. With this option, BranchCache does not generate content information for any shares on the computer and does not send content information to client computers that request content.
+- Disallow hash publication on all shared folders. With this option, BranchCache doesn't generate content information for any shares on the computer and doesn't send content information to client computers that request content.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hash Publication for BranchCache*
+-   GP Friendly name: *Hash Publication for BranchCache*
 -   GP name: *Pol_HashPublication*
 -   GP path: *Network/Lanman Server*
 -   GP ADMX file name: *LanmanServer.admx*
@@ -215,32 +173,14 @@ ADMX Info:
 **ADMX_LanmanServer/Pol_HashSupportVersion**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -255,15 +195,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled. 
+This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled. 
 
-If you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it is the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes.
+If you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it's the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes.
 
 Policy configuration
 
-Select one of the following:
+Select one of the following options:
 
-- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy setting. In this circumstance, which is the default, both V1 and V2 hash generation and retrieval are supported.
+- Not Configured. With this selection, BranchCache settings aren't applied to client computers by this policy setting. In this circumstance, which is the default, both V1 and V2 hash generation and retrieval are supported.
 - Enabled. With this selection, the policy setting is applied and the hash version(s) that are specified in "Hash version supported" are generated and retrieved.
 - Disabled. With this selection, both V1 and V2 hash generation and retrieval are supported.
 
@@ -276,16 +216,11 @@ Hash version supported:
 - To support both V1 and V2 content information, configure "Hash version supported" with the value of 3.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hash Version support for BranchCache*
+-   GP Friendly name: *Hash Version support for BranchCache*
 -   GP name: *Pol_HashSupportVersion*
 -   GP path: *Network/Lanman Server*
 -   GP ADMX file name: *LanmanServer.admx*
@@ -298,32 +233,14 @@ ADMX Info:
 **ADMX_LanmanServer/Pol_HonorCipherSuiteOrder**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -338,26 +255,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB client.
+This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB client.
 
 If you enable this policy setting, the SMB server will select the cipher suite it most prefers from the list of client-supported cipher suites, ignoring the client's preferences.
 
-If you disable or do not configure this policy setting, the SMB server will select the cipher suite the client most prefers from the list of server-supported cipher suites.
+If you disable or don't configure this policy setting, the SMB server will select the cipher suite the client most prefers from the list of server-supported cipher suites.
 
 > [!NOTE]
 > When configuring this security setting, changes will not take effect until you restart Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Honor cipher suite order*
+-   GP Friendly name: *Honor cipher suite order*
 -   GP name: *Pol_HonorCipherSuiteOrder*
 -   GP path: *Network/Lanman Server*
 -   GP ADMX file name: *LanmanServer.admx*
@@ -366,8 +278,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
index ac60e3f522..8fcfe9af1e 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/08/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_LanmanWorkstation
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -40,32 +44,14 @@ manager: dansimp
 **ADMX_LanmanWorkstation/Pol_CipherSuiteOrder**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -80,11 +66,11 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the cipher suites used by the SMB client.
+This policy setting determines the cipher suites used by the SMB client.
 
 If you enable this policy setting, cipher suites are prioritized in the order specified.
 
-If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used.
+If you enable this policy setting and don't specify at least one supported cipher suite, or if you disable or don't configure this policy setting, the default cipher suite order is used.
 
 SMB 3.11 cipher suites:
 
@@ -108,16 +94,11 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in
 > When configuring this security setting, changes will not take effect until you restart Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Cipher suite order*
+-   GP Friendly name: *Cipher suite order*
 -   GP name: *Pol_CipherSuiteOrder*
 -   GP path: *Network\Lanman Workstation*
 -   GP ADMX file name: *LanmanWorkstation.admx*
@@ -130,32 +111,14 @@ ADMX Info:
 **ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -170,26 +133,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of SMB handle caching for clients connecting to an SMB share where the Continuous Availability (CA) flag is enabled.
+This policy setting determines the behavior of SMB handle caching for clients connecting to an SMB share where the Continuous Availability (CA) flag is enabled.
 
-If you enable this policy setting, the SMB client will allow cached handles to files on CA shares. This may lead to better performance when repeatedly accessing a large number of unstructured data files on CA shares running in Microsoft Azure Files.
+If you enable this policy setting, the SMB client will allow cached handles to files on CA shares. This provision may lead to better performance when repeatedly accessing a large number of unstructured data files on CA shares running in Microsoft Azure Files.
 
-If you disable or do not configure this policy setting, Windows will prevent use of cached handles to files opened through CA shares.
+If you disable or don't configure this policy setting, Windows will prevent use of cached handles to files opened through CA shares.
 
 > [!NOTE]
-> This policy has no effect when connecting Scale-out File Server shares provided by a Windows Server. Microsoft does not recommend enabling this policy for clients that routinely connect to files hosted on a Windows Failover Cluster with the File Server for General Use role, as it can lead to adverse failover times and increased memory and CPU usage.
+> This policy has no effect when connecting Scale-out File Server shares provided by a Windows Server. Microsoft doesn't recommend enabling this policy for clients that routinely connect to files hosted on a Windows Failover Cluster with the File Server for General Use role, as it can lead to adverse failover times and increased memory and CPU usage.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Handle Caching on Continuous Availability Shares*
+-   GP Friendly name: *Handle Caching on Continuous Availability Shares*
 -   GP name: *Pol_EnableHandleCachingForCAFiles*
 -   GP path: *Network\Lanman Workstation*
 -   GP ADMX file name: *LanmanWorkstation.admx*
@@ -202,32 +160,14 @@ ADMX Info:
 **ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -242,26 +182,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of Offline Files on clients connecting to an SMB share where the Continuous Availability (CA) flag is enabled.
+This policy setting determines the behavior of Offline Files on clients connecting to an SMB share where the Continuous Availability (CA) flag is enabled.
 
 If you enable this policy setting, the "Always Available offline" option will appear in the File Explorer menu on a Windows computer when connecting to a CA-enabled share. Pinning of files on CA-enabled shares using client-side caching will also be possible.
 
-If you disable or do not configure this policy setting, Windows will prevent use of Offline Files with CA-enabled shares.
+If you disable or don't configure this policy setting, Windows will prevent use of Offline Files with CA-enabled shares.
 
 > [!NOTE]
-> Microsoft does not recommend enabling this group policy. Use of CA with Offline Files will lead to very long transition times between the online and offline states.
+> Microsoft doesn't recommend enabling this group policy. Use of CA with Offline Files will lead to very long transition times between the online and offline states.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Offline Files Availability on Continuous Availability Shares*
+-   GP Friendly name: *Offline Files Availability on Continuous Availability Shares*
 -   GP name: *Pol_EnableOfflineFilesforCAShares*
 -   GP path: *Network\Lanman Workstation*
 -   GP ADMX file name: *LanmanWorkstation.admx*
@@ -270,7 +205,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
new file mode 100644
index 0000000000..a362e05ab9
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
@@ -0,0 +1,96 @@
+---
+title: Policy CSP - ADMX_LeakDiagnostic
+description: Policy CSP - ADMX_LeakDiagnostic
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/17/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_LeakDiagnostic
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
                  
+
+
+## ADMX_LeakDiagnostic policies  
+
+
                  
+  
                  
+    ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+
                  
+
+
+
+This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.  
+
+- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.  
+
+- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message.  
+
+No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.  
+
+This policy setting only takes effect if the Disk Diagnostic scenario policy setting  is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. 
+
+The DPS can be configured with the Services snap-in to the Microsoft Management Console.  
+
+> [!NOTE]
+> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure custom alert text*
+-   GP name: *WdiScenarioExecutionPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
+-   GP ADMX file name: *LeakDiagnostic.admx*
+
+
+
+
                  
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
index 146ad0388c..841a1b47a1 100644
--- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/04/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_LinkLayerTopologyDiscovery
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -37,32 +41,14 @@ manager: dansimp
 **ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -77,25 +63,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting changes the operational behavior of the Mapper I/O network protocol driver.
+This policy setting changes the operational behavior of the Mapper I/O network protocol driver.
 
 LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network health analysis.
 
-If you enable this policy setting, additional options are available to fine-tune your selection. You may choose the "Allow operation while in domain" option to allow LLTDIO to operate on a network interface that's connected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "Allow operation while in public network" and "Prohibit operation while in private network" options instead.
+If you enable this policy setting, more options are available to fine-tune your selection. You may choose the "Allow operation while in domain" option to allow LLTDIO to operate on a network interface that's connected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "Allow operation while in public network" and "Prohibit operation while in private network" options instead.
 
-If you disable or do not configure this policy setting, the default behavior of LLTDIO will apply.
+If you disable or don't configure this policy setting, the default behavior of LLTDIO will apply.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on Mapper I/O (LLTDIO) driver*
+-   GP Friendly name: *Turn on Mapper I/O (LLTDIO) driver*
 -   GP name: *LLTD_EnableLLTDIO*
 -   GP path: *Network/Link-Layer Topology Discovery*
 -   GP ADMX file name: *LinkLayerTopologyDiscovery.admx*
@@ -108,32 +89,14 @@ ADMX Info:
 **ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -148,25 +111,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting changes the operational behavior of the Responder network protocol driver.
+This policy setting changes the operational behavior of the Responder network protocol driver.
 
 The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Service activities such as bandwidth estimation and network health analysis.
 
-If you enable this policy setting, additional options are available to fine-tune your selection. You may choose the "Allow operation while in domain" option to allow the Responder to operate on a network interface that's connected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "Allow operation while in public network" and "Prohibit operation while in private network" options instead.
+If you enable this policy setting, more options are available to fine-tune your selection. You may choose the "Allow operation while in domain" option to allow the Responder to operate on a network interface that's connected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "Allow operation while in public network" and "Prohibit operation while in private network" options instead.
 
-If you disable or do not configure this policy setting, the default behavior for the Responder will apply.
+If you disable or don't configure this policy setting, the default behavior for the Responder will apply.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on Responder (RSPNDR) driver*
+-   GP Friendly name: *Turn on Responder (RSPNDR) driver*
 -   GP name: *LLTD_EnableRspndr*
 -   GP path: *Network/Link-Layer Topology Discovery*
 -   GP ADMX file name: *LinkLayerTopologyDiscovery.admx*
@@ -175,8 +133,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
new file mode 100644
index 0000000000..9b40c8b242
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
@@ -0,0 +1,88 @@
+---
+title: Policy CSP - ADMX_LocationProviderAdm
+description: Policy CSP - ADMX_LocationProviderAdm
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/20/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_LocationProviderAdm
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
                  
+
+
+## ADMX_LocationProviderAdm policies  
+
+
                  
+  
                  
+    ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+
                  
+
+
+
+This policy setting turns off the Windows Location Provider feature for this computer.  
+
+- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature.  
+
+- If you disable or do not configure this policy setting, all programs on this computer can use the Windows Location Provider feature.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off Windows Location Provider*
+-   GP name: *DisableWindowsLocationProvider_1*
+-   GP path: *Windows Components\Location and Sensors\Windows Location Provider*
+-   GP ADMX file name: *LocationProviderAdm.admx*
+
+
+
+
                  
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md
index 68442eff39..2f68cebffb 100644
--- a/windows/client-management/mdm/policy-csp-admx-logon.md
+++ b/windows/client-management/mdm/policy-csp-admx-logon.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/21/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Logon
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -76,32 +80,14 @@ manager: dansimp
 **ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -116,23 +102,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy prevents the user from showing account details (email address or user name) on the sign-in screen. 
+This policy prevents the user from showing account details (email address or user name) on the sign-in screen. 
 
-If you enable this policy setting, the user cannot choose to show account details on the sign-in screen.
+If you enable this policy setting, the user can't choose to show account details on the sign-in screen.
 
-If you disable or do not configure this policy setting, the user may choose to show account details on the sign-in screen.
+If you disable or don't configure this policy setting, the user may choose to show account details on the sign-in screen.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Block user from showing account details on sign-in*
+-   GP Friendly name: *Block user from showing account details on sign-in*
 -   GP name: *BlockUserFromShowingAccountDetailsOnSignin*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -145,32 +126,14 @@ ADMX Info:
 **ADMX_Logon/DisableAcrylicBackgroundOnLogon**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -185,23 +148,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting disables the acrylic blur effect on logon background image.
+This policy setting disables the acrylic blur effect on logon background image.
 
 If you enable this policy, the logon background image shows without blur.
 
-If you disable or do not configure this policy, the logon background image adopts the acrylic blur effect.
+If you disable or don't configure this policy, the logon background image adopts the acrylic blur effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Show clear logon background*
+-   GP Friendly name: *Show clear logon background*
 -   GP name: *DisableAcrylicBackgroundOnLogon*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -214,32 +172,14 @@ ADMX Info:
 **ADMX_Logon/DisableExplorerRunLegacy_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -254,13 +194,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting ignores the customized run list.
+This policy setting ignores the customized run list.
 
-You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 Professional. These programs are added to the standard run list of programs and services that the system starts.
-
-If you enable this policy setting, the system ignores the run list for Windows Vista, Windows XP Professional, and Windows 2000 Professional.
-
-If you disable or do not configure this policy setting, Windows Vista adds any customized run list configured to its run list.
+These programs are added to the standard run list of programs and services that the system starts.
 
 This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
 
@@ -268,16 +204,11 @@ This policy setting appears in the Computer Configuration and User Configuration
 > To create a customized run list by using a policy setting, use the "Run these applications at startup" policy setting.  Also, see the "Do not process the run once list" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not process the legacy run list*
+-   GP Friendly name: *Do not process the legacy run list*
 -   GP name: *DisableExplorerRunLegacy_1*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -290,32 +221,14 @@ ADMX Info:
 **ADMX_Logon/DisableExplorerRunLegacy_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -330,13 +243,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting ignores the customized run list.
+This policy setting ignores the customized run list.
 
-You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 Professional. These programs are added to the standard run list of programs and services that the system starts.
-
-If you enable this policy setting, the system ignores the run list for Windows Vista, Windows XP Professional, and Windows 2000 Professional.
-
-If you disable or do not configure this policy setting, Windows Vista adds any customized run list configured to its run list.
+These programs are added to the standard run list of programs and services that the system starts.
 
 This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
 
@@ -344,16 +253,11 @@ This policy setting appears in the Computer Configuration and User Configuration
 > To create a customized run list by using a policy setting, use the "Run these applications at startup" policy setting.  Also, see the "Do not process the run once list" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not process the legacy run list*
+-   GP Friendly name: *Do not process the legacy run list*
 -   GP name: *DisableExplorerRunLegacy_2*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -366,32 +270,14 @@ ADMX Info:
 **ADMX_Logon/DisableExplorerRunOnceLegacy_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -406,13 +292,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting ignores customized run-once lists.
+This policy setting ignores customized run-once lists.
 
-You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.
+You can create a customized list of other programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.
 
 If you enable this policy setting, the system ignores the run-once list.
 
-If you disable or do not configure this policy setting, the system runs the programs in the run-once list.
+If you disable or don't configure this policy setting, the system runs the programs in the run-once list.
 
 This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
 
@@ -420,16 +306,11 @@ This policy setting appears in the Computer Configuration and User Configuration
 > Customized run-once lists are stored in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce. Also, see the "Do not process the legacy run list" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not process the run once list*
+-   GP Friendly name: *Do not process the run once list*
 -   GP name: *DisableExplorerRunOnceLegacy_1*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -442,32 +323,14 @@ ADMX Info:
 **ADMX_Logon/DisableExplorerRunOnceLegacy_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -482,13 +345,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting ignores customized run-once lists.
+This policy setting ignores customized run-once lists.
 
-You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.
+You can create a customized list of other programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.
 
 If you enable this policy setting, the system ignores the run-once list.
 
-If you disable or do not configure this policy setting, the system runs the programs in the run-once list.
+If you disable or don't configure this policy setting, the system runs the programs in the run-once list.
 
 This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
 
@@ -496,16 +359,11 @@ This policy setting appears in the Computer Configuration and User Configuration
 > Customized run-once lists are stored in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce. Also, see the "Do not process the legacy run list" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not process the run once list*
+-   GP Friendly name: *Do not process the run once list*
 -   GP name: *DisableExplorerRunOnceLegacy_2*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -518,32 +376,14 @@ ADMX Info:
 **ADMX_Logon/DisableStatusMessages**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -558,23 +398,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting suppresses system status messages.
+This policy setting suppresses system status messages.
 
-If you enable this setting, the system does not display a message reminding users to wait while their system starts or shuts down, or while users log on or off.
+If you enable this setting, the system doesn't display a message reminding users to wait while their system starts or shuts down, or while users sign in or sign out.
 
-If you disable or do not configure this policy setting, the system displays the message reminding users to wait while their system starts or shuts down, or while users log on or off.
+If you disable or don't configure this policy setting, the system displays the message reminding users to wait while their system starts or shuts down, or while users sign in or sign out.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Boot / Shutdown / Logon / Logoff status messages*
+-   GP Friendly name: *Remove Boot / Shutdown / Logon / Logoff status messages*
 -   GP name: *DisableStatusMessages*
 -   GP path: *System*
 -   GP ADMX file name: *Logon.admx*
@@ -587,32 +422,14 @@ ADMX Info:
 **ADMX_Logon/DontEnumerateConnectedUsers**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -627,23 +444,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents connected users from being enumerated on domain-joined computers.
+This policy setting prevents connected users from being enumerated on domain-joined computers.
 
-If you enable this policy setting, the Logon UI will not enumerate any connected users on domain-joined computers.
+If you enable this policy setting, the Logon UI won't enumerate any connected users on domain-joined computers.
 
-If you disable or do not configure this policy setting, connected users will be enumerated on domain-joined computers.
+If you disable or don't configure this policy setting, connected users will be enumerated on domain-joined computers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not enumerate connected users on domain-joined computers*
+-   GP Friendly name: *Do not enumerate connected users on domain-joined computers*
 -   GP name: *DontEnumerateConnectedUsers*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -656,32 +468,14 @@ ADMX Info:
 **ADMX_Logon/NoWelcomeTips_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -696,15 +490,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.
+This policy setting hides the welcome screen that is displayed on Windows each time the user logs on.
 
 If you enable this policy setting, the welcome screen is hidden from the user logging on to a computer where this policy is applied.
 
 Users can still display the welcome screen by selecting it on the Start menu or by typing "Welcome" in the Run dialog box.
 
-If you disable or do not configure this policy, the welcome screen is displayed each time a user logs on to the computer.
+If you disable or don't configure this policy, the welcome screen is displayed each time a user signs in to the computer.
 
-This setting applies only to Windows 2000 Professional. It does not affect the "Configure Your Server on a Windows 2000 Server" screen on Windows 2000 Server.
+This setting applies only to Windows. It doesn't affect the "Configure Your Server on a Windows Server" screen on Windows Server.
 
 > [!NOTE]
 > This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
@@ -713,16 +507,11 @@ This setting applies only to Windows 2000 Professional. It does not affect the "
 > To display the welcome screen, click Start, point to Programs, point to Accessories, point to System Tools, and then click "Getting Started." To suppress the welcome screen without specifying a setting, clear the "Show this screen at startup" check box on the welcome screen.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not display the Getting Started welcome screen at logon*
+-   GP Friendly name: *Do not display the Getting Started welcome screen at logon*
 -   GP name: *NoWelcomeTips_1*
 -   GP path: *System*
 -   GP ADMX file name: *Logon.admx*
@@ -736,32 +525,14 @@ ADMX Info:
 **ADMX_Logon/NoWelcomeTips_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -776,13 +547,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.
+This policy setting hides the welcome screen that is displayed on Windows each time the user logs on.
 
 If you enable this policy setting, the welcome screen is hidden from the user logging on to a computer where this policy is applied.
 
 Users can still display the welcome screen by selecting it on the Start menu or by typing "Welcome" in the Run dialog box.
 
-If you disable or do not configure this policy, the welcome screen is displayed each time a user logs on to the computer.  This setting applies only to Windows 2000 Professional. It does not affect the "Configure Your Server on a Windows 2000 Server" screen on Windows 2000 Server.
+If you disable or don't configure this policy, the welcome screen is displayed each time a user signs in to the computer.  This setting applies only to Windows. It doesn't affect the "Configure Your Server on a Windows Server" screen on Windows Server.
 
 > [!NOTE]
 > This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
@@ -791,16 +562,11 @@ If you disable or do not configure this policy, the welcome screen is displayed
 > To display the welcome screen, click Start, point to Programs, point to Accessories, point to System Tools, and then click "Getting Started." To suppress the welcome screen without specifying a setting, clear the "Show this screen at startup" check box on the welcome screen.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not display the Getting Started welcome screen at logon*
+-   GP Friendly name: *Do not display the Getting Started welcome screen at logon*
 -   GP name: *NoWelcomeTips_2*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -813,32 +579,14 @@ ADMX Info:
 **ADMX_Logon/Run_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -853,30 +601,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.
+This policy setting specifies other programs or documents that Windows starts automatically when a user signs in to the system.
 
-If you enable this policy setting, you can specify which programs can run at the time the user logs on to this computer that has this policy applied.
+If you enable this policy setting, you can specify which programs can run at the time the user signs in to this computer that has this policy applied.
 
 To specify values for this policy setting, click Show. In the Show Contents dialog box in the Value column, type the name of the executable program (.exe) file or document file. To specify another name, press ENTER, and type the name. Unless the file is located in the %Systemroot% directory, you must specify the fully qualified path to the file.
 
-If you disable or do not configure this policy setting, the user will have to start the appropriate programs after logon.
+If you disable or don't configure this policy setting, the user will have to start the appropriate programs after signing in.
 
 > [!NOTE]
 > This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the system starts the programs specified in the Computer Configuration setting just before it starts the programs specified in the User Configuration setting.
 
-Also, see the "Do not process the legacy run list" and the "Do not process the run once list" settings.
+Also, see the "Do not process the legacy run list" and the "don't process the run once list" settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Run these programs at user logon*
+-   GP Friendly name: *Run these programs at user logon*
 -   GP name: *Run_1*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -889,32 +632,14 @@ ADMX Info:
 **ADMX_Logon/Run_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -929,31 +654,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.
+This policy setting specifies other programs or documents that Windows starts automatically when a user signs in to the system.
 
-If you enable this policy setting, you can specify which programs can run at the time the user logs on to this computer that has this policy applied.
+If you enable this policy setting, you can specify which programs can run at the time the user signs in to this computer that has this policy applied.
 
 To specify values for this policy setting, click Show. In the Show Contents dialog box in the Value column, type the name of the executable program (.exe) file or document file. To specify another name, press ENTER, and type the name. Unless the file is located in the %Systemroot% directory, you must specify the fully qualified path to the file.
 
-If you disable or do not configure this policy setting, the user will have to start the appropriate programs after logon.
+If you disable or don't configure this policy setting, the user will have to start the appropriate programs after signing in.
 
 > [!NOTE]
 > This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the system starts the programs specified in the Computer Configuration setting just before it starts the programs specified in the User Configuration setting.
 
-Also, see the "Do not process the legacy run list" and the "Do not process the run once list" settings.
+Also, see the "Do not process the legacy run list" and the "don't process the run once list" settings.
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Run these programs at user logon*
+-   GP Friendly name: *Run these programs at user logon*
 -   GP name: *Run_2*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -966,32 +686,14 @@ ADMX Info:
 **ADMX_Logon/SyncForegroundPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1006,41 +708,36 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the network to be fully initialized during computer startup and user logon). By default, on client computers, Group Policy processing is not synchronous; client computers typically do not wait for the network to be fully initialized at startup and logon. Existing users are logged on using cached credentials, which results in shorter logon times. Group Policy is applied in the background after the network becomes available. 
+This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the network to be fully initialized during computer startup and user sign in). By default, on client computers, Group Policy processing isn't synchronous; client computers typically don't wait for the network to be fully initialized at startup and sign in. Existing users are signed in using cached credentials, which results in shorter sign-in times. Group Policy is applied in the background after the network becomes available.
 
-Note that because this is a background refresh, extensions such as Software Installation and Folder Redirection take two logons to apply changes. To be able to operate safely, these extensions require that no users be logged on. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script, may take up to two logons to be detected.
+Because this process (of applying Group Policy) is a background refresh, extensions such as Software Installation and Folder Redirection take two sign-ins to apply changes. To be able to operate safely, these extensions require that no users be signed in. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script, may take up to two sign-ins to be detected.
 
-If a user with a roaming profile, home directory, or user object logon script logs on to a computer, computers always wait for the network to be initialized before logging the user on. If a user has never logged on to this computer before, computers always wait for the network to be initialized.
+If a user with a roaming profile, home directory, or user object logon script signs in to a computer, computers always wait for the network to be initialized before signing in the user. If a user has never signed in to this computer before, computers always wait for the network to be initialized.
 
-If you enable this policy setting, computers wait for the network to be fully initialized before users are logged on. Group Policy is applied in the foreground, synchronously.
+If you enable this policy setting, computers wait for the network to be fully initialized before users are signed in. Group Policy is applied in the foreground, synchronously.
 
 On servers running Windows Server 2008 or later, this policy setting is ignored during Group Policy processing at computer startup and Group Policy processing will be synchronous (these servers wait for the network to be initialized during computer startup).
 
-If the server is configured as follows, this policy setting takes effect during Group Policy processing at user logon:
+If the server is configured as follows, this policy setting takes effect during Group Policy processing at user sign in:
 
 - The server is configured as a terminal server (that is, the Terminal Server role service is installed and configured on the server); and
 - The “Allow asynchronous user Group Policy processing when logging on through Terminal Services” policy setting is enabled. This policy setting is located under Computer Configuration\Policies\Administrative templates\System\Group Policy\\.
 
-If this configuration is not implemented on the server, this policy setting is ignored. In this case, Group Policy processing at user logon is synchronous (these servers wait for the network to be initialized during user logon).
+If this configuration isn't implemented on the server, this policy setting is ignored. In this case, Group Policy processing at user sign in is synchronous (these servers wait for the network to be initialized during user sign in).
 
-If you disable or do not configure this policy setting and users log on to a client computer or a server running Windows Server 2008 or later and that is configured as described earlier, the computer typically does not wait for the network to be fully initialized. In this case, users are logged on with cached credentials. Group Policy is applied asynchronously in the background.
+If you disable or don't configure this policy setting and users sign in to a client computer or a server running Windows Server 2008 or later and that is configured as described earlier, the computer typically doesn't wait for the network to be fully initialized. In this case, users are logged on with cached credentials. Group Policy is applied asynchronously in the background.
 
 > [!NOTE]
 >
-> - If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one logon, enable this policy setting to ensure that Windows waits for the network to be available before applying policy. 
-> - If Folder Redirection policy will apply during the next logon, security policies will be applied asynchronously during the next update cycle, if network connectivity is available.
+> - If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one sign in, enable this policy setting to ensure that Windows waits for the network to be available before applying policy. 
+> - If Folder Redirection policy will apply during the next sign in, security policies will be applied asynchronously during the next update cycle, if network connectivity is available.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Always wait for the network at computer startup and logon*
+-   GP Friendly name: *Always wait for the network at computer startup and logon*
 -   GP name: *SyncForegroundPolicy*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -1053,32 +750,14 @@ ADMX Info:
 **ADMX_Logon/UseOEMBackground**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1093,23 +772,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting ignores Windows Logon Background.
+This policy setting ignores Windows Logon Background.
 
-This policy setting may be used to make Windows give preference to a custom logon background.  If you enable this policy setting, the logon screen always attempts to load a custom background instead of the Windows-branded logon background.
+This policy setting may be used to make Windows give preference to a custom logon background. If you enable this policy setting, the sign-in screen always attempts to load a custom background instead of the Windows-branded logon background.
 
-If you disable or do not configure this policy setting, Windows uses the default Windows logon background or custom background.
+If you disable or don't configure this policy setting, Windows uses the default Windows logon background or custom background.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Always use custom logon background*
+-   GP Friendly name: *Always use custom logon background*
 -   GP name: *UseOEMBackground*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -1122,32 +796,14 @@ ADMX Info:
 **ADMX_Logon/VerboseStatus**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1162,28 +818,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to display highly detailed status messages.
+This policy setting directs the system to display highly detailed status messages.
 
 This policy setting is designed for advanced users who require this information.
 
 If you enable this policy setting, the system displays status messages that reflect each step in the process of starting, shutting down, logging on, or logging off the system.
 
-If you disable or do not configure this policy setting, only the default status messages are displayed to the user during these processes.
+If you disable or don't configure this policy setting, only the default status messages are displayed to the user during these processes.
 
 > [!NOTE]
 > This policy setting is ignored if the "Remove Boot/Shutdown/Logon/Logoff status messages" policy setting is enabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Display highly detailed status messages*
+-   GP Friendly name: *Display highly detailed status messages*
 -   GP name: *VerboseStatus*
 -   GP path: *System*
 -   GP ADMX file name: *Logon.admx*
@@ -1192,8 +843,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index aa27ba10da..c2d83759c2 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
-ms.date: 12/02/2020
+author: dansimp
+ms.date: 01/03/2022
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_MicrosoftDefenderAntivirus
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -310,32 +314,14 @@ manager: dansimp
 **ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -350,23 +336,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance.
+This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance.
 
-If you enable or do not configure this setting, the antimalware service will load as a normal priority task.
+If you enable or don't configure this setting, the antimalware service will load as a normal priority task.
 
 If you disable this setting, the antimalware service will load as a low priority task.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow antimalware service to startup with normal priority*
+-   GP Friendly name: *Allow antimalware service to startup with normal priority*
 -   GP name: *AllowFastServiceStartup*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -379,32 +360,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -419,27 +382,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off Microsoft Defender Antivirus.
+This policy setting turns off Microsoft Defender Antivirus.
 
-If you enable this policy setting, Microsoft Defender Antivirus does not run, and will not scan computers for malware or other potentially unwanted software.
+If you enable this policy setting, Microsoft Defender Antivirus doesn't run, and won't scan computers for malware or other potentially unwanted software.
 
 If you disable this policy setting, Microsoft Defender Antivirus will run regardless of any other installed antivirus product.
 
-If you do not configure this policy setting, Windows will internally manage Microsoft Defender Antivirus. If you install another antivirus program, Windows automatically disables Microsoft Defender Antivirus. Otherwise, Microsoft Defender Antivirus will scan your computers for malware and other potentially unwanted software.
+If you don't configure this policy setting, Windows will internally manage Microsoft Defender Antivirus. If you install another antivirus program, Windows automatically disables Microsoft Defender Antivirus. Otherwise, Microsoft Defender Antivirus will scan your computers for malware and other potentially unwanted software.
 
-Enabling or disabling this policy may lead to unexpected or unsupported behavior. It is recommended that you leave this policy setting unconfigured.
+Enabling or disabling this policy may lead to unexpected or unsupported behavior. It's recommended that you leave this policy setting unconfigured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Microsoft Defender Antivirus*
+-   GP Friendly name: *Turn off Microsoft Defender Antivirus*
 -   GP name: *DisableAntiSpywareDefender*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -452,32 +410,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -492,28 +432,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off.
+Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off.
 
 Disabled (Default):
-Microsoft Defender will exclude pre-defined list of paths from the scan to improve performance.
+Microsoft Defender Antivirus will exclude pre-defined list of paths from the scan to improve performance.
 
 Enabled:
-Microsoft Defender will not exclude pre-defined list of paths from scans. This can impact machine performance in some scenarios.
+Microsoft Defender Antivirus won't exclude pre-defined list of paths from scans. This non-exclusion can impact machine performance in some scenarios.
 
 Not configured:
 Same as Disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Auto Exclusions*
+-   GP Friendly name: *Turn off Auto Exclusions*
 -   GP name: *DisableAutoExclusions*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -526,32 +461,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/DisableBlockAtFirstSeen**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -566,29 +483,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check will not occur, which will lower the protection state of the device.
+This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check won't occur, which will lower the protection state of the device.
 
 Enabled – The Block at First Sight setting is turned on.
 Disabled – The Block at First Sight setting is turned off.
     
-This feature requires these Group Policy settings to be set as follows:
+This feature requires these Policy settings to be set as follows:
 
-- MAPS -> The “Join Microsoft MAPS” must be enabled or the “Block at First Sight” feature will not function.
-- MAPS -> The “Send file samples when further analysis is required” should be set to 1 (Send safe samples) or 3 (Send all samples). Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the “Block at First Sight” feature will not function.
-- Real-time Protection -> The “Scan all downloaded files and attachments” policy must be enabled or the “Block at First Sight” feature will not function.
-- Real-time Protection -> Do not enable the “Turn off real-time protection” policy or the “Block at First Sight” feature will not function.
+- MAPS -> The “Join Microsoft MAPS” must be enabled or the “Block at First Sight” feature won't function.
+- MAPS -> The “Send file samples when further analysis is required” should be set to 1 (Send safe samples) or 3 (Send all samples). Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the “Block at First Sight” feature won't function.
+- Real-time Protection -> The “Scan all downloaded files and attachments” policy must be enabled or the “Block at First Sight” feature won't function.
+- Real-time Protection -> don't enable the “Turn off real-time protection” policy or the “Block at First Sight” feature won't function.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure the 'Block at First Sight' feature*
+-   GP Friendly name: *Configure the 'Block at First Sight' feature*
 -   GP name: *DisableBlockAtFirstSeen*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\MAPS*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -601,32 +513,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/DisableLocalAdminMerge**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -641,23 +535,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not complex list settings configured by a local administrator are merged with Group Policy settings. This setting applies to lists such as threats and Exclusions.
+This policy setting controls whether or not complex list settings configured by a local administrator are merged with Policy settings. This setting applies to lists such as threats and Exclusions.
 
-If you enable or do not configure this setting, unique items defined in Group Policy and in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, Group policy Settings will override preference settings.
+If you enable or don't configure this setting, unique items defined in Policy and in preference settings configured by the local administrator will be merged into the resulting effective policy. If conflicts occur, Policy Settings will override preference settings.
 
-If you disable this setting, only items defined by Group Policy will be used in the resulting effective policy. Group Policy settings will override preference settings configured by the local administrator.
+If you disable this setting, only items defined by Policy will be used in the resulting effective policy. Policy settings will override preference settings configured by the local administrator.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure local administrator merge behavior for lists*
+-   GP Friendly name: *Configure local administrator merge behavior for lists*
 -   GP name: *DisableLocalAdminMerge*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -670,32 +559,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/DisableRealtimeMonitoring**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -710,25 +581,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off real-time protection prompts for known malware detection.
+This policy setting turns off real-time protection prompts for known malware detection.
 
 Microsoft Defender Antivirus alerts you when malware or potentially unwanted software attempts to install itself or to run on your computer.
 
-If you enable this policy setting, Microsoft Defender Antivirus will not prompt users to take actions on malware detections.
+If you enable this policy setting, Microsoft Defender Antivirus won't prompt users to take actions on malware detections.
 
-If you disable or do not configure this policy setting, Microsoft Defender Antivirus will prompt users to take actions on malware detections.
+If you disable or don't configure this policy setting, Microsoft Defender Antivirus will prompt users to take actions on malware detections.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off real-time protection*
+-   GP Friendly name: *Turn off real-time protection*
 -   GP name: *DisableRealtimeMonitoring*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -741,32 +607,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/DisableRoutinelyTakingAction**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -781,23 +629,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether Microsoft Defender Antivirus automatically takes action on all detected threats. The action to be taken on a particular threat is determined by the combination of the policy-defined action, user-defined action, and the signature-defined action.
+This policy setting allows you to configure whether Microsoft Defender Antivirus automatically takes action on all detected threats. The action to be taken on a particular threat is determined by the combination of the policy-defined action, user-defined action, and the signature-defined action.
 
-If you enable this policy setting, Microsoft Defender Antivirus does not automatically take action on the detected threats, but prompts users to choose from the actions available for each threat.
+If you enable this policy setting, Microsoft Defender Antivirus doesn't automatically take action on the detected threats, but prompts users to choose from the actions available for each threat.
 
-If you disable or do not configure this policy setting, Microsoft Defender Antivirus automatically takes action on all detected threats after a nonconfigurable delay of approximately five seconds.
+If you disable or don't configure this policy setting, Microsoft Defender Antivirus automatically takes action on all detected threats after a nonconfigurable delay of approximately five seconds.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off routine remediation*
+-   GP Friendly name: *Turn off routine remediation*
 -   GP name: *DisableRoutinelyTakingAction*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -810,32 +653,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Exclusions_Extensions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -850,19 +675,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you specify a list of file types that should be excluded from scheduled, custom, and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the file type extension (such as "obj" or "lib"). The value is not used and it is recommended that this be set to 0.
+This policy setting allows you to specify a list of file types that should be excluded from scheduled, custom, and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the file type extension (such as "obj" or "lib"). The value isn't used and it's recommended that this value is set to 0.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Extension Exclusions*
+-   GP Friendly name: *Extension Exclusions*
 -   GP name: *Exclusions_Extensions*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -875,32 +695,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Exclusions_Paths**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -915,21 +717,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name.
+This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name.
 
-As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe". The value is not used and it is recommended that this be set to 0.
+As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe". The value isn't used and it's recommended that this value is set to 0.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Path Exclusions*
+-   GP Friendly name: *Path Exclusions*
 -   GP name: *Exclusions_Paths*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -942,32 +739,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Exclusions_Processes**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -982,19 +761,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to disable scheduled and real-time scanning for any file opened by any of the specified processes. The process itself will not be excluded. To exclude the process, use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the path to the process image. Note that only executables can be excluded. For example, a process might be defined as: "c:\windows\app.exe". The value is not used and it is recommended that this be set to 0.
+This policy setting allows you to disable scheduled and real-time scanning for any file opened by any of the specified processes. The process itself won't be excluded. To exclude the process, use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the path to the process image. Only executables can be excluded. For example, a process might be defined as: "c:\windows\app.exe". The value isn't used and it's recommended that this value is set to 0.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Process Exclusions*
+-   GP Friendly name: *Process Exclusions*
 -   GP name: *Exclusions_Processes*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1007,32 +781,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_ASROnlyExclusions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1047,7 +803,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Exclude files and paths from Attack Surface Reduction (ASR) rules.
+Exclude files and paths from Attack Surface Reduction (ASR) rules.
 
 Enabled:
 Specify the folders or files and resources that should be excluded from ASR rules in the Options section.
@@ -1062,19 +818,14 @@ No exclusions will be applied to the ASR rules.
 Not configured:
 Same as Disabled.
 
-You can configure ASR rules in the Configure Attack Surface Reduction rules GP setting.
+You can configure ASR rules in the "Configure Attack Surface Reduction rules" GP setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Exclude files and paths from Attack Surface Reduction Rules*
+-   GP Friendly name: *Exclude files and paths from Attack Surface Reduction Rules*
 -   GP name: *ExploitGuard_ASR_ASROnlyExclusions*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1087,32 +838,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_Rules**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1127,13 +860,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Set the state for each Attack Surface Reduction (ASR) rule.
+Set the state for each ASR rule.
 
-After enabling this setting, you can set each rule to the following in the Options section:
+After enabling this setting, you can set each rule to the following values in the Options section:
 
-- Block: the rule will be applied
-- Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule will not actually be applied)
-- Off: the rule will not be applied
+- Block: The rule will be applied
+- Audit Mode: If the rule would normally cause an event, then it will be recorded (although the rule won't actually be applied)
+- Off: The rule won't be applied
 
 Enabled:
 Specify the state for each ASR rule under the Options section for this setting.
@@ -1161,16 +894,11 @@ Same as Disabled.
 You can exclude folders or files in the "Exclude files and paths from Attack Surface Reduction Rules" GP setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Attack Surface Reduction rules*
+-   GP Friendly name: *Configure Attack Surface Reduction rules*
 -   GP name: *ExploitGuard_ASR_Rules*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1183,32 +911,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_AllowedApplications**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1223,36 +933,31 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Add additional applications that should be considered "trusted" by controlled folder access.
+Add other applications that should be considered "trusted" by controlled folder access.
 
 These applications are allowed to modify or delete files in controlled folder access folders.
 
-Microsoft Defender Antivirus automatically determines which applications should be trusted. You can configure this setting to add additional applications.
+Microsoft Defender Antivirus automatically determines which applications should be trusted. You can configure this setting to add other applications.
 
 Enabled: 
-Specify additional allowed applications in the Options section..
+Specify other allowed applications in the Options section.
 
 Disabled:
-No additional applications will be added to the trusted list.
+No other applications will be added to the trusted list.
 
 Not configured:
 Same as Disabled.
 
-You can enable controlled folder access in the Configure controlled folder access GP setting.
+You can enable controlled folder access in the "Configure controlled folder access" GP setting.
 
-Default system folders are automatically guarded, but you can add folders in the configure protected folders GP setting.
+Default system folders are automatically guarded, but you can add folders in the "Configure protected folders" GP setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure allowed applications*
+-   GP Friendly name: *Configure allowed applications*
 -   GP name: *ExploitGuard_ControlledFolderAccess_AllowedApplications*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1265,32 +970,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_ProtectedFolders**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1305,37 +992,32 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Specify additional folders that should be guarded by the Controlled folder access feature.
+Specify additional folders that should be guarded by the Controlled folder access feature.
 
-Files in these folders cannot be modified or deleted by untrusted applications.
+Files in these folders can't be modified or deleted by untrusted applications.
 
-Default system folders are automatically protected. You can configure this setting to add additional folders. 
+Default system folders are automatically protected. You can configure this setting to add more folders. 
 The list of default system folders that are protected is shown in Windows Security.
 
 Enabled:
-Specify additional folders that should be protected in the Options section.
+Specify more folders that should be protected in the Options section.
 
 Disabled:
-No additional folders will be protected.
+No other folders will be protected.
 
 Not configured:
 Same as Disabled.
 
-You can enable controlled folder access in the Configure controlled folder access GP setting.
+You can enable controlled folder access in the "Configure controlled folder access" GP setting.
 
-Microsoft Defender Antivirus automatically determines which applications can be trusted. You can add additional trusted applications in the Configure allowed applications GP setting.
+Microsoft Defender Antivirus automatically determines which applications can be trusted. You can add more trusted applications in the "Configure allowed applications" GP setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure protected folders*
+-   GP Friendly name: *Configure protected folders*
 -   GP name: *ExploitGuard_ControlledFolderAccess_ProtectedFolders*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1348,32 +1030,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/MpEngine_EnableFileHashComputation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1388,28 +1052,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Enable or disable file hash computation feature.
+Enable or disable file hash computation feature.
 
 Enabled:
-When this feature is enabled Microsoft Defender will compute hash value for files it scans.
+When this feature is enabled, Microsoft Defender Antivirus will compute hash value for files it scans.
 
 Disabled:
-File hash value is not computed
+File hash value isn't computed
 
 Not configured:
 Same as Disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable file hash computation feature*
+-   GP Friendly name: *Enable file hash computation feature*
 -   GP name: *MpEngine_EnableFileHashComputation*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\MpEngine*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1422,32 +1081,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_DisableSignatureRetirement**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1462,23 +1103,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vulnerable to the exploit detected by a definition, then that definition is "retired". If all security intelligence for a given protocol are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates, network protection will have no impact on network performance.
+This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system isn't vulnerable to the exploit detected by a definition, then that definition is "retired". If all security intelligence for a given protocol are retired, then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates, network protection will have no impact on network performance.
 
-If you enable or do not configure this setting, definition retirement will be enabled.
+If you enable or don't configure this setting, definition retirement will be enabled.
 
 If you disable this setting, definition retirement will be disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on definition retirement*
+-   GP Friendly name: *Turn on definition retirement*
 -   GP name: *Nis_Consumers_IPS_DisableSignatureRetirement*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1491,32 +1127,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1531,19 +1149,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a definition set GUID. As an example, the definition set GUID to enable test security intelligence is defined as: “{b54b6ac9-a737-498e-9120-6616ad3bf590}”. The value is not used and it is recommended that this be set to 0.
+This policy setting defines more definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a definition set GUID. As an example, the definition set GUID to enable test security intelligence is defined as: “{b54b6ac9-a737-498e-9120-6616ad3bf590}”. The value isn't used and it's recommended that this value is set to 0.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify additional definition sets for network traffic inspection*
+-   GP Friendly name: *Specify additional definition sets for network traffic inspection*
 -   GP name: *Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1556,32 +1169,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Nis_DisableProtocolRecognition**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1596,23 +1191,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities.
+This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities.
 
-If you enable or do not configure this setting, protocol recognition will be enabled.
+If you enable or don't configure this setting, protocol recognition will be enabled.
 
 If you disable this setting, protocol recognition will be disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on protocol recognition*
+-   GP Friendly name: *Turn on protocol recognition*
 -   GP name: *Nis_DisableProtocolRecognition*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1625,32 +1215,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/ProxyBypass**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1665,23 +1237,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy, if defined, will prevent antimalware from using the configured proxy server when communicating with the specified IP addresses. The address value should be entered as a valid URL.
+This policy, if defined, will prevent antimalware from using the configured proxy server when communicating with the specified IP addresses. The address value should be entered as a valid URL.
 
 If you enable this setting, the proxy server will be bypassed for the specified addresses.
 
-If you disable or do not configure this setting, the proxy server will not be bypassed for the specified addresses.
+If you disable or don't configure this setting, the proxy server won't be bypassed for the specified addresses.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Define addresses to bypass proxy server*
+-   GP Friendly name: *Define addresses to bypass proxy server*
 -   GP name: *ProxyBypass*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1694,32 +1261,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/ProxyPacUrl**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1734,7 +1283,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines the URL of a proxy .pac file that should be used when the client attempts to connect the network for security intelligence updates and MAPS reporting. If the proxy auto-config fails or if there is no proxy auto-config specified, the client will fall back to the alternative options (in order):
+This policy setting defines the URL of a proxy .pac file that should be used when the client attempts to connect the network for security intelligence updates and MAPS reporting. If the proxy auto-config fails or if there's no proxy auto-config specified, the client will fall back to the alternative options (in order):
 
 1. Proxy server (if specified)
 2. Proxy .pac URL (if specified)
@@ -1744,19 +1293,14 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting de
 
 If you enable this setting, the proxy setting will be set to use the specified proxy .pac according to the order specified above.
 
-If you disable or do not configure this setting, the proxy will skip over this fallback step according to the order specified above.
+If you disable or don't configure this setting, the proxy will skip over this fallback step according to the order specified above.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Define proxy auto-config (.pac) for connecting to the network*
+-   GP Friendly name: *Define proxy auto-config (.pac) for connecting to the network*
 -   GP name: *ProxyPacUrl*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1769,32 +1313,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/ProxyServer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1809,7 +1335,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the named proxy that should be used when the client attempts to connect to the network for security intelligence updates and MAPS reporting. If the named proxy fails or if there is no proxy specified, the client will fall back to the alternative options (in order):
+This policy setting allows you to configure the named proxy that should be used when the client attempts to connect to the network for security intelligence updates and MAPS reporting. If the named proxy fails or if there's no proxy specified, the client will fall back to the alternative options (in order):
 
 1. Proxy server (if specified)
 2. Proxy .pac URL (if specified)
@@ -1819,19 +1345,14 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting al
 
 If you enable this setting, the proxy will be set to the specified URL according to the order specified above. The URL should be proceeded with either http:// or https://.
 
-If you disable or do not configure this setting, the proxy will skip over this fallback step according to the order specified above.
+If you disable or don't configure this setting, the proxy will skip over this fallback step according to the order specified above.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Define proxy server for connecting to the network*
+-   GP Friendly name: *Define proxy server for connecting to the network*
 -   GP name: *ProxyServer*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1844,32 +1365,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Quarantine_LocalSettingOverridePurgeItemsAfterDelay**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1884,23 +1387,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantine folder before being removed. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantine folder before being removed. This setting can only be set by Policy.
 
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
 
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or don't configure this setting, Policy will take priority over the local preference setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure local setting override for the removal of items from Quarantine folder*
+-   GP Friendly name: *Configure local setting override for the removal of items from Quarantine folder*
 -   GP name: *Quarantine_LocalSettingOverridePurgeItemsAfterDelay*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1913,32 +1411,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Quarantine_PurgeItemsAfterDelay**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1953,23 +1433,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines the number of days items should be kept in the Quarantine folder before being removed.
+This policy setting defines the number of days items should be kept in the Quarantine folder before being removed.
 
 If you enable this setting, items will be removed from the Quarantine folder after the number of days specified.
 
-If you disable or do not configure this setting, items will be kept in the quarantine folder indefinitely and will not be automatically removed.
+If you disable or don't configure this setting, items will be kept in the quarantine folder indefinitely and won't be automatically removed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure removal of items from Quarantine folder*
+-   GP Friendly name: *Configure removal of items from Quarantine folder*
 -   GP name: *Quarantine_PurgeItemsAfterDelay*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1982,32 +1457,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/RandomizeScheduleTaskTimes**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2022,23 +1479,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable or disable randomization of the scheduled scan start time and the scheduled security intelligence update start time. This setting is used to distribute the resource impact of scanning. For example, it could be used in guest virtual machines sharing a host, to prevent multiple guest virtual machines from undertaking a disk-intensive operation at the same time.
+This policy setting allows you to enable or disable randomization of the scheduled scan start time and the scheduled security intelligence update start time. This setting is used to distribute the resource impact of scanning. For example, it could be used in guest virtual machines sharing a host, to prevent multiple guest virtual machines from undertaking a disk-intensive operation at the same time.
 
-If you enable or do not configure this setting, scheduled tasks will begin at a random time within an interval of 30 minutes before and after the specified start time.
+If you enable or don't configure this setting, scheduled tasks will begin at a random time within an interval of 30 minutes before and after the specified start time.
 
 If you disable this setting, scheduled tasks will begin at the specified start time.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Randomize scheduled task times*
+-   GP Friendly name: *Randomize scheduled task times*
 -   GP name: *RandomizeScheduleTaskTimes*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2051,32 +1503,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableBehaviorMonitoring**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2091,23 +1525,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure behavior monitoring.
+This policy setting allows you to configure behavior monitoring.
 
-If you enable or do not configure this setting, behavior monitoring will be enabled.
+If you enable or don't configure this setting, behavior monitoring will be enabled.
 
 If you disable this setting, behavior monitoring will be disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on behavior monitoring*
+-   GP Friendly name: *Turn on behavior monitoring*
 -   GP name: *RealtimeProtection_DisableBehaviorMonitoring*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2120,32 +1549,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableIOAVProtection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2160,23 +1571,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scanning for all downloaded files and attachments.
+This policy setting allows you to configure scanning for all downloaded files and attachments.
 
-If you enable or do not configure this setting, scanning for all downloaded files and attachments will be enabled.
+If you enable or don't configure this setting, scanning for all downloaded files and attachments will be enabled.
 
 If you disable this setting, scanning for all downloaded files and attachments will be disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Scan all downloaded files and attachments*
+-   GP Friendly name: *Scan all downloaded files and attachments*
 -   GP name: *RealtimeProtection_DisableIOAVProtection*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2189,32 +1595,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableOnAccessProtection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2229,23 +1617,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure monitoring for file and program activity.
+This policy setting allows you to configure monitoring for file and program activity.
 
-If you enable or do not configure this setting, monitoring for file and program activity will be enabled.
+If you enable or don't configure this setting, monitoring for file and program activity will be enabled.
 
 If you disable this setting, monitoring for file and program activity will be disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Monitor file and program activity on your computer*
+-   GP Friendly name: *Monitor file and program activity on your computer*
 -   GP name: *RealtimeProtection_DisableOnAccessProtection*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2258,32 +1641,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableRawWriteNotification**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2298,23 +1663,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether raw volume write notifications are sent to behavior monitoring.
+This policy setting controls whether raw volume write notifications are sent to behavior monitoring.
 
-If you enable or do not configure this setting, raw write notifications will be enabled.
+If you enable or don't configure this setting, raw write notifications will be enabled.
 
 If you disable this setting, raw write notifications be disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on raw volume write notifications*
+-   GP Friendly name: *Turn on raw volume write notifications*
 -   GP name: *RealtimeProtection_DisableRawWriteNotification*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2327,32 +1687,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableScanOnRealtimeEnable**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2367,23 +1709,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure process scanning when real-time protection is turned on. This helps to catch malware which could start when real-time protection is turned off.
+This policy setting allows you to configure process scanning when real-time protection is turned on. This configuration helps to catch malware that could start when real-time protection is turned off.
 
-If you enable or do not configure this setting, a process scan will be initiated when real-time protection is turned on.
+If you enable or don't configure this setting, a process scan will be initiated when real-time protection is turned on.
 
-If you disable this setting, a process scan will not be initiated when real-time protection is turned on.
+If you disable this setting, a process scan won't be initiated when real-time protection is turned on.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on process scanning whenever real-time protection is enabled*
+-   GP Friendly name: *Turn on process scanning whenever real-time protection is enabled*
 -   GP name: *RealtimeProtection_DisableScanOnRealtimeEnable*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2396,32 +1733,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_IOAVMaxSize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2436,23 +1755,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines the maximum size (in kilobytes) of downloaded files and attachments that will be scanned.
+This policy setting defines the maximum size (in kilobytes) of downloaded files and attachments that will be scanned.
 
 If you enable this setting, downloaded files and attachments smaller than the size specified will be scanned.
 
-If you disable or do not configure this setting, a default size will be applied.
+If you disable or don't configure this setting, a default size will be applied.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Define the maximum size of downloaded files and attachments to be scanned*
+-   GP Friendly name: *Define the maximum size of downloaded files and attachments to be scanned*
 -   GP name: *RealtimeProtection_IOAVMaxSize*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2465,32 +1779,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2505,23 +1801,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of behavior monitoring. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of behavior monitoring. This setting can only be set by Policy.
 
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
 
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or don't configure this setting, Policy will take priority over the local preference setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure local setting override for turn on behavior monitoring*
+-   GP Friendly name: *Configure local setting override for turn on behavior monitoring*
 -   GP name: *RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2534,32 +1825,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2574,23 +1847,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be set by Policy.
 
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
 
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or don't configure this setting, Policy will take priority over the local preference setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure local setting override for scanning all downloaded files and attachments*
+-   GP Friendly name: *Configure local setting override for scanning all downloaded files and attachments*
 -   GP name: *RealtimeProtection_LocalSettingOverrideDisableIOAVProtection*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2603,32 +1871,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2643,23 +1893,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of monitoring for file and program activity on your computer. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of monitoring for file and program activity on your computer. This setting can only be set by Policy.
 
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
 
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or don't configure this setting, Policy will take priority over the local preference setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure local setting override for monitoring file and program activity on your computer*
+-   GP Friendly name: *Configure local setting override for monitoring file and program activity on your computer*
 -   GP name: *RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2672,32 +1917,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2712,23 +1939,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration to turn on real-time protection. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration to turn on real-time protection. This setting can only be set by Policy.
 
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
 
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or don't configure this setting, Policy will take priority over the local preference setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure local setting override to turn on real-time protection*
+-   GP Friendly name: *Configure local setting override to turn on real-time protection*
 -   GP name: *RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2741,32 +1963,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2781,23 +1985,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be set by Policy.
 
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
 
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or don't configure this setting, Policy will take priority over the local preference setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure local setting override for monitoring for incoming and outgoing file activity*
+-   GP Friendly name: *Configure local setting override for monitoring for incoming and outgoing file activity*
 -   GP name: *RealtimeProtection_LocalSettingOverrideRealtimeScanDirection*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2810,32 +2009,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Remediation_LocalSettingOverrideScan_ScheduleTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2850,23 +2031,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of the time to run a scheduled full scan to complete remediation. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of the time to run a scheduled full scan to complete remediation. This setting can only be set by Policy.
 
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
 
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or don't configure this setting, Policy will take priority over the local preference setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure local setting override for the time of day to run a scheduled full scan to complete remediation*
+-   GP Friendly name: *Configure local setting override for the time of day to run a scheduled full scan to complete remediation*
 -   GP name: *Remediation_LocalSettingOverrideScan_ScheduleTime*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Remediation*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2879,32 +2055,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleDay**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2919,7 +2077,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the day of the week on which to perform a scheduled full scan in order to complete remediation. The scan can also be configured to run every day or to never run at all.
+This policy setting allows you to specify the day of the week on which to perform a scheduled full scan in order to complete remediation. The scan can also be configured to run every day or to never run at all.
 
 This setting can be configured with the following ordinal number values:
 
@@ -2935,19 +2093,14 @@ This setting can be configured with the following ordinal number values:
 
 If you enable this setting, a scheduled full scan to complete remediation will run at the frequency specified.
 
-If you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default frequency.
+If you disable or don't configure this setting, a scheduled full scan to complete remediation will run at a default frequency.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify the day of the week to run a scheduled full scan to complete remediation*
+-   GP Friendly name: *Specify the day of the week to run a scheduled full scan to complete remediation*
 -   GP name: *Remediation_Scan_ScheduleDay*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Remediation*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2960,32 +2113,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3000,23 +2135,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the time of day at which to perform a scheduled full scan in order to complete remediation. The time value is represented as the number of minutes past midnight (00:00).  For example, 120 (0x78) is equivalent to 02:00 AM.  The schedule is based on local time on the computer where the scan is executing.
+This policy setting allows you to specify the time of day at which to perform a scheduled full scan in order to complete remediation. The time value is represented as the number of minutes past midnight (00:00).  For example, 120 (0x78) is equivalent to 02:00 AM.  The schedule is based on local time on the computer where the scan is executing.
 
 If you enable this setting, a scheduled full scan to complete remediation will run at the time of day specified.
 
-If you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default time.
+If you disable or don't configure this setting, a scheduled full scan to complete remediation will run at a default time.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify the time of day to run a scheduled full scan to complete remediation*
+-   GP Friendly name: *Specify the time of day to run a scheduled full scan to complete remediation*
 -   GP name: *Remediation_Scan_ScheduleTime*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Remediation*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3029,32 +2159,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Reporting_AdditionalActionTimeout**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3069,19 +2181,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the time in minutes before a detection in the "additional action" state moves to the "cleared" state.
+This policy setting configures the time in minutes before a detection in the "additional action" state moves to the "cleared" state.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure time out for detections requiring additional action*
+-   GP Friendly name: *Configure time out for detections requiring additional action*
 -   GP name: *Reporting_AdditionalActionTimeout*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3094,32 +2201,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Reporting_CriticalFailureTimeout**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3134,19 +2223,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the time in minutes before a detection in the “critically failed” state to moves to either the “additional action” state or the “cleared” state.
+This policy setting configures the time in minutes before a detection in the “critically failed” state to moves to either the “additional action” state or the “cleared” state.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure time out for detections in critically failed state*
+-   GP Friendly name: *Configure time out for detections in critically failed state*
 -   GP name: *Reporting_CriticalFailureTimeout*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3159,32 +2243,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Reporting_DisableEnhancedNotifications**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3199,23 +2265,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Use this policy setting to specify if you want Microsoft Defender Antivirus enhanced notifications to display on clients.
+Use this policy setting to specify if you want Microsoft Defender Antivirus enhanced notifications to display on clients.
 
-If you disable or do not configure this setting, Microsoft Defender Antivirus enhanced notifications will display on clients.
+If you disable or don't configure this setting, Microsoft Defender Antivirus enhanced notifications will display on clients.
 
-If you enable this setting, Microsoft Defender Antivirus enhanced notifications will not display on clients.
+If you enable this setting, Microsoft Defender Antivirus enhanced notifications won't display on clients.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off enhanced notifications*
+-   GP Friendly name: *Turn off enhanced notifications*
 -   GP name: *Reporting_DisableEnhancedNotifications*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3227,32 +2288,14 @@ ADMX Info:
 
                  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3267,23 +2310,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether or not Watson events are sent.
+This policy setting allows you to configure whether or not Watson events are sent.
 
-If you enable or do not configure this setting, Watson events will be sent.
+If you enable or don't configure this setting, Watson events will be sent.
 
-If you disable this setting, Watson events will not be sent.
+If you disable this setting, Watson events won't be sent.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Watson events*
+-   GP Friendly name: *Configure Watson events*
 -   GP name: *Reporting_Disablegenericreports*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3296,32 +2334,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Reporting_NonCriticalTimeout**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3336,19 +2356,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the time in minutes before a detection in the "non-critically failed" state moves to the "cleared" state.
+This policy setting configures the time in minutes before a detection in the "non-critically failed" state moves to the "cleared" state.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure time out for detections in non-critical failed state*
+-   GP Friendly name: *Configure time out for detections in non-critical failed state*
 -   GP name: *Reporting_NonCriticalTimeout*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3359,32 +2374,14 @@ ADMX Info:
 
                  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3399,19 +2396,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the time in minutes before a detection in the "completed" state moves to the "cleared" state.
+This policy setting configures the time in minutes before a detection in the "completed" state moves to the "cleared" state.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure time out for detections in recently remediated state*
+-   GP Friendly name: *Configure time out for detections in recently remediated state*
 -   GP name: *Reporting_RecentlyCleanedTimeout*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3424,32 +2416,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingComponents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3464,19 +2438,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy configures Windows software trace preprocessor (WPP Software Tracing) components.
+This policy configures Windows software trace preprocessor (WPP Software Tracing) components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Windows software trace preprocessor components*
+-   GP Friendly name: *Configure Windows software trace preprocessor components*
 -   GP name: *Reporting_WppTracingComponents*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3489,32 +2458,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingLevel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3529,7 +2480,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing). 
+This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing). 
 
 Tracing levels are defined as:
 
@@ -3539,16 +2490,11 @@ Tracing levels are defined as:
 - 4 - Debug
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure WPP tracing level*
+-   GP Friendly name: *Configure WPP tracing level*
 -   GP name: *Reporting_WppTracingLevel*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3561,32 +2507,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_AllowPause**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3601,23 +2529,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether or not end users can pause a scan in progress.
+This policy setting allows you to manage whether or not end users can pause a scan in progress.
 
-If you enable or do not configure this setting, a new context menu will be added to the task tray icon to allow the user to pause a scan.
+If you enable or don't configure this setting, a new context menu will be added to the task tray icon to allow the user to pause a scan.
 
-If you disable this setting, users will not be able to pause scans.
+If you disable this setting, users won't be able to pause scans.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow users to pause scan*
+-   GP Friendly name: *Allow users to pause scan*
 -   GP name: *Scan_AllowPause*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3630,32 +2553,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxDepth**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3670,23 +2575,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the maximum directory depth level into which archive files such as .ZIP or .CAB are unpacked during scanning. The default directory depth level is 0.
+This policy setting allows you to configure the maximum directory depth level into which archive files such as .ZIP or .CAB are unpacked during scanning. The default directory depth level is 0.
 
 If you enable this setting, archive files will be scanned to the directory depth level specified.
 
-If you disable or do not configure this setting, archive files will be scanned to the default directory depth level.
+If you disable or don't configure this setting, archive files will be scanned to the default directory depth level.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify the maximum depth to scan archive files*
+-   GP Friendly name: *Specify the maximum depth to scan archive files*
 -   GP name: *Scan_ArchiveMaxDepth*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3699,32 +2599,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxSize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3739,23 +2621,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the maximum size of archive files such as .ZIP or .CAB that will be scanned. The value represents file size in kilobytes (KB). The default value is 0 and represents no limit to archive size for scanning.
+This policy setting allows you to configure the maximum size of archive files such as .ZIP or .CAB that will be scanned. The value represents file size in kilobytes (KB). The default value is 0 and represents no limit to archive size for scanning.
 
 If you enable this setting, archive files less than or equal to the size specified will be scanned.
 
-If you disable or do not configure this setting, archive files will be scanned according to the default value.
+If you disable or don't configure this setting, archive files will be scanned according to the default value.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify the maximum size of archive files to be scanned*
+-   GP Friendly name: *Specify the maximum size of archive files to be scanned*
 -   GP name: *Scan_ArchiveMaxSize*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3769,32 +2646,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_DisableArchiveScanning**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3809,23 +2668,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as .ZIP or .CAB files.
+This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as .ZIP or .CAB files.
 
-If you enable or do not configure this setting, archive files will be scanned.
+If you enable or don't configure this setting, archive files will be scanned.
 
-If you disable this setting, archive files will not be scanned.
+If you disable this setting, archive files won't be scanned.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Scan archive files*
+-   GP Friendly name: *Scan archive files*
 -   GP name: *Scan_DisableArchiveScanning*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3838,32 +2692,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_DisableEmailScanning**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3878,23 +2714,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (Outlook), dbx, mbx, mime (Outlook Express), binhex (Mac).
+This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (Outlook), dbx, mbx, mime (Outlook Express), binhex (Mac).
 
 If you enable this setting, e-mail scanning will be enabled.
 
-If you disable or do not configure this setting, e-mail scanning will be disabled.
+If you disable or don't configure this setting, e-mail scanning will be disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on e-mail scanning*
+-   GP Friendly name: *Turn on e-mail scanning*
 -   GP name: *Scan_DisableEmailScanning*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3907,32 +2738,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_DisableHeuristics**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3947,23 +2760,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the engine client. Turning off heuristics will reduce the capability to flag new threats. It is recommended that you do not turn off heuristics.
+This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the engine client. Turning off heuristics will reduce the capability to flag new threats. It's recommended that you don't turn off heuristics.
 
-If you enable or do not configure this setting, heuristics will be enabled.
+If you enable or don't configure this setting, heuristics will be enabled.
 
 If you disable this setting, heuristics will be disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on heuristics*
+-   GP Friendly name: *Turn on heuristics*
 -   GP name: *Scan_DisableHeuristics*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3976,32 +2784,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_DisablePackedExeScanning**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4016,23 +2806,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scanning for packed executables. It is recommended that this type of scanning remain enabled.
+This policy setting allows you to configure scanning for packed executables. It's recommended that this type of scanning remains enabled.
 
-If you enable or do not configure this setting, packed executables will be scanned.
+If you enable or don't configure this setting, packed executables will be scanned.
 
-If you disable this setting, packed executables will not be scanned.
+If you disable this setting, packed executables won't be scanned.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Scan packed executables*
+-   GP Friendly name: *Scan packed executables*
 -   GP name: *Scan_DisablePackedExeScanning*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4045,32 +2830,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_DisableRemovableDriveScanning**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4085,23 +2852,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.
+This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.
 
 If you enable this setting, removable drives will be scanned during any type of scan.
 
-If you disable or do not configure this setting, removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan.
+If you disable or don't configure this setting, removable drives won't be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Scan removable drives*
+-   GP Friendly name: *Scan removable drives*
 -   GP name: *Scan_DisableRemovableDriveScanning*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4114,32 +2876,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_DisableReparsePointScanning**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4154,23 +2898,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there is a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by default and this is the recommended state for this functionality. 
+This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there's a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by default and this setting is the recommended state for this functionality. 
 
 If you enable this setting, reparse point scanning will be enabled.
 
-If you disable or do not configure this setting, reparse point scanning will be disabled.
+If you disable or don't configure this setting, reparse point scanning will be disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on reparse point scanning*
+-   GP Friendly name: *Turn on reparse point scanning*
 -   GP name: *Scan_DisableReparsePointScanning*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4183,32 +2922,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_DisableRestorePoint**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4223,23 +2944,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning. 
+This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning. 
 
 If you enable this setting, a system restore point will be created.
 
-If you disable or do not configure this setting, a system restore point will not be created.
+If you disable or don't configure this setting, a system restore point won't be created.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Create a system restore point*
+-   GP Friendly name: *Create a system restore point*
 -   GP name: *Scan_DisableRestorePoint*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4251,32 +2967,14 @@ ADMX Info:
 
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4291,23 +2989,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scanning mapped network drives.
+This policy setting allows you to configure scanning mapped network drives.
 
 If you enable this setting, mapped network drives will be scanned.
 
-If you disable or do not configure this setting, mapped network drives will not be scanned.
+If you disable or don't configure this setting, mapped network drives won't be scanned.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Run full scan on mapped network drives*
+-   GP Friendly name: *Run full scan on mapped network drives*
 -   GP name: *Scan_DisableScanningMappedNetworkDrivesForFullScan*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4320,32 +3013,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningNetworkFiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4360,23 +3035,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scanning for network files. It is recommended that you do not enable this setting.
+This policy setting allows you to configure scanning for network files. It's recommended that you don't enable this setting.
 
 If you enable this setting, network files will be scanned.
 
-If you disable or do not configure this setting, network files will not be scanned.
+If you disable or don't configure this setting, network files won't be scanned.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Scan network files*
+-   GP Friendly name: *Scan network files*
 -   GP name: *Scan_DisableScanningNetworkFiles*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4389,32 +3059,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideAvgCPULoadFactor**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4429,23 +3081,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of maximum percentage of CPU utilization during scan. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of maximum percentage of CPU utilization during scan. This setting can only be set by Policy.
 
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
 
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or don't configure this setting, Policy will take priority over the local preference setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure local setting override for maximum percentage of CPU utilization*
+-   GP Friendly name: *Configure local setting override for maximum percentage of CPU utilization*
 -   GP name: *Scan_LocalSettingOverrideAvgCPULoadFactor*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4458,32 +3105,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScanParameters**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4498,23 +3127,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of the scan type to use during a scheduled scan. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of the scan type to use during a scheduled scan. This setting can only be set by Policy.
 
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
 
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or don't configure this setting, Policy will take priority over the local preference setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure local setting override for the scan type to use for a scheduled scan*
+-   GP Friendly name: *Configure local setting override for the scan type to use for a scheduled scan*
 -   GP name: *Scan_LocalSettingOverrideScanParameters*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4527,32 +3151,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleDay**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4567,23 +3173,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of scheduled scan day. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of scheduled scan day. This setting can only be set by Policy.
 
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
 
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or don't configure this setting, Policy will take priority over the local preference setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure local setting override for schedule scan day*
+-   GP Friendly name: *Configure local setting override for schedule scan day*
 -   GP name: *Scan_LocalSettingOverrideScheduleDay*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4596,32 +3197,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleQuickScantime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4636,23 +3219,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of scheduled quick scan time. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of scheduled quick scan time. This setting can only be set by Policy.
 
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
 
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or don't configure this setting, Policy will take priority over the local preference setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure local setting override for scheduled quick scan time*
+-   GP Friendly name: *Configure local setting override for scheduled quick scan time*
 -   GP name: *Scan_LocalSettingOverrideScheduleQuickScantime*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4665,32 +3243,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4705,23 +3265,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of scheduled scan time. This setting can only be set by Group Policy.
+This policy setting configures a local override for the configuration of scheduled scan time. This setting can only be set by Policy.
 
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
 
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or don't configure this setting, Policy will take priority over the local preference setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure local setting override for scheduled scan time*
+-   GP Friendly name: *Configure local setting override for scheduled scan time*
 -   GP name: *Scan_LocalSettingOverrideScheduleTime*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4734,32 +3289,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_LowCpuPriority**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4774,23 +3311,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable or disable low CPU priority for scheduled scans.
+This policy setting allows you to enable or disable low CPU priority for scheduled scans.
 
 If you enable this setting, low CPU priority will be used during scheduled scans.
 
-If you disable or do not configure this setting, not changes will be made to CPU priority for scheduled scans. 
+If you disable or don't configure this setting, not changes will be made to CPU priority for scheduled scans. 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure low CPU priority for scheduled scans*
+-   GP Friendly name: *Configure low CPU priority for scheduled scans*
 -   GP name: *Scan_LowCpuPriority*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4803,32 +3335,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_MissedScheduledScanCountBeforeCatchup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4843,23 +3357,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the number of consecutive scheduled scans that can be missed after which a catch-up scan will be forced. By default, the value of this setting is 2 consecutive scheduled scans.
+This policy setting allows you to define the number of consecutive scheduled scans that can be missed after which a catch-up scan will be forced. By default, the value of this setting is 2 consecutive scheduled scans.
 
 If you enable this setting, a catch-up scan will occur after the specified number consecutive missed scheduled scans.
 
-If you disable or do not configure this setting, a catch-up scan will occur after the 2 consecutive missed scheduled scans.
+If you disable or don't configure this setting, a catch-up scan will occur after the 2 consecutive missed scheduled scans.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Define the number of days after which a catch-up scan is forced*
+-   GP Friendly name: *Define the number of days after which a catch-up scan is forced*
 -   GP name: *Scan_MissedScheduledScanCountBeforeCatchup*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4872,32 +3381,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_PurgeItemsAfterDelay**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4912,23 +3403,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines the number of days items should be kept in the scan history folder before being permanently removed. The value represents the number of days to keep items in the folder. If set to zero, items will be kept forever and will not be automatically removed. By default, the value is set to 30 days.
+This policy setting defines the number of days items should be kept in the scan history folder before being permanently removed. The value represents the number of days to keep items in the folder. If set to zero, items will be kept forever and won't be automatically removed. By default, the value is set to 30 days.
 
 If you enable this setting, items will be removed from the scan history folder after the number of days specified.
 
-If you disable or do not configure this setting, items will be kept in the scan history folder for the default number of days.
+If you disable or don't configure this setting, items will be kept in the scan history folder for the default number of days.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on removal of items from scan history folder*
+-   GP Friendly name: *Turn on removal of items from scan history folder*
 -   GP name: *Scan_PurgeItemsAfterDelay*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4941,32 +3427,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_QuickScanInterval**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4981,23 +3449,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans. Valid values range from 1 (every hour) to 24 (once per day). If set to zero, interval quick scans will not occur. By default, this setting is set to 0.
+This policy setting allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans. Valid values range from 1 (every hour) to 24 (once per day). If set to zero, interval quick scans won't occur. By default, this setting is set to 0.
 
 If you enable this setting, a quick scan will run at the interval specified.
 
-If you disable or do not configure this setting, a quick scan will run at a default time.
+If you disable or don't configure this setting, a quick scan will run at a default time.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify the interval to run quick scans per day*
+-   GP Friendly name: *Specify the interval to run quick scans per day*
 -   GP name: *Scan_QuickScanInterval*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -5010,32 +3473,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_ScanOnlyIfIdle**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5050,23 +3495,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scheduled scans to start only when your computer is on but not in use.
+This policy setting allows you to configure scheduled scans to start only when your computer is on but not in use.
 
-If you enable or do not configure this setting, scheduled scans will only run when the computer is on but not in use.
+If you enable or don't configure this setting, scheduled scans will only run when the computer is on but not in use.
 
 If you disable this setting, scheduled scans will run at the scheduled time.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Start the scheduled scan only when computer is on but not in use*
+-   GP Friendly name: *Start the scheduled scan only when computer is on but not in use*
 -   GP name: *Scan_ScanOnlyIfIdle*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -5079,32 +3519,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleDay**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5119,7 +3541,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the day of the week on which to perform a scheduled scan. The scan can also be configured to run every day or to never run at all.
+This policy setting allows you to specify the day of the week on which to perform a scheduled scan. The scan can also be configured to run every day or to never run at all.
 
 This setting can be configured with the following ordinal number values:
 
@@ -5135,19 +3557,14 @@ This setting can be configured with the following ordinal number values:
 
 If you enable this setting, a scheduled scan will run at the frequency specified.
 
-If you disable or do not configure this setting, a scheduled scan will run at a default frequency.
+If you disable or don't configure this setting, a scheduled scan will run at a default frequency.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify the day of the week to run a scheduled scan*
+-   GP Friendly name: *Specify the day of the week to run a scheduled scan*
 -   GP name: *Scan_ScheduleDay*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -5160,32 +3577,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5200,23 +3599,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the time of day at which to perform a scheduled scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default, this setting is set to a time value of 2:00 AM. The schedule is based on local time on the computer where the scan is executing.
+This policy setting allows you to specify the time of day at which to perform a scheduled scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default, this setting is set to a time value of 2:00 AM. The schedule is based on local time on the computer where the scan is executing.
 
 If you enable this setting, a scheduled scan will run at the time of day specified.
 
-If you disable or do not configure this setting, a scheduled scan will run at a default time.
+If you disable or don't configure this setting, a scheduled scan will run at a default time.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify the time of day to run a scheduled scan*
+-   GP Friendly name: *Specify the time of day to run a scheduled scan*
 -   GP name: *Scan_ScheduleTime*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -5229,32 +3623,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/ServiceKeepAlive**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5269,23 +3645,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware security intelligence is disabled. It is recommended that this setting remain disabled.
+This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware security intelligence is disabled. It's recommended that this setting remains disabled.
 
-If you enable this setting, the antimalware service will always remain running even if both antivirus and antispyware security intelligence is disabled.
+If you enable this setting, the antimalware service will always remain running even if both antivirus and antispyware security intelligence are disabled.
 
-If you disable or do not configure this setting, the antimalware service will be stopped when both antivirus and antispyware security intelligence is disabled. If the computer is restarted, the service will be started if it is set to Automatic startup. After the service has started, there will be a check to see if antivirus and antispyware security intelligence is enabled. If at least one is enabled, the service will remain running. If both are disabled, the service will be stopped.
+If you disable or don't configure this setting, the antimalware service will be stopped when both antivirus and antispyware security intelligence is disabled. If the computer is restarted, the service will be started if it's set to Automatic startup. After the service has started, there will be a check to see if antivirus and antispyware security intelligence is enabled. If at least one is enabled, the service will remain running. If both are disabled, the service will be stopped.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow antimalware service to remain running always*
+-   GP Friendly name: *Allow antimalware service to remain running always*
 -   GP name: *ServiceKeepAlive*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -5298,32 +3669,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ASSignatureDue**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5338,23 +3691,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 14 days.
+This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several other actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 14 days.
+
+We don't recommend setting the value to less than 2 days to prevent machines from going out of date.
 
 If you enable this setting, spyware security intelligence will be considered out of date after the number of days specified have passed without an update.
 
-If you disable or do not configure this setting, spyware security intelligence will be considered out of date after the default number of days have passed without an update.
+If you disable or don't configure this setting, spyware security intelligence will be considered out of date after the default number of days have passed without an update.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Define the number of days before spyware security intelligence is considered out of date*
+-   GP Friendly name: *Define the number of days before spyware security intelligence is considered out of date*
 -   GP name: *SignatureUpdate_ASSignatureDue*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -5367,32 +3717,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_AVSignatureDue**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5407,23 +3739,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the number of days that must pass before virus security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 14 days.
+This policy setting allows you to define the number of days that must pass before virus security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several other actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 14 days.
 
 If you enable this setting, virus security intelligence will be considered out of date after the number of days specified have passed without an update.
 
-If you disable or do not configure this setting, virus security intelligence will be considered out of date after the default number of days have passed without an update.
+If you disable or don't configure this setting, virus security intelligence will be considered out of date after the default number of days have passed without an update.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Define the number of days before virus security intelligence is considered out of date*
+-   GP Friendly name: *Define the number of days before virus security intelligence is considered out of date*
 -   GP name: *SignatureUpdate_AVSignatureDue*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -5436,32 +3763,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DefinitionUpdateFileSharesSources**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5476,23 +3785,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure UNC file share sources for downloading security intelligence updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources. For example: "{\\\unc1 | \\\unc2 }". The list is empty by default.
+This policy setting allows you to configure UNC file share sources for downloading security intelligence updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources. For example: "{\\\unc1 | \\\unc2 }". The list is empty by default.
 
-If you enable this setting, the specified sources will be contacted for security intelligence updates. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted.
+If you enable this setting, the specified sources will be contacted for security intelligence updates. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list won't be contacted.
 
-If you disable or do not configure this setting, the list will remain empty by default and no sources will be contacted.
+If you disable or don't configure this setting, the list will remain empty by default and no sources will be contacted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Define file shares for downloading security intelligence updates*
+-   GP Friendly name: *Define file shares for downloading security intelligence updates*
 -   GP name: *SignatureUpdate_DefinitionUpdateFileSharesSources*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -5505,32 +3809,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScanOnUpdate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5545,23 +3831,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the automatic scan which starts after a security intelligence update has occurred.
+This policy setting allows you to configure the automatic scan that starts after a security intelligence update has occurred.
 
-If you enable or do not configure this setting, a scan will start following a security intelligence update.
+If you enable or don't configure this setting, a scan will start following a security intelligence update.
 
-If you disable this setting, a scan will not start following a security intelligence update.
+If you disable this setting, a scan won't start following a security intelligence update.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on scan after security intelligence update*
+-   GP Friendly name: *Turn on scan after security intelligence update*
 -   GP name: *SignatureUpdate_DisableScanOnUpdate*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -5574,32 +3855,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScheduledSignatureUpdateonBattery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5614,23 +3877,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure security intelligence updates when the computer is running on battery power.
+This policy setting allows you to configure security intelligence updates when the computer is running on battery power.
 
-If you enable or do not configure this setting, security intelligence updates will occur as usual regardless of power state.
+If you enable or don't configure this setting, security intelligence updates will occur as usual regardless of power state.
 
 If you disable this setting, security intelligence updates will be turned off while the computer is running on battery power.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow security intelligence updates when running on battery power*
+-   GP Friendly name: *Allow security intelligence updates when running on battery power*
 -   GP name: *SignatureUpdate_DisableScheduledSignatureUpdateonBattery*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -5643,32 +3901,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableUpdateOnStartupWithoutEngine**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5683,23 +3923,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure security intelligence updates on startup when there is no antimalware engine present.
+This policy setting allows you to configure security intelligence updates on startup when there's no antimalware engine present.
 
-If you enable or do not configure this setting, security intelligence updates will be initiated on startup when there is no antimalware engine present.
+If you enable or don't configure this setting, security intelligence updates will be initiated on startup when there's no antimalware engine present.
 
-If you disable this setting, security intelligence updates will not be initiated on startup when there is no antimalware engine present.
+If you disable this setting, security intelligence updates won't be initiated on startup when there's no antimalware engine present.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Initiate security intelligence update on startup*
+-   GP Friendly name: *Initiate security intelligence update on startup*
 -   GP name: *SignatureUpdate_DisableUpdateOnStartupWithoutEngine*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -5712,32 +3947,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_FallbackOrder**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5752,25 +3969,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the order in which different security intelligence update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources in order. Possible values are: “InternalDefinitionUpdateServer”, “MicrosoftUpdateServer”, “MMPC”, and “FileShares”.
+This policy setting allows you to define the order in which different security intelligence update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources in order. Possible values are: “InternalDefinitionUpdateServer”, “MicrosoftUpdateServer”, “MMPC”, and “FileShares”.
 
 For example: { InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }
 
-If you enable this setting, security intelligence update sources will be contacted in the order specified. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted.
+If you enable this setting, security intelligence update sources will be contacted in the order specified. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list won't be contacted.
 
-If you disable or do not configure this setting, security intelligence update sources will be contacted in a default order.
+If you disable or don't configure this setting, security intelligence update sources will be contacted in a default order.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Define the order of sources for downloading security intelligence updates*
+-   GP Friendly name: *Define the order of sources for downloading security intelligence updates*
 -   GP name: *SignatureUpdate_FallbackOrder*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -5783,32 +3995,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ForceUpdateFromMU**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5823,23 +4017,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable download of security intelligence updates from Microsoft Update even if the Automatic Updates default server is configured to another download source such as Windows Update.
+This policy setting allows you to enable download of security intelligence updates from Microsoft Update even if the Automatic Updates default server is configured to another download source such as Windows Update.
 
 If you enable this setting, security intelligence updates will be downloaded from Microsoft Update.
 
-If you disable or do not configure this setting, security intelligence updates will be downloaded from the configured download source.
+If you disable or don't configure this setting, security intelligence updates will be downloaded from the configured download source.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow security intelligence updates from Microsoft Update*
+-   GP Friendly name: *Allow security intelligence updates from Microsoft Update*
 -   GP name: *SignatureUpdate_ForceUpdateFromMU*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -5852,32 +4041,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_RealtimeSignatureDelivery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5892,23 +4063,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable real-time security intelligence updates in response to reports sent to Microsoft MAPS. If the service reports a file as an unknown and Microsoft MAPS finds that the latest security intelligence update has security intelligence for a threat involving that file, the service will receive all of the latest security intelligence for that threat immediately. You must have configured your computer to join Microsoft MAPS for this functionality to work.
+This policy setting allows you to enable real-time security intelligence updates in response to reports sent to Microsoft MAPS. If the service reports a file as an unknown and Microsoft MAPS finds that the latest security intelligence update has security intelligence for a threat involving that file, the service will receive all of the latest security intelligence for that threat immediately. You must have configured your computer to join Microsoft MAPS for this functionality to work.
 
-If you enable or do not configure this setting, real-time security intelligence updates will be enabled.
+If you enable or don't configure this setting, real-time security intelligence updates will be enabled.
 
-If you disable this setting, real-time security intelligence updates will disabled.
+If you disable this setting, real-time security intelligence updates will be disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow real-time security intelligence updates based on reports to Microsoft MAPS*
+-   GP Friendly name: *Allow real-time security intelligence updates based on reports to Microsoft MAPS*
 -   GP name: *SignatureUpdate_RealtimeSignatureDelivery*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -5921,32 +4087,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleDay**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5961,7 +4109,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the day of the week on which to check for security intelligence updates. The check can also be configured to run every day or to never run at all.
+This policy setting allows you to specify the day of the week on which to check for security intelligence updates. The check can also be configured to run every day or to never run at all.
 
 This setting can be configured with the following ordinal number values:
 
@@ -5977,19 +4125,14 @@ This setting can be configured with the following ordinal number values:
 
 If you enable this setting, the check for security intelligence updates will occur at the frequency specified.
 
-If you disable or do not configure this setting, the check for security intelligence updates will occur at a default frequency.
+If you disable or don't configure this setting, the check for security intelligence updates will occur at a default frequency.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify the day of the week to check for security intelligence updates*
+-   GP Friendly name: *Specify the day of the week to check for security intelligence updates*
 -   GP name: *SignatureUpdate_ScheduleDay*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -6002,32 +4145,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6042,23 +4167,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the time of day at which to check for security intelligence updates. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default this setting is configured to check for security intelligence updates 15 minutes before the scheduled scan time. The schedule is based on local time on the computer where the check is occurring.
+This policy setting allows you to specify the time of day at which to check for security intelligence updates. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default this setting is configured to check for security intelligence updates 15 minutes before the scheduled scan time. The schedule is based on local time on the computer where the check is occurring.
 
 If you enable this setting, the check for security intelligence updates will occur at the time of day specified.
 
-If you disable or do not configure this setting,  the check for security intelligence updates will occur at the default time.
+If you disable or don't configure this setting,  the check for security intelligence updates will occur at the default time.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify the time to check for security intelligence updates*
+-   GP Friendly name: *Specify the time to check for security intelligence updates*
 -   GP name: *SignatureUpdate_ScheduleTime*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -6071,32 +4191,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SharedSignaturesLocation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6111,21 +4213,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the security intelligence location for VDI-configured computers. 
+This policy setting allows you to define the security intelligence location for VDI-configured computers. 
 
-If you disable or do not configure this setting, security intelligence will be referred from the default local source.
+If you disable or don't configure this setting, security intelligence will be referred from the default local source.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Define security intelligence location for VDI clients.*
+-   GP Friendly name: *Define security intelligence location for VDI clients.*
 -   GP name: *SignatureUpdate_SharedSignaturesLocation*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -6138,32 +4235,14 @@ ADMX Info:
 
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6178,23 +4257,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the antimalware service to receive notifications to disable individual security intelligence in response to reports it sends to Microsoft MAPS. Microsoft MAPS uses these notifications to disable security intelligence that are causing false positive reports. You must have configured your computer to join Microsoft MAPS for this functionality to work.
+This policy setting allows you to configure the antimalware service to receive notifications to disable individual security intelligence in response to reports it sends to Microsoft MAPS. Microsoft MAPS uses these notifications to disable security intelligence that are causing false positive reports. You must have configured your computer to join Microsoft MAPS for this functionality to work.
 
-If you enable this setting or do not configure, the antimalware service will receive notifications to disable security intelligence.
+If you enable this setting or don't configure, the antimalware service will receive notifications to disable security intelligence.
 
-If you disable this setting, the antimalware service will not receive notifications to disable security intelligence.
+If you disable this setting, the antimalware service won't receive notifications to disable security intelligence.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow notifications to disable security intelligence based reports to Microsoft MAPS*
+-   GP Friendly name: *Allow notifications to disable security intelligence based reports to Microsoft MAPS*
 -   GP name: *SignatureUpdate_SignatureDisableNotification*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -6207,32 +4281,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureUpdateCatchupInterval**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6247,23 +4303,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the number of days after which a catch-up security intelligence update will be required. By default, the value of this setting is 1 day.
+This policy setting allows you to define the number of days after which a catch-up security intelligence update will be required. By default, the value of this setting is 1 day.
 
 If you enable this setting, a catch-up security intelligence update will occur after the specified number of days.
 
-If you disable or do not configure this setting, a catch-up security intelligence update will be required after the default number of days.
+If you disable or don't configure this setting, a catch-up security intelligence update will be required after the default number of days.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Define the number of days after which a catch-up security intelligence update is required*
+-   GP Friendly name: *Define the number of days after which a catch-up security intelligence update is required*
 -   GP name: *SignatureUpdate_SignatureUpdateCatchupInterval*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -6276,32 +4327,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_UpdateOnStartup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6316,23 +4349,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a check for new virus and spyware security intelligence will occur immediately after service startup.
+This policy setting allows you to manage whether a check for new virus and spyware security intelligence will occur immediately after service startup.
 
 If you enable this setting, a check for new security intelligence will occur after service startup.
 
-If you disable this setting or do not configure this setting, a check for new security intelligence will not occur after service startup.
+If you disable this setting or don't configure this setting, a check for new security intelligence won't occur after service startup.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Check for the latest virus and spyware security intelligence on startup*
+-   GP Friendly name: *Check for the latest virus and spyware security intelligence on startup*
 -   GP name: *SignatureUpdate_UpdateOnStartup*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -6345,32 +4373,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/SpynetReporting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6385,9 +4395,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections.
+This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections.
 
-You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new security intelligence and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or contact you.
+You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new security intelligence and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft won't use this information to identify you or contact you.
 
 Possible options are:
 
@@ -6399,23 +4409,18 @@ Basic membership will send basic information to Microsoft about software that ha
 
 Advanced membership, in addition to basic information, will send more information to Microsoft about malicious software, spyware, and potentially unwanted software, including the location of the software, file names, how the software operates, and how it has impacted your computer.
 
-If you enable this setting, you will join Microsoft MAPS with the membership specified.
+If you enable this setting, you'll join Microsoft MAPS with the membership specified.
 
-If you disable or do not configure this setting, you will not join Microsoft MAPS.
+If you disable or don't configure this setting, you won't join Microsoft MAPS.
   
 In Windows 10, Basic membership is no longer available, so setting the value to 1 or 2 enrolls the device into Advanced membership.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Join Microsoft MAPS*
+-   GP Friendly name: *Join Microsoft MAPS*
 -   GP name: *SpynetReporting*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\MAPS*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -6428,32 +4433,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Spynet_LocalSettingOverrideSpynetReporting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6468,23 +4455,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Group Policy.
+ This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Policy.
 
-If you enable this setting, the local preference setting will take priority over Group Policy.
+If you enable this setting, the local preference setting will take priority over Policy.
 
-If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+If you disable or don't configure this setting, Policy will take priority over the local preference setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure local setting override for reporting to Microsoft MAPS*
+-   GP Friendly name: *Configure local setting override for reporting to Microsoft MAPS*
 -   GP name: *Spynet_LocalSettingOverrideSpynetReporting*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\MAPS*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -6498,32 +4480,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/Threats_ThreatIdDefaultAction**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6538,7 +4502,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting customize which remediation action will be taken for each listed Threat ID when it is detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken.
+This policy setting customizes which remediation action will be taken for each listed Threat ID when it's detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken.
 
 Valid remediation action values are:
 
@@ -6547,16 +4511,11 @@ Valid remediation action values are:
 - 6 = Ignore
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify threats upon which default action should not be taken when detected*
+-   GP Friendly name: *Specify threats upon which default action should not be taken when detected*
 -   GP name: *Threats_ThreatIdDefaultAction*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Threats*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -6569,32 +4528,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/UX_Configuration_CustomDefaultActionToastString**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6609,23 +4550,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether or not to display additional text to clients when they need to perform an action. The text displayed is a custom administrator-defined string. For example, the phone number to call the company help desk. The client interface will only display a maximum of 1024 characters. Longer strings will be truncated before display.
+This policy setting allows you to configure whether or not to display more text to clients when they need to perform an action. The text displayed is a custom administrator-defined string. For example, the phone number to call the company help desk. The client interface will only display a maximum of 1024 characters. Longer strings will be truncated before display.
 
-If you enable this setting, the additional text specified will be displayed.
+If you enable this setting, the extra text specified will be displayed.
 
-If you disable or do not configure this setting, there will be no additional text displayed.
+If you disable or don't configure this setting, there will be no extra text displayed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Display additional text to clients when they need to perform an action*
+-   GP Friendly name: *Display additional text to clients when they need to perform an action*
 -   GP name: *UX_Configuration_CustomDefaultActionToastString*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -6638,32 +4574,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/UX_Configuration_Notification_Suppress**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6678,23 +4596,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Use this policy setting to specify if you want Microsoft Defender Antivirus notifications to display on clients.
+Use this policy setting to specify if you want Microsoft Defender Antivirus notifications to display on clients.
 
-If you disable or do not configure this setting, Microsoft Defender Antivirus notifications will display on clients.
+If you disable or don't configure this setting, Microsoft Defender Antivirus notifications will display on clients.
 
-If you enable this setting, Microsoft Defender Antivirus notifications will not display on clients.
+If you enable this setting, Microsoft Defender Antivirus notifications won't display on clients.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Suppress all notifications*
+-   GP Friendly name: *Suppress all notifications*
 -   GP name: *UX_Configuration_Notification_Suppress*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -6707,32 +4620,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/UX_Configuration_SuppressRebootNotification**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6747,21 +4642,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows user to suppress reboot notifications in UI only mode (for cases where UI can't be in lockdown mode).
+This policy setting allows user to suppress reboot notifications in UI only mode (for cases where UI can't be in lockdown mode).
 
-If you enable this setting AM UI won't show reboot notifications.
+If you enable this setting, AM UI won't show reboot notifications.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Suppresses reboot notifications*
+-   GP Friendly name: *Suppresses reboot notifications*
 -   GP name: *UX_Configuration_SuppressRebootNotification*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -6774,32 +4664,14 @@ ADMX Info:
 **ADMX_MicrosoftDefenderAntivirus/UX_Configuration_UILockdown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6814,21 +4686,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether or not to display AM UI to the users.
+This policy setting allows you to configure whether or not to display AM UI to the users.
 
-If you enable this setting AM UI won't be available to users.
+If you enable this setting, AM UI won't be available to users.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable headless UI mode*
+-   GP Friendly name: *Enable headless UI mode*
 -   GP name: *UX_Configuration_UILockdown*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -6837,8 +4704,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md
index 05474b42bb..33f6ed7399 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmc.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmc.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/03/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_MMC
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -46,32 +50,14 @@ manager: dansimp
 **ADMX_MMC/MMC_ActiveXControl**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -86,33 +72,28 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of this snap-in.
+This policy setting permits or prohibits use of this snap-in.
 
 If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
 
-If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
 
-- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted.
+- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those snap-ins explicitly permitted.
 
-To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.
+To explicitly permit use of this snap-in, enable this setting. If this setting isn't configured (or disabled), this snap-in is prohibited.
 
-- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited.
+- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those snap-ins explicitly prohibited.
 
-To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.
+To explicitly prohibit use of this snap-in, disable this setting. If this setting isn't configured (or enabled), the snap-in is permitted.
 
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *ActiveX Control*
+-   GP Friendly name: *ActiveX Control*
 -   GP name: *MMC_ActiveXControl*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMC.admx*
@@ -125,32 +106,14 @@ ADMX Info:
 **ADMX_MMC/MMC_ExtendView**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -165,33 +128,28 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of this snap-in.
+This policy setting permits or prohibits use of this snap-in.
 
 If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
 
-If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
 
-- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted.
+- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those snap-ins explicitly permitted.
 
-To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.
+To explicitly permit use of this snap-in, enable this setting. If this setting isn't configured (or disabled), this snap-in is prohibited.
 
-- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited.
+- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those snap-ins explicitly prohibited.
 
-To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.
+To explicitly prohibit use of this snap-in, disable this setting. If this setting isn't configured (or enabled), the snap-in is permitted.
 
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Extended View (Web View)*
+-   GP Friendly name: *Extended View (Web View)*
 -   GP name: *MMC_ExtendView*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMC.admx*
@@ -204,32 +162,14 @@ ADMX Info:
 **ADMX_MMC/MMC_LinkToWeb**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -244,33 +184,28 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of this snap-in.
+This policy setting permits or prohibits use of this snap-in.
 
 If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
 
-If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
 
-- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted.
+- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those snap-ins explicitly permitted.
 
-To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.
+To explicitly permit use of this snap-in, enable this setting. If this setting isn't configured (or disabled), this snap-in is prohibited.
 
-- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited.
+- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those snap-ins explicitly prohibited.
 
-To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.
+To explicitly prohibit use of this snap-in, disable this setting. If this setting isn't configured (or enabled), the snap-in is permitted.
 
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Link to Web Address*
+-   GP Friendly name: *Link to Web Address*
 -   GP name: *MMC_LinkToWeb*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMC.admx*
@@ -283,32 +218,14 @@ ADMX Info:
 **ADMX_MMC/MMC_Restrict_Author**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -323,27 +240,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from entering author mode.
+This policy setting prevents users from entering author mode.
 
 This setting prevents users from opening the Microsoft Management Console (MMC) in author mode, explicitly opening console files in author mode, and opening any console files that open in author mode by default.
 
-As a result, users cannot create console files or add or remove snap-ins. Also, because they cannot open author-mode console files, they cannot use the tools that the files contain.
+As a result, users can't create console files or add or remove snap-ins. Also, because they can't open author-mode console files, they can't use the tools that the files contain.
 
-This setting permits users to open MMC user-mode console files, such as those on the Administrative Tools menu in Windows 2000 Server family or Windows Server 2003 family. However, users cannot open a blank MMC console window on the Start menu. (To open the MMC, click Start, click Run, and type mmc.) Users also cannot open a blank MMC console window from a command prompt.
+This setting permits users to open MMC user-mode console files, such as those on the Administrative Tools menu in Windows 2000 Server family or Windows Server 2003 family. However, users can't open a blank MMC console window on the Start menu. (To open the MMC, click Start, click Run, and type mmc.) Users also can't open a blank MMC console window from a command prompt.
 
-If you disable this setting or do not configure it, users can enter author mode and open author-mode console files.
+If you disable this setting or don't configure it, users can enter author mode and open author-mode console files.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Restrict the user from entering author mode*
+-   GP Friendly name: *Restrict the user from entering author mode*
 -   GP name: *MMC_Restrict_Author*
 -   GP path: *Windows Components\Microsoft Management Console*
 -   GP ADMX file name: *MMC.admx*
@@ -356,32 +268,14 @@ ADMX Info:
 **ADMX_MMC/MMC_Restrict_To_Permitted_Snapins**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -396,32 +290,27 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.
+This policy setting lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.
 
-- If you enable this setting, all snap-ins are prohibited, except those that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins.
+- If you enable this setting, all snap-ins are prohibited, except those snap-ins that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins.
 
 To explicitly permit a snap-in, open the Restricted/Permitted snap-ins setting folder and enable the settings representing the snap-in you want to permit. If a snap-in setting in the folder is disabled or not configured, the snap-in is prohibited.
 
-- If you disable this setting or do not configure it, all snap-ins are permitted, except those that you explicitly prohibit. Use this setting if you plan to permit use of most snap-ins.
+- If you disable this setting or don't configure it, all snap-ins are permitted, except those snap-ins that you explicitly prohibit. Use this setting if you plan to permit use of most snap-ins.
 
 To explicitly prohibit a snap-in, open the Restricted/Permitted snap-ins setting folder and then disable the settings representing the snap-ins you want to prohibit. If a snap-in setting in the folder is enabled or not configured, the snap-in is permitted.
 
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
 
 > [!NOTE]
-> If you enable this setting, and you do not enable any settings in the Restricted/Permitted snap-ins folder, users cannot use any MMC snap-ins.
+> If you enable this setting, and you don't enable any settings in the Restricted/Permitted snap-ins folder, users can't use any MMC snap-ins.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Restrict users to the explicitly permitted list of snap-ins*
+-   GP Friendly name: *Restrict users to the explicitly permitted list of snap-ins*
 -   GP name: *MMC_Restrict_To_Permitted_Snapins*
 -   GP path: *Windows Components\Microsoft Management Console*
 -   GP ADMX file name: *MMC.admx*
@@ -430,8 +319,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
index 688de0b909..1514a912be 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/13/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_MMCSnapins
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -343,32 +347,14 @@ manager: dansimp
 **ADMX_MMCSnapins/MMC_ADMComputers_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -383,31 +369,26 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
+If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. 
+If you disable this policy setting, the snap-in is prohibited. It cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. 
 
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. 
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. 
 
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. 
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. 
 
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. 
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. 
 
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Administrative Templates (Computers)*
+-   GP Friendly name: *Administrative Templates (Computers)*
 -   GP name: *MMC_ADMComputers_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -420,32 +401,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ADMComputers_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -460,31 +423,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
+If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
-If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. 
+If you disable this policy setting, the snap-in is prohibited. It cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. 
 
-If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. 
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. 
 
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. 
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. 
 
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. 
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. 
 
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Administrative Templates (Computers)*
+-   GP Friendly name: *Administrative Templates (Computers)*
 -   GP name: *MMC_ADMComputers_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -498,32 +456,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ADMUsers_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -538,7 +478,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -553,16 +493,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Administrative Templates (Users)*
+-   GP Friendly name: *Administrative Templates (Users)*
 -   GP name: *MMC_ADMUsers_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -576,32 +511,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ADMUsers_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -616,7 +533,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -631,16 +548,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Administrative Templates (Users)*
+-  GP Friendly name: *Administrative Templates (Users)*
 -   GP name: *MMC_ADMUsers_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -654,32 +566,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ADSI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -694,7 +588,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -709,16 +603,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *ADSI Edit*
+-   GP Friendly name: *ADSI Edit*
 -   GP name: *MMC_ADSI*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -732,32 +621,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ActiveDirDomTrusts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -772,7 +643,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -787,16 +658,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Active Directory Domains and Trusts*
+-   GP Friendly name: *Active Directory Domains and Trusts*
 -   GP name: *MMC_ActiveDirDomTrusts*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -810,32 +676,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ActiveDirSitesServices**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -850,7 +698,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -862,19 +710,14 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 - If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. 
 
-When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Active Directory Sites and Services*
+-   GP Friendly name: *Active Directory Sites and Services*
 -   GP name: *MMC_ActiveDirSitesServices*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -888,32 +731,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ActiveDirUsersComp**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -928,9 +753,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
+If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
 If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. 
 
@@ -943,16 +768,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Active Directory Users and Computers*
+-   GP Friendly name: *Active Directory Users and Computers*
 -   GP name: *MMC_ActiveDirUsersComp*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -966,32 +786,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_AppleTalkRouting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1006,7 +808,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -1021,16 +823,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *AppleTalk Routing*
+-   GP Friendly name: *AppleTalk Routing*
 -   GP name: *MMC_AppleTalkRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -1044,32 +841,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_AuthMan**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1084,7 +863,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -1099,16 +878,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Authorization Manager*
+-   GP Friendly name: *Authorization Manager*
 -   GP name: *MMC_AuthMan*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -1122,32 +896,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_CertAuth**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1162,7 +918,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -1177,16 +933,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Certification Authority*
+-   GP Friendly name: *Certification Authority*
 -   GP name: *MMC_CertAuth*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -1200,32 +951,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_CertAuthPolSet**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1240,7 +973,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -1254,16 +987,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Certification Authority Policy Settings*
+-   GP Friendly name: *Certification Authority Policy Settings*
 -   GP name: *MMC_CertAuthPolSet*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -1277,32 +1005,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_Certs**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1317,7 +1027,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -1331,16 +1041,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Certificates*
+-   GP Friendly name: *Certificates*
 -   GP name: *MMC_Certs*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -1354,32 +1059,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_CertsTemplate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1394,7 +1081,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -1408,16 +1095,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Certificate Templates*
+-   GP Friendly name: *Certificate Templates*
 -   GP name: *MMC_CertsTemplate*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -1431,32 +1113,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ComponentServices**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1471,7 +1135,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -1485,16 +1149,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Component Services*
+-   GP Friendly name: *Component Services*
 -   GP name: *MMC_ComponentServices*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -1508,32 +1167,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ComputerManagement**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1548,7 +1189,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -1562,16 +1203,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Computer Management*
+-   GP Friendly name: *Computer Management*
 -   GP name: *MMC_ComputerManagement*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -1585,32 +1221,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ConnectionSharingNAT**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1625,7 +1243,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -1639,16 +1257,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Connection Sharing (NAT)*
+-   GP Friendly name: *Connection Sharing (NAT)*
 -   GP name: *MMC_ConnectionSharingNAT*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -1662,32 +1275,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_DCOMCFG**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1702,7 +1297,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -1716,16 +1311,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *DCOM Configuration Extension*
+-   GP Friendly name: *DCOM Configuration Extension*
 -   GP name: *MMC_DCOMCFG*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -1739,32 +1329,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_DFS**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1779,7 +1351,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -1793,16 +1365,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Distributed File System*
+-   GP Friendly name: *Distributed File System*
 -   GP name: *MMC_DFS*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -1816,32 +1383,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_DHCPRelayMgmt**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1856,7 +1405,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -1870,16 +1419,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *DHCP Relay Management*
+-   GP Friendly name: *DHCP Relay Management*
 -   GP name: *MMC_DHCPRelayMgmt*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -1893,32 +1437,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_DeviceManager_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1933,7 +1459,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -1947,16 +1473,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Device Manager*
+-   GP Friendly name: *Device Manager*
 -   GP name: *MMC_DeviceManager_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -1970,32 +1491,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_DeviceManager_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2010,7 +1513,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -2024,16 +1527,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Device Manager*
+-   GP Friendly name: *Device Manager*
 -   GP name: *MMC_DeviceManager_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -2047,32 +1545,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_DiskDefrag**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2087,7 +1567,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -2101,16 +1581,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Disk Defragmenter*
+-   GP Friendly name: *Disk Defragmenter*
 -   GP name: *MMC_DiskDefrag*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -2124,32 +1599,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_DiskMgmt**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2164,7 +1621,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -2178,16 +1635,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Disk Management*
+-   GP Friendly name: *Disk Management*
 -   GP name: *MMC_DiskMgmt*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -2201,32 +1653,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_EnterprisePKI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2241,7 +1675,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -2255,16 +1689,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enterprise PKI*
+-   GP Friendly name: *Enterprise PKI*
 -   GP name: *MMC_EnterprisePKI*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -2278,32 +1707,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_EventViewer_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2318,7 +1729,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -2332,16 +1743,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Event Viewer*
+-   GP Friendly name: *Event Viewer*
 -   GP name: *MMC_EventViewer_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -2355,32 +1761,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_EventViewer_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2395,7 +1783,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -2409,16 +1797,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Event Viewer (Windows Vista)*
+-   GP Friendly name: *Event Viewer (Windows Vista)*
 -   GP name: *MMC_EventViewer_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -2432,32 +1815,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_EventViewer_3**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2472,7 +1837,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -2486,16 +1851,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Event Viewer*
+-   GP Friendly name: *Event Viewer*
 -   GP name: *MMC_EventViewer_3*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -2509,32 +1869,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_EventViewer_4**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2549,7 +1891,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -2563,16 +1905,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Event Viewer (Windows Vista)*
+-   GP Friendly name: *Event Viewer (Windows Vista)*
 -   GP name: *MMC_EventViewer_4*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -2587,32 +1924,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_EventViewer_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2627,7 +1946,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -2641,16 +1960,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Event Viewer (Windows Vista)*
+-   GP Friendly name: *Event Viewer (Windows Vista)*
 -   GP name: *MMC_EventViewer_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -2664,32 +1978,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_FAXService**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2704,7 +2000,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -2718,16 +2014,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *FAX Service*
+-   GP Friendly name: *FAX Service*
 -   GP name: *MMC_FAXService*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -2741,32 +2032,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_FailoverClusters**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2781,7 +2054,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -2795,16 +2068,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Failover Clusters Manager*
+-   GP Friendly name: *Failover Clusters Manager*
 -   GP name: *MMC_FailoverClusters*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -2818,32 +2086,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_FolderRedirection_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2858,7 +2108,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -2872,16 +2122,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Folder Redirection*
+-   GP Friendly name: *Folder Redirection*
 -   GP name: *MMC_FolderRedirection_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -2895,32 +2140,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_FolderRedirection_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2935,7 +2162,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -2949,16 +2176,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Folder Redirection*
+-   GP Friendly name: *Folder Redirection*
 -   GP name: *MMC_FolderRedirection_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -2972,32 +2194,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_FrontPageExt**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3012,7 +2216,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -3026,16 +2230,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *FrontPage Server Extensions*
+-   GP Friendly name: *FrontPage Server Extensions*
 -   GP name: *MMC_FrontPageExt*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -3049,32 +2248,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_GroupPolicyManagementSnapIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3089,7 +2270,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -3103,16 +2284,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Group Policy Management*
+-   GP Friendly name: *Group Policy Management*
 -   GP name: *MMC_GroupPolicyManagementSnapIn*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -3126,32 +2302,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_GroupPolicySnapIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3166,7 +2324,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -3180,16 +2338,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Group Policy Object Editor*
+-   GP Friendly name: *Group Policy Object Editor*
 -   GP name: *MMC_GroupPolicySnapIn*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -3203,32 +2356,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_GroupPolicyTab**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3243,7 +2378,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins.
+This policy setting permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins.
 
 If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab is not displayed in those snap-ins.
 
@@ -3259,16 +2394,11 @@ To explicitly prohibit use of the Group Policy tab, disable this setting. If thi
 
 When the Group Policy tab is inaccessible, it does not appear in the site, domain, or organizational unit property sheets.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Group Policy tab for Active Directory Tools*
+-   GP Friendly name: *Group Policy tab for Active Directory Tools*
 -   GP name: *MMC_GroupPolicyTab*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -3282,32 +2412,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_HRA**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3322,7 +2434,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -3336,16 +2448,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Health Registration Authority (HRA)*
+-   GP Friendly name: *Health Registration Authority (HRA)*
 -   GP name: *MMC_HRA*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -3359,32 +2466,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_IAS**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3399,7 +2488,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -3413,16 +2502,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Internet Authentication Service (IAS)*
+-   GP Friendly name: *Internet Authentication Service (IAS)*
 -   GP name: *MMC_IAS*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -3436,32 +2520,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_IASLogging**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3476,7 +2542,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -3490,16 +2556,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *IAS Logging*
+-   GP Friendly name: *IAS Logging*
 -   GP name: *MMC_IASLogging*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -3513,32 +2574,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_IEMaintenance_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3553,7 +2596,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -3567,16 +2610,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Internet Explorer Maintenance*
+-   GP Friendly name: *Internet Explorer Maintenance*
 -   GP name: *MMC_IEMaintenance_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -3590,32 +2628,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_IEMaintenance_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3630,7 +2650,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -3644,16 +2664,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Internet Explorer Maintenance*
+-   GP Friendly name: *Internet Explorer Maintenance*
 -   GP name: *MMC_IEMaintenance_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -3667,32 +2682,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_IGMPRouting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3707,7 +2704,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -3721,16 +2718,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *IGMP Routing*
+-   GP Friendly name: *IGMP Routing*
 -   GP name: *MMC_IGMPRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -3744,32 +2736,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_IIS**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3784,7 +2758,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -3798,16 +2772,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Internet Information Services*
+-   GP Friendly name: *Internet Information Services*
 -   GP name: *MMC_IIS*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -3821,32 +2790,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_IPRouting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3861,7 +2812,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -3875,16 +2826,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *IP Routing*
+-   GP Friendly name: *IP Routing*
 -   GP name: *MMC_IPRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -3898,32 +2844,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_IPSecManage_GP**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3938,7 +2866,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -3952,16 +2880,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *IP Security Policy Management*
+-   GP Friendly name: *IP Security Policy Management*
 -   GP name: *MMC_IPSecManage_GP*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -3975,32 +2898,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_IPXRIPRouting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4015,7 +2920,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -4029,16 +2934,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *IPX RIP Routing*
+-   GP Friendly name: *IPX RIP Routing*
 -   GP name: *MMC_IPXRIPRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4052,32 +2952,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_IPXRouting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4092,7 +2974,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -4106,16 +2988,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *IPX Routing*
+-   GP Friendly name: *IPX Routing*
 -   GP name: *MMC_IPXRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4129,32 +3006,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_IPXSAPRouting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4169,7 +3028,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -4183,16 +3042,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *IPX SAP Routing*
+-   GP Friendly name: *IPX SAP Routing*
 -   GP name: *MMC_IPXSAPRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4206,32 +3060,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_IndexingService**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4246,7 +3082,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -4260,16 +3096,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Indexing Service*
+-   GP Friendly name: *Indexing Service*
 -   GP name: *MMC_IndexingService*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4283,32 +3114,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_IpSecManage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4323,7 +3136,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -4337,16 +3150,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *IP Security Policy Management*
+-   GP Friendly name: *IP Security Policy Management*
 -   GP name: *MMC_IpSecManage*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4360,32 +3168,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_IpSecMonitor**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4400,7 +3190,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -4414,16 +3204,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *IP Security Monitor*
+-   GP Friendly name: *IP Security Monitor*
 -   GP name: *MMC_IpSecMonitor*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4437,32 +3222,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_LocalUsersGroups**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4477,7 +3244,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -4491,16 +3258,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Local Users and Groups*
+-   GP Friendly name: *Local Users and Groups*
 -   GP name: *MMC_LocalUsersGroups*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4514,32 +3276,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_LogicalMappedDrives**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4554,7 +3298,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -4568,16 +3312,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Logical and Mapped Drives*
+-   GP Friendly name: *Logical and Mapped Drives*
 -   GP name: *MMC_LogicalMappedDrives*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4591,32 +3330,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_NPSUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4631,7 +3352,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -4645,16 +3366,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Network Policy Server (NPS)*
+-   GP Friendly name: *Network Policy Server (NPS)*
 -   GP name: *MMC_NPSUI*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4668,32 +3384,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_NapSnap**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4708,7 +3406,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -4722,16 +3420,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *NAP Client Configuration*
+-   GP Friendly name: *NAP Client Configuration*
 -   GP name: *MMC_NapSnap*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4745,32 +3438,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_NapSnap_GP**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4785,7 +3460,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -4799,16 +3474,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *NAP Client Configuration*
+-   GP Friendly name: *NAP Client Configuration*
 -   GP name: *MMC_NapSnap_GP*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4822,32 +3492,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_Net_Framework**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4862,7 +3514,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -4876,16 +3528,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *.Net Framework Configuration*
+-   GP Friendly name: *.Net Framework Configuration*
 -   GP name: *MMC_Net_Framework*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4899,32 +3546,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_OCSP**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4939,7 +3568,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -4953,16 +3582,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Online Responder*
+-   GP Friendly name: *Online Responder*
 -   GP name: *MMC_OCSP*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4976,32 +3600,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_OSPFRouting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5016,7 +3622,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -5030,16 +3636,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *OSPF Routing*
+-   GP Friendly name: *OSPF Routing*
 -   GP name: *MMC_OSPFRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5053,32 +3654,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_PerfLogsAlerts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5093,7 +3676,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -5107,16 +3690,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Performance Logs and Alerts*
+-   GP Friendly name: *Performance Logs and Alerts*
 -   GP name: *MMC_PerfLogsAlerts*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5130,32 +3708,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_PublicKey**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5170,7 +3730,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -5184,16 +3744,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Public Key Policies*
+-   GP Friendly name: *Public Key Policies*
 -   GP name: *MMC_PublicKey*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5207,32 +3762,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_QoSAdmission**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5247,7 +3784,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -5261,16 +3798,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *QoS Admission Control*
+-   GP Friendly name: *QoS Admission Control*
 -   GP name: *MMC_QoSAdmission*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5284,32 +3816,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_RAS_DialinUser**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5324,7 +3838,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -5338,16 +3852,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *RAS Dialin - User Node*
+-   GP Friendly name: *RAS Dialin - User Node*
 -   GP name: *MMC_RAS_DialinUser*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5361,32 +3870,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_RIPRouting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5401,7 +3892,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -5415,16 +3906,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *RIP Routing*
+-   GP Friendly name: *RIP Routing*
 -   GP name: *MMC_RIPRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5438,32 +3924,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_RIS**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5478,7 +3946,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -5492,16 +3960,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remote Installation Services*
+-   GP Friendly name: *Remote Installation Services*
 -   GP name: *MMC_RIS*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5515,32 +3978,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_RRA**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5555,7 +4000,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -5569,16 +4014,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Routing and Remote Access*
+-   GP Friendly name: *Routing and Remote Access*
 -   GP name: *MMC_RRA*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5592,32 +4032,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_RSM**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5632,7 +4054,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -5646,16 +4068,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Removable Storage Management*
+-   GP Friendly name: *Removable Storage Management*
 -   GP name: *MMC_RSM*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5669,32 +4086,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_RemStore**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5709,7 +4108,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -5723,16 +4122,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Removable Storage*
+-   GP Friendly name: *Removable Storage*
 -   GP name: *MMC_RemStore*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5746,32 +4140,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_RemoteAccess**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5786,7 +4162,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -5800,16 +4176,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remote Access*
+-   GP Friendly name: *Remote Access*
 -   GP name: *MMC_RemoteAccess*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5823,32 +4194,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_RemoteDesktop**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5863,7 +4216,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -5877,16 +4230,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remote Desktops*
+-   GP Friendly name: *Remote Desktops*
 -   GP name: *MMC_RemoteDesktop*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5900,32 +4248,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ResultantSetOfPolicySnapIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5940,7 +4270,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -5954,16 +4284,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Resultant Set of Policy snap-in*
+-   GP Friendly name: *Resultant Set of Policy snap-in*
 -   GP name: *MMC_ResultantSetOfPolicySnapIn*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5977,32 +4302,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_Routing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6017,7 +4324,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -6031,16 +4338,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Routing*
+-   GP Friendly name: *Routing*
 -   GP name: *MMC_Routing*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -6054,32 +4356,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_SCA**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6094,7 +4378,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -6108,16 +4392,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Security Configuration and Analysis*
+-   GP Friendly name: *Security Configuration and Analysis*
 -   GP name: *MMC_SCA*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -6131,32 +4410,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_SMTPProtocol**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6171,7 +4432,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -6185,16 +4446,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *SMTP Protocol*
+-   GP Friendly name: *SMTP Protocol*
 -   GP name: *MMC_SMTPProtocol*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -6208,32 +4464,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_SNMP**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6248,7 +4486,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -6262,16 +4500,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *SNMP*
+-   GP Friendly name: *SNMP*
 -   GP name: *MMC_SNMP*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -6285,32 +4518,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ScriptsMachine_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6325,7 +4540,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -6339,16 +4554,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Scripts (Startup/Shutdown)*
+-   GP Friendly name: *Scripts (Startup/Shutdown)*
 -   GP name: *MMC_ScriptsMachine_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -6362,32 +4572,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ScriptsMachine_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6402,7 +4594,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -6416,16 +4608,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Scripts (Startup/Shutdown)*
+-   GP Friendly name: *Scripts (Startup/Shutdown)*
 -   GP name: *MMC_ScriptsMachine_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -6439,32 +4626,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ScriptsUser_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6479,7 +4648,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -6493,16 +4662,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Scripts (Logon/Logoff)*
+-   GP Friendly name: *Scripts (Logon/Logoff)*
 -   GP name: *MMC_ScriptsUser_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -6516,32 +4680,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ScriptsUser_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6556,7 +4702,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -6570,16 +4716,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Scripts (Logon/Logoff)*
+-   GP Friendly name: *Scripts (Logon/Logoff)*
 -   GP name: *MMC_ScriptsUser_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -6593,32 +4734,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_SecuritySettings_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6633,7 +4756,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -6647,16 +4770,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Security Settings*
+-   GP Friendly name: *Security Settings*
 -   GP name: *MMC_SecuritySettings_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -6670,32 +4788,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_SecuritySettings_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6710,7 +4810,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -6724,16 +4824,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Security Settings*
+-   GP Friendly name: *Security Settings*
 -   GP name: *MMC_SecuritySettings_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -6747,32 +4842,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_SecurityTemplates**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6787,7 +4864,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -6801,16 +4878,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Security Templates*
+-   GP Friendly name: *Security Templates*
 -   GP name: *MMC_SecurityTemplates*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -6824,32 +4896,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_SendConsoleMessage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6864,7 +4918,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -6878,16 +4932,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Send Console Message*
+-   GP Friendly name: *Send Console Message*
 -   GP name: *MMC_SendConsoleMessage*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -6901,32 +4950,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ServerManager**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6941,7 +4972,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -6955,16 +4986,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Server Manager*
+-   GP Friendly name: *Server Manager*
 -   GP name: *MMC_ServerManager*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -6978,32 +5004,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_ServiceDependencies**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7018,7 +5026,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -7032,16 +5040,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Service Dependencies*
+-   GP Friendly name: *Service Dependencies*
 -   GP name: *MMC_ServiceDependencies*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -7055,32 +5058,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_Services**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7095,7 +5080,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -7109,16 +5094,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Services*
+-   GP Friendly name: *Services*
 -   GP name: *MMC_Services*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -7132,32 +5112,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_SharedFolders**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7172,7 +5134,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -7186,16 +5148,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Shared Folders*
+-   GP Friendly name: *Shared Folders*
 -   GP name: *MMC_SharedFolders*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -7209,32 +5166,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_SharedFolders_Ext**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7249,7 +5188,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -7263,16 +5202,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Shared Folders Ext*
+-   GP Friendly name: *Shared Folders Ext*
 -   GP name: *MMC_SharedFolders_Ext*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -7286,32 +5220,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7326,7 +5242,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -7340,16 +5256,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Software Installation (Computers)*
+-   GP Friendly name: *Software Installation (Computers)*
 -   GP name: *MMC_SoftwareInstalationComputers_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -7363,32 +5274,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7403,7 +5296,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -7417,16 +5310,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Software Installation (Computers)*
+-   GP Friendly name: *Software Installation (Computers)*
 -   GP name: *MMC_SoftwareInstalationComputers_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -7440,32 +5328,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7480,7 +5350,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -7494,16 +5364,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Software Installation (Users)*
+-   GP Friendly name: *Software Installation (Users)*
 -   GP name: *MMC_SoftwareInstallationUsers_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -7517,32 +5382,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7557,7 +5404,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -7571,16 +5418,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Software Installation (Users)*
+-   GP Friendly name: *Software Installation (Users)*
 -   GP name: *MMC_SoftwareInstallationUsers_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -7594,32 +5436,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_SysInfo**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7634,7 +5458,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -7648,16 +5472,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *System Information*
+-   GP Friendly name: *System Information*
 -   GP name: *MMC_SysInfo*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -7671,32 +5490,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_SysProp**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7711,7 +5512,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -7725,16 +5526,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *System Properties*
+-   GP Friendly name: *System Properties*
 -   GP name: *MMC_SysProp*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -7748,32 +5544,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_TPMManagement**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7788,7 +5566,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -7802,16 +5580,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *TPM Management*
+-   GP Friendly name: *TPM Management*
 -   GP name: *MMC_TPMManagement*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -7825,32 +5598,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_Telephony**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7865,7 +5620,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -7879,16 +5634,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Telephony*
+-   GP Friendly name: *Telephony*
 -   GP name: *MMC_Telephony*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -7902,32 +5652,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_TerminalServices**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7942,7 +5674,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -7956,16 +5688,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remote Desktop Services Configuration*
+-   GP Friendly name: *Remote Desktop Services Configuration*
 -   GP name: *MMC_TerminalServices*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -7979,32 +5706,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_WMI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8019,7 +5728,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -8033,16 +5742,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *WMI Control*
+-   GP Friendly name: *WMI Control*
 -   GP name: *MMC_WMI*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -8056,32 +5760,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_WindowsFirewall**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8096,7 +5782,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -8110,16 +5796,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Windows Firewall with Advanced Security*
+-   GP Friendly name: *Windows Firewall with Advanced Security*
 -   GP name: *MMC_WindowsFirewall*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -8133,32 +5814,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_WindowsFirewall_GP**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8173,7 +5836,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -8187,16 +5850,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Windows Firewall with Advanced Security*
+-   GP Friendly name: *Windows Firewall with Advanced Security*
 -   GP name: *MMC_WindowsFirewall_GP*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -8210,32 +5868,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_WiredNetworkPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8250,7 +5890,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -8264,16 +5904,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Wired Network (IEEE 802.3) Policies*
+-   GP Friendly name: *Wired Network (IEEE 802.3) Policies*
 -   GP name: *MMC_WiredNetworkPolicy*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -8287,32 +5922,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_WirelessMon**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8327,7 +5944,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -8341,16 +5958,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Wireless Monitor*
+-   GP Friendly name: *Wireless Monitor*
 -   GP name: *MMC_WirelessMon*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -8364,32 +5976,14 @@ ADMX Info:
 **ADMX_MMCSnapins/MMC_WirelessNetworkPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8404,7 +5998,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. 
+This policy setting permits or prohibits the use of this snap-in. 
 
 If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. 
 
@@ -8418,16 +6012,11 @@ If this policy setting is not configured, the setting of the "Restrict users to
 
 When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Wireless Network (IEEE 802.11) Policies*
+-   GP Friendly name: *Wireless Network (IEEE 802.11) Policies*
 -   GP name: *MMC_WirelessNetworkPolicy*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -8435,7 +6024,6 @@ ADMX Info:
 
 
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
new file mode 100644
index 0000000000..1b428b1884
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
@@ -0,0 +1,135 @@
+---
+title: Policy CSP - ADMX_MobilePCMobilityCenter
+description: Policy CSP - ADMX_MobilePCMobilityCenter
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/20/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_MobilePCMobilityCenter
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_MobilePCMobilityCenter policies  
+
+
                  
+  
                  
+    ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1
+  
                  
+  
                  
+    ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting turns off Windows Mobility Center.  
+- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it.  
+
+- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.  
+
+If you do not configure this policy setting, Windows Mobility Center is on by default.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off Windows Mobility Center*
+-   GP name: *MobilityCenterEnable_1*
+-   GP path: *Windows Components\Windows Mobility Center*
+-   GP ADMX file name: *MobilePCMobilityCenter.admx*
+
+
+
+
                  
+
+
+**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting turns off Windows Mobility Center.  
+- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it.  
+
+- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.  
+
+If you do not configure this policy setting, Windows Mobility Center is on by default.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off Windows Mobility Center*
+-   GP name: *MobilityCenterEnable_2*
+-   GP path: *Windows Components\Windows Mobility Center*
+-   GP ADMX file name: *MobilePCMobilityCenter.admx*
+
+
+
                  
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
new file mode 100644
index 0000000000..f9fe20c69c
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
@@ -0,0 +1,147 @@
+---
+title: Policy CSP - ADMX_MobilePCPresentationSettings
+description: Policy CSP - ADMX_MobilePCPresentationSettings
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/20/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_MobilePCPresentationSettings
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_MobilePCPresentationSettings policies  
+
+
                  
+  
                  
+    ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1
+  
                  
+  
                  
+    ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2
+  
                  
+
                  
+
+
                  
+
+
+
+**ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1**
+
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting turns off Windows presentation settings.  
+
+- If you enable this policy setting, Windows presentation settings cannot be invoked.  
+
+- If you disable this policy setting, Windows presentation settings can be invoked. 
+
+The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.  
+
+> [!NOTE]
+> Users will be able to customize their system settings for presentations in Windows Mobility Center.  
+If you do not configure this policy setting, Windows presentation settings can be invoked.
+
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off Windows presentation settings*
+-   GP name: *PresentationSettingsEnable_1*
+-   GP path: *Windows Components\Presentation Settings*
+-   GP ADMX file name: *MobilePCPresentationSettings.admx*
+
+
+
+
                  
+
+
+**ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting turns off Windows presentation settings.  
+
+- If you enable this policy setting, Windows presentation settings cannot be invoked.  
+
+- If you disable this policy setting, Windows presentation settings can be invoked. 
+
+The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.  
+
+> [!NOTE]
+> Users will be able to customize their system settings for presentations in Windows Mobility Center.  
+If you do not configure this policy setting, Windows presentation settings can be invoked.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off Windows presentation settings*
+-   GP name: *PresentationSettingsEnable_2*
+-   GP path: *Windows Components\Presentation Settings*
+-   GP ADMX file name: *MobilePCPresentationSettings.admx*
+
+
+
                  
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
index c94cb373ac..21ecaf3e29 100644
--- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/14/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_MSAPolicy
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -34,32 +38,14 @@ manager: dansimp
 **ADMX_MSAPolicy/MicrosoftAccount_DisableUserAuth**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,25 +60,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether users can provide Microsoft accounts for authentication for applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication.
+This policy setting controls whether users can provide Microsoft accounts for authentication for applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication.
 
-This applies both to existing users of a device and new users who may be added. However, any application or service that has already authenticated a user will not be affected by enabling this setting until the authentication cache expires.
+This functionality applies both to existing users of a device and new users who may be added. However, any application or service that has already authenticated a user won't be affected by enabling this setting until the authentication cache expires.
 
-It is recommended to enable this setting before any user signs in to a device to prevent cached tokens from being present. If this setting is disabled or not configured, applications and services can use Microsoft accounts for authentication.
+It's recommended to enable this setting before any user signs in to a device to prevent cached tokens from being present. If this setting is disabled or not configured, applications and services can use Microsoft accounts for authentication.
 
-By default, this setting is Disabled. This setting does not affect whether users can sign in to devices by using Microsoft accounts, or the ability for users to provide Microsoft accounts via the browser for authentication with web-based applications.
+By default, this setting is Disabled. This setting doesn't affect whether users can sign in to devices by using Microsoft accounts, or the ability for users to provide Microsoft accounts via the browser for authentication with web-based applications.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Block all consumer Microsoft account user authentication*
+-   GP Friendly name: *Block all consumer Microsoft account user authentication*
 -   GP name: *MicrosoftAccount_DisableUserAuth*
 -   GP path: *Windows Components\Microsoft account*
 -   GP ADMX file name: *MSAPolicy.admx*
@@ -101,8 +82,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md
index 85cdf6f62c..4bcef7a8d0 100644
--- a/windows/client-management/mdm/policy-csp-admx-msched.md
+++ b/windows/client-management/mdm/policy-csp-admx-msched.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/08/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_msched
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -37,32 +41,14 @@ manager: dansimp
 **ADMX_msched/ActivationBoundaryPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -77,23 +63,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary is the daily scheduled time at which Automatic Maintenance starts.
+This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary is the daily scheduled time at which Automatic Maintenance starts.
 
-If you enable this policy setting, this will override the default daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel.
+If you enable this policy setting, this scheduled time will override the default daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel.
 
-If you disable or do not configure this policy setting, the daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply.
+If you disable or don't configure this policy setting, the daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Automatic Maintenance Activation Boundary*
+-   GP Friendly name: *Automatic Maintenance Activation Boundary*
 -   GP name: *ActivationBoundaryPolicy*
 -   GP path: *Windows Components\Maintenance Scheduler*
 -   GP ADMX file name: *msched.admx*
@@ -106,32 +87,14 @@ ADMX Info:
 **ADMX_msched/RandomDelayPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -146,27 +109,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Automatic Maintenance activation random delay.
+This policy setting allows you to configure Automatic Maintenance activation random delay.
 
 The maintenance random delay is the amount of time up to which Automatic Maintenance will delay starting from its Activation Boundary.
 
 If you enable this policy setting, Automatic Maintenance will delay starting from its Activation Boundary, by up to this time.
 
-If you do not configure this policy setting, 4 hour random delay will be applied to Automatic Maintenance.
+If you don't configure this policy setting, 4 hour random delay will be applied to Automatic Maintenance.
 
 If you disable this policy setting, no random delay will be applied to Automatic Maintenance.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Automatic Maintenance Random Delay*
+-   GP Friendly name: *Automatic Maintenance Random Delay*
 -   GP name: *RandomDelayPolicy*
 -   GP path: *Windows Components\Maintenance Scheduler*
 -   GP ADMX file name: *msched.admx*
@@ -176,8 +134,7 @@ ADMX Info:
 
                  
 
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md
index 4af5ccff52..74fa908dc8 100644
--- a/windows/client-management/mdm/policy-csp-admx-msdt.md
+++ b/windows/client-management/mdm/policy-csp-admx-msdt.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/09/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_MSDT
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -40,32 +44,14 @@ manager: dansimp
 **ADMX_MSDT/MsdtSupportProvider**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -80,29 +66,24 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.
+This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.
 
 If you enable this policy setting, users can use MSDT to collect and send diagnostic data to a support professional to resolve a problem.
 
 By default, the support provider is set to Microsoft Corporation.
 
-If you disable this policy setting, MSDT cannot run in support mode, and no data can be collected or sent to the support provider.
+If you disable this policy setting, MSDT can't run in support mode, and no data can be collected or sent to the support provider.
 
-If you do not configure this policy setting, MSDT support mode is enabled by default.
+If you don't configure this policy setting, MSDT support mode is enabled by default.
 
 No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider*
+-   GP Friendly name: *Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider*
 -   GP name: *MsdtSupportProvider*
 -   GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool*
 -   GP ADMX file name: *MSDT.admx*
@@ -115,32 +96,14 @@ ADMX Info:
 **ADMX_MSDT/MsdtToolDownloadPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -155,41 +118,36 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts the tool download policy for Microsoft Support Diagnostic Tool.
+This policy setting restricts the tool download policy for Microsoft Support Diagnostic Tool.
 
 Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals.
 
-For some problems, MSDT may prompt the user to download additional tools for troubleshooting.  These tools are required to completely troubleshoot the problem.
+For some problems, MSDT may prompt the user to download more tools for troubleshooting.  These tools are required to completely troubleshoot the problem.
 
 If tool download is restricted, it may not be possible to find the root cause of the problem.
 
-If you enable this policy setting for remote troubleshooting, MSDT prompts the user to download additional tools to diagnose problems on remote computers only.
+If you enable this policy setting for remote troubleshooting, MSDT prompts the user to download more tools to diagnose problems on remote computers only.
 
-If you enable this policy setting for local and remote troubleshooting, MSDT always prompts for additional tool downloading.
+If you enable this policy setting for local and remote troubleshooting, MSDT always prompts for more tool downloading.
 
 If you disable this policy setting, MSDT never downloads tools, and is unable to diagnose problems on remote computers.
 
-If you do not configure this policy setting, MSDT prompts the user before downloading any additional tools.  No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately.
+If you don't configure this policy setting, MSDT prompts the user before downloading any extra tools.  No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately.
 
 This policy setting will take effect only when MSDT is enabled.
 
 This policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state.
 
-When the service is stopped or disabled, diagnostic scenarios are not executed.
+When the service is stopped or disabled, diagnostic scenarios aren't executed.
 
 The DPS can be configured with the Services snap-in to the Microsoft Management Console.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Support Diagnostic Tool: Restrict tool download*
+-   GP Friendly name: *Microsoft Support Diagnostic Tool: Restrict tool download*
 -   GP name: *MsdtToolDownloadPolicy*
 -   GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool*
 -   GP ADMX file name: *MSDT.admx*
@@ -202,32 +160,14 @@ ADMX Info:
 **ADMX_MSDT/WdiScenarioExecutionPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -242,29 +182,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the execution level for Microsoft Support Diagnostic Tool.
+This policy setting determines the execution level for Microsoft Support Diagnostic Tool.
 
 Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals.  If you enable this policy setting, administrators can use MSDT to collect and send diagnostic data to a support professional to resolve a problem.
 
-If you disable this policy setting, MSDT cannot gather diagnostic data.  If you do not configure this policy setting, MSDT is turned on by default.
+If you disable this policy setting, MSDT can't gather diagnostic data.  If you don't configure this policy setting, MSDT is turned on by default.
 
-This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
+This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
 
 No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately.
 
-This policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+This policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Support Diagnostic Tool: Configure execution level*
+-   GP Friendly name: *Microsoft Support Diagnostic Tool: Configure execution level*
 -   GP name: *WdiScenarioExecutionPolicy*
 -   GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool*
 -   GP ADMX file name: *MSDT.admx*
@@ -273,8 +208,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md
index b3f1bd2e74..acdf31ff93 100644
--- a/windows/client-management/mdm/policy-csp-admx-msi.md
+++ b/windows/client-management/mdm/policy-csp-admx-msi.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/16/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_MSI
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -102,32 +106,14 @@ manager: dansimp
 **ADMX_MSI/AllowLockdownBrowse**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -142,27 +128,22 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to search for installation files during privileged installations.
+This policy setting allows users to search for installation files during privileged installations.
 
 If you enable this policy setting, the Browse button in the "Use feature from" dialog box is enabled. As a result, users can search for installation files even when the installation program is running with elevated system privileges.
 
-Because the installation is running with elevated system privileges, users can browse through directories that their own permissions would not allow.
+Because the installation is running with elevated system privileges, users can browse through directories that their own permissions wouldn't allow.
 
-This policy setting does not affect installations that run in the user's security context. Also, see the "Remove browse dialog box for new source" policy setting.
+This policy setting doesn't affect installations that run in the user's security context. Also, see the "Remove browse dialog box for new source" policy setting.
 
-If you disable or do not configure this policy setting, by default, only system administrators can browse during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs.
+If you disable or don't configure this policy setting, by default, only system administrators can browse during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow users to browse for source while elevated*
+-   GP Friendly name: *Allow users to browse for source while elevated*
 -   GP name: *AllowLockdownBrowse*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -176,32 +157,14 @@ ADMX Info:
 **ADMX_MSI/AllowLockdownMedia**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -216,27 +179,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to install programs from removable media during privileged installations.
+This policy setting allows users to install programs from removable media during privileged installations.
 
 If you enable this policy setting, all users are permitted to install programs from removable media, such as floppy disks and CD-ROMs, even when the installation program is running with elevated system privileges.
 
-This policy setting does not affect installations that run in the user's security context. By default, users can install from removable media when the installation runs in their own security context.
+This policy setting doesn't affect installations that run in the user's security context. By default, users can install from removable media when the installation runs in their own security context.
 
-If you disable or do not configure this policy setting, by default, users can install programs from removable media only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or displayed in Add or Remove Programs, only system administrators can install from removable media.
+If you disable or don't configure this policy setting, by default, users can install programs from removable media only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or displayed in Add or Remove Programs, only system administrators can install from removable media.
 
 Also, see the "Prevent removable media source for any install" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow users to use media source while elevated*
+-   GP Friendly name: *Allow users to use media source while elevated*
 -   GP name: *AllowLockdownMedia*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -250,32 +208,14 @@ ADMX Info:
 **ADMX_MSI/AllowLockdownPatch**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -290,24 +230,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to patch elevated products.
+This policy setting allows users to patch elevated products.
 
 If you enable this policy setting, all users are permitted to install patches, even when the installation program is running with elevated system privileges. Patches are updates or upgrades that replace only those program files that have changed. Because patches can easily be vehicles for malicious programs, some installations prohibit their use.
 
-If you disable or do not configure this policy setting, by default, only system administrators can apply patches during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs.
+If you disable or don't configure this policy setting, by default, only system administrators can apply patches during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs.
 
-This policy setting does not affect installations that run in the user's security context. By default, users can install patches to programs that run in their own security context. Also, see the "Prohibit patching" policy setting.
+This policy setting doesn't affect installations that run in the user's security context. By default, users can install patches to programs that run in their own security context. Also, see the "Prohibit patching" policy setting.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow users to patch elevated products*
+-   GP Friendly name: *Allow users to patch elevated products*
 -   GP name: *AllowLockdownPatch*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -321,32 +256,14 @@ ADMX Info:
 **ADMX_MSI/DisableAutomaticApplicationShutdown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -361,7 +278,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update.
+This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update.
 
 If you enable this policy setting, you can use the options in the Prohibit Use of Restart Manager box to control file in use detection behavior.
 
@@ -371,19 +288,14 @@ If you enable this policy setting, you can use the options in the Prohibit Use o
 
 - The "Restart Manager Off for Legacy App Setup" option applies to packages that were created for Windows Installer versions lesser than 4.0. This option lets those packages display the legacy files in use UI while still using Restart Manager for detection.
 
-If you disable or do not configure this policy setting, Windows Installer will use Restart Manager to detect files in use and mitigate a system restart, when possible.
+If you disable or don't configure this policy setting, Windows Installer will use Restart Manager to detect files in use and mitigate a system restart, when possible.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit use of Restart Manager*
+-   GGP Friendly name: *Prohibit use of Restart Manager*
 -   GP name: *DisableAutomaticApplicationShutdown*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -397,32 +309,14 @@ ADMX Info:
 **ADMX_MSI/DisableBrowse**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -437,29 +331,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from searching for installation files when they add features or components to an installed program.
+This policy setting prevents users from searching for installation files when they add features or components to an installed program.
 
 If you enable this policy setting, the Browse button beside the "Use feature from" list in the Windows Installer dialog box is disabled. As a result, users must select an installation file source from the "Use features from" list that the system administrator configures.
 
 This policy setting applies even when the installation is running in the user's security context.
 
-If you disable or do not configure this policy setting, the Browse button is enabled when an installation is running in the user's security context. But only system administrators can browse when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs.
+If you disable or don't configure this policy setting, the Browse button is enabled when an installation is running in the user's security context. But only system administrators can browse when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs.
 
-This policy setting affects Windows Installer only. It does not prevent users from selecting other browsers, such as File Explorer or Network Locations, to search for installation files.
+This policy setting affects Windows Installer only. It doesn't prevent users from selecting other browsers, such as File Explorer or Network Locations, to search for installation files.
 
 Also, see the "Enable user to browse for source while elevated" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove browse dialog box for new source*
+-   GP Friendly name: *Remove browse dialog box for new source*
 -   GP name: *DisableBrowse*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -473,32 +362,14 @@ ADMX Info:
 **ADMX_MSI/DisableFlyweightPatching**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -513,23 +384,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability to turn off all patch optimizations.
+This policy setting controls the ability to turn off all patch optimizations.
 
 If you enable this policy setting, all Patch Optimization options are turned off during the installation.
 
-If you disable or do not configure this policy setting, it enables faster application of patches by removing execution of unnecessary actions. The flyweight patching mode is primarily designed for patches that just update a few files or registry values. The Installer will analyze the patch for specific changes to determine if optimization is possible. If so, the patch will be applied using a minimal set of processing.
+If you disable or don't configure this policy setting, it enables faster application of patches by removing execution of unnecessary actions. The flyweight patching mode is primarily designed for patches that just update a few files or registry values. The Installer will analyze the patch for specific changes to determine if optimization is possible. If so, the patch will be applied using a minimal set of processing.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit flyweight patching*
+-   GP Friendly name: *Prohibit flyweight patching*
 -   GP name: *DisableFlyweightPatching*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -543,32 +409,14 @@ ADMX Info:
 **ADMX_MSI/DisableLoggingFromPackage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -583,7 +431,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package.
+This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package.
 
 If you enable this policy setting, you can use the options in the Disable logging via package settings box to control automatic logging via package settings behavior.
 
@@ -591,19 +439,14 @@ If you enable this policy setting, you can use the options in the Disable loggin
 
 - The "Logging via package settings off" option turns off the automatic logging behavior when specified via the MsiLogging policy. Log files can still be generated using the logging command line switch or the Logging policy.
 
-If you disable or do not configure this policy setting, Windows Installer will automatically generate log files for those packages that include the MsiLogging property.
+If you disable or don't configure this policy setting, Windows Installer will automatically generate log files for those packages that include the MsiLogging property.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off logging via package settings*
+-   GP Friendly name: *Turn off logging via package settings*
 -   GP name: *DisableLoggingFromPackage*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -617,32 +460,14 @@ ADMX Info:
 **ADMX_MSI/DisableMSI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -657,29 +482,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts the use of Windows Installer.
+This policy setting restricts the use of Windows Installer.
 
 If you enable this policy setting, you can prevent users from installing software on their systems or permit users to install only those programs offered by a system administrator. You can use the options in the Disable Windows Installer box to establish an installation setting.
 
-- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software. This is the default behavior for Windows Installer on Windows 2000 Professional, Windows XP Professional and Windows Vista when the policy is not configured.
+- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software. 
 
-- The "For non-managed applications only" option permits users to install only those programs that a system administrator assigns (offers on the desktop) or publishes (adds them to Add or Remove Programs). This is the default behavior of Windows Installer on Windows Server 2003 family when the policy is not configured.
+- The "For non-managed applications only" option permits users to install only those programs that a system administrator assigns (offers on the desktop) or publishes (adds them to Add or Remove Programs). This option's induced behavior is the default behavior of Windows Installer on Windows Server 2003 family when the policy isn't configured.
 
 - The "Always" option indicates that Windows Installer is disabled.
 
-This policy setting affects Windows Installer only. It does not prevent users from using other methods to install and upgrade programs.
+This policy setting affects Windows Installer only. It doesn't prevent users from using other methods to install and upgrade programs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Windows Installer*
+-   GP Friendly name: *Turn off Windows Installer*
 -   GP name: *DisableMSI*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -693,32 +513,14 @@ ADMX Info:
 **ADMX_MSI/DisableMedia**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -733,27 +535,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from installing any programs from removable media.
+This policy setting prevents users from installing any programs from removable media.
 
-If you enable this policy setting, if a user tries to install a program from removable media, such as CD-ROMs, floppy disks, and DVDs, a message appears stating that the feature cannot be found.
+If you enable this policy setting, if a user tries to install a program from removable media, such as CD-ROMs, floppy disks, and DVDs, a message appears stating that the feature can't be found.
 
 This policy setting applies even when the installation is running in the user's security context.
 
-If you disable or do not configure this policy setting, users can install from removable media when the installation is running in their own security context, but only system administrators can use removable media when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs.
+If you disable or don't configure this policy setting, users can install from removable media when the installation is running in their own security context, but only system administrators can use removable media when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs.
 
 Also, see the "Enable user to use media source while elevated" and "Hide the 'Add a program from CD-ROM or floppy disk' option" policy settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent removable media source for any installation*
+-   GP Friendly name: *Prevent removable media source for any installation*
 -   GP name: *DisableMedia*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -767,32 +564,14 @@ ADMX Info:
 **ADMX_MSI/DisablePatch**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -807,28 +586,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from using Windows Installer to install patches.
+This policy setting prevents users from using Windows Installer to install patches.
 
 If you enable this policy setting, users are prevented from using Windows Installer to install patches. Patches are updates or upgrades that replace only those program files that have changed. Because patches can be easy vehicles for malicious programs, some installations prohibit their use.
 
 > [!NOTE]
 > This policy setting applies only to installations that run in the user's security context.
 
-If you disable or do not configure this policy setting, by default, users who are not system administrators cannot apply patches to installations that run with elevated system privileges, such as those offered on the desktop or in Add or Remove Programs.
+If you disable or don't configure this policy setting, by default, users who aren't system administrators can't apply patches to installations that run with elevated system privileges, such as those offered on the desktop or in Add or Remove Programs.
 
 Also, see the "Enable user to patch elevated products" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent users from using Windows Installer to install updates and upgrades*
+-   GP Friendly name: *Prevent users from using Windows Installer to install updates and upgrades*
 -   GP name: *DisablePatch*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -842,32 +616,14 @@ ADMX Info:
 **ADMX_MSI/DisableRollback_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -882,24 +638,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.
+This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.
 
-If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the computer to its original state if the installation does not complete.
+If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer can't restore the computer to its original state if the installation doesn't complete.
 
-This policy setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, do not use this policy setting unless it is essential.
+This policy setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, don't use this policy setting unless it's essential.
 
-This policy setting appears in the Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it is considered be enabled, even if it is explicitly disabled in the other folder.
+This policy setting appears in the Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it's considered to be enabled, even if it's explicitly disabled in the other folder.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit rollback*
+-   GP Friendly name: *Prohibit rollback*
 -   GP name: *DisableRollback_1*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -913,32 +664,14 @@ ADMX Info:
 **ADMX_MSI/DisableRollback_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -953,25 +686,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.
+This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.
 
-If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the computer to its original state if the installation does not complete.
+If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer can't restore the computer to its original state if the installation doesn't complete.
 
-This policy setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, do not use this policy setting unless it is essential.
+This policy setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, don't use this policy setting unless it's essential.
 
-This policy setting appears in the Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it is considered be enabled, even if it is explicitly disabled in the other folder.
+This policy setting appears in the Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it's considered to be enabled, even if it's explicitly disabled in the other folder.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit rollback*
+-   GP Friendly name: *Prohibit rollback*
 -   GP name: *DisableRollback_2*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -985,32 +713,14 @@ ADMX Info:
 **ADMX_MSI/DisableSharedComponent**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1025,23 +735,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability to turn off shared components.
+This policy setting controls the ability to turn off shared components.
 
 If you enable this policy setting, no packages on the system get the shared component functionality enabled by the msidbComponentAttributesShared attribute in the Component Table.
 
-If you disable or do not configure this policy setting, by default, the shared component functionality is allowed.
+If you disable or don't configure this policy setting, by default, the shared component functionality is allowed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off shared components*
+-   GP Friendly name: *Turn off shared components*
 -   GP name: *DisableSharedComponent*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -1055,32 +760,14 @@ ADMX Info:
 **ADMX_MSI/MSILogging**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1095,25 +782,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Specifies the types of events that Windows Installer records in its transaction log for each installation. The log, Msi.log, appears in the Temp directory of the system volume.
+Specifies the types of events that Windows Installer records in its transaction log for each installation. The log, Msi.log, appears in the Temp directory of the system volume.
 
 When you enable this policy setting, you can specify the types of events you want Windows Installer to record. To indicate that an event type is recorded, type the letter representing the event type. You can type the letters in any order and list as many or as few event types as you want.
 
 To disable logging, delete all of the letters from the box.
 
-If you disable or do not configure this policy setting, Windows Installer logs the default event types, represented by the letters "iweap."
+If you disable or don't configure this policy setting, Windows Installer logs the default event types, represented by the letters "iweap."
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify the types of events Windows Installer records in its transaction log*
+-   GP Friendly name: *Specify the types of events Windows Installer records in its transaction log*
 -   GP name: *MSILogging*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -1128,32 +810,14 @@ ADMX Info:
 **ADMX_MSI/MSI_DisableLUAPatching**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1168,25 +832,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.
+This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.
 
 Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.
 
 If you enable this policy setting, only administrators or users with administrative privileges can apply updates to Windows Installer based applications.
 
-If you disable or do not configure this policy setting, users without administrative privileges can install non-administrator updates.
+If you disable or don't configure this policy setting, users without administrative privileges can install non-administrator updates.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit non-administrators from applying vendor signed updates*
+-   GP Friendly name: *Prohibit non-administrators from applying vendor signed updates*
 -   GP name: *MSI_DisableLUAPatching*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -1201,32 +860,14 @@ ADMX Info:
 **ADMX_MSI/MSI_DisablePatchUninstall**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1241,25 +882,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability for users or administrators to remove Windows Installer based updates.
+This policy setting controls the ability for users or administrators to remove Windows Installer based updates.
 
-This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators.
+This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed can't be removed by users or administrators.
 
-If you enable this policy setting, updates cannot be removed from the computer by a user or an administrator. The Windows Installer can still remove an update that is no longer applicable to the product.
+If you enable this policy setting, updates can't be removed from the computer by a user or an administrator. The Windows Installer can still remove an update that is no longer applicable to the product.
 
-If you disable or do not configure this policy setting, a user can remove an update from the computer only if the user has been granted privileges to remove the update. This can depend on whether the user is an administrator, whether "Disable Windows Installer" and "Always install with elevated privileges" policy settings are set, and whether the update was installed in a per-user managed, per-user unmanaged, or per-machine context."
+If you disable or don't configure this policy setting, a user can remove an update from the computer only if the user has been granted privileges to remove the update. This grant of privileges can depend on whether the user is an administrator, whether "Disable Windows Installer" and "Always install with elevated privileges" policy settings are set, and whether the update was installed in a per-user managed, per-user unmanaged, or per-machine context."
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit removal of updates*
+-   GP Friendly name: *Prohibit removal of updates*
 -   GP name: *MSI_DisablePatchUninstall*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -1274,32 +910,14 @@ ADMX Info:
 **ADMX_MSI/MSI_DisableSRCheckPoints**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1314,23 +932,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files.
+This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users - when a problem occurs - to restore their computers to a previous state without losing personal data files.
 
-If you enable this policy setting, the Windows Installer does not generate System Restore checkpoints when installing applications.
+If you enable this policy setting, the Windows Installer doesn't generate System Restore checkpoints when installing applications.
 
-If you disable or do not configure this policy setting, by default, the Windows Installer automatically creates a System Restore checkpoint each time an application is installed, so that users can restore their computer to the state it was in before installing the application.
+If you disable or don't configure this policy setting, by default, the Windows Installer automatically creates a System Restore checkpoint each time an application is installed, so that users can restore their computer to the state it was in before installing the application.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off creation of System Restore checkpoints*
+-   GP Friendly name: *Turn off creation of System Restore checkpoints*
 -   GP name: *MSI_DisableSRCheckPoints*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -1345,32 +958,14 @@ ADMX Info:
 **ADMX_MSI/MSI_DisableUserInstalls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1385,23 +980,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure user installs. To configure this policy setting, set it to enabled and use the drop-down list to select the behavior you want.
+This policy setting allows you to configure user installs. To configure this policy setting, set it to enabled and use the drop-down list to select the behavior you want.
 
-If you do not configure this policy setting, or if the policy setting is enabled and "Allow User Installs" is selected, the installer allows and makes use of products that are installed per user, and products that are installed per computer. If the installer finds a per-user install of an application, this hides a per-computer installation of that same product.
+If you don't configure this policy setting, or if the policy setting is enabled and "Allow User Installs" is selected, the installer allows and makes use of products that are installed per user, and products that are installed per computer. If the installer finds a per-user install of an application, the per-computer installation of that same product is hidden.
 
-If you enable this policy setting and "Hide User Installs" is selected, the installer ignores per-user applications. This causes a per-computer installed application to be visible to users, even if those users have a per-user install of the product registered in their user profile.
+If you enable this policy setting and "Hide User Installs" is selected, the installer ignores per-user applications. This behavior of the installer causes a per-computer installed application to be visible to users, even if those users have a per-user install of the product registered in their user profile.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit User Installs*
+-   GP Friendly name: *Prohibit User Installs*
 -   GP name: *MSI_DisableUserInstalls*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -1416,32 +1006,14 @@ ADMX Info:
 **ADMX_MSI/MSI_EnforceUpgradeComponentRules**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1456,29 +1028,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting causes the Windows Installer to enforce strict rules for component upgrades.
+This policy setting causes the Windows Installer to enforce strict rules for component upgrades.
 
-If you enable this policy setting, strict upgrade rules will be enforced by the Windows Installer which may cause some upgrades to fail. Upgrades can fail if they attempt to do one of the following:
+If you enable this policy setting, strict upgrade rules will be enforced by the Windows Installer, which may cause some upgrades to fail. Upgrades can fail if they attempt to do one of the following steps:
 
 (1) Remove a component from a feature.
-This can also occur if you change the GUID of a component. The component identified by the original GUID appears to be removed and the component as identified by the new GUID appears as a new component.
+This removal can also occur if you change the GUID of a component. The component identified by the original GUID appears to be removed and the component as identified by the new GUID appears as a new component.
 
 (2) Add a new feature to the top or middle of an existing feature tree.
 The new feature must be added as a new leaf feature to an existing feature tree.
 
-If you disable or do not configure this policy setting, the Windows Installer will use less restrictive rules for component upgrades.
+If you disable or don't configure this policy setting, the Windows Installer will use less restrictive rules for component upgrades.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enforce upgrade component rules*
+-   GP Friendly name: *Enforce upgrade component rules*
 -   GP name: *MSI_EnforceUpgradeComponentRules*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -1492,32 +1059,14 @@ ADMX Info:
 **ADMX_MSI/MSI_MaxPatchCacheSize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1532,29 +1081,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy controls the percentage of disk space available to the Windows Installer baseline file cache.
+This policy controls the percentage of disk space available to the Windows Installer baseline file cache.
 
 The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied.
 
-If you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache.
+If you enable this policy setting, you can modify the maximum size of the Windows Installer baseline file cache.
 
 If you set the baseline cache size to 0, the Windows Installer will stop populating the baseline cache for new updates. The existing cached files will remain on disk and will be deleted when the product is removed.
 
 If you set the baseline cache to 100, the Windows Installer will use available free space for the baseline file cache.
 
-If you disable or do not configure this policy setting, the Windows Installer will uses a default value of 10 percent for the baseline file cache maximum size.
+If you disable or don't configure this policy setting, the Windows Installer will use a default value of 10 percent for the baseline file cache maximum size.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Control maximum size of baseline file cache*
+-   GP Friendly name: *Control maximum size of baseline file cache*
 -   GP name: *MSI_MaxPatchCacheSize*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -1568,32 +1112,14 @@ ADMX Info:
 **ADMX_MSI/MsiDisableEmbeddedUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1608,23 +1134,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability to prevent embedded UI.
+This policy setting controls the ability to prevent embedded UI.
 
 If you enable this policy setting, no packages on the system can run embedded UI.
 
-If you disable or do not configure this policy setting, embedded UI is allowed to run.
+If you disable or don't configure this policy setting, embedded UI is allowed to run.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent embedded UI*
+-   GP Friendly name: *Prevent embedded UI*
 -   GP name: *MsiDisableEmbeddedUI*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -1638,32 +1159,14 @@ ADMX Info:
 **ADMX_MSI/SafeForScripting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1678,25 +1181,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows Web-based programs to install software on the computer without notifying the user.
+This policy setting allows Web-based programs to install software on the computer without notifying the user.
 
-If you disable or do not configure this policy setting, by default, when a script hosted by an Internet browser tries to install a program on the system, the system warns users and allows them to select or refuse the installation.
+If you disable or don't configure this policy setting, by default, when a script hosted by an Internet browser tries to install a program on the system, the system warns users and allows them to select or refuse the installation.
 
 If you enable this policy setting, the warning is suppressed and allows the installation to proceed.
 
 This policy setting is designed for enterprises that use Web-based tools to distribute programs to their employees. However, because this policy setting can pose a security risk, it should be applied cautiously.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent Internet Explorer security prompt for Windows Installer scripts*
+-   GP Friendly name: *Prevent Internet Explorer security prompt for Windows Installer scripts*
 -   GP name: *SafeForScripting*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -1710,32 +1208,14 @@ ADMX Info:
 **ADMX_MSI/SearchOrder**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1750,9 +1230,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the order in which Windows Installer searches for installation files.
+This policy setting specifies the order in which Windows Installer searches for installation files.
 
-If you disable or do not configure this policy setting, by default, the Windows Installer searches the network first, then removable media (floppy drive, CD-ROM, or DVD), and finally, the Internet (URL).
+If you disable or don't configure this policy setting, by default, the Windows Installer searches the network first, then removable media (floppy drive, CD-ROM, or DVD), and finally, the Internet (URL).
 
 If you enable this policy setting, you can change the search order by specifying the letters representing each file source in the order that you want Windows Installer to search:
 
@@ -1763,16 +1243,11 @@ If you enable this policy setting, you can change the search order by specifying
 To exclude a file source, omit or delete the letter representing that source type.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify the order in which Windows Installer searches for installation files*
+-   GP Friendly name: *Specify the order in which Windows Installer searches for installation files*
 -   GP name: *SearchOrder*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -1786,32 +1261,14 @@ ADMX Info:
 **ADMX_MSI/TransformsSecure**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1826,31 +1283,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting saves copies of transform files in a secure location on the local computer.
+This policy setting saves copies of transform files in a secure location on the local computer.
 
 Transform files consist of instructions to modify or customize a program during installation.
 
 If you enable this policy setting, the transform file is saved in a secure location on the user's computer.
 
-If you do not configure this policy setting on Windows Server 2003, Windows Installer requires the transform file in order to repeat an installation in which the transform file was used, therefore, the user must be using the same computer or be connected to the original or identical media to reinstall, remove, or repair the installation.
+If you don't configure this policy setting on Windows Server 2003, Windows Installer requires the transform file in order to repeat an installation in which the transform file was used, therefore, the user must be using the same computer or be connected to the original or identical media to reinstall, remove, or repair the installation.
 
 This policy setting is designed for enterprises to prevent unauthorized or malicious editing of transform files.
 
 If you disable this policy setting, Windows Installer stores transform files in the Application Data directory in the user's profile.
 
-If you do not configure this policy setting on Windows 2000 Professional, Windows XP Professional and Windows Vista, when a user reinstalls, removes, or repairs an installation, the transform file is available, even if the user is on a different computer or is not connected to the network.
-
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Save copies of transform files in a secure location on workstation*
+-   GP Friendly name: *Save copies of transform files in a secure location on workstation*
 -   GP name: *TransformsSecure*
 -   GP path: *Windows Components\Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -1860,7 +1310,6 @@ ADMX Info:
 
                  
 
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
new file mode 100644
index 0000000000..2d23267cbd
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
@@ -0,0 +1,97 @@
+---
+title: Policy CSP - ADMX_MsiFileRecovery
+description: Policy CSP - ADMX_MsiFileRecovery
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/20/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_MsiFileRecovery
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_MsiFileRecovery policies  
+
+
                  
+  
                  
+    ADMX_MsiFileRecovery/WdiScenarioExecutionPolicy
+  
                  
+
                  
+
+
                  
+
+
+**ADMX_MsiFileRecovery/WdiScenarioExecutionPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to configure the recovery behavior for corrupted MSI files to one of three states:  
+
+- Prompt for Resolution: Detection, troubleshooting, and recovery of corrupted MSI applications will be turned on. Windows will prompt the user with a dialog-box when application reinstallation is required.
+This behavior is the default recovery behavior on Windows client.  
+
+- Silent: Detection, troubleshooting, and notification of MSI application to reinstall will occur with no UI. Windows will log an event when corruption is determined and will suggest the application that should be reinstalled. This behavior is recommended for headless operation and is the default recovery behavior on Windows server.  
+
+- Troubleshooting Only: Detection and verification of file corruption will be performed without UI.  
+Recovery isn't attempted.  
+
+- If you enable this policy setting, the recovery behavior for corrupted files is set to either the Prompt For Resolution (default on Windows client), Silent (default on Windows server), or Troubleshooting Only.  
+
+- If you disable this policy setting, the troubleshooting and recovery behavior for corrupted files will be disabled. No troubleshooting or resolution will be attempted.  
+
+If you don't configure this policy setting, the recovery behavior for corrupted files will be set to the default recovery behavior. No system or service restarts are required for changes to this policy setting to take immediate effect after a Group Policy refresh.  
+
+> [!NOTE]
+> This policy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, system file recovery will not be attempted. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure MSI Corrupted File Recovery behavior*
+-   GP name: *WdiScenarioExecutionPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\MSI Corrupted File Recovery*
+-   GP ADMX file name: *MsiFileRecovery.admx*
+
+
+
+
+
                  
+
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md
index da4cff082f..4a0b0ee3ae 100644
--- a/windows/client-management/mdm/policy-csp-admx-nca.md
+++ b/windows/client-management/mdm/policy-csp-admx-nca.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/14/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_nca
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -55,32 +59,14 @@ manager: dansimp
 **ADMX_nca/CorporateResources**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -95,7 +81,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. 
+This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. 
 
 Each string can be one of the following types:  
 
@@ -106,22 +92,17 @@ Each string can be one of the following types:
 
 > [!IMPORTANT]
 > At least one of the entries must be a PING: resource.
-> -	A Uniform Resource Locator (URL) that NCA queries with a Hypertext Transfer Protocol (HTTP) request. The contents of the web page do not matter. The syntax is “HTTP:” followed by a URL. The host portion of the URL must resolve to an IPv6 address of a Web server or contain an IPv6 address. Examples: HTTP:http://myserver.corp.contoso.com/ or HTTP:http://2002:836b:1::1/.
-> -	A Universal Naming Convention (UNC) path to a file that NCA checks for existence. The contents of the file do not matter. The syntax is “FILE:” followed by a UNC path. The ComputerName portion of the UNC path must resolve to an IPv6 address or contain an IPv6 address. Examples: FILE:\\myserver\myshare\test.txt or FILE:\\2002:836b:1::1\myshare\test.txt.
+> -	A Uniform Resource Locator (URL) that NCA queries with a Hypertext Transfer Protocol (HTTP) request. The contents of the web page don't matter. The syntax is “HTTP:” followed by a URL. The host portion of the URL must resolve to an IPv6 address of a Web server or contain an IPv6 address. Examples: HTTP:http://myserver.corp.contoso.com/ or HTTP:http://2002:836b:1::1/.
+> -	A Universal Naming Convention (UNC) path to a file that NCA checks for existence. The contents of the file don't matter. The syntax is “FILE:” followed by a UNC path. The ComputerName portion of the UNC path must resolve to an IPv6 address or contain an IPv6 address. Examples: FILE:\\myserver\myshare\test.txt or FILE:\\2002:836b:1::1\myshare\test.txt.
 
 You must configure this setting to have complete NCA functionality.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Corporate Resources*
+-   GP Friendly name: *Corporate Resources*
 -   GP name: *CorporateResources*
 -   GP path: *Network\DirectAccess Client Experience Settings*
 -   GP ADMX file name: *nca.admx*
@@ -134,32 +115,14 @@ ADMX Info:
 **ADMX_nca/CustomCommands**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -174,19 +137,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands.
+This policy setting specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Custom Commands*
+-   GP Friendly name: *Custom Commands*
 -   GP name: *CustomCommands*
 -   GP path: *Network\DirectAccess Client Experience Settings*
 -   GP ADMX file name: *nca.admx*
@@ -199,32 +157,14 @@ ADMX Info:
 **ADMX_nca/DTEs**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -239,7 +179,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. 
+This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. 
 
 By default, NCA uses the same DirectAccess server that the DirectAccess client computer connection is using. In default configurations of DirectAccess, there are typically two IPsec tunnel endpoints: one for the infrastructure tunnel and one for the intranet tunnel. You should configure one endpoint for each tunnel.
 
@@ -248,16 +188,11 @@ Each entry consists of the text PING: followed by the IPv6 address of an IPsec t
 You must configure this setting to have complete NCA functionality.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *IPsec Tunnel Endpoints*
+-   GP Friendly name: *IPsec Tunnel Endpoints*
 -   GP name: *DTEs*
 -   GP path: *Network\DirectAccess Client Experience Settings*
 -   GP ADMX file name: *nca.admx*
@@ -270,32 +205,14 @@ ADMX Info:
 **ADMX_nca/FriendlyName**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -310,21 +227,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example, you can specify “Contoso Intranet Access” for the DirectAccess clients of the Contoso Corporation.
+This policy setting specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example, you can specify “Contoso Intranet Access” for the DirectAccess clients of the Contoso Corporation.
 
-If this setting is not configured, the string that appears for DirectAccess connectivity is “Corporate Connection”.
+If this setting isn't configured, the string that appears for DirectAccess connectivity is “Corporate Connection”.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Friendly Name*
+-   GP Friendly name: *Friendly Name*
 -   GP name: *FriendlyName*
 -   GP path: *Network\DirectAccess Client Experience Settings*
 -   GP ADMX file name: *nca.admx*
@@ -337,32 +249,14 @@ ADMX Info:
 **ADMX_nca/LocalNamesOn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -377,30 +271,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.
+This policy setting specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.
 
-If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the Name Resolution Policy Table (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names.
+If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the Name Resolution Policy Table (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. NCA doesn't remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names.
 
-The ability to disconnect allows users to specify single-label, unqualified names (such as “PRINTSVR”) for local resources when connected to a different intranet and for temporary access to intranet resources when network location detection has not correctly determined that the DirectAccess client computer is connected to its own intranet.
+The ability to disconnect allows users to specify single-label, unqualified names (such as “PRINTSVR”) for local resources when connected to a different intranet and for temporary access to intranet resources when network location detection hasn't correctly determined that the DirectAccess client computer is connected to its own intranet.
 
 To restore the DirectAccess rules to the NRPT and resume normal DirectAccess functionality, the user clicks Connect.
 
 > [!NOTE]
 > If the DirectAccess client computer is on the intranet and has correctly determined its network location, the Disconnect option has no effect because the rules for DirectAccess are already removed from the NRPT.
 
-If this setting is not configured, users do not have Connect or Disconnect options.
+If this setting isn't configured, users don't have Connect or Disconnect options.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prefer Local Names Allowed*
+-   GP Friendly name: *Prefer Local Names Allowed*
 -   GP name: *LocalNamesOn*
 -   GP path: *Network\DirectAccess Client Experience Settings*
 -   GP ADMX file name: *nca.admx*
@@ -413,32 +302,14 @@ ADMX Info:
 **ADMX_nca/PassiveMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -453,20 +324,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether NCA service runs in Passive Mode or not.
+This policy setting specifies whether NCA service runs in Passive Mode or not.
 
-Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured, NCA probing is in active mode by default.
+Set this policy setting to Disabled to keep NCA probing actively all the time. If this setting isn't configured, NCA probing is in active mode by default.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *DirectAccess Passive Mode*
+-   GP Friendly name: *DirectAccess Passive Mode*
 -   GP name: *PassiveMode*
 -   GP path: *Network\DirectAccess Client Experience Settings*
 -   GP ADMX file name: *nca.admx*
@@ -479,32 +345,14 @@ ADMX Info:
 **ADMX_nca/ShowUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -519,23 +367,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.
+This policy setting specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.
 
-Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. 
+Set this policy setting to Disabled to prevent user confusion when you're just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. 
 
-If this setting is not configured, the entry for DirectAccess connectivity appears.
+If this setting isn't configured, the entry for DirectAccess connectivity appears.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *User Interface*
+-   GP Friendly name: *User Interface*
 -   GP name: *ShowUI*
 -   GP path: *Network\DirectAccess Client Experience Settings*
 -   GP ADMX file name: *nca.admx*
@@ -548,32 +391,14 @@ ADMX Info:
 **ADMX_nca/SupportEmail**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -588,21 +413,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. 
+This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. 
 
 When the user sends the log files to the Administrator, NCA uses the default e-mail client to open a new message with the support email address in the To: field of the message, then attaches the generated log files as a .html file. The user can review the message and add additional information before sending the message.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Support Email Address*
+-   GP Friendly name: *Support Email Address*
 -   GP name: *SupportEmail*
 -   GP path: *Network\DirectAccess Client Experience Settings*
 -   GP ADMX file name: *nca.admx*
@@ -611,8 +431,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md
index 7bca9000d2..2560340dd7 100644
--- a/windows/client-management/mdm/policy-csp-admx-ncsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/14/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_NCSI
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -52,32 +56,14 @@ manager: dansimp
 **ADMX_NCSI/NCSI_CorpDnsProbeContent**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -92,19 +78,14 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting  enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.
+This policy setting  enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify corporate DNS probe host address*
+-   GP Friendly name: *Specify corporate DNS probe host address*
 -   GP name: *NCSI_CorpDnsProbeContent*
 -   GP path: *Network\Network Connectivity Status Indicator*
 -   GP ADMX file name: *NCSI.admx*
@@ -117,32 +98,14 @@ ADMX Info:
 **ADMX_NCSI/NCSI_CorpDnsProbeHost**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -157,19 +120,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity.
+This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify corporate DNS probe host name*
+-   GP Friendly name: *Specify corporate DNS probe host name*
 -   GP name: *NCSI_CorpDnsProbeHost*
 -   GP path: *Network\Network Connectivity Status Indicator*
 -   GP ADMX file name: *NCSI.admx*
@@ -182,32 +140,14 @@ ADMX Info:
 **ADMX_NCSI/NCSI_CorpSitePrefixes**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -222,19 +162,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity.
+This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify corporate site prefix list*
+-   GP Friendly name: *Specify corporate site prefix list*
 -   GP name: *NCSI_CorpSitePrefixes*
 -   GP path: *Network\Network Connectivity Status Indicator*
 -   GP ADMX file name: *NCSI.admx*
@@ -247,32 +182,14 @@ ADMX Info:
 **ADMX_NCSI/NCSI_CorpWebProbeUrl**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -287,19 +204,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the URL of the corporate website, against which an active probe is performed.
+This policy setting enables you to specify the URL of the corporate website, against which an active probe is performed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify corporate Website probe URL*
+-   GP Friendly name: *Specify corporate Website probe URL*
 -   GP name: *NCSI_CorpWebProbeUrl*
 -   GP path: *Network\Network Connectivity Status Indicator*
 -   GP ADMX file name: *NCSI.admx*
@@ -315,32 +227,14 @@ ADMX Info:
 **ADMX_NCSI/NCSI_DomainLocationDeterminationUrl**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -355,19 +249,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.
+This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify domain location determination URL*
+-   GP Friendly name: *Specify domain location determination URL*
 -   GP name: *NCSI_DomainLocationDeterminationUrl*
 -   GP path: *Network\Network Connectivity Status Indicator*
 -   GP ADMX file name: *NCSI.admx*
@@ -380,32 +269,14 @@ ADMX Info:
 **ADMX_NCSI/NCSI_GlobalDns**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -420,19 +291,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it is currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface.
+This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it is currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify global DNS*
+-   GP Friendly name: *Specify global DNS*
 -   GP name: *NCSI_GlobalDns*
 -   GP path: *Network\Network Connectivity Status Indicator*
 -   GP ADMX file name: *NCSI.admx*
@@ -445,32 +311,14 @@ ADMX Info:
 **ADMX_NCSI/NCSI_PassivePolling**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -485,19 +333,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This Policy setting enables you to specify passive polling behavior. NCSI polls various measurements throughout the network stack on a frequent interval to determine if network connectivity has been lost.  Use the options to control the passive polling behavior.
+This Policy setting enables you to specify passive polling behavior. NCSI polls various measurements throughout the network stack on a frequent interval to determine if network connectivity has been lost.  Use the options to control the passive polling behavior.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify passive polling*
+-   GP Friendly name: *Specify passive polling*
 -   GP name: *NCSI_PassivePolling*
 -   GP path: *Network\Network Connectivity Status Indicator*
 -   GP ADMX file name: *NCSI.admx*
@@ -506,7 +349,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md
index 76c9223297..4527aa2946 100644
--- a/windows/client-management/mdm/policy-csp-admx-netlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/15/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Netlogon
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -136,32 +140,14 @@ manager: dansimp
 **ADMX_Netlogon/Netlogon_AddressLookupOnPingBehavior**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -176,31 +162,26 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures how a domain controller (DC) behaves when responding to a client whose IP address does not map to any configured site.
+This policy setting configures how a domain controller (DC) behaves when responding to a client whose IP address doesn't map to any configured site.
 
-Domain controllers use the client IP address during a DC locator ping request to compute which Active Directory site the client belongs to. If no site mapping can be computed, the DC may do an address lookup on the client network name to discover other IP addresses which may then be used to compute a matching site for the client. 
+Domain controllers use the client IP address during a DC locator ping request to compute which Active Directory site the client belongs to. If no site mapping can be computed, the DC may do an address lookup on the client network name to discover other IP addresses that may then be used to compute a matching site for the client.
 
 The allowable values for this setting result in the following behaviors:
 
 - 0 - DCs will never perform address lookups.
-- 1 - DCs will perform an exhaustive address lookup to discover additional client IP addresses.
-- 2 - DCs will perform a fast, DNS-only address lookup to discover additional client IP addresses.
+- 1 - DCs will perform an exhaustive address lookup to discover more client IP addresses.
+- 2 - DCs will perform a fast, DNS-only address lookup to discover more client IP addresses.
 
 To specify this behavior in the DC Locator DNS SRV records, click Enabled, and then enter a value. The range of values is from 0 to 2.
 
-If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
+If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify address lookup behavior for DC locator ping*
+-   GP Friendly name: *Specify address lookup behavior for DC locator ping*
 -   GP name: *Netlogon_AddressLookupOnPingBehavior*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -213,32 +194,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_AddressTypeReturned**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -253,27 +216,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6, the returned DC IP address was IPv4. But with the support of IPv6, the DC Locator APIs can return IPv6 DC address. The returned IPv6 DC address may not be correctly handled by some of the existing applications. So this policy is provided to support such scenarios.
+This policy setting determines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6, the returned DC IP address was IPv4. But with the support of IPv6, the DC Locator APIs can return IPv6 DC address. The returned IPv6 DC address may not be correctly handled by some of the existing applications. So this policy is provided to support such scenarios.
 
 By default, DC Locator APIs can return IPv4/IPv6 DC address. But if some applications are broken due to the returned IPv6 DC address, this policy can be used to disable the default behavior and enforce to return only IPv4 DC address. Once applications are fixed, this policy can be used to enable the default behavior.
 
-If you enable this policy setting, DC Locator APIs can return IPv4/IPv6 DC address. This is the default behavior of the DC Locator.
+If you enable this policy setting, DC Locator APIs can return IPv4/IPv6 DC address. This behavior is the default behavior of the DC Locator.
 
 If you disable this policy setting, DC Locator APIs will ONLY return IPv4 DC address if any. So if the domain controller supports both IPv4 and IPv6 addresses, DC Locator APIs will return IPv4 address. But if the domain controller supports only IPv6 address, then DC Locator APIs will fail.
 
-If you do not configure this policy setting, DC Locator APIs can return IPv4/IPv6 DC address. This is the default behavior of the DC Locator.
+If you don't configure this policy setting, DC Locator APIs can return IPv4/IPv6 DC address. This behavior is the default behavior of the DC Locator.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Return domain controller address type*
+-   GP Friendly name: *Return domain controller address type*
 -   GP name: *Netlogon_AddressTypeReturned*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -288,32 +246,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_AllowDnsSuffixSearch**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -328,25 +268,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, is not used if the AllowSingleLabelDnsDomain policy setting is enabled.
+This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, isn't used if the AllowSingleLabelDnsDomain policy setting is enabled.
 
 By default, when no setting is specified for this policy, the behavior is the same as explicitly enabling this policy, unless the AllowSingleLabelDnsDomain policy setting is enabled.
 
-If you enable this policy setting, when the AllowSingleLabelDnsDomain policy is not enabled, computers to which this policy is applied, will locate a domain controller hosting an Active Directory domain specified with a single-label name, by appending different registered DNS suffixes to perform DNS name resolution. The single-label name is not used without appending DNS suffixes unless the computer is joined to a domain that has a single-label DNS name in the Active Directory forest. NetBIOS name resolution is performed on the single-label name only, in the event that DNS resolution fails.
+If you enable this policy setting, when the AllowSingleLabelDnsDomain policy isn't enabled, computers to which this policy is applied, will locate a domain controller hosting an Active Directory domain specified with a single-label name, by appending different registered DNS suffixes to perform DNS name resolution. The single-label name isn't used without appending DNS suffixes unless the computer is joined to a domain that has a single-label DNS name in the Active Directory forest. NetBIOS name resolution is performed on the single-label name only, if DNS resolution fails.
 
-If you disable this policy setting, when the AllowSingleLabelDnsDomain policy is not enabled, computers to which this policy is applied, will only use NetBIOS name resolution to attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name. The computers will not attempt DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name to which this computer is joined, in the Active Directory forest.
+If you disable this policy setting, when the AllowSingleLabelDnsDomain policy isn't enabled, computers to which this policy is applied, will only use NetBIOS name resolution to attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name. The computers won't attempt DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name to which this computer is joined, in the Active Directory forest.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled.*
+-   GP Friendly name: *Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled.*
 -   GP name: *Netlogon_AllowDnsSuffixSearch*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -361,32 +296,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_AllowNT4Crypto**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -401,27 +318,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later, including this version of Windows.
+This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier aren't as secure as newer algorithms used in Windows 2000 or later, including this version of Windows.
 
-By default, Net Logon will not allow the older cryptography algorithms to be used and will not include them in the negotiation of cryptography algorithms. Therefore, computers running Windows NT 4.0 will not be able to establish a connection to this domain controller.
+By default, Net Logon won't allow the older cryptography algorithms to be used and won't include them in the negotiation of cryptography algorithms. Therefore, computers running Windows NT 4.0 won't be able to establish a connection to this domain controller.
  
 If you enable this policy setting, Net Logon will allow the negotiation and use of older cryptography algorithms compatible with Windows NT 4.0. However, using the older algorithms represents a potential security risk.
 
-If you disable this policy setting, Net Logon will not allow the negotiation and use of older cryptography algorithms. 
+If you disable this policy setting, Net Logon won't allow the negotiation and use of older cryptography algorithms. 
 
-If you do not configure this policy setting, Net Logon will not allow the negotiation and use of older cryptography algorithms.
+If you don't configure this policy setting, Net Logon won't allow the negotiation and use of older cryptography algorithms.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow cryptography algorithms compatible with Windows NT 4.0*
+-   GP Friendly name: *Allow cryptography algorithms compatible with Windows NT 4.0*
 -   GP name: *Netlogon_AllowNT4Crypto*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -436,32 +348,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_AllowSingleLabelDnsDomain**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -476,27 +370,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.
+This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain name.
 
 By default, the behavior specified in the AllowDnsSuffixSearch is used. If the AllowDnsSuffixSearch policy is disabled, then NetBIOS name resolution is used exclusively, to locate a domain controller hosting an Active Directory domain specified with a single-label name.
 
 If you enable this policy setting, computers to which this policy is applied will attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name using DNS name resolution.
 
-If you disable this policy setting, computers to which this setting is applied will use the AllowDnsSuffixSearch policy, if it is not disabled or perform NetBIOS name resolution otherwise, to attempt to locate a domain controller that hosts an Active Directory domain specified with a single-label name. the computers will not the DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name that exists in the Active Directory forest to which this computer is joined.
+If you disable this policy setting, computers to which this setting is applied will use the AllowDnsSuffixSearch policy, if it isn't disabled or perform NetBIOS name resolution otherwise, to attempt to locate a domain controller that hosts an Active Directory domain specified with a single-label name. the computers won't the DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name that exists in the Active Directory forest to which this computer is joined.
 
-If you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration.
+If you don't configure this policy setting, it isn't applied to any computers, and computers use their local configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC*
+-   GP Friendly name: *Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC*
 -   GP name: *Netlogon_AllowSingleLabelDnsDomain*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -511,32 +400,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_AutoSiteCoverage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -551,25 +422,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.
+This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service, and they're used to locate the DC.
 
 If you enable this policy setting, the DCs to which this setting is applied dynamically register DC Locator site-specific DNS SRV records for the closest sites where no DC for the same domain, or no Global Catalog for the same forest, exists.
 
-If you disable this policy setting, the DCs will not register site-specific DC Locator DNS SRV records for any other sites but their own.
+If you disable this policy setting, the DCs won't register site-specific DC Locator DNS SRV records for any other sites but their own.
 
-If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
+If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Use automated site coverage by the DC Locator DNS SRV Records*
+-   GP Friendly name: *Use automated site coverage by the DC Locator DNS SRV Records*
 -   GP name: *Netlogon_AutoSiteCoverage*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -584,32 +450,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_AvoidFallbackNetbiosDiscovery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -624,28 +472,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the domain controller (DC) location algorithm. By default, the DC location algorithm prefers DNS-based discovery if the DNS domain name is known. If DNS-based discovery fails and the NetBIOS domain name is known, the algorithm then uses NetBIOS-based discovery as a fallback mechanism.
+This policy setting allows you to control the domain controller (DC) location algorithm. By default, the DC location algorithm prefers DNS-based discovery if the DNS domain name is known. If DNS-based discovery fails and the NetBIOS domain name is known, the algorithm then uses NetBIOS-based discovery as a fallback mechanism.
 
-NetBIOS-based discovery uses a WINS server and mailslot messages but does not use site information. Hence it does not ensure that clients will discover the closest DC. It also allows a hub-site client to discover a branch-site DC even if the branch-site DC only registers site-specific DNS records (as recommended). For these reasons, NetBIOS-based discovery is not recommended.
+NetBIOS-based discovery uses a WINS server and mailslot messages but doesn't use site information. Hence it doesn't ensure that clients will discover the closest DC. It also allows a hub-site client to discover a branch-site DC even if the branch-site DC only registers site-specific DNS records (as recommended). For these reasons, NetBIOS-based discovery isn't recommended.
 
 > [!NOTE]
-> This policy setting does not affect NetBIOS-based discovery for DC location if only the NetBIOS domain name is known.
+> This policy setting doesn't affect NetBIOS-based discovery for DC location if only the NetBIOS domain name is known.
 
-If you enable or do not configure this policy setting, the DC location algorithm does not use NetBIOS-based discovery as a fallback mechanism when DNS-based discovery fails. This is the default behavior.
+If you disable or don't configure this policy setting, the DC location algorithm doesn't use NetBIOS-based discovery as a fallback mechanism when DNS-based discovery fails. This behavior is the default behavior.
 
 If you disable this policy setting, the DC location algorithm can use NetBIOS-based discovery as a fallback mechanism when DNS based discovery fails.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails*
+-   GP Friendly name: *Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails*
 -   GP name: *Netlogon_AvoidFallbackNetbiosDiscovery*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -660,32 +503,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_AvoidPdcOnWan**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -700,27 +525,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.
+This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.
 
 Contacting the PDC emulator is useful in case the client’s password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.
 
 If you enable this policy setting, the DCs to which this policy setting applies will attempt to verify a password with the PDC emulator if the DC fails to validate the password.
 
-If you disable this policy setting, the DCs will not attempt to verify any passwords with the PDC emulator. 
+If you disable this policy setting, the DCs won't attempt to verify any passwords with the PDC emulator. 
 
-If you do not configure this policy setting, it is not applied to any DCs.
+If you don't configure this policy setting, it isn't applied to any DCs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Contact PDC on logon failure*
+-   GP Friendly name: *Contact PDC on logon failure*
 -   GP name: *Netlogon_AvoidPdcOnWan*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -735,32 +555,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_BackgroundRetryInitialPeriod**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -775,7 +577,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.
+This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.
 
 The default value for this setting is 10 minutes (10*60). 
 
@@ -786,19 +588,14 @@ This setting is relevant only to those callers of DsGetDcName that have specifie
 If the value of this setting is less than the value specified in the NegativeCachePeriod subkey, the value in the NegativeCachePeriod subkey is used.
 
 > [!WARNING]
-> If the value for this setting is too large, a client will not attempt to find any DCs that were initially unavailable. If the value set in this setting is very small and the DC is not available, the traffic caused by periodic DC discoveries may be excessive.
+> If the value for this setting is too large, a client won't attempt to find any DCs that were initially unavailable. If the value set in this setting is very small and the DC isn't available, the traffic caused by periodic DC discoveries may be excessive.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Use initial DC discovery retry setting for background callers*
+-   GP Friendly name: *Use initial DC discovery retry setting for background callers*
 -   GP name: *Netlogon_BackgroundRetryInitialPeriod*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -813,32 +610,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_BackgroundRetryMaximumPeriod**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -853,7 +632,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines  the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.
+This policy setting determines  the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.
 
 For example, the retry intervals may be set at 10 minutes, then 20 minutes and then 40 minutes, but when the interval reaches the value set in this setting, that value becomes the retry interval for all subsequent retries until the value set in Final DC Discovery Retry Setting is reached.
 
@@ -866,19 +645,14 @@ If the value for this setting is smaller than the value specified for the Initia
 > [!WARNING]
 > If the value for this setting is too large, a client may take very long periods to try to find a DC.
 
-If the value for this setting is too small and the DC is not available, the frequent retries may produce excessive network traffic.
+If the value for this setting is too small and the DC isn't available, the frequent retries may produce excessive network traffic.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Use maximum DC discovery retry interval setting for background callers*
+-   GP Friendly name: *Use maximum DC discovery retry interval setting for background callers*
 -   GP name: *Netlogon_BackgroundRetryMaximumPeriod*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -893,32 +667,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_BackgroundRetryQuitTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -933,7 +689,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example, retires may be set to occur according to the Use maximum DC discovery retry interval policy setting, but when the value set in this policy setting is reached, no more retries occur. If a value for this policy setting is smaller than the value in the Use maximum DC discovery retry interval policy setting, the value for Use maximum DC discovery retry interval policy setting is used.
+This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example, retires may be set to occur according to the Use maximum DC discovery retry interval policy setting, but when the value set in this policy setting is reached, no more retries occur. If a value for this policy setting is smaller than the value in the Use maximum DC discovery retry interval policy setting, the value for Use maximum DC discovery retry interval policy setting is used.
 
 The default value for this setting is to not quit retrying (0). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.
 
@@ -941,16 +697,11 @@ The default value for this setting is to not quit retrying (0). The maximum valu
 > If the value for this setting is too small, a client will stop trying to find a DC too soon.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Use final DC discovery retry setting for background callers*
+-   GP Friendly name: *Use final DC discovery retry setting for background callers*
 -   GP name: *Netlogon_BackgroundRetryQuitTime*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -965,32 +716,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_BackgroundSuccessfulRefreshPeriod**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1005,19 +738,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs, and it is applied before  returning the DC information to the caller program. The default value for this setting is infinite (4294967200). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0).
+This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs, and it's applied before  returning the DC information to the caller program. The default value for this setting is infinite (4294967200). The maximum value for this setting is (4294967200), while the maximum that isn't treated as infinity is 49 days (49*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Use positive periodic DC cache refresh for background callers*
+-   GP Friendly name: *Use positive periodic DC cache refresh for background callers*
 -   GP name: *Netlogon_BackgroundSuccessfulRefreshPeriod*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -1032,32 +760,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_DebugFlag**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1072,7 +782,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the level of debug output for the Net Logon service.
+This policy setting specifies the level of debug output for the Net Logon service.
 
 The Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default, no debug information is logged.
 
@@ -1080,19 +790,14 @@ If you enable this policy setting and specify a non-zero value, debug informatio
 
 If you specify zero for this policy setting, the default behavior occurs as described above.
 
-If you disable this policy setting or do not configure it, the default behavior occurs as described above.
+If you disable this policy setting or don't configure it, the default behavior occurs as described above.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify log file debug output level*
+-   GP Friendly name: *Specify log file debug output level*
 -   GP name: *Netlogon_DebugFlag*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -1107,32 +812,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_DnsAvoidRegisterRecords**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1147,9 +834,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines which DC Locator DNS records are not registered by the Net Logon service.
+This policy setting determines which DC Locator DNS records aren't registered by the Net Logon service.
 
-If you enable this policy setting, select Enabled and specify a list of space-delimited mnemonics (instructions) for the DC Locator DNS records that will not be registered by the DCs to which this setting is applied.
+If you enable this policy setting, select Enabled and specify a list of space-delimited mnemonics (instructions) for the DC Locator DNS records that won't be registered by the DCs to which this setting is applied.
 
 Select the mnemonics from the following table:
 
@@ -1179,19 +866,14 @@ Select the mnemonics from the following table:
 
 If you disable this policy setting, DCs configured to perform dynamic registration of DC Locator DNS records register all DC Locator DNS resource records.
 
-If you do not configure this policy setting, DCs use their local configuration.
+If you don't configure this policy setting, DCs use their local configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify DC Locator DNS records not registered by the DCs*
+-   GP Friendly name: *Specify DC Locator DNS records not registered by the DCs*
 -   GP name: *Netlogon_DnsAvoidRegisterRecords*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -1206,32 +888,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_DnsRefreshInterval**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1246,28 +910,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.
+This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.
 
-DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers, even if their records’ data has not changed. If authoritative DNS servers are configured to perform scavenging of the stale records, this reregistration is required to instruct the DNS servers configured to automatically remove (scavenge) stale records that these records are current and should be preserved in the database.
+DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers, even if their records’ data hasn't changed. If authoritative DNS servers are configured to perform scavenging of the stale records, this reregistration is required to instruct the DNS servers configured to automatically remove (scavenge) stale records that these records are current and should be preserved in the database.
 
 > [!WARNING]
 > If the DNS resource records are registered in zones with scavenging enabled, the value of this setting should never be longer than the Refresh Interval configured for these zones. Setting the Refresh Interval of the DC Locator DNS records to longer than the Refresh Interval of the DNS zones may result in the undesired deletion of DNS resource records.
 
 To specify the Refresh Interval of the DC records, click Enabled, and then enter a value larger than 1800. This value specifies the Refresh Interval of the DC records in seconds (for example, the value 3600 is 60 minutes).
 
-If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
+If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify Refresh Interval of the DC Locator DNS records*
+-   GP Friendly name: *Specify Refresh Interval of the DC Locator DNS records*
 -   GP name: *Netlogon_DnsRefreshInterval*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -1282,32 +941,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_DnsSrvRecordUseLowerCaseHostNames**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1322,7 +963,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures whether the domain controllers to which this setting is applied will lowercase their DNS host name when registering SRV records.
+This policy setting configures whether the domain controllers to which this setting is applied will lowercase their DNS host name when registering SRV records.
 
 If enabled, domain controllers will lowercase their DNS host name when registering domain controller SRV records. A best-effort attempt will be made to delete any previously registered SRV records that contain mixed-case DNS host names. For more information and potential manual cleanup procedures, see the link below.
 
@@ -1332,18 +973,13 @@ If not configured, domain controllers will default to using their local configur
 
 The default local configuration is enabled.
 
-A reboot is not required for changes to this setting to take effect.
+A reboot isn't required for changes to this setting to take effect.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Use lowercase DNS host names when registering domain controller SRV records*
+-   GP Friendly name: *Use lowercase DNS host names when registering domain controller SRV records*
 -   GP name: *Netlogon_DnsSrvRecordUseLowerCaseHostNames*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -1358,32 +994,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_DnsTtl**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1398,22 +1016,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered, and they are used to locate the domain controller (DC).
+This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered, and they're used to locate the domain controller (DC).
 
 To specify the TTL for DC Locator DNS records, click Enabled, and then enter a value in seconds (for example, the value "900" is 15 minutes).
 
-If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
+If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set TTL in the DC Locator DNS Records*
+-   GP Friendly name: *Set TTL in the DC Locator DNS Records*
 -   GP name: *Netlogon_DnsTtl*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -1428,32 +1041,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_ExpectedDialupDelay**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1468,23 +1063,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the additional time for the computer to wait for the domain controller’s (DC) response when logging on to the network.
+This policy setting specifies the extra time for the computer to wait for the domain controller’s (DC) response when logging on to the network.
 
-To specify the expected dial-up delay at logon, click Enabled, and then enter the desired value in seconds (for example, the value "60" is 1 minute).
+To specify the expected dial-up delay at sign in, click Enabled, and then enter the desired value in seconds (for example, the value "60" is 1 minute).
 
-If you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration.
+If you don't configure this policy setting, it isn't applied to any computers, and computers use their local configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify expected dial-up delay on logon*
+-   GP Friendly name: *Specify expected dial-up delay on logon*
 -   GP name: *Netlogon_ExpectedDialupDelay*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -1499,32 +1089,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_ForceRediscoveryInterval**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1539,27 +1111,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.
+This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.
 
-The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller, it caches domain controllers to improve the efficiency of the location algorithm. As long as the cached domain controller meets the requirements and is running, DC Locator will continue to return it. If a new domain controller is introduced, existing clients will only discover it when a Force Rediscovery is carried out by DC Locator. To adapt to changes in network conditions DC Locator will by default carry out a Force Rediscovery according to a specific time interval and maintain efficient load-balancing of clients across all available domain controllers in all domains or forests. The default time interval for Force Rediscovery by DC Locator is 12 hours. Force Rediscovery can also be triggered if a call to DC Locator uses the DS_FORCE_REDISCOVERY flag. Rediscovery resets the timer on the cached domain controller entries.
+The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller, it caches domain controllers to improve the efficiency of the location algorithm. As long as the cached domain controller meets the requirements and is running, DC Locator will continue to return it. If a new domain controller is introduced, existing clients will only discover it when a Force Rediscovery is carried out by DC Locator. To adapt to changes in network conditions, DC Locator will, by default, carry out a Force Rediscovery according to a specific time interval and maintain efficient load-balancing of clients across all available domain controllers in all domains or forests. The default time interval for Force Rediscovery by DC Locator is 12 hours. Force Rediscovery can also be triggered if a call to DC Locator uses the DS_FORCE_REDISCOVERY flag. Rediscovery resets the timer on the cached domain controller entries.
 
-If you enable this policy setting, DC Locator on the machine will carry out Force Rediscovery periodically according to the configured time interval. The minimum time interval is 3600 seconds (1 hour) to avoid excessive network traffic from rediscovery. The maximum allowed time interval is 4294967200 seconds, while any value greater than 4294967 seconds (~49 days) will be treated as infinity.
+If you enable this policy setting, DC Locator on the machine will carry out Force Rediscovery periodically according to the configured time interval. The minimum time interval is 3600 seconds (1 hour) to avoid excessive network traffic from rediscovery. The maximum allowed time interval is 4,294,967,200 seconds, while any value greater than 4294967 seconds (~49 days) will be treated as infinity.
 
 If you disable this policy setting, Force Rediscovery will be used by default for the machine at every 12 hour interval.
 
-If you do not configure this policy setting, Force Rediscovery will be used by default for the machine at every 12 hour interval, unless the local machine setting in the registry is a different value.
+If you don't configure this policy setting, Force Rediscovery will be used by default for the machine at every 12 hour interval, unless the local machine setting in the registry is a different value.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Force Rediscovery Interval*
+-   GP Friendly name: *Force Rediscovery Interval*
 -   GP name: *Netlogon_ForceRediscoveryInterval*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -1574,32 +1141,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_GcSiteCoverage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1614,25 +1163,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it. 
+This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it. 
 
-The GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory.
+The GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they're used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory.
 
 To specify the sites covered by the GC Locator DNS SRV records, click Enabled, and enter the sites' names in a space-delimited format.
 
-If you do not configure this policy setting, it is not applied to any GCs, and GCs use their local configuration.
+If you don't configure this policy setting, it isn't applied to any GCs, and GCs use their local configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify sites covered by the GC Locator DNS SRV Records*
+-   GP Friendly name: *Specify sites covered by the GC Locator DNS SRV Records*
 -   GP name: *Netlogon_GcSiteCoverage*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -1647,32 +1191,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_IgnoreIncomingMailslotMessages**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1687,28 +1213,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).
+This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).
 
 > [!NOTE]
 > To locate a remote DC based on its NetBIOS (single-label) domain name, DC Locator first gets the list of DCs from a WINS server that is configured in its local client settings. DC Locator then sends a mailslot message to each remote DC to get more information. DC location succeeds only if a remote DC responds to the mailslot message.
 
-This policy setting is recommended to reduce the attack surface on a DC, and can be used in an environment without WINS, in an IPv6-only environment, and whenever DC location based on a NetBIOS domain name is not required. This policy setting does not affect DC location based on DNS names.
+This policy setting is recommended to reduce the attack surface on a DC, and can be used in an environment without WINS, in an IPv6-only environment, and whenever DC location based on a NetBIOS domain name isn't required. This policy setting doesn't affect DC location based on DNS names.
 
-If you enable this policy setting, this DC does not process incoming mailslot messages that are used for NetBIOS domain name based DC location.
+If you enable this policy setting, this DC doesn't process incoming mailslot messages that are used for NetBIOS domain name based DC location.
 
-If you disable or do not configure this policy setting, this DC processes incoming mailslot messages. This is the default behavior of DC Locator.
+If you disable or don't configure this policy setting, this DC processes incoming mailslot messages. This hevaior is the default behavior of DC Locator.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names*
+-   GP Friendly name: *Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names*
 -   GP name: *Netlogon_IgnoreIncomingMailslotMessages*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -1723,32 +1244,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_LdapSrvPriority**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1763,25 +1266,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.
+This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.
 
 The Priority field in the SRV record sets the preference for target hosts (specified in the SRV record’s Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.
 
 To specify the Priority in the DC Locator DNS SRV resource records, click Enabled, and then enter a value. The range of values is from 0 to 65535.
 
-If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
+If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set Priority in the DC Locator DNS SRV records*
+-   GP Friendly name: *Set Priority in the DC Locator DNS SRV records*
 -   GP name: *Netlogon_LdapSrvPriority*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -1796,32 +1294,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_LdapSrvWeight**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1836,25 +1316,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.
+This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service, and they're used to locate the DC.
 
 The Weight field in the SRV record can be used in addition to the Priority value to provide a load-balancing mechanism where multiple servers are specified in the SRV records Target field and are all set to the same priority. The probability with which the DNS client randomly selects the target host to be contacted is proportional to the Weight field value in the SRV record.
 
 To specify the Weight in the DC Locator DNS SRV records, click Enabled, and then enter a value. The range of values is from 0 to 65535.
 
-If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
+If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set Weight in the DC Locator DNS SRV records*
+-   GP Friendly name: *Set Weight in the DC Locator DNS SRV records*
 -   GP name: *Netlogon_LdapSrvWeight*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -1869,32 +1344,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_MaximumLogFileSize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1909,23 +1366,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.
+This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.
 
-By default, the maximum size of the log file is 20MB. If you enable this policy setting, the maximum size of the log file is set to the specified size.  Once this size is reached the log file is saved to netlogon.bak and netlogon.log is truncated. A reasonable value based on available storage should be specified.
+By default, the maximum size of the log file is 20 MB. If you enable this policy setting, the maximum size of the log file is set to the specified size.  Once this size is reached, the log file is saved to netlogon.bak and netlogon.log is truncated. A reasonable value based on available storage should be specified.
 
-If you disable or do not configure this policy setting, the default behavior occurs as indicated above.
+If you disable or don't configure this policy setting, the default behavior occurs as indicated above.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify maximum log file size*
+-   GP Friendly name: *Specify maximum log file size*
 -   GP name: *Netlogon_MaximumLogFileSize*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -1940,32 +1392,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_NdncSiteCoverage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1980,25 +1414,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. 
+This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. 
 
-The application directory partition DC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.
+The application directory partition DC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they're used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.
 
 To specify the sites covered by the DC Locator application directory partition-specific DNS SRV records, click Enabled, and then enter the site names in a space-delimited format.
 
-If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
+If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify sites covered by the application directory partition DC Locator DNS SRV records*
+-   GP Friendly name: *Specify sites covered by the application directory partition DC Locator DNS SRV records*
 -   GP name: *Netlogon_NdncSiteCoverage*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -2013,32 +1442,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_NegativeCachePeriod**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2053,24 +1464,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC.
+This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) couldn't be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC.
 
 The default value for this setting is 45 seconds. The maximum value for this setting is 7 days (7*24*60*60). The minimum value for this setting is 0.
 
 > [!WARNING]
-> If the value for this setting is too large, a client will not attempt to find any DCs that were initially unavailable. If the value for this setting is too small, clients will attempt to find DCs even when none are available.
+> If the value for this setting is too large, a client won't attempt to find any DCs that were initially unavailable. If the value for this setting is too small, clients will attempt to find DCs even when none are available.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify negative DC Discovery cache setting*
+-   GP Friendly name: *Specify negative DC Discovery cache setting*
 -   GP name: *Netlogon_NegativeCachePeriod*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -2085,32 +1491,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_NetlogonShareCompatibilityMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2125,30 +1513,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.
+This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.
 
 If you enable this policy setting, the Netlogon share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission.
 
-If you disable or do not configure this policy setting, the Netlogon share will grant shared read access to files on the share when exclusive access is requested and the caller has only read permission.
+If you disable or don't configure this policy setting, the Netlogon share will grant shared read access to files on the share when exclusive access is requested and the caller has only read permission.
 
 By default, the Netlogon share will grant shared read access to files on the share when exclusive access is requested.
 
 > [!NOTE]
 > The Netlogon share is a share created by the Net Logon service for use by client machines in the domain. The default behavior of the Netlogon share ensures that no application with only read permission to files on the Netlogon share can lock the files by requesting exclusive read access, which might prevent Group Policy settings from being updated on clients in the domain. When this setting is enabled, an application that relies on the ability to lock files on the Netlogon share with only read permission will be able to deny Group Policy clients from reading the files, and in general the availability of the Netlogon share on the domain will be decreased.
 
-If you enable this policy setting, domain administrators should ensure that the only applications using the exclusive read capability in the domain are those approved by the administrator.
+If you enable this policy setting, domain administrators should ensure that the only applications using the exclusive read capability in the domain are those applications approved by the administrator.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set Netlogon share compatibility*
+-   GP Friendly name: *Set Netlogon share compatibility*
 -   GP name: *Netlogon_NetlogonShareCompatibilityMode*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -2163,32 +1546,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_NonBackgroundSuccessfulRefreshPeriod**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2203,21 +1568,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs, and it is applied before the returning the DC information to the caller program. This policy setting is relevant to only those callers of DsGetDcName that have not specified the DS_BACKGROUND_ONLY flag.
+This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that don't periodically attempt to locate DCs, and it's applied before the returning the DC information to the caller program. This policy setting is relevant to only those callers of DsGetDcName that haven't specified the DS_BACKGROUND_ONLY flag.
 
-The default value for this setting is 30 minutes (1800). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value will be treated as infinity. The minimum value for this setting is to always refresh (0).
+The default value for this setting is 30 minutes (1800). The maximum value for this setting is (4294967200), while the maximum that isn't treated as infinity is 49 days (49*24*60*60=4233600). Any larger value will be treated as infinity. The minimum value for this setting is to always refresh (0).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify positive periodic DC Cache refresh for non-background callers*
+-   GP Friendly name: *Specify positive periodic DC Cache refresh for non-background callers*
 -   GP name: *Netlogon_NonBackgroundSuccessfulRefreshPeriod*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -2232,32 +1592,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_PingUrgencyMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2272,9 +1614,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures whether the computers to which this setting is applied are more aggressive when trying to locate a domain controller (DC).
+This policy setting configures whether the computers to which this setting is applied are more aggressive when trying to locate a domain controller (DC).
 
-When an environment has a large number of DCs running both old and new operating systems, the default DC locator discovery behavior may be insufficient to find DCs running a newer operating system.  This policy setting can be enabled to configure DC locator to be more aggressive about trying to locate a DC in such an environment, by pinging DCs at a higher frequency.  Enabling this setting may result in additional network traffic and increased load on DCs.  You should disable this setting once all DCs are running the same OS version.
+When an environment has a large number of DCs running both old and new operating systems, the default DC locator discovery behavior may be insufficient to find DCs running a newer operating system. This policy setting can be enabled to configure DC locator to be more aggressive about trying to locate a DC in such an environment, by pinging DCs at a higher frequency. Enabling this setting may result in more network traffic and increased load on DCs. You should disable this setting once all DCs are running the same OS version.
 
 The allowable values for this setting result in the following behaviors:
 
@@ -2283,19 +1625,14 @@ The allowable values for this setting result in the following behaviors:
 
 To specify this behavior, click Enabled and then enter a value. The range of values is from 1 to 2.
 
-If you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration.
+If you don't configure this policy setting, it isn't applied to any computers, and computers use their local configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Use urgent mode when pinging domain controllers*
+-   GP Friendly name: *Use urgent mode when pinging domain controllers*
 -   GP name: *Netlogon_PingUrgencyMode*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -2310,32 +1647,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_ScavengeInterval**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2350,29 +1669,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the interval at which Netlogon performs the following scavenging operations:
+This policy setting determines the interval at which Netlogon performs the following scavenging operations:
 
 - Checks if a password on a secure channel needs to be modified, and modifies it if necessary.
 
-- On the domain controllers (DC), discovers a DC that has not been discovered.
+- On the domain controllers (DC), discovers a DC that hasn't been discovered.
 
 - On the PDC, attempts to add the ``[1B] NetBIOS name if it hasn’t already been successfully added.
 
-None of these operations are critical. 15 minutes is optimal in all but extreme cases. For instance, if a DC is separated from a trusted domain by an expensive (e.g., ISDN) line, this parameter might be adjusted upward to avoid frequent automatic discovery of DCs in a trusted domain.
+None of these operations are critical. 15 minutes is optimal in all but extreme cases. For instance, if a DC is separated from a trusted domain by an expensive (for example, ISDN) line, this parameter might be adjusted upward to avoid frequent automatic discovery of DCs in a trusted domain.
 
 To enable the setting, click Enabled, and then specify the interval in seconds.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set scavenge interval*
+-   GP Friendly name: *Set scavenge interval*
 -   GP name: *Netlogon_ScavengeInterval*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -2387,32 +1701,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_SiteCoverage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2427,25 +1723,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. 
+This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. 
 
-The DC Locator DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.
+The DC Locator DNS records are dynamically registered by the Net Logon service, and they're used to locate the DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.
 
 To specify the sites covered by the DC Locator DNS SRV records, click Enabled, and then enter the sites names in a space-delimited format.
 
-If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
+If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify sites covered by the DC Locator DNS SRV records*
+-   GP Friendly name: *Specify sites covered by the DC Locator DNS SRV records*
 -   GP name: *Netlogon_SiteCoverage*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -2460,32 +1751,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_SiteName**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2500,25 +1773,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Active Directory site to which computers belong.
+This policy setting specifies the Active Directory site to which computers belong.
 
 An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.
 
-To specify the site name for this setting, click Enabled, and then enter the site name. When the site to which a computer belongs is not specified, the computer automatically discovers its site from Active Directory.
+To specify the site name for this setting, click Enabled, and then enter the site name. When the site to which a computer belongs isn't specified, the computer automatically discovers its site from Active Directory.
 
-If you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration.
+If you don't configure this policy setting, it isn't applied to any computers, and computers use their local configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify site name*
+-   GP Friendly name: *Specify site name*
 -   GP name: *Netlogon_SiteName*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -2533,32 +1801,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_SysvolShareCompatibilityMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2573,7 +1823,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.
+This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.
 
 When this setting is enabled, the SYSVOL share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission.
 
@@ -2584,19 +1834,14 @@ By default, the SYSVOL share will grant shared read access to files on the share
 > [!NOTE]
 > The SYSVOL share is a share created by the Net Logon service for use by Group Policy clients in the domain. The default behavior of the SYSVOL share ensures that no application with only read permission to files on the sysvol share can lock the files by requesting exclusive read access, which might prevent Group Policy settings from being updated on clients in the domain. When this setting is enabled, an application that relies on the ability to lock files on the SYSVOL share with only read permission will be able to deny Group Policy clients from reading the files, and in general the availability of the SYSVOL share on the domain will be decreased.
 
-If you enable this policy setting, domain administrators should ensure that the only applications using the exclusive read capability in the domain are those approved by the administrator.
+If you enable this policy setting, domain administrators should ensure that the only applications using the exclusive read capability in the domain are those applications approved by the administrator.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set SYSVOL share compatibility*
+-   GP Friendly name: *Set SYSVOL share compatibility*
 -   GP name: *Netlogon_SysvolShareCompatibilityMode*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
@@ -2611,32 +1856,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_TryNextClosestSite**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2651,27 +1878,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively.
+This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site isn't found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively.
 
-The DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none are found in the same site, a DC in another site, which might be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost. 
+The DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none is found in the same site, a DC in another site, which might be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost. 
 
 If you enable this policy setting, Try Next Closest Site DC Location will be turned on for the computer.
 
-If you disable this policy setting, Try Next Closest Site DC Location will not be used by default for the computer. However, if a DC Locator call is made using the DS_TRY_NEXTCLOSEST_SITE flag explicitly, the Try Next Closest Site behavior is honored.
+If you disable this policy setting, Try Next Closest Site DC Location won't be used by default for the computer. However, if a DC Locator call is made using the DS_TRY_NEXTCLOSEST_SITE flag explicitly, the Try Next Closest Site behavior is honored.
 
-If you do not configure this policy setting, Try Next Closest Site DC Location will not be used by default for the machine. If the DS_TRY_NEXTCLOSEST_SITE flag is used explicitly, the Next Closest Site behavior will be used.
+If you don't configure this policy setting, Try Next Closest Site DC Location won't be used by default for the machine. If the DS_TRY_NEXTCLOSEST_SITE flag is used explicitly, the Next Closest Site behavior will be used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Try Next Closest Site*
+-   GP Friendly name: *Try Next Closest Site*
 -   GP name: *Netlogon_TryNextClosestSite*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -2686,32 +1908,14 @@ ADMX Info:
 **ADMX_Netlogon/Netlogon_UseDynamicDns**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2726,25 +1930,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.
+This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.
 
 If you enable this policy setting, DCs to which this setting is applied dynamically register DC Locator DNS resource records through dynamic DNS update-enabled network connections.
 
-If you disable this policy setting, DCs will not register DC Locator DNS resource records.
+If you disable this policy setting, DCs won't register DC Locator DNS resource records.
 
-If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
+If you don't configure this policy setting, it isn't applied to any DCs, and DCs use their local configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify dynamic registration of the DC Locator DNS Records*
+-   GP Friendly name: *Specify dynamic registration of the DC Locator DNS Records*
 -   GP name: *Netlogon_UseDynamicDns*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
@@ -2753,7 +1952,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
index deb0305f18..5da60f709b 100644
--- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/21/2020
 ms.reviewer: 
 manager: dansimp
@@ -14,8 +14,12 @@ manager: dansimp
 
 # Policy CSP - ADMX_NetworkConnections
 
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -113,32 +117,14 @@ manager: dansimp
 **ADMX_NetworkConnections/NC_AddRemoveComponents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -153,13 +139,13 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether administrators can add and remove network components for a LAN or remote access connection. This setting has no effect on nonadministrators.
+This policy setting determines whether administrators can add and remove network components for a LAN or remote access connection. This setting has no effect on nonadministrators.
 
-If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Install and Uninstall buttons for components of connections are disabled, and administrators are not permitted to access network components in the Windows Components Wizard.
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Install and Uninstall buttons for components of connections are disabled, and administrators aren't permitted to access network components in the Windows Components Wizard.
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
-If you disable this setting or do not configure it, the Install and Uninstall buttons for components of connections in the Network Connections folder are enabled. Also, administrators can gain access to network components in the Windows Components Wizard.
+If you disable this setting or don't configure it, the Install and Uninstall buttons for components of connections in the Network Connections folder are enabled. Also, administrators can gain access to network components in the Windows Components Wizard.
 
 The Install button opens the dialog boxes used to add network components. Clicking the Uninstall button removes the selected component in the components list (above the button).
 
@@ -171,16 +157,11 @@ The Install and Uninstall buttons appear in the properties dialog box for connec
 > Nonadministrators are already prohibited from adding and removing connection components, regardless of this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit adding and removing components for a LAN or remote access connection*
+-   GP Friendly name: *Prohibit adding and removing components for a LAN or remote access connection*
 -   GP name: *NC_AddRemoveComponents*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -193,32 +174,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_AdvancedSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -233,30 +196,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators.
+This policy setting determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators.
 
 The Advanced Settings item lets users view and change bindings and view and change the order in which the computer accesses connections, network providers, and print providers.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced Settings item is disabled for administrators.
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
-If you disable this setting or do not configure it, the Advanced Settings item is enabled for administrators.
+If you disable this setting or don't configure it, the Advanced Settings item is enabled for administrators.
 
 > [!NOTE]
 > Nonadministrators are already prohibited from accessing the Advanced Settings dialog box, regardless of this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit access to the Advanced Settings item on the Advanced menu*
+-   GP Friendly name: *Prohibit access to the Advanced Settings item on the Advanced menu*
 -   GP name: *NC_AdvancedSettings*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -269,32 +227,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -309,35 +249,30 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can configure advanced TCP/IP settings.
+This policy setting determines whether users can configure advanced TCP/IP settings.
 
-If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced button on the Internet Protocol (TCP/IP) Properties dialog box is disabled for all users (including administrators). As a result, users cannot open the Advanced TCP/IP Settings Properties page and modify IP settings, such as DNS and WINS server information.
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced button on the Internet Protocol (TCP/IP) Properties dialog box is disabled for all users (including administrators). As a result, users can't open the Advanced TCP/IP Settings Properties page and modify IP settings, such as DNS and WINS server information.
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
 If you disable this setting, the Advanced button is enabled, and all users can open the Advanced TCP/IP Setting dialog box.
 
-This setting is superseded by settings that prohibit access to properties of connections or connection components. When these policies are set to deny access to the connection properties dialog box or Properties button for connection components, users cannot gain access to the Advanced button for TCP/IP configuration.
+This setting is superseded by settings that prohibit access to properties of connections or connection components. When these policies are set to deny access to the connection properties dialog box or Properties button for connection components, users can't gain access to the Advanced button for TCP/IP configuration.
 
-Changing this setting from Enabled to Not Configured does not enable the Advanced button until the user logs off.
+Changing this setting from Enabled to Not Configured doesn't enable the Advanced button until the user signs out.
 
 > [!NOTE]
-> Nonadministrators (excluding Network Configuration Operators) do not have permission to access TCP/IP advanced configuration for a LAN connection, regardless of this setting.
+> Nonadministrators (excluding Network Configuration Operators) don't have permission to access TCP/IP advanced configuration for a LAN connection, regardless of this setting.
 
 > [!TIP]
 > To open the Advanced TCP/IP Setting dialog box, in the Network Connections folder, right-click a connection icon, and click Properties. For remote access connections, click the Networking tab.  In the "Components checked are used by this connection" box, click Internet Protocol (TCP/IP), click the Properties button, and then click the Advanced button.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit TCP/IP advanced configuration*
+-   GP Friendly name: *Prohibit TCP/IP advanced configuration*
 -   GP name: *NC_AllowAdvancedTCPIPConfig*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -350,32 +285,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_ChangeBindState**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -390,13 +307,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting Determines whether administrators can enable and disable the components used by LAN connections.
+This policy setting Determines whether administrators can enable and disable the components used by LAN connections.
 
-If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the check boxes for enabling and disabling components are disabled. As a result, administrators cannot enable or disable the components that a connection uses.
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the check boxes for enabling and disabling components are disabled. As a result, administrators can't enable or disable the components that a connection uses.
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
-If you disable this setting or do not configure it, the Properties dialog box for a connection includes a check box beside the name of each component that the connection uses. Selecting the check box enables the component, and clearing the check box disables the component.
+If you disable this setting or don't configure it, the Properties dialog box for a connection includes a check box beside the name of each component that the connection uses. Selecting the check box enables the component, and clearing the check box disables the component.
 
 > [!NOTE]
 > When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the check boxes for enabling and disabling the components of a LAN connection.
@@ -404,16 +321,11 @@ If you disable this setting or do not configure it, the Properties dialog box fo
 > Nonadministrators are already prohibited from enabling or disabling components for a LAN connection, regardless of this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit Enabling/Disabling components of a LAN connection*
+-   GP Friendly name: *Prohibit Enabling/Disabling components of a LAN connection*
 -   GP name: *NC_ChangeBindState*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -426,32 +338,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_DeleteAllUserConnection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -466,36 +360,31 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can delete all user remote access connections.
+This policy setting determines whether users can delete all user remote access connections.
 
 To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
 
 If you enable this setting, all users can delete shared remote access connections. In addition, if your file system is NTFS, users need to have Write access to Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk to delete a shared remote access connection.
 
-If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) cannot delete all-user remote access connections. (By default, users can still delete their private connections, but you can change the default by using the "Prohibit deletion of remote access connections" setting.)
+If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) can't delete all-user remote access connections. (By default, users can still delete their private connections, but you can change the default by using the "Prohibit deletion of remote access connections" setting.)
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
-If you do not configure this setting, only Administrators and Network Configuration Operators can delete all user remote access connections.
+If you don't configure this setting, only Administrators and Network Configuration Operators can delete all user remote access connections.
 
-When enabled, the "Prohibit deletion of remote access connections" setting takes precedence over this setting. Users (including administrators) cannot delete any remote access connections, and this setting is ignored.
+When enabled, the "Prohibit deletion of remote access connections" setting takes precedence over this setting. Users (including administrators) can't delete any remote access connections, and this setting is ignored.
 
 > [!NOTE]
-> LAN connections are created and deleted automatically by the system when a LAN adapter is installed or removed. You cannot use the Network Connections folder to create or delete a LAN connection.
+> LAN connections are created and deleted automatically by the system when a LAN adapter is installed or removed. You can't use the Network Connections folder to create or delete a LAN connection.
 > 
-> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Ability to delete all user remote access connections*
+-   GP Friendly name: *Ability to delete all user remote access connections*
 -   GP name: *NC_DeleteAllUserConnection*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -508,32 +397,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_DeleteConnection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -548,34 +419,29 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can delete remote access connections.
+This policy setting determines whether users can delete remote access connections.
 
-If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) cannot delete any remote access connections. This setting also disables the Delete option on the context menu for a remote access connection and on the File menu in the Network Connections folder.
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) can't delete any remote access connections. This setting also disables the Delete option on the context menu for a remote access connection and on the File menu in the Network Connections folder.
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
-If you disable this setting or do not configure it, all users can delete their private remote access connections. Private connections are those that are available only to one user. (By default, only Administrators and Network Configuration Operators can delete connections available to all users, but you can change the default by using the "Ability to delete all user remote access connections" setting.)
+If you disable this setting or don't configure it, all users can delete their private remote access connections. Private connections are those connections that are available only to one user. (By default, only Administrators and Network Configuration Operators can delete connections available to all users, but you can change the default by using the "Ability to delete all user remote access connections" setting.)
 
-When enabled, this setting takes precedence over the "Ability to delete all user remote access connections" setting. Users cannot delete any remote access connections, and the "Ability to delete all user remote access connections" setting is ignored.
+When enabled, this setting takes precedence over the "Ability to delete all user remote access connections" setting. Users can't delete any remote access connections, and the "Ability to delete all user remote access connections" setting is ignored.
 
 > [!NOTE]
-> LAN connections are created and deleted automatically when a LAN adapter is installed or removed. You cannot use the Network Connections folder to create or delete a LAN connection.
+> LAN connections are created and deleted automatically when a LAN adapter is installed or removed. You can't use the Network Connections folder to create or delete a LAN connection.
 >
-> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 > 
-> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit deletion of remote access connections*
+-   GP Friendly name: *Prohibit deletion of remote access connections*
 -   GP name: *NC_DeleteConnection*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -588,32 +454,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_DialupPrefs**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -628,27 +476,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the Remote Access Preferences item on the Advanced menu in Network Connections folder is enabled.
+This policy setting determines whether the Remote Access Preferences item on the Advanced menu in Network Connections folder is enabled.
 
-The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.
+The Remote Access Preferences item lets users create and change connections before signing in and configure automatic dialing and callback features.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Remote Access Preferences item is disabled for all users (including administrators).
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
-If you disable this setting or do not configure it, the Remote Access Preferences item is enabled for all users.
+If you disable this setting or don't configure it, the Remote Access Preferences item is enabled for all users.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit access to the Remote Access Preferences item on the Advanced menu*
+-   GP Friendly name: *Prohibit access to the Remote Access Preferences item on the Advanced menu*
 -   GP name: *NC_DialupPrefs*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -661,32 +504,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -701,23 +526,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether or not the "local access only" network icon will be shown.
+This policy setting specifies whether or not the "local access only" network icon will be shown.
 
 When enabled, the icon for Internet access will be shown in the system tray even when a user is connected to a network with local access only.
 
-If you disable this setting or do not configure it, the "local access only" icon will be used when a user is connected to a network with local access only.
+If you disable this setting or don't configure it, the "local access only" icon will be used when a user is connected to a network with local access only.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not show the "local access only" network icon*
+-   GP Friendly name: *Do not show the "local access only" network icon*
 -   GP name: *NC_DoNotShowLocalOnlyIcon*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -730,32 +550,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_EnableAdminProhibits**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -770,30 +572,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether settings that existed in Windows 2000 Server family will apply to Administrators.
+This policy setting determines whether settings that existed in Windows 2000 Server family will apply to Administrators.
 
 The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional, all of these settings had the ability to prohibit the use of certain features from Administrators.
 
-By default, Network Connections group settings in Windows XP Professional do not have the ability to prohibit the use of features from Administrators.
+By default, Network Connections group settings in Windows don't have the ability to prohibit the use of features from Administrators.
 
-If you enable this setting, the Windows XP settings that existed in Windows 2000 Professional will have the ability to prohibit Administrators from using certain features. These settings are "Ability to rename LAN connections or remote access connections available to all users", "Prohibit access to properties of components of a LAN connection", "Prohibit access to properties of components of a remote access connection", "Ability to access TCP/IP advanced configuration", "Prohibit access to the Advanced Settings Item on the Advanced Menu", "Prohibit adding and removing components for a LAN or remote access connection", "Prohibit access to properties of a LAN connection", "Prohibit Enabling/Disabling components of a LAN connection", "Ability to change properties of an all user remote access connection", "Prohibit changing properties of a private remote access connection", "Prohibit deletion of remote access connections", "Ability to delete all user remote access connections", "Prohibit connecting and disconnecting a remote access connection", "Ability to Enable/Disable a LAN connection", "Prohibit access to the New Connection Wizard", "Prohibit renaming private remote access connections", "Prohibit access to the Remote Access Preferences item on the Advanced menu", "Prohibit viewing of status for an active connection". When this setting is enabled, settings that exist in both Windows 2000 Professional and Windows XP Professional behave the same for administrators.
+If you enable this setting, the Windows XP settings that existed in Windows 2000 Professional will have the ability to prohibit Administrators from using certain features. These settings are "Ability to rename LAN connections or remote access connections available to all users", "Prohibit access to properties of components of a LAN connection", "Prohibit access to properties of components of a remote access connection", "Ability to access TCP/IP advanced configuration", "Prohibit access to the Advanced Settings Item on the Advanced Menu", "Prohibit adding and removing components for a LAN or remote access connection", "Prohibit access to properties of a LAN connection", "Prohibit Enabling/Disabling components of a LAN connection", "Ability to change properties of an all user remote access connection", "Prohibit changing properties of a private remote access connection", "Prohibit deletion of remote access connections", "Ability to delete all user remote access connections", "Prohibit connecting and disconnecting a remote access connection", "Ability to Enable/Disable a LAN connection", "Prohibit access to the New Connection Wizard", "Prohibit renaming private remote access connections", "Prohibit access to the Remote Access Preferences item on the Advanced menu", "Prohibit viewing of status for an active connection". When this setting is enabled, settings that exist in both Windows 2000 Professional and Windows behave the same for administrators.
+
+If you disable this setting or don't configure it, Windows settings that existed in Windows 2000 won't apply to administrators.
 
-If you disable this setting or do not configure it, Windows XP settings that existed in Windows 2000 will not apply to administrators.
 
-> [!NOTE]
-> This setting is intended to be used in a situation in which the Group Policy object that these settings are being applied to contains both Windows 2000 Professional and Windows XP Professional computers, and identical Network Connections policy behavior is required between all Windows 2000 Professional and Windows XP Professional computers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable Windows 2000 Network Connections settings for Administrators*
+-   GP Friendly name: *Enable Windows 2000 Network Connections settings for Administrators*
 -   GP name: *NC_EnableAdminProhibits*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -806,32 +602,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_ForceTunneling**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -846,27 +624,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether a remote client computer  routes Internet traffic through the internal network or whether the client accesses the Internet directly.
+This policy setting determines whether a remote client computer  routes Internet traffic through the internal network or whether the client accesses the Internet directly.
 
 When a remote client computer connects to an internal network using DirectAccess, it can access the Internet in two ways: through the secure tunnel that DirectAccess establishes between the computer and the internal network, or directly through the local default gateway.
 
 If you enable this policy setting, all traffic between a remote client computer running DirectAccess and the Internet is routed through the internal network.
 
-If you disable this policy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network.
+If you disable this policy setting, traffic between remote client computers running DirectAccess and the Internet isn't routed through the internal network.
 
-If you do not configure this policy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network.
+If you don't configure this policy setting, traffic between remote client computers running DirectAccess and the Internet isn't routed through the internal network.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Route all traffic through the internal network*
+-   GP Friendly name: *Route all traffic through the internal network*
 -   GP name: *NC_ForceTunneling*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -879,32 +652,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_IpStateChecking**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -919,23 +674,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be resolved.
+This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This retrieval failure is often signified by the assignment of an automatic private IP address"(that is, an IP address in the range 169.254.*.*). This assignment indicates that a DHCP server couldn't be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be resolved.
 
-If you enable this policy setting, this condition will not be reported as an error to the user.
+If you enable this policy setting, this condition won't be reported as an error to the user.
 
-If you disable or do not configure this policy setting, a DHCP-configured connection that has not been assigned an IP address will be reported via a notification, providing the user with information as to how the problem can be resolved.
+If you disable or don't configure this policy setting, a DHCP-configured connection that hasn't been assigned an IP address will be reported via a notification, providing the user with information as to how the problem can be resolved.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off notifications when a connection has only limited or no connectivity*
+-   GP Friendly name: *Turn off notifications when a connection has only limited or no connectivity*
 -   GP name: *NC_IpStateChecking*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -948,32 +698,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_LanChangeProperties**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -988,20 +720,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.
+This policy setting determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.
 
 This setting determines whether the Properties button for components of a LAN connection is enabled.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties button is disabled for Administrators. Network Configuration Operators are prohibited from accessing connection components, regardless of the "Enable Network Connections settings for Administrators" setting.
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting doesn't apply to administrators on post-Windows 2000 computers.
 
-If you disable this setting or do not configure it, the Properties button is enabled for administrators and Network Configuration Operators.
+If you disable this setting or don't configure it, the Properties button is enabled for administrators and Network Configuration Operators.
 
 The Local Area Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list.
 
 > [!NOTE]
-> Not all network components have configurable properties. For components that are not configurable, the Properties button is always disabled.
+> Not all network components have configurable properties. For components that aren't configurable, the Properties button is always disabled.
 >
 > When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the Properties button for LAN connection components.
 >
@@ -1010,16 +742,11 @@ The Local Area Connection Properties dialog box includes a list of the network c
 > Nonadministrators are already prohibited from accessing properties of components for a LAN connection, regardless of this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit access to properties of components of a LAN connection*
+-   GP Friendly name: *Prohibit access to properties of components of a LAN connection*
 -   GP name: *NC_LanChangeProperties*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -1032,32 +759,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_LanConnect**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1072,30 +781,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can enable/disable LAN connections.
+This policy setting determines whether users can enable/disable LAN connections.
 
 If you enable this setting, the Enable and Disable options for LAN connections are available to users (including nonadministrators). Users can enable/disable a LAN connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.
 
 If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), double-clicking the icon has no effect, and the Enable and Disable menu items are disabled for all users (including administrators).
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
-If you do not configure this setting, only Administrators and Network Configuration Operators can enable/disable LAN connections.
+If you don't configure this setting, only Administrators and Network Configuration Operators can enable/disable LAN connections.
 
 > [!NOTE]
 > Administrators can still enable/disable LAN connections from Device Manager when this setting is disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Ability to Enable/Disable a LAN connection*
+-   GP Friendly name: *Ability to Enable/Disable a LAN connection*
 -   GP name: *NC_LanConnect*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -1108,32 +812,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_LanProperties**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1148,15 +834,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can change the properties of a LAN connection.
+This policy setting determines whether users can change the properties of a LAN connection.
 
 This setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.
 
-If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled for all users, and users cannot open the Local Area Connection Properties dialog box.
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled for all users, and users can't open the Local Area Connection Properties dialog box.
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
-If you disable this setting or do not configure it, a Properties menu item appears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File menu.
+If you disable this setting or don't configure it, a Properties menu item appears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File menu.
 
 > [!NOTE]
 > This setting takes precedence over settings that manipulate the availability of features inside the Local Area Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a LAN connection is available to users.
@@ -1164,16 +850,11 @@ If you disable this setting or do not configure it, a Properties menu item appea
 > Nonadministrators have the right to view the properties dialog box for a connection but not to make changes, regardless of this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit access to properties of a LAN connection*
+-   GP Friendly name: *Prohibit access to properties of a LAN connection*
 -   GP name: *NC_LanProperties*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -1186,32 +867,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_NewConnectionWizard**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1226,30 +889,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can use the New Connection Wizard, which creates new network connections.
+This policy setting determines whether users can use the New Connection Wizard, which creates new network connections.
 
-If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Make New Connection icon does not appear in the Start Menu on in the Network Connections folder. As a result, users (including administrators) cannot start the New Connection Wizard.
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Make New Connection icon doesn't appear in the Start Menu on in the Network Connections folder. As a result, users (including administrators) can't start the New Connection Wizard.
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
-If you disable this setting or do not configure it, the Make New Connection icon appears in the Start menu and in the Network Connections folder for all users. Clicking the Make New Connection icon starts the New Connection Wizard.
+If you disable this setting or don't configure it, the Make New Connection icon appears in the Start menu and in the Network Connections folder for all users. Clicking the Make New Connection icon starts the New Connection Wizard.
 
 > [!NOTE]
-> Changing this setting from Enabled to Not Configured does not restore the Make New Connection icon until the user logs off or on. When other changes to this setting are applied, the icon does not appear or disappear in the Network Connections folder until the folder is refreshed.
+> Changing this setting from Enabled to Not Configured doesn't restore the Make New Connection icon until the user logs off or on. When other changes to this setting are applied, the icon doesn't appear or disappear in the Network Connections folder until the folder is refreshed.
 >
-> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit access to the New Connection Wizard*
+-   GP Friendly name: *Prohibit access to the New Connection Wizard*
 -   GP name: *NC_NewConnectionWizard*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -1262,32 +920,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_PersonalFirewallConfig**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1302,32 +942,27 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits use of Internet Connection Firewall on your DNS domain network.
+This policy setting prohibits use of Internet Connection Firewall on your DNS domain network.
 
 Determines whether users can enable the Internet Connection Firewall feature on a connection, and if the Internet Connection Firewall service can run on a computer.
 
 > [!IMPORTANT]
-> This setting is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply.
+> This setting is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting doesn't apply.
 
 The Internet Connection Firewall is a stateful packet filter for home and small office users to protect them from Internet network security threats.
 
-If you enable this setting, Internet Connection Firewall cannot be enabled or configured by users (including administrators), and the Internet Connection Firewall service cannot run on the computer. The option to enable the Internet Connection Firewall through the Advanced tab is removed. In addition, the Internet Connection Firewall is not enabled for remote access connections created through the Make New Connection Wizard. The Network Setup Wizard is disabled.
+If you enable this setting, Internet Connection Firewall can't be enabled or configured by users (including administrators), and the Internet Connection Firewall service can't run on the computer. The option to enable the Internet Connection Firewall through the Advanced tab is removed. In addition, the Internet Connection Firewall isn't enabled for remote access connections created through the Make New Connection Wizard. The Network Setup Wizard is disabled.
 
 If you enable the "Windows Firewall: Protect all network connections" policy setting, the "Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting has no effect on computers that are running Windows Firewall, which replaces Internet Connection Firewall when you install Windows XP Service Pack 2.
 
-If you disable this setting or do not configure it, the Internet Connection Firewall is disabled when a LAN Connection or VPN connection is created, but users can use the Advanced tab in the connection properties to enable it. The Internet Connection Firewall is enabled by default on the connection for which Internet Connection Sharing is enabled. In addition, remote access connections created through the Make New Connection Wizard have the Internet Connection Firewall enabled.
+If you disable this setting or don't configure it, the Internet Connection Firewall is disabled when a LAN Connection or VPN connection is created, but users can use the Advanced tab in the connection properties to enable it. The Internet Connection Firewall is enabled by default on the connection for which Internet Connection Sharing is enabled. In addition, remote access connections created through the Make New Connection Wizard have the Internet Connection Firewall enabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit use of Internet Connection Firewall on your DNS domain network*
+-   GP Friendly name: *Prohibit use of Internet Connection Firewall on your DNS domain network*
 -   GP name: *NC_PersonalFirewallConfig*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -1340,32 +975,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_RasAllUserProperties**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1380,7 +997,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.
+This policy setting determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.
 
 To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
 
@@ -1388,28 +1005,23 @@ This setting determines whether the Properties menu item is enabled, and thus, w
 
 If you enable this setting, a Properties menu item appears when any user right-clicks the icon for a remote access connection. Also, when any user selects the connection, Properties appears on the File menu.
 
-If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and users (including administrators) cannot open the remote access connection properties dialog box.
+If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and users (including administrators) can't open the remote access connection properties dialog box.
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
-If you do not configure this setting, only Administrators and Network Configuration Operators can change properties of all-user remote access connections.
+If you don't configure this setting, only Administrators and Network Configuration Operators can change properties of all-user remote access connections.
 
 > [!NOTE]
 > This setting takes precedence over settings that manipulate the availability of features inside the Remote Access Connection Properties dialog box. If this setting is disabled, nothing within the properties dialog box for a remote access connection will be available to users.
 > 
-> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Ability to change properties of an all user remote access connection*
+-   GP Friendly name: *Ability to change properties of an all user remote access connection*
 -   GP name: *NC_RasAllUserProperties*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -1422,32 +1034,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_RasChangeProperties**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1462,36 +1056,31 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can view and change the properties of components used by a private or all-user remote access connection.
+This policy setting determines whether users can view and change the properties of components used by a private or all-user remote access connection.
 
 This setting determines whether the Properties button for components used by a private or all-user remote access connection is enabled.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties button is disabled for all users (including administrators).
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting doesn't apply to administrators on post-Windows 2000 computers.
 
-If you disable this setting or do not configure it, the Properties button is enabled for all users.
+If you disable this setting or don't configure it, the Properties button is enabled for all users.
 
 The Networking tab of the Remote Access Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list.
 
-> [NOTE]
-> Not all network components have configurable properties. For components that are not configurable, the Properties button is always disabled.
+> [!NOTE]
+> Not all network components have configurable properties. For components that aren't configurable, the Properties button is always disabled.
 >
 > When the "Ability to change properties of an all user remote access connection" or "Prohibit changing properties of a private remote access connection" settings are set to deny access to the Remote Access Connection Properties dialog box, the Properties button for remote access connection components is blocked.
 >
-> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit access to properties of components of a remote access connection*
+-   GP Friendly name: *Prohibit access to properties of components of a remote access connection*
 -   GP name: *NC_RasChangeProperties*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -1504,32 +1093,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_RasConnect**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1544,25 +1115,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can connect and disconnect remote access connections.
+This policy setting determines whether users can connect and disconnect remote access connections.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), double-clicking the icon has no effect, and the Connect and Disconnect menu items are disabled for all users (including administrators).
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
-If you disable this setting or do not configure it, the Connect and Disconnect options for remote access connections are available to all users. Users can connect or disconnect a remote access connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.
+If you disable this setting or don't configure it, the Connect and Disconnect options for remote access connections are available to all users. Users can connect or disconnect a remote access connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit connecting and disconnecting a remote access connection*
+-   GP Friendly name: *Prohibit connecting and disconnecting a remote access connection*
 -   GP name: *NC_RasConnect*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -1575,32 +1141,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_RasMyProperties**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1615,7 +1163,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can view and change the properties of their private remote access connections.
+This policy setting determines whether users can view and change the properties of their private remote access connections.
 
 Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.
 
@@ -1623,26 +1171,21 @@ This setting determines whether the Properties menu item is enabled, and thus, w
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and no users (including administrators) can open the Remote Access Connection Properties dialog box for a private connection.
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
-If you disable this setting or do not configure it, a Properties menu item appears when any user right-clicks the icon representing a private remote access connection. Also, when any user selects the connection, Properties appears on the File menu.
+If you disable this setting or don't configure it, a Properties menu item appears when any user right-clicks the icon representing a private remote access connection. Also, when any user selects the connection, Properties appears on the File menu.
 
 > [!NOTE]
 > This setting takes precedence over settings that manipulate the availability of features in the Remote Access Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a remote access connection will be available to users.
 >
-> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit changing properties of a private remote access connection*
+-   GP Friendly name: *Prohibit changing properties of a private remote access connection*
 -   GP name: *NC_RasMyProperties*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -1655,32 +1198,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_RenameAllUserRasConnection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1695,7 +1220,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether nonadministrators can rename all-user remote access connections.
+This policy setting determines whether nonadministrators can rename all-user remote access connections.
 
 To create an all-user connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
 
@@ -1703,26 +1228,21 @@ If you enable this setting, the Rename option is enabled for all-user remote acc
 
 If you disable this setting, the Rename option is disabled for nonadministrators only.
 
-If you do not configure the setting, only Administrators and Network Configuration Operators can rename all-user remote access connections.
+If you don't configure the setting, only Administrators and Network Configuration Operators can rename all-user remote access connections.
 
 > [!NOTE]
-> This setting does not apply to Administrators.
+> This setting doesn't apply to Administrators.
 
-When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either Enabled or Disabled), this setting does not apply.
+When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either Enabled or Disabled), this setting doesn't apply.
 
-This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Ability to rename all user remote access connections*
+-   GP Friendly name: *Ability to rename all user remote access connections*
 -   GP name: *NC_RenameAllUserRasConnection*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -1735,32 +1255,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_RenameConnection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1775,32 +1277,27 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting Determines whether users can rename LAN or all user remote access connections.
+This policy setting Determines whether users can rename LAN or all user remote access connections.
 
 If you enable this setting, the Rename option is enabled for all users. Users can rename connections by clicking the icon representing a connection or by using the File menu.
 
 If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Rename option for LAN and all user remote access connections is disabled for all users (including Administrators and Network Configuration Operators).
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
-If this setting is not configured, only Administrators and Network Configuration Operators have the right to rename LAN or all user remote access connections.
+If this setting isn't configured, only Administrators and Network Configuration Operators have the right to rename LAN or all user remote access connections.
 
 > [!NOTE]
 > When configured, this setting always takes precedence over the "Ability to rename LAN connections" and "Ability to rename all user remote access connections" settings.
 >
-> This setting does not prevent users from using other programs, such as Internet Explorer, to rename remote access connections.
+> This setting doesn't prevent users from using other programs, such as Internet Explorer, to rename remote access connections.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Ability to rename LAN connections or remote access connections available to all users*
+-   GP Friendly name: *Ability to rename LAN connections or remote access connections available to all users*
 -   GP name: *NC_RenameConnection*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -1813,32 +1310,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_RenameLanConnection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1853,30 +1332,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether nonadministrators can rename a LAN connection.
+This policy setting determines whether nonadministrators can rename a LAN connection.
 
 If you enable this setting, the Rename option is enabled for LAN connections. Nonadministrators can rename LAN connections by clicking an icon representing the connection or by using the File menu.
 
 If you disable this setting, the Rename option is disabled for nonadministrators only.
 
-If you do not configure this setting, only Administrators and Network Configuration Operators can rename LAN connections
+If you don't configure this setting, only Administrators and Network Configuration Operators can rename LAN connections
 
 > [!NOTE]
-> This setting does not apply to Administrators.
+> This setting doesn't apply to Administrators.
 
-When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either enabled or disabled), this setting does not apply.
+When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either enabled or disabled), this setting doesn't apply.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Ability to rename LAN connections*
+-   GP Friendly name: *Ability to rename LAN connections*
 -   GP name: *NC_RenameLanConnection*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -1889,32 +1363,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_RenameMyRasConnection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1929,30 +1385,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can rename their private remote access connections.
+This policy setting determines whether users can rename their private remote access connections.
 
-Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.
+Private connections are those connections that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Rename option is disabled for all users (including administrators).
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
-If you disable this setting or do not configure it, the Rename option is enabled for all users' private remote access connections. Users can rename their private connection by clicking an icon representing the connection or by using the File menu.
+If you disable this setting or don't configure it, the Rename option is enabled for all users' private remote access connections. Users can rename their private connection by clicking an icon representing the connection or by using the File menu.
 
 > [!NOTE]
-> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit renaming private remote access connections*
+-   GP Friendly name: *Prohibit renaming private remote access connections*
 -   GP name: *NC_RenameMyRasConnection*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -1965,32 +1416,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_ShowSharedAccessUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2005,13 +1438,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer.
+This policy setting determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer.
 
 ICS lets administrators configure their system as an Internet gateway for a small network and provides network services, such as name resolution and addressing through DHCP, to the local private network.
 
-If you enable this setting, ICS cannot be enabled or configured by administrators, and the ICS service cannot run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled.
+If you enable this setting, ICS can't be enabled or configured by administrators, and the ICS service can't run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled.
 
-If you disable this setting or do not configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional.)
+If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. 
 
 By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can choose to enable ICS.
 
@@ -2022,19 +1455,14 @@ When the "Prohibit access to properties of a LAN connection," "Ability to change
 
 Nonadministrators are already prohibited from configuring Internet Connection Sharing, regardless of this setting.
 
-Disabling this setting does not prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on the Network Permissions tab in the network's policy properties, select the "Don't use hosted networks" check box.
+Disabling this setting doesn't prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on the Network Permissions tab in the network's policy properties, select the "Don't use hosted networks" check box.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit use of Internet Connection Sharing on your DNS domain network*
+-   GP Friendly name: *Prohibit use of Internet Connection Sharing on your DNS domain network*
 -   GP name: *NC_ShowSharedAccessUI*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -2047,32 +1475,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_Statistics**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2087,27 +1497,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can view the status for an active connection.
+This policy setting determines whether users can view the status for an active connection.
 
 Connection status is available from the connection status taskbar icon or from the Status dialog box. The Status dialog box displays information about the connection and its activity. It also provides buttons to disconnect and to configure the properties of the connection.
 
-If you enable this setting, the connection status taskbar icon and Status dialog box are not available to users (including administrators). The Status option is disabled in the context menu for the connection and on the File menu in the Network Connections folder. Users cannot choose to show the connection icon in the taskbar from the Connection Properties dialog box.
+If you enable this setting, the connection status taskbar icon and Status dialog box aren't available to users (including administrators). The Status option is disabled in the context menu for the connection and on the File menu in the Network Connections folder. Users can't choose to show the connection icon in the taskbar from the Connection Properties dialog box.
 
-If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting won't apply to administrators on post-Windows 2000 computers.
 
-If you disable this setting or do not configure it, the connection status taskbar icon and  Status dialog box are available to all users.
+If you disable this setting or don't configure it, the connection status taskbar icon and  Status dialog box are available to all users.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit viewing of status for an active connection*
+-   GP Friendly name: *Prohibit viewing of status for an active connection*
 -   GP name: *NC_Statistics*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -2120,32 +1525,14 @@ ADMX Info:
 **ADMX_NetworkConnections/NC_StdDomainUserSetLocation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2160,23 +1547,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether to require domain users to elevate when setting a network's location.
+This policy setting determines whether to require domain users to elevate when setting a network's location.
 
 If you enable this policy setting, domain users must elevate when setting a network's location.
 
-If you disable or do not configure this policy setting, domain users can set a network's location without elevating.
+If you disable or don't configure this policy setting, domain users can set a network's location without elevating.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Require domain users to elevate when setting a network's location*
+-   GP Friendly name: *Require domain users to elevate when setting a network's location*
 -   GP name: *NC_StdDomainUserSetLocation*
 -   GP path: *Network\Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -2185,6 +1567,5 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
index d9524a1f82..6a461fb657 100644
--- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/21/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_OfflineFiles
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -169,32 +173,14 @@ manager: dansimp
 **ADMX_OfflineFiles/Pol_AlwaysPinSubFolders**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -209,25 +195,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting makes subfolders available offline whenever their parent folder is made available offline.
+This policy setting makes subfolders available offline whenever their parent folder is made available offline.
 
-This setting automatically extends the "make available offline" setting to all new and existing subfolders of a folder. Users do not have the option of excluding subfolders.
+This setting automatically extends the "make available offline" setting to all new and existing subfolders of a folder. Users don't have the option of excluding subfolders.
 
 If you enable this setting, when you make a folder available offline, all folders within that folder are also made available offline. Also, new folders that you create within a folder that is available offline are made available offline when the parent folder is synchronized.
 
-If you disable this setting or do not configure it, the system asks users whether they want subfolders to be made available offline when they make a parent folder available offline.
+If you disable this setting or don't configure it, the system asks users whether they want subfolders to be made available offline when they make a parent folder available offline.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Subfolders always available offline*
+-   GP Friendly name: *Subfolders always available offline*
 -   GP name: *Pol_AlwaysPinSubFolders*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -240,32 +221,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_AssignedOfflineFiles_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -280,28 +243,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.
+This policy setting lists network files and folders that are always available for offline use. Activation of this policy setting ensures that the specified files and folders are available offline to users of the computer.
 
 If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
 
-If you disable this policy setting, the list of files or folders made always available offline (including those inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).
+If you disable this policy setting, the list of files or folders made always available offline (including those files or folders inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).
 
-If you do not configure this policy setting, no files or folders are made available for offline use by Group Policy.
+If you don't configure this policy setting, no files or folders are made available for offline use by Group Policy.
 
 > [!NOTE]
 > This setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings will be combined and all specified files will be available for offline use.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify administratively assigned Offline Files*
+-   GP Friendly name: *Specify administratively assigned Offline Files*
 -   GP name: *Pol_AssignedOfflineFiles_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -314,32 +272,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_AssignedOfflineFiles_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -354,28 +294,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.
+This policy setting lists network files and folders that are always available for offline use. Activation of this policy setting ensures that the specified files and folders are available offline to users of the computer.
 
 If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
 
-If you disable this policy setting, the list of files or folders made always available offline (including those inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).
+If you disable this policy setting, the list of files or folders made always available offline (including those files or folders inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).
 
-If you do not configure this policy setting, no files or folders are made available for offline use by Group Policy.
+If you don't configure this policy setting, no files or folders are made available for offline use by Group Policy.
 
 > [!NOTE]
 > This setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings will be combined and all specified files will be available for offline use.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify administratively assigned Offline Files*
+-   GP Friendly name: *Specify administratively assigned Offline Files*
 -   GP name: *Pol_AssignedOfflineFiles_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -388,32 +323,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_BackgroundSyncSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -428,25 +345,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls when background synchronization occurs while operating in slow-link mode, and applies to any user who logs onto the specified machine while this policy is in effect. To control slow-link mode, use the "Configure slow-link mode" policy setting.
+This policy setting controls when background synchronization occurs while operating in slow-link mode, and applies to any user who signs in to the specified machine while this policy is in effect. To control slow-link mode, use the "Configure slow-link mode" policy setting.
 
-If you enable this policy setting, you can control when Windows synchronizes in the background while operating in slow-link mode. Use  the 'Sync Interval' and 'Sync Variance' values to override the default sync interval and variance settings. Use 'Blockout Start Time' and 'Blockout Duration' to set a period of time where background sync is disabled. Use the 'Maximum Allowed Time Without A Sync' value to ensure that all  network folders on the machine are synchronized with the server on a regular basis.
+If you enable this policy setting, you can control when Windows synchronizes in the background while operating in slow-link mode. Use  the 'Sync Interval' and 'Sync Variance' values to override the default sync interval and variance settings. Use 'Blockout Start Time' and 'Blockout Duration' to set a period of time where background sync is disabled. Use the 'Maximum Allowed Time Without A Sync' value to ensure that all network folders on the machine are synchronized with the server regularly.
 
 You can also configure Background Sync for network shares that are in user selected Work Offline mode. This mode is in effect when a user selects the Work Offline button for a specific share. When selected, all configured settings will apply to shares in user selected Work Offline mode as well.
 
-If you disable or do not configure this policy setting, Windows performs a background sync of offline folders in the slow-link mode at a default interval with the start of the sync varying between 0 and 60 additional minutes. In Windows 7 and Windows Server 2008 R2, the default sync interval is 360 minutes. In Windows 8 and Windows Server 2012, the default sync interval is 120 minutes.
+If you disable or don't configure this policy setting, Windows performs a background sync of offline folders in the slow-link mode at a default interval, with the start of the sync varying between 0 and 60 extra minutes. In Windows 7 and Windows Server 2008 R2, the default sync interval is 360 minutes. In Windows 8 and Windows Server 2012, the default sync interval is 120 minutes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Background Sync*
+-   GP Friendly name: *Configure Background Sync*
 -   GP name: *Pol_BackgroundSyncSettings*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -459,32 +371,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_CacheSize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -499,15 +393,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits the amount of disk space that can be used to store offline files. This includes the space used by automatically cached files and files that are specifically made available offline. Files can be automatically cached if the user accesses a file on an automatic caching network share.
+This policy setting limits the volume of disk space that can be used to store offline files. This volume includes the space used by automatically cached files and files that are made available offline. Files can be automatically cached if the user accesses a file on an automatic caching network share.
 
-This setting also disables the ability to adjust, through the Offline Files control panel applet, the disk space limits on the Offline Files cache. This prevents users from trying to change the option while a policy setting controls it.
+This setting also disables the ability to adjust, through the Offline Files control panel applet, the disk space limits on the Offline Files cache. This disablement prevents users from trying to change the option while a policy setting controls it.
 
 If you enable this policy setting, you can specify the disk space limit (in megabytes) for offline files and also specify how much of that disk space can be used by automatically cached files.
 
 If you disable this policy setting, the system limits the space that offline files occupy to 25 percent of the total space on the drive where the Offline Files cache is located.  The limit for automatically cached files is 100 percent of the total disk space limit.
 
-If you do not configure this policy setting, the system limits the space that offline files occupy to 25 percent of the total space on the drive where the Offline Files cache is located. The limit for automatically cached files is 100 percent of the total disk space limit.  However, the users can change these values using the Offline Files control applet.
+If you don't configure this policy setting, the system limits the space that offline files occupy to 25 percent of the total space on the drive where the Offline Files cache is located. The limit for automatically cached files is 100 percent of the total disk space limit.  However, the users can change these values using the Offline Files control applet.
 
 If you enable this setting and specify a total size limit greater than the size of the drive hosting the Offline Files cache, and that drive is the system drive, the total size limit is automatically adjusted downward to 75 percent of the size of the drive.  If the cache is located on a drive other than the system drive, the limit is automatically adjusted downward to 100 percent of the size of the drive.
 
@@ -518,16 +412,11 @@ If you enable this setting and specify an auto-cached space limit greater than t
 This setting replaces the Default Cache Size setting used by pre-Windows Vista systems.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Limit disk space used by Offline Files*
+-   GP Friendly name: *Limit disk space used by Offline Files*
 -   GP name: *Pol_CacheSize*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -540,32 +429,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_CustomGoOfflineActions_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -580,19 +451,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
+This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
 
-This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
+This setting also disables the "When a network connection is lost" option on the Offline Files tab. This disablement prevents users from trying to change the option while a setting controls it.
 
 If you enable this setting, you can use the "Action" box to specify how computers in the group respond.
 
 - "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.
 
-- "Never go offline" indicates that network files are not available while the server is inaccessible.
+- "Never go offline" indicates that network files aren't available while the server is inaccessible.
 
 If you disable this setting or select the "Work offline" option, users can work offline if disconnected.
 
-If you do not configure this setting, users can work offline by default, but they can change this option.
+If you don't configure this setting, users can work offline by default, but they can change this option.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer  Configuration takes precedence over the setting in User Configuration.
 
@@ -602,16 +473,11 @@ This setting appears in the Computer Configuration and User Configuration folder
 Also, see the "Non-default server disconnect actions" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Action on server disconnect*
+-   GP Friendly name: *Action on server disconnect*
 -   GP name: *Pol_CustomGoOfflineActions_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -624,32 +490,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_CustomGoOfflineActions_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -664,19 +512,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
+This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
 
-This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
+This setting also disables the "When a network connection is lost" option on the Offline Files tab. This disablement prevents users from trying to change the option while a setting controls it.
 
 If you enable this setting, you can use the "Action" box to specify how computers in the group respond.
 
 - "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.
 
-- "Never go offline" indicates that network files are not available while the server is inaccessible.
+- "Never go offline" indicates that network files aren't available while the server is inaccessible.
 
 If you disable this setting or select the "Work offline" option, users can work offline if disconnected.
 
-If you do not configure this setting, users can work offline by default, but they can change this option.
+If you don't configure this setting, users can work offline by default, but they can change this option.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer  Configuration takes precedence over the setting in User Configuration.
 
@@ -686,16 +534,11 @@ This setting appears in the Computer Configuration and User Configuration folder
 Also, see the "Non-default server disconnect actions" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Action on server disconnect*
+-   GP Friendly name: *Action on server disconnect*
 -   GP name: *Pol_CustomGoOfflineActions_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -708,32 +551,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_DefCacheSize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -748,34 +573,29 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Limits the percentage of the computer's disk space that can be used to store automatically cached offline files.
+Limits the percentage of the computer's disk space that can be used to store automatically cached offline files.
 
-This setting also disables the "Amount of disk space to use for temporary offline files" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
+This setting also disables the "Amount of disk space to use for temporary offline files" option on the Offline Files tab. This disablement prevents users from trying to change the option while a setting controls it.
 
 Automatic caching can be set on any network share. When a user opens a file on the share, the system automatically stores a copy of the file on the user's computer.
 
-This setting does not limit the disk space available for files that user's make available offline manually.
+This setting doesn't limit the disk space available for files that user's make available offline manually.
 
 If you enable this setting, you can specify an automatic-cache disk space limit.
 
 If you disable this setting, the system limits the space that automatically cached files occupy to 10 percent of the space on the system drive.
 
-If you do not configure this setting, disk space for automatically cached files is limited to 10 percent of the system drive by default, but users can change it.
+If you don't configure this setting, disk space for automatically cached files is limited to 10 percent of the system drive by default, but users can change it.
 
 > [!TIP]
 > To change the amount of disk space used for automatic caching without specifying a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then use the slider bar associated with the "Amount of disk space to use for temporary offline files" option.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Default cache size*
+-   GP Friendly name: *Default cache size*
 -   GP name: *Pol_DefCacheSize*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -788,32 +608,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_Enabled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -828,28 +630,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build.This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.
+This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer isn't connected to the network.
 
-If you enable this policy setting, Offline Files is enabled and users cannot disable it.
+If you enable this policy setting, Offline Files is enabled and users can't disable it.
 
-If you disable this policy setting, Offline Files is disabled and users cannot enable it.
+If you disable this policy setting, Offline Files is disabled and users can't enable it.
 
-If you do not configure this policy setting, Offline Files is enabled on Windows client computers, and disabled on computers running Windows Server, unless changed by the user.
+If you don't configure this policy setting, Offline Files is enabled on Windows client computers, and disabled on computers running Windows Server, unless changed by the user.
 
 > [!NOTE]
-> Changes to this policy setting do not take effect until the affected computer is restarted.
+> Changes to this policy setting don't take effect until the affected computer is restarted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow or Disallow use of the Offline Files feature*
+-   GP Friendly name: *Allow or Disallow use of the Offline Files feature*
 -   GP name: *Pol_Enabled*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -862,32 +659,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_EncryptOfflineFiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -902,31 +681,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are encrypted.
+This policy setting determines whether offline files are encrypted.
 
 Offline files are locally cached copies of files from a network share. Encrypting this cache reduces the likelihood that a user could access files from the Offline Files cache without proper permissions.
 
-If you enable this policy setting, all files in the Offline Files cache are encrypted.  This includes existing files as well as files added later. The cached copy on the local computer is affected, but the associated network copy is not. The user cannot unencrypt Offline Files through the user interface.
+If you enable this policy setting, all files in the Offline Files cache are encrypted.  These files include existing files and files added later. The cached copy on the local computer is affected, but the associated network copy isn't. The user can't unencrypt Offline Files through the user interface.
 
-If you disable this policy setting, all files in the Offline Files cache are unencrypted. This includes existing files as well as files added later, even if the files were stored using NTFS encryption or BitLocker Drive Encryption while on the server. The cached copy on the local computer is affected, but the associated network copy is not. The user cannot encrypt Offline Files through the user interface.
+If you disable this policy setting, all files in the Offline Files cache are unencrypted. These files include existing files and files added later, even if the files were stored using NTFS encryption or BitLocker Drive Encryption while on the server. The cached copy on the local computer is affected, but the associated network copy isn't. The user can't encrypt Offline Files through the user interface.
 
-If you do not configure this policy setting, encryption of the Offline Files cache is controlled by the user through the user interface. The current cache state is retained, and if the cache is only partially encrypted, the operation completes so that it is fully encrypted. The cache does not return to the unencrypted state. The user must be an administrator on the local computer to encrypt or decrypt the Offline Files cache.
+If you don't configure this policy setting, encryption of the Offline Files cache is controlled by the user through the user interface. The current cache state is retained, and if the cache is only partially encrypted, the operation completes so that it's fully encrypted. The cache doesn't return to the unencrypted state. The user must be an administrator on the local computer to encrypt or decrypt the Offline Files cache.
 
 > [!NOTE]
 > By default, this cache is protected on NTFS partitions by ACLs.
 
-This setting is applied at user logon. If this setting is changed after user logon then user logoff and logon is required for this setting to take effect.
+This setting is applied at user sign in. If this setting is changed after user sign in, then user sign out and sign in is required for this setting to take effect.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Encrypt the Offline Files cache*
+-   GP Friendly name: *Encrypt the Offline Files cache*
 -   GP name: *Pol_EncryptOfflineFiles*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -939,32 +713,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_EventLoggingLevel_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -979,9 +735,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines which events the Offline Files feature records in the event log.
+This policy setting determines which events the Offline Files feature records in the event log.
 
-Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify additional events you want Offline Files to record.
+Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify the other events you want Offline Files to record.
 
 To use this setting, in the "Enter" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels.
 
@@ -997,16 +753,11 @@ To use this setting, in the "Enter" box, select the number corresponding to the
 > This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Event logging level*
+-   GP Friendly name: *Event logging level*
 -   GP name: *Pol_EventLoggingLevel_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -1019,32 +770,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_EventLoggingLevel_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1059,9 +792,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines which events the Offline Files feature records in the event log.
+This policy setting determines which events the Offline Files feature records in the event log.
 
-Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify additional events you want Offline Files to record.
+Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify the other events you want Offline Files to record.
 
 To use this setting, in the "Enter" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels.
 
@@ -1077,16 +810,11 @@ To use this setting, in the "Enter" box, select the number corresponding to the
 > This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Event logging level*
+-   GP Friendly name: *Event logging level*
 -   GP name: *Pol_EventLoggingLevel_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -1099,32 +827,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_ExclusionListSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1139,23 +849,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.
+This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.
 
 If you enable this policy setting, a user will be unable to create files with the specified file extensions in any of the folders that have been made available offline.
 
-If you disable or do not configure this policy setting, a user can create a file of any type in the folders that have been made available offline.
+If you disable or don't configure this policy setting, a user can create a file of any type in the folders that have been made available offline.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable file screens*
+-   GP Friendly name: *Enable file screens*
 -   GP name: *Pol_ExclusionListSettings*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -1168,32 +873,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_ExtExclusionList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1208,11 +895,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Lists types of files that cannot be used offline.
+Lists types of files that can't be used offline.
 
-This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system does not cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type cannot be made available offline."
+This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system doesn't cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type cannot be made available offline."
 
-This setting is designed to protect files that cannot be separated, such as database components.
+This setting is designed to protect files that can't be separated, such as database components.
 
 To use this setting, type the file name extension in the "Extensions" box. To type more than one extension, separate the extensions with a semicolon (;).
 
@@ -1220,16 +907,11 @@ To use this setting, type the file name extension in the "Extensions" box. To ty
 > To make changes to this setting effective, you must log off and log on again.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Files not cached*
+-   GP Friendly name: *Files not cached*
 -   GP name: *Pol_ExtExclusionList*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -1242,32 +924,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_GoOfflineAction_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1282,19 +946,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
+This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
 
-This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
+This setting also disables the "When a network connection is lost" option on the Offline Files tab. This disablement prevents users from trying to change the option while a setting controls it.
 
 If you enable this setting, you can use the "Action" box to specify how computers in the group respond.
 
 - "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.
 
-- "Never go offline" indicates that network files are not available while the server is inaccessible.
+- "Never go offline" indicates that network files aren't available while the server is inaccessible.
 
 If you disable this setting or select the "Work offline" option, users can work offline if disconnected.
 
-If you do not configure this setting, users can work offline by default, but they can change this option.
+If you don't configure this setting, users can work offline by default, but they can change this option.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer  Configuration takes precedence over the setting in User Configuration.
 
@@ -1304,16 +968,11 @@ This setting appears in the Computer Configuration and User Configuration folder
 Also, see the "Non-default server disconnect actions" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Action on server disconnect*
+-   GP Friendly name: *Action on server disconnect*
 -   GP name: *Pol_GoOfflineAction_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -1326,32 +985,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_GoOfflineAction_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1366,19 +1007,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
+This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
 
-This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
+This setting also disables the "When a network connection is lost" option on the Offline Files tab. This disablement prevents users from trying to change the option while a setting controls it.
 
 If you enable this setting, you can use the "Action" box to specify how computers in the group respond.
 
 - "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.
 
-- "Never go offline" indicates that network files are not available while the server is inaccessible.
+- "Never go offline" indicates that network files aren't available while the server is inaccessible.
 
 If you disable this setting or select the "Work offline" option, users can work offline if disconnected.
 
-If you do not configure this setting, users can work offline by default, but they can change this option.
+If you don't configure this setting, users can work offline by default, but they can change this option.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer  Configuration takes precedence over the setting in User Configuration.
 
@@ -1388,16 +1029,11 @@ This setting appears in the Computer Configuration and User Configuration folder
 Also, see the "Non-default server disconnect actions" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Action on server disconnect*
+-   GP Friendly name: *Action on server disconnect*
 -   GP name: *Pol_GoOfflineAction_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -1410,32 +1046,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_NoCacheViewer_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1450,11 +1068,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting disables the Offline Files folder.
+This policy setting disables the Offline Files folder.
 
-This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, such as their server status, type, or location.
+This setting disables the "View Files" button on the Offline Files tab. As a result, users can't use the Offline Files folder to view or open copies of network files stored on their computer. Also, they can't use the folder to view characteristics of offline files, such as their server status, type, or location.
 
-This setting does not prevent users from working offline or from saving local copies of files available offline. Also, it does not prevent them from using other programs, such as Windows Explorer, to view their offline files.
+This setting doesn't prevent users from working offline or from saving local copies of files available offline. Also, it doesn't prevent them from using other programs, such as Windows Explorer, to view their offline files.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
@@ -1462,16 +1080,11 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To view the Offline Files Folder, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click "View Files."
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent use of Offline Files folder*
+-   GP Friendly name: *Prevent use of Offline Files folder*
 -   GP name: *Pol_NoCacheViewer_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -1484,32 +1097,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_NoCacheViewer_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1524,11 +1119,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting disables the Offline Files folder.
+This policy setting disables the Offline Files folder.
 
-This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, such as their server status, type, or location.
+This setting disables the "View Files" button on the Offline Files tab. As a result, users can't use the Offline Files folder to view or open copies of network files stored on their computer. Also, they can't use the folder to view characteristics of offline files, such as their server status, type, or location.
 
-This setting does not prevent users from working offline or from saving local copies of files available offline. Also, it does not prevent them from using other programs, such as Windows Explorer, to view their offline files.
+This setting doesn't prevent users from working offline or from saving local copies of files available offline. Also, it doesn't prevent them from using other programs, such as Windows Explorer, to view their offline files.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
@@ -1536,16 +1131,11 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To view the Offline Files Folder, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click "View Files."
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent use of Offline Files folder*
+-   GP Friendly name: *Prevent use of Offline Files folder*
 -   GP name: *Pol_NoCacheViewer_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -1558,32 +1148,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_NoConfigCache_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1598,28 +1170,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files.
+This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files.
 
-This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box.
+This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users can't view or change the options on the Offline Files tab or Offline Files dialog box.
 
-This is a comprehensive setting that locks down the configuration you establish by using other settings in this folder.
+This setting is a comprehensive setting that locks down the configuration you establish by using other settings in this folder.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 > [!TIP]
-> This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this setting. You do not have to disable any other settings in this folder.
+> This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this setting. You don't have to disable any other settings in this folder.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit user configuration of Offline Files*
+-   GP Friendly name: *Prohibit user configuration of Offline Files*
 -   GP name: *Pol_NoConfigCache_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -1632,32 +1199,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_NoConfigCache_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1672,28 +1221,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files.
+This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files.
 
-This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box.
+This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users can't view or change the options on the Offline Files tab or Offline Files dialog box.
 
-This is a comprehensive setting that locks down the configuration you establish by using other settings in this folder.
+This setting is a comprehensive setting that locks down the configuration you establish by using other settings in this folder.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 > [!TIP]
-> This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this setting. You do not have to disable any other settings in this folder.
+> This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this setting. You don't have to disable any other settings in this folder.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit user configuration of Offline Files*
+-   GP Friendly name: *Prohibit user configuration of Offline Files*
 -   GP name: *Pol_NoConfigCache_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -1706,32 +1250,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_NoMakeAvailableOffline_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1746,27 +1272,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from making network files and folders available offline.
+This policy setting prevents users from making network files and folders available offline.
 
-If you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching.
+If you enable this policy setting, users can't designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching.
 
-If you disable or do not configure this policy setting, users can manually specify files and folders that they want to make available offline.
+If you disable or don't configure this policy setting, users can manually specify files and folders that they want to make available offline.
 
 > [!NOTE]
 > - This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence.
 > - The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove "Make Available Offline" command*
+-   GP Friendly name: *Remove "Make Available Offline" command*
 -   GP name: *Pol_NoMakeAvailableOffline_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -1779,32 +1300,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_NoMakeAvailableOffline_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1819,27 +1322,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from making network files and folders available offline.
+This policy setting prevents users from making network files and folders available offline.
 
-If you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching.
+If you enable this policy setting, users can't designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching.
 
-If you disable or do not configure this policy setting, users can manually specify files and folders that they want to make available offline.
+If you disable or don't configure this policy setting, users can manually specify files and folders that they want to make available offline.
 
 > [!NOTE]
 > - This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence.
 > - The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove "Make Available Offline" command*
+-   GP Friendly name: *Remove "Make Available Offline" command*
 -   GP name: *Pol_NoMakeAvailableOffline_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -1852,32 +1350,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_NoPinFiles_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1892,31 +1372,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.
+This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.
 
-If you enable this policy setting, the "Make Available Offline" command is not available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
+If you enable this policy setting, the "Make Available Offline" command isn't available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
 
 If you disable this policy setting, the list of files and folders is deleted, including any lists inherited from lower precedence GPOs, and the "Make Available Offline" command is displayed for all files and folders.
 
-If you do not configure this policy setting, the "Make Available Offline" command is available for all files and folders.
+If you don't configure this policy setting, the "Make Available Offline" command is available for all files and folders.
 
 > [!NOTE]
 > - This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings are combined, and the "Make Available Offline" command is unavailable for all specified files and folders.
 > - The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.
-> - This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching." It only affects the display of the "Make Available Offline" command in File Explorer.
+> - This policy setting doesn't prevent files from being automatically cached if the network share is configured for "Automatic Caching." It only affects the display of the "Make Available Offline" command in File Explorer.
 > - If the "Remove 'Make Available Offline' command" policy setting is enabled, this setting has no effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove "Make Available Offline" for these files and folders*
+-   GP Friendly name: *Remove "Make Available Offline" for these files and folders*
 -   GP name: *Pol_NoPinFiles_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -1929,32 +1404,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_NoPinFiles_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1969,31 +1426,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.
+This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.
 
-If you enable this policy setting, the "Make Available Offline" command is not available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
+If you enable this policy setting, the "Make Available Offline" command isn't available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
 
 If you disable this policy setting, the list of files and folders is deleted, including any lists inherited from lower precedence GPOs, and the "Make Available Offline" command is displayed for all files and folders.
 
-If you do not configure this policy setting, the "Make Available Offline" command is available for all files and folders.
+If you don't configure this policy setting, the "Make Available Offline" command is available for all files and folders.
 
 > [!NOTE]
 > - This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings are combined, and the "Make Available Offline" command is unavailable for all specified files and folders.
 > - The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.
-> - This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching." It only affects the display of the "Make Available Offline" command in File Explorer.
+> - This policy setting doesn't prevent files from being automatically cached if the network share is configured for "Automatic Caching." It only affects the display of the "Make Available Offline" command in File Explorer.
 > - If the "Remove 'Make Available Offline' command" policy setting is enabled, this setting has no effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove "Make Available Offline" for these files and folders*
+-   GP Friendly name: *Remove "Make Available Offline" for these files and folders*
 -   GP name: *Pol_NoPinFiles_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -2006,32 +1458,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_NoReminders_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2046,15 +1480,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Hides or displays reminder balloons, and prevents users from changing the setting.
+Hides or displays reminder balloons, and prevents users from changing the setting.
 
-Reminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed.
+Reminder balloons appear above the Offline Files icon in the notification area to notify users when they've lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed.
 
 If you enable this setting, the system hides the reminder balloons, and prevents users from displaying them.
 
 If you disable the setting, the system displays the reminder balloons and prevents users from hiding them.
 
-If this setting is not configured, reminder balloons are displayed by default when you enable offline files, but users can change the setting.
+If this setting isn't configured, reminder balloons are displayed by default when you enable offline files, but users can change the setting.
 
 To prevent users from changing the setting while a setting is in effect, the system disables the "Enable reminders" option on the Offline Files tab
 
@@ -2064,16 +1498,11 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To display or hide reminder balloons without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Enable reminders" check box.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off reminder balloons*
+-   GP Friendly name: *Turn off reminder balloons*
 -   GP name: *Pol_NoReminders_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -2086,32 +1515,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_NoReminders_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2126,15 +1537,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Hides or displays reminder balloons, and prevents users from changing the setting.
+Hides or displays reminder balloons, and prevents users from changing the setting.
 
-Reminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed.
+Reminder balloons appear above the Offline Files icon in the notification area to notify users when they've lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed.
 
 If you enable this setting, the system hides the reminder balloons, and prevents users from displaying them.
 
 If you disable the setting, the system displays the reminder balloons and prevents users from hiding them.
 
-If this setting is not configured, reminder balloons are displayed by default when you enable offline files, but users can change the setting.
+If this setting isn't configured, reminder balloons are displayed by default when you enable offline files, but users can change the setting.
 
 To prevent users from changing the setting while a setting is in effect, the system disables the "Enable reminders" option on the Offline Files tab
 
@@ -2144,16 +1555,11 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To display or hide reminder balloons without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Enable reminders" check box.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off reminder balloons*
+-   GP Friendly name: *Turn off reminder balloons*
 -   GP name: *Pol_NoReminders_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -2166,32 +1572,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_OnlineCachingSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2206,27 +1594,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached, Windows reads from the cached copy after verifying its integrity. This improves end-user response times and decreases bandwidth consumption over WAN links.
+This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached, Windows reads from the cached copy after verifying its integrity. This read-action improves end-user response times and decreases bandwidth consumption over WAN links.
 
-The cached files are temporary and are not available to the user when offline. The cached files are not kept in sync with the version on the server, and the most current version from the server is always available for subsequent reads.
+The cached files are temporary and aren't available to the user when offline. The cached files aren't kept in sync with the version on the server, and the most current version from the server is always available for subsequent reads.
 
-This policy setting is triggered by the configured round trip network latency value. We recommend using this policy  setting when the network connection to the server is slow. For example, you can configure a value of 60 ms as the round trip latency of the network above which files should be transparently cached in the Offline Files cache. If the round trip latency of the network is less than 60ms, reads to remote files will not be cached.
+This policy setting is triggered by the configured round trip network latency value. We recommend using this policy  setting when the network connection to the server is slow. For example, you can configure a value of 60 ms as the round trip latency of the network above which files should be transparently cached in the Offline Files cache. If the round trip latency of the network is less than 60 ms, reads to remote files won't be cached.
 
 If you enable this policy setting, transparent caching is enabled and configurable.
 
-If you disable or do not configure this policy setting, remote files will be not be transparently cached on client computers.
+If you disable or don't configure this policy setting, remote files won't be transparently cached on client computers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable Transparent Caching*
+-   GP Friendly name: *Enable Transparent Caching*
 -   GP name: *Pol_OnlineCachingSettings*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -2239,32 +1622,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_AlwaysPinSubFolders**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2279,25 +1644,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting makes subfolders available offline whenever their parent folder is made available offline.
+This policy setting makes subfolders available offline whenever their parent folder is made available offline.
 
-This setting automatically extends the "make available offline" setting to all new and existing subfolders of a folder. Users do not have the option of excluding subfolders.
+This setting automatically extends the "make available offline" setting to all new and existing subfolders of a folder. Users don't have the option of excluding subfolders.
 
 If you enable this setting, when you make a folder available offline, all folders within that folder are also made available offline. Also, new folders that you create within a folder that is available offline are made available offline when the parent folder is synchronized.
 
-If you disable this setting or do not configure it, the system asks users whether they want subfolders to be made available offline when they make a parent folder available offline.
+If you disable this setting or don't configure it, the system asks users whether they want subfolders to be made available offline when they make a parent folder available offline.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Subfolders always available offline*
+-   GP Friendly name: *Subfolders always available offline*
 -   GP name: *Pol_AlwaysPinSubFolders*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -2310,32 +1670,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_PurgeAtLogoff**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2350,26 +1692,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting deletes local copies of the user's offline files when the user logs off.
+This policy setting deletes local copies of the user's offline files when the user signs out.
 
-This setting specifies that automatically and manually cached offline files are retained only while the user is logged on to the computer. When the user logs off, the system deletes all local copies of offline files.
+This setting specifies that automatically and manually cached offline files are retained only while the user is logged on to the computer. When the user signs out, the system deletes all local copies of offline files.
 
-If you disable this setting or do not configure it, automatically and manually cached copies are retained on the user's computer for later offline use.
+If you disable this setting or don't configure it, automatically and manually cached copies are retained on the user's computer for later offline use.
 
 > [!CAUTION]
-> Files are not synchronized before they are deleted. Any changes to local files since the last synchronization are lost.
+> Files aren't synchronized before they're deleted. Any changes to local files since the last synchronization are lost.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *At logoff, delete local copy of user’s offline files*
+-   GP Friendly name: *At logoff, delete local copy of user’s offline files*
 -   GP name: *Pol_PurgeAtLogoff*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -2382,32 +1719,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_QuickAdimPin**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2422,23 +1741,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on economical application of administratively assigned Offline Files.
+This policy setting allows you to turn on economical application of administratively assigned Offline Files.
 
-If you enable or do not configure this policy setting, only new files and folders in administratively assigned folders are synchronized at logon. Files and folders that are already available offline are skipped and are synchronized later.
+If you enable or don't configure this policy setting, only new files and folders in administratively assigned folders are synchronized at sign in. Files and folders that are already available offline are skipped and are synchronized later.
 
 If you disable this policy setting, all administratively assigned folders are synchronized at logon.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on economical application of administratively assigned Offline Files*
+-   GP Friendly name: *Turn on economical application of administratively assigned Offline Files*
 -   GP name: *Pol_QuickAdimPin*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -2451,32 +1765,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_ReminderFreq_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2491,11 +1787,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how often reminder balloon updates appear.
+This policy setting determines how often reminder balloon updates appear.
 
 If you enable this setting, you can select how often reminder balloons updates appear and also prevent users from changing this setting.
 
-Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the update interval.
+Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they're updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the update interval.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
@@ -2503,16 +1799,11 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To set reminder balloon frequency without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Display reminder balloons every ... minutes" option.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Reminder balloon frequency*
+-   GP Friendly name: *Reminder balloon frequency*
 -   GP name: *Pol_ReminderFreq_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -2525,32 +1816,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_ReminderFreq_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2565,11 +1838,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how often reminder balloon updates appear.
+This policy setting determines how often reminder balloon updates appear.
 
 If you enable this setting, you can select how often reminder balloons updates appear and also prevent users from changing this setting.
 
-Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the update interval.
+Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they're updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the update interval.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
@@ -2577,16 +1850,11 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To set reminder balloon frequency without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Display reminder balloons every ... minutes" option.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Reminder balloon frequency*
+-   GP Friendly name: *Reminder balloon frequency*
 -   GP name: *Pol_ReminderFreq_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -2599,32 +1867,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_ReminderInitTimeout_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2639,23 +1889,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long the first reminder balloon for a network status change is displayed.
+This policy setting determines how long the first reminder balloon for a network status change is displayed.
 
-Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder.
+Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they're updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Initial reminder balloon lifetime*
+-   GP Friendly name: *Initial reminder balloon lifetime*
 -   GP name: *Pol_ReminderInitTimeout_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -2668,32 +1913,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_ReminderInitTimeout_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2708,23 +1935,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long the first reminder balloon for a network status change is displayed.
+This policy setting determines how long the first reminder balloon for a network status change is displayed.
 
-Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder.
+Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they're updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Initial reminder balloon lifetime*
+-   GP Friendly name: *Initial reminder balloon lifetime*
 -   GP name: *Pol_ReminderInitTimeout_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -2737,32 +1959,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_ReminderTimeout_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2777,23 +1981,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long updated reminder balloons are displayed.
+This policy setting determines how long updated reminder balloons are displayed.
 
-Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder.
+Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they're updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Reminder balloon lifetime*
+-   GP Friendly name: *Reminder balloon lifetime*
 -   GP name: *Pol_ReminderTimeout_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -2806,32 +2005,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_ReminderTimeout_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2846,23 +2027,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long updated reminder balloons are displayed.
+This policy setting determines how long updated reminder balloons are displayed.
 
-Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder.
+Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they're updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Reminder balloon lifetime*
+-   GP Friendly name: *Reminder balloon lifetime*
 -   GP name: *Pol_ReminderTimeout_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -2875,32 +2051,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_SlowLinkSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2915,33 +2073,28 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the network latency and throughput thresholds that will cause a client computers to transition files and folders that are already available offline to the slow-link mode so that the user's access to this data is not degraded due to network slowness. When Offline Files is operating in the slow-link mode, all network file requests are satisfied from the Offline Files cache. This is similar to a user working offline.
+This policy setting controls the network latency and throughput thresholds that will cause a client computer to transition files and folders that are already available offline to the slow-link mode so that the user's access to this data isn't degraded due to network slowness. When Offline Files is operating in the slow-link mode, all network file requests are satisfied from the Offline Files cache. This scenario is similar to a user working offline.
 
 If you enable this policy setting, Offline Files uses the slow-link mode if the network throughput between the client and the server is below (slower than) the Throughput threshold parameter, or if the round-trip network latency is above (slower than) the Latency threshold parameter.
 
-You can configure the slow-link mode by specifying threshold values for Throughput (in bits per second) and/or Latency (in milliseconds) for specific UNC paths. We recommend that you always specify a value for Latency, since the round-trip network latency detection is faster. You can use wildcard characters (*) for specifying UNC paths. If you do not specify a Latency or Throughput value, computers running Windows Vista or Windows Server 2008 will not use the slow-link mode.
+You can configure the slow-link mode by specifying threshold values for Throughput (in bits per second) and/or Latency (in milliseconds) for specific UNC paths. We recommend that you always specify a value for Latency, since the round-trip network latency detection is faster. You can use wildcard characters (*) for specifying UNC paths. If you don't specify a Latency or Throughput value, computers running Windows Vista or Windows Server 2008 won't use the slow-link mode.
 
-If you do not configure this policy setting, computers running Windows Vista or Windows Server 2008 will not transition a shared folder to the slow-link mode. Computers running Windows 7 or Windows Server 2008 R2 will use the default latency value of 80 milliseconds when transitioning a folder to the slow-link mode. Computers running Windows 8 or Windows Server 2012 will use the default latency value of 35 milliseconds when transitioning a folder to the slow-link mode. To avoid extra charges on cell phone or broadband plans, it may be necessary to configure the latency threshold to be lower than the round-trip network latency.
+If you don't configure this policy setting, computers running Windows Vista or Windows Server 2008 won't transition a shared folder to the slow-link mode. Computers running Windows 7 or Windows Server 2008 R2 will use the default latency value of 80 milliseconds when transitioning a folder to the slow-link mode. Computers running Windows 8 or Windows Server 2012 will use the default latency value of 35 milliseconds when transitioning a folder to the slow-link mode. To avoid extra charges on cell phone or broadband plans, it may be necessary to configure the latency threshold to be lower than the round-trip network latency.
 
 In Windows Vista or Windows Server 2008, once transitioned to slow-link mode, users will continue to operate in slow-link mode until the user clicks the Work Online button on the toolbar in Windows Explorer. Data will only be synchronized to the server if the user manually initiates synchronization by using Sync Center.
 
 In Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012, when operating in slow-link mode Offline Files synchronizes the user's files in the background at regular intervals, or as configured by the "Configure Background Sync" policy. While in slow-link mode, Windows periodically checks the connection to the folder and brings the folder back online if network speeds improve.
 
-In Windows 8 or Windows Server 2012, set the Latency threshold to 1ms to keep users always working offline in slow-link mode.
+In Windows 8 or Windows Server 2012, set the Latency threshold to 1 m to keep users always working offline in slow-link mode.
 
-If you disable this policy setting, computers will not use the slow-link mode.
+If you disable this policy setting, computers won't use the slow-link mode.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure slow-link mode*
+-   GP Friendly name: *Configure slow-link mode*
 -   GP name: *Pol_SlowLinkSettings*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -2954,32 +2107,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_SlowLinkSpeed**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2994,9 +2129,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.
+This policy setting configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.
 
-When a connection is considered slow, Offline Files automatically adjust its behavior to avoid excessive synchronization traffic and will not automatically reconnect to a server when the presence of a server is detected.
+When a connection is considered slow, Offline Files automatically adjust its behavior to avoid excessive synchronization traffic and won't automatically reconnect to a server when the presence of a server is detected.
 
 If you enable this setting, you can configure the threshold value that will be used to determine a slow network connection.
 
@@ -3006,16 +2141,10 @@ If this setting is disabled or not configured, the default threshold value of 64
 > Use the following formula when entering the slow link value: [ bps / 100]. For example, if you want to set a threshold value of 128,000 bps, enter a value of 1280.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure Slow link speed*
+-   GP Friendly name: *Configure Slow link speed*
 -   GP name: *Pol_SlowLinkSpeed*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -3028,32 +2157,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_SyncAtLogoff_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3068,15 +2179,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log off.
+This policy setting determines whether offline files are fully synchronized when users sign out.
 
-This setting also disables the "Synchronize all offline files before logging off" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
+This setting also disables the "Synchronize all offline files before logging off" option on the Offline Files tab. This disablement prevents users from trying to change the option while a setting controls it.
 
 If you enable this setting, offline files are fully synchronized. Full synchronization ensures that offline files are complete and current.
 
-If you disable this setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but does not ensure that they are current.
+If you disable this setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but doesn't ensure that they're current.
 
-If you do not configure this setting, the system performs a quick synchronization by default, but users can change this option.
+If you don't configure this setting, the system performs a quick synchronization by default, but users can change this option.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
@@ -3084,16 +2195,11 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To change the synchronization method without changing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then select the "Synchronize all offline files before logging off" option.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Synchronize all offline files before logging off*
+-   GP Friendly name: *Synchronize all offline files before logging off*
 -   GP name: *Pol_SyncAtLogoff_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -3106,32 +2212,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_SyncAtLogoff_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3146,15 +2234,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log off.
+This policy setting determines whether offline files are fully synchronized when users sign out.
 
-This setting also disables the "Synchronize all offline files before logging off" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
+This setting also disables the "Synchronize all offline files before logging off" option on the Offline Files tab. This disablement prevents users from trying to change the option while a setting controls it.
 
 If you enable this setting, offline files are fully synchronized. Full synchronization ensures that offline files are complete and current.
 
-If you disable this setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but does not ensure that they are current.
+If you disable this setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but doesn't ensure that they're current.
 
-If you do not configure this setting, the system performs a quick synchronization by default, but users can change this option.
+If you don't configure this setting, the system performs a quick synchronization by default, but users can change this option.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
@@ -3162,16 +2250,11 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To change the synchronization method without changing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then select the "Synchronize all offline files before logging off" option.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Synchronize all offline files before logging off*
+-   GP Friendly name: *Synchronize all offline files before logging off*
 -   GP name: *Pol_SyncAtLogoff_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -3184,32 +2267,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_SyncAtLogon_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3224,15 +2289,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log on.
+This policy setting determines whether offline files are fully synchronized when users sign in.
 
-This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
+This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This disablement prevents users from trying to change the option while a setting controls it.
 
-If you enable this setting, offline files are fully synchronized at logon. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.
+If you enable this setting, offline files are fully synchronized at sign in. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.
 
-If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but does not ensure that they are current.
+If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but doesn't ensure that they're current.
 
-If you do not configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default, but users can change this option.
+If you don't configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default, but users can change this option.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
@@ -3240,16 +2305,11 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To change the synchronization method without setting a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then select the "Synchronize all offline files before logging on" option.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Synchronize all offline files when logging on*
+-   GP Friendly name: *Synchronize all offline files when logging on*
 -   GP name: *Pol_SyncAtLogon_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -3264,32 +2324,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_SyncAtLogon_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3304,15 +2346,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log on.
+This policy setting determines whether offline files are fully synchronized when users sign in.
 
-This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
+This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This disablement prevents users from trying to change the option while a setting controls it.
 
-If you enable this setting, offline files are fully synchronized at logon. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.
+If you enable this setting, offline files are fully synchronized at sign in. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.
 
-If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but does not ensure that they are current.
+If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but doesn't ensure that they're current.
 
-If you do not configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default, but users can change this option.
+If you don't configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default, but users can change this option.
 
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
@@ -3320,16 +2362,11 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To change the synchronization method without setting a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then select the "Synchronize all offline files before logging on" option.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Synchronize all offline files when logging on*
+-   GP Friendly name: *Synchronize all offline files when logging on*
 -   GP name: *Pol_SyncAtLogon_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -3342,32 +2379,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_SyncAtSuspend_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3382,26 +2401,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are synchronized before a computer is suspended.
+This policy setting determines whether offline files are synchronized before a computer is suspended.
 
 If you enable this setting, offline files are synchronized whenever the computer is suspended. Setting the synchronization action to "Quick" ensures only that all files in the cache are complete. Setting the synchronization action to "Full" ensures that all cached files and folders are up-to-date with the most current version.
 
-If you disable or do not configuring this setting, files are not synchronized when the computer is suspended.
+If you disable or don't configure this setting, files aren't synchronized when the computer is suspended.
 
 > [!NOTE]
-> If the computer is suspended by closing the display on a portable computer, files are not synchronized. If multiple users are logged on to the computer at the time the computer is suspended, a synchronization is not performed.
+> If the computer is suspended by closing the display on a portable computer, files aren't synchronized. If multiple users are logged on to the computer at the time the computer is suspended, a synchronization isn't performed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Synchronize offline files before suspend*
+-   GP Friendly name: *Synchronize offline files before suspend*
 -   GP name: *Pol_SyncAtSuspend_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -3414,32 +2428,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_SyncAtSuspend_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3454,26 +2450,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are synchronized before a computer is suspended.
+This policy setting determines whether offline files are synchronized before a computer is suspended.
 
 If you enable this setting, offline files are synchronized whenever the computer is suspended. Setting the synchronization action to "Quick" ensures only that all files in the cache are complete. Setting the synchronization action to "Full" ensures that all cached files and folders are up-to-date with the most current version.
 
-If you disable or do not configuring this setting, files are not synchronized when the computer is suspended.
+If you disable or don't configure this setting, files aren't synchronized when the computer is suspended.
 
 > [!NOTE]
-> If the computer is suspended by closing the display on a portable computer, files are not synchronized. If multiple users are logged on to the computer at the time the computer is suspended, a synchronization is not performed.
+> If the computer is suspended by closing the display on a portable computer, files aren't synchronized. If multiple users are logged on to the computer at the time the computer is suspended, a synchronization isn't performed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Synchronize offline files before suspend*
+-   GP Friendly name: *Synchronize offline files before suspend*
 -   GP name: *Pol_SyncAtSuspend_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -3486,32 +2477,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_SyncOnCostedNetwork**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3526,23 +2499,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are synchronized in the background when it could result in extra charges on cell phone or broadband plans.
+This policy setting determines whether offline files are synchronized in the background when it could result in extra charges on cell phone or broadband plans.
 
-If you enable this setting, synchronization can occur in the background when the user's network is roaming, near, or over the plan's data limit.  This may result in extra charges on cell phone or broadband plans.
+If you enable this setting, synchronization can occur in the background when the user's network is roaming, near, or over the plan's data limit. This synchronization may result in extra charges on cell phone or broadband plans.
 
-If this setting is disabled or not configured, synchronization will not run in the background on network folders when the user's network is roaming, near, or over the plan's data limit. The network folder must also be in "slow-link" mode, as specified by the "Configure slow-link mode" policy to avoid network usage.
+If this setting is disabled or not configured, synchronization won't run in the background on network folders when the user's network is roaming, near, or over the plan's data limit. The network folder must also be in "slow-link" mode, as specified by the "Configure slow-link mode" policy to avoid network usage.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable file synchronization on costed networks*
+-   GP Friendly name: *Enable file synchronization on costed networks*
 -   GP name: *Pol_SyncOnCostedNetwork*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -3555,32 +2523,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_WorkOfflineDisabled_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3595,23 +2545,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.
+This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.
 
-If you enable this policy setting, the "Work offline" command is not displayed in File Explorer.
+If you enable this policy setting, the "Work offline" command isn't displayed in File Explorer.
 
-If you disable or do not configure this policy setting, the "Work offline" command is displayed in File Explorer.
+If you disable or don't configure this policy setting, the "Work offline" command is displayed in File Explorer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove "Work offline" command*
+-   GP Friendly name: *Remove "Work offline" command*
 -   GP name: *Pol_WorkOfflineDisabled_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -3624,32 +2569,14 @@ ADMX Info:
 **ADMX_OfflineFiles/Pol_WorkOfflineDisabled_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3664,23 +2591,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.
+This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.
 
-If you enable this policy setting, the "Work offline" command is not displayed in File Explorer.
+If you enable this policy setting, the "Work offline" command isn't displayed in File Explorer.
 
-If you disable or do not configure this policy setting, the "Work offline" command is displayed in File Explorer.
+If you disable or don't configure this policy setting, the "Work offline" command is displayed in File Explorer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove "Work offline" command*
+-   GP Friendly name: *Remove "Work offline" command*
 -   GP name: *Pol_WorkOfflineDisabled_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
@@ -3689,8 +2611,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md
new file mode 100644
index 0000000000..940b2bc510
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-pca.md
@@ -0,0 +1,366 @@
+---
+title: Policy CSP - ADMX_pca
+description: Policy CSP - ADMX_pca
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/20/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_pca
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_pca policies  
+
+
                  
+  
                  
+    ADMX_pca/DetectDeprecatedCOMComponentFailuresPolicy
+  
                  
+  
                  
+    ADMX_pca/DetectDeprecatedComponentFailuresPolicy
+  
                  
+  
                  
+    ADMX_pca/DetectInstallFailuresPolicy
+  
                  
+  
                  
+    ADMX_pca/DetectUndetectedInstallersPolicy
+  
                  
+  
                  
+    ADMX_pca/DetectUpdateFailuresPolicy
+  
                  
+  
                  
+    ADMX_pca/DisablePcaUIPolicy
+  
                  
+  
                  
+    ADMX_pca/DetectBlockedDriversPolicy
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_pca/DetectDeprecatedCOMComponentFailuresPolicy**
+ 
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compatibility.  
+
+- If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website.  
+- If you disable this policy setting, the PCA does not detect compatibility issues for applications and drivers.  
+
+If you do not configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues.  
+
+> [!NOTE]
+> This policy setting has no effect if the "Turn off Program Compatibility Assistant" policy setting is enabled. 
+
+The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Detect compatibility issues for applications and drivers*
+-   GP name: *DetectDeprecatedCOMComponentFailuresPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
+-   GP ADMX file name: *pca.admx*
+
+
+
+
                  
+
+**ADMX_pca/DetectDeprecatedComponentFailuresPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This setting exists only for backward compatibility, and is not valid for this version of Windows. 
+
+To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative 
+Templates\Windows Components\Application Compatibility.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Detect application install failures*
+-   GP name: *DetectDeprecatedComponentFailuresPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
+-   GP ADMX file name: *pca.admx*
+
+
+
+
+
                  
+
+**ADMX_pca/DetectInstallFailuresPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Detect applications unable to launch installers under UAC*
+-   GP name: *DetectInstallFailuresPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
+-   GP ADMX file name: *pca.admx*
+
+
+
+
                  
+
+**ADMX_pca/DetectUndetectedInstallersPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Detect application failures caused by deprecated Windows DLLs*
+-   GP name: *DetectUndetectedInstallersPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
+-   GP ADMX file name: *pca.admx*
+
+
+
+
                  
+
+**ADMX_pca/DetectUpdateFailuresPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+This setting exists only for backward compatibility, and is not valid for this version of Windows. 
+To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Detect application failures caused by deprecated COM objects*
+-   GP name: *DetectUpdateFailuresPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
+-   GP ADMX file name: *pca.admx*
+
+
+
+
                  
+
+**ADMX_pca/DisablePcaUIPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+This setting exists only for backward compatibility, and is not valid for this version of Windows. 
+To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Detect application installers that need to be run as administrator*
+-   GP name: *DisablePcaUIPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
+-   GP ADMX file name: *pca.admx*
+
+
+
+
                  
+
+**ADMX_pca/DetectBlockedDriversPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+This setting exists only for backward compatibility, and is not valid for this version of Windows. 
+To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Notify blocked drivers*
+-   GP name: *DetectBlockedDriversPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
+-   GP ADMX file name: *pca.admx*
+
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
index 7704597e96..d6a2ec5b2f 100644
--- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
+++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/16/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_PeerToPeerCaching
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -57,32 +61,14 @@ manager: dansimp
 **ADMX_PeerToPeerCaching/EnableWindowsBranchCache**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -97,7 +83,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following the policy settings: 
+This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following policy settings: 
 
 - Set BranchCache Distributed Cache mode
 - Set BranchCache Hosted Cache mode
@@ -105,26 +91,21 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting sp
 
 Policy configuration
 
-Select one of the following:
+Select one of the following options:
 
-- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual client computers where you want to enable BranchCache.
-- Enabled. With this selection, BranchCache is turned on for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache is turned on for all domain member client computers to which the policy is applied.
-- Disabled. With this selection, BranchCache is turned off for all client computers where the policy is applied.
+- Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual client computers where you want to enable BranchCache.
+- Enabled: With this selection, BranchCache is turned on for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache is turned on for all domain member client computers to which the policy is applied.
+- Disabled: With this selection, BranchCache is turned off for all client computers where the policy is applied.
 
 > [!NOTE]
 > This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on BranchCache*
+-   GP Friendly name: *Turn on BranchCache*
 -   GP name: *EnableWindowsBranchCache*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
@@ -137,32 +118,14 @@ ADMX Info:
 **ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Distributed**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -177,32 +140,27 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers.
+This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers.
 
 In distributed cache mode, client computers download content from BranchCache-enabled main office content servers, cache the content locally, and serve the content to other BranchCache distributed cache mode clients in the branch office.
 
 Policy configuration
 
-Select one of the following:
+Select one of the following options:
 
-- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual client computers where you want to enable BranchCache.
-- Enabled. With this selection, BranchCache distributed cache mode is enabled for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache distributed cache mode is turned on for all domain member client computers to which the policy is applied.
-- Disabled. With this selection, BranchCache distributed cache mode is turned off for all client computers where the policy is applied.
+- Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual client computers where you want to enable BranchCache.
+- Enabled: With this selection, BranchCache distributed cache mode is enabled for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache distributed cache mode is turned on for all domain member client computers to which the policy is applied.
+- Disabled: With this selection, BranchCache distributed cache mode is turned off for all client computers where the policy is applied.
 
 > [!NOTE]
 > This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set BranchCache Distributed Cache mode*
+-   GP Friendly name: *Set BranchCache Distributed Cache mode*
 -   GP name: *EnableWindowsBranchCache_Distributed*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
@@ -215,32 +173,14 @@ ADMX Info:
 **ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Hosted**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -255,17 +195,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers.
+This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers.
 
-When a client computer is configured as a hosted cache mode client, it is able to download cached content from a hosted cache server that is located at the branch office. In addition, when the hosted cache client obtains content from a content server, the client can upload the content to the hosted cache server for access by other hosted cache clients at the branch office.
+When a client computer is configured as a hosted cache mode client, it's able to download cached content from a hosted cache server that is located at the branch office. In addition, when the hosted cache client obtains content from a content server, the client can upload the content to the hosted cache server for access by other hosted cache clients at the branch office.
 
 Policy configuration
 
-Select one of the following:
+Select one of the following options:
 
-- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual client computers where you want to enable BranchCache.
-- Enabled. With this selection, BranchCache hosted cache mode is enabled for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache hosted cache mode is turned on for all domain member client computers to which the policy is applied.
-- Disabled. With this selection, BranchCache hosted cache mode is turned off for all client computers where the policy is applied.
+- Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the enabled setting that you use on individual client computers where you want to enable BranchCache.
+- Enabled: With this selection, BranchCache hosted cache mode is enabled for all client computers where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache hosted cache mode is turned on for all domain member client computers to which the policy is applied.
+- Disabled: With this selection, BranchCache hosted cache mode is turned off for all client computers where the policy is applied.
 
 In circumstances where this setting is enabled, you can also select and configure the following option:
 
@@ -277,16 +217,11 @@ Hosted cache clients must trust the server certificate that is issued to the hos
 > This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set BranchCache Hosted Cache mode*
+-   GP Friendly name: *Set BranchCache Hosted Cache mode*
 -   GP name: *EnableWindowsBranchCache_Hosted*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
@@ -299,32 +234,14 @@ ADMX Info:
 **ADMX_PeerToPeerCaching/EnableWindowsBranchCache_HostedCacheDiscovery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -339,41 +256,36 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether client computers should attempt the automatic configuration of hosted cache mode by searching for hosted cache servers publishing service connection points that are associated with the client's current Active Directory site. If you enable this policy setting, client computers to which the policy setting is applied search for hosted cache servers using Active Directory, and will prefer both these servers and hosted cache mode rather than manual BranchCache configuration or BranchCache configuration by other group policies.
+This policy setting specifies whether client computers should attempt the automatic configuration of hosted cache mode by searching for hosted cache servers publishing service connection points that are associated with the client's current Active Directory site. If you enable this policy setting, client computers to which the policy setting is applied search for hosted cache servers using Active Directory, and will prefer both these servers and hosted cache mode rather than manual BranchCache configuration or BranchCache configuration by other group policies.
 
-If you enable this policy setting in addition to the "Turn on BranchCache" policy setting, BranchCache clients attempt to discover hosted cache servers in the local branch office. If client computers detect hosted cache servers, hosted cache mode is turned on. If they do not detect hosted cache servers, hosted cache mode is not turned on, and the client uses any other configuration that is specified manually or by Group Policy.
+If you enable this policy setting in addition to the "Turn on BranchCache" policy setting, BranchCache clients attempt to discover hosted cache servers in the local branch office. If client computers detect hosted cache servers, hosted cache mode is turned on. If they don't detect hosted cache servers, hosted cache mode isn't turned on, and the client uses any other configuration that is specified manually or by Group Policy.
 
-When this policy setting is applied, the client computer performs or does not perform automatic hosted cache server discovery under the following circumstances:
+When this policy setting is applied, the client computer performs or doesn't perform automatically hosted cache server discovery under the following circumstances:
 
-If no other BranchCache mode-based policy settings are applied, the client computer performs automatic hosted cache server discovery. If one or more hosted cache servers is found, the client computer self-configures for hosted cache mode.
+If no other BranchCache mode-based policy settings are applied, the client computer performs automatically hosted cache server discovery. If one or more hosted cache servers is found, the client computer self-configures for hosted cache mode.
 
-If the policy setting "Set BranchCache Distributed Cache Mode" is applied in addition to this policy, the client computer performs automatic hosted cache server discovery. If one or more hosted cache servers are found, the client computer self-configures for hosted cache mode only.
+If the policy setting "Set BranchCache Distributed Cache Mode" is applied in addition to this policy, the client computer performs automatically hosted cache server discovery. If one or more hosted cache servers are found, the client computer self-configures for hosted cache mode only.
 
-If the policy setting "Set BranchCache Hosted Cache Mode" is applied, the client computer does not perform automatic hosted cache discovery. This is also true in cases where the policy setting "Configure Hosted Cache Servers" is applied.
+If the policy setting "Set BranchCache Hosted Cache Mode" is applied, the client computer doesn't perform automatically hosted cache discovery. This restriction is also true in cases where the policy setting "Configure Hosted Cache Servers" is applied.
 
 This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista.  
 
-If you disable, or do not configure this setting, a client will not attempt to discover hosted cache servers by service connection point.
+If you disable, or don't configure this setting, a client won't attempt to discover hosted cache servers by service connection point.
 
 Policy configuration
 
-Select one of the following:
+Select one of the following options:
 
-- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy setting, and client computers do not perform hosted cache server discovery.
-- Enabled. With this selection, the policy setting is applied to client computers, which perform automatic hosted cache server discovery and which are configured as hosted cache mode clients.
-- Disabled. With this selection, this policy is not applied to client computers.
+- Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy setting, and client computers don't perform hosted cache server discovery.
+- Enabled: With this selection, the policy setting is applied to client computers, which perform automatically hosted cache server discovery and which are configured as hosted cache mode clients.
+- Disabled: With this selection, this policy isn't applied to client computers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable Automatic Hosted Cache Discovery by Service Connection Point*
+-   GP Friendly name: *Enable Automatic Hosted Cache Discovery by Service Connection Point*
 -   GP name: *EnableWindowsBranchCache_HostedCacheDiscovery*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
@@ -386,32 +298,14 @@ ADMX Info:
 **ADMX_PeerToPeerCaching/EnableWindowsBranchCache_HostedMultipleServers**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -426,37 +320,32 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether client computers are configured to use hosted cache mode and provides the computer name of the hosted cache servers that are available to the client computers. Hosted cache mode enables client computers in branch offices to retrieve content from one or more hosted cache servers that are installed in the same office location. You can use this setting to automatically configure client computers that are configured for hosted cache mode with the computer names of the hosted cache servers in the branch office.
+This policy setting specifies whether client computers are configured to use hosted cache mode and provides the computer name of the hosted cache servers that are available to the client computers. Hosted cache mode enables client computers in branch offices to retrieve content from one or more hosted cache servers that are installed in the same office location. You can use this setting to automatically configure client computers that are configured for hosted cache mode with the computer names of the hosted cache servers in the branch office.
 
 If you enable this policy setting and specify valid computer names of hosted cache servers, hosted cache mode is enabled for all client computers to which the policy setting is applied. For this policy setting to take effect, you must also enable the "Turn on BranchCache" policy setting.
 
-This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. Client computers to which this policy setting is applied, in addition to the "Set BranchCache Hosted Cache mode" policy setting, use the hosted cache servers that are specified in this policy setting and do not use the hosted cache server that is configured in the policy setting "Set BranchCache Hosted Cache Mode."
+This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. Client computers to which this policy setting is applied, in addition to the "Set BranchCache Hosted Cache mode" policy setting, use the hosted cache servers that are specified in this policy setting and don't use the hosted cache server that is configured in the policy setting "Set BranchCache Hosted Cache Mode."
 
-If you do not configure this policy setting, or if you disable this policy setting, client computers that are configured with hosted cache mode still function correctly.
+If you don't configure this policy setting, or if you disable this policy setting, client computers that are configured with hosted cache mode still function correctly.
 
 Policy configuration
 
-Select one of the following:
+Select one of the following options:
 
-- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy setting.
-- Enabled. With this selection, the policy setting is applied to client computers, which are configured as hosted cache mode clients that use the hosted cache servers that you specify in "Hosted cache servers."
-- Disabled. With this selection, this policy is not applied to client computers.
+- Not Configured: With this selection, BranchCache settings aren't applied to client computers by this policy setting.
+- Enabled: With this selection, the policy setting is applied to client computers, which are configured as hosted cache mode clients that use the hosted cache servers that you specify in "Hosted cache servers."
+- Disabled: With this selection, this policy isn't applied to client computers.
 
 In circumstances where this setting is enabled, you can also select and configure the following option:
 
 - Hosted cache servers. To add hosted cache server computer names to this policy setting, click Enabled, and then click Show. The Show Contents dialog box opens. Click Value, and then type the computer names of the hosted cache servers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Hosted Cache Servers*
+-   GP Friendly name: *Configure Hosted Cache Servers*
 -   GP name: *EnableWindowsBranchCache_HostedMultipleServers*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
@@ -469,32 +358,14 @@ ADMX Info:
 **ADMX_PeerToPeerCaching/EnableWindowsBranchCache_SMB**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -509,31 +380,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients do not cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers.
+This policy setting is used only when you've deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients don't cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers.
 
 Policy configuration
 
-Select one of the following:
+Select one of the following options:
 
-- Not Configured. With this selection, BranchCache latency settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to configure a BranchCache latency setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache latency settings on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the latency setting that you use on individual client computers.
-- Enabled. With this selection, the BranchCache maximum round trip latency setting is enabled for all client computers where the policy is applied. For example, if Configure BranchCache for network files is enabled in domain Group Policy, the BranchCache latency setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied.
-- Disabled. With this selection, BranchCache client computers use the default latency setting of 80 milliseconds.
+- Not Configured: With this selection, BranchCache latency settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to configure a BranchCache latency setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache latency settings on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the latency setting that you use on individual client computers.
+- Enabled: With this selection, the BranchCache maximum round trip latency setting is enabled for all client computers where the policy is applied. For example, if Configure BranchCache for network files is enabled in domain Group Policy, the BranchCache latency setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied.
+- Disabled: With this selection, BranchCache client computers use the default latency setting of 80 milliseconds.
 
 In circumstances where this policy setting is enabled, you can also select and configure the following option:
 
 - Type the maximum round trip network latency (milliseconds) after which caching begins. Specifies the amount of time, in milliseconds, after which BranchCache client computers begin to cache content locally.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure BranchCache for network files*
+-   GP Friendly name: *Configure BranchCache for network files*
 -   GP name: *EnableWindowsBranchCache_SMB*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
@@ -546,32 +412,14 @@ ADMX Info:
 **ADMX_PeerToPeerCaching/SetCachePercent**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -586,19 +434,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.
+This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.
 
 If you enable this policy setting, you can configure the percentage of total disk space to allocate for the cache.
 
-If you disable or do not configure this policy setting, the cache is set to 5 percent of the total disk space on the client computer.
+If you disable or don't configure this policy setting, the cache is set to 5 percent of the total disk space on the client computer.
 
 Policy configuration
 
-Select one of the following:
+Select one of the following options:
 
-- Not Configured. With this selection, BranchCache client computer cache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to configure a BranchCache client computer cache setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache settings on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the client computer cache setting that you use on individual client computers.
-- Enabled. With this selection, the BranchCache client computer cache setting is enabled for all client computers where the policy is applied. For example, if Set percentage of disk space used for client computer cache is enabled in domain Group Policy, the BranchCache client computer cache setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied.
-- Disabled. With this selection, BranchCache client computers use the default client computer cache setting of five percent of the total disk space on the client computer.
+- Not Configured: With this selection, BranchCache client computer cache settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to configure a BranchCache client computer cache setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache settings on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the client computer cache setting that you use on individual client computers.
+- Enabled: With this selection, the BranchCache client computer cache setting is enabled for all client computers where the policy is applied. For example, if Set percentage of disk space used for client computer cache is enabled in domain Group Policy, the BranchCache client computer cache setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied.
+- Disabled: With this selection, BranchCache client computers use the default client computer cache setting of five percent of the total disk space on the client computer.
 
 In circumstances where this setting is enabled, you can also select and configure the following option:
 
@@ -608,16 +456,11 @@ In circumstances where this setting is enabled, you can also select and configur
 > This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set percentage of disk space used for client computer cache*
+-   GP Friendly name: *Set percentage of disk space used for client computer cache*
 -   GP name: *SetCachePercent*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
@@ -630,32 +473,14 @@ ADMX Info:
 **ADMX_PeerToPeerCaching/SetDataCacheEntryMaxAge**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -670,35 +495,30 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the default age in days for which segments are valid in the BranchCache data cache on client computers.
+This policy setting specifies the default age in days for which segments are valid in the BranchCache data cache on client computers.
 
 If you enable this policy setting, you can configure the age for segments in the data cache.
 
-If you disable or do not configure this policy setting, the age is set to 28 days.
+If you disable or don't configure this policy setting, the age is set to 28 days.
 
 Policy configuration
 
-Select one of the following:
+Select one of the following options:
 
-- Not Configured. With this selection, BranchCache client computer cache age settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to configure a BranchCache client computer cache age setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache age settings on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the client computer cache age setting that you use on individual client computers.
-- Enabled. With this selection, the BranchCache client computer cache age setting is enabled for all client computers where the policy is applied. For example, if this policy setting is enabled in domain Group Policy, the BranchCache client computer cache age that you specify in the policy is turned on for all domain member client computers to which the policy is applied.
-- Disabled. With this selection, BranchCache client computers use the default client computer cache age setting of 28 days on the client computer.
+- Not Configured: With this selection, BranchCache client computer cache age settings aren't applied to client computers by this policy. In the circumstance where client computers are domain members but you don't want to configure a BranchCache client computer cache age setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache age settings on individual client computers. Because the domain Group Policy setting isn't configured, it won't over-write the client computer cache age setting that you use on individual client computers.
+- Enabled: With this selection, the BranchCache client computer cache age setting is enabled for all client computers where the policy is applied. For example, if this policy setting is enabled in domain Group Policy, the BranchCache client computer cache age that you specify in the policy is turned on for all domain member client computers to which the policy is applied.
+- Disabled: With this selection, BranchCache client computers use the default client computer cache age setting of 28 days on the client computer.
 
 In circumstances where this setting is enabled, you can also select and configure the following option:
 
 - Specify the age in days for which segments in the data cache are valid.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set age for segments in the data cache*
+-   GP Friendly name: *Set age for segments in the data cache*
 -   GP name: *SetDataCacheEntryMaxAge*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
@@ -711,32 +531,14 @@ ADMX Info:
 **ADMX_PeerToPeerCaching/SetDowngrading**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -751,19 +553,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache-capable client computers operate in a downgraded mode in order to maintain compatibility with previous versions of BranchCache. If client computers do not use the same BranchCache version, cache efficiency might be reduced because client computers that are using different versions of BranchCache might store cache data in incompatible formats.
+This policy setting specifies whether BranchCache-capable client computers operate in a downgraded mode in order to maintain compatibility with previous versions of BranchCache. If client computers don't use the same BranchCache version, cache efficiency might be reduced because client computers that are using different versions of BranchCache might store cache data in incompatible formats.
 
 If you enable this policy setting, all clients use the version of BranchCache that you specify in "Select from the following versions."
 
-If you do not configure this setting, all clients will use the version of BranchCache that matches their operating system.
+If you don't configure this setting, all clients will use the version of BranchCache that matches their operating system.
 
 Policy configuration
 
-Select one of the following:
+Select one of the following options:
 
-- Not Configured. With this selection, this policy setting is not applied to client computers, and the clients run the version of BranchCache that is included with their operating system.
-- Enabled. With this selection, this policy setting is applied to client computers based on the value of the option setting "Select from the following versions" that you specify.
-- Disabled. With this selection, this policy setting is not applied to client computers, and the clients run the version of BranchCache that is included with their operating system.
+- Not Configured: With this selection, this policy setting isn't applied to client computers, and the clients run the version of BranchCache that is included with their operating system.
+- Enabled: With this selection, this policy setting is applied to client computers based on the value of the option setting "Select from the following versions" that you specify.
+- Disabled: With this selection, this policy setting isn't applied to client computers, and the clients run the version of BranchCache that is included with their operating system.
 
 In circumstances where this setting is enabled, you can also select and configure the following option:
 
@@ -773,16 +575,11 @@ Select from the following versions
 - Windows 8. If you select this version, Windows 8 will run the version of BranchCache that is included in the operating system.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Client BranchCache Version Support*
+-   GP Friendly name: *Configure Client BranchCache Version Support*
 -   GP name: *SetDowngrading*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
@@ -791,7 +588,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md
new file mode 100644
index 0000000000..e3c4ae75b9
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md
@@ -0,0 +1,133 @@
+---
+title: Policy CSP - ADMX_PenTraining
+description: Policy CSP - ADMX_PenTraining
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 12/22/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_PenTraining
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_PenTraining policies  
+
+
                  
+  
                  
+    ADMX_PenTraining/PenTrainingOff_1
+  
                  
+  
                  
+    ADMX_PenTraining/PenTrainingOff_2
+  
                  
+
                  
+
+
                  
+
+
+**ADMX_PenTraining/PenTrainingOff_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+Turns off Tablet PC Pen Training.  
+
+- If you enable this policy setting, users cannot open Tablet PC Pen Training.  
+
+- If you disable or do not configure this policy setting, users can open Tablet PC Pen Training.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off Tablet PC Pen Training*
+-   GP name: *PenTrainingOff_1*
+-   GP path: *Windows Components\Tablet PC\Tablet PC Pen Training*
+-   GP ADMX file name: *PenTraining.admx*
+
+
+
+
                  
+
+
+**ADMX_PenTraining/PenTrainingOff_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+Turns off Tablet PC Pen Training.  
+
+- If you enable this policy setting, users cannot open Tablet PC Pen Training.  
+
+- If you disable or do not configure this policy setting, users can open Tablet PC Pen Training.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off Tablet PC Pen Training*
+-   GP name: *PenTrainingOff_2*
+-   GP path: *Windows Components\Tablet PC\Tablet PC Pen Training*
+-   GP ADMX file name: *PenTraining.admx*
+
+
+
+
                  
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
index a19a43f761..639a44a171 100644
--- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
+++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/16/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_PerformanceDiagnostics
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -43,32 +47,14 @@ manager: dansimp
 **ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -83,31 +69,26 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the execution level for Windows Boot Performance Diagnostics.
+This policy setting determines the execution level for Windows Boot Performance Diagnostics.
 
 If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Boot Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Boot Performance problems and indicate to the user that assisted resolution is available.
 
-If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Boot Performance problems that are handled by the DPS.
+If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Boot Performance problems that are handled by the DPS.
 
-If you do not configure this policy setting, the DPS will enable Windows Boot Performance for resolution by default.
+If you don't configure this policy setting, the DPS will enable Windows Boot Performance for resolution by default.
 
-This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
+This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
 
 No system restart or service restart is required for this policy to take effect: changes take effect immediately.
 
-This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed.  The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed.  The DPS can be configured with the Services snap-in to the Microsoft Management Console.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Scenario Execution Level*
+-   GP Friendly name: *Configure Scenario Execution Level*
 -   GP name: *WdiScenarioExecutionPolicy_1*
 -   GP path: *System\Troubleshooting and Diagnostics\Windows Boot Performance Diagnostics*
 -   GP ADMX file name: *PerformanceDiagnostics.admx*
@@ -120,32 +101,14 @@ ADMX Info:
 **ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -160,31 +123,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Determines the execution level for Windows Standby/Resume Performance Diagnostics.
+Determines the execution level for Windows Standby/Resume Performance Diagnostics.
 
 If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.
 
-If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS.
+If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS.
 
-If you do not configure this policy setting, the DPS will enable Windows Standby/Resume Performance for resolution by default.
+If you don't configure this policy setting, the DPS will enable Windows Standby/Resume Performance for resolution by default.
 
-This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
+This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
 
 No system restart or service restart is required for this policy to take effect: changes take effect immediately.
 
-This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed.  The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed.  The DPS can be configured with the Services snap-in to the Microsoft Management Console.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Scenario Execution Level*
+-   GP Friendly name: *Configure Scenario Execution Level*
 -   GP name: *WdiScenarioExecutionPolicy_2*
 -   GP path: *System\Troubleshooting and Diagnostics\Windows System Responsiveness Performance Diagnostics*
 -   GP ADMX file name: *PerformanceDiagnostics.admx*
@@ -197,32 +155,14 @@ ADMX Info:
 **ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -237,31 +177,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the execution level for Windows Shutdown Performance Diagnostics.
+This policy setting determines the execution level for Windows Shutdown Performance Diagnostics.
 
 If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Shutdown Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Shutdown Performance problems and indicate to the user that assisted resolution is available.
 
-If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Shutdown Performance problems that are handled by the DPS.
+If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Shutdown Performance problems that are handled by the DPS.
 
-If you do not configure this policy setting, the DPS will enable Windows Shutdown Performance for resolution by default.
+If you don't configure this policy setting, the DPS will enable Windows Shutdown Performance for resolution by default.
 
-This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
+This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
 
 No system restart or service restart is required for this policy to take effect: changes take effect immediately.
 
-This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed.  The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed.  The DPS can be configured with the Services snap-in to the Microsoft Management Console.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Scenario Execution Level*
+-   GP Friendly name: *Configure Scenario Execution Level*
 -   GP name: *WdiScenarioExecutionPolicy_3*
 -   GP path: *System\Troubleshooting and Diagnostics\Windows Shutdown Performance Diagnostics*
 -   GP ADMX file name: *PerformanceDiagnostics.admx*
@@ -274,32 +209,14 @@ ADMX Info:
 **ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_4**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -314,31 +231,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Determines the execution level for Windows Standby/Resume Performance Diagnostics.
+Determines the execution level for Windows Standby/Resume Performance Diagnostics.
 
 If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.
 
-If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS.
+If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS.
 
-If you do not configure this policy setting, the DPS will enable Windows Standby/Resume Performance for resolution by default.
+If you don't configure this policy setting, the DPS will enable Windows Standby/Resume Performance for resolution by default.
 
-This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
+This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
 
 No system restart or service restart is required for this policy to take effect: changes take effect immediately.
 
-This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed.  The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed.  The DPS can be configured with the Services snap-in to the Microsoft Management Console.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Scenario Execution Level*
+-   GP Friendly name: *Configure Scenario Execution Level*
 -   GP name: *WdiScenarioExecutionPolicy_4*
 -   GP path: *System\Troubleshooting and Diagnostics\Windows Standby/Resume Performance Diagnostics*
 -   GP ADMX file name: *PerformanceDiagnostics.admx*
@@ -347,8 +259,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md
index e7609b69d8..31a6511577 100644
--- a/windows/client-management/mdm/policy-csp-admx-power.md
+++ b/windows/client-management/mdm/policy-csp-admx-power.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/22/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Power
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -106,32 +110,14 @@ manager: dansimp
 **ADMX_Power/ACConnectivityInStandby_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -146,7 +132,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems.
+This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems.
 
 If you enable this policy setting, network connectivity will be maintained in standby.
 
@@ -155,16 +141,11 @@ If you disable this policy setting, network connectivity in standby is not guara
 If you do not configure this policy setting, users control this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow network connectivity during connected-standby (plugged in)*
+-   GP Friendly name: *Allow network connectivity during connected-standby (plugged in)*
 -   GP name: *ACConnectivityInStandby_2*
 -   GP path: *System\Power Management\Sleep Settings*
 -   GP ADMX file name: *Power.admx*
@@ -177,32 +158,14 @@ ADMX Info:
 **ADMX_Power/ACCriticalSleepTransitionsDisable_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -217,23 +180,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.
+This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.
 
 If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).
 
 If you disable or do not configure this policy setting, users control this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on the ability for applications to prevent sleep transitions (plugged in)*
+-   GP Friendly name: *Turn on the ability for applications to prevent sleep transitions (plugged in)*
 -   GP name: *ACCriticalSleepTransitionsDisable_2*
 -   GP path: *System\Power Management\Sleep Settings*
 -   GP ADMX file name: *Power.admx*
@@ -246,32 +204,14 @@ ADMX Info:
 **ADMX_Power/ACStartMenuButtonAction_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -286,7 +226,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.
+This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.
 
 If you enable this policy setting, select one of the following actions:
 
@@ -297,16 +237,11 @@ If you enable this policy setting, select one of the following actions:
 If you disable this policy or do not configure this policy setting, users control this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Select the Start menu Power button action (plugged in)*
+-   GP Friendly name: *Select the Start menu Power button action (plugged in)*
 -   GP name: *ACStartMenuButtonAction_2*
 -   GP path: *System\Power Management\Button Settings*
 -   GP ADMX file name: *Power.admx*
@@ -319,32 +254,14 @@ ADMX Info:
 **ADMX_Power/AllowSystemPowerRequestAC**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -359,23 +276,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows applications and services to prevent automatic sleep.
+This policy setting allows applications and services to prevent automatic sleep.
 
 If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity.
 
 If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow applications to prevent automatic sleep (plugged in)*
+-   GP Friendly name: *Allow applications to prevent automatic sleep (plugged in)*
 -   GP name: *AllowSystemPowerRequestAC*
 -   GP path: *System\Power Management\Sleep Settings*
 -   GP ADMX file name: *Power.admx*
@@ -388,32 +300,14 @@ ADMX Info:
 **ADMX_Power/AllowSystemPowerRequestDC**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -428,23 +322,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows applications and services to prevent automatic sleep.
+This policy setting allows applications and services to prevent automatic sleep.
 
 If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity.
 
 If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow applications to prevent automatic sleep (on battery)*
+-   GP Friendly name: *Allow applications to prevent automatic sleep (on battery)*
 -   GP name: *AllowSystemPowerRequestDC*
 -   GP path: *System\Power Management\Sleep Settings*
 -   GP ADMX file name: *Power.admx*
@@ -457,32 +346,14 @@ ADMX Info:
 **ADMX_Power/AllowSystemSleepWithRemoteFilesOpenAC**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -497,23 +368,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage automatic sleep with open network files.
+This policy setting allows you to manage automatic sleep with open network files.
 
 If you enable this policy setting, the computer automatically sleeps when network files are open.
 
 If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow automatic sleep with Open Network Files (plugged in)*
+-   GP Friendly name: *Allow automatic sleep with Open Network Files (plugged in)*
 -   GP name: *AllowSystemSleepWithRemoteFilesOpenAC*
 -   GP path: *System\Power Management\Sleep Settings*
 -   GP ADMX file name: *Power.admx*
@@ -526,32 +392,14 @@ ADMX Info:
 **ADMX_Power/AllowSystemSleepWithRemoteFilesOpenDC**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -566,23 +414,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage automatic sleep with open network files.
+This policy setting allows you to manage automatic sleep with open network files.
 
 If you enable this policy setting, the computer automatically sleeps when network files are open.
 
 If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow automatic sleep with Open Network Files (on battery)*
+-   GP Friendly name: *Allow automatic sleep with Open Network Files (on battery)*
 -   GP name: *AllowSystemSleepWithRemoteFilesOpenDC*
 -   GP path: *System\Power Management\Sleep Settings*
 -   GP ADMX file name: *Power.admx*
@@ -595,32 +438,14 @@ ADMX Info:
 **ADMX_Power/CustomActiveSchemeOverride_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -635,23 +460,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the active power plan from a specified power plan’s GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg, the power configuration command line tool.
+This policy setting specifies the active power plan from a specified power plan’s GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg, the power configuration command line tool.
 
 If you enable this policy setting, you must specify a power plan, specified as a GUID using the following format: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX (For example, 103eea6e-9fcd-4544-a713-c282d8e50083), indicating the power plan to be active.
 
 If you disable or do not configure this policy setting, users can see and change this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify a custom active power plan*
+-   GP Friendly name: *Specify a custom active power plan*
 -   GP name: *CustomActiveSchemeOverride_2*
 -   GP path: *System\Power Management*
 -   GP ADMX file name: *Power.admx*
@@ -664,32 +484,14 @@ ADMX Info:
 **ADMX_Power/DCBatteryDischargeAction0_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -704,7 +506,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.  
+This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.  
 
 If you enable this policy setting, select one of the following actions:
 
@@ -716,16 +518,11 @@ If you enable this policy setting, select one of the following actions:
 If you disable or do not configure this policy setting, users control this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Critical battery notification action*
+-   GP Friendly name: *Critical battery notification action*
 -   GP name: *DCBatteryDischargeAction0_2*
 -   GP path: *System\Power Management\Notification Settings*
 -   GP ADMX file name: *Power.admx*
@@ -738,32 +535,14 @@ ADMX Info:
 **ADMX_Power/DCBatteryDischargeAction1_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -778,7 +557,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level.
+This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level.
 
 If you enable this policy setting, select one of the following actions:
 
@@ -790,16 +569,11 @@ If you enable this policy setting, select one of the following actions:
 If you disable or do not configure this policy setting, users control this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Low battery notification action*
+-   GP Friendly name: *Low battery notification action*
 -   GP name: *DCBatteryDischargeAction1_2*
 -   GP path: *System\Power Management\Notification Settings*
 -   GP ADMX file name: *Power.admx*
@@ -812,32 +586,14 @@ ADMX Info:
 **ADMX_Power/DCBatteryDischargeLevel0_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -852,7 +608,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action.
+This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action.
 
 If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the critical notification.
 
@@ -861,16 +617,11 @@ To set the action that is triggered, see the "Critical Battery Notification Acti
 If you disable this policy setting or do not configure it, users control this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Critical battery notification level*
+-   GP Friendly name: *Critical battery notification level*
 -   GP name: *DCBatteryDischargeLevel0_2*
 -   GP path: *System\Power Management\Notification Settings*
 -   GP ADMX file name: *Power.admx*
@@ -883,32 +634,14 @@ ADMX Info:
 **ADMX_Power/DCBatteryDischargeLevel1UINotification_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -923,7 +656,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.
+This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.
 
 If you enable this policy setting, Windows shows a notification when the battery capacity remaining equals the low battery notification level.
 
@@ -934,16 +667,11 @@ The notification will only be shown if the "Low Battery Notification Action" pol
 If you disable or do not configure this policy setting, users can control this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off low battery user notification*
+-   GP Friendly name: *Turn off low battery user notification*
 -   GP name: *DCBatteryDischargeLevel1UINotification_2*
 -   GP path: *System\Power Management\Notification Settings*
 -   GP ADMX file name: *Power.admx*
@@ -956,32 +684,14 @@ ADMX Info:
 **ADMX_Power/DCBatteryDischargeLevel1_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -996,7 +706,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action.
+This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action.
 
 If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the low notification.
 
@@ -1005,16 +715,11 @@ To set the action that is triggered, see the "Low Battery Notification Action" p
 If you disable this policy setting or do not configure it, users control this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Low battery notification level*
+-   GP Friendly name: *Low battery notification level*
 -   GP name: *DCBatteryDischargeLevel1_2*
 -   GP path: *System\Power Management\Notification Settings*
 -   GP ADMX file name: *Power.admx*
@@ -1027,32 +732,14 @@ ADMX Info:
 **ADMX_Power/DCConnectivityInStandby_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1067,7 +754,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems.
+This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems.
 
 If you enable this policy setting, network connectivity will be maintained in standby.
 
@@ -1076,16 +763,11 @@ If you disable this policy setting, network connectivity in standby is not guara
 If you do not configure this policy setting, users control this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow network connectivity during connected-standby (on battery)*
+-   GP Friendly name: *Allow network connectivity during connected-standby (on battery)*
 -   GP name: *DCConnectivityInStandby_2*
 -   GP path: *System\Power Management\Sleep Settings*
 -   GP ADMX file name: *Power.admx*
@@ -1098,32 +780,14 @@ ADMX Info:
 **ADMX_Power/DCCriticalSleepTransitionsDisable_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1138,23 +802,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.
+This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.
 
 If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).
 
 If you disable or do not configure this policy setting, users control this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on the ability for applications to prevent sleep transitions (on battery)*
+-   GP Friendly name: *Turn on the ability for applications to prevent sleep transitions (on battery)*
 -   GP name: *DCCriticalSleepTransitionsDisable_2*
 -   GP path: *System\Power Management\Sleep Settings*
 -   GP ADMX file name: *Power.admx*
@@ -1167,32 +826,14 @@ ADMX Info:
 **ADMX_Power/DCStartMenuButtonAction_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1207,7 +848,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.
+This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.
 
 If you enable this policy setting, select one of the following actions:
 
@@ -1218,16 +859,11 @@ If you enable this policy setting, select one of the following actions:
 If you disable this policy or do not configure this policy setting, users control this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Select the Start menu Power button action (on battery)*
+-   GP Friendly name: *Select the Start menu Power button action (on battery)*
 -   GP name: *DCStartMenuButtonAction_2*
 -   GP path: *System\Power Management\Button Settings*
 -   GP ADMX file name: *Power.admx*
@@ -1240,32 +876,14 @@ ADMX Info:
 **ADMX_Power/DiskACPowerDownTimeOut_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1280,23 +898,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the period of inactivity before Windows turns off the hard disk.
+This policy setting specifies the period of inactivity before Windows turns off the hard disk.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk.
 
 If you disable or do not configure this policy setting, users can see and change this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn Off the hard disk (plugged in)*
+-   GP Friendly name: *Turn Off the hard disk (plugged in)*
 -   GP name: *DiskACPowerDownTimeOut_2*
 -   GP path: *System\Power Management\Hard Disk Settings*
 -   GP ADMX file name: *Power.admx*
@@ -1309,32 +922,14 @@ ADMX Info:
 **ADMX_Power/DiskDCPowerDownTimeOut_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1349,23 +944,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the period of inactivity before Windows turns off the hard disk.
+This policy setting specifies the period of inactivity before Windows turns off the hard disk.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk.
 
 If you disable or do not configure this policy setting, users can see and change this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn Off the hard disk (on battery)*
+-   GP Friendly name: *Turn Off the hard disk (on battery)*
 -   GP name: *DiskDCPowerDownTimeOut_2*
 -   GP path: *System\Power Management\Hard Disk Settings*
 -   GP ADMX file name: *Power.admx*
@@ -1378,32 +968,14 @@ ADMX Info:
 **ADMX_Power/Dont_PowerOff_AfterShutdown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1418,7 +990,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes.
+This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes.
 
 This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces.
 
@@ -1431,16 +1003,11 @@ If you enable this policy setting, the computer system safely shuts down and rem
 If you disable or do not configure this policy setting, the computer system safely shuts down to a fully powered-off state.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not turn off system power after a Windows system shutdown has occurred.*
+-   GP Friendly name: *Do not turn off system power after a Windows system shutdown has occurred.*
 -   GP name: *Dont_PowerOff_AfterShutdown*
 -   GP path: *System*
 -   GP ADMX file name: *Power.admx*
@@ -1453,32 +1020,14 @@ ADMX Info:
 **ADMX_Power/EnableDesktopSlideShowAC**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1493,7 +1042,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify if Windows should enable the desktop background slideshow.
+This policy setting allows you to specify if Windows should enable the desktop background slideshow.
 
 If you enable this policy setting, desktop background slideshow is enabled.
 
@@ -1502,16 +1051,11 @@ If you disable this policy setting, the desktop background slideshow is disabled
 If you disable or do not configure this policy setting, users control this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on desktop background slideshow (plugged in)*
+-   GP Friendly name: *Turn on desktop background slideshow (plugged in)*
 -   GP name: *EnableDesktopSlideShowAC*
 -   GP path: *System\Power Management\Video and Display Settings*
 -   GP ADMX file name: *Power.admx*
@@ -1524,32 +1068,14 @@ ADMX Info:
 **ADMX_Power/EnableDesktopSlideShowDC**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1564,7 +1090,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify if Windows should enable the desktop background slideshow.
+This policy setting allows you to specify if Windows should enable the desktop background slideshow.
 
 If you enable this policy setting, desktop background slideshow is enabled.
 
@@ -1573,16 +1099,11 @@ If you disable this policy setting, the desktop background slideshow is disabled
 If you disable or do not configure this policy setting, users control this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on desktop background slideshow (on battery)*
+-   GP Friendly name: *Turn on desktop background slideshow (on battery)*
 -   GP name: *EnableDesktopSlideShowDC*
 -   GP path: *System\Power Management\Video and Display Settings*
 -   GP ADMX file name: *Power.admx*
@@ -1595,32 +1116,14 @@ ADMX Info:
 **ADMX_Power/InboxActiveSchemeOverride_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1635,23 +1138,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the active power plan from a list of default Windows power plans. To specify a custom power plan, use the Custom Active Power Plan setting.
+This policy setting specifies the active power plan from a list of default Windows power plans. To specify a custom power plan, use the Custom Active Power Plan setting.
 
 If you enable this policy setting, specify a power plan from the Active Power Plan list.
 
 If you disable or do not configure this policy setting, users control this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Select an active power plan*
+-   GP Friendly name: *Select an active power plan*
 -   GP name: *InboxActiveSchemeOverride_2*
 -   GP path: *System\Power Management*
 -   GP ADMX file name: *Power.admx*
@@ -1664,32 +1162,14 @@ ADMX Info:
 **ADMX_Power/PW_PromptPasswordOnResume**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1704,23 +1184,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure client computers to lock and prompt for a password when resuming from a hibernate or suspend state.
+This policy setting allows you to configure client computers to lock and prompt for a password when resuming from a hibernate or suspend state.
 
 If you enable this policy setting, the client computer is locked and prompted for a password when it is resumed from a suspend or hibernate state.
 
 If you disable or do not configure this policy setting, users control if their computer is automatically locked or not after performing a resume operation.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prompt for password on resume from hibernate/suspend*
+-   GP Friendly name: *Prompt for password on resume from hibernate/suspend*
 -   GP name: *PW_PromptPasswordOnResume*
 -   GP path: *System\Power Management*
 -   GP ADMX file name: *Power.admx*
@@ -1733,32 +1208,14 @@ ADMX Info:
 **ADMX_Power/PowerThrottlingTurnOff**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1773,23 +1230,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off Power Throttling.
+This policy setting allows you to turn off Power Throttling.
 
 If you enable this policy setting, Power Throttling will be turned off.
 
 If you disable or do not configure this policy setting, users control this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Power Throttling*
+-   GP Friendly name: *Turn off Power Throttling*
 -   GP name: *PowerThrottlingTurnOff*
 -   GP path: *System\Power Management\Power Throttling Settings*
 -   GP ADMX file name: *Power.admx*
@@ -1802,32 +1254,14 @@ ADMX Info:
 **ADMX_Power/ReserveBatteryNotificationLevel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1842,23 +1276,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the percentage of battery capacity remaining that triggers the reserve power mode.
+This policy setting specifies the percentage of battery capacity remaining that triggers the reserve power mode.
 
 If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the reserve power notification.
 
 If you disable or do not configure this policy setting, users can see and change this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Reserve battery notification level*
+-   GP Friendly name: *Reserve battery notification level*
 -   GP name: *ReserveBatteryNotificationLevel*
 -   GP path: *System\Power Management\Notification Settings*
 -   GP ADMX file name: *Power.admx*
@@ -1867,7 +1296,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
index cf73077bc0..0f0b567c4d 100644
--- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/26/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_PowerShellExecutionPolicy
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -43,32 +47,14 @@ manager: dansimp
 **ADMX_PowerShellExecutionPolicy/EnableModuleLogging**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -84,11 +70,11 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on logging for Windows PowerShell modules.
+This policy setting allows you to turn on logging for Windows PowerShell modules.
 
 If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True.
 
-If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False.  If this policy setting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False.
+If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False.  If this policy setting isn't configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False.
 
 To add modules and snap-ins to the policy setting list, click Show, and then type the module names in the list. The modules and snap-ins in the list must be installed on the computer.
 
@@ -96,16 +82,11 @@ To add modules and snap-ins to the policy setting list, click Show, and then typ
 > This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on Module Logging*
+-   GP Friendly name: *Turn on Module Logging*
 -   GP name: *EnableModuleLogging*
 -   GP path: *Windows Components\Windows PowerShell*
 -   GP ADMX file name: *PowerShellExecutionPolicy.admx*
@@ -118,32 +99,14 @@ ADMX Info:
 **ADMX_PowerShellExecutionPolicy/EnableScripts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -159,28 +122,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run.
+This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run.
 
-If you enable this policy setting, the scripts selected in the drop-down list are allowed to run.  The "Allow only signed scripts" policy setting allows scripts to execute only if they are signed by a trusted publisher.
+If you enable this policy setting, the scripts selected in the drop-down list are allowed to run.  The "Allow only signed scripts" policy setting allows scripts to execute only if they're signed by a trusted publisher.
 
 The "Allow local scripts and remote signed scripts" policy setting allows any local scripts to run; scripts that originate from the Internet must be signed by a trusted publisher.  The "Allow all scripts" policy setting allows all scripts to run.
 
 If you disable this policy setting, no scripts are allowed to run.
 
 > [!NOTE]
-> This policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Configuration" has precedence over "User Configuration."  If you disable or do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed."
+> This policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Configuration" has precedence over "User Configuration."  If you disable or do not configure this policy setting, it reverts to a per-machine preference setting; the default if that isn't configured is "No scripts allowed."
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on Script Execution*
+-   GP Friendly name: *Turn on Script Execution*
 -   GP name: *EnableScripts*
 -   GP path: *Windows Components\Windows PowerShell*
 -   GP ADMX file name: *PowerShellExecutionPolicy.admx*
@@ -193,32 +151,14 @@ ADMX Info:
 **ADMX_PowerShellExecutionPolicy/EnableTranscripting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -234,11 +174,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts.
+This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts.
 
-If you enable this policy setting, Windows PowerShell will enable transcripting for Windows PowerShell, the Windows PowerShell ISE, and any other  applications that leverage the Windows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this policy is equivalent  to calling the Start-Transcript cmdlet on each Windows PowerShell session.
+If you enable this policy setting, Windows PowerShell will enable transcription for Windows PowerShell, the Windows PowerShell ISE, and any other  applications that use the Windows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this policy is equivalent  to calling the Start-Transcript cmdlet on each Windows PowerShell session.
 
-If you disable this policy setting, transcripting of PowerShell-based applications is disabled by default, although transcripting can still be enabled  through the Start-Transcript cmdlet.
+If you disable this policy setting, transcription of PowerShell-based applications is disabled by default, although transcription can still be enabled  through the Start-Transcript cmdlet.
 
 If you use the OutputDirectory setting to enable transcript logging to a shared location, be sure to limit access to that directory to prevent users  from viewing the transcripts of other users or computers.
 
@@ -246,16 +186,11 @@ If you use the OutputDirectory setting to enable transcript logging to a shared
 > This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on PowerShell Transcription*
+-   GP Friendly name: *Turn on PowerShell Transcription*
 -   GP name: *EnableTranscripting*
 -   GP path: *Windows Components\Windows PowerShell*
 -   GP ADMX file name: *PowerShellExecutionPolicy.admx*
@@ -268,32 +203,14 @@ ADMX Info:
 **ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -309,26 +226,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet.
+This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet.
 
 If you enable this policy setting, the Update-Help cmdlet will use the specified value as the default value for the SourcePath parameter. This default value can be overridden by specifying a different value with the SourcePath parameter on the Update-Help cmdlet.
 
-If this policy setting is disabled or not configured, this policy setting does not set a default value for the SourcePath parameter of the Update-Help cmdlet.
+If this policy setting is disabled or not configured, this policy setting doesn't set a default value for the SourcePath parameter of the Update-Help cmdlet.
 
 > [!NOTE]
 > This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set the default source path for Update-Help*
+-   GP Friendly name: *Set the default source path for Update-Help*
 -   GP name: *EnableUpdateHelpDefaultSourcePath*
 -   GP path: *Windows Components\Windows PowerShell*
 -   GP ADMX file name: *PowerShellExecutionPolicy.admx*
@@ -337,7 +249,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md
new file mode 100644
index 0000000000..690fb95593
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md
@@ -0,0 +1,454 @@
+---
+title: Policy CSP - ADMX_PreviousVersions
+description: Policy CSP - ADMX_PreviousVersions
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 12/01/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_PreviousVersions
+
+
                  
+
+
+## ADMX_PreviousVersions policies  
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+  
                  
+    ADMX_PreviousVersions/DisableLocalPage_1
+  
                  
+  
                  
+    ADMX_PreviousVersions/DisableLocalPage_2
+  
                  
+  
                  
+    ADMX_PreviousVersions/DisableRemotePage_1
+  
                  
+  
                  
+    ADMX_PreviousVersions/DisableRemotePage_2
+  
                  
+  
                  
+    ADMX_PreviousVersions/HideBackupEntries_1
+  
                  
+  
                  
+    ADMX_PreviousVersions/HideBackupEntries_2
+  
                  
+  
                  
+    ADMX_PreviousVersions/DisableLocalRestore_1
+  
                  
+  
                  
+    ADMX_PreviousVersions/DisableLocalRestore_2
+  
                   
+
                  
+
+
+
                  
+
+
+**ADMX_PreviousVersions/DisableLocalPage_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.  
+
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.  
+
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. 
+
+- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.  
+
+- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Prevent restoring local previous versions*
+-   GP name: *DisableLocalPage_1*
+-   GP path: *Windows Components\File Explorer\Previous Versions*
+-   GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
                  
+
+
+**ADMX_PreviousVersions/DisableLocalPage_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.  
+
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.  
+
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. 
+
+- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.  
+
+- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Prevent restoring local previous versions*
+-   GP name: *DisableLocalPage_2*
+-   GP path: *Windows Components\File Explorer\Previous Versions*
+-   GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
                  
+
+
+**ADMX_PreviousVersions/DisableRemotePage_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.  
+
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.  
+
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. 
+
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.  
+
+- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Prevent restoring remote previous versions*
+-   GP name: *DisableRemotePage_1*
+-   GP path: *Windows Components\File Explorer\Previous Versions*
+-   GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
                  
+
+
+**ADMX_PreviousVersions/DisableRemotePage_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.  
+
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.  
+
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. 
+
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.  
+
+- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Prevent restoring remote previous versions*
+-   GP name: *DisableRemotePage_1*
+-   GP path: *Windows Components\File Explorer\Previous Versions*
+-   GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
+
                  
+
+
+**ADMX_PreviousVersions/HideBackupEntries_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.  
+
+- If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.  
+
+- If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points. 
+
+If you do not configure this policy setting, it is disabled by default.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Hide previous versions of files on backup location*
+-   GP name: *HideBackupEntries_1*
+-   GP path: *Windows Components\File Explorer\Previous Versions*
+-   GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
                  
+
+
+**ADMX_PreviousVersions/HideBackupEntries_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.  
+
+- If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.  
+
+- If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points. 
+
+If you do not configure this policy setting, it is disabled by default.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Hide previous versions of files on backup location*
+-   GP name: *HideBackupEntries_2*
+-   GP path: *Windows Components\File Explorer\Previous Versions*
+-   GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
                  
+
+
+**ADMX_PreviousVersions/DisableLocalRestore_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.  
+
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.  
+
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. 
+
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.  
+
+- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Prevent restoring remote previous versions*
+-   GP name: *DisableLocalRestore_1*
+-   GP path: *Windows Components\File Explorer\Previous Versions*
+-   GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
+
                  
+
+**ADMX_PreviousVersions/DisableLocalRestore_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.  
+
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.  
+
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. 
+
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.  
+
+- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Prevent restoring remote previous versions*
+-   GP name: *DisableLocalRestore_2*
+-   GP path: *Windows Components\File Explorer\Previous Versions*
+-   GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md
index 0781ec7432..0ea4840878 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/15/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Printing
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -110,32 +114,14 @@ manager: dansimp
 **ADMX_Printing/AllowWebPrinting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -150,30 +136,25 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Internet printing lets you display printers on Web pages so that printers can be viewed, managed, and used across the Internet or an intranet.
+Internet printing lets you display printers on Web pages so that printers can be viewed, managed, and used across the Internet or an intranet.
 
 If you enable this policy setting, Internet printing is activated on this server.
 
-If you disable this policy setting or do not configure it, Internet printing is not activated.
+If you disable this policy setting or don't configure it, Internet printing isn't activated.
 
 Internet printing is an extension of Internet Information Services (IIS). To use Internet printing, IIS must be installed, and printing support and this setting must be enabled.
 
 > [!NOTE]
-> This setting affects the server side of Internet printing only. It does not prevent the print client on the computer from printing across the Internet.
+> This setting affects the server side of Internet printing only. It doesn't prevent the print client on the computer from printing across the Internet.
 
 Also, see the "Custom support URL in the Printers folder's left pane" setting in this folder and the "Browse a common Web site to find printers" setting in User Configuration\Administrative Templates\Control Panel\Printers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Activate Internet printing*
+-   GP Friendly name: *Activate Internet printing*
 -   GP name: *AllowWebPrinting*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -186,32 +167,14 @@ ADMX Info:
 **ADMX_Printing/ApplicationDriverIsolation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -226,30 +189,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Determines if print driver components are isolated from applications instead of normally loading them into applications. Isolating print drivers greatly reduces the risk of a print driver failure causing an application crash.
+Determines if print driver components are isolated from applications instead of normally loading them into applications. Isolating print drivers greatly reduces the risk of a print driver failure causing an application crash.
 
-Not all applications support driver isolation. By default, Microsoft Excel 2007, Excel 2010, Word 2007, Word 2010 and certain other applications are configured to support it. Other applications may also be capable of isolating print drivers, depending on whether they are configured for it.
+Not all applications support driver isolation. By default, Microsoft Excel 2007, Excel 2010, Word 2007, Word 2010 and certain other applications are configured to support it. Other applications may also be capable of isolating print drivers, depending on whether they're configured for it.
 
-If you enable or do not configure this policy setting, then applications that are configured to support driver isolation will be isolated.
+If you enable or don't configure this policy setting, then applications that are configured to support driver isolation will be isolated.
 
 If you disable this policy setting, then print drivers will be loaded within all associated application processes.
 
 > [!NOTE]
 > - This policy setting applies only to applications opted into isolation.
-> - This policy setting applies only to print drivers loaded by applications. Print drivers loaded by the print spooler are not affected.
+> - This policy setting applies only to print drivers loaded by applications. Print drivers loaded by the print spooler aren't affected.
 > - This policy setting is only checked once during the lifetime of a process. After changing the policy, a running application must be relaunched before settings take effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Isolate print drivers from applications*
+-   GP Friendly name: *Isolate print drivers from applications*
 -   GP name: *ApplicationDriverIsolation*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -262,32 +220,14 @@ ADMX Info:
 **ADMX_Printing/CustomizedSupportUrl**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -302,11 +242,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. By default, the Printers folder includes a link to the Microsoft Support Web page called "Get help with printing". It can also include a link to a Web page supplied by the vendor of the currently selected printer.
+By default, the Printers folder includes a link to the Microsoft Support Web page called "Get help with printing". It can also include a link to a Web page supplied by the vendor of the currently selected printer.
 
 If you enable this policy setting, you replace the "Get help with printing" default link with a link to a Web page customized for your enterprise.
 
-If you disable this setting or do not configure it, or if you do not enter an alternate Internet address, the default link will appear in the Printers folder.
+If you disable this setting or don't configure it, or if you don't enter an alternate Internet address, the default link will appear in the Printers folder.
 
 > [!NOTE]
 > Web pages links only appear in the Printers folder when Web view is enabled. If Web view is disabled, the setting has no effect. (To enable Web view, open the Printers folder, and, on the Tools menu, click Folder Options, click the General tab, and then click "Enable Web content in folders.")
@@ -316,16 +256,11 @@ Also, see the "Activate Internet printing" setting in this setting folder and th
 Web view is affected by the "Turn on Classic Shell" and "Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon" settings in User Configuration\Administrative Templates\Windows Components\Windows Explorer, and by the "Enable Active Desktop" setting in User Configuration\Administrative Templates\Desktop\Active Desktop.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Custom support URL in the Printers folder's left pane*
+-   GP Friendly name: *Custom support URL in the Printers folder's left pane*
 -   GP name: *CustomizedSupportUrl*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -338,32 +273,14 @@ ADMX Info:
 **ADMX_Printing/DoNotInstallCompatibleDriverFromWindowsUpdate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -378,27 +295,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage where client computers search for Point and Printer drivers.
+This policy setting allows you to manage where client computers search for Point and Printer drivers.
 
 If you enable this policy setting, the client computer will continue to search for compatible Point and Print drivers from Windows Update after it fails to find the compatible driver from the local driver store and the server driver cache.
 
-If you disable this policy setting, the client computer will only search the local driver store and server driver cache for compatible Point and Print drivers. If it is unable to find a compatible driver, then the Point and Print connection will fail.
+If you disable this policy setting, the client computer will only search the local driver store and server driver cache for compatible Point and Print drivers. If it's unable to find a compatible driver, then the Point and Print connection will fail.
 
-This policy setting is not configured by default, and the behavior depends on the version of Windows that you are using.
+This policy setting isn't configured by default, and the behavior depends on the version of Windows that you're using.
 
-By default, Windows Ultimate, Professional and Home SKUs will continue to search for compatible Point and Print drivers from Windows Update, if needed. However, you must explicitly enable this policy setting for other versions of Windows (for example Windows Enterprise, and all versions of Windows Server 2008 R2 and later) to have the same behavior.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Extend Point and Print connection to search Windows Update*
+-   GP Friendly name: *Extend Point and Print connection to search Windows Update*
 -   GP name: *DoNotInstallCompatibleDriverFromWindowsUpdate*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -411,32 +322,14 @@ ADMX Info:
 **ADMX_Printing/DomainPrinters**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -451,11 +344,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting, it sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on a managed network (when the computer is able to reach a domain controller, e.g. a domain-joined laptop on a corporate network.)
+If you enable this policy setting, it sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on a managed network (when the computer is able to reach a domain controller, for example, a domain-joined laptop on a corporate network.)
 
-If this policy setting is disabled, the network scan page will not be displayed.
+If this policy setting is disabled, the network scan page won't be displayed.
 
-If this policy setting is not configured, the Add Printer wizard will display the default number of printers of each type:
+If this policy setting isn't configured, the Add Printer wizard will display the default number of printers of each type:
 
 - Directory printers: 20
 - TCP/IP printers: 0
@@ -467,21 +360,16 @@ In order to view available Web Services printers on your network, ensure that ne
 
 If you would like to not display printers of a certain type, enable this policy and set the number of printers to display to 0.
 
-In Windows 10 and later, only TCP/IP printers can be shown in the wizard. If you enable this policy setting, only TCP/IP printer limits are applicable. On Windows 10 only, if you disable or do not configure this policy setting, the default limit is applied.
+In Windows 10 and later, only TCP/IP printers can be shown in the wizard. If you enable this policy setting, only TCP/IP printer limits are applicable. On Windows 10 only, if you disable or don't configure this policy setting, the default limit is applied.
 
-In Windows 8 and later, Bluetooth printers are not shown so its limit does not apply to those versions of Windows.
+In Windows 8 and later, Bluetooth printers aren't shown so its limit doesn't apply to those versions of Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Add Printer wizard - Network scan page (Managed network)*
+-   GP Friendly name: *Add Printer wizard - Network scan page (Managed network)*
 -   GP name: *DomainPrinters*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -494,32 +382,14 @@ ADMX Info:
 **ADMX_Printing/DownlevelBrowse**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -534,26 +404,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Allows users to use the Add Printer Wizard to search the network for shared printers.
+Allows users to use the Add Printer Wizard to search the network for shared printers.
 
-If you enable this setting or do not configure it, when users choose to add a network printer by selecting the "A network printer, or a printer attached to another computer" radio button on Add Printer Wizard's page 2, and also check the "Connect to this printer (or to browse for a printer, select this option and click Next)" radio button on Add Printer Wizard's page 3, and do not specify a printer name in the adjacent "Name" edit box, then Add Printer Wizard displays the list of shared printers on the network and invites to choose a printer from the shown list.
+If you enable this setting or don't configure it, when users choose to add a network printer by selecting the "A network printer, or a printer attached to another computer" radio button on Add Printer Wizard's page 2, and also check the "Connect to this printer (or to browse for a printer, select this option and click Next)" radio button on Add Printer Wizard's page 3, and don't specify a printer name in the adjacent "Name" edit box, then Add Printer Wizard displays the list of shared printers on the network and invites to choose a printer from the shown list.
 
-If you disable this setting, the network printer browse page is removed from within the Add Printer Wizard, and users cannot search the network but must type a printer name.
+If you disable this setting, the network printer browse page is removed from within the Add Printer Wizard, and users can't search the network but must type a printer name.
 
 > [!NOTE]
-> This setting affects the Add Printer Wizard only. It does not prevent users from using other programs to search for shared printers or to connect to network printers.
+> This setting affects the Add Printer Wizard only. It doesn't prevent users from using other programs to search for shared printers or to connect to network printers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Browse the network to find printers*
+-   GP Friendly name: *Browse the network to find printers*
 -   GP name: *DownlevelBrowse*
 -   GP path: *Control Panel\Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -566,32 +431,14 @@ ADMX Info:
 **ADMX_Printing/EMFDespooling**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -606,34 +453,29 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. When printing through a print server, determines whether the print spooler on the client will process print jobs itself, or pass them on to the server to do the work.
+When printing is being done through a print server, determines whether the print spooler on the client will process print jobs itself, or pass them on to the server to do the work.
 
-This policy setting only effects printing to a Windows print server.
+This policy setting only affects printing to a Windows print server.
 
-If you enable this policy setting on a client machine, the client spooler will not process print jobs before sending them to the print server. This decreases the workload on the client at the expense of increasing the load on the server.
+If you enable this policy setting on a client machine, the client spooler won't process print jobs before sending them to the print server, thereby decreasing the workload on the client at the expense of increasing the load on the server.
 
-If you disable this policy setting on a client machine, the client itself will process print jobs into printer device commands. These commands will then be sent to the print server, and the server will simply pass the commands to the printer. This increases the workload of the client while decreasing the load on the server.
+If you disable this policy setting on a client machine, the client itself will process print jobs into printer device commands. These commands will then be sent to the print server, and the server will pass the commands to the printer. This process increases the workload of the client while decreasing the load on the server.
 
-If you do not enable this policy setting, the behavior is the same as disabling it.
+If you don't enable this policy setting, the behavior is the same as disabling it.
 
 > [!NOTE]
-> This policy does not determine whether offline printing will be available to the client. The client print spooler can always queue print jobs when not connected to the print server. Upon reconnecting to the server, the client will submit any pending print jobs.
+> This policy doesn't determine whether offline printing will be available to the client. The client print spooler can always queue print jobs when not connected to the print server. Upon reconnecting to the server, the client will submit any pending print jobs.
 >
-> Some printer drivers require a custom print processor. In some cases the custom print processor may not be installed on the client machine, such as when the print server does not support transferring print processors during point-and-print. In the case of a print processor mismatch, the client spooler will always send jobs to the print server for rendering. Disabling the above policy setting does not override this behavior.
+> Some printer drivers require a custom print processor. In some cases the custom print processor may not be installed on the client machine, such as when the print server doesn't support transferring print processors during point-and-print. In the case of a print processor mismatch, the client spooler will always send jobs to the print server for rendering. Disabling the above policy setting doesn't override this behavior.
 >
-> In cases where the client print driver does not match the server print driver (mismatched connection), the client will always process the print job, regardless of the setting of this policy.
+> In cases where the client print driver doesn't match the server print driver (mismatched connection), the client will always process the print job, regardless of the setting of this policy.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Always render print jobs on the server*
+-   GP Friendly name: *Always render print jobs on the server*
 -   GP name: *EMFDespooling*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -646,32 +488,14 @@ ADMX Info:
 **ADMX_Printing/ForceSoftwareRasterization**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -686,21 +510,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Determines whether the XPS Rasterization Service or the XPS-to-GDI conversion (XGC) is forced to use a software rasterizer instead of a Graphics Processing Unit (GPU) to rasterize pages.
+Determines whether the XPS Rasterization Service or the XPS-to-GDI conversion (XGC) is forced to use a software rasterizer instead of a Graphics Processing Unit (GPU) to rasterize pages.
 
 This setting may improve the performance of the XPS Rasterization Service or the XPS-to-GDI conversion (XGC) on machines that have a relatively powerful CPU as compared to the machine’s GPU.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Always rasterize content to be printed using a software rasterizer*
+-   GP Friendly name: *Always rasterize content to be printed using a software rasterizer*
 -   GP name: *ForceSoftwareRasterization*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -713,32 +532,14 @@ ADMX Info:
 **ADMX_Printing/IntranetPrintersUrl**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -753,7 +554,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Adds a link to an Internet or intranet Web page to the Add Printer Wizard.
+Adds a link to an Internet or intranet Web page to the Add Printer Wizard.
 
 You can use this setting to direct users to a Web page from which they can install printers.
 
@@ -764,16 +565,11 @@ This setting makes it easy for users to find the printers you want them to add.
 Also, see the "Custom support URL in the Printers folder's left pane" and "Activate Internet printing" settings in "Computer Configuration\Administrative Templates\Printers."
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Browse a common web site to find printers*
+-   GP Friendly name: *Browse a common web site to find printers*
 -   GP name: *IntranetPrintersUrl*
 -   GP path: *Control Panel\Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -786,32 +582,14 @@ ADMX Info:
 **ADMX_Printing/KMPrintersAreBlocked**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -826,28 +604,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Determines whether printers using kernel-mode drivers may be installed on the local computer.  Kernel-mode drivers have access to system-wide memory, and therefore poorly-written kernel-mode drivers can cause stop errors.
+Determines whether printers using kernel-mode drivers may be installed on the local computer.  Kernel-mode drivers have access to system-wide memory, and therefore poorly written kernel-mode drivers can cause stop errors.
 
-If you disable this setting, or do not configure it, then printers using a kernel-mode drivers may be installed on the local computer running Windows XP Home Edition and Windows XP Professional.
 
-If you do not configure this setting on Windows Server 2003 family products, the installation of kernel-mode printer drivers will be blocked.
+If you don't configure this setting on Windows Server 2003 family products, the installation of kernel-mode printer drivers will be blocked.
 
-If you enable this setting, installation of a printer using a kernel-mode driver will not be allowed.
+If you enable this setting, installation of a printer using a kernel-mode driver won't be allowed.
 
 > [!NOTE]
-> By applying this policy, existing kernel-mode drivers will be disabled upon installation of service packs or reinstallation of the Windows XP operating system. This policy does not apply to 64-bit kernel-mode printer drivers as they cannot be installed and associated with a print queue.
+> This policy doesn't apply to 64-bit kernel-mode printer drivers as they can't be installed and associated with a print queue.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Disallow installation of printers using kernel-mode drivers*
+-   GP Friendly name: *Disallow installation of printers using kernel-mode drivers*
 -   GP name: *KMPrintersAreBlocked*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -860,32 +632,14 @@ ADMX Info:
 **ADMX_Printing/LegacyDefaultPrinterMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -900,25 +654,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This preference allows you to change default printer management.
+This preference allows you to change default printer management.
 
-If you enable this setting, Windows will not manage the default printer.
+If you enable this setting, Windows won't manage the default printer.
 
 If you disable this setting, Windows will manage the default printer.
 
-If you do not configure this setting, default printer management will not change. 
+If you don't configure this setting, default printer management won't change. 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Windows default printer management*
+-   GP Friendly name: *Turn off Windows default printer management*
 -   GP name: *LegacyDefaultPrinterMode*
 -   GP path: *Control Panel\Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -931,32 +680,14 @@ ADMX Info:
 **ADMX_Printing/MXDWUseLegacyOutputFormatMSXPS**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -971,23 +702,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default in Windows 10, Windows 10 and Windows Server 2019.
+Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default in Windows 10, Windows 10 and Windows Server 2019.
 
 If you enable this group policy setting, the default MXDW output format is the legacy Microsoft XPS (*.xps).
 
-If you disable or do not configure this policy setting, the default MXDW output format is OpenXPS (*.oxps).
+If you disable or don't configure this policy setting, the default MXDW output format is OpenXPS (*.oxps).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps)*
+-   GP Friendly name: *Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps)*
 -   GP name: *MXDWUseLegacyOutputFormatMSXPS*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -1000,32 +726,14 @@ ADMX Info:
 **ADMX_Printing/NoDeletePrinter**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1040,25 +748,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If this policy setting is enabled, it prevents users from deleting local and network printers.
+If this policy setting is enabled, it prevents users from deleting local and network printers.
 
 If a user tries to delete a printer, such as by using the Delete option in Printers in Control Panel, a message appears explaining that a setting prevents the action.
 
-This setting does not prevent users from running other programs to delete a printer.
+This setting doesn't prevent users from running other programs to delete a printer.
 
 If this policy is disabled, or not configured, users can delete printers using the methods described above.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent deletion of printers*
+-   GP Friendly name: *Prevent deletion of printers*
 -   GP name: *NoDeletePrinter*
 -   GP path: *Control Panel\Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -1071,32 +774,14 @@ ADMX Info:
 **ADMX_Printing/NonDomainPrinters**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1111,11 +796,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on an unmanaged network (when the computer is not able to reach a domain controller, e.g. a domain-joined laptop on a home network.)
+This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on an unmanaged network (when the computer isn't able to reach a domain controller, for example, a domain-joined laptop on a home network.)
 
-If this setting is disabled, the network scan page will not be displayed.
+If this setting is disabled, the network scan page won't be displayed.
 
-If this setting is not configured, the Add Printer wizard will display the default number of printers of each type:
+If this setting isn't configured, the Add Printer wizard will display the default number of printers of each type:
 
 - TCP/IP printers: 50
 - Web Services printers: 50
@@ -1124,21 +809,16 @@ If this setting is not configured, the Add Printer wizard will display the defau
 
 If you would like to not display printers of a certain type, enable this policy and set the number of printers to display to 0.
 
-In Windows 10 and later, only TCP/IP printers can be shown in the wizard. If you enable this policy setting, only TCP/IP printer limits are applicable. On Windows 10 only, if you disable or do not configure this policy setting, the default limit is applied.
+In Windows 10 and later, only TCP/IP printers can be shown in the wizard. If you enable this policy setting, only TCP/IP printer limits are applicable. On Windows 10 only, if you disable or don't configure this policy setting, the default limit is applied.
 
-In Windows 8 and later, Bluetooth printers are not shown so its limit does not apply to those versions of Windows.
+In Windows 8 and later, Bluetooth printers aren't shown so its limit doesn't apply to those versions of Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Add Printer wizard - Network scan page (Unmanaged network)*
+-   GP Friendly name: *Add Printer wizard - Network scan page (Unmanaged network)*
 -   GP name: *NonDomainPrinters*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -1151,32 +831,14 @@ ADMX Info:
 **ADMX_Printing/PackagePointAndPrintOnly**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1191,23 +853,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy restricts clients computers to use package point and print only.
+This policy restricts clients computers to use package point and print only.
 
-If this setting is enabled, users will only be able to point and print to printers that use package-aware drivers. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers.
+If this setting is enabled, users will only be able to point and print to printers that use package-aware drivers. When package point and print are being used, client computers will check the driver signature of all drivers that are downloaded from print servers.
 
-If this setting is disabled, or not configured, users will not be restricted to package-aware point and print only.
+If this setting is disabled, or not configured, users won't be restricted to package-aware point and print only.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Only use Package Point and print*
+-   GP Friendly name: *Only use Package Point and print*
 -   GP name: *PackagePointAndPrintOnly*
 -   GP path: *Control Panel\Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -1220,32 +877,14 @@ ADMX Info:
 **ADMX_Printing/PackagePointAndPrintOnly_Win7**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1260,23 +899,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy restricts clients computers to use package point and print only.
+This policy restricts clients computers to use package point and print only.
 
-If this setting is enabled, users will only be able to point and print to printers that use package-aware drivers. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers.
+If this setting is enabled, users will only be able to point and print to printers that use package-aware drivers. When package point and print are being used, client computers will check the driver signature of all drivers that are downloaded from print servers.
 
-If this setting is disabled, or not configured, users will not be restricted to package-aware point and print only.
+If this setting is disabled, or not configured, users won't be restricted to package-aware point and print only.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Only use Package Point and print*
+-   GP Friendly name: *Only use Package Point and print*
 -   GP name: *PackagePointAndPrintOnly_Win7*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -1289,32 +923,14 @@ ADMX Info:
 **ADMX_Printing/PackagePointAndPrintServerList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1329,27 +945,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Restricts package point and print to approved servers.
+Restricts package point and print to approved servers.
 
-This policy setting restricts package point and print connections to approved servers. This setting only applies to Package Point and Print connections, and is completely independent from the "Point and Print Restrictions" policy that governs the behavior of non-package point and print connections.
+This policy setting restricts package point and print connections to approved servers. This setting only applies to Package Point and Print connections, and is independent from the "Point and Print Restrictions" policy that governs the behavior of non-package point and print connections.
 
 Windows Vista and later clients will attempt to make a non-package point and print connection anytime a package point and print connection fails, including attempts that are blocked by this policy. Administrators may need to set both policies to block all print connections to a specific print server.
 
-If this setting is enabled, users will only be able to package point and print to print servers approved by the network administrator. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers.
+If this setting is enabled, users will only be able to package point and print to print servers approved by the network administrator. When package point and print are being used, client computers will check the driver signature of all drivers that are downloaded from print servers.
 
-If this setting is disabled, or not configured, package point and print will not be restricted to specific print servers.
+If this setting is disabled, or not configured, package point and print won't be restricted to specific print servers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Package Point and print - Approved servers*
+-   GP Friendly name: *Package Point and print - Approved servers*
 -   GP name: *PackagePointAndPrintServerList*
 -   GP path: *Control Panel\Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -1362,32 +973,14 @@ ADMX Info:
 **ADMX_Printing/PackagePointAndPrintServerList_Win7**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1402,27 +995,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Restricts package point and print to approved servers.
+Restricts package point and print to approved servers.
 
-This policy setting restricts package point and print connections to approved servers. This setting only applies to Package Point and Print connections, and is completely independent from the "Point and Print Restrictions" policy that governs the behavior of non-package point and print connections.
+This policy setting restricts package point and print connections to approved servers. This setting only applies to Package Point and Print connections, and is independent from the "Point and Print Restrictions" policy that governs the behavior of non-package point and print connections.
 
 Windows Vista and later clients will attempt to make a non-package point and print connection anytime a package point and print connection fails, including attempts that are blocked by this policy. Administrators may need to set both policies to block all print connections to a specific print server.
 
-If this setting is enabled, users will only be able to package point and print to print servers approved by the network administrator. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers.
+If this setting is enabled, users will only be able to package point and print to print servers approved by the network administrator. When package point and print are being used, client computers will check the driver signature of all drivers that are downloaded from print servers.
 
-If this setting is disabled, or not configured, package point and print will not be restricted to specific print servers.
+If this setting is disabled, or not configured, package point and print won't be restricted to specific print servers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Package Point and print - Approved servers*
+-   GP Friendly name: *Package Point and print - Approved servers*
 -   GP name: *PackagePointAndPrintServerList_Win7*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -1435,32 +1023,14 @@ ADMX Info:
 **ADMX_Printing/PhysicalLocation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1475,7 +1045,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If this policy setting is enabled, it specifies the default location criteria used when searching for printers.
+If this policy setting is enabled, it specifies the default location criteria used when searching for printers.
 
 This setting is a component of the Location Tracking feature of Windows printers. To use this setting, enable Location Tracking by enabling the "Pre-populate printer search location text" setting.
 
@@ -1483,19 +1053,14 @@ When Location Tracking is enabled, the system uses the specified location as a c
 
 Type the location of the user's computer. When users search for printers, the system uses the specified location (and other search criteria) to find a printer nearby. You can also use this setting to direct users to a particular printer or group of printers that you want them to use.
 
-If you disable this setting or do not configure it, and the user does not type a location as a search criterion, the system searches for a nearby printer based on the IP address and subnet mask of the user's computer.
+If you disable this setting or don't configure it, and the user doesn't type a location as a search criterion, the system searches for a nearby printer based on the IP address and subnet mask of the user's computer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Computer location*
+-   GP Friendly name: *Computer location*
 -   GP name: *PhysicalLocation*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -1508,32 +1073,14 @@ ADMX Info:
 **ADMX_Printing/PhysicalLocationSupport**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1548,25 +1095,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Enables the physical Location Tracking setting for Windows printers.
+Enables the physical Location Tracking setting for Windows printers.
 
 Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method used to locate and associate computers and printers. The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers.
 
 If you enable this setting, users can browse for printers by location without knowing the printer's location or location naming scheme. Enabling Location Tracking adds a Browse button in the Add Printer wizard's Printer Name and Sharing Location screen and to the General tab in the Printer Properties dialog box. If you enable the Group Policy Computer location setting, the default location you entered appears in the Location field by default.
 
-If you disable this setting or do not configure it, Location Tracking is disabled. Printer proximity is estimated using the standard method (that is, based on IP address and subnet mask).
+If you disable this setting or don't configure it, Location Tracking is disabled. Printer proximity is estimated using the standard method (that is, based on IP address and subnet mask).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Pre-populate printer search location text*
+-   GP Friendly name: *Pre-populate printer search location text*
 -   GP name: *PhysicalLocationSupport*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -1579,32 +1121,14 @@ ADMX Info:
 **ADMX_Printing/PrintDriverIsolationExecutionPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1619,28 +1143,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes), a print driver failure will not cause the print spooler service to fail.
+This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes), a print driver failure won't cause the print spooler service to fail.
 
-If you enable or do not configure this policy setting, the print spooler will execute print drivers in an isolated process by default.
+If you enable or don't configure this policy setting, the print spooler will execute print drivers in an isolated process by default.
 
 If you disable this policy setting, the print spooler will execute print drivers in the print spooler process.
 
 > [!NOTE]
 > - Other system or driver policy settings may alter the process in which a print driver is executed.
-> - This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected.
+> - This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications aren't affected.
 > - This policy setting takes effect without restarting the print spooler service.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Execute print drivers in isolated processes*
+-   GP Friendly name: *Execute print drivers in isolated processes*
 -   GP name: *PrintDriverIsolationExecutionPolicy*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -1653,32 +1172,14 @@ ADMX Info:
 **ADMX_Printing/PrintDriverIsolationOverrideCompat**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1693,28 +1194,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process, even if the driver does not report compatibility.
+This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This policy setting enables executing print drivers in an isolated process, even if the driver doesn't report compatibility.
 
-If you enable this policy setting, the print spooler isolates all print drivers that do not explicitly opt out of Driver Isolation.
+If you enable this policy setting, the print spooler isolates all print drivers that don't explicitly opt out of Driver Isolation.
 
-If you disable or do not configure this policy setting, the print spooler uses the Driver Isolation compatibility flag value reported by the print driver.
+If you disable or don't configure this policy setting, the print spooler uses the Driver Isolation compatibility flag value reported by the print driver.
 
 > [!NOTE]
 > - Other system or driver policy settings may alter the process in which a print driver is executed.
-> - This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected.
+> - This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications aren't affected.
 > - This policy setting takes effect without restarting the print spooler service.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Override print driver execution compatibility setting reported by print driver*
+-   GP Friendly name: *Override print driver execution compatibility setting reported by print driver*
 -   GP name: *PrintDriverIsolationOverrideCompat*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -1727,32 +1223,14 @@ ADMX Info:
 **ADMX_Printing/PrinterDirectorySearchScope**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1767,25 +1245,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Specifies the Active Directory location where searches for printers begin.
+Specifies the Active Directory location where searches for printers begin.
 
 The Add Printer Wizard gives users the option of searching Active Directory for a shared printer.
 
 If you enable this policy setting, these searches begin at the location you specify in the "Default Active Directory path" box. Otherwise, searches begin at the root of Active Directory.
 
-This setting only provides a starting point for Active Directory searches for printers. It does not restrict user searches through Active Directory.
+This setting only provides a starting point for Active Directory searches for printers. It doesn't restrict user searches through Active Directory.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Default Active Directory path when searching for printers*
+-   GP Friendly name: *Default Active Directory path when searching for printers*
 -   GP name: *PrinterDirectorySearchScope*
 -   GP path: *Control Panel\Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -1798,32 +1271,14 @@ ADMX Info:
 **ADMX_Printing/PrinterServerThread**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1838,30 +1293,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Announces the presence of shared printers to print browse main servers for the domain.
+Announces the presence of shared printers to print browse main servers for the domain.
 
-On domains with Active Directory, shared printer resources are available in Active Directory and are not announced.
+On domains with Active Directory, shared printer resources are available in Active Directory and aren't announced.
 
 If you enable this setting, the print spooler announces shared printers to the print browse main servers.
 
-If you disable this setting, shared printers are not announced to print browse main servers, even if Active Directory is not available.
+If you disable this setting, shared printers aren't announced to print browse main servers, even if Active Directory isn't available.
 
-If you do not configure this setting, shared printers are announced to browse main servers only when Active Directory is not available.
+If you don't configure this setting, shared printers are announced to browse main servers only when Active Directory isn't available.
 
 > [!NOTE]
 > A client license is used each time a client computer announces a printer to a print browse master on the domain.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Printer browsing*
+-   GP Friendly name: *Printer browsing*
 -   GP name: *PrinterServerThread*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -1874,32 +1324,14 @@ ADMX Info:
 **ADMX_Printing/ShowJobTitleInEventLogs**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1914,26 +1346,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy controls whether the print job name will be included in print event logs.
+This policy controls whether the print job name will be included in print event logs.
 
-If you disable or do not configure this policy setting, the print job name will not be included.
+If you disable or don't configure this policy setting, the print job name won't be included.
 
 If you enable this policy setting, the print job name will be included in new log entries.
 
 > [!NOTE]
-> This setting does not apply to Branch Office Direct Printing jobs.
+> This setting doesn't apply to Branch Office Direct Printing jobs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow job name in event logs*
+-   GP Friendly name: *Allow job name in event logs*
 -   GP name: *ShowJobTitleInEventLogs*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -1946,32 +1373,14 @@ ADMX Info:
 **ADMX_Printing/V4DriverDisallowPrinterExtension**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1986,25 +1395,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy determines if v4 printer drivers are allowed to run printer extensions.
+This policy determines if v4 printer drivers are allowed to run printer extensions.
 
-V4 printer drivers may include an optional, customized user interface known as a printer extension. These extensions may provide access to more device features, but this may not be appropriate for all enterprises.
+V4 printer drivers may include an optional, customized user interface known as a printer extension. These extensions may provide access to more device features, but these extensions may not be appropriate for all enterprises.
 
-If you enable this policy setting, then all printer extensions will not be allowed to run.
+If you enable this policy setting, then all printer extensions won't be allowed to run.
 
-If you disable this policy setting or do not configure it, then all printer extensions that have been installed will be allowed to run.
+If you disable this policy setting or don't configure it, then all printer extensions that have been installed will be allowed to run.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not allow v4 printer drivers to show printer extensions*
+-   GP Friendly name: *Do not allow v4 printer drivers to show printer extensions*
 -   GP name: *V4DriverDisallowPrinterExtension*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -2013,7 +1417,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md
index 60ed6563a3..87ff13e471 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing2.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing2.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/15/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Printing2
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -58,32 +62,14 @@ manager: dansimp
 **ADMX_Printing2/AutoPublishing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -98,11 +84,11 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Determines whether the Add Printer Wizard automatically publishes the computer's shared printers in Active Directory.
+Determines whether the Add Printer Wizard automatically publishes the computer's shared printers in Active Directory.
 
-If you enable this setting or do not configure it, the Add Printer Wizard automatically publishes all shared printers.
+If you enable this setting or don't configure it, the Add Printer Wizard automatically publishes all shared printers.
 
-If you disable this setting, the Add Printer Wizard does not automatically publish printers. However, you can publish shared printers manually.
+If you disable this setting, the Add Printer Wizard doesn't automatically publish printers. However, you can publish shared printers manually.
 
 The default behavior is to automatically publish shared printers in Active Directory.
 
@@ -110,16 +96,11 @@ The default behavior is to automatically publish shared printers in Active Direc
 > This setting is ignored if the "Allow printers to be published" setting is disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Automatically publish new printers in Active Directory*
+-   GP Friendly name: *Automatically publish new printers in Active Directory*
 -   GP name: *AutoPublishing*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing2.admx*
@@ -132,32 +113,14 @@ ADMX Info:
 **ADMX_Printing2/ImmortalPrintQueue**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -172,28 +135,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer.
+Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer.
 
-By default, the pruning service on the domain controller prunes printer objects from Active Directory if the computer that published them does not respond to contact requests. When the computer that published the printers restarts, it republishes any deleted printer objects.
+By default, the pruning service on the domain controller prunes printer objects from Active Directory if the computer that published them doesn't respond to contact requests. When the computer that published the printers restarts, it republishes any deleted printer objects.
 
-If you enable this setting or do not configure it, the domain controller prunes this computer's printers when the computer does not respond.
+If you enable this setting or don't configure it, the domain controller prunes this computer's printers when the computer doesn't respond.
 
-If you disable this setting, the domain controller does not prune this computer's printers. This setting is designed to prevent printers from being pruned when the computer is temporarily disconnected from the network.
+If you disable this setting, the domain controller doesn't prune this computer's printers. This setting is designed to prevent printers from being pruned when the computer is temporarily disconnected from the network.
 
 > [!NOTE]
 > You can use the "Directory Pruning Interval" and "Directory Pruning Retry" settings to adjust the contact interval and number of contact attempts.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow pruning of published printers*
+-   GP Friendly name: *Allow pruning of published printers*
 -   GP name: *ImmortalPrintQueue*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing2.admx*
@@ -206,32 +164,14 @@ ADMX Info:
 **ADMX_Printing2/PruneDownlevel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -246,35 +186,30 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond,just as it does with Windows 2000 printers. This setting applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside their forest.
+Determines whether the pruning service on a domain controller prunes printer objects that aren't automatically republished whenever the host computer doesn't respond, just as it does with Windows 2000 printers. This setting applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside their forest.
 
-The Windows pruning service prunes printer objects from Active Directory when the computer that published them does not respond to contact requests. Computers running Windows 2000 Professional detect and republish deleted printer objects when they rejoin the network. However, because non-Windows 2000 computers and computers in other domains cannot republish printers in Active Directory automatically, by default, the system never prunes their printer objects.
+The Windows pruning service prunes printer objects from Active Directory when the computer that published them doesn't respond to contact requests. Computers running Windows 2000 Professional detect and republish deleted printer objects when they rejoin the network. However, because non-Windows 2000 computers and computers in other domains can't republish printers in Active Directory automatically, by default, the system never prunes their printer objects.
 
 You can enable this setting to change the default behavior. To use this setting, select one of the following options from the "Prune non-republishing printers" box:
 
-- "Never" specifies that printer objects that are not automatically republished are never pruned. "Never" is the default.
+- "Never" specifies that printer objects that aren't automatically republished are never pruned. "Never" is the default.
 
-- "Only if Print Server is found" prunes printer objects that are not automatically republished only when the print server responds, but the printer is unavailable.
+- "Only if Print Server is found" prunes printer objects that aren't automatically republished only when the print server responds, but the printer is unavailable.
 
-- "Whenever printer is not found" prunes printer objects that are not automatically republished whenever the host computer does not respond, just as it does with Windows 2000 printers.
+- "Whenever printer is not found" prunes printer objects that aren't automatically republished whenever the host computer doesn't respond, just as it does with Windows 2000 printers.
 
 > [!NOTE]
-> This setting applies to printers published by using Active Directory Users and Computers or Pubprn.vbs. It does not apply to printers published by using Printers in Control Panel.
+> This setting applies to printers published by using Active Directory Users and Computers or Pubprn.vbs. It doesn't apply to printers published by using Printers in Control Panel.
 
 > [!TIP]
 > If you disable automatic pruning, remember to delete printer objects manually whenever you remove a printer or print server.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prune printers that are not automatically republished*
+-   GP Friendly name: *Prune printers that are not automatically republished*
 -   GP name: *PruneDownlevel*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing2.admx*
@@ -287,32 +222,14 @@ ADMX Info:
 **ADMX_Printing2/PruningInterval**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -327,30 +244,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational.
+Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational.
 
-The pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally, after repeated attempts), the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published.
+The pruning service periodically contacts computers that have published printers. If a computer doesn't respond to the contact message (optionally, after repeated attempts), the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published.
 
 By default, the pruning service contacts computers every eight hours and allows two repeated contact attempts before deleting printers from Active Directory.
 
 If you enable this setting, you can change the interval between contact attempts.
 
-If you do not configure or disable this setting the default values will be used.
+If you don't configure or disable this setting, the default values will be used.
 
 > [!NOTE]
 > This setting is used only on domain controllers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Directory pruning interval*
+-   GP Friendly name: *Directory pruning interval*
 -   GP name: *PruningInterval*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing2.admx*
@@ -363,32 +275,14 @@ ADMX Info:
 **ADMX_Printing2/PruningPriority**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -403,11 +297,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Sets the priority of the pruning thread.
+Sets the priority of the pruning thread.
 
-The pruning thread, which runs only on domain controllers, deletes printer objects from Active Directory if the printer that published the object does not respond to contact attempts. This process keeps printer information in Active Directory current.
+The pruning thread, which runs only on domain controllers, deletes printer objects from Active Directory if the printer that published the object doesn't respond to contact attempts. This process keeps printer information in Active Directory current.
 
-The thread priority influences the order in which the thread receives processor time and determines how likely it is to be preempted by higher priority threads.
+The thread priority influences the order in which the thread receives processor time and determines how likely it's to be preempted by higher priority threads.
 
 By default, the pruning thread runs at normal priority. However, you can adjust the priority to improve the performance of this service.
 
@@ -415,16 +309,11 @@ By default, the pruning thread runs at normal priority. However, you can adjust
 > This setting is used only on domain controllers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Directory pruning priority*
+-   GP Friendly name: *Directory pruning priority*
 -   GP name: *PruningPriority*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing2.admx*
@@ -437,32 +326,14 @@ ADMX Info:
 **ADMX_Printing2/PruningRetries**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -477,30 +348,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers.
+Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers.
 
-The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message, the message is repeated for the specified number of times. If the computer still fails to respond, then the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published.
+The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer doesn't respond to the contact message, the message is repeated for the specified number of times. If the computer still fails to respond, then the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published.
 
 By default, the pruning service contacts computers every eight hours and allows two retries before deleting printers from Active Directory. You can use this setting to change the number of retries.
 
 If you enable this setting, you can change the interval between attempts.
 
-If you do not configure or disable this setting, the default values are used.
+If you don't configure or disable this setting, the default values are used.
 
 > [!NOTE]
 > This setting is used only on domain controllers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Directory pruning retry*
+-   GP Friendly name: *Directory pruning retry*
 -   GP name: *PruningRetries*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing2.admx*
@@ -513,32 +379,14 @@ ADMX Info:
 **ADMX_Printing2/PruningRetryLog**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -553,30 +401,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers.
+Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers.
 
-The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt, the attempt is retried a specified number of times, at a specified interval. The "Directory pruning retry" setting determines the number of times the attempt is retried; the default value is two retries. The "Directory Pruning Interval" setting determines the time interval between retries; the default value is every eight hours. If the computer has not responded by the last contact attempt, its printers are pruned from the directory.
+The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer doesn't respond to the contact attempt, the attempt is retried a specified number of times, at a specified interval. The "Directory pruning retry" setting determines the number of times the attempt is retried; the default value is two retries. The "Directory Pruning Interval" setting determines the time interval between retries; the default value is every eight hours. If the computer hasn't responded by the last contact attempt, its printers are pruned from the directory.
 
 If you enable this policy setting, the contact events are recorded in the event log.
 
-If you disable or do not configure this policy setting, the contact events are not recorded in the event log.
+If you disable or don't configure this policy setting, the contact events aren't recorded in the event log.
 
-Note: This setting does not affect the logging of pruning events; the actual pruning of a printer is always logged.
+Note: This setting doesn't affect the logging of pruning events; the actual pruning of a printer is always logged.
 
 > [!NOTE]
 > This setting is used only on domain controllers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Log directory pruning retry events*
+-   GP Friendly name: *Log directory pruning retry events*
 -   GP name: *PruningRetryLog*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing2.admx*
@@ -589,32 +432,14 @@ ADMX Info:
 **ADMX_Printing2/RegisterSpoolerRemoteRpcEndPoint**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -629,25 +454,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy controls whether the print spooler will accept client connections.
+This policy controls whether the print spooler will accept client connections.
 
-When the policy is not configured or enabled, the spooler will always accept client connections.
+When the policy isn't configured or enabled, the spooler will always accept client connections.
 
-When the policy is disabled, the spooler will not accept client connections nor allow users to share printers. All printers currently shared will continue to be shared.
+When the policy is disabled, the spooler won't accept client connections nor allow users to share printers. All printers currently shared will continue to be shared.
 
 The spooler must be restarted for changes to this policy to take effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow Print Spooler to accept client connections*
+-   GP Friendly name: *Allow Print Spooler to accept client connections*
 -   GP name: *RegisterSpoolerRemoteRpcEndPoint*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing2.admx*
@@ -660,32 +480,14 @@ ADMX Info:
 **ADMX_Printing2/VerifyPublishedState**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -700,25 +502,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification.
+Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification.
 
 By default, the system only verifies published printers at startup. This setting allows for periodic verification while the computer is operating.
 
-To enable this additional verification, enable this setting, and then select a verification interval.
+To enable this extra verification, enable this setting, and then select a verification interval.
 
 To disable verification, disable this setting, or enable this setting and select "Never" for the verification interval.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Check published state*
+-   GP Friendly name: *Check published state*
 -   GP name: *VerifyPublishedState*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing2.admx*
@@ -727,6 +524,5 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md
index b325def568..c1089d79fe 100644
--- a/windows/client-management/mdm/policy-csp-admx-programs.md
+++ b/windows/client-management/mdm/policy-csp-admx-programs.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/01/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Programs
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -52,32 +56,14 @@ manager: dansimp
 **ADMX_Programs/NoDefaultPrograms**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -92,27 +78,22 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result, users cannot view or change the associated page.
+This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result, users can't view or change the associated page.
 
 The Set Program Access and Computer Defaults page allows administrators to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as specify the programs that are accessible from the Start menu, desktop, and other locations.
 
 If this setting is disabled or not configured, the Set Program Access and Defaults button is available to all users.
 
-This setting does not prevent users from using other tools and methods to change program access or defaults.
+This setting doesn't prevent users from using other tools and methods to change program access or defaults.
 
-This setting does not prevent the Default Programs icon from appearing on the Start menu.
+This setting doesn't prevent the Default Programs icon from appearing on the Start menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide "Set Program Access and Computer Defaults" page*
+-   GP Friendly name: *Hide "Set Program Access and Computer Defaults" page*
 -   GP name: *NoDefaultPrograms*
 -   GP path: *Control Panel\Programs*
 -   GP ADMX file name: *Programs.admx*
@@ -125,32 +106,14 @@ ADMX Info:
 **ADMX_Programs/NoGetPrograms**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -165,30 +128,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from viewing or installing published programs from the network.  
+Prevents users from viewing or installing published programs from the network.  
 
 This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View, Programs and Features in Classic View and the "Install a program from the network" task. The "Get Programs" page lists published programs and provides an easy way to install them.
 
 Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users of their availability, to recommend their use, or to enable users to install them without having to search for installation files.
 
-If this setting is enabled, users cannot view the programs that have been published by the system administrator, and they cannot use the "Get Programs" page to install published programs.  Enabling this feature does not prevent users from installing programs by using other methods.  Users will still be able to view and installed assigned (partially installed) programs that are offered on the desktop or on the Start menu.
+If this setting is enabled, users can't view the programs that have been published by the system administrator, and they can't use the "Get Programs" page to install published programs.  Enabling this feature doesn't prevent users from installing programs by using other methods.  Users will still be able to view and installed assigned (partially installed) programs that are offered on the desktop or on the Start menu.
 
-If this setting is disabled or is not configured, the "Install a program from the network" task to the "Get Programs" page will be available to all users.
+If this setting is disabled or isn't configured, the "Install a program from the network" task to the "Get Programs" page will be available to all users.
 
 > [!NOTE]
 > If the "Hide Programs Control Panel" setting is enabled, this setting is ignored.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide "Get Programs" page*
+-   GP Friendly name: *Hide "Get Programs" page*
 -   GP name: *NoGetPrograms*
 -   GP path: *Control Panel\Programs*
 -   GP ADMX file name: *Programs.admx*
@@ -201,32 +159,14 @@ ADMX Info:
 **ADMX_Programs/NoInstalledUpdates**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -241,25 +181,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task.
+This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task.
 
 "Installed Updates" allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers.
 
 If this setting is disabled or not configured, the "View installed updates" task and the "Installed Updates" page will be available to all users.
 
-This setting does not prevent users from using other tools and methods to install or uninstall programs.
+This setting doesn't prevent users from using other tools and methods to install or uninstall programs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide "Installed Updates" page*
+-   GP Friendly name: *Hide "Installed Updates" page*
 -   GP name: *NoInstalledUpdates*
 -   GP path: *Control Panel\Programs*
 -   GP ADMX file name: *Programs.admx*
@@ -272,32 +207,14 @@ ADMX Info:
 **ADMX_Programs/NoProgramsAndFeatures**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -312,23 +229,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting prevents users from accessing "Programs and Features" to view, uninstall, change, or repair programs that are currently installed on the computer.
+This setting prevents users from accessing "Programs and Features" to view, uninstall, change, or repair programs that are currently installed on the computer.
 
 If this setting is disabled or not configured, "Programs and Features" will be available to all users.
 
-This setting does not prevent users from using other tools and methods to view or uninstall programs.  It also does not prevent users from linking to related Programs Control Panel Features including Windows Features, Get Programs, or Windows Marketplace.
+This setting doesn't prevent users from using other tools and methods to view or uninstall programs.  It also doesn't prevent users from linking to related Programs Control Panel Features including Windows Features, Get Programs, or Windows Marketplace.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide "Programs and Features" page*
+-   GP Friendly name: *Hide "Programs and Features" page*
 -   GP name: *NoProgramsAndFeatures*
 -   GP path: *Control Panel\Programs*
 -   GP ADMX file name: *Programs.admx*
@@ -341,32 +253,14 @@ ADMX Info:
 **ADMX_Programs/NoProgramsCPL**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -381,7 +275,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View.
+This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View.
  
 The Programs Control Panel allows users to uninstall, change, and repair programs, enable and disable Windows Features, set program defaults, view installed updates, and purchase software from Windows Marketplace. Programs published or assigned to the user by the system administrator also appear in the Programs Control Panel.
 
@@ -389,19 +283,14 @@ If this setting is disabled or not configured, the Programs Control Panel in Cat
 
 When enabled, this setting takes precedence over the other settings in this folder.
 
-This setting does not prevent users from using other tools and methods to install or uninstall programs.
+This setting doesn't prevent users from using other tools and methods to install or uninstall programs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide the Programs Control Panel*
+-   GP Friendly name: *Hide the Programs Control Panel*
 -   GP name: *NoProgramsCPL*
 -   GP path: *Control Panel\Programs*
 -   GP ADMX file name: *Programs.admx*
@@ -414,32 +303,14 @@ ADMX Info:
 **ADMX_Programs/NoWindowsFeatures**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -454,23 +325,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs. As a result, users cannot view, enable, or disable various Windows features and services.
+This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs. As a result, users can't view, enable, or disable various Windows features and services.
 
-If this setting is disabled or is not configured, the "Turn Windows features on or off" task will be available to all users.
+If this setting is disabled or isn't configured, the "Turn Windows features on or off" task will be available to all users.
 
-This setting does not prevent users from using other tools and methods to configure services or enable or disable program components.
+This setting doesn't prevent users from using other tools and methods to configure services or enable or disable program components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide "Windows Features"*
+-   GP Friendly name: *Hide "Windows Features"*
 -   GP name: *NoWindowsFeatures*
 -   GP path: *Control Panel\Programs*
 -   GP ADMX file name: *Programs.admx*
@@ -483,32 +349,14 @@ ADMX Info:
 **ADMX_Programs/NoWindowsMarketplace**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -523,28 +371,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting prevents users from access the "Get new programs from Windows Marketplace" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs.
+This setting prevents users from access the "Get new programs from Windows Marketplace" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs.
 
 Windows Marketplace allows users to purchase and/or download various programs to their computer for installation.
 
-Enabling this feature does not prevent users from navigating to Windows Marketplace using other methods. 
+Enabling this feature doesn't prevent users from navigating to Windows Marketplace using other methods. 
 
-If this feature is disabled or is not configured, the "Get new programs from Windows Marketplace" task link will be available to all users.
+If this feature is disabled or isn't configured, the "Get new programs from Windows Marketplace" task link will be available to all users.
 
 > [!NOTE]
 > If the "Hide Programs control Panel" setting is enabled, this setting is ignored.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide "Windows Marketplace"*
+-   GP Friendly name: *Hide "Windows Marketplace"*
 -   GP name: *NoWindowsMarketplace*
 -   GP path: *Control Panel\Programs*
 -   GP ADMX file name: *Programs.admx*
@@ -553,8 +396,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
new file mode 100644
index 0000000000..5339356365
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
@@ -0,0 +1,79 @@
+---
+title: Policy CSP - ADMX_PushToInstall
+description: Policy CSP - ADMX_PushToInstall
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 12/01/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_PushToInstall
+
+
                  
+
+
+## ADMX_PushToInstall policies  
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+  
                  
+    ADMX_PushToInstall/DisablePushToInstall
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_PushToInstall/DisablePushToInstall**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+If you enable this setting, users will not be able to push Apps to this device from the Microsoft Store running on other devices or the web.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off Push To Install service*
+-   GP name: *DisablePushToInstall*
+-   GP path: *Windows Components\Push To Install*
+-   GP ADMX file name: *PushToInstall.admx*
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md
new file mode 100644
index 0000000000..80e2f293b0
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-radar.md
@@ -0,0 +1,90 @@
+---
+title: Policy CSP - ADMX_Radar
+description: Policy CSP - ADMX_Radar
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 12/08/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Radar
+
+
                  
+
+
+## ADMX_Radar policies  
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+  
                  
+    ADMX_Radar/WdiScenarioExecutionPolicy
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_Radar/WdiScenarioExecutionPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy determines the execution level for Windows Resource Exhaustion Detection and Resolution.  
+
+- If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes.
+
+These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.  
+
+- If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS.
+
+If you don't configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default.  
+This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.  No system restart or service restart is required for this policy to take effect: changes take effect immediately. This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure Scenario Execution Level*
+-   GP name: *WdiScenarioExecutionPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Windows Resource Exhaustion Detection and Resolution*
+-   GP ADMX file name: *Radar.admx*
+
+
                  
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md
index 794b2ccea4..006b2c772d 100644
--- a/windows/client-management/mdm/policy-csp-admx-reliability.md
+++ b/windows/client-management/mdm/policy-csp-admx-reliability.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/13/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Reliability
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -43,32 +47,14 @@ manager: dansimp
 **ADMX_Reliability/EE_EnablePersistentTimeStamp**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -83,28 +69,23 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a schedule controlled by the Timestamp Interval.
+This policy setting allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a schedule controlled by the Timestamp Interval.
 
-If you enable this policy setting, you are able to specify how often the Persistent System Timestamp is refreshed and subsequently written to the disk. You can specify the Timestamp Interval in seconds.
+If you enable this policy setting, you're able to specify how often the Persistent System Timestamp is refreshed and then written to the disk. You can specify the Timestamp Interval in seconds.
 
-If you disable this policy setting, the Persistent System Timestamp is turned off and the timing of unexpected shutdowns is not recorded.
+If you disable this policy setting, the Persistent System Timestamp is turned off and the timing of unexpected shutdowns isn't recorded.
 
-If you do not configure this policy setting, the Persistent System Timestamp is refreshed according the default, which is every 60 seconds beginning with Windows Server 2003.
+If you don't configure this policy setting, the Persistent System Timestamp is refreshed according to the default, which is every 60 seconds beginning with Windows Server 2003.
 
 > [!NOTE]
 > This feature might interfere with power configuration settings that turn off hard disks after a period of inactivity. These power settings may be accessed in the Power Options Control Panel.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable Persistent Time Stamp*
+-   GP Friendly name: *Enable Persistent Time Stamp*
 -   GP name: *EE_EnablePersistentTimeStamp*
 -   GP path: *System*
 -   GP ADMX file name: *Reliability.admx*
@@ -119,32 +100,14 @@ ADMX Info:
 **ADMX_Reliability/PCH_ReportShutdownEvents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -159,27 +122,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.
+This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.
 
 If you enable this policy setting, error reporting includes unplanned shutdown events.
 
-If you disable this policy setting, unplanned shutdown events are not included in error reporting.
+If you disable this policy setting, unplanned shutdown events aren't included in error reporting.
 
-If you do not configure this policy setting, users can adjust this setting using the control panel, which is set to "Upload unplanned shutdown events" by default.
+If you don't configure this policy setting, users can adjust this setting using the control panel, which is set to "Upload unplanned shutdown events" by default.
 
 Also see the "Configure Error Reporting" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Report unplanned shutdown events*
+-   GP Friendly name: *Report unplanned shutdown events*
 -   GP name: *PCH_ReportShutdownEvents*
 -   GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
 -   GP ADMX file name: *Reliability.admx*
@@ -194,32 +152,14 @@ ADMX Info:
 **ADMX_Reliability/ShutdownEventTrackerStateFile**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -234,30 +174,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.
+This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.
 
-The system state data file contains information about the basic system state as well as the state of all running processes.
+The system state data file contains information about the basic system state and the state of all running processes.
 
 If you enable this policy setting, the System State Data feature is activated when the user indicates that the shutdown or restart is unplanned.
 
 If you disable this policy setting, the System State Data feature is never activated.
 
-If you do not configure this policy setting, the default behavior for the System State Data feature occurs.
+If you don't configure this policy setting, the default behavior for the System State Data feature occurs.
 
-> [!NOTE]
-> By default, the System State Data feature is always enabled on Windows Server 2003.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Activate Shutdown Event Tracker System State Data feature*
+-   GP Friendly name: *Activate Shutdown Event Tracker System State Data feature*
 -   GP name: *ShutdownEventTrackerStateFile*
 -   GP path: *System*
 -   GP ADMX file name: *Reliability.admx*
@@ -272,32 +205,14 @@ ADMX Info:
 **ADMX_Reliability/ShutdownReason**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -312,7 +227,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. The Shutdown Event Tracker can be displayed when you shut down a workstation or server.  This is an extra set of questions that is displayed when you invoke a shutdown to collect information related to why you are shutting down the computer.
+The Shutdown Event Tracker can be displayed when you shut down a workstation or server.  This tracker is an extra set of questions that is displayed when you invoke a shutdown to collect information related to why you're shutting down the computer.
 
 If you enable this setting and choose "Always" from the drop-down menu list, the Shutdown Event Tracker is displayed when the computer shuts down.
 
@@ -320,24 +235,19 @@ If you enable this policy setting and choose "Server Only" from the drop-down me
 
 If you enable this policy setting and choose "Workstation Only" from the drop-down menu list, the Shutdown Event Tracker is displayed when you shut down a computer running a client version of Windows. (See "Supported on" for supported versions.)
 
-If you disable this policy setting, the Shutdown Event Tracker is not displayed when you shut down the computer.
+If you disable this policy setting, the Shutdown Event Tracker isn't displayed when you shut down the computer.
 
-If you do not configure this policy setting, the default behavior for the Shutdown Event Tracker occurs.
+If you don't configure this policy setting, the default behavior for the Shutdown Event Tracker occurs.
 
 > [!NOTE]
 > By default, the Shutdown Event Tracker is only displayed on computers running Windows Server.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Display Shutdown Event Tracker*
+-   GP Friendly name: *Display Shutdown Event Tracker*
 -   GP name: *ShutdownReason*
 -   GP path: *System*
 -   GP ADMX file name: *Reliability.admx*
@@ -346,8 +256,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
index ee0e87ac83..31a892b671 100644
--- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/14/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_RemoteAssistance
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -37,32 +41,14 @@ manager: dansimp
 **ADMX_RemoteAssistance/RA_EncryptedTicketOnly**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -77,25 +63,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.
+This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting doesn't affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.
 
 If you enable this policy setting, only computers running this version (or later versions) of the operating system can connect to this computer.
 
 If you disable this policy setting, computers running this version and a previous version of the operating system can connect to this computer.
 
-If you do not configure this policy setting, users can configure the setting in System Properties in the Control Panel.
+If you don't configure this policy setting, users can configure the setting in System Properties in the Control Panel.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow only Windows Vista or later connections*
+-   GP Friendly name: *Allow only Windows Vista or later connections*
 -   GP name: *RA_EncryptedTicketOnly*
 -   GP path: *System\Remote Assistance*
 -   GP ADMX file name: *RemoteAssistance.admx*
@@ -108,32 +89,14 @@ ADMX Info:
 **ADMX_RemoteAssistance/RA_Optimize_Bandwidth**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -148,7 +111,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to improve performance in low bandwidth scenarios.
+This policy setting allows you to improve performance in low bandwidth scenarios.
 
 This setting is incrementally scaled from "No optimization" to "Full optimization".  Each incremental setting includes the previous optimization setting.
 
@@ -170,19 +133,14 @@ If you enable this policy setting, bandwidth optimization occurs at the level sp
 
 If you disable this policy setting, application-based settings are used.
 
-If you do not configure this policy setting, application-based settings are used.
+If you don't configure this policy setting, application-based settings are used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on bandwidth optimization*
+-   GP Friendly name: *Turn on bandwidth optimization*
 -   GP name: *RA_Optimize_Bandwidth*
 -   GP path: *System\Remote Assistance*
 -   GP ADMX file name: *RemoteAssistance.admx*
@@ -190,7 +148,6 @@ ADMX Info:
 
 
 
                  
-> [!NOTE]
-> These policies are for upcoming release.
+
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
index 05f6d8b135..7ce8e84d8f 100644
--- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/10/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_RemovableStorage
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -127,32 +131,14 @@ manager: dansimp
 **ADMX_RemovableStorage/AccessRights_RebootTime_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -167,7 +153,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.
+This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.
 
 If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.
 
@@ -177,16 +163,11 @@ If you disable or do not configure this setting, the operating system does not f
 > If no reboot is forced, the access right does not take effect until the operating system is restarted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set time (in seconds) to force reboot*
+-   GP Friendly name: *Set time (in seconds) to force reboot*
 -   GP name: *AccessRights_RebootTime_1*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -199,32 +180,14 @@ ADMX Info:
 **ADMX_RemovableStorage/AccessRights_RebootTime_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -239,7 +202,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.
+This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.
 
 If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.
 
@@ -249,16 +212,11 @@ If you disable or do not configure this setting, the operating system does not f
 > If no reboot is forced, the access right does not take effect until the operating system is restarted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set time (in seconds) to force reboot*
+-   GP Friendly name: *Set time (in seconds) to force reboot*
 -   GP name: *AccessRights_RebootTime_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -271,32 +229,14 @@ ADMX Info:
 **ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -311,23 +251,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies execute access to the CD and DVD removable storage class.
+This policy setting denies execute access to the CD and DVD removable storage class.
 
 If you enable this policy setting, execute access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *CD and DVD: Deny execute access*
+-   GP Friendly name: *CD and DVD: Deny execute access*
 -   GP name: *CDandDVD_DenyExecute_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -340,32 +275,14 @@ ADMX Info:
 **ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -380,22 +297,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the CD and DVD removable storage class.
+This policy setting denies read access to the CD and DVD removable storage class.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *CD and DVD: Deny read access*
+-   GP Friendly name: *CD and DVD: Deny read access*
 -   GP name: *CDandDVD_DenyRead_Access_1*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -408,32 +320,14 @@ ADMX Info:
 **ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -448,23 +342,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the CD and DVD removable storage class.
+This policy setting denies read access to the CD and DVD removable storage class.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *CD and DVD: Deny read access*
+-   GP Friendly name: *CD and DVD: Deny read access*
 -   GP name: *CDandDVD_DenyRead_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -477,32 +366,14 @@ ADMX Info:
 **ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -517,23 +388,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the CD and DVD removable storage class.
+This policy setting denies write access to the CD and DVD removable storage class.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *CD and DVD: Deny write access*
+-   GP Friendly name: *CD and DVD: Deny write access*
 -   GP name: *CDandDVD_DenyWrite_Access_1*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -546,32 +412,14 @@ ADMX Info:
 **ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -586,23 +434,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the CD and DVD removable storage class.
+This policy setting denies write access to the CD and DVD removable storage class.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *CD and DVD: Deny write access*
+-   GP Friendly name: *CD and DVD: Deny write access*
 -   GP name: *CDandDVD_DenyWrite_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -615,32 +458,14 @@ ADMX Info:
 **ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -655,23 +480,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to custom removable storage classes.
+This policy setting denies read access to custom removable storage classes.
 
 If you enable this policy setting, read access is denied to these removable storage classes.
 
 If you disable or do not configure this policy setting, read access is allowed to these removable storage classes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Custom Classes: Deny read access*
+-   GP Friendly name: *Custom Classes: Deny read access*
 -   GP name: *CustomClasses_DenyRead_Access_1*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -684,32 +504,14 @@ ADMX Info:
 **ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -724,23 +526,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to custom removable storage classes.
+This policy setting denies read access to custom removable storage classes.
 
 If you enable this policy setting, read access is denied to these removable storage classes.
 
 If you disable or do not configure this policy setting, read access is allowed to these removable storage classes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Custom Classes: Deny read access*
+-   GP Friendly name: *Custom Classes: Deny read access*
 -   GP name: *CustomClasses_DenyRead_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -753,32 +550,14 @@ ADMX Info:
 **ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -793,23 +572,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to custom removable storage classes.
+This policy setting denies write access to custom removable storage classes.
 
 If you enable this policy setting, write access is denied to these removable storage classes.
 
 If you disable or do not configure this policy setting, write access is allowed to these removable storage classes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Custom Classes: Deny write access*
+-   GP Friendly name: *Custom Classes: Deny write access*
 -   GP name: *CustomClasses_DenyWrite_Access_1*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -821,32 +595,14 @@ ADMX Info:
 **ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -861,23 +617,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to custom removable storage classes.
+This policy setting denies write access to custom removable storage classes.
 
 If you enable this policy setting, write access is denied to these removable storage classes.
 
 If you disable or do not configure this policy setting, write access is allowed to these removable storage classes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Custom Classes: Deny write access*
+-   GP Friendly name: *Custom Classes: Deny write access*
 -   GP name: *CustomClasses_DenyWrite_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -889,32 +640,14 @@ ADMX Info:
 **ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -929,23 +662,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies execute access to the Floppy Drives removable storage class, including USB Floppy Drives.
+This policy setting denies execute access to the Floppy Drives removable storage class, including USB Floppy Drives.
 
 If you enable this policy setting, execute access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Floppy Drives: Deny execute access*
+-   GP Friendly name: *Floppy Drives: Deny execute access*
 -   GP name: *FloppyDrives_DenyExecute_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -957,32 +685,14 @@ ADMX Info:
 **ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -997,23 +707,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.
+This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Floppy Drives: Deny read access*
+-   GP Friendly name: *Floppy Drives: Deny read access*
 -   GP name: *FloppyDrives_DenyRead_Access_1*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -1025,32 +730,14 @@ ADMX Info:
 **ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1065,23 +752,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.
+This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Floppy Drives: Deny read access*
+-   GP Friendly name: *Floppy Drives: Deny read access*
 -   GP name: *FloppyDrives_DenyRead_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -1093,32 +775,14 @@ ADMX Info:
 **ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1133,22 +797,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.
+This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Floppy Drives: Deny write access*
+-   GP Friendly name: *Floppy Drives: Deny write access*
 -   GP name: *FloppyDrives_DenyWrite_Access_1*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -1160,32 +819,14 @@ ADMX Info:
 **ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1200,23 +841,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.
+This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Floppy Drives: Deny write access*
+-   GP Friendly name: *Floppy Drives: Deny write access*
 -   GP name: *FloppyDrives_DenyWrite_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -1228,32 +864,14 @@ ADMX Info:
 **ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1268,22 +886,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies execute access to removable disks.
+This policy setting denies execute access to removable disks.
 
 If you enable this policy setting, execute access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Removable Disks: Deny execute access*
+-   GP Friendly name: *Removable Disks: Deny execute access*
 -   GP name: *RemovableDisks_DenyExecute_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -1295,32 +908,14 @@ ADMX Info:
 **ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1335,23 +930,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to removable disks.
+This policy setting denies read access to removable disks.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Removable Disks: Deny read access*
+-   GP Friendly name: *Removable Disks: Deny read access*
 -   GP name: *RemovableDisks_DenyRead_Access_1*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -1363,32 +953,14 @@ ADMX Info:
 **ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1403,22 +975,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to removable disks.
+This policy setting denies read access to removable disks.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Removable Disks: Deny read access*
+-   GP Friendly name: *Removable Disks: Deny read access*
 -   GP name: *RemovableDisks_DenyRead_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -1430,32 +997,14 @@ ADMX Info:
 **ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1470,7 +1019,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to removable disks.
+This policy setting denies write access to removable disks.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
@@ -1480,16 +1029,11 @@ If you disable or do not configure this policy setting, write access is allowed
 > To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives."
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Removable Disks: Deny write access*
+-   GP Friendly name: *Removable Disks: Deny write access*
 -   GP name: *RemovableDisks_DenyWrite_Access_1*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -1501,32 +1045,14 @@ ADMX Info:
 **ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1541,7 +1067,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Configure access to all removable storage classes.
+Configure access to all removable storage classes.
 
 This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.
 
@@ -1550,16 +1076,11 @@ If you enable this policy setting, no access is allowed to any removable storage
 If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *All Removable Storage classes: Deny all access*
+-   GP Friendly name: *All Removable Storage classes: Deny all access*
 -   GP name: *RemovableStorageClasses_DenyAll_Access_1*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -1571,32 +1092,14 @@ ADMX Info:
 **ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1611,7 +1114,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Configure access to all removable storage classes. 
+Configure access to all removable storage classes. 
 
 This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.
 
@@ -1620,16 +1123,11 @@ If you enable this policy setting, no access is allowed to any removable storage
 If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *All Removable Storage classes: Deny all access*
+-   GP Friendly name: *All Removable Storage classes: Deny all access*
 -   GP name: *RemovableStorageClasses_DenyAll_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -1641,32 +1139,14 @@ ADMX Info:
 **ADMX_RemovableStorage/Removable_Remote_Allow_Access**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1681,23 +1161,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting grants normal users direct access to removable storage devices in remote sessions.
+This policy setting grants normal users direct access to removable storage devices in remote sessions.
 
 If you enable this policy setting, remote users can open direct handles to removable storage devices in remote sessions.
 
 If you disable or do not configure this policy setting, remote users cannot open direct handles to removable storage devices in remote sessions.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *All Removable Storage: Allow direct access in remote sessions*
+-   GP Friendly name: *All Removable Storage: Allow direct access in remote sessions*
 -   GP name: *Removable_Remote_Allow_Access*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -1709,32 +1184,14 @@ ADMX Info:
 **ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1749,23 +1206,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies execute access to the Tape Drive removable storage class.
+This policy setting denies execute access to the Tape Drive removable storage class.
 
 If you enable this policy setting, execute access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Tape Drives: Deny execute access*
+-   GP Friendly name: *Tape Drives: Deny execute access*
 -   GP name: *TapeDrives_DenyExecute_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -1777,32 +1229,14 @@ ADMX Info:
 **ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1817,22 +1251,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the Tape Drive removable storage class.
+This policy setting denies read access to the Tape Drive removable storage class.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Tape Drives: Deny read access*
+-   GP Friendly name: *Tape Drives: Deny read access*
 -   GP name: *TapeDrives_DenyRead_Access_1*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -1844,32 +1273,14 @@ ADMX Info:
 **ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1884,23 +1295,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the Tape Drive removable storage class.
+This policy setting denies read access to the Tape Drive removable storage class.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Tape Drives: Deny read access*
+-   GP Friendly name: *Tape Drives: Deny read access*
 -   GP name: *TapeDrives_DenyRead_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -1912,32 +1318,14 @@ ADMX Info:
 **ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1952,22 +1340,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the Tape Drive removable storage class.
+This policy setting denies write access to the Tape Drive removable storage class.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Tape Drives: Deny write access*
+-   GP Friendly name: *Tape Drives: Deny write access*
 -   GP name: *TapeDrives_DenyWrite_Access_1*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -1979,32 +1362,14 @@ ADMX Info:
 **ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2019,23 +1384,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the Tape Drive removable storage class.
+This policy setting denies write access to the Tape Drive removable storage class.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Tape Drives: Deny write access*
+-   GP Friendly name: *Tape Drives: Deny write access*
 -   GP name: *TapeDrives_DenyWrite_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -2047,32 +1407,14 @@ ADMX Info:
 **ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2087,23 +1429,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
+This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *WPD Devices: Deny read access*
+-   GP Friendly name: *WPD Devices: Deny read access*
 -   GP name: *WPDDevices_DenyRead_Access_1*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -2115,32 +1452,14 @@ ADMX Info:
 **ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2155,22 +1474,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
+This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *WPD Devices: Deny read access*
+-   GP Friendly name: *WPD Devices: Deny read access*
 -   GP name: *WPDDevices_DenyRead_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -2182,32 +1496,14 @@ ADMX Info:
 **ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2222,23 +1518,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
+This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *WPD Devices: Deny write access*
+-   GP Friendly name: *WPD Devices: Deny write access*
 -   GP name: *WPDDevices_DenyWrite_Access_1*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -2250,32 +1541,14 @@ ADMX Info:
 **ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2290,23 +1563,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
+This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *WPD Devices: Deny write access*
+-   GP Friendly name: *WPD Devices: Deny write access*
 -   GP name: *WPDDevices_DenyWrite_Access_2*
 -   GP path: *System\Removable Storage Access*
 -   GP ADMX file name: *RemovableStorage.admx*
@@ -2314,7 +1582,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md
index 053d6fda1d..24ee32b891 100644
--- a/windows/client-management/mdm/policy-csp-admx-rpc.md
+++ b/windows/client-management/mdm/policy-csp-admx-rpc.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/08/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_RPC
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -43,32 +47,14 @@ manager: dansimp
 **ADMX_RPC/RpcExtendedErrorInformation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -83,13 +69,13 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the RPC runtime generates extended error information when an error occurs.
+This policy setting controls whether the RPC runtime generates extended error information when an error occurs.
 
 Extended error information includes the local time that the error occurred, the RPC version, and the name of the computer on which the error occurred, or from which it was propagated. Programs can retrieve the extended error information by using standard Windows application programming interfaces (APIs).
 
 If you disable this policy setting, the RPC Runtime only generates a status code to indicate an error condition.
 
-If you do not configure this policy setting, it remains disabled.  It will only generate a status code to indicate an error condition.
+If you don't configure this policy setting, it remains disabled.  It will only generate a status code to indicate an error condition.
 
 If you enable this policy setting, the RPC runtime will generate extended error information.
 
@@ -110,16 +96,10 @@ You must select an error response type in the drop-down box.
 > This policy setting will not be applied until the system is rebooted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Propagate extended error information*
+-   GP Friendly name: *Propagate extended error information*
 -   GP name: *RpcExtendedErrorInformation*
 -   GP path: *System\Remote Procedure Call*
 -   GP ADMX file name: *RPC.admx*
@@ -132,32 +112,14 @@ ADMX Info:
 **ADMX_RPC/RpcIgnoreDelegationFailure**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -172,34 +134,29 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the RPC Runtime ignores delegation failures when delegation is requested.
+This policy setting controls whether the RPC Runtime ignores delegation failures when delegation is requested.
 
-The constrained delegation model, introduced in Windows Server 2003, does not report that delegation was enabled on a security context when a client connects to a server. Callers of RPC and COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation.
+The constrained delegation model, introduced in Windows Server 2003, doesn't report that delegation was enabled on a security context when a client connects to a server. Callers of RPC and COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation.
 
 If you disable this policy setting, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation. 
 
-If you do not configure this policy setting, it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation.
+If you don't configure this policy setting, it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation.
 
 If you enable this policy setting, then:
 
-- "Off" directs the RPC Runtime to generate RPC_S_SEC_PKG_ERROR if the client asks for delegation, but the created security context does not support delegation.
+- "Off" directs the RPC Runtime to generate RPC_S_SEC_PKG_ERROR if the client asks for delegation, but the created security context doesn't support delegation.
 
-- "On" directs the RPC Runtime to accept security contexts that do not support delegation even if delegation was asked for.
+- "On" directs the RPC Runtime to accept security contexts that don't support delegation even if delegation was asked for.
 
 > [!NOTE]
 > This policy setting will not be applied until the system is rebooted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Ignore Delegation Failure*
+-   GP Friendly name: *Ignore Delegation Failure*
 -   GP name: *RpcIgnoreDelegationFailure*
 -   GP path: *System\Remote Procedure Call*
 -   GP ADMX file name: *RPC.admx*
@@ -213,32 +170,14 @@ ADMX Info:
 **ADMX_RPC/RpcMinimumHttpConnectionTimeout**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -253,7 +192,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the idle connection timeout for RPC/HTTP connections.  
+This policy setting controls the idle connection timeout for RPC/HTTP connections.  
 
 This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases, RPC/HTTP clients may encounter errors because connections will be timed out faster than expected. Using this policy setting you can force the RPC Runtime and the RPC/HTTP Proxy to use a lower connection timeout.
 
@@ -263,7 +202,7 @@ The minimum allowed value for this policy setting is 90 seconds. The maximum is
 
 If you disable this policy setting, the idle connection timeout on the IIS server running the RPC HTTP proxy will be used.
 
-If you do not configure this policy setting, it will remain disabled.  The idle connection timeout on the IIS server running the RPC HTTP proxy will be used.
+If you don't configure this policy setting, it will remain disabled.  The idle connection timeout on the IIS server running the RPC HTTP proxy will be used.
 
 If you enable this policy setting, and the IIS server running the RPC HTTP proxy is configured with a lower idle connection timeout, the timeout on the IIS server is used. Otherwise, the provided timeout value is used. The timeout is given in seconds.
 
@@ -271,16 +210,11 @@ If you enable this policy setting, and the IIS server running the RPC HTTP proxy
 > This policy setting will not be applied until the system is rebooted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set Minimum Idle Connection Timeout for RPC/HTTP connections*
+-   GP Friendly name: *Set Minimum Idle Connection Timeout for RPC/HTTP connections*
 -   GP name: *RpcMinimumHttpConnectionTimeout*
 -   GP path: *System\Remote Procedure Call*
 -   GP ADMX file name: *RPC.admx*
@@ -293,32 +227,14 @@ ADMX Info:
 **ADMX_RPC/RpcStateInformation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -333,15 +249,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the RPC Runtime maintains RPC state information for the system, and how much information it maintains. Basic state information, which consists only of the most commonly needed state data, is required for troubleshooting RPC problems.
+This policy setting determines whether the RPC Runtime maintains RPC state information for the system, and how much information it maintains. Basic state information, which consists only of the most commonly needed state data, is required for troubleshooting RPC problems.
 
 If you disable this policy setting, the RPC runtime defaults to "Auto2" level.
 
-If you do not configure this policy setting, the RPC  defaults to "Auto2" level. 
+If you don't configure this policy setting, the RPC  defaults to "Auto2" level. 
 
 If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information.
 
-- "None" indicates that the system does not maintain any RPC state information. Note: Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory, this setting is not recommended for most installations.
+- "None" indicates that the system doesn't maintain any RPC state information. Note: Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory, this setting isn't recommended for most installations.
 
 - "Auto1" directs RPC to maintain basic state information only if the computer has at least 64 MB of memory.
 
@@ -349,7 +265,7 @@ If you enable this policy setting, you can use the drop-down box to determine wh
 
 - "Server" directs RPC to maintain basic state information on the computer, regardless of its capacity.
 
-- "Full" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this level can degrade performance, it is recommended for use only while you are investigating an RPC problem.
+- "Full" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this level can degrade performance, it's recommended for use only while you're investigating an RPC problem.
 
 > [!NOTE]
 > To retrieve the RPC state information from a system that maintains it, you must use a debugging tool.
@@ -357,16 +273,10 @@ If you enable this policy setting, you can use the drop-down box to determine wh
 > This policy setting will not be applied until the system is rebooted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Maintain RPC Troubleshooting State Information*
+-   GP Friendly name: *Maintain RPC Troubleshooting State Information*
 -   GP name: *RpcStateInformation*
 -   GP path: *System\Remote Procedure Call*
 -   GP ADMX file name: *RPC.admx*
@@ -375,8 +285,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md
index 8019979d43..46d2eeb48e 100644
--- a/windows/client-management/mdm/policy-csp-admx-scripts.md
+++ b/windows/client-management/mdm/policy-csp-admx-scripts.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/17/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Scripts
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -67,32 +71,14 @@ manager: dansimp
 **ADMX_Scripts/Allow_Logon_Script_NetbiosDisabled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -107,23 +93,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes are not configured, and NetBIOS or WINS is disabled. This policy setting affects all user accounts interactively logging on to the computer.
+This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes aren't configured, and NetBIOS or WINS is disabled. This policy setting affects all user accounts interactively logging on to the computer.
 
 If you enable this policy setting, user logon scripts run if NetBIOS or WINS is disabled during cross-forest logons without the DNS suffixes being configured.
 
-If you disable or do not configure this policy setting, user account cross-forest, interactive logging cannot run logon scripts if NetBIOS or WINS is disabled, and the DNS suffixes are not configured.
+If you disable or don't configure this policy setting, user account cross-forest, interactive logging can't run logon scripts if NetBIOS or WINS is disabled, and the DNS suffixes aren't configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow logon scripts when NetBIOS or WINS is disabled*
+-   GP Friendly name: *Allow logon scripts when NetBIOS or WINS is disabled*
 -   GP name: *Allow_Logon_Script_NetbiosDisabled*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
@@ -136,32 +117,14 @@ ADMX Info:
 **ADMX_Scripts/MaxGPOScriptWaitPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -176,29 +139,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long the system waits for scripts applied by Group Policy to run. 
+This policy setting determines how long the system waits for scripts applied by Group Policy to run. 
 
-This setting limits the total time allowed for all logon, logoff, startup, and shutdown scripts applied by Group Policy to finish running. If the scripts have not finished running when the specified time expires, the system stops script processing and records an error event.
+This setting limits the total time allowed for all logon, logoff, startup, and shutdown scripts applied by Group Policy to finish running. If the scripts haven't finished running when the specified time expires, the system stops script processing and records an error event.
 
 If you enable this setting, then, in the Seconds box, you can type a number from 1 to 32,000 for the number of seconds you want the system to wait for the set of scripts to finish. To direct the system to wait until the scripts have finished, no matter how long they take, type 0. 
 
-This interval is particularly important when other system tasks must wait while the scripts complete. By default, each startup script must complete before the next one runs. Also, you can use the "Run logon scripts synchronously" setting to direct the system to wait for the logon scripts to complete before loading the desktop. 
+This interval is important when other system tasks must wait while the scripts complete. By default, each startup script must complete before the next one runs. Also, you can use the "Run logon scripts synchronously" setting to direct the system to wait for the logon scripts to complete before loading the desktop. 
 
 An excessively long interval can delay the system and inconvenience users. However, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely.
 
-If you disable or do not configure this setting the system lets the combined set of scripts run for up to 600 seconds (10 minutes). This is the default.
+If you disable or don't configure this setting, the system lets the combined set of scripts run for up to 600 seconds (10 minutes). This value is the default value.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify maximum wait time for Group Policy scripts*
+-   GP Friendly name: *Specify maximum wait time for Group Policy scripts*
 -   GP name: *MaxGPOScriptWaitPolicy*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
@@ -211,32 +169,14 @@ ADMX Info:
 **ADMX_Scripts/Run_Computer_PS_Scripts_First**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -251,7 +191,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. 
+This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. 
  
 If you enable this policy setting, within each applicable Group Policy Object (GPO), Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. 
 
@@ -281,16 +221,11 @@ Within GPO C: C.cmd, C.ps1
 > - Computer Configuration\Policies\Windows Settings\Scripts (Startup/Shutdown)\Shutdown
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Run Windows PowerShell scripts first at computer startup, shutdown*
+-   GP Friendly name: *Run Windows PowerShell scripts first at computer startup, shutdown*
 -   GP name: *Run_Computer_PS_Scripts_First*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
@@ -303,32 +238,14 @@ ADMX Info:
 **ADMX_Scripts/Run_Legacy_Logon_Script_Hidden**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -343,27 +260,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. 
+This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. 
 
-Logon scripts are batch files of instructions that run when the user logs on. By default, Windows 2000 displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command window as they run, although it does not display logon scripts written for Windows 2000.
+Logon scripts are batch files of instructions that run when the user logs on. By default, Windows displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command window as they run, although it doesn't display logon scripts written for Windows.
 
-If you enable this setting, Windows 2000 does not display logon scripts written for Windows NT 4.0 and earlier.
+If you enable this setting, Windows doesn't display logon scripts written for Windows NT 4.0 and earlier.
 
-If you disable or do not configure this policy setting, Windows 2000 displays login scripts written for Windows NT 4.0 and earlier.
+If you disable or don't configure this policy setting, Windows displays login scripts written for Windows NT 4.0 and earlier.
 
 Also, see the "Run Logon Scripts Visible" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Run legacy logon scripts hidden*
+-   GP Friendly name: *Run legacy logon scripts hidden*
 -   GP name: *Run_Legacy_Logon_Script_Hidden*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
@@ -376,32 +288,14 @@ ADMX Info:
 **ADMX_Scripts/Run_Logoff_Script_Visible**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -416,25 +310,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in logoff scripts as they run.
+This policy setting displays the instructions in logoff scripts as they run.
 
-Logoff scripts are batch files of instructions that run when the user logs off. By default, the system does not display the instructions in the logoff script.
+Logoff scripts are batch files of instructions that run when the user signs out. By default, the system doesn't display the instructions in the logoff script.
 
 If you enable this policy setting, the system displays each instruction in the logoff script as it runs. The instructions appear in a command window. This policy setting is designed for advanced users.
 
-If you disable or do not configure this policy setting, the instructions are suppressed.
+If you disable or don't configure this policy setting, the instructions are suppressed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Display instructions in logoff scripts as they run*
+-   GP Friendly name: *Display instructions in logoff scripts as they run*
 -   GP name: *Run_Logoff_Script_Visible*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
@@ -447,32 +336,14 @@ ADMX Info:
 **ADMX_Scripts/Run_Logon_Script_Sync_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -487,25 +358,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.
+This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.
 
-If you enable this policy setting, File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.
+If you enable this policy setting, File Explorer doesn't start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.
 
-If you disable or do not configure this policy setting, the logon scripts and File Explorer are not synchronized and can run simultaneously.
+If you disable or don't configure this policy setting, the logon scripts and File Explorer aren't synchronized and can run simultaneously.
 
 This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Run logon scripts synchronously*
+-   GP Friendly name: *Run logon scripts synchronously*
 -   GP name: *Run_Logon_Script_Sync_1*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
@@ -518,32 +384,14 @@ ADMX Info:
 **ADMX_Scripts/Run_Logon_Script_Sync_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -558,25 +406,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.
+This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.
 
-If you enable this policy setting, File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.
+If you enable this policy setting, File Explorer doesn't start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.
 
-If you disable or do not configure this policy setting, the logon scripts and File Explorer are not synchronized and can run simultaneously.
+If you disable or don't configure this policy setting, the logon scripts and File Explorer aren't synchronized and can run simultaneously.
 
 This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Run logon scripts synchronously*
+-   GP Friendly name: *Run logon scripts synchronously*
 -   GP name: *Run_Logon_Script_Sync_2*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
@@ -589,32 +432,14 @@ ADMX Info:
 **ADMX_Scripts/Run_Logon_Script_Visible**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -629,25 +454,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in logon scripts as they run.
+This policy setting displays the instructions in logon scripts as they run.
 
-Logon scripts are batch files of instructions that run when the user logs on. By default, the system does not display the instructions in logon scripts.
+Logon scripts are batch files of instructions that run when the user logs on. By default, the system doesn't display the instructions in logon scripts.
 
 If you enable this policy setting, the system displays each instruction in the logon script as it runs. The instructions appear in a command window. This policy setting is designed for advanced users.
 
-If you disable or do not configure this policy setting, the instructions are suppressed.
+If you disable or don't configure this policy setting, the instructions are suppressed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Display instructions in logon scripts as they run*
+-   GP Friendly name: *Display instructions in logon scripts as they run*
 -   GP name: *Run_Logon_Script_Visible*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
@@ -660,32 +480,14 @@ ADMX Info:
 **ADMX_Scripts/Run_Shutdown_Script_Visible**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -700,25 +502,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in shutdown scripts as they run.
+This policy setting displays the instructions in shutdown scripts as they run.
 
-Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default, the system does not display the instructions in the shutdown script.
+Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default, the system doesn't display the instructions in the shutdown script.
 
 If you enable this policy setting, the system displays each instruction in the shutdown script as it runs. The instructions appear in a command window.
 
-If you disable or do not configure this policy setting, the instructions are suppressed.
+If you disable or don't configure this policy setting, the instructions are suppressed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Display instructions in shutdown scripts as they run*
+-   GP Friendly name: *Display instructions in shutdown scripts as they run*
 -   GP name: *Run_Shutdown_Script_Visible*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
@@ -731,32 +528,14 @@ ADMX Info:
 **ADMX_Scripts/Run_Startup_Script_Sync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -771,28 +550,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets the system run startup scripts simultaneously.
+This policy setting lets the system run startup scripts simultaneously.
 
 Startup scripts are batch files that run before the user is invited to log on. By default, the system waits for each startup script to complete before it runs the next startup script.
 
-If you enable this policy setting, the system does not coordinate the running of startup scripts. As a result, startup scripts can run simultaneously.
+If you enable this policy setting, the system doesn't coordinate the running of startup scripts. As a result, startup scripts can run simultaneously.
 
-If you disable or do not configure this policy setting, a startup cannot run until the previous script is complete.
+If you disable or don't configure this policy setting, a startup can't run until the previous script is complete.
 
 > [!NOTE]
 > Starting with Windows Vista operating system, scripts that are configured to run asynchronously are no longer visible on startup, whether the "Run startup scripts visible" policy setting is enabled or not.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Run startup scripts asynchronously*
+-   GP Friendly name: *Run startup scripts asynchronously*
 -   GP name: *Run_Startup_Script_Sync*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
@@ -805,32 +579,14 @@ ADMX Info:
 **ADMX_Scripts/Run_Startup_Script_Visible**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -845,28 +601,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in startup scripts as they run.
+This policy setting displays the instructions in startup scripts as they run.
 
-Startup scripts are batch files of instructions that run before the user is invited to log on. By default, the system does not display the instructions in the startup script.
+Startup scripts are batch files of instructions that run before the user is invited to sign in. By default, the system doesn't display the instructions in the startup script.
 
 If you enable this policy setting, the system displays each instruction in the startup script as it runs. Instructions appear in a command window. This policy setting is designed for advanced users.
 
-If you disable or do not configure this policy setting, the instructions are suppressed.
+If you disable or don't configure this policy setting, the instructions are suppressed.
 
 > [!NOTE]
 > Starting with Windows Vista operating system, scripts that are configured to run asynchronously are no longer visible on startup, whether this policy setting is enabled or not.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Display instructions in startup scripts as they run*
+-   GP Friendly name: *Display instructions in startup scripts as they run*
 -   GP name: *Run_Startup_Script_Visible*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
@@ -879,32 +630,14 @@ ADMX Info:
 **ADMX_Scripts/Run_User_PS_Scripts_First**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -920,9 +653,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user logon and logoff. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. 
+This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user sign in and sign out. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. 
  
-If you enable this policy setting, within each applicable Group Policy Object (GPO), PowerShell scripts are run before non-PowerShell scripts during user logon and logoff. 
+If you enable this policy setting, within each applicable Group Policy Object (GPO), PowerShell scripts are run before non-PowerShell scripts during user sign in and sign out. 
 
 For example, assume the following scenario: 
 
@@ -952,16 +685,11 @@ Within GPO C: C.cmd, C.ps1
 This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Configuration takes precedence over the setting set in User Configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Run Windows PowerShell scripts first at user logon, logoff*
+-   GP Friendly name: *Run Windows PowerShell scripts first at user logon, logoff*
 -   GP name: *Run_User_PS_Scripts_First*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
@@ -970,8 +698,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
index cf6bf9fdf7..5b902e0ec5 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/18/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_sdiageng
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -40,32 +44,14 @@ manager: dansimp
 **ADMX_sdiageng/BetterWhenConnected**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -80,23 +66,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?"
+This policy setting allows Internet-connected users to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?"
 
 If you enable or do not configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface.
 
 If you disable this policy setting, users can only access and search troubleshooting content that is available locally on their computers, even if they are connected to the Internet. They are prevented from connecting to the Microsoft servers that host the Windows Online Troubleshooting Service.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)*
+-   GP Friendly name: *Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)*
 -   GP name: *BetterWhenConnected*
 -   GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
 -   GP ADMX file name: *sdiageng.admx*
@@ -109,32 +90,14 @@ ADMX Info:
 **ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -149,25 +112,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.
+This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.
 
 If you enable or do not configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel.
 
-If you disable this policy setting, users cannot access or run the troubleshooting tools from the Control Panel.
+If this policy setting is disabled, the users cannot access or run the troubleshooting tools from the Control Panel.
 
-Note that this setting also controls a user's ability to launch standalone troubleshooting packs such as those found in .diagcab files.
+>[!Note]
+>This setting also controls a user's ability to launch standalone troubleshooting packs such as those found in .diagcab files.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Troubleshooting: Allow users to access and run Troubleshooting Wizards*
+-   GP Friendly name: *Troubleshooting: Allow users to access and run Troubleshooting Wizards*
 -   GP name: *ScriptedDiagnosticsExecutionPolicy*
 -   GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
 -   GP ADMX file name: *sdiageng.admx*
@@ -180,32 +139,14 @@ ADMX Info:
 **ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -220,23 +161,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.
+This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.
 
 If you enable this policy setting, the scripted diagnostics execution engine validates the signer of any diagnostic package and runs only those signed by trusted publishers.
 
 If you disable or do not configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Security Policy for Scripted Diagnostics*
+-   GP Friendly name: *Configure Security Policy for Scripted Diagnostics*
 -   GP name: *ScriptedDiagnosticsSecurityPolicy*
 -   GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
 -   GP ADMX file name: *sdiageng.admx*
@@ -245,7 +181,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
new file mode 100644
index 0000000000..31c0354809
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
@@ -0,0 +1,90 @@
+---
+title: Policy CSP - ADMX_sdiagschd
+description: Policy CSP - ADMX_sdiagschd
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 09/17/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_sdiagschd
+
+
                  
+
+
+## ADMX_sdiagschd policies  
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+  
                  
+    ADMX_sdiagschd/ScheduledDiagnosticsExecutionPolicy
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_sdiagschd/ScheduledDiagnosticsExecutionPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy determines whether scheduled diagnostics will run to proactively detect and resolve system problems.  
+
+- If you enable this policy setting, you must choose an execution level. 
+
+If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution. 
+If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input. 
+
+- If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve problems on a scheduled basis. 
+
+If you don't configure this policy setting, local troubleshooting preferences will take precedence, as configured in the control panel. If no local troubleshooting preference is configured, scheduled diagnostics are enabled for detection, troubleshooting and resolution by default. No reboots or service restarts are required for this policy to take effect: changes take effect immediately. This policy setting will only take effect when the Task Scheduler service is in the running state. When the service is stopped or disabled, scheduled diagnostics won't be executed.  The Task Scheduler service can be configured with the Services snap-in to the Microsoft Management Console.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure Scheduled Maintenance Behavior*
+-   GP name: *ScheduledDiagnosticsExecutionPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Scheduled Maintenance*
+-   GP ADMX file name: *sdiagschd.admx*
+
+
+
+
                  
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
index 4e97164a9e..92746a10df 100644
--- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/18/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Securitycenter
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -34,32 +38,14 @@ manager: dansimp
 **ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,35 +60,23 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center is not enabled on the domain, neither the notifications nor the Security Center status section are displayed. 
+This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center isn't enabled on the domain, the notifications and the Security Center status section aren't displayed. 
 
-Note that Security Center can only be turned off for computers that are joined to a Windows domain. When a computer is not joined to a Windows domain, the policy setting will have no effect.
+Security Center can only be turned off for computers that are joined to a Windows domain. When a computer isn't joined to a Windows domain, the policy setting will have no effect.
 
-If you do not configure this policy setting, the Security Center is turned off for domain members. 
+If you don't configure this policy setting, the Security Center is turned off for domain members. 
 
 If you enable this policy setting, Security Center is turned on for all users. 
 
 If you disable this policy setting, Security Center is turned off for domain members.
 
-**Windows XP SP2**
-
-In Windows XP SP2, the essential security settings that are monitored by Security Center include firewall, antivirus, and Automatic Updates.  Note that Security Center might not be available following a change to this policy setting until after the computer is restarted for Windows XP SP2 computers. 
-
-**Windows Vista**
-
-In Windows Vista, this policy setting monitors essential security settings to include firewall, antivirus, antispyware, Internet security settings, User Account Control, and Automatic Updates. Windows Vista computers do not require a reboot for this policy setting to take effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on Security Center (Domain PCs only)*
+-   GP Friendly name: *Turn on Security Center (Domain PCs only)*
 -   GP name: *SecurityCenter_SecurityCenterInDomain*
 -   GP path: *Windows Components\Security Center*
 -   GP ADMX file name: *Securitycenter.admx*
@@ -111,8 +85,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md
index aa5c26fd6f..560b651c17 100644
--- a/windows/client-management/mdm/policy-csp-admx-sensors.md
+++ b/windows/client-management/mdm/policy-csp-admx-sensors.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/22/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Sensors
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -46,32 +50,14 @@ manager: dansimp
 **ADMX_Sensors/DisableLocationScripting_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -86,23 +72,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off scripting for the location feature.
+This policy setting turns off scripting for the location feature.
 
 If you enable this policy setting, scripts for the location feature will not run.
 
 If you disable or do not configure this policy setting, all location scripts will run.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off location scripting*
+-   GP Friendly name: *Turn off location scripting*
 -   GP name: *DisableLocationScripting_1*
 -   GP path: *Windows Components\Location and Sensors*
 -   GP ADMX file name: *Sensors.admx*
@@ -115,32 +96,14 @@ ADMX Info:
 **ADMX_Sensors/DisableLocationScripting_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -155,23 +118,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off scripting for the location feature.
+This policy setting turns off scripting for the location feature.
 
 If you enable this policy setting, scripts for the location feature will not run.
 
 If you disable or do not configure this policy setting, all location scripts will run.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off location scripting*
+-   GP Friendly name: *Turn off location scripting*
 -   GP name: *DisableLocationScripting_2*
 -   GP path: *Windows Components\Location and Sensors*
 -   GP ADMX file name: *Sensors.admx*
@@ -184,32 +142,14 @@ ADMX Info:
 **ADMX_Sensors/DisableLocation_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -224,23 +164,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the location feature for this computer.
+This policy setting turns off the location feature for this computer.
 
 If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature.
 
 If you disable or do not configure this policy setting, all programs on this computer will not be prevented from using location information from the location feature.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off location*
+-   GP Friendly name: *Turn off location*
 -   GP name: *DisableLocation_1*
 -   GP path: *Windows Components\Location and Sensors*
 -   GP ADMX file name: *Sensors.admx*
@@ -253,32 +188,14 @@ ADMX Info:
 **ADMX_Sensors/DisableSensors_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -293,23 +210,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the sensor feature for this computer.
+This policy setting turns off the sensor feature for this computer.
 
 If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
 
 If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off sensors*
+-   GP Friendly name: *Turn off sensors*
 -   GP name: *DisableSensors_1*
 -   GP path: *Windows Components\Location and Sensors*
 -   GP ADMX file name: *Sensors.admx*
@@ -322,32 +234,14 @@ ADMX Info:
 **ADMX_Sensors/DisableSensors_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -362,23 +256,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the sensor feature for this computer.
+This policy setting turns off the sensor feature for this computer.
 
 If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
 
 If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off sensors*
+-   GP Friendly name: *Turn off sensors*
 -   GP name: *DisableSensors_2*
 -   GP path: *Windows Components\Location and Sensors*
 -   GP ADMX file name: *Sensors.admx*
@@ -387,7 +276,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md
new file mode 100644
index 0000000000..8bb98497e4
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md
@@ -0,0 +1,245 @@
+---
+title: Policy CSP - ADMX_ServerManager
+description: Policy CSP - ADMX_ServerManager
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 09/18/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_ServerManager
+
+
                  
+
+
+## ADMX_ServerManager policies  
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+  
                  
+    ADMX_ServerManager/Do_not_display_Manage_Your_Server_page
+  
                  
+  
                  
+    ADMX_ServerManager/ServerManagerAutoRefreshRate
+  
                  
+  
                  
+    ADMX_ServerManager/DoNotLaunchInitialConfigurationTasks
+  
                  
+  
                  
+    ADMX_ServerManager/DoNotLaunchServerManager
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_ServerManager/Do_not_display_Manage_Your_Server_page**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to turn off the automatic display of Server Manager at a sign in.  
+
+- If you enable this policy setting, Server Manager isn't displayed automatically when a user signs in to the server.  
+
+- If you disable this policy setting, Server Manager is displayed automatically when a user signs in to the server.  
+
+If you don't configure this policy setting, Server Manager is displayed when a user signs in to the server. However, if the "Do not show me this console at logon" (Windows Server 2008 and Windows Server 2008 R2) or “Do not start Server Manager automatically at logon” (Windows Server 2012) option is selected, the console isn't displayed automatically at a sign in.  
+
+> [!NOTE]
+> Regardless of the status of this policy setting, Server Manager is available from the Start menu or the Windows taskbar.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not display Server Manager automatically at logon*
+-   GP name: *Do_not_display_Manage_Your_Server_page*
+-   GP path: *System\Server Manager*
+-   GP ADMX file name: *ServerManager.admx*
+
+
+
+
                  
+
+
+
+**ADMX_ServerManager/ServerManagerAutoRefreshRate**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to set the refresh interval for Server Manager. Each refresh provides Server Manager with updated information about which roles and features are installed on servers that you're managing by using Server Manager. Server Manager also monitors the status of roles and features installed on managed servers.  
+
+- If you enable this policy setting, Server Manager uses the refresh interval specified in the policy setting instead of the “Configure Refresh Interval” setting (in Windows Server 2008 and Windows Server 2008 R2), or the “Refresh the data shown in Server Manager every [x] [minutes/hours/days]” setting (in Windows Server 2012) that is configured in the Server Manager console.  
+
+- If you disable this policy setting, Server Manager doesn't refresh automatically. If you don't configure this policy setting, Server Manager uses the refresh interval settings that are specified in the Server Manager console.  
+
+> [!NOTE]
+> The default refresh interval for Server Manager is two minutes in Windows Server 2008 and Windows Server 2008 R2, or 10 minutes in Windows Server 2012.
+
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure the refresh interval for Server Manager*
+-   GP name: *ServerManagerAutoRefreshRate*
+-   GP path: *System\Server Manager*
+-   GP ADMX file name: *ServerManager.admx*
+
+
+
+
                  
+
+
+**ADMX_ServerManager/DoNotLaunchInitialConfigurationTasks**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at a sign in on Windows Server 2008 and Windows Server 2008 R2.  
+
+- If you enable this policy setting, the Initial Configuration Tasks window isn't displayed when an administrator signs in to the server.  
+
+- If you disable this policy setting, the Initial Configuration Tasks window is displayed when an administrator signs in to the server.
+
+If you don't configure this policy setting, the Initial Configuration Tasks window is displayed when an administrator signs in to the server. However, if an administrator selects the "Do not show this window at logon" option, the window isn't displayed on subsequent logons.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not display Initial Configuration Tasks window automatically at logon*
+-   GP name: *DoNotLaunchInitialConfigurationTasks*
+-   GP path: *System\Server Manager*
+-   GP ADMX file name: *ServerManager.admx*
+
+
+
+
                  
+
+
+**ADMX_ServerManager/DoNotLaunchServerManager**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to turn off the automatic display of the Manage Your Server page.  
+
+- If you enable this policy setting, the Manage Your Server page isn't displayed each time an administrator signs in to the server.  
+
+- If you disable or don't configure this policy setting, the Manage Your Server page is displayed each time an administrator signs in to the server. 
+
+However, if the administrator has selected the "Don’t display this page at logon" option at the bottom of the Manage Your Server page, the page isn't displayed.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not display Manage Your Server page at logon*
+-   GP name: *DoNotLaunchServerManager*
+-   GP path: *System\Server Manager*
+-   GP ADMX file name: *ServerManager.admx*
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md
index 6b62a42e86..a995b45573 100644
--- a/windows/client-management/mdm/policy-csp-admx-servicing.md
+++ b/windows/client-management/mdm/policy-csp-admx-servicing.md
@@ -6,15 +6,14 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/18/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Servicing
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
 
 
                  
 
@@ -34,32 +33,14 @@ manager: dansimp
 **ADMX_Servicing/Servicing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,25 +55,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed.
+This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed.
 
-If you enable this policy setting and specify the new location, the files in that location will be used to repair operating system corruption and for enabling optional features that have had their payload files removed. You must enter the fully qualified path to the new location in the ""Alternate source file path"" text box. Multiple locations can be specified when each path is separated by a semicolon. 
+If you enable this policy setting and specify the new location, the files in that location will be used to repair operating system corruption and for enabling optional features that have had their payload files removed. You must enter the fully qualified path to the new location in the "Alternate source file path" text box. Multiple locations can be specified when each path is separated by a semicolon. 
 
-The network location can be either a folder, or a WIM file. If it is a WIM file, the location should be specified by prefixing the path with “wim:” and include the index of the image to use in the WIM file. For example “wim:\\server\share\install.wim:3”.
+The network location can be either a folder, or a WIM file. If it's a WIM file, the location should be specified by prefixing the path with “wim:” and include the index of the image to use in the WIM file, for example, “wim:\\server\share\install.wim:3”.
 
-If you disable or do not configure this policy setting, or if the required files cannot be found at the locations specified in this policy setting, the files will be downloaded from Windows Update, if that is allowed by the policy settings for the computer.
+If you disable or don't configure this policy setting, or if the required files can't be found at the locations specified in this policy setting, the files will be downloaded from Windows Update, if that is allowed by the policy settings for the computer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify settings for optional component installation and component repair*
+-   GP Friendly name: *Specify settings for optional component installation and component repair*
 -   GP name: *Servicing*
 -   GP path: *System*
 -   GP ADMX file name: *Servicing.admx*
@@ -101,8 +77,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md
index b79d238174..9d61845ecc 100644
--- a/windows/client-management/mdm/policy-csp-admx-settingsync.md
+++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/01/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_SettingSync
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -58,32 +62,14 @@ manager: dansimp
 **ADMX_SettingSync/DisableAppSyncSettingSync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -98,25 +84,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevent the "AppSync" group from syncing to and from this PC. This turns off and disables the "AppSync" group on the "sync your settings" page in PC settings.
+Prevent the "AppSync" group from syncing to and from this PC. This option turns off and disables the "AppSync" group on the "sync your settings" page in PC settings.
 
-If you enable this policy setting, the "AppSync" group will not be synced.
+If you enable this policy setting, the "AppSync" group won't be synced.
 
 Use the option "Allow users to turn app syncing on" so that syncing it turned off by default but not disabled.
 
-If you do not set or disable this setting, syncing of the "AppSync" group is on by default and configurable by the user.
+If you don't set or disable this setting, syncing of the "AppSync" group is on by default and configurable by the user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not sync Apps*
+-   GP Friendly name: *Do not sync Apps*
 -   GP name: *DisableAppSyncSettingSync*
 -   GP path: *Windows Components\Sync your settings*
 -   GP ADMX file name: *SettingSync.admx*
@@ -129,32 +110,14 @@ ADMX Info:
 **ADMX_SettingSync/DisableApplicationSettingSync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -169,25 +132,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevent the "app settings" group from syncing to and from this PC. This turns off and disables the "app settings" group on the "sync your settings" page in PC settings.
+Prevent the "app settings" group from syncing to and from this PC. This option turns off and disables the "app settings" group on the "sync your settings" page in PC settings.
 
-If you enable this policy setting, the "app settings" group will not be synced.
+If you enable this policy setting, the "app settings" group won't be synced.
 
 Use the option "Allow users to turn app settings syncing on" so that syncing it turned off by default but not disabled.
 
-If you do not set or disable this setting, syncing of the "app settings" group is on by default and configurable by the user.
+If you don't set or disable this setting, syncing of the "app settings" group is on by default and configurable by the user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not sync app settings*
+-   GP Friendly name: *Do not sync app settings*
 -   GP name: *DisableApplicationSettingSync*
 -   GP path: *Windows Components\Sync your settings*
 -   GP ADMX file name: *SettingSync.admx*
@@ -200,32 +158,14 @@ ADMX Info:
 **ADMX_SettingSync/DisableCredentialsSettingSync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -240,25 +180,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevent the "passwords" group from syncing to and from this PC. This turns off and disables the "passwords" group on the "sync your settings" page in PC settings.
+Prevent the "passwords" group from syncing to and from this PC. This option turns off and disables the "passwords" group on the "sync your settings" page in PC settings.
 
-If you enable this policy setting, the "passwords" group will not be synced.
+If you enable this policy setting, the "passwords" group won't be synced.
 
 Use the option "Allow users to turn passwords syncing on" so that syncing it turned off by default but not disabled.
 
-If you do not set or disable this setting, syncing of the "passwords" group is on by default and configurable by the user.
+If you don't set or disable this setting, syncing of the "passwords" group is on by default and configurable by the user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not sync passwords*
+-   GP Friendly name: *Do not sync passwords*
 -   GP name: *DisableCredentialsSettingSync*
 -   GP path: *Windows Components\Sync your settings*
 -   GP ADMX file name: *SettingSync.admx*
@@ -271,32 +206,14 @@ ADMX Info:
 **ADMX_SettingSync/DisableDesktopThemeSettingSync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -311,25 +228,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevent the "desktop personalization" group from syncing to and from this PC. This turns off and disables the "desktop personalization" group on the "sync your settings" page in PC settings.
+Prevent the "desktop personalization" group from syncing to and from this PC. This option turns off and disables the "desktop personalization" group on the "sync your settings" page in PC settings.
 
-If you enable this policy setting, the "desktop personalization" group will not be synced.
+If you enable this policy setting, the "desktop personalization" group won't be synced.
 
 Use the option "Allow users to turn desktop personalization syncing on" so that syncing it turned off by default but not disabled.
 
-If you do not set or disable this setting, syncing of the "desktop personalization" group is on by default and configurable by the user.
+If you don't set or disable this setting, syncing of the "desktop personalization" group is on by default and configurable by the user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not sync desktop personalization*
+-   GP Friendly name: *Do not sync desktop personalization*
 -   GP name: *DisableDesktopThemeSettingSync*
 -   GP path: *Windows Components\Sync your settings*
 -   GP ADMX file name: *SettingSync.admx*
@@ -342,32 +254,14 @@ ADMX Info:
 **ADMX_SettingSync/DisablePersonalizationSettingSync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -382,25 +276,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevent the "personalize" group from syncing to and from this PC. This turns off and disables the "personalize" group on the "sync your settings" page in PC settings.
+Prevent the "personalize" group from syncing to and from this PC. This option turns off and disables the "personalize" group on the "sync your settings" page in PC settings.
 
-If you enable this policy setting, the "personalize" group will not be synced.
+If you enable this policy setting, the "personalize" group won't be synced.
 
 Use the option "Allow users to turn personalize syncing on" so that syncing it turned off by default but not disabled.
 
-If you do not set or disable this setting, syncing of the "personalize" group is on by default and configurable by the user.
+If you don't set or disable this setting, syncing of the "personalize" group is on by default and configurable by the user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not sync personalize*
+-   GP Friendly name: *Do not sync personalize*
 -   GP name: *DisablePersonalizationSettingSync*
 -   GP path: *Windows Components\Sync your settings*
 -   GP ADMX file name: *SettingSync.admx*
@@ -413,32 +302,14 @@ ADMX Info:
 **ADMX_SettingSync/DisableSettingSync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -453,25 +324,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevent syncing to and from this PC. This turns off and disables the "sync your settings" switch on the "sync your settings" page in PC Settings.
+Prevent syncing to and from this PC. This option turns off and disables the "sync your settings" switch on the "sync your settings" page in PC Settings.
 
 If you enable this policy setting, "sync your settings" will be turned off, and none of the "sync your setting" groups will be synced on this PC.
 
 Use the option "Allow users to turn syncing on" so that syncing it turned off by default but not disabled.
 
-If you do not set or disable this setting, "sync your settings" is on by default and configurable by the user.
+If you don't set or disable this setting, "sync your settings" is on by default and configurable by the user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not sync*
+-   GP Friendly name: *Do not sync*
 -   GP name: *DisableSettingSync*
 -   GP path: *Windows Components\Sync your settings*
 -   GP ADMX file name: *SettingSync.admx*
@@ -484,32 +350,14 @@ ADMX Info:
 **ADMX_SettingSync/DisableStartLayoutSettingSync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -524,25 +372,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevent the "Start layout" group from syncing to and from this PC. This turns off and disables the "Start layout" group on the "sync your settings" page in PC settings.
+Prevent the "Start layout" group from syncing to and from this PC. This option turns off and disables the "Start layout" group on the "sync your settings" page in PC settings.
 
-If you enable this policy setting, the "Start layout" group will not be synced.
+If you enable this policy setting, the "Start layout" group won't be synced.
 
-Use the option "Allow users to turn start syncing on" so that syncing is turned off by default but not disabled.
+Use the option "Allow users to turn on start syncing" so that syncing is turned off by default but not disabled.
 
-If you do not set or disable this setting, syncing of the "Start layout" group is on by default and configurable by the user.
+If you don't set or disable this setting, syncing of the "Start layout" group is on by default and configurable by the user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not sync start settings*
+-   GP Friendly name: *Do not sync start settings*
 -   GP name: *DisableStartLayoutSettingSync*
 -   GP path: *Windows Components\Sync your settings*
 -   GP ADMX file name: *SettingSync.admx*
@@ -555,32 +398,14 @@ ADMX Info:
 **ADMX_SettingSync/DisableSyncOnPaidNetwork**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -595,23 +420,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevent syncing to and from this PC when on metered Internet connections. This turns off and disables "sync your settings on metered connections" switch on the "sync your settings" page in PC Settings.
+Prevent syncing to and from this PC when on metered Internet connections. This option turns off and disables "sync your settings on metered connections" switch on the "sync your settings" page in PC Settings.
 
 If you enable this policy setting, syncing on metered connections will be turned off, and no syncing will take place when this PC is on a metered connection.
 
-If you do not set or disable this setting, syncing on metered connections is configurable by the user.
+If you don't set or disable this setting, syncing on metered connections is configurable by the user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not sync on metered connections*
+-   GP Friendly name: *Do not sync on metered connections*
 -   GP name: *DisableSyncOnPaidNetwork*
 -   GP path: *Windows Components\Sync your settings*
 -   GP ADMX file name: *SettingSync.admx*
@@ -624,32 +444,14 @@ ADMX Info:
 **ADMX_SettingSync/DisableWindowsSettingSync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -664,25 +466,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevent the "Other Windows settings" group from syncing to and from this PC.  This turns off and disables the "Other Windows settings" group on the "sync your settings" page in PC settings.
+Prevent the "Other Windows settings" group from syncing to and from this PC.  This option turns off and disables the "Other Windows settings" group on the "sync your settings" page in PC settings.
 
-If you enable this policy setting, the "Other Windows settings" group will not be synced.
+If you enable this policy setting, the "Other Windows settings" group won't be synced.
 
 Use the option "Allow users to turn other Windows settings syncing on" so that syncing it turned off by default but not disabled.
 
-If you do not set or disable this setting, syncing of the "Other Windows settings" group is on by default and configurable by the user.
+If you don't set or disable this setting, syncing of the "Other Windows settings" group is on by default and configurable by the user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not sync other Windows settings*
+-   GP Friendly name: *Do not sync other Windows settings*
 -   GP name: *DisableWindowsSettingSync*
 -   GP path: *Windows Components\Sync your settings*
 -   GP ADMX file name: *SettingSync.admx*
@@ -691,7 +488,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
index 467cab854e..08337cd9ac 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/21/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_SharedFolders
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -36,32 +40,14 @@ manager: dansimp
 **ADMX_SharedFolders/PublishDfsRoots**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -76,7 +62,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).
+This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).
 
 If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS .
 
@@ -86,16 +72,11 @@ If you disable this policy setting, users cannot publish DFS roots in AD DS and
 > The default is to allow shared folders to be published when this setting is not configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow DFS roots to be published*
+-   GP Friendly name: *Allow DFS roots to be published*
 -   GP name: *PublishDfsRoots*
 -   GP path: *Shared Folders*
 -   GP ADMX file name: *SharedFolders.admx*
@@ -109,32 +90,14 @@ ADMX Info:
 **ADMX_SharedFolders/PublishSharedFolders**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -149,7 +112,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).
+This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).
 
 If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS.
 
@@ -159,16 +122,11 @@ If you disable this policy setting, users cannot publish shared folders in AD DS
 > The default is to allow shared folders to be published when this setting is not configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow shared folders to be published*
+-   GP Friendly name: *Allow shared folders to be published*
 -   GP name: *PublishSharedFolders*
 -   GP path: *Shared Folders*
 -   GP ADMX file name: *SharedFolders.admx*
@@ -177,8 +135,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md
index faccab55d9..72af1e5fd1 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharing.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharing.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/21/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Sharing
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -33,32 +37,14 @@ manager: dansimp
 **ADMX_Sharing/NoInplaceSharing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -73,23 +59,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer.  An administrator can opt in the computer by using the sharing wizard to share a file within their profile.
+This policy setting specifies whether users can share files within their profile. By default, users are allowed to share files within their profile to other users on their network after an administrator opts in the computer.  An administrator can opt in the computer by using the sharing wizard to share a file within their profile.
 
-If you enable this policy setting, users cannot share files within their profile using the sharing wizard.  Also, the sharing wizard cannot create a share at %root%\users and can only be used to create SMB shares on folders.
+If you enable this policy setting, users can't share files within their profile using the sharing wizard.  Also, the sharing wizard can't create a share at %root%\users and can only be used to create SMB shares on folders.
 
 If you disable or don't configure this policy setting, users can share files out of their user profile after an administrator has opted in the computer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent users from sharing files within their profile.*
+-   GP Friendly name: *Prevent users from sharing files within their profile.*
 -   GP name: *NoInplaceSharing*
 -   GP path: *Windows Components\Network Sharing*
 -   GP ADMX file name: *Sharing.admx*
@@ -98,7 +79,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
index 223fa3819b..d9a9efabdf 100644
--- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
+++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
@@ -6,30 +6,35 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
-ms.date: 09/21/2020
+author: dansimp
+ms.date: 09/18/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_ShellCommandPromptRegEditTools
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
                  
 
 
 ## ADMX_ShellCommandPromptRegEditTools policies  
 
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
                  
   
                  
-    ADMX_ShellCommandPromptRegEditTools/DisableCMD
+    ADMX_ShellCommandPromptRegEditTools/DisallowApps
   
                  
   
                  
     ADMX_ShellCommandPromptRegEditTools/DisableRegedit
   
                  
   
                  
-    ADMX_ShellCommandPromptRegEditTools/DisallowApps
+    ADMX_ShellCommandPromptRegEditTools/DisableCMD
   
                  
   
                  
     ADMX_ShellCommandPromptRegEditTools/RestrictApps
@@ -40,35 +45,17 @@ manager: dansimp
 
                  
 
 
-**ADMX_ShellCommandPromptRegEditTools/DisableCMD**  
+**ADMX_ShellCommandPromptRegEditTools/DisallowApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -83,64 +70,45 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from running the interactive command prompt, Cmd.exe. This policy setting also determines whether batch files (.cmd and .bat) can run on the computer.
+This policy setting prevents users from running the interactive command prompt, Cmd.exe.
+  
+This policy setting also determines whether batch files (.cmd and .bat) can run on the computer.
 
-If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action.
-
-If you disable this policy setting or do not configure it, users can run Cmd.exe and batch files normally.
+- If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. .  
 
+-  If you disable this policy setting or don't configure it, users can run Cmd.exe and batch files normally.  
+  
 > [!NOTE]
-> Do not prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services.
+> Don't prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services.
+
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent access to the command prompt*
--   GP name: *DisableCMD*
+-   GP Friendly name: *Prevent access to the command prompt*
+-   GP name: *DisallowApps*
 -   GP path: *System*
--   GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx*
+-   GP ADMX file name: *ShellCommandPromptRegEditTools.admx*
 
 
 
 
                  
 
+
 
 **ADMX_ShellCommandPromptRegEditTools/DisableRegedit**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -155,64 +123,40 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Disables the Windows registry editor Regedit.exe.
+This policy setting disables the Windows registry editor Regedit.exe.  
 
-If you enable this policy setting and the user tries to start Regedit.exe, a message appears explaining that a policy setting prevents the action.
+- If you enable this policy setting and the user tries to start Regedit.exe, a message appears explaining that a policy setting prevents the action.  
 
-If you disable this policy setting or do not configure it, users can run Regedit.exe normally.
+- If you disable this policy setting or don't configure it, users can run Regedit.exe normally.  
 
 To prevent users from using other administrative tools, use the "Run only specified Windows applications" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent access to registry editing tools*
+-   GP Friendly name: *Prevent access to registry editing tools*
 -   GP name: *DisableRegedit*
--   GP path: *System*
--   GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx*
+-   GP path: *System\Server Manager*
+-   GP ADMX file name: *ShellCommandPromptRegEditTools.admx*
 
 
 
-
 
                  
 
 
-**ADMX_ShellCommandPromptRegEditTools/DisallowApps**  
+**ADMX_ShellCommandPromptRegEditTools/DisableCMD**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -227,32 +171,27 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents Windows from running the programs you specify in this policy setting.
+This policy setting limits the Windows programs that users have permission to run on the computer.  
 
-If you enable this policy setting, users cannot run programs that you add to the list of disallowed applications.
+- If you enable this policy setting, users can only run programs that you add to the list of allowed applications.  
 
-If you disable this policy setting or do not configure it, users can run any programs.
+- If you disable this policy setting or don't configure it, users can run all applications.  This policy setting only prevents users from running programs that are started by the File Explorer process.
 
-This policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs, such as Task Manager, which are started by the system process or by other processes.  Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
+It doesn't prevent users from running programs such as Task Manager, which is started by the system process or by other processes.  Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.  
 
-> [!NOTE]
-> Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.
-> To create a list of allowed applications, click Show.  In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe).
+Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.  
+
+To create a list of allowed applications, click Show.  In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Don't run specified Windows applications*
--   GP name: *DisallowApps*
+-   GP Friendly name: *Run only specified Windows applications*
+-   GP name: *DisableCMD*
 -   GP path: *System*
--   GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx*
+-   GP ADMX file name: *ShellCommandPromptRegEditTools.admx*
 
 
 
@@ -262,32 +201,14 @@ ADMX Info:
 **ADMX_ShellCommandPromptRegEditTools/RestrictApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -302,39 +223,31 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Limits the Windows programs that users have permission to run on the computer.
+This policy setting prevents Windows from running the programs you specify in this policy setting. 
 
-If you enable this policy setting, users can only run programs that you add to the list of allowed applications.
+- If you enable this policy setting, users can't run programs that you add to the list of disallowed applications.  
 
-If you disable this policy setting or do not configure it, users can run all applications.
+- If you disable this policy setting or don't configure it, users can run any programs. 
 
-This policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
+This policy setting only prevents users from running programs that are started by the File Explorer process. It doesn't prevent users from running programs, such as Task Manager, which are started by the system process or by other processes.  Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.  
+
+Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.
+
+To create a list of allowed applications, click Show.  In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe).
 
-> [!NOTE]
-> Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.
-> To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Run only specified Windows applications*
+-   GP Friendly name: *Don't run specified Windows applications*
 -   GP name: *RestrictApps*
 -   GP path: *System*
--   GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx*
+-   GP ADMX file name: *ShellCommandPromptRegEditTools.admx*
 
 
 
-
                  
-
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-skydrive.md b/windows/client-management/mdm/policy-csp-admx-skydrive.md
deleted file mode 100644
index 464845261e..0000000000
--- a/windows/client-management/mdm/policy-csp-admx-skydrive.md
+++ /dev/null
@@ -1,108 +0,0 @@
----
-title: Policy CSP - ADMX_SkyDrive
-description: Policy CSP - ADMX_SkyDrive
-ms.author: dansimp
-ms.localizationpriority: medium
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 12/08/2020
-ms.reviewer: 
-manager: dansimp
----
-
-# Policy CSP - ADMX_SkyDrive
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
-
                  
-
-
-## ADMX_SkyDrive policies  
-
-
                  
-  
                  
-    ADMX_SkyDrive/PreventNetworkTrafficPreUserSignIn
-  
                  
-
                  
-
-
-
                  
-
-
-**ADMX_SkyDrive/PreventNetworkTrafficPreUserSignIn**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
-
-
-
                  
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
                  
-
-
-
-Available in the latest Windows 10 Insider Preview Build. Enable this setting to prevent the OneDrive sync client (OneDrive.exe) from generating network traffic (checking for updates, etc.) until the user signs in to OneDrive or starts syncing files to the local computer.
-
-If you enable this setting, users must sign in to the OneDrive sync client on the local computer, or select to sync OneDrive or SharePoint files on the computer, for the sync client to start automatically.
-
-If this setting is not enabled, the OneDrive sync client will start automatically when users sign in to Windows.
-
-If you enable or disable this setting, do not return the setting to Not Configured. Doing so will not change the configuration and the last configured setting will remain in effect.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Prevent OneDrive from generating network traffic until the user signs in to OneDrive*
--   GP name: *PreventNetworkTrafficPreUserSignIn*
--   GP path: *Windows Components\OneDrive*
--   GP ADMX file name: *SkyDrive.admx*
-
-
-
-
                  
-
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
-
-
diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md
index 227aeb686b..089c628ab8 100644
--- a/windows/client-management/mdm/policy-csp-admx-smartcard.md
+++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/23/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Smartcard
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -79,32 +83,14 @@ manager: dansimp
 **ADMX_Smartcard/AllowCertificatesWithNoEKU**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -119,29 +105,24 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.
+This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for signing in.
 
-In versions of Windows prior to Windows Vista, smart card certificates that are used for logon require an enhanced key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction.
+In versions of Windows prior to Windows Vista, smart card certificates that are used for a sign in require an enhanced key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction.
 
-If you enable this policy setting, certificates with the following attributes can also be used to log on with a smart card:
+If you enable this policy setting, certificates with the following attributes can also be used to sign in on with a smart card:
 
 - Certificates with no EKU
 - Certificates with an All Purpose EKU
 - Certificates with a Client Authentication EKU
 
-If you disable or do not configure this policy setting, only certificates that contain the smart card logon object identifier can be used to log on with a smart card.
+If you disable or don't configure this policy setting, only certificates that contain the smart card logon object identifier can be used to sign in with a smart card.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow certificates with no extended key usage certificate attribute*
+-   GP Friendly name: *Allow certificates with no extended key usage certificate attribute*
 -   GP name: *AllowCertificatesWithNoEKU*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -154,32 +135,14 @@ ADMX Info:
 **ADMX_Smartcard/AllowIntegratedUnblock**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -194,25 +157,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).
+This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).
 
-In order to use the integrated unblock feature your smart card must support this feature.  Please check with your hardware manufacturer to see if your smart card supports this feature.
+In order to use the integrated unblock feature, your smart card must support this feature.  Check with your hardware manufacturer to see if your smart card supports this feature.
 
 If you enable this policy setting, the integrated unblock feature will be available.
 
-If you disable or do not configure this policy setting then the integrated unblock feature will not be available.
+If you disable or don't configure this policy setting then the integrated unblock feature won't be available.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow Integrated Unblock screen to be displayed at the time of logon*
+-   GP Friendly name: *Allow Integrated Unblock screen to be displayed at the time of logon*
 -   GP name: *AllowIntegratedUnblock*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -225,32 +183,14 @@ ADMX Info:
 **ADMX_Smartcard/AllowSignatureOnlyKeys**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -265,23 +205,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.
+This policy setting lets you allow signature key-based certificates to be enumerated and available for a sign in.
 
-If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.
+If you enable this policy setting, then any certificates available on the smart card with a signature only key will be listed on the sign-in screen.
 
-If you disable or do not configure this policy setting, any available smart card signature key-based certificates will not be listed on the logon screen.
+If you disable or don't configure this policy setting, any available smart card signature key-based certificates won't be listed on the sign-in screen.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow signature keys valid for Logon*
+-   GP Friendly name: *Allow signature keys valid for Logon*
 -   GP name: *AllowSignatureOnlyKeys*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -294,32 +229,14 @@ ADMX Info:
 **ADMX_Smartcard/AllowTimeInvalidCertificates**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -334,25 +251,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.
+This policy setting permits those certificates to be displayed for a sign in which are either expired or not yet valid.
 
 Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls the displaying of the certificate on the client machine. 
 
-If you enable this policy setting certificates will be listed on the logon screen regardless of whether they have an invalid time or their time validity has expired.
+If you enable this policy setting, certificates will be listed on the sign-in screen regardless of whether they have an invalid time or their time validity has expired.
 
-If you disable or do not configure this policy setting, certificates which are expired or not yet valid will not be listed on the logon screen.
+If you disable or don't configure this policy setting, certificates that are expired or not yet valid won't be listed on the sign-in screen.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow time invalid certificates*
+-   GP Friendly name: *Allow time invalid certificates*
 -   GP name: *AllowTimeInvalidCertificates*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -365,32 +277,14 @@ ADMX Info:
 **ADMX_Smartcard/CertPropEnabledString**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -405,23 +299,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.
+This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.
 
-If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card.
+If you enable or don't configure this policy setting then certificate propagation will occur when you insert your smart card.
 
-If you disable this policy setting, certificate propagation will not occur and the certificates will not be made available to applications such as Outlook.
+If you disable this policy setting, certificate propagation won't occur and the certificates won't be made available to applications such as Outlook.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on certificate propagation from smart card*
+-   GP Friendly name: *Turn on certificate propagation from smart card*
 -   GP name: *CertPropEnabledString*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -434,32 +323,14 @@ ADMX Info:
 **ADMX_Smartcard/CertPropRootCleanupString**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -474,19 +345,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the cleanup behavior of root certificates.  If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate cleanup will occur on logoff.
+This policy setting allows you to manage the cleanup behavior of root certificates.  If you enable this policy setting, then root certificate cleanup will occur according to the option selected. If you disable or don't configure this setting then root certificate cleanup will occur on a sign out.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure root certificate clean up*
+-   GP Friendly name: *Configure root certificate clean up*
 -   GP name: *CertPropRootCleanupString*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -499,32 +365,14 @@ ADMX Info:
 **ADMX_Smartcard/CertPropRootEnabledString**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -539,26 +387,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.
+This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.
 
-If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card.
+If you enable or don't configure this policy setting then root certificate propagation will occur when you insert your smart card.
 
 > [!NOTE]
 > For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.
 
-If you disable this policy setting then root certificates will not be propagated from the smart card.
+If you disable this policy setting, then root certificates won't be propagated from the smart card.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on root certificate propagation from smart card*
+-   GP Friendly name: *Turn on root certificate propagation from smart card*
 -   GP name: *CertPropRootEnabledString*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -571,32 +414,14 @@ ADMX Info:
 **ADMX_Smartcard/DisallowPlaintextPin**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -611,26 +436,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents plaintext PINs from being returned by Credential Manager. 
+This policy setting prevents plaintext PINs from being returned by Credential Manager. 
 
-If you enable this policy setting, Credential Manager does not return a plaintext PIN. 
+If you enable this policy setting, Credential Manager doesn't return a plaintext PIN. 
 
-If you disable or do not configure this policy setting, plaintext PINs can be returned by Credential Manager.
+If you disable or don't configure this policy setting, plaintext PINs can be returned by Credential Manager.
 
 > [!NOTE]
 > Enabling this policy setting could prevent certain smart cards from working on Windows. Please consult your smart card manufacturer to find out whether you will be affected by this policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent plaintext PINs from being returned by Credential Manager*
+-   GP Friendly name: *Prevent plaintext PINs from being returned by Credential Manager*
 -   GP name: *DisallowPlaintextPin*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -643,32 +463,14 @@ ADMX Info:
 **ADMX_Smartcard/EnumerateECCCerts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -683,26 +485,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.
+This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to sign in to a domain.
 
-If you enable this policy setting, ECC certificates on a smart card can be used to log on to a domain.
+If you enable this policy setting, ECC certificates on a smart card can be used to sign in to a domain.
 
-If you disable or do not configure this policy setting, ECC certificates on a smart card cannot be used to log on to a domain. 
+If you disable or don't configure this policy setting, ECC certificates on a smart card can't be used to sign in to a domain.
 
 > [!NOTE]
 > This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting. 
 > If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow ECC certificates to be used for logon and authentication*
+-   GP Friendly name: *Allow ECC certificates to be used for logon and authentication*
 -   GP name: *EnumerateECCCerts*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -715,32 +512,14 @@ ADMX Info:
 **ADMX_Smartcard/FilterDuplicateCerts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -755,30 +534,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you configure if all your valid logon certificates are displayed.
+This policy setting lets you configure if all your valid logon certificates are displayed.
 
-During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template.  This can cause confusion as to which certificate to select for logon. The common case for this behavior is when a certificate is renewed and the old one has not yet expired. Two certificates are determined to be the same if they are issued from the same template with the same major version and they are for the same user (determined by their UPN).
+During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template. This scenario can cause confusion as to which certificate to select for a sign in. The common case for this behavior is when a certificate is renewed and the old one hasn't yet expired. Two certificates are determined to be the same if they're issued from the same template with the same major version and they're for the same user (determined by their UPN).
 
-If there are two or more of the "same" certificate on a smart card and this policy is enabled then the certificate that is used for logon on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the certificate with the expiration time furthest in the future will be shown.  
+If there are two or more of the "same" certificate on a smart card and this policy is enabled, then the certificate that is used for a sign in on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the certificate with the expiration time furthest in the future will be shown.  
 
 > [!NOTE]
 > This setting will be applied after the following policy: "Allow time invalid certificates"
 
-If you enable or do not configure this policy setting, filtering will take place.
+If you enable or don't configure this policy setting, filtering will take place.
 
 If you disable this policy setting, no filtering will take place.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Filter duplicate logon certificates*
+-   GP Friendly name: *Filter duplicate logon certificates*
 -   GP name: *FilterDuplicateCerts*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -791,32 +565,14 @@ ADMX Info:
 **ADMX_Smartcard/ForceReadingAllCertificates**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -831,25 +587,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the reading of all certificates from the smart card for logon.
+This policy setting allows you to manage the reading of all certificates from the smart card for a sign in.
 
-During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.
+During a sign in, Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This setting can introduce a significant performance decrease in certain situations. Contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.
 
 If you enable this setting, then Windows will attempt to read all certificates from the smart card regardless of the feature set of the CSP.
 
-If you disable or do not configure this setting, Windows will only attempt to read the default certificate from those cards that do not support retrieval of all certificates in a single call.  Certificates other than the default will not be available for logon.
+If you disable or don't configure this setting, Windows will only attempt to read the default certificate from those cards that don't support retrieval of all certificates in a single call. Certificates other than the default won't be available for a sign in.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Force the reading of all certificates from the smart card*
+-   GP Friendly name: *Force the reading of all certificates from the smart card*
 -   GP name: *ForceReadingAllCertificates*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -862,32 +613,14 @@ ADMX Info:
 **ADMX_Smartcard/IntegratedUnblockPromptString**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -902,26 +635,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the displayed message when a smart card is blocked.
+This policy setting allows you to manage the displayed message when a smart card is blocked.
 
 If you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked. 
 
 > [!NOTE]
 > The following policy setting must be enabled: Allow Integrated Unblock screen to be displayed at the time of logon.
 
-If you disable or do not configure this policy setting, the default message will be displayed to the user when the smart card is blocked, if the integrated unblock feature is enabled.
+If you disable or don't configure this policy setting, the default message will be displayed to the user when the smart card is blocked, if the integrated unblock feature is enabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Display string when smart card is blocked*
+-   GP Friendly name: *Display string when smart card is blocked*
 -   GP name: *IntegratedUnblockPromptString*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -934,32 +662,14 @@ ADMX Info:
 **ADMX_Smartcard/ReverseSubject**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -974,25 +684,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon.  
+This policy setting lets you reverse the subject name from how it's stored in the certificate when displaying it during a sign in.  
 
-By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN is not present then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization.
+By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN isn't present, then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization.
 
-If you enable this policy setting or do not configure this setting, then the subject name will be reversed.  
+If you enable this policy setting or don't configure this setting, then the subject name will be reversed.  
 
 If you disable, the subject name will be displayed as it appears in the certificate.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Reverse the subject name stored in a certificate when displaying*
+-   GP Friendly name: *Reverse the subject name stored in a certificate when displaying*
 -   GP name: *ReverseSubject*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -1005,32 +710,14 @@ ADMX Info:
 **ADMX_Smartcard/SCPnPEnabled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1045,26 +732,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether Smart Card Plug and Play is enabled.
+This policy setting allows you to control whether Smart Card Plug and Play is enabled.
 
-If you enable or do not configure this policy setting, Smart Card Plug and Play will be enabled and the system will attempt to install a Smart Card device driver when a card is inserted in a Smart Card Reader for the first time.
+If you enable or don't configure this policy setting, Smart Card Plug and Play will be enabled and the system will attempt to install a Smart Card device driver when a card is inserted in a Smart Card Reader for the first time.
 
-If you disable this policy setting, Smart Card Plug and Play will be disabled and a device driver will not be installed when a card is inserted in a Smart Card Reader.
+If you disable this policy setting, Smart Card Plug and Play will be disabled and a device driver won't be installed when a card is inserted in a Smart Card Reader.
 
 > [!NOTE]
 > This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on Smart Card Plug and Play service*
+-   GP Friendly name: *Turn on Smart Card Plug and Play service*
 -   GP name: *SCPnPEnabled*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -1077,32 +759,14 @@ ADMX Info:
 **ADMX_Smartcard/SCPnPNotification**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1117,26 +781,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.
+This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.
 
-If you enable or do not configure this policy setting, a confirmation message will be displayed when a smart card device driver is installed.
+If you enable or don't configure this policy setting, a confirmation message will be displayed when a smart card device driver is installed.
 
-If you disable this policy setting, a confirmation message will not be displayed when a smart card device driver is installed.
+If you disable this policy setting, a confirmation message won't be displayed when a smart card device driver is installed.
 
 > [!NOTE]
 > This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Notify user of successful smart card driver installation*
+-   GP Friendly name: *Notify user of successful smart card driver installation*
 -   GP name: *SCPnPNotification*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -1149,32 +808,14 @@ ADMX Info:
 **ADMX_Smartcard/X509HintsNeeded**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1189,23 +830,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain, thereby associating a certificate with that user.
+This policy setting lets you determine whether an optional field will be displayed during a sign in and elevation that allows users to enter their user name or user name and domain, thereby associating a certificate with the users.
 
-If you enable this policy setting then an optional field that allows a user to enter their user name or user name and domain will be displayed.
+If you enable this policy setting, then an optional field that allows a user to enter their user name or user name and domain will be displayed.
 
-If you disable or do not configure this policy setting, an optional field that allows users to enter their user name or user name and domain will not be displayed.
+If you disable or don't configure this policy setting, an optional field that allows users to enter their user name or user name and domain won't be displayed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow user name hint*
+-   GP Friendly name: *Allow user name hint*
 -   GP name: *X509HintsNeeded*
 -   GP path: *Windows Components\Smart Card*
 -   GP ADMX file name: *Smartcard.admx*
@@ -1214,8 +850,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md
index 9e6698333d..528ebac188 100644
--- a/windows/client-management/mdm/policy-csp-admx-snmp.md
+++ b/windows/client-management/mdm/policy-csp-admx-snmp.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/24/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Snmp
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -40,32 +44,14 @@ manager: dansimp
 **ADMX_Snmp/SNMP_Communities**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -80,7 +66,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.
+This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.
 
 SNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events.
 
@@ -99,16 +85,11 @@ Best practice: For security purposes, it is recommended to restrict the HKLM\SOF
 Also, see the other two SNMP settings: "Specify permitted managers" and "Specify trap configuration".
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify communities*
+-   GP Friendly name: *Specify communities*
 -   GP name: *SNMP_Communities*
 -   GP path: *Network\SNMP*
 -   GP ADMX file name: *Snmp.admx*
@@ -121,32 +102,14 @@ ADMX Info:
 **ADMX_Snmp/SNMP_PermittedManagers**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -161,7 +124,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.
+This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.
 
 Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
 
@@ -179,16 +142,11 @@ Best practice: For security purposes, it is recommended to restrict the HKLM\SOF
 Also, see the other two SNMP policy settings: "Specify trap configuration" and "Specify Community Name".
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify permitted managers*
+-   GP Friendly name: *Specify permitted managers*
 -   GP name: *SNMP_PermittedManagers*
 -   GP path: *Network\SNMP*
 -   GP ADMX file name: *Snmp.admx*
@@ -201,32 +159,14 @@ ADMX Info:
 **ADMX_Snmp/SNMP_Traps_Public**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -241,7 +181,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.
+This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.
 
 Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
 
@@ -257,16 +197,11 @@ If you disable or do not configure this policy setting, the SNMP service takes t
 Also, see the other two SNMP settings: "Specify permitted managers" and "Specify Community Name".
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify traps for public community*
+-   GP Friendly name: *Specify traps for public community*
 -   GP name: *SNMP_Traps_Public*
 -   GP path: *Network\SNMP*
 -   GP ADMX file name: *Snmp.admx*
@@ -275,8 +210,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md
new file mode 100644
index 0000000000..1609eb9c33
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md
@@ -0,0 +1,133 @@
+---
+title: Policy CSP - ADMX_SoundRec
+description: Policy CSP - ADMX_SoundRec
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 12/01/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_SoundRec
+
+
                  
+
+
+## ADMX_SoundRec policies  
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+  
                  
+    ADMX_SoundRec/Soundrec_DiableApplication_TitleText_1
+  
                  
+  
                  
+    ADMX_SoundRec/Soundrec_DiableApplication_TitleText_2
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.  
+
+If you enable this policy setting, Sound Recorder will not run.  
+
+If you disable or do not configure this policy setting, Sound Recorder can be run.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow Sound Recorder to run*
+-   GP name: *Soundrec_DiableApplication_TitleText_1*
+-   GP path: *Windows Components\Sound Recorder*
+-   GP ADMX file name: *SettingSync.admx*
+
+
+
+
                  
+
+
+
+**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.  
+
+If you enable this policy setting, Sound Recorder will not run.  
+
+If you disable or do not configure this policy setting, Sound Recorder can be run.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow Sound Recorder to run*
+-   GP name: *Soundrec_DiableApplication_TitleText_2*
+-   GP path: *Windows Components\Sound Recorder*
+-   GP ADMX file name: *SettingSync.admx*
+
+
+
+
                  
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md
new file mode 100644
index 0000000000..325fd93379
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md
@@ -0,0 +1,132 @@
+---
+title: Policy CSP - ADMX_srmfci
+description: Policy CSP - ADMX_srmfci
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 09/18/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_srmfci
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_srmfci policies  
+
+
                  
+  
                  
+    ADMX_srmfci/EnableShellAccessCheck
+  
                  
+  
                  
+    ADMX_srmfci/AccessDeniedConfiguration
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_srmfci/EnableShellAccessCheck**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This Group Policy Setting should be set on Windows clients  to enable access-denied assistance for all file types.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Enable access-denied assistance on client for all file types*
+-   GP name: *EnableShellAccessCheck*
+-   GP path: *System\Access-Denied Assistance*
+-   GP ADMX file name: *srmfci.admx*
+
+
+
+
                  
+
+
+**ADMX_srmfci/AccessDeniedConfiguration**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting specifies the message that users see when they're denied access to a file or folder. You can customize the Access Denied message to include more text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access.  
+
+If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied.  
+
+If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionalities controlled by this policy setting, regardless of the file server configuration.  
+
+If you don't configure this policy setting, users see a standard Access Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Access Denied message.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Customize message for Access Denied errors*
+-   GP name: *AccessDeniedConfiguration*
+-   GP path: *System\Access-Denied Assistance*
+-   GP ADMX file name: *srmfci.admx*
+
+
+
+
                  
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
index 43eb801c4d..f89c8f56d9 100644
--- a/windows/client-management/mdm/policy-csp-admx-startmenu.md
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/20/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_StartMenu
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -232,32 +236,14 @@ manager: dansimp
 **ADMX_StartMenu/AddSearchInternetLinkInStartMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -272,23 +258,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy, a "Search the Internet" link is shown when the user performs a search in the start menu search box. This button launches the default browser with the search terms.
+If you enable this policy, a "Search the Internet" link is shown when the user performs a search in the start menu search box. This button launches the default browser with the search terms.
 
-If you disable this policy, there will not be a "Search the Internet" link when the user performs a search in the start menu search box.
+If you disable this policy, there won't be a "Search the Internet" link when the user performs a search in the start menu search box.
 
-If you do not configure this policy (default), there will not be a "Search the Internet" link on the start menu.
+If you don't configure this policy (default), there won't be a "Search the Internet" link on the start menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Add Search Internet link to Start Menu*
+-   GP Friendly name: *Add Search Internet link to Start Menu*
 -   GP name: *AddSearchInternetLinkInStartMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -301,32 +282,14 @@ ADMX Info:
 **ADMX_StartMenu/ClearRecentDocsOnExit**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -341,34 +304,29 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Clear history of recently opened documents on exit.
+Clear history of recently opened documents on exit.
 
-If you enable this setting, the system deletes shortcuts to recently used document files when the user logs off. As a result, the Recent Items menu on the Start menu is always empty when the user logs on. In addition, recently and frequently used items in the Jump Lists off of programs in the Start Menu and Taskbar will be cleared when the user logs off.
+If you enable this setting, the system deletes shortcuts to recently used document files when the user signs out. As a result, the Recent Items menu on the Start menu is always empty when the user logs on. In addition, recently and frequently used items in the Jump Lists off of programs in the Start Menu and Taskbar will be cleared when the user signs out.
 
-If you disable or do not configure this setting, the system retains document shortcuts, and when a user logs on, the Recent Items menu and the Jump Lists appear just as it did when the user logged off.
+If you disable or don't configure this setting, the system retains document shortcuts, and when a user logs on, the Recent Items menu and the Jump Lists appear just as it did when the user logged off.
 
 > [!NOTE]
 > The system saves document shortcuts in the user profile in the System-drive\Users\User-name\Recent folder.
 
 Also, see the "Remove Recent Items menu from Start Menu" and "Do not keep history of recently opened documents" policies in this folder. The system only uses this setting when neither of these related settings are selected.
 
-This setting does not clear the list of recent files that Windows programs display at the bottom of the File menu. See the "Do not keep history of recently opened documents" setting.
+This setting doesn't clear the list of recent files that Windows programs display at the bottom of the File menu. See the "Do not keep history of recently opened documents" setting.
 
-This policy setting also does not hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting.
+This policy setting also doesn't hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting.
 
-This policy also does not clear items that the user may have pinned to the Jump Lists, or Tasks that the application has provided for their menu. See the "Do not allow pinning items in Jump Lists" setting.
+This policy also doesn't clear items that the user may have pinned to the Jump Lists, or Tasks that the application has provided for their menu. See the "Do not allow pinning items in Jump Lists" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Clear history of recently opened documents on exit*
+-   GP Friendly name: *Clear history of recently opened documents on exit*
 -   GP name: *ClearRecentDocsOnExit*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -381,32 +339,14 @@ ADMX Info:
 **ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -421,21 +361,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting, the recent programs list in the start menu will be blank for each new user.
+If you enable this policy setting, the recent programs list in the start menu will be blank for each new user.
 
-If you disable or do not configure this policy, the start menu recent programs list will be pre-populated with programs for each new user.
+If you disable or don't configure this policy, the start menu recent programs list will be pre-populated with programs for each new user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Clear the recent programs list for new users*
+-   GP Friendly name: *Clear the recent programs list for new users*
 -   GP name: *ClearRecentProgForNewUserInStartMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -448,32 +383,14 @@ ADMX Info:
 **ADMX_StartMenu/ClearTilesOnExit**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -488,23 +405,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the system deletes tile notifications when the user logs on. As a result, the Tiles in the start view will always show their default content when the user logs on. In addition, any cached versions of these notifications will be cleared when the user logs on.
+If you enable this setting, the system deletes tile notifications when the user logs on. As a result, the Tiles in the start view will always show their default content when the user logs on. In addition, any cached versions of these notifications will be cleared when the user logs on.
 
-If you disable or do not configure this setting, the system retains notifications, and when a user logs on, the tiles appear just as they did when the user logged off, including the history of previous notifications for each tile.
+If you disable or don't configure this setting, the system retains notifications, and when a user logs on, the tiles appear just as they did when the user logged off, including the history of previous notifications for each tile.
 
-This setting does not prevent new notifications from appearing. See the "Turn off Application Notifications" setting to prevent new notifications.
+This setting doesn't prevent new notifications from appearing. See the "Turn off Application Notifications" setting to prevent new notifications.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Clear tile notifications during log on*
+-   GP Friendly name: *Clear tile notifications during log on*
 -   GP name: *ClearTilesOnExit*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -517,32 +429,14 @@ ADMX Info:
 **ADMX_StartMenu/DesktopAppsFirstInAppsView**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -557,23 +451,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows desktop apps to be listed first in the Apps view in Start.
+This policy setting allows desktop apps to be listed first in the Apps view in Start.
 
 If you enable this policy setting, desktop apps would be listed first when the apps are sorted by category in the Apps view. The other sorting options would continue to be available and the user could choose to change their default sorting options.
 
 If you disable or don't configure this policy setting, the desktop apps won't be listed first when the apps are sorted by category, and the user can configure this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *List desktop apps first in the Apps view*
+-   GP Friendly name: *List desktop apps first in the Apps view*
 -   GP name: *DesktopAppsFirstInAppsView*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -586,32 +475,14 @@ ADMX Info:
 **ADMX_StartMenu/DisableGlobalSearchOnAppsView**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -626,7 +497,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the user from searching apps, files, settings (and the web if enabled) when the user searches from the Apps view.
+This policy setting prevents the user from searching apps, files, settings (and the web if enabled) when the user searches from the Apps view.
 
 This policy setting is only applied when the Apps view is set as the default view for Start.
 
@@ -635,16 +506,11 @@ If you enable this policy setting, searching from the Apps view will only search
 If you disable or don’t configure this policy setting, the user can configure this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Search just apps from the Apps view*
+-   GP Friendly name: *Search just apps from the Apps view*
 -   GP name: *DisableGlobalSearchOnAppsView*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -657,32 +523,14 @@ ADMX Info:
 **ADMX_StartMenu/ForceStartMenuLogOff**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -697,31 +545,27 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy only applies to the classic version of the start menu and does not affect the new style start menu.
+This policy only applies to the classic version of the start menu and doesn't affect the new style start menu.
 
 Adds the "Log Off ``" item to the Start menu and prevents users from removing it.
 
-If you enable this setting, the Log Off `` item appears in the Start menu. This setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot remove the Log Off `` item from the Start Menu.
+If you enable this setting, the Log Off `` item appears in the Start menu. This setting also removes the Display Logoff item from Start Menu Options. As a result, users can't remove the Log Off `` item from the Start Menu.
 
-If you disable this setting or do not configure it, users can use the Display Logoff item to add and remove the Log Off item.
+If you disable this setting or don't configure it, users can use the Display Logoff item to add and remove the Log Off item.
 
-This setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del.
+This setting affects the Start menu only. It doesn't affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del.
 
-Note: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab, and then, in the Start Menu Settings box, click Display Logoff.
+> [!NOTE]
+> To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab, and then, in the Start Menu Settings box, click Display Logoff.
 
 Also, see "Remove Logoff" in User Configuration\Administrative Templates\System\Logon/Logoff.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Add Logoff to the Start Menu*
+-   GP Friendly name: *Add Logoff to the Start Menu*
 -   GP name: *ForceStartMenuLogOff*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -734,32 +578,14 @@ ADMX Info:
 **ADMX_StartMenu/GoToDesktopOnSignIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -774,7 +600,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to go to the desktop instead of the Start screen when they sign in.
+This policy setting allows users to go to the desktop instead of the Start screen when they sign in.
 
 If you enable this policy setting, users will always go to the desktop when they sign in.
 
@@ -783,16 +609,11 @@ If you disable this policy setting, users will always go to the Start screen whe
 If you don’t configure this policy setting, the default setting for the user’s device will be used, and the user can choose to change it.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Go to the desktop instead of Start when signing in*
+-   GP Friendly name: *Go to the desktop instead of Start when signing in*
 -   GP name: *GoToDesktopOnSignIn*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -805,32 +626,14 @@ ADMX Info:
 **ADMX_StartMenu/GreyMSIAds**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -845,28 +648,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Displays Start menu shortcuts to partially installed programs in gray text.
+Displays Start menu shortcuts to partially installed programs in gray text.
 
-This setting makes it easier for users to distinguish between programs that are fully installed and those that are only partially installed.
+This setting makes it easier for users to distinguish between programs that are fully installed and those programs that are only partially installed.
 
-Partially installed programs include those that a system administrator assigns using Windows Installer and those that users have configured for full installation upon first use.
+Partially installed programs include those programs that a system administrator assigns using Windows Installer and those programs that users have configured for full installation upon first use.
 
-If you disable this setting or do not configure it, all Start menu shortcuts appear as black text.
+If you disable this setting or don't configure it, all Start menu shortcuts appear as black text.
 
 > [!NOTE]
 > Enabling this setting can make the Start menu slow to open.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Gray unavailable Windows Installer programs Start Menu shortcuts*
+-   GP Friendly name: *Gray unavailable Windows Installer programs Start Menu shortcuts*
 -   GP name: *GreyMSIAds*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -879,32 +677,14 @@ ADMX Info:
 **ADMX_StartMenu/HidePowerOptions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -919,23 +699,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from performing the following commands from the Windows security screen, the logon screen, and the Start menu: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions.
+This policy setting prevents users from performing the following commands from the Windows security screen, the sign-in screen, and the Start menu: Shut Down, Restart, Sleep, and Hibernate. This policy setting doesn't prevent users from running Windows-based programs that perform these functions.
 
-If you enable this policy setting, the shutdown, restart, sleep, and hibernate commands are removed from the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE, and from the logon screen.
+If you enable this policy setting, the shutdown, restart, sleep, and hibernate commands are removed from the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE, and from the sign in screen.
 
-If you disable or do not configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security and logon screens is also available.
+If you disable or don't configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security and sign-in screens is also available.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands*
+-   GP Friendly name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands*
 -   GP name: *HidePowerOptions*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -948,32 +723,14 @@ ADMX Info:
 **ADMX_StartMenu/Intellimenus**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -988,11 +745,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Disables personalized menus.
+Disables personalized menus.
 
-Windows personalizes long menus by moving recently used items to the top of the menu and hiding items that have not been used recently. Users can display the hidden items by clicking an arrow to extend the menu.
+Windows personalizes long menus by moving recently used items to the top of the menu and hiding items that haven't been used recently. Users can display the hidden items by clicking an arrow to extend the menu.
 
-If you enable this setting, the system does not personalize menus. All menu items appear and remain in standard order. Also, this setting removes the "Use Personalized Menus" option so users do not try to change the setting while a setting is in effect.
+If you enable this setting, the system doesn't personalize menus. All menu items appear and remain in standard order. Also, this setting removes the "Use Personalized Menus" option so users don't try to change the setting while a setting is in effect.
 
 > [!NOTE]
 > Personalized menus require user tracking. If you enable the "Turn off user tracking" setting, the system disables user tracking and personalized menus and ignores this setting.
@@ -1000,16 +757,11 @@ If you enable this setting, the system does not personalize menus. All menu item
 To Turn off personalized menus without specifying a setting, click Start, click Settings, click Taskbar and Start Menu, and then, on the General tab, clear the "Use Personalized Menus" option.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off personalized menus*
+-   GP Friendly name: *Turn off personalized menus*
 -   GP name: *Intellimenus*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1022,32 +774,14 @@ ADMX Info:
 **ADMX_StartMenu/LockTaskbar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1062,28 +796,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting affects the taskbar, which is used to switch between running applications.
+This setting affects the taskbar, which is used to switch between running applications.
 
-The taskbar includes the Start button, list of currently running tasks, and the notification area. By default, the taskbar is located at the bottom of the screen, but it can be dragged to any side of the screen. When it is locked, it cannot be moved or resized.
+The taskbar includes the Start button, list of currently running tasks, and the notification area. By default, the taskbar is located at the bottom of the screen, but it can be dragged to any side of the screen. When it's locked, it can't be moved or resized.
 
 If you enable this setting, it prevents the user from moving or resizing the taskbar. While the taskbar is locked, auto-hide and other taskbar options are still available in Taskbar properties.
 
-If you disable this setting or do not configure it, the user can configure the taskbar position.
+If you disable this setting or don't configure it, the user can configure the taskbar position.
 
 > [!NOTE]
-> Enabling this setting also locks the QuickLaunch bar and any other toolbars that the user has on their taskbar. The toolbar's position is locked, and the user cannot show and hide various toolbars using the taskbar context menu.
+> Enabling this setting also locks the QuickLaunch bar and any other toolbars that the user has on their taskbar. The toolbar's position is locked, and the user can't show and hide various toolbars using the taskbar context menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Lock the Taskbar*
+-   GP Friendly name: *Lock the Taskbar*
 -   GP name: *LockTaskbar*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1096,32 +825,14 @@ ADMX Info:
 **ADMX_StartMenu/MemCheckBoxInRunDlg**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1136,23 +847,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.
+This policy setting lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.
 
-All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment, complete with the DLLs required by 16-bit programs. By default, all 16-bit programs run as threads in a single, shared VDM process. As such, they share the memory space allocated to the VDM process and cannot run simultaneously.
+All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment, complete with the DLLs required by 16-bit programs. By default, all 16-bit programs run as threads in a single, shared VDM process. As such, they share the memory space allocated to the VDM process and can't run simultaneously.
 
-Enabling this setting adds a check box to the Run dialog box, giving users the option of running a 16-bit program in its own dedicated NTVDM process. The additional check box is enabled only when a user enters a 16-bit program in the Run dialog box.
+Enabling this setting adds a check box to the Run dialog box, giving users the option of running a 16-bit program in its own dedicated NTVDM process. The extra check box is enabled only when a user enters a 16-bit program in the Run dialog box.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Add "Run in Separate Memory Space" check box to Run dialog box*
+-   GP Friendly name: *Add "Run in Separate Memory Space" check box to Run dialog box*
 -   GP name: *MemCheckBoxInRunDlg*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1165,32 +871,14 @@ ADMX Info:
 **ADMX_StartMenu/NoAutoTrayNotify**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1205,7 +893,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting affects the notification area, also called the "system tray."
+This setting affects the notification area, also called the "system tray."
 
 The notification area is located in the task bar, generally at the bottom of the screen, and it includes the clock and current notifications. This setting determines whether the items are always expanded or always collapsed. By default, notifications are collapsed. The notification cleanup << icon can be referred to as the "notification chevron."
 
@@ -1213,19 +901,14 @@ If you enable this setting, the system notification area expands to show all of
 
 If you disable this setting, the system notification area will always collapse notifications.
 
-If you do not configure it, the user can choose if they want notifications collapsed.
+If you don't configure it, the user can choose if they want notifications collapsed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off notification area cleanup*
+-   GP Friendly name: *Turn off notification area cleanup*
 -   GP name: *NoAutoTrayNotify*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1238,32 +921,14 @@ ADMX Info:
 **ADMX_StartMenu/NoBalloonTip**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1278,25 +943,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Hides pop-up text on the Start menu and in the notification area.
+Hides pop-up text on the Start menu and in the notification area.
 
 When you hold the cursor over an item on the Start menu or in the notification area, the system displays pop-up text providing additional information about the object.
 
-If you enable this setting, some of this pop-up text is not displayed. The pop-up text affected by this setting includes "Click here to begin" on the Start button, "Where have all my programs gone" on the Start menu, and "Where have my icons gone" in the notification area.
+If you enable this setting, some of this pop-up text isn't displayed. The pop-up text affected by this setting includes "Click here to begin" on the Start button, "Where have all my programs gone" on the Start menu, and "Where have my icons gone" in the notification area.
 
-If you disable this setting or do not configure it, all pop-up text is displayed on the Start menu and in the notification area.
+If you disable this setting or don't configure it, all pop-up text is displayed on the Start menu and in the notification area.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Balloon Tips on Start Menu items*
+-   GP Friendly name: *Remove Balloon Tips on Start Menu items*
 -   GP name: *NoBalloonTip*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1309,32 +969,14 @@ ADMX Info:
 **ADMX_StartMenu/NoChangeStartMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1349,23 +991,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from changing their Start screen layout.
+This policy setting allows you to prevent users from changing their Start screen layout.
 
-If you enable this setting, you will prevent a user from selecting an app, resizing a tile, pinning/unpinning a tile or a secondary tile, entering the customize mode and rearranging tiles within Start and Apps.
+If you enable this setting, you'll prevent a user from selecting an app, resizing a tile, pinning/unpinning a tile or a secondary tile, entering the customize mode and rearranging tiles within Start and Apps.
 
-If you disable or do not configure this setting, you will allow a user to select an app, resize a tile, pin/unpin a tile or a secondary tile, enter the customize mode and rearrange tiles within Start and Apps.
+If you disable or don't configure this setting, you'll allow a user to select an app, resize a tile, pin/unpin a tile or a secondary tile, enter the customize mode and rearrange tiles within Start and Apps.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent users from customizing their Start Screen*
+-   GP Friendly name: *Prevent users from customizing their Start Screen*
 -   GP name: *NoChangeStartMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1378,32 +1015,14 @@ ADMX Info:
 **ADMX_StartMenu/NoClose**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1418,26 +1037,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from performing the following commands from the Start menu or Windows Security screen: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions.
+This policy setting prevents users from performing the following commands from the Start menu or Windows Security screen: Shut Down, Restart, Sleep, and Hibernate. This policy setting doesn't prevent users from running Windows-based programs that perform these functions.
 
 If you enable this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are removed from the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE.
 
-If you disable or do not configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security screen is also available.
+If you disable or don't configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security screen is also available.
 
 > [!NOTE]
 > Third-party programs certified as compatible with Microsoft Windows Vista, Windows XP SP2, Windows XP SP1, Windows XP, or Windows 2000 Professional are required to support this policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands*
+-   GP Friendly name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands*
 -   GP name: *NoClose*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1450,32 +1064,14 @@ ADMX Info:
 **ADMX_StartMenu/NoCommonGroups**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1490,23 +1086,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes items in the All Users profile from the Programs menu on the Start menu.
+Removes items in the All Users profile from the Programs menu on the Start menu.
 
 By default, the Programs menu contains items from the All Users profile and items from the user's profile. If you enable this setting, only items in the user's profile appear in the Programs menu.
 
 To see the Program menu items in the All Users profile, on the system drive, go to ProgramData\Microsoft\Windows\Start Menu\Programs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove common program groups from Start Menu*
+-   GP Friendly name: *Remove common program groups from Start Menu*
 -   GP name: *NoCommonGroups*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1519,32 +1110,14 @@ ADMX Info:
 **ADMX_StartMenu/NoFavoritesMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1559,30 +1132,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from adding the Favorites menu to the Start menu or classic Start menu.
+Prevents users from adding the Favorites menu to the Start menu or classic Start menu.
 
-If you enable this setting, the Display Favorites item does not appear in the Advanced Start menu options box.
+If you enable this setting, the Display Favorites item doesn't appear in the Advanced Start menu options box.
 
-If you disable or do not configure this setting, the Display Favorite item is available.
+If you disable or don't configure this setting, the Display Favorite item is available.
 
 > [!NOTE]
-> The Favorities menu does not appear on the Start menu by default. To display the Favorites menu, right-click Start, click Properties, and then click Customize.  If you are using Start menu, click the Advanced tab, and then, under Start menu items, click the Favorites menu. If you are using the classic Start menu, click Display Favorites under Advanced Start menu options.
+> The Favorites menu doesn't appear on the Start menu by default. To display the Favorites menu, right-click Start, click Properties, and then click Customize.  If you are using Start menu, click the Advanced tab, and then, under Start menu items, click the Favorites menu. If you are using the classic Start menu, click Display Favorites under Advanced Start menu options.
 > 
 > The items that appear in the Favorites menu when you install Windows are preconfigured by the system to appeal to most users. However, users can add and remove items from this menu, and system administrators can create a customized Favorites menu for a user group.
 >
 > This setting only affects the Start menu. The Favorites item still appears in File Explorer and in Internet Explorer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Favorites menu from Start Menu*
+-   GP Friendly name: *Remove Favorites menu from Start Menu*
 -   GP name: *NoFavoritesMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1595,32 +1163,14 @@ ADMX Info:
 **ADMX_StartMenu/NoFind**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1635,29 +1185,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Search link from the Start menu, and disables some File Explorer search elements. Note that this does not remove the search box from the new style Start menu.
+This policy setting allows you to remove the Search link from the Start menu, and disables some File Explorer search elements. This policy setting doesn't remove the search box from the new style Start menu.
 
-If you enable this policy setting, the Search item is removed from the Start menu and from the context menu that appears when you right-click the Start menu. Also, the system does not respond when users press the Application key (the key with the Windows logo)+ F.
+If you enable this policy setting, the Search item is removed from the Start menu and from the context menu that appears when you right-click the Start menu. Also, the system doesn't respond when users press the Application key (the key with the Windows logo)+ F.
 
-Note: Enabling this policy setting also prevents the user from using the F3 key.
+> [!NOTE]
+> Enabling this policy setting also prevents the user from using the F3 key.
 
-In File Explorer, the Search item still appears on the Standard buttons toolbar, but the system does not respond when the user presses Ctrl+F. Also, Search does not appear in the context menu when you right-click an icon representing a drive or a folder.
+In File Explorer, the Search item still appears on the Standard buttons toolbar, but the system doesn't respond when the user presses Ctrl+F. Also, Search doesn't appear in the context menu when you right-click an icon representing a drive or a folder.
 
-This policy setting affects the specified user interface elements only. It does not affect Internet Explorer and does not prevent the user from using other methods to search.
+This policy setting affects the specified user interface elements only. It doesn't affect Internet Explorer and doesn't prevent the user from using other methods to search.
 
-If you disable or do not configure this policy setting, the Search link is available from the Start menu.
+If you disable or don't configure this policy setting, the Search link is available from the Start menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Search link from Start Menu*
+-   GP Friendly name: *Remove Search link from Start Menu*
 -   GP name: *NoFind*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1670,32 +1216,14 @@ ADMX Info:
 **ADMX_StartMenu/NoGamesFolderOnStartMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1710,21 +1238,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu will not show a link to the Games folder.
+If you enable this policy, the start menu won't show a link to the Games folder.
 
-If you disable or do not configure this policy, the start menu will show a link to the Games folder, unless the user chooses to remove it in the start menu control panel.
+If you disable or don't configure this policy, the start menu will show a link to the Games folder, unless the user chooses to remove it in the start menu control panel.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Games link from Start Menu*
+-   GP Friendly name: *Remove Games link from Start Menu*
 -   GP name: *NoGamesFolderOnStartMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1737,32 +1260,14 @@ ADMX Info:
 **ADMX_StartMenu/NoHelp**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1777,25 +1282,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Help command from the Start menu.
+This policy setting allows you to remove the Help command from the Start menu.
 
 If you enable this policy setting, the Help command is removed from the Start menu.
 
-If you disable or do not configure this policy setting, the Help command is available from the Start menu.
+If you disable or don't configure this policy setting, the Help command is available from the Start menu.
 
-This policy setting only affects the Start menu. It does not remove the Help menu from File Explorer and does not prevent users from running Help.
+This policy setting only affects the Start menu. It doesn't remove the Help menu from File Explorer and doesn't prevent users from running Help.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Help menu from Start Menu*
+-   GP Friendly name: *Remove Help menu from Start Menu*
 -   GP name: *NoHelp*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1808,32 +1308,14 @@ ADMX Info:
 **ADMX_StartMenu/NoInstrumentation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1848,27 +1330,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off user tracking.
+This policy setting allows you to turn off user tracking.
 
-If you enable this policy setting, the system does not track the programs that the user runs, and does not display frequently used programs in the Start Menu.
+If you enable this policy setting, the system doesn't track the programs that the user runs, and doesn't display frequently used programs in the Start Menu.
 
-If you disable or do not configure this policy setting, the system tracks the programs that the user runs. The system uses this information to customize Windows features, such as showing frequently used programs in the Start Menu.
+If you disable or don't configure this policy setting, the system tracks the programs that the user runs. The system uses this information to customize Windows features, such as showing frequently used programs in the Start Menu.
 
-Also, see these related policy settings: "Remove frequent programs liist from the Start Menu" and "Turn off personalized menus".
+Also, see these related policy settings: "Remove frequent programs list from the Start Menu" and "Turn off personalized menus".
 
-This policy  setting does not prevent users from pinning programs to the Start Menu or Taskbar. See the "Remove pinned programs list from the Start Menu" and "Do not allow pinning programs to the Taskbar" policy settings.
+This policy  setting doesn't prevent users from pinning programs to the Start Menu or Taskbar. See the "Remove pinned programs list from the Start Menu" and "Do not allow pinning programs to the Taskbar" policy settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off user tracking*
+-   GP Friendly name: *Turn off user tracking*
 -   GP name: *NoInstrumentation*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1881,32 +1358,14 @@ ADMX Info:
 **ADMX_StartMenu/NoMoreProgramsList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1922,27 +1381,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the Start Menu will either collapse or remove the all apps list from the Start menu.
+If you enable this setting, the Start Menu will either collapse or remove the all apps list from the Start menu.
 
-Selecting "Collapse" will not display the app list next to the pinned tiles in Start. An "All apps" button will be displayed on Start to open the all apps list. This is equivalent to setting the "Show app list in Start" in Settings to Off.
+Selecting "Collapse" won't display the app list next to the pinned tiles in Start. An "All apps" button will be displayed on Start to open the all apps list. This selection of collapse is equivalent to setting the "Show app list in Start" in Settings to Off.
 
-Selecting "Collapse and disable setting" will do the same as the collapse option and disable the "Show app list in Start menu" in Settings, so users cannot turn it to On.
+Selecting "Collapse and disable setting" will do the same as the collapse option and disable the "Show app list in Start menu" in Settings, so users can't turn it to On.
 
-Selecting "Remove and disable setting" will remove the all apps list from Start and disable the "Show app list in Start menu" in Settings, so users cannot turn it to On. Select this option for compatibility with earlier versions of Windows.
+Selecting "Remove and disable setting" will remove the all apps list from Start and disable the "Show app list in Start menu" in Settings, so users can't turn it to On. Select this option for compatibility with earlier versions of Windows.
 
-If you disable or do not configure this setting, the all apps list will be visible by default, and the user can change "Show app list in Start" in Settings.
+If you disable or don't configure this setting, the all apps list will be visible by default, and the user can change "Show app list in Start" in Settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove All Programs list from the Start menu*
+-   GP Friendly name: *Remove All Programs list from the Start menu*
 -   GP name: *NoMoreProgramsList*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1955,32 +1409,14 @@ ADMX Info:
 **ADMX_StartMenu/NoNetAndDialupConnect**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1995,7 +1431,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove Network Connections from the Start Menu.
+This policy setting allows you to remove Network Connections from the Start Menu.
 
 If you enable this policy setting, users are prevented from running Network Connections.
 
@@ -2003,21 +1439,16 @@ Enabling this policy setting prevents the Network Connections folder from openin
 
 Network Connections still appears in Control Panel and in File Explorer, but if users try to start it, a message appears explaining that a setting prevents the action.
 
-If you disable or do not configure this policy setting, Network Connections is available from the Start Menu.
+If you disable or don't configure this policy setting, Network Connections is available from the Start Menu.
 
 Also, see the "Disable programs on Settings menu" and "Disable Control Panel" policy settings and the policy settings in the Network Connections folder (Computer Configuration and User Configuration\Administrative Templates\Network\Network Connections).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Network Connections from Start Menu*
+-   GP Friendly name: *Remove Network Connections from Start Menu*
 -   GP name: *NoNetAndDialupConnect*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -2030,32 +1461,14 @@ ADMX Info:
 **ADMX_StartMenu/NoPinnedPrograms**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2070,23 +1483,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the "Pinned Programs" list is removed from the Start menu. Users cannot pin programs to the Start menu.
+If you enable this setting, the "Pinned Programs" list is removed from the Start menu. Users can't pin programs to the Start menu.
 
 In Windows XP and Windows Vista, the Internet and email checkboxes are removed from the 'Customize Start Menu' dialog.
 
-If you disable this setting or do not configure it, the "Pinned Programs" list remains on the Start menu. Users can pin and unpin programs in the Start Menu.
+If you disable this setting or don't configure it, the "Pinned Programs" list remains on the Start menu. Users can pin and unpin programs in the Start Menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove pinned programs list from the Start Menu*
+-   GP Friendly name: *Remove pinned programs list from the Start Menu*
 -   GP name: *NoPinnedPrograms*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -2099,32 +1507,14 @@ ADMX Info:
 **ADMX_StartMenu/NoRecentDocsMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2139,34 +1529,29 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes the Recent Items menu from the Start menu.  Removes the Documents menu from the classic Start menu.
+Removes the Recent Items menu from the Start menu.  Removes the Documents menu from the classic Start menu.
 
 The Recent Items menu contains links to the non-program files that users have most recently opened. It appears so that users can easily reopen their documents.
 
-If you enable this setting, the system saves document shortcuts but does not display the Recent Items menu in the Start Menu, and users cannot turn the menu on.
+If you enable this setting, the system saves document shortcuts but doesn't display the Recent Items menu in the Start Menu, and users can't turn on the menu.
 
 If you later disable the setting, so that the Recent Items menu appears in the Start Menu, the document shortcuts saved before the setting was enabled and while it was in effect appear in the Recent Items menu.
 
-When the setting is disabled, the Recent Items menu appears in the Start Menu, and users cannot remove it.
+When the setting is disabled, the Recent Items menu appears in the Start Menu, and users can't remove it.
 
-If the setting is not configured, users can turn the Recent Items menu on and off.
+If the setting isn't configured, users can turn the Recent Items menu on and off.
 
 > [!NOTE]
-> This setting does not prevent Windows programs from displaying shortcuts to recently opened documents. See the "Do not keep history of recently opened documents" setting.
+> This setting doesn't prevent Windows programs from displaying shortcuts to recently opened documents. See the "Do not keep history of recently opened documents" setting.
 
-This setting also does not hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting.
+This setting also doesn't hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Recent Items menu from Start Menu*
+-   GP Friendly name: *Remove Recent Items menu from Start Menu*
 -   GP name: *NoRecentDocsMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -2179,32 +1564,14 @@ ADMX Info:
 **ADMX_StartMenu/NoResolveSearch**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2219,28 +1586,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.
+This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.
 
-If you enable this policy setting, the system does not conduct the final drive search. It just displays a message explaining that the file is not found.
+If you enable this policy setting, the system doesn't conduct the final drive search. It just displays a message explaining that the file isn't found.
 
-If you disable or do not configure this policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find the file.
+If you disable or don't configure this policy setting, by default, when the system can't find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path isn't correct, it conducts a comprehensive search of the target drive in an attempt to find the file.
 
 > [!NOTE]
-> This policy setting only applies to target files on NTFS partitions. FAT partitions do not have this ID tracking and search capability.
+> This policy setting only applies to target files on NTFS partitions. FAT partitions don't have this ID tracking and search capability.
 
 Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use the tracking-based method when resolving shell shortcuts" policy settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not use the search-based method when resolving shell shortcuts*
+-   GP Friendly name: *Do not use the search-based method when resolving shell shortcuts*
 -   GP name: *NoResolveSearch*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -2253,32 +1615,14 @@ ADMX Info:
 **ADMX_StartMenu/NoResolveTrack**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2293,27 +1637,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the system from using NTFS tracking features to resolve a shortcut.
+This policy setting prevents the system from using NTFS tracking features to resolve a shortcut.
 
-If you enable this policy setting, the system does not try to locate the file by using its file ID. It skips this step and begins a comprehensive search of the drive specified in the target path.
+If you enable this policy setting, the system doesn't try to locate the file by using its file ID. It skips this step and begins a comprehensive search of the drive specified in the target path.
 
-If you disable or do not configure this policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find the file.
+If you disable or don't configure this policy setting, by default, when the system can't find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path isn't correct, it conducts a comprehensive search of the target drive in an attempt to find the file.
 
 > [!NOTE]
-> This policy setting only applies to target files on NTFS partitions. FAT partitions do not have this ID tracking and search capability.
+> This policy setting only applies to target files on NTFS partitions. FAT partitions don't have this ID tracking and search capability.
 
 Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use the search-based method when resolving shell shortcuts" policy settings.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not use the tracking-based method when resolving shell shortcuts*
+-   GP Friendly name: *Do not use the tracking-based method when resolving shell shortcuts*
 -   GP name: *NoResolveTrack*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -2326,32 +1665,14 @@ ADMX Info:
 **ADMX_StartMenu/NoRun**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2366,7 +1687,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Allows you to remove the Run command from the Start menu, Internet Explorer, and Task Manager.
+Allows you to remove the Run command from the Start menu, Internet Explorer, and Task Manager.
 
 If you enable this setting, the following changes occur:
 
@@ -2378,30 +1699,25 @@ If you enable this setting, the following changes occur:
 
     - A UNC path: `\\\`
 
-    - Accessing local drives:  e.g., C:
+    - Accessing local drives:  for example, C:
 
-    - Accessing local folders: e.g., `\`
+    - Accessing local folders: for example, `\`
 
 Also, users with extended keyboards will no longer be able to display the Run dialog box by pressing the Application key (the key with the Windows logo) + R.
 
-If you disable or do not configure this setting, users will be able to access the Run command in the Start menu and in Task Manager and use the Internet Explorer Address Bar.
+If you disable or don't configure this setting, users will be able to access the Run command in the Start menu and in Task Manager and use the Internet Explorer Address Bar.
 
 > [!NOTE]
-> This setting affects the specified interface only. It does not prevent users from using other methods to run programs.
+> This setting affects the specified interface only. It doesn't prevent users from using other methods to run programs.
 >
-> It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
+> It's a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Run menu from Start Menu*
+-   GP Friendly name: *Remove Run menu from Start Menu*
 -   GP name: *NoRun*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -2414,32 +1730,14 @@ ADMX Info:
 **ADMX_StartMenu/NoSMConfigurePrograms**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2454,28 +1752,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Default Programs link from the Start menu.
+This policy setting allows you to remove the Default Programs link from the Start menu.
 
 If you enable this policy setting, the Default Programs link is removed from the Start menu.
 
 Clicking the Default Programs link from the Start menu opens the Default Programs control panel and provides administrators the ability to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.
 
-If you disable or do not configure this policy setting, the Default Programs link is available from the Start menu.
+If you disable or don't configure this policy setting, the Default Programs link is available from the Start menu.
 
 > [!NOTE]
-> This policy setting does not prevent the Set Default Programs for This Computer option from appearing in the Default Programs control panel.
+> This policy setting doesn't prevent the Set Default Programs for This Computer option from appearing in the Default Programs control panel.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Default Programs link from the Start menu.*
+-   GP Friendly name: *Remove Default Programs link from the Start menu.*
 -   GP name: *NoSMConfigurePrograms*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -2488,32 +1781,14 @@ ADMX Info:
 **ADMX_StartMenu/NoSMMyDocuments**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2528,28 +1803,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Documents icon from the Start menu and its submenus.
+This policy setting allows you to remove the Documents icon from the Start menu and its submenus.
 
-If you enable this policy setting, the Documents icon is removed from the Start menu and its submenus. Enabling this policy setting only removes the icon. It does not prevent the user from using other methods to gain access to the contents of the Documents folder.
+If you enable this policy setting, the Documents icon is removed from the Start menu and its submenus. Enabling this policy setting only removes the icon. It doesn't prevent the user from using other methods to gain access to the contents of the Documents folder.
 
 > [!NOTE]
 > To make changes to this policy setting effective, you must log off and then log on.
 
-If you disable or do not configure this policy setting, he Documents icon is available from the Start menu.
+If you disable or don't configure this policy setting, the Documents icon is available from the Start menu.
 
 Also, see the "Remove Documents icon on the desktop" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Documents icon from Start Menu*
+-   GP Friendly name: *Remove Documents icon from Start Menu*
 -   GP name: *NoSMMyDocuments*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -2562,32 +1832,14 @@ ADMX Info:
 **ADMX_StartMenu/NoSMMyMusic**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2602,23 +1854,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Music icon from Start Menu.
+This policy setting allows you to remove the Music icon from Start Menu.
 
 If you enable this policy setting, the Music icon is no longer available from Start Menu.
 
-If you disable or do not configure this policy setting, the Music icon is available from Start Menu.
+If you disable or don't configure this policy setting, the Music icon is available from Start Menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Music icon from Start Menu*
+-   GP Friendly name: *Remove Music icon from Start Menu*
 -   GP name: *NoSMMyMusic*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -2631,32 +1878,14 @@ ADMX Info:
 **ADMX_StartMenu/NoSMMyNetworkPlaces**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2671,23 +1900,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build.This policy setting allows you to remove the Network icon from Start Menu.
+This policy setting allows you to remove the Network icon from Start Menu.
 
 If you enable this policy setting, the Network icon is no longer available from Start Menu.
 
-If you disable or do not configure this policy setting, the Network icon is available from Start Menu.
+If you disable or don't configure this policy setting, the Network icon is available from Start Menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Network icon from Start Menu*
+-   GP Friendly name: *Remove Network icon from Start Menu*
 -   GP name: *NoSMMyNetworkPlaces*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -2700,32 +1924,14 @@ ADMX Info:
 **ADMX_StartMenu/NoSMMyPictures**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2740,23 +1946,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Pictures icon from Start Menu.
+This policy setting allows you to remove the Pictures icon from Start Menu.
 
 If you enable this policy setting, the Pictures icon is no longer available from Start Menu.
 
-If you disable or do not configure this policy setting, the Pictures icon is available from Start Menu.
+If you disable or don't configure this policy setting, the Pictures icon is available from Start Menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Pictures icon from Start Menu*
+-   GP Friendly name: *Remove Pictures icon from Start Menu*
 -   GP name: *NoSMMyPictures*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -2769,32 +1970,14 @@ ADMX Info:
 **ADMX_StartMenu/NoSearchCommInStartMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2809,21 +1992,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu search box will not search for communications.
+If you enable this policy, the start menu search box won't search for communications.
 
-If you disable or do not configure this policy, the start menu will search for communications, unless the user chooses not to in the start menu control panel.
+If you disable or don't configure this policy, the start menu will search for communications, unless the user chooses not to in the start menu control panel.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not search communications*
+-   GP Friendly name: *Do not search communications*
 -   GP name: *NoSearchCommInStartMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -2836,32 +2014,14 @@ ADMX Info:
 **ADMX_StartMenu/NoSearchComputerLinkInStartMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2876,21 +2036,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy, the "See all results" link will not be shown when the user performs a search in the start menu search box.
+If you enable this policy, the "See all results" link won't be shown when the user performs a search in the start menu search box.
 
-If you disable or do not configure this policy, the "See all results" link will be shown when the user performs a search in the start menu search box.
+If you disable or don't configure this policy, the "See all results" link will be shown when the user performs a search in the start menu search box.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Search Computer link*
+-   GP Friendly name: *Remove Search Computer link*
 -   GP name: *NoSearchComputerLinkInStartMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -2903,32 +2058,14 @@ ADMX Info:
 **ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2943,21 +2080,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.
+If you enable this policy, a "See more results" / "Search Everywhere" link won't be shown when the user performs a search in the start menu search box.
 
-If you disable or do not configure this policy, a "See more results" link will be shown when the user performs a search in the start menu search box.  If a 3rd party protocol handler is installed, a "Search Everywhere" link will be shown instead of the "See more results" link.
+If you disable or don't configure this policy, a "See more results" link will be shown when the user performs a search in the start menu search box.  If a third-party protocol handler is installed, a "Search Everywhere" link will be shown instead of the "See more results" link.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove See More Results / Search Everywhere link*
+-   GP Friendly name: *Remove See More Results / Search Everywhere link*
 -   GP name: *NoSearchEverywhereLinkInStartMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -2970,32 +2102,14 @@ ADMX Info:
 **ADMX_StartMenu/NoSearchFilesInStartMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3010,21 +2124,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting the Start menu search box will not search for files.
+If you enable this policy setting, the Start menu search box won't search for files.
 
-If you disable or do not configure this policy setting, the Start menu will search for files, unless the user chooses not to do so directly in Control Panel. If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.
+If you disable or don't configure this policy setting, the Start menu will search for files, unless the user chooses not to do so directly in Control Panel. If you enable this policy, a "See more results" / "Search Everywhere" link won't be shown when the user performs a search in the start menu search box.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not search for files*
+-   GP Friendly name: *Do not search for files*
 -   GP name: *NoSearchFilesInStartMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -3037,32 +2146,14 @@ ADMX Info:
 **ADMX_StartMenu/NoSearchInternetInStartMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3077,21 +2168,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu search box will not search for internet history or favorites.
+If you enable this policy, the start menu search box won't search for internet history or favorites.
 
-If you disable or do not configure this policy, the start menu will search for for internet history or favorites, unless the user chooses not to in the start menu control panel.
+If you disable or don't configure this policy, the start menu will search for internet history or favorites, unless the user chooses not to in the start menu control panel.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not search Internet*
+-   GP Friendly name: *Do not search Internet*
 -   GP name: *NoSearchInternetInStartMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -3104,32 +2190,14 @@ ADMX Info:
 **ADMX_StartMenu/NoSearchProgramsInStartMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3144,21 +2212,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting the Start menu search box will not search for programs or Control Panel items.
+If you enable this policy setting, the Start menu search box won't search for programs or Control Panel items.
 
-If you disable or do not configure this policy setting, the Start menu search box will search for programs and Control Panel items, unless the user chooses not to do so directly in Control Panel.
+If you disable or don't configure this policy setting, the Start menu search box will search for programs and Control Panel items, unless the user chooses not to do so directly in Control Panel.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not search programs and Control Panel items*
+-   GP Friendly name: *Do not search programs and Control Panel items*
 -   GP name: *NoSearchProgramsInStartMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -3171,32 +2234,14 @@ ADMX Info:
 **ADMX_StartMenu/NoSetFolders**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3211,27 +2256,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove programs on Settings menu.
+This policy setting allows you to remove programs on Settings menu.
 
 If you enable this policy setting, the Control Panel, Printers, and Network and Connection folders are removed from Settings on the Start menu, and from Computer and File Explorer. It also prevents the programs represented by these folders (such as Control.exe) from running.
 
 However, users can still start Control Panel items by using other methods, such as right-clicking the desktop to start Display or right-clicking Computer to start System.
 
-If you disable or do not configure this policy setting, the Control Panel, Printers, and Network and Connection folders from Settings are available on the Start menu, and from Computer and File Explorer.
+If you disable or don't configure this policy setting, the Control Panel, Printers, and Network and Connection folders from Settings are available on the Start menu, and from Computer and File Explorer.
 
 Also, see the "Disable Control Panel," "Disable Display in Control Panel," and "Remove Network Connections from Start Menu" policy settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove programs on Settings menu*
+-   GP Friendly name: *Remove programs on Settings menu*
 -   GP name: *NoSetFolders*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -3244,32 +2284,14 @@ ADMX Info:
 **ADMX_StartMenu/NoSetTaskbar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3284,25 +2306,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent changes to Taskbar and Start Menu Settings.
+This policy setting allows you to prevent changes to Taskbar and Start Menu Settings.
 
 If you enable this policy setting, The user will be prevented from opening the Taskbar Properties dialog box.
 
 If the user right-clicks the taskbar and then clicks Properties, a message appears explaining that a setting prevents the action.
 
-If you disable or do not configure this policy setting, the Taskbar and Start Menu items are available from Settings on the Start menu.
+If you disable or don't configure this policy setting, the Taskbar and Start Menu items are available from Settings on the Start menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent changes to Taskbar and Start Menu Settings*
+-   GP Friendly name: *Prevent changes to Taskbar and Start Menu Settings*
 -   GP name: *NoSetTaskbar*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -3315,32 +2332,14 @@ ADMX Info:
 **ADMX_StartMenu/NoStartMenuDownload**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3355,23 +2354,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Downloads link from the Start Menu.
+This policy setting allows you to remove the Downloads link from the Start Menu.
 
-If you enable this policy setting, the Start Menu does not show a link to the Downloads folder.
+If you enable this policy setting, the Start Menu doesn't show a link to the Downloads folder.
 
-If you disable or do not configure this policy setting, the Downloads link is available from the Start Menu.
+If you disable or don't configure this policy setting, the Downloads link is available from the Start Menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Downloads link from Start Menu*
+-   GP Friendly name: *Remove Downloads link from Start Menu*
 -   GP name: *NoStartMenuDownload*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -3384,32 +2378,14 @@ ADMX Info:
 **ADMX_StartMenu/NoStartMenuHomegroup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3424,21 +2400,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result, users cannot add the homegroup link to the Start Menu.
+If you enable this policy, the Start menu won't show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result, users can't add the homegroup link to the Start Menu.
 
-If you disable or do not configure this policy, users can use the Start Menu options to add or remove the homegroup link from the Start Menu.
+If you disable or don't configure this policy, users can use the Start Menu options to add or remove the homegroup link from the Start Menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Homegroup link from Start Menu*
+-   GP Friendly name: *Remove Homegroup link from Start Menu*
 -   GP name: *NoStartMenuHomegroup*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -3451,32 +2422,14 @@ ADMX Info:
 **ADMX_StartMenu/NoStartMenuRecordedTV**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3491,23 +2444,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Recorded TV link from the Start Menu.
+This policy setting allows you to remove the Recorded TV link from the Start Menu.
 
-If you enable this policy setting, the Start Menu does not show a link to the Recorded TV library.
+If you enable this policy setting, the Start Menu doesn't show a link to the Recorded TV library.
 
-If you disable or do not configure this policy setting, the Recorded TV link is available from the Start Menu.
+If you disable or don't configure this policy setting, the Recorded TV link is available from the Start Menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Recorded TV link from Start Menu*
+-   GP Friendly name: *Remove Recorded TV link from Start Menu*
 -   GP name: *NoStartMenuRecordedTV*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -3520,32 +2468,14 @@ ADMX Info:
 **ADMX_StartMenu/NoStartMenuSubFolders**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3560,27 +2490,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Hides all folders on the user-specific (top) section of the Start menu. Other items appear, but folders are hidden.
+Hides all folders on the user-specific (top) section of the Start menu. Other items appear, but folders are hidden.
 
 This setting is designed for use with redirected folders. Redirected folders appear on the main (bottom) section of the Start menu. However, the original, user-specific version of the folder still appears on the top section of the Start menu. Because the appearance of two folders with the same name might confuse users, you can use this setting to hide user-specific folders.
 
-Note that this setting hides all user-specific folders, not just those associated with redirected folders.
+This setting hides all user-specific folders, not just those folders associated with redirected folders.
 
 If you enable this setting, no folders appear on the top section of the Start menu. If users add folders to the Start Menu directory in their user profiles, the folders appear in the directory but not on the Start menu.
 
-If you disable this setting or do not configured it, Windows 2000 Professional and Windows XP Professional display folders on both sections of the Start menu.
+If you disable this setting or don't configure it, Windows 2000 Professional and Windows XP Professional display folders on both sections of the Start menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove user's folders from the Start Menu*
+-   GP Friendly name: *Remove user's folders from the Start Menu*
 -   GP name: *NoStartMenuSubFolders*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -3593,32 +2518,14 @@ ADMX Info:
 **ADMX_StartMenu/NoStartMenuVideos**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3633,23 +2540,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Videos link from the Start Menu.
+This policy setting allows you to remove the Videos link from the Start Menu.
 
-If you enable this policy setting, the Start Menu does not show a link to the Videos library.
+If you enable this policy setting, the Start Menu doesn't show a link to the Videos library.
 
-If you disable or do not configure this policy setting, the Videos link is available from the Start Menu.
+If you disable or don't configure this policy setting, the Videos link is available from the Start Menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Videos link from Start Menu*
+-   GP Friendly name: *Remove Videos link from Start Menu*
 -   GP name: *NoStartMenuVideos*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -3662,32 +2564,14 @@ ADMX Info:
 **ADMX_StartMenu/NoStartPage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3702,27 +2586,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting affects the presentation of the Start menu.
+This setting affects the presentation of the Start menu.
 
-The classic Start menu in Windows 2000 Professional allows users to begin common tasks, while the new Start menu consolidates common items onto one menu. When the classic Start menu is used, the following icons are placed on the desktop: Documents, Pictures, Music, Computer, and Network. The new Start menu starts them directly.
+The classic Start menu in Windows allows users to begin common tasks, while the new Start menu consolidates common items onto one menu. When the classic Start menu is used, the following icons are placed on the desktop: Documents, Pictures, Music, Computer, and Network. The new Start menu starts them directly.
 
-If you enable this setting, the Start menu displays the classic Start menu in the Windows 2000 style and displays the standard desktop icons.
+If you enable this setting, the Start menu displays the classic Start menu and displays the standard desktop icons.
 
 If you disable this setting, the Start menu only displays in the new style, meaning the desktop icons are now on the Start page.
 
-If you do not configure this setting, the default is the new style, and the user can change the view.
+If you don't configure this setting, the default is the new style, and the user can change the view.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Force classic Start Menu*
+-   GP Friendly name: *Force classic Start Menu*
 -   GP name: *NoStartPage*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -3735,32 +2614,14 @@ ADMX Info:
 **ADMX_StartMenu/NoTaskBarClock**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3775,23 +2636,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents the clock in the system notification area from being displayed.
+Prevents the clock in the system notification area from being displayed.
 
-If you enable this setting, the clock will not be displayed in the system notification area.
+If you enable this setting, the clock won't be displayed in the system notification area.
 
-If you disable or do not configure this setting, the default behavior of the clock appearing in the notification area will occur.
+If you disable or don't configure this setting, the default behavior of the clock appearing in the notification area will occur.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Clock from the system notification area*
+-   GP Friendly name: *Remove Clock from the system notification area*
 -   GP name: *NoTaskBarClock*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -3804,32 +2660,14 @@ ADMX Info:
 **ADMX_StartMenu/NoTaskGrouping**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3844,25 +2682,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting affects the taskbar buttons used to switch between running programs.
+This setting affects the taskbar buttons used to switch between running programs.
 
 Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user's taskbar is full.
 
 If you enable this setting, it prevents the taskbar from grouping items that share the same program name. By default, this setting is always enabled.
 
-If you disable or do not configure it, items on the taskbar that share the same program are grouped together. The users have the option to disable grouping if they choose.
+If you disable or don't configure it, items on the taskbar that share the same program are grouped together. The users have the option to disable grouping, if they choose.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent grouping of taskbar items*
+-   GP Friendly name: *Prevent grouping of taskbar items*
 -   GP name: *NoTaskGrouping*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -3875,32 +2708,14 @@ ADMX Info:
 **ADMX_StartMenu/NoToolbarsOnTaskbar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3915,25 +2730,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting affects the taskbar.
+This setting affects the taskbar.
 
 The taskbar includes the Start button, buttons for currently running tasks, custom toolbars, the notification area, and the system clock. Toolbars include Quick Launch, Address, Links, Desktop, and other custom toolbars created by the user or by an application.
 
-If this setting is enabled, the taskbar does not display any custom toolbars, and the user cannot add any custom toolbars to the taskbar. Moreover, the "Toolbars" menu command and submenu are removed from the context menu. The taskbar displays only the Start button, taskbar buttons, the notification area, and the system clock.
+If this setting is enabled, the taskbar doesn't display any custom toolbars, and the user can't add any custom toolbars to the taskbar. Moreover, the "Toolbars" menu command and submenu are removed from the context menu. The taskbar displays only the Start button, taskbar buttons, the notification area, and the system clock.
 
-If this setting is disabled or is not configured, the taskbar displays all toolbars. Users can add or remove custom toolbars, and the "Toolbars" command appears in the context menu.
+If this setting is disabled or isn't configured, the taskbar displays all toolbars. Users can add or remove custom toolbars, and the "Toolbars" command appears in the context menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not display any custom toolbars in the taskbar*
+-   GP Friendly name: *Do not display any custom toolbars in the taskbar*
 -   GP name: *NoToolbarsOnTaskbar*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -3946,32 +2756,14 @@ ADMX Info:
 **ADMX_StartMenu/NoTrayContextMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3986,25 +2778,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove access to the context menus for the taskbar.
+This policy setting allows you to remove access to the context menus for the taskbar.
 
 If you enable this policy setting, the menus that appear when you right-click the taskbar and items on the taskbar are hidden, such as the Start button, the clock, and the taskbar buttons.
 
-If you disable or do not configure this policy setting, the context menus for the taskbar are available.
+If you disable or don't configure this policy setting, the context menus for the taskbar are available.
 
-This policy setting does not prevent users from using other methods to issue the commands that appear on these menus.
+This policy setting doesn't prevent users from using other methods to issue the commands that appear on these menus.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove access to the context menus for the taskbar*
+-   GP Friendly name: *Remove access to the context menus for the taskbar*
 -   GP name: *NoTrayContextMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -4017,32 +2804,14 @@ ADMX Info:
 **ADMX_StartMenu/NoTrayItemsDisplay**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4057,28 +2826,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting affects the notification area (previously called the "system tray") on the taskbar.
+This setting affects the notification area (previously called the "system tray") on the taskbar.
 
 The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.
 
 If this setting is enabled, the user’s entire notification area, including the notification icons, is hidden. The taskbar displays only the Start button, taskbar buttons, custom toolbars (if any), and the system clock.
 
-If this setting is disabled or is not configured, the notification area is shown in the user's taskbar.
+If this setting is disabled or isn't configured, the notification area is shown in the user's taskbar.
 
 > [!NOTE]
 > Enabling this setting overrides the "Turn off notification area cleanup" setting, because if the notification area is hidden, there is no need to clean up the icons.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide the notification area*
+-   GP Friendly name: *Hide the notification area*
 -   GP name: *NoTrayItemsDisplay*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -4091,32 +2855,14 @@ ADMX Info:
 **ADMX_StartMenu/NoUninstallFromStart**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4131,21 +2877,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this setting, users cannot uninstall apps from Start.
+If you enable this setting, users can't uninstall apps from Start.
 
-If you disable this setting or do not configure it, users can access the uninstall command from Start.
+If you disable this setting or don't configure it, users can access the uninstall command from Start.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent users from uninstalling applications from Start*
+-   GP Friendly name: *Prevent users from uninstalling applications from Start*
 -   GP name: *NoUninstallFromStart*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -4158,32 +2899,14 @@ ADMX Info:
 **ADMX_StartMenu/NoUserFolderOnStartMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4198,21 +2921,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu will not show a link to the user's storage folder.
+If you enable this policy, the start menu won't show a link to the user's storage folder.
 
-If you disable or do not configure this policy, the start menu will display a link, unless the user chooses to remove it in the start menu control panel.
+If you disable or don't configure this policy, the start menu will display a link, unless the user chooses to remove it in the start menu control panel.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove user folder link from Start Menu*
+-   GP Friendly name: *Remove user folder link from Start Menu*
 -   GP name: *NoUserFolderOnStartMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -4225,32 +2943,14 @@ ADMX Info:
 **ADMX_StartMenu/NoUserNameOnStartMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4265,25 +2965,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003.
+This policy setting allows you to remove the user name label from the Start Menu.
 
-If you enable this policy setting, the user name label is removed from the Start Menu in Windows XP and Windows Server 2003.
+If you enable this policy setting, the user name label is removed from the Start Menu.
 
-To remove the user name folder on Windows Vista, set the "Remove user folder link from Start Menu" policy setting.
-
-If you disable or do not configure this policy setting, the user name label appears on the Start Menu in Windows XP and Windows Server 2003.
+If you disable or don't configure this policy setting, the user name label appears on the Start Menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove user name from Start Menu*
+-   GP Friendly name: *Remove user name from Start Menu*
 -   GP name: *NoUserNameOnStartMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -4296,32 +2989,14 @@ ADMX Info:
 **ADMX_StartMenu/NoWindowsUpdate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4336,29 +3011,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove links and access to Windows Update.
+This policy setting allows you to remove links and access to Windows Update.
 
 If you enable this policy setting, users are prevented from connecting to the Windows Update Web site.
 
 Enabling this policy setting blocks user access to the Windows Update Web site at https://windowsupdate.microsoft.com. Also, the policy setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer.
 
-Windows Update, the online extension of Windows, offers software updates to keep a user’s system up-to-date. The Windows Update Product Catalog determines any system files, security fixes, and Microsoft updates that users need and shows the newest versions available for download.
+Windows Update, the online extension of Windows, offers software updates to keep a user’s system up-to-date. The Windows Update Product Catalog determines any system files, security fixes, and Microsoft updates that users need, newest versions of which are displayed for download.
 
-If you disable or do not configure this policy setting, the Windows Update hyperlink is available from the Start menu and from the Tools menu in Internet Explorer.
+If you disable or don't configure this policy setting, the Windows Update hyperlink is available from the Start menu and from the Tools menu in Internet Explorer.
 
 Also, see the "Hide the "Add programs from Microsoft" option" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove links and access to Windows Update*
+-   GP Friendly name: *Remove links and access to Windows Update*
 -   GP name: *NoWindowsUpdate*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -4371,32 +3041,14 @@ ADMX Info:
 **ADMX_StartMenu/PowerButtonAction**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4411,25 +3063,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Set the default action of the power button on the Start menu.
+Set the default action of the power button on the Start menu.
 
 If you enable this setting, the Start Menu will set the power button to the chosen action, and not let the user change this action.
 
-If you set the button to either Sleep or Hibernate, and that state is not supported on a computer, then the button will fall back to Shut Down.
+If you set the button to either Sleep or Hibernate, and that state isn't supported on a computer, then the button will fall back to Shut Down.
 
-If you disable or do not configure this setting, the Start Menu power button will be set to Shut Down by default, and the user can change this setting to another action.
+If you disable or don't configure this setting, the Start Menu power button will be set to Shut Down by default, and the user can change this setting to another action.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Change Start Menu power button*
+-   GP Friendly name: *Change Start Menu power button*
 -   GP name: *PowerButtonAction*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -4442,32 +3089,14 @@ ADMX Info:
 **ADMX_StartMenu/QuickLaunchEnabled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4482,25 +3111,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar.
+This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar.
 
-If you enable this policy setting, the QuickLaunch bar will be visible and cannot be turned off.
+If you enable this policy setting, the QuickLaunch bar will be visible and can't be turned off.
 
-If you disable this policy setting, the QuickLaunch bar will be hidden and cannot be turned on.
+If you disable this policy setting, the QuickLaunch bar will be hidden and can't be turned on.
 
-If you do not configure this policy setting, then users will be able to turn the QuickLaunch bar on and off.
+If you don't configure this policy setting, then users will be able to turn the QuickLaunch bar on and off.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Show QuickLaunch on Taskbar*
+-   GP Friendly name: *Show QuickLaunch on Taskbar*
 -   GP name: *QuickLaunchEnabled*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -4513,32 +3137,14 @@ ADMX Info:
 **ADMX_StartMenu/RemoveUnDockPCButton**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4553,21 +3159,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the "Undock PC" button is removed from the simple Start Menu, and your PC cannot be undocked.
+If you enable this setting, the "Undock PC" button is removed from the simple Start Menu, and your PC can't be undocked.
 
-If you disable this setting or do not configure it, the "Undock PC" button remains on the simple Start menu, and your PC can be undocked.
+If you disable this setting or don't configure it, the "Undock PC" button remains on the simple Start menu, and your PC can be undocked.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove the "Undock PC" button from the Start Menu*
+-   GP Friendly name: *Remove the "Undock PC" button from the Start Menu*
 -   GP name: *RemoveUnDockPCButton*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -4580,32 +3181,14 @@ ADMX Info:
 **ADMX_StartMenu/ShowAppsViewOnStart**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4620,23 +3203,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the Apps view to be opened by default when the user goes to Start.
+This policy setting allows the Apps view to be opened by default when the user goes to Start.
 
 If you enable this policy setting, the Apps view will appear whenever the user goes to Start. Users will still be able to switch between the Apps view and the Start screen.
 
 If you disable or don’t configure this policy setting, the Start screen will appear by default whenever the user goes to Start, and the user will be able to switch between the Apps view and the Start screen. Also, the user will be able to configure this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Show the Apps view automatically when the user goes to Start*
+-   GP Friendly name: *Show the Apps view automatically when the user goes to Start*
 -   GP name: *ShowAppsViewOnStart*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -4649,32 +3227,14 @@ ADMX Info:
 **ADMX_StartMenu/ShowRunAsDifferentUserInStart**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4689,26 +3249,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting shows or hides the "Run as different user" command on the Start application bar.
+This policy setting shows or hides the "Run as different user" command on the Start application bar.
 
-If you enable this setting, users can access the "Run as different user" command from Start for applications which support this functionality.
+If you enable this setting, users can access the "Run as different user" command from Start for applications that support this functionality.
 
-If you disable this setting or do not configure it, users cannot access the "Run as different user" command from Start for any applications.
+If you disable this setting or don't configure it, users can't access the "Run as different user" command from Start for any applications.
 
 > [!NOTE]
-> This setting does not prevent users from using other methods, such as the shift right-click menu on application's jumplists in the taskbar to issue the "Run as different user" command.
+> This setting doesn't prevent users from using other methods, such as the shift right-click menu on application's jumplists in the taskbar to issue the "Run as different user" command.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Show "Run as different user" command on Start*
+-   GP Friendly name: *Show "Run as different user" command on Start*
 -   GP name: *ShowRunAsDifferentUserInStart*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -4721,32 +3276,14 @@ ADMX Info:
 **ADMX_StartMenu/ShowRunInStartMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4761,23 +3298,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the Run command is added to the Start menu.
+If you enable this setting, the Run command is added to the Start menu.
 
-If you disable or do not configure this setting, the Run command is not visible on the Start menu by default, but it can be added from the Taskbar and Start menu properties.
+If you disable or don't configure this setting, the Run command isn't visible on the Start menu by default, but it can be added from the Taskbar and Start menu properties.
 
 If the Remove Run link from Start Menu policy is set, the Add the Run command to the Start menu policy has no effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Add the Run command to the Start Menu*
+-   GP Friendly name: *Add the Run command to the Start Menu*
 -   GP name: *ShowRunInStartMenu*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -4790,32 +3322,14 @@ ADMX Info:
 **ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4830,23 +3344,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the Start screen to appear on the display the user is using when they press the Windows logo key. This setting only applies to users who are using multiple displays.
 
-If you enable this policy setting, the Start screen will appear on the display the user is using when they press the Windows logo key.
-
-If you disable or don't configure this policy setting, the Start screen will always appear on the main display when the user presses the Windows logo key. Users will still be able to open Start on other displays by pressing the Start button on that display. Also, the user will be able to configure this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Show Start on the display the user is using when they press the Windows logo key*
+-   GP Friendly name: *Show Start on the display the user is using when they press the Windows logo key*
 -   GP name: *ShowStartOnDisplayWithForegroundOnWinKey*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -4859,32 +3364,14 @@ ADMX Info:
 **ADMX_StartMenu/StartMenuLogOff**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4899,29 +3386,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to removes the "Log Off ``" item from the Start menu and prevents users from restoring it.
+This policy setting allows you to remove the "Log Off ``" item from the Start menu and prevents users from restoring it.
 
-If you enable this policy setting, the Log Off `` item does not appear in the Start menu. This policy setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot restore the Log Off `` item to the Start Menu.
+If you enable this policy setting, the Log Off `` item doesn't appear in the Start menu. This policy setting also removes the Display Logoff item from Start Menu Options. As a result, users can't restore the Log Off `` item to the Start Menu.
 
-If you disable or do not configure this policy setting, users can use the Display Logoff item to add and remove the Log Off item.
+If you disable or don't configure this policy setting, users can use the Display Logoff item to add and remove the Log Off item.
 
-This policy setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del, and it does not prevent users from using other methods to log off.
+This policy setting affects the Start menu only. It doesn't affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del, and it doesn't prevent users from using other methods to sign out.
 
-Tip: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab and, in the Start Menu Settings box, click Display Logoff.
+> [!TIP]
+> To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab and, in the Start Menu Settings box, click Display Logoff.
 
 See also: "Remove Logoff" policy setting in User Configuration\Administrative Templates\System\Logon/Logoff.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Logoff on the Start Menu*
+-   GP Friendly name: *Remove Logoff on the Start Menu*
 -   GP name: *StartMenuLogOff*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -4934,32 +3417,14 @@ ADMX Info:
 **ADMX_StartMenu/StartPinAppsWhenInstalled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4975,19 +3440,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows pinning apps to Start by default, when they are included by AppID on the list.
+This policy setting allows pinning apps to Start by default, when they're included by AppID on the list.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Pin Apps to Start when installed*
+-   GP Friendly name: *Pin Apps to Start when installed*
 -   GP name: *StartPinAppsWhenInstalled*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -4996,7 +3456,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
-
\ No newline at end of file
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
index d636e16649..b8c24f28ca 100644
--- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md
+++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/13/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_SystemRestore
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -34,32 +38,14 @@ manager: dansimp
 **ADMX_SystemRestore/SR_DisableConfig**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,7 +60,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Allows you to disable System Restore configuration through System Protection.
+Allows you to disable System Restore configuration through System Protection.
 
 This policy setting allows you to turn off System Restore configuration through System Protection.
 
@@ -87,16 +73,11 @@ If you disable or do not configure this policy setting, users can change the Sys
 Also, see the "Turn off System Restore" policy setting. If the "Turn off System Restore" policy setting is enabled, the "Turn off System Restore configuration" policy setting is overwritten.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Configuration*
+-   GP Friendly name: *Turn off Configuration*
 -   GP name: *SR_DisableConfig*
 -   GP path: *System\System Restore*
 -   GP ADMX file name: *SystemRestore.admx*
@@ -105,8 +86,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
new file mode 100644
index 0000000000..89216a67b0
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
@@ -0,0 +1,138 @@
+---
+title: Policy CSP - ADMX_TabletShell
+description: Policy CSP - ADMX_TabletShell
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 09/23/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_TabletShell
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_TabletShell policies  
+
+
                  
+  
                  
+    ADMX_TabletShell/DisableInkball_1
+  
                  
+  
                  
+    ADMX_TabletShell/DisableNoteWriterPrinting_1
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_TabletShell/DisableInkball_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+Prevents start of InkBall game.  
+
+If you enable this policy, the InkBall game won't run.  
+
+If you disable this policy, the InkBall game will run.  If you don't configure this policy, the InkBall game will run.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow Inkball to run*
+-   GP name: *DisableInkball_1*
+-   GP path: *Windows Components\Tablet PC\Accessories*
+-   GP ADMX file name: *TabletShell.admx*
+
+
+
+
+
                  
+
+
+**ADMX_TabletShell/DisableNoteWriterPrinting_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+Prevents printing to Journal Note Writer.  
+
+If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail.  
+
+If you disable this policy, you'll be able to use this feature to print to a Journal Note.  If you don't configure this policy, users will be able to use this feature to print to a Journal Note.
+
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow printing to Journal Note Writer*
+-   GP name: *DisableNoteWriterPrinting_1*
+-   GP path: *Windows Components\Tablet PC\Accessories*
+-   GP ADMX file name: *TabletShell.admx*
+
+
+
+
                  
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md
index 4237d69e83..515570e609 100644
--- a/windows/client-management/mdm/policy-csp-admx-taskbar.md
+++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md
@@ -6,18 +6,23 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/26/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Taskbar
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
                  
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 ## ADMX_Taskbar policies  
 
@@ -97,32 +102,14 @@ manager: dansimp
 **ADMX_Taskbar/DisableNotificationCenter**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -137,27 +124,21 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes Notifications and Action Center from the notification area on the taskbar.
+This policy setting removes Notifications and Action Center from the notification area on the taskbar.
 
 The notification area is located at the far right end of the taskbar and includes icons for current notifications and the system clock.
 
-If this setting is enabled, Notifications and Action Center is not displayed in the notification area. The user will be able to read notifications when they appear, but they won’t be able to review any notifications they miss.
+If this setting is enabled, Notifications and Action Center isn't displayed in the notification area. The user will be able to read notifications when they appear, but they won’t be able to review any notifications they miss.
 
-If you disable or do not configure this policy setting, Notification and Security and Maintenance will be displayed on the taskbar.
+If you disable or don't configure this policy setting, Notification and Security and Maintenance will be displayed on the taskbar.
 
 A reboot is required for this policy setting to take effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Remove Notifications and Action Center*
+-   GP Friendly name: *Remove Notifications and Action Center*
 -   GP name: *DisableNotificationCenter*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -170,32 +151,14 @@ ADMX Info:
 **ADMX_Taskbar/EnableLegacyBalloonNotifications**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -210,7 +173,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy disables the functionality that converts balloons to toast notifications.
+This policy disables the functionality that converts balloons to toast notifications.
 
 If you enable this policy setting, system and application notifications will render as balloons instead of toast notifications.
 
@@ -221,16 +184,10 @@ If you disable or don’t configure this policy setting, all notifications will
 A reboot is required for this policy setting to take effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disable showing balloon notifications as toasts.*
+-   GP Friendly name: *Disable showing balloon notifications as toasts.*
 -   GP name: *EnableLegacyBalloonNotifications*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -243,32 +200,14 @@ ADMX Info:
 **ADMX_Taskbar/HideSCAHealth**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -283,23 +222,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove Security and Maintenance from the system control area.
+This policy setting allows you to remove Security and Maintenance from the system control area.
 
-If you enable this policy setting, the Security and Maintenance icon is not displayed in the system notification area.
+If you enable this policy setting, the Security and Maintenance icon isn't displayed in the system notification area.
 
-If you disable or do not configure this policy setting, the Security and Maintenance icon is displayed in the system notification area.
+If you disable or don't configure this policy setting, the Security and Maintenance icon is displayed in the system notification area.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Remove the Security and Maintenance icon*
+-   GP Friendly name: *Remove the Security and Maintenance icon*
 -   GP name: *HideSCAHealth*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -312,32 +245,14 @@ ADMX Info:
 **ADMX_Taskbar/HideSCANetwork**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -352,23 +267,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the networking icon from the system control area.
+This policy setting allows you to remove the networking icon from the system control area.
 
-If you enable this policy setting, the networking icon is not displayed in the system notification area.
+If you enable this policy setting, the networking icon isn't displayed in the system notification area.
 
-If you disable or do not configure this policy setting, the networking icon is displayed in the system notification area.
+If you disable or don't configure this policy setting, the networking icon is displayed in the system notification area.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Remove the networking icon*
+-   GP Friendly name: *Remove the networking icon*
 -   GP name: *HideSCANetwork*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -381,32 +290,14 @@ ADMX Info:
 **ADMX_Taskbar/HideSCAPower**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -421,23 +312,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the battery meter from the system control area.
+This policy setting allows you to remove the battery meter from the system control area.
 
-If you enable this policy setting, the battery meter is not displayed in the system notification area.
+If you enable this policy setting, the battery meter isn't displayed in the system notification area.
 
-If you disable or do not configure this policy setting, the battery meter is displayed in the system notification area.
+If you disable or don't configure this policy setting, the battery meter is displayed in the system notification area.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Remove the battery meter*
+-   GP Friendly name: *Remove the battery meter*
 -   GP name: *HideSCAPower*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -450,32 +335,14 @@ ADMX Info:
 **ADMX_Taskbar/HideSCAVolume**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -490,23 +357,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the volume control icon from the system control area.
+This policy setting allows you to remove the volume control icon from the system control area.
 
-If you enable this policy setting, the volume control icon is not displayed in the system notification area.
+If you enable this policy setting, the volume control icon isn't displayed in the system notification area.
 
-If you disable or do not configure this policy setting, the volume control icon is displayed in the system notification area.
+If you disable or don't configure this policy setting, the volume control icon is displayed in the system notification area.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Remove the volume control icon*
+-   GP Friendly name: *Remove the volume control icon*
 -   GP name: *HideSCAVolume*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -519,32 +380,14 @@ ADMX Info:
 **ADMX_Taskbar/NoBalloonFeatureAdvertisements**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -559,23 +402,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off feature advertisement balloon notifications.
+This policy setting allows you to turn off feature advertisement balloon notifications.
 
-If you enable this policy setting, certain notification balloons that are marked as feature advertisements are not shown.
+If you enable this policy setting, certain notification balloons that are marked as feature advertisements aren't shown.
 
-If you disable do not configure this policy setting, feature advertisement balloons are shown.
+If you disable don't configure this policy setting, feature advertisement balloons are shown.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off feature advertisement balloon notifications*
+-   GP Friendly name: *Turn off feature advertisement balloon notifications*
 -   GP name: *NoBalloonFeatureAdvertisements*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -588,32 +425,14 @@ ADMX Info:
 **ADMX_Taskbar/NoPinningStoreToTaskbar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -628,23 +447,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control pinning the Store app to the Taskbar.
+This policy setting allows you to control pinning the Store app to the Taskbar.
 
-If you enable this policy setting, users cannot pin the Store app to the Taskbar. If the Store app is already pinned to the Taskbar, it will be removed from the Taskbar on next login.
+If you enable this policy setting, users can't pin the Store app to the Taskbar. If the Store app is already pinned to the Taskbar, it will be removed from the Taskbar on next sign in.
 
-If you disable or do not configure this policy setting, users can pin the Store app to the Taskbar.
+If you disable or don't configure this policy setting, users can pin the Store app to the Taskbar.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not allow pinning Store app to the Taskbar*
+-   GP Friendly name: *Do not allow pinning Store app to the Taskbar*
 -   GP name: *NoPinningStoreToTaskbar*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -657,32 +470,14 @@ ADMX Info:
 **ADMX_Taskbar/NoPinningToDestinations**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -697,23 +492,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control pinning items in Jump Lists.
+This policy setting allows you to control pinning items in Jump Lists.
 
-If you enable this policy setting, users cannot pin files, folders, websites, or other items to their Jump Lists in the Start Menu and Taskbar. Users also cannot unpin existing items pinned to their Jump Lists. Existing items already pinned to their Jump Lists will continue to show.
+If you enable this policy setting, users can't pin files, folders, websites, or other items to their Jump Lists in the Start Menu and Taskbar. Users also can't unpin existing items pinned to their Jump Lists. Existing items already pinned to their Jump Lists will continue to show.
 
-If you disable or do not configure this policy setting, users can pin files, folders, websites, and other items to a program's Jump List so that the items is always present in this menu.
+If you disable or don't configure this policy setting, users can pin files, folders, websites, and other items to a program's Jump List so that the items are always present in this menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not allow pinning items in Jump Lists*
+-   GP Friendly name: *Do not allow pinning items in Jump Lists*
 -   GP name: *NoPinningToDestinations*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -726,32 +515,14 @@ ADMX Info:
 **ADMX_Taskbar/NoPinningToTaskbar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -766,30 +537,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control pinning programs to the Taskbar.
+This policy setting allows you to control pinning programs to the Taskbar.
 
-If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar.
+If you enable this policy setting, users can't change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users can't unpin these programs already pinned to the Taskbar, and they can't pin new programs to the Taskbar.
 
-If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar.
+If you disable or don't configure this policy setting, users can change the programs currently pinned to the Taskbar.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not allow pinning programs to the Taskbar*
+-   GP Friendly name: *Do not allow pinning programs to the Taskbar*
 -   GP name: *NoPinningToTaskbar*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
 
 
 
-
                  
 
 
                  
 
@@ -797,32 +561,14 @@ ADMX Info:
 **ADMX_Taskbar/NoRemoteDestinations**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -837,33 +583,29 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.
+This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.
 
-The Start Menu and Taskbar display Jump Lists off of programs. These menus include files, folders, websites and other relevant items for that program. This helps users more easily reopen their most important documents and other tasks.
+The Start Menu and Taskbar display Jump Lists off of programs. These menus include files, folders, websites, and other relevant items for that program. This customization helps users more easily reopen their most important documents and other tasks.
 
-If you enable this policy setting, the Start Menu and Taskbar only track the files that the user opens locally on this computer. Files that the user opens over the network from remote computers are not tracked or shown in the Jump Lists. Use this setting to reduce network traffic, particularly over slow network connections.
+If you enable this policy setting, the Start Menu and Taskbar only track the files that the user opens locally on this computer. Files that the user opens over the network from remote computers aren't tracked or shown in the Jump Lists. Use this setting to reduce network traffic, particularly over slow network connections.
 
-If you disable or do not configure this policy setting, all files that the user opens appear in the menus, including files located remotely on another computer.  Note: This setting does not prevent Windows from displaying remote files that the user has explicitly pinned to the Jump Lists. See the "Do not allow pinning items in Jump Lists" policy setting.
+If you disable or don't configure this policy setting, all files that the user opens appear in the menus, including files located remotely on another computer.  
+
+> [!NOTE]
+> This setting does not prevent Windows from displaying remote files that the user has explicitly pinned to the Jump Lists. See the "Do not allow pinning items in Jump Lists" policy setting.
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not display or track items in Jump Lists from remote locations*
+-   GP Friendly name: *Do not display or track items in Jump Lists from remote locations*
 -   GP name: *NoRemoteDestinations*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
 
 
 
-
                  
 
 
                  
 
@@ -871,32 +613,14 @@ ADMX Info:
 **ADMX_Taskbar/NoSystraySystemPromotion**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -911,30 +635,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off automatic promotion of notification icons to the taskbar.
+This policy setting allows you to turn off automatic promotion of notification icons to the taskbar.
 
-If you enable this policy setting, newly added notification icons are not temporarily promoted to the Taskbar. Users can still configure icons to be shown or hidden in the Notification Control Panel.
+If you enable this policy setting, newly added notification icons aren't temporarily promoted to the Taskbar. Users can still configure icons to be shown or hidden in the Notification Control Panel.
 
-If you disable or do not configure this policy setting, newly added notification icons are temporarily promoted to the Taskbar.
+If you disable or don't configure this policy setting, newly added notification icons are temporarily promoted to the Taskbar.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off automatic promotion of notification icons to the taskbar*
+-   GP Friendly name: *Turn off automatic promotion of notification icons to the taskbar*
 -   GP name: *NoSystraySystemPromotion*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
 
 
 
-
                  
 
 
                  
 
@@ -942,32 +659,14 @@ ADMX Info:
 **ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -982,7 +681,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to see Windows Store apps on the taskbar.
+This policy setting allows users to see Windows Store apps on the taskbar.
 
 If you enable this policy setting, users will see Windows Store apps on the taskbar.
 
@@ -991,16 +690,10 @@ If you disable this policy setting, users won’t see Windows Store apps on the
 If you don’t configure this policy setting, the default setting for the user’s device will be used, and the user can choose to change it.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Show Windows Store apps on the taskbar*
+-   GP Friendly name: *Show Windows Store apps on the taskbar*
 -   GP name: *ShowWindowsStoreAppsOnTaskbar*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -1015,32 +708,14 @@ ADMX Info:
 **ADMX_Taskbar/TaskbarLockAll**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1055,23 +730,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to lock all taskbar settings.
+This policy setting allows you to lock all taskbar settings.
 
-If you enable this policy setting, the user cannot access the taskbar control panel. The user is also unable to resize, move or rearrange toolbars on their taskbar.
+If you enable this policy setting, the user can't access the taskbar control panel. The user is also unable to resize, move or rearrange toolbars on their taskbar.
 
-If you disable or do not configure this policy setting, the user will be able to set any taskbar setting that is not prevented by another policy setting.
+If you disable or don't configure this policy setting, the user will be able to set any taskbar setting that isn't prevented by another policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Lock all taskbar settings*
+-   GP Friendly name: *Lock all taskbar settings*
 -   GP name: *TaskbarLockAll*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -1086,32 +755,14 @@ ADMX Info:
 **ADMX_Taskbar/TaskbarNoAddRemoveToolbar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1126,30 +777,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from adding or removing toolbars.
+This policy setting allows you to prevent users from adding or removing toolbars.
 
-If you enable this policy setting, the user is not allowed to add or remove any toolbars to the taskbar. Applications are not able to add toolbars either.
+If you enable this policy setting, the user isn't allowed to add or remove any toolbars to the taskbar. Applications aren't able to add toolbars either.
 
-If you disable or do not configure this policy setting, the users and applications are able to add toolbars to the taskbar.
+If you disable or don't configure this policy setting, the users and applications are able to add toolbars to the taskbar.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
 
 ADMX Info:  
--   GP English name: *Prevent users from adding or removing toolbars*
+-   GP Friendly name: *Prevent users from adding or removing toolbars*
 -   GP name: *TaskbarNoAddRemoveToolbar*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
 
 
 
-
                  
+>
 
 
                  
 
@@ -1157,32 +801,14 @@ ADMX Info:
 **ADMX_Taskbar/TaskbarNoDragToolbar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1197,30 +823,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from rearranging toolbars.
+This policy setting allows you to prevent users from rearranging toolbars.
 
-If you enable this policy setting, users are not able to drag or drop toolbars to the taskbar.
+If you enable this policy setting, users aren't able to drag or drop toolbars to the taskbar.
 
-If you disable or do not configure this policy setting, users are able to rearrange the toolbars on the taskbar.
+If you disable or don't configure this policy setting, users are able to rearrange the toolbars on the taskbar.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
 
 ADMX Info:  
--   GP English name: *Prevent users from rearranging toolbars*
+-   GP Friendly name: *Prevent users from rearranging toolbars*
 -   GP name: *TaskbarNoDragToolbar*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
 
 
 
-
                  
 
 
                  
 
@@ -1228,32 +846,14 @@ ADMX Info:
 **ADMX_Taskbar/TaskbarNoMultimon**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1268,23 +868,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent taskbars from being displayed on more than one monitor.
+This policy setting allows you to prevent taskbars from being displayed on more than one monitor.
 
-If you enable this policy setting, users are not able to show taskbars on more than one display. The multiple display section is not enabled in the taskbar properties dialog.
+If you enable this policy setting, users aren't able to show taskbars on more than one display. The multiple display section isn't enabled in the taskbar properties dialog.
 
-If you disable or do not configure this policy setting, users can show taskbars on more than one display.
+If you disable or don't configure this policy setting, users can show taskbars on more than one display.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not allow taskbars on more than one display*
+-   GP Friendly name: *Do not allow taskbars on more than one display*
 -   GP name: *TaskbarNoMultimon*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -1299,32 +893,14 @@ ADMX Info:
 **ADMX_Taskbar/TaskbarNoNotification**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1339,23 +915,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off all notification balloons.
+This policy setting allows you to turn off all notification balloons.
 
 If you enable this policy setting, no notification balloons are shown to the user.
 
-If you disable or do not configure this policy setting, notification balloons are shown to the user.
+If you disable or don't configure this policy setting, notification balloons are shown to the user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off all balloon notifications*
+-   GP Friendly name: *Turn off all balloon notifications*
 -   GP name: *TaskbarNoNotification*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -1364,38 +934,18 @@ ADMX Info:
 
 
                  
 
-
                  
-
 
 **ADMX_Taskbar/TaskbarNoPinnedList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1410,30 +960,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove pinned programs from the taskbar.
+This policy setting allows you to remove pinned programs from the taskbar.
 
-If you enable this policy setting, pinned programs are prevented from being shown on the Taskbar. Users cannot pin programs to the Taskbar.
+If you enable this policy setting, pinned programs are prevented from being shown on the Taskbar. Users can't pin programs to the Taskbar.
 
-If you disable or do not configure this policy setting, users can pin programs so that the program shortcuts stay on the Taskbar.
+If you disable or don't configure this policy setting, users can pin programs so that the program shortcuts stay on the Taskbar.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Remove pinned programs from the Taskbar*
+-   GP Friendly name: *Remove pinned programs from the Taskbar*
 -   GP name: *TaskbarNoPinnedList*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
 
 
 
-
                  
 
 
                  
 
@@ -1441,32 +984,14 @@ ADMX Info:
 **ADMX_Taskbar/TaskbarNoRedock**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1481,23 +1006,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from moving taskbar to another screen dock location.
+This policy setting allows you to prevent users from moving taskbar to another screen dock location.
 
-If you enable this policy setting, users are not able to drag their taskbar to another area of the monitor(s).
+If you enable this policy setting, users aren't able to drag their taskbar to another area of the monitor(s).
 
-If you disable or do not configure this policy setting, users are able to drag their taskbar to another area of the monitor unless prevented by another policy setting.
+If you disable or don't configure this policy setting, users are able to drag their taskbar to another area of the monitor unless prevented by another policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent users from moving taskbar to another screen dock location*
+-   GP Friendly name: *Prevent users from moving taskbar to another screen dock location*
 -   GP name: *TaskbarNoRedock*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -1506,38 +1026,19 @@ ADMX Info:
 
 
                  
 
-
                  
 
 
 **ADMX_Taskbar/TaskbarNoResize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1552,30 +1053,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from resizing the taskbar.
+This policy setting allows you to prevent users from resizing the taskbar.
 
-If you enable this policy setting, users are not be able to resize their taskbar.
+If you enable this policy setting, users aren't be able to resize their taskbar.
 
-If you disable or do not configure this policy setting, users are able to resize their taskbar unless prevented by another setting.
+If you disable or don't configure this policy setting, users are able to resize their taskbar unless prevented by another setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent users from resizing the taskbar*
+-   GP Friendly name: *Prevent users from resizing the taskbar*
 -   GP name: *TaskbarNoResize*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
 
 
 
-
                  
 
 
                  
 
@@ -1583,32 +1077,14 @@ ADMX Info:
 **ADMX_Taskbar/TaskbarNoThumbnail**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1623,23 +1099,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off taskbar thumbnails.
+This policy setting allows you to turn off taskbar thumbnails.
 
-If you enable this policy setting, the taskbar thumbnails are not displayed and the system uses standard text for the tooltips.
+If you enable this policy setting, the taskbar thumbnails aren't displayed and the system uses standard text for the tooltips.
 
-If you disable or do not configure this policy setting, the taskbar thumbnails are displayed.
+If you disable or don't configure this policy setting, the taskbar thumbnails are displayed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off taskbar thumbnails*
+-   GP Friendly name: *Turn off taskbar thumbnails*
 -   GP name: *TaskbarNoThumbnail*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -1648,7 +1118,5 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md
index c4ebc56f82..6a9bd7666d 100644
--- a/windows/client-management/mdm/policy-csp-admx-tcpip.md
+++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md
@@ -6,18 +6,23 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/23/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_tcpip
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
                  
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 ## ADMX_tcpip policies  
 
@@ -70,32 +75,14 @@ manager: dansimp
 **ADMX_tcpip/6to4_Router_Name**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -110,23 +97,17 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.
+This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.
 
 If you enable this policy setting, you can specify a relay name for a 6to4 host.
 
 If you disable or do not configure this policy setting, the local host setting is used, and you cannot specify a relay name for a 6to4 host.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set 6to4 Relay Name*
+-   GP Friendly name: *Set 6to4 Relay Name*
 -   GP name: *6to4_Router_Name*
 -   GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
 -   GP ADMX file name: *tcpip.admx*
@@ -139,32 +120,14 @@ ADMX Info:
 **ADMX_tcpip/6to4_Router_Name_Resolution_Interval**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -179,23 +142,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.
+This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.
 
 If you enable this policy setting, you can specify the value for the duration at which the relay name is resolved periodically.
 
 If you disable or do not configure this policy setting, the local host setting is used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set 6to4 Relay Name Resolution Interval*
+-   GP Friendly name: *Set 6to4 Relay Name Resolution Interval*
 -   GP name: *6to4_Router_Name_Resolution_Interval*
 -   GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
 -   GP ADMX file name: *tcpip.admx*
@@ -208,32 +165,14 @@ ADMX Info:
 **ADMX_tcpip/6to4_State**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -248,7 +187,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the letters are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site.
+This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the letters are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site.
 
 If you disable or do not configure this policy setting, the local host setting is used.
 
@@ -261,16 +200,10 @@ Policy Enabled State: If a global IPv4 address is present, the host will have a
 Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be available.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set 6to4 State*
+-   GP Friendly name: *Set 6to4 State*
 -   GP name: *6to4_State*
 -   GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
 -   GP ADMX file name: *tcpip.admx*
@@ -283,32 +216,14 @@ ADMX Info:
 **ADMX_tcpip/IPHTTPS_ClientState**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -323,7 +238,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network.
+This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network.
 
 If you disable or do not configure this policy setting, the local host settings are used.
 
@@ -336,16 +251,10 @@ Policy Enabled State: The IP-HTTPS interface is always present, even if the host
 Policy Disabled State: No IP-HTTPS interfaces are present on the host.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set IP-HTTPS State*
+-   GP Friendly name: *Set IP-HTTPS State*
 -   GP name: *IPHTTPS_ClientState*
 -   GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
 -   GP ADMX file name: *tcpip.admx*
@@ -358,32 +267,14 @@ ADMX Info:
 **ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -398,23 +289,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure IP Stateless Autoconfiguration Limits.
+This policy setting allows you to configure IP Stateless Autoconfiguration Limits.
 
 If you enable or do not configure this policy setting, IP Stateless Autoconfiguration Limits will be enabled and system will limit the number of autoconfigured addresses and routes.
 
 If you disable this policy setting, IP Stateless Autoconfiguration Limits will be disabled and system will not limit the number of autoconfigured addresses and routes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set IP Stateless Autoconfiguration Limits State*
+-   GP Friendly name: *Set IP Stateless Autoconfiguration Limits State*
 -   GP name: *IP_Stateless_Autoconfiguration_Limits_State*
 -   GP path: *Network\TCPIP Settings\Parameters*
 -   GP ADMX file name: *tcpip.admx*
@@ -427,32 +312,14 @@ ADMX Info:
 **ADMX_tcpip/ISATAP_Router_Name**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -467,23 +334,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.
+This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.
 
 If you enable this policy setting, you can specify a router name or IPv4 address for an ISATAP router. If you enter an IPv4 address of the ISATAP router in the text box, DNS services are not required.
 
 If you disable or do not configure this policy setting, the local host setting is used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set ISATAP Router Name*
+-   GP Friendly name: *Set ISATAP Router Name*
 -   GP name: *ISATAP_Router_Name*
 -   GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
 -   GP ADMX file name: *tcpip.admx*
@@ -496,32 +357,14 @@ ADMX Info:
 **ADMX_tcpip/ISATAP_State**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -536,7 +379,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet.
+This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet.
 
 If you disable or do not configure this policy setting, the local host setting is used.
 
@@ -549,16 +392,10 @@ Policy Enabled State: If the ISATAP name is resolved successfully, the host will
 Policy Disabled State: No ISATAP interfaces are present on the host.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set ISATAP State*
+-   GP Friendly name: *Set ISATAP State*
 -   GP name: *ISATAP_State*
 -   GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
 -   GP ADMX file name: *tcpip.admx*
@@ -571,32 +408,14 @@ ADMX Info:
 **ADMX_tcpip/Teredo_Client_Port**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -611,23 +430,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the operating system will select a port (recommended). If you select a UDP port that is already in use by a system, the Teredo client will fail to initialize.
+This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the operating system will select a port (recommended). If you select a UDP port that is already in use by a system, the Teredo client will fail to initialize.
 
 If you enable this policy setting, you can customize a UDP port for the Teredo client.
 
 If you disable or do not configure this policy setting, the local host setting is used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set Teredo Client Port*
+-   GP Friendly name: *Set Teredo Client Port*
 -   GP name: *Teredo_Client_Port*
 -   GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
 -   GP ADMX file name: *tcpip.admx*
@@ -640,32 +453,14 @@ ADMX Info:
 **ADMX_tcpip/Teredo_Default_Qualified**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -680,7 +475,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Teredo enters a dormant state when not in use. The qualification process brings it out of a dormant state.
+This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Teredo enters a dormant state when not in use. The qualification process brings it out of a dormant state.
 
 If you disable or do not configure this policy setting, the local host setting is used.
 
@@ -689,16 +484,10 @@ This policy setting contains only one state:
 Policy Enabled State: If Default Qualified is enabled, Teredo will attempt qualification immediately and remain qualified if the qualification process succeeds.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set Teredo Default Qualified*
+-   GP Friendly name: *Set Teredo Default Qualified*
 -   GP name: *Teredo_Default_Qualified*
 -   GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
 -   GP ADMX file name: *tcpip.admx*
@@ -711,32 +500,14 @@ ADMX Info:
 **ADMX_tcpip/Teredo_Refresh_Rate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -751,7 +522,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the Teredo refresh rate.
+This policy setting allows you to configure the Teredo refresh rate.
 
 > [!NOTE]
 > On a periodic basis (by default, every 30 seconds), Teredo clients send a single Router Solicitation packet to the Teredo server. The Teredo server sends a Router Advertisement Packet in response. This periodic packet refreshes the IP address and UDP port mapping in the translation table of the Teredo client's NAT device.
@@ -761,16 +532,10 @@ If you enable this policy setting, you can specify the refresh rate.  If you cho
 If you disable or do not configure this policy setting, the refresh rate is configured using the local settings on the computer. The default refresh rate is 30 seconds.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set Teredo Refresh Rate*
+-   GP Friendly name: *Set Teredo Refresh Rate*
 -   GP name: *Teredo_Refresh_Rate*
 -   GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
 -   GP ADMX file name: *tcpip.admx*
@@ -783,32 +548,14 @@ ADMX Info:
 **ADMX_tcpip/Teredo_Server_Name**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -823,23 +570,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.
+This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.
 
 If you enable this policy setting, you can specify a Teredo server name that applies to a Teredo client.
 
 If you disable or do not configure this policy setting, the local settings on the computer are used to determine the Teredo server name.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set Teredo Server Name*
+-   GP Friendly name: *Set Teredo Server Name*
 -   GP name: *Teredo_Server_Name*
 -   GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
 -   GP ADMX file name: *tcpip.admx*
@@ -852,32 +593,14 @@ ADMX Info:
 **ADMX_tcpip/Teredo_State**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -892,7 +615,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet.
+This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet.
 
 If you disable or do not configure this policy setting, the local host settings are used.
 
@@ -907,16 +630,10 @@ Client: The Teredo interface is present only when the host is not on a network t
 Enterprise Client: The Teredo interface is always present, even if the host is on a network that includes a domain controller.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set Teredo State*
+-   GP Friendly name: *Set Teredo State*
 -   GP name: *Teredo_State*
 -   GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
 -   GP ADMX file name: *tcpip.admx*
@@ -929,32 +646,14 @@ ADMX Info:
 **ADMX_tcpip/Windows_Scaling_Heuristics_State**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -969,7 +668,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.
+This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.
 
 If you do not configure this policy setting, the local host settings are used.
 
@@ -978,16 +677,10 @@ If you enable this policy setting, Window Scaling Heuristics will be enabled and
 If you disable this policy setting, Window Scaling Heuristics will be disabled and system will not try to identify connectivity and throughput problems caused by Firewalls or other middle boxes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set Window Scaling Heuristics State*
+-   GP Friendly name: *Set Window Scaling Heuristics State*
 -   GP name: *Windows_Scaling_Heuristics_State*
 -   GP path: *Network\TCPIP Settings\Parameters*
 -   GP ADMX file name: *tcpip.admx*
@@ -996,8 +689,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
+> 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
new file mode 100644
index 0000000000..9dedd54d73
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@@ -0,0 +1,4842 @@
+---
+title: Policy CSP - ADMX_TerminalServer
+description: Policy CSP - ADMX_TerminalServer
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 12/21/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_TerminalServer
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_TerminalServer policies  
+
+
                  
+  
                  
+    ADMX_TerminalServer/TS_AUTO_RECONNECT
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CAMERA_REDIRECTION
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_AUDIO
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_CLIPBOARD
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_COM
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_DEFAULT_M
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_LPT
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_PNP
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_PRINTER
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_COLORDEPTH
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_EASY_PRINT
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_EASY_PRINT_User
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_EnableVirtualGraphics
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_FORCIBLE_LOGOFF
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_KEEP_ALIVE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_LICENSE_SECGROUP
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_LICENSE_SERVERS
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_LICENSE_TOOLTIP
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_LICENSING_MODE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_MAX_CON_POLICY
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_MAXDISPLAYRES
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_MAXMONITOR
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_NoDisconnectMenu
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_NoSecurityMenu
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_PreventLicenseUpgrade
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_RADC_DefaultConnection
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_RemoteControl_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_RemoteControl_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SD_ClustName
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SD_Loc
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SELECT_TRANSPORT
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_AUTH
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_COMPRESSOR
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_LEGACY_RFX
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_PROFILE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_VISEXP
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_Session_End_On_Limit_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_Session_End_On_Limit_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SESSIONS_Limits_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SESSIONS_Limits_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SINGLE_SESSION
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_SMART_CARD
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_START_PROGRAM_1
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_START_PROGRAM_2
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_TEMP_DELETE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_TEMP_PER_SESSION
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_TIME_ZONE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_UIA
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_USER_HOME
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES
+  
                  
+  
                  
+    ADMX_TerminalServer/TS_USER_PROFILES
+  
                  
+
                  
+
+
                  
+
+
+**ADMX_TerminalServer/TS_AUTO_RECONNECT**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost.
+
+By default, a maximum  of 20 reconnection attempts are made at five-second intervals.  If the status is set to Enabled, automatic reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost.
+
+If the status is set to Disabled, automatic reconnection of clients is prohibited.  If the status is set to Not Configured, automatic reconnection isn't specified at the  Group Policy level. However, users can configure automatic reconnection using the "Reconnect if connection is dropped" checkbox on the Experience tab in Remote Desktop Connection.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Automatic reconnection*
+-   GP name: *TS_AUTO_RECONNECT*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CAMERA_REDIRECTION**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting lets you control the redirection of video capture devices to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services allows redirection of video capture devices.  
+
+If you enable this policy setting, users can't redirect their video capture devices to the remote computer.  
+
+If you disable or don't configure this policy setting, users can redirect their video capture devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the video capture devices to redirect to the remote computer.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow video capture redirection*
+-   GP name: *TS_CAMERA_REDIRECTION*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server.  
+
+A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections.  
+
+If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate hasn't been selected.  
+
+If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected.  If you disable or don't configure this policy, the certificate template name isn't specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server.  
+
+>[!NOTE]
+>If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Server authentication certificate template*
+-   GP name: *TS_CERTIFICATE_TEMPLATE_POLICY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store.
+
+This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying a .rdp file).  
+
+If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.  
+
+If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.  
+
+>[!NOTE]
+>You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow .rdp files from valid publishers and user's default .rdp settings*
+-   GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. 
+
+This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying a .rdp file).  
+
+If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.  
+
+If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.  
+
+>[!NOTE]
+>You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow .rdp files from valid publishers and user's default .rdp settings*
+-   GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.  
+
+If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.  
+
+If you disable this policy setting, users can't run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow .rdp files from unknown publishers*
+-   GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.  
+
+If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.  
+
+If you disable this policy setting, users can't run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow .rdp files from unknown publishers*
+-   GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_AUDIO**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.  
+
+Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the video playback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled.  
+
+By default, audio and video playback redirection isn't allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional.  
+
+If you enable this policy setting, audio and video playback redirection is allowed.  
+
+If you disable this policy setting, audio and video playback redirection isn't allowed, even if audio playback redirection is specified in RDC, or video playback is specified in the .rdp file.  If you don't configure this policy setting, audio and video playback redirection isn't specified at the Group Policy level.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow audio and video playback redirection*
+-   GP name: *TS_CLIENT_AUDIO*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.  Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC).
+
+Users can record audio by using an audio input device on the local computer, such as a built-in microphone.  By default, audio recording redirection isn't allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2.  
+
+If you enable this policy setting, audio recording redirection is allowed.  
+
+If you disable this policy setting, audio recording redirection isn't allowed, even if audio recording redirection is specified in RDC.  If you don't configure this policy setting, Audio recording redirection isn't specified at the Group Policy level.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow audio recording redirection*
+-   GP name: *TS_CLIENT_AUDIO_CAPTURE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance, particularly over slow links.  If you enable this policy setting, you must select one of the following values: High, Medium, or Dynamic. If you select High, the audio will be sent without any compression and with minimum latency. This audio transmission requires a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as determined by the codec that is being used.
+
+If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection.  The audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer.  
+
+For example, if the audio playback quality configured on the client computer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used.  
+
+Audio playback quality can be configured on the client computer by using the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic.  
+
+If you disable or don't configure this policy setting, audio playback quality will be set to Dynamic.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Limit audio playback quality*
+-   GP name: *TS_CLIENT_AUDIO_QUALITY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_CLIPBOARD**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.  
+
+You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection.  
+
+If you enable this policy setting, users can't redirect Clipboard data.  
+
+If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection.  
+
+If you don't configure this policy setting, Clipboard redirection isn't specified at the Group Policy level.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow Clipboard redirection*
+-   GP name: *TS_CLIENT_CLIPBOARD*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_COM**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.  
+
+You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they're logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection.  
+
+If you enable this policy setting, users can't redirect server data to the local COM port.  
+
+If you disable this policy setting, Remote Desktop Services always allows COM port redirection.  
+
+If you don't configure this policy setting, COM port redirection isn't specified at the Group Policy level.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow COM port redirection*
+-   GP name: *TS_CLIENT_COM*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_DEFAULT_M**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.  
+
+By default, Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Session Host server. You can use this policy setting to override this behavior.  
+
+If you enable this policy setting, the default printer is the printer specified on the remote computer.  
+
+If you disable this policy setting, the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection.  
+
+If you don't configure this policy setting, the default printer isn't specified at the Group Policy level.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not set default client printer to be default printer in a session*
+-   GP name: *TS_CLIENT_DEFAULT_M*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available. 
+
+If you use this setting, the Remote Desktop Client will use only software decoding. For example, if you've a problem that you suspect may be related to hardware acceleration, use this setting to disable the acceleration; then, if the problem still occurs, you'll know that there are more issues to investigate. 
+
+If you disable this setting or leave it not configured, the Remote Desktop client will use hardware accelerated decoding if supported hardware is available.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow hardware accelerated decoding*
+-   GP name: *TS_CLIENT_DISABLE_HARDWARE_MODE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy specifies whether to allow Remote Desktop Connection Controls whether a user can save passwords using Remote Desktop Connection.  
+
+If you enable this setting, the credential saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When users open an RDP file using Remote Desktop Connection and save their settings, any password that previously existed in the RDP file will be deleted.
+
+If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow passwords to be saved*
+-   GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_LPT**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.  You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows LPT port redirection.  
+
+If you enable this policy setting, users in a Remote Desktop Services session can't redirect server data to the local LPT port.  
+
+If you disable this policy setting, LPT port redirection is always allowed.  If you don't configure this policy setting, LPT port redirection isn't specified at the Group Policy level.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow LPT port redirection*
+-   GP name: *TS_CLIENT_LPT*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_PNP**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session.  By default, Remote Desktop Services doesn't allow redirection of supported Plug and Play and RemoteFX USB devices.  
+
+If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer.  
+
+If you enable this policy setting, users can't redirect their supported Plug and Play devices to the remote computer. If you don't configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it's running Windows Server 2012 R2 and earlier versions.  
+
+>[!NOTE]
+>You can disable redirection of specific types of supported Plug and Play devices by using Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions policy settings.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow supported Plug and Play device redirection*
+-   GP name: *TS_CLIENT_PNP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_PRINTER**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.  You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Remote Desktop Services allows this client printer mapping.  
+
+If you enable this policy setting, users can't redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions.  
+
+If you disable this policy setting, users can redirect print jobs with client printer mapping.  
+
+If you don't configure this policy setting, client printer mapping isn't specified at the Group Policy level.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow client printer redirection*
+-   GP name: *TS_CLIENT_PRINTER*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.  
+
+If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.  
+
+If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher.  
+
+>[!NOTE]
+>You can define this policy setting in the Computer Configuration node or in the User Configuration node. 
+
+If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.  
+
+This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. If the list contains a string that isn't a certificate thumbprint, it's ignored.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers*
+-   GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.  
+
+If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.  
+
+If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher.  
+
+>[!NOTE]
+>You can define this policy setting in the Computer Configuration node or in the User Configuration node. 
+
+If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.  
+
+This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting.  If the list contains a string that isn't a certificate thumbprint, it's ignored.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers*
+-   GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol.  
+
+If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol.  
+
+If you disable or don't configure this policy setting, Remote Desktop Protocol traffic will attempt to use both TCP and UDP protocols.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn Off UDP On Client*
+-   GP name: *TS_CLIENT_TURN_OFF_UDP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_COLORDEPTH**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections.  You can use this policy setting to set a limit on the color depth of any connection that uses RDP. Limiting the color depth can improve connection performance, particularly over slow links, and reduce server load.  
+
+If you enable this policy setting, the color depth that you specify is the maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the client will be used.  
+
+If you disable or don't configure this policy setting, the color depth for connections isn't specified at the Group Policy level.  
+
+>[!NOTE]
+> 1.	Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional.  
+>2.	The value specified in this policy setting isn't applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections.  
+>3.	For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format:  
+>    - a.	Value specified by this policy setting  
+>    - b.	Maximum color depth supported by the client  
+>    - c.	Value requested by the client  If the client doesn't support at least 16 bits, the connection is terminated.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Limit maximum color depth*
+-   GP name: *TS_COLORDEPTH*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive.  This policy setting only applies to a computer on which the Remote Desktop Session Host role service is installed.  
+
+>[!NOTE]
+>If you want to limit the size of an individual user profile, use the "Limit profile size" policy setting located in User Configuration\Policies\Administrative Templates\System\User Profiles.  
+
+If you enable this policy setting, you must specify a monitoring interval (in minutes) and a maximum size (in gigabytes) for the entire roaming user profile cache. The monitoring interval determines how often the size of the entire roaming user profile cache is checked.
+
+When the size of the entire roaming user profile cache exceeds the maximum size that you've specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified.  
+
+If you disable or don't configure this policy setting, no restriction is placed on the size of the entire roaming user profile cache on the local drive.  Note:  This policy setting is ignored if the "Prevent Roaming Profile changes from propagating to the server" policy setting located in Computer Configuration\Policies\Administrative Templates\System\User Profiles is enabled.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Limit the size of the entire roaming user profile cache*
+-   GP name: *TS_DELETE_ROAMING_USER_PROFILES*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.  
+
+You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default, Windows XP Professional displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2003 don't display wallpaper by default to Remote Desktop Services sessions.  
+
+If the status is set to Enabled, wallpaper never appears in a Remote Desktop Services session.  
+
+If the status is set to Disabled, wallpaper might appear in a Remote Desktop Services session, depending on the client configuration. If the status is set to Not Configured, the default behavior applies.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Enforce Removal of Remote Desktop Wallpaper*
+-   GP name: *TS_DISABLE_REMOTE_DESKTOP_WALLPAPER*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions.  If you enable this policy setting, all Remote Desktop Services sessions use the hardware graphics renderer instead of the Microsoft Basic Render Driver as the default adapter.  
+
+If you disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter.  
+
+If you don't configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use the hardware graphics renderer by default.  
+
+>[!NOTE]
+>The policy setting enables load-balancing of graphics processing units (GPU) on a computer with more than one GPU installed. The GPU configuration of the local session isn't affected by this policy setting.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Use hardware graphics adapters for all Remote Desktop Services sessions*
+-   GP name: *TS_DX_USE_FULL_HWGPU*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_EASY_PRINT**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.  
+
+If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session.  
+
+If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session.  
+
+>[!NOTE]
+>If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Use Remote Desktop Easy Print printer driver first*
+-   GP name: *TS_EASY_PRINT*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_EASY_PRINT_User**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.  
+
+If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session.  
+
+If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session.  
+
+>[!NOTE]
+>If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Use Remote Desktop Easy Print printer driver first*
+-   GP name: *TS_EASY_PRINT_User*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_EnableVirtualGraphics**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.  When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). 
+
+By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1.  When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.  
+
+If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.  
+
+If you disable this policy setting, RemoteFX will be disabled.  
+
+If you don't configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure RemoteFX*
+-   GP name: *TS_EnableVirtualGraphics*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify the RD Session Host server fallback printer driver behavior. By default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server doesn't have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session.  
+
+If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one isn't found, the client's printer isn't available. You can choose to change this default behavior. The available options are:  
+
+- **Do nothing if one is not found** - If there's a printer driver mismatch, the server will attempt to find a suitable driver. If one isn't found, the client's printer isn't available. This behavior is the default behavior.  
+- **Default to PCL if one is not found** - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver.  
+- **Default to PS if one is not found**- If no suitable printer driver can be found, default to the PostScript (PS) fallback printer driver. 
+- **Show both PCL and PS if one is not found**- If no suitable driver can be found, show both PS and PCL-based fallback printer drivers.  
+
+If you disable this policy setting, the RD Session Host server fallback driver is disabled and the RD Session Host server won't attempt to use the fallback printer driver.  If you don't configure this policy setting, the fallback printer driver behavior is off by default.  
+
+>[!NOTE]
+>If the **Do not allow client printer redirection** setting is enabled, this policy setting is ignored and the fallback printer driver is disabled.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Specify RD Session Host server fallback printer driver behavior*
+-   GP name: *TS_FALLBACKPRINTDRIVERTYPE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_FORCIBLE_LOGOFF**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting determines whether an administrator attempting to connect remotely to the console of a server can sign out an administrator currently signed in to the console.  This policy is useful when the currently connected administrator doesn't want to be signed out by another administrator. If the connected administrator is signed out, any data not previously saved is lost.  
+
+If you enable this policy setting, signing out the connected administrator isn't allowed.  
+
+If you disable or don't configure this policy setting, signing out the connected administrator is allowed.  
+
+>[!NOTE]
+>The console session is also known as Session 0. Console access can be obtained by using the /console switch from Remote Desktop Connection in the computer field name or from the command line.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Deny logoff of an administrator logged in to the console session*
+-   GP name: *TS_FORCIBLE_LOGOFF*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+If you enable this policy setting, when Remote Desktop Connection can't connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server.
+
+In this case, the clients will attempt to connect to the RD Gateway server that is specified in the "Set RD Gateway server address" policy setting. You can enforce this policy setting or you can allow users to overwrite this setting.
+
+By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client. To enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client can't connect directly to the remote computer.
+
+To enhance security, it's also highly recommended that you specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you don't specify an authentication method by using this policy setting, either the NTLM protocol that is enabled on the client or a smart card can be used. To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box.
+
+When you enable this setting, users on the client can choose not to connect through the RD Gateway server by selecting the "Do not use an RD Gateway server" option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify a connection method, the connection method that you specify in this policy setting is used by default.
+
+If you disable or don't configure this policy setting, clients won't use the RD Gateway server address that is specified in the "Set RD Gateway server address" policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Enable connection through RD Gateway*
+- GP name: *TS_GATEWAY_POLICY_ENABLE*
+- GP path: *Windows Components\Remote Desktop Services\RD Gateway*
+- GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting. 
+
+By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client.  
+
+To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you enable this setting, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default.  
+
+If you disable or don't configure this policy setting, the authentication method that is specified by the user is used, if one is specified. If an authentication method isn't specified, the Negotiate protocol that is enabled on the client or a smart card can be used for authentication.
+
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Set RD Gateway authentication method*
+-   GP name: *TS_GATEWAY_POLICY_AUTH_METHOD*
+-   GP path: *Windows Components\Remote Desktop Services\RD Gateway*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting. 
+
+By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client.  
+
+>[!NOTE]
+>It's highly recommended that you also specify the authentication method by using the **Set RD Gateway authentication method** policy setting. If you don't specify an authentication method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used.  
+
+To allow users to overwrite the **Set RD Gateway server address** policy setting and connect to another RD Gateway server, you must select the **Allow users to change this setting** check box and users will be allowed to specify an alternate RD Gateway server. 
+
+Users can specify an alternative RD Gateway server by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate RD Gateway server, the server that you specify in this policy setting is used by default.  
+
+>[!NOTE]
+>If you disable or don't configure this policy setting, but enable the **Enable connections through RD Gateway** policy setting, client connection attempts to any remote computer will fail, if the client can't connect directly to the remote computer. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Set RD Gateway server address*
+-   GP name: *TS_GATEWAY_POLICY_SERVER*
+-   GP path: *Windows Components\Remote Desktop Services\RD Gateway*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server.  
+
+If the policy setting is enabled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting.  
+
+If you disable this policy setting, the server doesn't join a farm in RD Connection Broker, and user session tracking isn't performed. If the policy setting is disabled, you can't use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker.  
+
+If the policy setting isn't configured, the policy setting isn't specified at the Group Policy level.  
+
+>[!NOTE] 
+>1. If you enable this policy setting, you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings.  
+>2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Join RD Connection Broker*
+-   GP name: *TS_JOIN_SESSION_DIRECTORY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_KEEP_ALIVE**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state.  
+
+After an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client signs in to the same RD Session Host server again, a new session might be established (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active.  
+
+If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999.  
+
+If you disable or don't configure this policy setting, a keep-alive interval isn't set and the server won't check the session state.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure keep-alive connection interval*
+-   GP name: *TS_KEEP_ALIVE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_LICENSE_SECGROUP**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).  
+
+You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default, a license server issues an RDS CAL to any RD Session Host server that requests one.  
+
+If you enable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Servers group on the license server. By default, the RDS Endpoint Servers group is empty.  
+
+If you disable or don't configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group isn't deleted or changed in any way by disabling or not configuring this policy setting.  
+
+>[!NOTE]
+>You should only enable this policy setting when the license server is a member of a domain. You can only add computer accounts for RD Session Host servers to the RDS Endpoint Servers group when the license server is a member of a domain.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *License server security group*
+-   GP name: *TS_LICENSE_SECGROUP*
+-   GP path: *Windows Components\Remote Desktop Services\RD Licensing*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_LICENSE_SERVERS**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.  
+
+If you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers can't be located, the RD Session Host server will attempt automatic license server discovery. 
+
+In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order:  
+1. Remote Desktop license servers that are published in Active Directory Domain Services.  
+2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server.  
+ 
+1If you disable or don't configure this policy setting, the RD Session Host server doesn't specify a license server at the Group Policy level.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Use the specified Remote Desktop license servers*
+-   GP name: *TS_LICENSE_SERVERS*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_LICENSE_TOOLTIP**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.  
+
+By default, notifications are displayed on an RD Session Host server after you sign in as a local administrator, if there are problems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of days until the licensing grace period for the RD Session Host server will expire.  
+
+If you enable this policy setting, these notifications won't be displayed on the RD Session Host server.  
+
+If you disable or don't configure this policy setting, these notifications will be displayed on the RD Session Host server after you sign in as a local administrator.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Hide notifications about RD Licensing problems that affect the RD Session Host server*
+-   GP name: *TS_LICENSE_TOOLTIP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_LICENSING_MODE**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.  
+
+You can use this policy setting to select one of three licensing modes: Per User, Per Device, and AAD Per User.  
+- Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL issued from an RD Licensing server.  
+- Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL issued from an RD Licensing server.  
+- AAD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in AAD.    
+
+If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host.  
+
+If you disable or don't configure this policy setting, the licensing mode isn't specified at the Group Policy level.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Set the Remote Desktop licensing mode*
+-   GP name: *TS_LICENSING_MODE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_MAX_CON_POLICY**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.  You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, other users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. 
+
+By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions.  
+
+To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999.  
+
+If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server.  
+
+If the status is set to Disabled or Not Configured, limits to the number of connections aren't enforced at the Group Policy level.  
+
+>[!NOTE] 
+>This setting is designed to be used on RD Session Host servers (that is, on servers running Windows with Remote Desktop Session Host role service installed).
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Limit number of connections*
+-   GP name: *TS_MAX_CON_POLICY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_MAXDISPLAYRES**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Remote Desktop Services session. Limiting the resolution used to display a remote session can improve connection performance, particularly over slow links, and reduce server load.  
+
+If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session.  
+
+If you disable or don't configure this policy setting, the maximum resolution that can be used by each monitor to display a Remote Desktop Services session will be determined by the values specified on the Display Settings tab in the Remote Desktop Session Host Configuration tool.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Limit maximum display resolution*
+-   GP name: *TS_MAXDISPLAYRES*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_MAXMONITOR**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance, particularly over slow links, and reduce server load.  
+
+If you enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can specify a number from 1 to 16.  
+
+If you disable or don't configure this policy setting, the number of monitors that can be used to display a Remote Desktop Services session isn't specified at the Group Policy level.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Limit number of monitors*
+-   GP name: *TS_MAXMONITOR*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_NoDisconnectMenu**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.  You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.  
+
+If you enable this policy setting, "Disconnect" doesn't appear as an option in the drop-down list in the Shut Down Windows dialog box.  
+
+If you disable or don't configure this policy setting, "Disconnect" isn't removed from the list in the Shut Down Windows dialog box.  
+
+>[!NOTE]
+>This policy setting affects only the Shut Down Windows dialog box. It doesn't prevent users from using other methods to disconnect from a Remote Desktop Services session. 
+
+This policy setting also doesn't prevent disconnected sessions at the server. You can control how long a disconnected session remains active on the server by configuring the **Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Session Time Limits\Set time limit for disconnected sessions** policy setting.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Remove "Disconnect" option from Shut Down dialog*
+-   GP name: *TS_NoDisconnectMenu*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_NoSecurityMenu**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.  
+
+If the status is set to Enabled, Windows Security doesn't appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer.  
+
+If the status is set to Disabled or Not Configured, Windows Security remains in the Settings menu.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Remove Windows Security item from Start menu*
+-   GP name: *TS_NoSecurityMenu*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_PreventLicenseUpgrade**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.  
+
+A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003.  
+
+By default, if the most appropriate RDS CAL isn't available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following types of clients:  
+- A client connecting to a Windows Server 2003 terminal server 
+- A client connecting to a Windows 2000 terminal server  
+
+If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server isn't available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client won't be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server hasn't expired.  
+
+If you disable or don't configure this policy setting, the license server will exhibit the default behavior noted earlier.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Prevent license upgrade*
+-   GP name: *TS_PreventLicenseUpgrade*
+-   GP path: *Windows Components\Remote Desktop Services\RD Licensing*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.  
+
+If you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user won't be prompted to provide credentials.  
+
+>[!NOTE] 
+>If you enable this policy setting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration.  
+
+If you disable or don't configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server.  
+
+For Windows Server 2003 and Windows 2000 Server, a user will be prompted on the terminal server to provide credentials for a remote connection. For Windows Server 2008 and Windows Server 2008 R2, a user will be prompted on the client computer to provide credentials for a remote connection.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Prompt for credentials on the client computer*
+-   GP name: *TS_PROMT_CREDS_CLIENT_COMP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_RADC_DefaultConnection**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+
+This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs.  The default connection URL must be configured in the form of [http://contoso.com/rdweb/Feed/webfeed.aspx](http://contoso.com/rdweb/Feed/webfeed.aspx).    
+
+- If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user can't change the default connection URL. The user's default sign-in credentials are used when setting up the default connection URL.  
+
+- If you disable or don't configure this policy setting, the user has no default connection URL.  
+
+RemoteApp programs that are installed through RemoteApp and Desktop Connections from an untrusted server can compromise the security of a user's account.
+
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Specify default connection URL*
+-   GP name: *TS_RADC_DefaultConnection*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+
+This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user.  By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete.  
+
+- If you enable this policy setting, user sign in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers.  
+
+- If you disable or don't configure this policy setting, the Start screen is shown and apps are registered in the background.
+
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Suspend user sign-in to complete app registration*
+-   GP name: *TS_RDSAppX_WaitForRegistration*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_RemoteControl_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+This policy determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.  
+
+To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service.
+
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers*
+-   GP name: *TS_RemoteControl_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_RemoteControl_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+This policy determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.  
+
+To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service.
+
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers*
+-   GP name: *TS_RemoteControl_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered.  Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. 
+
+You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed).  
+If you've a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. 
+ 
+By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. 
+
+If you disable or don't configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior).
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Optimize visual experience when using RemoteFX*
+-   GP name: *TS_RemoteDesktopVirtualGraphics*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_SD_ClustName**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. 
+
+Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name doesn't have to correspond to a name in Active Directory Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker.  
+
+- If you enable this policy setting, you must specify the name of a farm in RD Connection Broker.  
+
+- If you disable or don't configure this policy setting, the farm name isn't specified at the Group Policy level.  
+
+> [!NOTE]
+> This policy setting isn't effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy.
+
+For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure RD Connection Broker farm name*
+-   GP name: *TS_SD_ClustName*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server.  
+
+- If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm.  
+
+- If you disable this policy setting, the IP address of the RD Session Host server isn't sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you don't want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. 
+
+If you don't configure this policy setting, the Use IP address redirection policy setting isn't enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default.  
+
+> [!NOTE]
+> For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Use IP Address Redirection*
+-   GP name: *TS_SD_EXPOSE_ADDRESS*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_SD_Loc**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm. 
+The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server.  
+
+- If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers.  
+
+- If you disable or don't configure this policy setting, the policy setting isn't specified at the Group Policy level.
+
+
+> [!NOTE]
+> For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
+> This policy setting isn't effective unless the Join RD Connection Broker policy setting is enabled.
+> To be an active member of an RD Session Host server farm, the computer account for each RD Session Host server in the farm must be a member of one of the following local groups on the RD Connection Broker server: Session Directory Computers, Session Broker Computers, or RDS Endpoint Servers.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure RD Connection Broker server name*
+-   GP name: *TS_SD_Loc*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections.  
+
+- If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting. 
+
+The following security methods are available:  
+
+- **Negotiate**: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it's used to authenticate the RD Session Host server. If TLS isn't supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended.  
+- **RDP**: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended.  
+- **SSL (TLS 1.0)**: The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS isn't supported, the connection fails. This enablement is the recommended setting for this policy.  
+
+If you disable or don't configure this policy setting, the security method to be used for remote connections to RD Session Host servers isn't specified at the Group Policy level.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Require use of specific security layer for remote (RDP) connections*
+-   GP name: *TS_SECURITY_LAYER_POLICY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+**ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).  
+You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect.  
+
+- If you disable Connect Time Detect, Remote Desktop Protocol won't determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection.  
+
+- If you disable Continuous Network Detect, Remote Desktop Protocol won't try to adapt the remote user experience to varying network quality.  
+
+- If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol won't try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it won't try to adapt the user experience to varying network quality.  
+
+- If you disable or don't configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user experience to varying network quality.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Select network detection on the server*
+-   GP name: *TS_SELECT_NETWORK_DETECT*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SELECT_TRANSPORT**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.  
+
+- If you enable this policy setting, you must specify if you would like RDP to use UDP.  You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)"  
+
+If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP.  If the UDP connection isn't successful or if you select "Use only TCP," all of the RDP traffic will use TCP.  
+
+- If you disable or don't configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Select RDP transport protocols*
+-   GP name: *TS_SELECT_TRANSPORT*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves. 
+This policy setting applies only to RemoteApp programs and doesn't apply to remote desktop sessions.  
+
+- If you enable or don't configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics.  
+
+- If you disable this policy setting, RemoteApp programs published from this RD Session Host server won't use these advanced graphics. You may want to choose this option if you discover that applications published as RemoteApp programs don't support these advanced graphics.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Use advanced RemoteFX graphics for RemoteApp*
+-   GP name: *TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SERVER_AUTH**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client can't authenticate the RD Session Host server.  
+
+- If you enable this policy setting, you must specify one of the following settings:  
+
+    - Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client can't authenticate the RD Session Host server.  
+
+    - Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server can't be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server. 
+
+    - don't connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated.  
+
+- If you disable or don't configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client can't authenticate the RD Session Host server.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure server authentication for client*
+-   GP name: *TS_SERVER_AUTH*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. 
+
+- When you enable hardware encoding, if an error occurs, we'll attempt to use software encoding. 
+
+- If you disable or don't configure this policy, we'll always use software encoding.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure H.264/AVC hardware encoding for Remote Desktop Connections*
+-   GP name: *TS_SERVER_AVC_HW_ENCODE_PREFERRED*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. 
+
+When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections*
+-   GP name: *TS_SERVER_AVC444_MODE_PREFERRED*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SERVER_COMPRESSOR**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use.  By default, servers use an RDP compression algorithm that is based on the server's hardware configuration.  
+
+- If you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth. 
+
+If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth. 
+
+In Windows  8 only the compression algorithm that balances memory usage and bandwidth is used.  You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you're using a hardware device that is designed to optimize network traffic. 
+
+Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed.  
+
+- If you disable or don't configure this policy setting, the default RDP compression algorithm will be used.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure compression for RemoteFX data*
+-   GP name: *TS_SERVER_COMPRESSOR*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.  
+
+- If you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes.  
+
+- If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality.  
+
+- If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth.  
+
+- If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data isn't impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you enable this setting for specific cases only.  
+
+- If you disable or don't configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure image quality for RemoteFX Adaptive Graphics*
+-   GP name: *TS_SERVER_IMAGE_QUALITY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SERVER_LEGACY_RFX**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.  
+
+When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1.  When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.  
+
+- If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.  
+
+- If you disable this policy setting, RemoteFX will be disabled.  If you don't configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure RemoteFX*
+-   GP name: *TS_SERVER_LEGACY_RFX*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SERVER_PROFILE**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available network bandwidth.  
+
+If you enable this policy setting, the RemoteFX experience could be set to one of the following options:  
+1. Let the system choose the experience for the network condition  
+2. Optimize for server scalability  
+3. Optimize for minimum bandwidth usage. If you disable or don't configure this policy setting, the RemoteFX experience will change dynamically based on the network condition."
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Configure RemoteFX Adaptive Graphics*
+-   GP name: *TS_SERVER_PROFILE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SERVER_VISEXP**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience. By default, Remote Desktop Services sessions are optimized for rich multimedia, such as applications that use Silverlight or Windows Presentation Foundation.  
+
+- If you enable this policy setting, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multimedia or Text.  
+
+- If you disable or don't configure this policy setting, Remote Desktop Services sessions are optimized for rich multimedia.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Optimize visual experience for Remote Desktop Service Sessions*
+-   GP name: *TS_SERVER_VISEXP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting lets you enable WDDM graphics display driver for Remote Desktop Connections.  
+
+- If you enable or don't configure this policy setting, Remote Desktop Connections will use WDDM graphics display driver.  
+
+- If you disable this policy setting, Remote Desktop Connections won't use WDDM graphics display driver. In this case, the Remote Desktop Connections will use XDDM graphics display driver.  For this change to take effect, you must restart Windows.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Use WDDM graphics display driver for Remote Desktop Connections*
+-   GP name: *TS_SERVER_WDDM_GRAPHICS_DRIVER*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_Session_End_On_Limit_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy. 
+
+See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.  
+
+- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.  
+
+- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.  
+
+This policy setting only applies to time-out limits that are explicitly set by the administrator. 
+
+This policy setting doesn't apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *End session when time limits are reached*
+-   GP name: *TS_Session_End_On_Limit_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_Session_End_On_Limit_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy. 
+
+See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.  
+
+- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.  
+
+- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.  
+
+This policy setting only applies to time-out limits that are explicitly set by the administrator. 
+
+This policy setting doesn't apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *End session when time limits are reached*
+-   GP name: *TS_Session_End_On_Limit_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.  You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.  
+When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.  
+
+- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you've a console session, disconnected session time limits don't apply.  
+
+- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.  
+
+>[!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Set time limit for disconnected sessions*
+-   GP name: *TS_SESSIONS_Disconnected_Timeout_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.  You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.  
+When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.  
+
+- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you've a console session, disconnected session time limits don't apply.  
+
+- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.  
+
+>[!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Set time limit for disconnected sessions*
+-   GP name: *TS_SESSIONS_Disconnected_Timeout_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected.  
+
+- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you've a console session, idle session time limits don't apply.  
+
+- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default,  Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.  
+
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.  
+
+>[!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Set time limit for active but idle Remote Desktop Services sessions*
+-   GP name: *TS_SESSIONS_Idle_Limit_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected.  
+
+- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you've a console session, idle session time limits don't apply.  
+
+- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default,  Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.  
+
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.  
+
+>[!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Set time limit for active but idle Remote Desktop Services sessions*
+-   GP name: *TS_SESSIONS_Idle_Limit_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SESSIONS_Limits_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected.  
+
+- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you've a console session, active session time limits don't apply.  
+
+- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.  
+
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.  
+
+>[!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Set time limit for active Remote Desktop Services sessions*
+-   GP name: *TS_SESSIONS_Limits_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SESSIONS_Limits_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected.  
+
+- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you've a console session, active session time limits don't apply.  
+
+- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.  
+
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.  
+
+>[!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Set time limit for active Remote Desktop Services sessions*
+-   GP name: *TS_SESSIONS_Limits_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SINGLE_SESSION**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting allows you to restrict users to a single Remote Desktop Services session. If you enable this policy setting, users who sign in remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. 
+
+If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next sign in.  
+
+If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services.  If you don't configure this policy setting,  this policy setting isn't specified at the Group Policy level.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Restrict Remote Desktop Services users to a single Remote Desktop Services session*
+-   GP name: *TS_SINGLE_SESSION*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_SMART_CARD**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.  
+
+- If you enable this policy setting, Remote Desktop Services users can't use a smart card to sign in to a Remote Desktop Services session.  
+
+- If you disable or don't configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection.  
+
+>[!NOTE]
+> The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow smart card device redirection*
+-   GP name: *TS_SMART_CARD*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_START_PROGRAM_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+Configures Remote Desktop Services to run a specified program automatically upon connection.  You can use this setting to specify a program to run automatically when a user signs in to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. 
+
+The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. 
+
+If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program.  If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)  
+
+>[!NOTE]
+> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Start a program on connection*
+-   GP name: *TS_START_PROGRAM_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_START_PROGRAM_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user signs in to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. 
+
+The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. 
+
+If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program.  If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)  
+
+>[!NOTE]
+> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Start a program on connection*
+-   GP name: *TS_START_PROGRAM_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_TEMP_DELETE**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at sign out. You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user signs out from a session. By default, Remote Desktop Services deletes a user's temporary folders when the user signs out.  
+
+If you enable this policy setting, a user's per-session temporary folders are retained when the user signs out from a session.  
+
+If you disable this policy setting, temporary folders are deleted when a user signs out, even if the server administrator specifies otherwise. If you don't configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at sign out, unless specified otherwise by the server administrator.  
+  
+>[!NOTE]
+> This setting only takes effect if per-session temporary folders are in use on the server. If you enable the don't use temporary folders per session policy setting, this policy setting has no effect.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not delete temp folders upon exit*
+-   GP name: *TS_TEMP_DELETE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_TEMP_PER_SESSION**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.  
+
+You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user's profile folder and are named with the session ID.  
+
+- If you enable this policy setting, per-session temporary folders aren't created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer.  
+
+- If you disable this policy setting, per-session temporary folders are always created, even if the server administrator specifies otherwise. If you don't configure this policy setting, per-session temporary folders are created unless the server administrator specifies otherwise.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not use temporary folders per session*
+-   GP name: *TS_TEMP_PER_SESSION*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_TIME_ZONE**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.  
+
+- If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone).  
+
+- If you disable or don't configure this policy setting, the client computer doesn't redirect its time zone information and the session time zone is the same as the server time zone.  
+
+>[!NOTE]
+> Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 or later.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow time zone redirection*
+-   GP name: *TS_TIME_ZONE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the  RD Session Host server. By default, administrators are able to make such changes.  
+
+- If you enable this policy setting, the default security descriptors for existing groups on the RD Session Host server can't be changed. All the security descriptors are read-only.  
+
+- If you disable or don't configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider.  
+
+>[!NOTE]
+> The preferred method of managing user access is by adding a user to the Remote Desktop Users group.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Do not allow local administrators to customize permissions*
+-   GP name: *TS_TSCC_PERMISSIONS_POLICY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in the default user profile, Remote Desktop Connection, Remote Desktop Services client, or through Group Policy.  
+
+- If you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings.  
+
+- If you disable or don't configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program isn't specified, the desktop is always displayed on the remote computer after the client connects to the remote computer.  
+
+>[!NOTE]
+> If this policy setting is enabled, then the "Start a program on connection" policy setting is ignored.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Always show desktop on connection*
+-   GP name: *TS_TURNOFF_SINGLEAPP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_UIA**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to restrict users to a single Remote Desktop Services session.  
+
+If you enable this policy setting, users who sign in remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next sign in.  
+
+- If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services.  
+
+- If you don't configure this policy setting,  this policy setting isn't specified at the Group Policy level.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Restrict Remote Desktop Services users to a single Remote Desktop Services session*
+-   GP name: *TS_UIA*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices won't be available for local usage on this computer.  
+If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer. 
+If you disable or don't configure this policy setting, other supported RemoteFX USB devices aren't available for RDP redirection by using any user account. For this change to take effect, you must restart Windows.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow RDP redirection of other supported RemoteFX USB devices from this computer*
+-   GP name: *TS_USB_REDIRECTION_DISABLE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process.  
+
+- If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server. To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported.  
+
+- If you disable this policy setting, Network Level Authentication isn't required for user authentication before allowing remote connections to the RD Session Host server. If you don't configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default.  
+
+Disabling this policy setting provides less security because user authentication will occur later in the remote connection process.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Require user authentication for remote connections by using Network Level Authentication*
+-   GP name: *TS_USER_AUTHENTICATION_POLICY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
+**ADMX_TerminalServer/TS_USER_HOME**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections.  
+
+- If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate hasn't been selected. 
+
+If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected.  
+
+- If you disable or don't configure this policy, the certificate template name isn't specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server.  
+
+If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Server authentication certificate template*
+-   GP name: *TS_USER_HOME*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+ 
+**ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES** 
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.  
+
+- If you enable this policy setting, Remote Desktop Services uses the path specified in the "Set path for Remote Desktop Services Roaming User Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile.  
+
+- If you disable or don't configure this policy setting, mandatory user profiles aren't used by users connecting remotely to the RD Session Host server.  
+
+For this policy setting to take effect, you must also enable and configure the "Set path for Remote Desktop Services Roaming User Profile" policy setting.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Use mandatory profiles on the RD Session Host server*
+-   GP name: *TS_USER_MANDATORY_PROFILES*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+ 
+
+**ADMX_TerminalServer/TS_USER_PROFILES** 
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles. By default, Remote Desktop Services stores all user profiles locally on the RD Session Host server. You can use this policy setting to specify a network share where user profiles can be centrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network share for user profiles. If you enable this policy setting, Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user.  
+
+To configure this policy setting, type the path to the network share in the form of \\Computername\Sharename. Don't specify a placeholder for the user account name, because Remote Desktop Services automatically adds this location when the user signs in and the profile is created. 
+
+If the specified network share doesn't exist, Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server.  
+
+If you disable or don't configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box.  
+
+1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session.  
+2. To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host server, use this policy setting together with the "Use mandatory profiles on the RD Session Host server" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the "Set path for Remote Desktop Services Roaming User Profile" policy setting should contain the mandatory profile.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Set path for Remote Desktop Services Roaming User Profile*
+-   GP name: *TS_USER_PROFILES*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
+
                  
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
index d21e77ad3c..cad32638c6 100644
--- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md
+++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
@@ -6,18 +6,23 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/25/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Thumbnails
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
                  
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 ## ADMX_Thumbnails policies  
 
@@ -39,32 +44,14 @@ manager: dansimp
 **ADMX_Thumbnails/DisableThumbnails**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -79,7 +66,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer.
+This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer.
 
 File Explorer displays thumbnail images by default. 
 
@@ -88,16 +75,10 @@ If you enable this policy setting, File Explorer displays only icons and never d
 If you disable or do not configure this policy setting, File Explorer displays only thumbnail images.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off the display of thumbnails and only display icons.*
+-   GP Friendly name: *Turn off the display of thumbnails and only display icons.*
 -   GP name: *DisableThumbnails*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *Thumbnails.admx*
@@ -110,32 +91,14 @@ ADMX Info:
 **ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -150,7 +113,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders.
+This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders.
 
 File Explorer displays thumbnail images on network folders by default.
 
@@ -159,16 +122,10 @@ If you enable this policy setting, File Explorer displays only icons and never d
 If you disable or do not configure this policy setting, File Explorer displays only thumbnail images on network folders.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off the display of thumbnails and only display icons on network folders*
+-   GP Friendly name: *Turn off the display of thumbnails and only display icons on network folders*
 -   GP name: *DisableThumbnailsOnNetworkFolders*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *Thumbnails.admx*
@@ -181,32 +138,14 @@ ADMX Info:
 **ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -221,7 +160,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Turns off the caching of thumbnails in hidden thumbs.db files.
+Turns off the caching of thumbnails in hidden thumbs.db files.
 
 This policy setting allows you to configure File Explorer to cache thumbnails of items residing in network folders in hidden thumbs.db files.
 
@@ -230,16 +169,10 @@ If you enable this policy setting, File Explorer does not create, read from, or
 If you disable or do not configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
 
 ADMX Info:  
--   GP English name: *Turn off the caching of thumbnails in hidden thumbs.db files*
+-   GP Friendly name: *Turn off the caching of thumbnails in hidden thumbs.db files*
 -   GP name: *DisableThumbsDBOnNetworkFolders*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *Thumbnails.admx*
@@ -248,8 +181,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md
new file mode 100644
index 0000000000..4f7283a5a7
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md
@@ -0,0 +1,235 @@
+---
+title: Policy CSP - ADMX_TouchInput
+description: Policy CSP - ADMX_TouchInput
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 09/23/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_TouchInput
+
+
                  
+
+
+## ADMX_TouchInput policies  
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+  
                  
+    ADMX_TouchInput/TouchInputOff_1
+  
                  
+  
                  
+    ADMX_TouchInput/TouchInputOff_2
+  
                  
+  
                  
+    ADMX_TouchInput/PanningEverywhereOff_1
+  
                  
+  
                  
+    ADMX_TouchInput/PanningEverywhereOff_2
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_TouchInput/TouchInputOff_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.  
+
+- If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.  
+- If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.  
+
+If you don't configure this setting, touch input is on by default.  Note: Changes to this setting won't take effect until the user signs out.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off Tablet PC touch input*
+-   GP name: *TouchInputOff_1*
+-   GP path: *Windows Components\Tablet PC\Touch Input*
+-   GP ADMX file name: *TouchInput.admx*
+
+
+
+
+**ADMX_TouchInput/TouchInputOff_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.  
+
+- If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.  
+- If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.  
+
+If you don't configure this setting, touch input is on by default.  Note: Changes to this setting won't take effect until the user signs out.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off Tablet PC touch input*
+-   GP name: *TouchInputOff_2*
+-   GP path: *Windows Components\Tablet PC\Touch Input*
+-   GP ADMX file name: *TouchInput.admx*
+
+
+
+
+
                  
+
+
+**ADMX_TouchInput/PanningEverywhereOff_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+Turn off Panning  Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.  
+
+- If you enable this setting, the user won't be able to pan windows by touch.  
+
+- If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.  
+
+> [!NOTE]
+> Changes to this setting won't take effect until the user logs off.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off Touch Panning*
+-   GP name: *PanningEverywhereOff_1*
+-   GP path: *Windows Components\Tablet PC\Touch Input*
+-   GP ADMX file name: *TouchInput.admx*
+
+
+
+
                  
+
+**ADMX_TouchInput/PanningEverywhereOff_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+Turn off Panning  Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.  
+
+- If you enable this setting, the user won't be able to pan windows by touch.  
+
+- If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.  
+
+> [!NOTE]
+> Changes to this setting won't take effect until the user logs off.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Turn off Touch Panning*
+-   GP name: *PanningEverywhereOff_2*
+-   GP path: *Windows Components\Tablet PC\Touch Input*
+-   GP ADMX file name: *TouchInput.admx*
+
+
+
+
                  
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md
index a428786a24..cc8d6387aa 100644
--- a/windows/client-management/mdm/policy-csp-admx-tpm.md
+++ b/windows/client-management/mdm/policy-csp-admx-tpm.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/25/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_TPM
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -61,32 +65,14 @@ manager: dansimp
 **ADMX_TPM/BlockedCommandsList_Name**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -101,23 +87,17 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows.
+This policy setting allows you to manage the Policy list of Trusted Platform Module (TPM) commands blocked by Windows.
 
 If you enable this policy setting, Windows will block the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number 129 is TPM_OwnerReadInternalPub, and command number 170 is TPM_FieldUpgrade. To find the command number associated with each TPM command with TPM 1.2, run "tpm.msc" and navigate to the "Command Management" section.
 
-If you disable or do not configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and local lists of blocked TPM commands.
+If you disable or don't configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and local lists of blocked TPM commands.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure the list of blocked TPM commands*
+-   GP Friendly name: *Configure the list of blocked TPM commands*
 -   GP name: *BlockedCommandsList_Name*
 -   GP path: *System\Trusted Platform Module Services*
 -   GP ADMX file name: *TPM.admx*
@@ -130,32 +110,14 @@ ADMX Info:
 **ADMX_TPM/ClearTPMIfNotReady_Name**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -170,19 +132,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the system’s TPM is in a state other than Ready, including if the TPM is “Ready, with reduced functionality”. The prompt to clear the TPM will start occurring after the next reboot, upon user login only if the logged in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and login until the policy is disabled or until the TPM is in a Ready state.
+This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the system’s TPM is in a state other than Ready, including if the TPM is “Ready, with reduced functionality”. The prompt to clear the TPM will start occurring after the next reboot, upon user sign in only if the signed in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and sign in until the policy is disabled or until the TPM is in a Ready state.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure the system to clear the TPM if it is not in a ready state.*
+-   GP Friendly name: *Configure the system to clear the TPM if it is not in a ready state.*
 -   GP name: *ClearTPMIfNotReady_Name*
 -   GP path: *System\Trusted Platform Module Services*
 -   GP ADMX file name: *TPM.admx*
@@ -195,32 +151,14 @@ ADMX Info:
 **ADMX_TPM/IgnoreDefaultList_Name**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -235,25 +173,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.
+This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.
 
-If you enable this policy setting, Windows will ignore the computer's default list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the local list.
+If you enable this policy setting, Windows will ignore the computer's default list of blocked TPM commands and will only block those TPM commands specified by Policy or the local list.
 
-The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Group Policy list of blocked TPM commands.
+The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Policy list of blocked TPM commands.
 
-If you disable or do not configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Group Policy and local lists of blocked TPM commands. 
+If you disable or don't configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Policy and local lists of blocked TPM commands. 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Ignore the default list of blocked TPM commands*
+-   GP Friendly name: *Ignore the default list of blocked TPM commands*
 -   GP name: *IgnoreDefaultList_Name*
 -   GP path: *System\Trusted Platform Module Services*
 -   GP ADMX file name: *TPM.admx*
@@ -266,32 +198,14 @@ ADMX Info:
 **ADMX_TPM/IgnoreLocalList_Name**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -306,25 +220,19 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.
+This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.
 
-If you enable this policy setting, Windows will ignore the computer's local list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the default list.
+If you enable this policy setting, Windows will ignore the computer's local list of blocked TPM commands and will only block those TPM commands specified by Policy or the default list.
 
-The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. The default list of blocked TPM commands is pre-configured by Windows. See the related policy setting to configure the Group Policy list of blocked TPM commands.
+The local list of blocked TPM commands is configured outside of Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. The default list of blocked TPM commands is pre-configured by Windows. See the related policy setting to configure the Policy list of blocked TPM commands.
 
-If you disable or do not configure this policy setting, Windows will block the TPM commands found in the local list, in addition to commands in the Group Policy and default lists of blocked TPM commands.
+If you disable or don't configure this policy setting, Windows will block the TPM commands found in the local list, in addition to commands in the Policy and default lists of blocked TPM commands.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Ignore the local list of blocked TPM commands*
+-   GP Friendly name: *Ignore the local list of blocked TPM commands*
 -   GP name: *IgnoreLocalList_Name*
 -   GP path: *System\Trusted Platform Module Services*
 -   GP ADMX file name: *TPM.admx*
@@ -337,32 +245,14 @@ ADMX Info:
 **ADMX_TPM/OSManagedAuth_Name**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -377,13 +267,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions which require TPM owner authorization without requiring the user to enter the TPM owner password.
+This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions that require TPM owner authorization without requiring the user to enter the TPM owner password.
 
 You can choose to have the operating system store either the full TPM owner authorization value, the TPM administrative delegation blob plus the TPM user delegation blob, or none.
 
 If you enable this policy setting, Windows will store the TPM owner authorization in the registry of the local computer according to the operating system managed TPM authentication setting you choose.
 
-Choose the operating system managed TPM authentication setting of "Full" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios which do not depend on preventing reset of the TPM anti-hammering logic or changing the TPM owner authorization value. Some TPM-based applications may require this setting be changed before features which depend on the TPM anti-hammering logic can be used.
+Choose the operating system managed TPM authentication setting of "Full" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that don't depend on preventing reset of the TPM anti-hammering logic or changing the TPM owner authorization value. Some TPM-based applications may require this setting to be changed before making the features that depend on the TPM anti-hammering logic usable.
 
 Choose the operating system managed TPM authentication setting of "Delegated" to store only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM anti-hammering logic.
 
@@ -393,16 +283,10 @@ Choose the operating system managed TPM authentication setting of "None" for com
 > If the operating system managed TPM authentication setting is changed from "Full" to "Delegated", the full TPM owner authorization value will be regenerated and any copies of the original TPM owner authorization value will be invalid.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure the level of TPM owner authorization information available to the operating system*
+-   GP Friendly name: *Configure the level of TPM owner authorization information available to the operating system*
 -   GP name: *OSManagedAuth_Name*
 -   GP path: *System\Trusted Platform Module Services*
 -   GP ADMX file name: *TPM.admx*
@@ -415,32 +299,14 @@ ADMX Info:
 **ADMX_TPM/OptIntoDSHA_Name**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -455,19 +321,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This group policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows.
+This Policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and won't interfere with their workflows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enable Device Health Attestation Monitoring and Reporting*
+-   GP Friendly name: *Enable Device Health Attestation Monitoring and Reporting*
 -   GP name: *OptIntoDSHA_Name*
 -   GP path: *System\Device Health Attestation Service*
 -   GP ADMX file name: *TPM.admx*
@@ -480,32 +340,14 @@ ADMX Info:
 **ADMX_TPM/StandardUserAuthorizationFailureDuration_Name**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -520,7 +362,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user is prevented from sending commands requiring authorization to the TPM.
+This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user is prevented from sending commands requiring authorization to the TPM.
 
 This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
 
@@ -528,27 +370,21 @@ An authorization failure occurs each time a standard user sends a command to the
 
 For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
 
-The Standard User Lockout Threshold Individual value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
+The Standard User Lockout Threshold Individual value is the maximum number of authorization failures each standard user may have before the user isn't allowed to send commands requiring authorization to the TPM.
 
-The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
+The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users aren't allowed to send commands requiring authorization to the TPM.
 
-The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
 
 An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
 
-If this value is not configured, a default value of 480 minutes (8 hours) is used.
+If this value isn't configured, a default value of 480 minutes (8 hours) is used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
+>
 
 ADMX Info:  
--   GP English name: *Standard User Lockout Duration*
+-   GP Friendly name: *Standard User Lockout Duration*
 -   GP name: *StandardUserAuthorizationFailureDuration_Name*
 -   GP path: *System\Trusted Platform Module Services*
 -   GP ADMX file name: *TPM.admx*
@@ -561,32 +397,14 @@ ADMX Info:
 **ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -601,37 +419,31 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
+This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
 
 This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
 
 An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.
 
-For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
+For each standard user, two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
 
-This value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
+This value is the maximum number of authorization failures each standard user may have before the user isn't allowed to send commands requiring authorization to the TPM.
 
-The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
+The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users aren't allowed to send commands requiring authorization to the TPM.
 
-The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it's global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
 
 An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
 
-If this value is not configured, a default value of 4 is used.
+If this value isn't configured, a default value of 4 is used.
 
-A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.
+A value of 0 means the OS won't allow standard users to send commands to the TPM, which may cause an authorization failure.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Standard User Individual Lockout Threshold*
+-   GP Friendly name: *Standard User Individual Lockout Threshold*
 -   GP name: *StandardUserAuthorizationFailureIndividualThreshold_Name*
 -   GP path: *System\Trusted Platform Module Services*
 -   GP ADMX file name: *TPM.admx*
@@ -644,32 +456,14 @@ ADMX Info:
 **ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -684,37 +478,31 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all standard users are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
+This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all standard users are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
 
 This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
 
 An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.
 
-For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
+For each standard user, two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
 
-The Standard User Individual Lockout value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
+The Standard User Individual Lockout value is the maximum number of authorization failures each standard user may have before the user isn't allowed to send commands requiring authorization to the TPM.
 
-This value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
+This value is the maximum total number of authorization failures all standard users may have before all standard users aren't allowed to send commands requiring authorization to the TPM.
 
-The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it's global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
 
 An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
 
-If this value is not configured, a default value of 9 is used.
+If this value isn't configured, a default value of 9 is used.
 
-A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.
+A value of 0 means the OS won't allow standard users to send commands to the TPM, which may cause an authorization failure.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Standard User Total Lockout Threshold*
+-   GP Friendly name: *Standard User Total Lockout Threshold*
 -   GP name: *StandardUserAuthorizationFailureTotalThreshold_Name*
 -   GP path: *System\Trusted Platform Module Services*
 -   GP ADMX file name: *TPM.admx*
@@ -727,32 +515,14 @@ ADMX Info:
 **ADMX_TPM/UseLegacyDAP_Name**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -767,19 +537,13 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system.
+This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this Policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from Policy and b) clear the TPM on the system.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.*
+-   GP Friendly name: *Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.*
 -   GP name: *UseLegacyDAP_Name*
 -   GP path: *System\Trusted Platform Module Services*
 -   GP ADMX file name: *TPM.admx*
@@ -788,8 +552,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
index 54ba484366..25e8620306 100644
--- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
+++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/30/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_UserExperienceVirtualization
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -409,32 +413,14 @@ manager: dansimp
 **ADMX_UserExperienceVirtualization/Calculator**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -450,7 +436,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings of Calculator.
+This policy setting configures the synchronization of user settings of Calculator.
 
 By default, the user settings of Calculator synchronize between computers. Use the policy setting to prevent the user settings of Calculator from synchronization between computers.
 
@@ -461,16 +447,10 @@ If you disable this policy setting, Calculator user settings are excluded from t
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Calculator*
+-   GP Friendly name: *Calculator*
 -   GP name: *Calculator*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -483,32 +463,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/ConfigureSyncMethod**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -524,7 +486,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users’ computers. 
+This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users’ computers. 
 
 With Sync Method set to ”SyncProvider,” the UE-V Agent uses a built-in sync provider to keep user settings synchronized between the computer and the settings storage location. This is the default value. You can disable the sync provider on computers that never go offline and are always connected to the settings storage location.
 
@@ -540,16 +502,10 @@ If you disable this policy setting, the sync provider is used to synchronize set
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure Sync Method*
+-   GP Friendly name: *Configure Sync Method*
 -   GP name: *ConfigureSyncMethod*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -562,32 +518,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/ConfigureVdi**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -603,7 +541,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers running in a non-persistent, pooled VDI environment. 
+This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers running in a non-persistent, pooled VDI environment. 
 
 UE-V settings rollback data and checkpoints are normally stored only on the local computer. With this policy setting enabled, the rollback information is copied to the settings storage location when the user logs off or shuts down their VDI session. 
 
@@ -615,16 +553,10 @@ If you disable this policy setting, no UE-V rollback state is copied to the sett
 
 If you do not configure this policy, no UE-V rollback state is copied to the settings storage location.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *VDI Configuration*
+-   GP Friendly name: *VDI Configuration*
 -   GP name: *ConfigureVdi*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -637,32 +569,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/ContactITDescription**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -677,7 +591,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the text of the Contact IT URL hyperlink in the Company Settings Center.
+This policy setting specifies the text of the Contact IT URL hyperlink in the Company Settings Center.
 
 If you enable this policy setting, the Company Settings Center displays the specified text in the link to the Contact IT URL.
 
@@ -686,16 +600,10 @@ If you disable this policy setting, the Company Settings Center does not display
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Contact IT Link Text*
+-   GP Friendly name: *Contact IT Link Text*
 -   GP name: *ContactITDescription*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -708,32 +616,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/ContactITUrl**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -748,7 +638,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the URL for the Contact IT link in the Company Settings Center.
+This policy setting specifies the URL for the Contact IT link in the Company Settings Center.
 
 If you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto. 
 
@@ -756,16 +646,10 @@ If you disable this policy setting, the Company Settings Center does not display
 
 If you do not configure this policy setting, any defined values will be deleted.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Contact IT URL*
+-   GP Friendly name: *Contact IT URL*
 -   GP name: *ContactITUrl*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -778,32 +662,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/DisableWin8Sync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -819,7 +685,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps.
+This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps.
 
 By default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location.  
 
@@ -833,16 +699,10 @@ If you do not configure this policy setting, any defined values are deleted.
 > If the user connects their Microsoft account for their computer then the UE-V Agent will not synchronize Windows apps. The Windows apps will default to whatever settings are configured in the Sync your settings configuration in Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not synchronize Windows Apps*
+-   GP Friendly name: *Do not synchronize Windows Apps*
 -   GP name: *DisableWin8Sync*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -855,32 +715,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/DisableWindowsOSSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -896,7 +738,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of Windows settings between computers. Certain Windows settings will synchronize between computers by default. These settings include Windows themes, Windows desktop settings, Ease of Access settings, and network printers. Use this policy setting to specify which Windows settings synchronize between computers. You can also use these settings to enable synchronization of users' sign-in information for certain apps, networks, and certificates.
+This policy setting configures the synchronization of Windows settings between computers. Certain Windows settings will synchronize between computers by default. These settings include Windows themes, Windows desktop settings, Ease of Access settings, and network printers. Use this policy setting to specify which Windows settings synchronize between computers. You can also use these settings to enable synchronization of users' sign-in information for certain apps, networks, and certificates.
 
 If you enable this policy setting, only the selected Windows settings synchronize. Unselected Windows settings are excluded from settings synchronization.
 
@@ -905,16 +747,10 @@ If you disable this policy setting, all Windows Settings are excluded from the s
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Synchronize Windows settings*
+-   GP Friendly name: *Synchronize Windows settings*
 -   GP name: *DisableWindowsOSSettings*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -927,32 +763,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/EnableUEV**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -967,21 +785,15 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. 
+This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. 
 
 Reboot is needed for enable to take effect. With Auto-register inbox templates enabled, the UE-V inbox templates such as Office 2016 will be automatically registered when the UE-V Service is enabled. If this option is changed, it will only take effect when UE-V service is re-enabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enable UEV*
+-   GP Friendly name: *Enable UEV*
 -   GP name: *EnableUEV*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -994,32 +806,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/Finance**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1035,7 +829,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Finance app. By default, the user settings of Finance sync between computers. Use the policy setting to prevent the user settings of Finance from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Finance app. By default, the user settings of Finance sync between computers. Use the policy setting to prevent the user settings of Finance from synchronizing between computers.
 
 If you enable this policy setting, Finance user settings continue to sync.
 
@@ -1044,16 +838,10 @@ If you disable this policy setting, Finance user settings are excluded from sync
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Finance*
+-   GP Friendly name: *Finance*
 -   GP name: *Finance*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -1066,32 +854,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1106,7 +876,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables a notification in the system tray that appears when the User Experience Virtualization (UE-V) Agent runs for the first time. By default, a notification informs users that Company Settings Center, the user-facing name for the UE-V Agent, now helps to synchronize settings between their work computers.
+This policy setting enables a notification in the system tray that appears when the User Experience Virtualization (UE-V) Agent runs for the first time. By default, a notification informs users that Company Settings Center, the user-facing name for the UE-V Agent, now helps to synchronize settings between their work computers.
 
 With this setting enabled, the notification appears the first time that the UE-V Agent runs.
 
@@ -1115,16 +885,10 @@ With this setting disabled, no notification appears.
 If you do not configure this policy setting, any defined values are deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *First Use Notification*
+-   GP Friendly name: *First Use Notification*
 -   GP name: *FirstUseNotificationEnabled*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -1137,32 +901,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/Games**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1178,7 +924,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Games app. By default, the user settings of Games sync between computers. Use the policy setting to prevent the user settings of Games from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Games app. By default, the user settings of Games sync between computers. Use the policy setting to prevent the user settings of Games from synchronizing between computers.
 
 If you enable this policy setting, Games user settings continue to sync.
 
@@ -1187,16 +933,10 @@ If you disable this policy setting, Games user settings are excluded from synchr
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Games*
+-   GP Friendly name: *Games*
 -   GP name: *Games*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -1209,32 +949,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/InternetExplorer8**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1250,7 +972,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Internet Explorer 8.
+This policy setting configures the synchronization of user settings for Internet Explorer 8.
 
 By default, the user settings of Internet Explorer 8 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 8 from synchronization between computers. 
 
@@ -1261,16 +983,10 @@ If you disable this policy setting, Internet Explorer 8 user settings are exclud
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Internet Explorer 8*
+-   GP Friendly name: *Internet Explorer 8*
 -   GP name: *InternetExplorer8*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -1283,32 +999,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/InternetExplorer9**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1324,7 +1022,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Internet Explorer 9. By default, the user settings of Internet Explorer 9 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 9 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Internet Explorer 9. By default, the user settings of Internet Explorer 9 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 9 from synchronization between computers.
  
 If you enable this policy setting, the Internet Explorer 9 user settings continue to synchronize. 
 
@@ -1333,16 +1031,11 @@ If you disable this policy setting, Internet Explorer 9 user settings are exclud
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Internet Explorer 9*
+-   GP Friendly name: *Internet Explorer 9*
 -   GP name: *InternetExplorer9*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -1355,32 +1048,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/InternetExplorer10**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1396,7 +1071,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings of Internet Explorer 10. By default, the user settings of Internet Explorer 10 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 10 from synchronization between computers.
+This policy setting configures the synchronization of user settings of Internet Explorer 10. By default, the user settings of Internet Explorer 10 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 10 from synchronization between computers.
 
 If you enable this policy setting, the Internet Explorer 10 user settings continue to synchronize. 
 
@@ -1405,16 +1080,10 @@ If you disable this policy setting, Internet Explorer 10 user settings are exclu
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Internet Explorer 10*
+-   GP Friendly name: *Internet Explorer 10*
 -   GP name: *InternetExplorer10*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -1427,32 +1096,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/InternetExplorer11**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1468,7 +1119,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings of Internet Explorer 11. By default, the user settings of Internet Explorer 11 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 11 from synchronization between computers.
+This policy setting configures the synchronization of user settings of Internet Explorer 11. By default, the user settings of Internet Explorer 11 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 11 from synchronization between computers.
 
 If you enable this policy setting, the Internet Explorer 11 user settings continue to synchronize.
 
@@ -1477,16 +1128,10 @@ If you disable this policy setting, Internet Explorer 11 user settings are exclu
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Internet Explorer 11*
+-   GP Friendly name: *Internet Explorer 11*
 -   GP name: *InternetExplorer11*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -1499,32 +1144,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/InternetExplorerCommon**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1540,7 +1167,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the versions of Internet Explorer.
+This policy setting configures the synchronization of user settings which are common between the versions of Internet Explorer.
 By default, the user settings which are common between the versions of Internet Explorer synchronize between computers. Use the policy setting to prevent the user settings of Internet Explorer from synchronization between computers.
 
 If you enable this policy setting, the user settings which are common between the versions of Internet Explorer continue to synchronize.
@@ -1550,16 +1177,10 @@ If you disable this policy setting, the user settings which are common between t
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Internet Explorer Common Settings*
+-   GP Friendly name: *Internet Explorer Common Settings*
 -   GP name: *InternetExplorerCommon*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -1571,32 +1192,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/Maps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1612,7 +1215,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Maps app. By default, the user settings of Maps sync between computers. Use the policy setting to prevent the user settings of Maps from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Maps app. By default, the user settings of Maps sync between computers. Use the policy setting to prevent the user settings of Maps from synchronizing between computers.
 
 If you enable this policy setting, Maps user settings continue to sync.
 
@@ -1621,16 +1224,10 @@ If you disable this policy setting, Maps user settings are excluded from synchro
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Maps*
+-   GP Friendly name: *Maps*
 -   GP name: *Maps*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -1643,32 +1240,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1684,23 +1263,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent does not report information about package file size. 
+This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent does not report information about package file size. 
 
 If you enable this policy setting, specify the threshold file size in bytes. When the settings package file exceeds this threshold the UE-V Agent will write a warning event to the event log.
 
 If you disable or do not configure this policy setting, no event is written to the event log to report settings package size.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Settings package size warning threshold*
+-   GP Friendly name: *Settings package size warning threshold*
 -   GP name: *MaxPackageSizeInBytes*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -1713,32 +1286,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1754,7 +1309,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of Microsoft Access 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2010 from synchronization between computers. 
+This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of Microsoft Access 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2010 from synchronization between computers. 
 
 If you enable this policy setting, Microsoft Access 2010 user settings continue to synchronize.
 
@@ -1763,16 +1318,10 @@ If you disable this policy setting, Microsoft Access 2010 user settings are excl
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Access 2010*
+-   GP Friendly name: *Microsoft Access 2010*
 -   GP name: *MicrosoftOffice2010Access*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -1785,32 +1334,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1826,7 +1357,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010 applications. By default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers. 
+This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010 applications. By default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers. 
 
 If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications continue to synchronize.
 
@@ -1835,16 +1366,10 @@ If you disable this policy setting, the user settings which are common between t
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 2010 Common Settings*
+-   GP Friendly name: *Microsoft Office 2010 Common Settings*
 -   GP name: *MicrosoftOffice2010Common*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -1857,32 +1382,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1898,7 +1405,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Microsoft Excel 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2010 from synchronization between computers. 
+This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Microsoft Excel 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2010 from synchronization between computers. 
 
 If you enable this policy setting, Microsoft Excel 2010 user settings continue to synchronize.
 
@@ -1906,16 +1413,11 @@ If you disable this policy setting, Microsoft Excel 2010 user settings are exclu
 
 If you do not configure this policy setting, any defined values will be deleted.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Excel 2010*
+-   GP Friendly name: *Microsoft Excel 2010*
 -   GP name: *MicrosoftOffice2010Excel*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -1928,32 +1430,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1969,7 +1453,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft InfoPath 2010. By default, the user settings of Microsoft InfoPath 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft InfoPath 2010. By default, the user settings of Microsoft InfoPath 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2010 from synchronization between computers.
 
 If you enable this policy setting, Microsoft InfoPath 2010 user settings continue to synchronize.
 
@@ -1978,16 +1462,11 @@ If you disable this policy setting, Microsoft InfoPath 2010 user settings are ex
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft InfoPath 2010*
+-   GP Friendly name: *Microsoft InfoPath 2010*
 -   GP name: *MicrosoftOffice2010InfoPath*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -2000,32 +1479,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2041,7 +1502,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Microsoft Lync 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2010 from synchronization between computers. 
+This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Microsoft Lync 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2010 from synchronization between computers. 
 
 If you enable this policy setting, Microsoft Lync 2010 user settings continue to synchronize.
 
@@ -2050,16 +1511,10 @@ If you disable this policy setting, Microsoft Lync 2010 user settings are exclud
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Lync 2010*
+-   GP Friendly name: *Microsoft Lync 2010*
 -   GP name: *MicrosoftOffice2010Lync*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -2072,32 +1527,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2113,7 +1550,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft OneNote 2010. By default, the user settings of Microsoft OneNote 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft OneNote 2010. By default, the user settings of Microsoft OneNote 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2010 from synchronization between computers.
 
 If you enable this policy setting, Microsoft OneNote 2010 user settings continue to synchronize.
 
@@ -2121,16 +1558,10 @@ If you disable this policy setting, Microsoft OneNote 2010 user settings are exc
 
 If you do not configure this policy setting, any defined values will be deleted.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft OneNote 2010*
+-   GP Friendly name: *Microsoft OneNote 2010*
 -   GP name: *MicrosoftOffice2010OneNote*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -2143,32 +1574,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2184,7 +1597,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Outlook 2010. By default, the user settings of Microsoft Outlook 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Outlook 2010. By default, the user settings of Microsoft Outlook 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2010 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Outlook 2010 user settings continue to synchronize.
 
@@ -2193,16 +1606,10 @@ If you disable this policy setting, Microsoft Outlook 2010 user settings are exc
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Outlook 2010*
+-   GP Friendly name: *Microsoft Outlook 2010*
 -   GP name: *MicrosoftOffice2010Outlook*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -2215,32 +1622,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2256,7 +1645,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2010. By default, the user settings of Microsoft PowerPoint 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2010. By default, the user settings of Microsoft PowerPoint 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2010 from synchronization between computers.
 
 If you enable this policy setting, Microsoft PowerPoint 2010 user settings continue to synchronize.
 
@@ -2265,16 +1654,11 @@ If you disable this policy setting, Microsoft PowerPoint 2010 user settings are
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft PowerPoint 2010*
+-   GP Friendly name: *Microsoft PowerPoint 2010*
 -   GP name: *MicrosoftOffice2010PowerPoint*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -2287,32 +1671,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2328,7 +1694,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Project 2010. By default, the user settings of Microsoft Project 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Project 2010. By default, the user settings of Microsoft Project 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2010 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Project 2010 user settings continue to synchronize.
 
@@ -2336,16 +1702,11 @@ If you disable this policy setting, Microsoft Project 2010 user settings are exc
 
 If you do not configure this policy setting, any defined values will be deleted.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Project 2010*
+-   GP Friendly name: *Microsoft Project 2010*
 -   GP name: *MicrosoftOffice2010Project*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -2358,32 +1719,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2399,7 +1742,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Publisher 2010. By default, the user settings of Microsoft Publisher 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Publisher 2010. By default, the user settings of Microsoft Publisher 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2010 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Publisher 2010 user settings continue to synchronize.
 
@@ -2408,16 +1751,11 @@ If you disable this policy setting, Microsoft Publisher 2010 user settings are e
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Publisher 2010*
+-   GP Friendly name: *Microsoft Publisher 2010*
 -   GP name: *MicrosoftOffice2010Publisher*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -2430,32 +1768,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2471,7 +1791,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2010. By default, the user settings of Microsoft SharePoint Designer 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2010. By default, the user settings of Microsoft SharePoint Designer 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2010 from synchronization between computers.
 
 If you enable this policy setting, Microsoft SharePoint Designer 2010 user settings continue to synchronize.
 
@@ -2480,16 +1800,10 @@ If you disable this policy setting, Microsoft SharePoint Designer 2010 user sett
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft SharePoint Designer 2010*
+-   GP Friendly name: *Microsoft SharePoint Designer 2010*
 -   GP name: *MicrosoftOffice2010SharePointDesigner*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -2502,32 +1816,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2543,7 +1839,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft SharePoint Workspace 2010. By default, the user settings of Microsoft SharePoint Workspace 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Workspace 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft SharePoint Workspace 2010. By default, the user settings of Microsoft SharePoint Workspace 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Workspace 2010 from synchronization between computers.
 
 If you enable this policy setting, Microsoft SharePoint Workspace 2010 user settings continue to synchronize.
 
@@ -2552,16 +1848,11 @@ If you disable this policy setting, Microsoft SharePoint Workspace 2010 user set
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft SharePoint Workspace 2010*
+-   GP Friendly name: *Microsoft SharePoint Workspace 2010*
 -   GP name: *MicrosoftOffice2010SharePointWorkspace*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -2574,32 +1865,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2615,7 +1888,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Visio 2010. By default, the user settings of Microsoft Visio 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Visio 2010. By default, the user settings of Microsoft Visio 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2010 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Visio 2010 user settings continue to synchronize.
 
@@ -2624,16 +1897,10 @@ If you disable this policy setting, Microsoft Visio 2010 user settings are exclu
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Visio 2010*
+-   GP Friendly name: *Microsoft Visio 2010*
 -   GP name: *MicrosoftOffice2010Visio*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -2646,32 +1913,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2687,7 +1936,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Word 2010. By default, the user settings of Microsoft Word 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Word 2010. By default, the user settings of Microsoft Word 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2010 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Word 2010 user settings continue to synchronize.
 
@@ -2696,16 +1945,10 @@ If you disable this policy setting, Microsoft Word 2010 user settings are exclud
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Word 2010*
+-   GP Friendly name: *Microsoft Word 2010*
 -   GP name: *MicrosoftOffice2010Word*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -2718,32 +1961,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2759,7 +1984,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Access 2013. By default, the user settings of Microsoft Access 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Access 2013. By default, the user settings of Microsoft Access 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2013 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Access 2013 user settings continue to synchronize.
 
@@ -2767,16 +1992,10 @@ If you disable this policy setting, Microsoft Access 2013 user settings are excl
 
 If you do not configure this policy setting, any defined values will be deleted.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Access 2013*
+-   GP Friendly name: *Microsoft Access 2013*
 -   GP name: *MicrosoftOffice2013Access*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -2789,32 +2008,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2830,7 +2031,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Access 2013. Microsoft Access 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Access 2013. Microsoft Access 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2013 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Access 2013 will continue to be backed up.
 
@@ -2839,16 +2040,10 @@ If you disable this policy setting, certain user settings of Microsoft Access 20
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Access 2013 backup only*
+-   GP Friendly name: *Access 2013 backup only*
 -   GP name: *MicrosoftOffice2013AccessBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -2861,32 +2056,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2902,7 +2079,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. By default, the user settings which are common between the Microsoft Office Suite 2013 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers.
+This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. By default, the user settings which are common between the Microsoft Office Suite 2013 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers.
 
 If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2013 applications continue to synchronize.
 
@@ -2911,16 +2088,10 @@ If you disable this policy setting, the user settings which are common between t
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 2013 Common Settings*
+-   GP Friendly name: *Microsoft Office 2013 Common Settings*
 -   GP name: *MicrosoftOffice2013Common*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -2933,32 +2104,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2974,7 +2127,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 applications.
+This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 applications.
 Microsoft Office Suite 2013 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2013 applications.
 
 If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will continue to be backed up.
@@ -2984,16 +2137,10 @@ If you disable this policy setting, certain user settings which are common betwe
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Common 2013 backup only*
+-   GP Friendly name: *Common 2013 backup only*
 -   GP name: *MicrosoftOffice2013CommonBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -3006,32 +2153,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3047,7 +2176,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Excel 2013.
+This policy setting configures the synchronization of user settings for Microsoft Excel 2013.
 
 By default, the user settings of Microsoft Excel 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2013 from synchronization between computers.
 
@@ -3057,16 +2186,10 @@ If you disable this policy setting, Microsoft Excel 2013 user settings are exclu
 
 If you do not configure this policy setting, any defined values will be deleted.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Excel 2013*
+-   GP Friendly name: *Microsoft Excel 2013*
 -   GP name: *MicrosoftOffice2013Excel*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -3079,32 +2202,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3120,7 +2225,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Excel 2013. Microsoft Excel 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Excel 2013. Microsoft Excel 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2013 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Excel 2013 will continue to be backed up.
 
@@ -3128,16 +2233,11 @@ If you disable this policy setting, certain user settings of Microsoft Excel 201
 
 If you do not configure this policy setting, any defined values will be deleted.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Excel 2013 backup only*
+-   GP Friendly name: *Excel 2013 backup only*
 -   GP name: *MicrosoftOffice2013ExcelBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -3150,32 +2250,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3191,7 +2273,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft InfoPath 2013. By default, the user settings of Microsoft InfoPath 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft InfoPath 2013. By default, the user settings of Microsoft InfoPath 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2013 from synchronization between computers.
 
 If you enable this policy setting, Microsoft InfoPath 2013 user settings continue to synchronize.
 
@@ -3200,16 +2282,10 @@ If you disable this policy setting, Microsoft InfoPath 2013 user settings are ex
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft InfoPath 2013*
+-   GP Friendly name: *Microsoft InfoPath 2013*
 -   GP name: *MicrosoftOffice2013InfoPath*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -3222,32 +2298,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3263,7 +2321,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft InfoPath 2013. Microsoft InfoPath 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft InfoPath 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft InfoPath 2013. Microsoft InfoPath 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft InfoPath 2013 settings.
 
 If you enable this policy setting, certain user settings of Microsoft InfoPath 2013 will continue to be backed up.
 
@@ -3272,16 +2330,11 @@ If you disable this policy setting, certain user settings of Microsoft InfoPath
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *InfoPath 2013 backup only*
+-   GP Friendly name: *InfoPath 2013 backup only*
 -   GP name: *MicrosoftOffice2013InfoPathBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -3294,32 +2347,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3335,7 +2370,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Lync 2013. By default, the user settings of Microsoft Lync 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Lync 2013. By default, the user settings of Microsoft Lync 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2013 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Lync 2013 user settings continue to synchronize.
 
@@ -3343,16 +2378,11 @@ If you disable this policy setting, Microsoft Lync 2013 user settings are exclud
 
 If you do not configure this policy setting, any defined values will be deleted.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Lync 2013*
+-   GP Friendly name: *Microsoft Lync 2013*
 -   GP name: *MicrosoftOffice2013Lync*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -3365,32 +2395,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3406,7 +2418,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Lync 2013. Microsoft Lync 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Lync 2013. Microsoft Lync 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2013 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Lync 2013 will continue to be backed up.
 
@@ -3415,16 +2427,11 @@ If you disable this policy setting, certain user settings of Microsoft Lync 2013
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Lync 2013 backup only*
+-   GP Friendly name: *Lync 2013 backup only*
 -   GP name: *MicrosoftOffice2013LyncBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -3437,32 +2444,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3478,7 +2467,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for OneDrive for Business 2013. By default, the user settings of OneDrive for Business 2013 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for OneDrive for Business 2013. By default, the user settings of OneDrive for Business 2013 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2013 from synchronization between computers.
 
 If you enable this policy setting, OneDrive for Business 2013 user settings continue to synchronize.
 
@@ -3487,16 +2476,11 @@ If you disable this policy setting, OneDrive for Business 2013 user settings are
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft OneDrive for Business 2013*
+-   GP Friendly name: *Microsoft OneDrive for Business 2013*
 -   GP name: *MicrosoftOffice2013OneDriveForBusiness*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -3509,32 +2493,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3550,7 +2516,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft OneNote 2013. By default, the user settings of Microsoft OneNote 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft OneNote 2013. By default, the user settings of Microsoft OneNote 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2013 from synchronization between computers.
 
 If you enable this policy setting, Microsoft OneNote 2013 user settings continue to synchronize.
 
@@ -3559,16 +2525,11 @@ If you disable this policy setting, Microsoft OneNote 2013 user settings are exc
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft OneNote 2013*
+-   GP Friendly name: *Microsoft OneNote 2013*
 -   GP name: *MicrosoftOffice2013OneNote*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -3581,32 +2542,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3622,7 +2565,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft OneNote 2013. Microsoft OneNote 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft OneNote 2013. Microsoft OneNote 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2013 settings.
 
 If you enable this policy setting, certain user settings of Microsoft OneNote 2013 will continue to be backed up.
 
@@ -3631,16 +2574,11 @@ If you disable this policy setting, certain user settings of Microsoft OneNote 2
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *OneNote 2013 backup only*
+-   GP Friendly name: *OneNote 2013 backup only*
 -   GP name: *MicrosoftOffice2013OneNoteBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -3653,32 +2591,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3694,7 +2614,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Outlook 2013. By default, the user settings of Microsoft Outlook 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Outlook 2013. By default, the user settings of Microsoft Outlook 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2013 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Outlook 2013 user settings continue to synchronize.
 
@@ -3702,16 +2622,11 @@ If you disable this policy setting, Microsoft Outlook 2013 user settings are exc
 
 If you do not configure this policy setting, any defined values will be deleted.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Outlook 2013*
+-   GP Friendly name: *Microsoft Outlook 2013*
 -   GP name: *MicrosoftOffice2013Outlook*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -3724,32 +2639,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3765,7 +2662,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Outlook 2013. Microsoft Outlook 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Outlook 2013. Microsoft Outlook 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2013 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Outlook 2013 will continue to be backed up.
 
@@ -3774,16 +2671,11 @@ If you disable this policy setting, certain user settings of Microsoft Outlook 2
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Outlook 2013 backup only*
+-   GP Friendly name: *Outlook 2013 backup only*
 -   GP name: *MicrosoftOffice2013OutlookBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -3796,32 +2688,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3837,7 +2711,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2013. By default, the user settings of Microsoft PowerPoint 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2013. By default, the user settings of Microsoft PowerPoint 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2013 from synchronization between computers.
 
 If you enable this policy setting, Microsoft PowerPoint 2013 user settings continue to synchronize.
 
@@ -3846,16 +2720,11 @@ If you disable this policy setting, Microsoft PowerPoint 2013 user settings are
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft PowerPoint 2013*
+-   GP Friendly name: *Microsoft PowerPoint 2013*
 -   GP name: *MicrosoftOffice2013PowerPoint*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -3868,32 +2737,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3909,7 +2760,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2013. Microsoft PowerPoint 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2013. Microsoft PowerPoint 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2013 settings.
 
 If you enable this policy setting, certain user settings of Microsoft PowerPoint 2013 will continue to be backed up.
 
@@ -3918,16 +2769,11 @@ If you disable this policy setting, certain user settings of Microsoft PowerPoin
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *PowerPoint 2013 backup only*
+-   GP Friendly name: *PowerPoint 2013 backup only*
 -   GP name: *MicrosoftOffice2013PowerPointBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -3940,32 +2786,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3981,7 +2809,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Project 2013. By default, the user settings of Microsoft Project 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Project 2013. By default, the user settings of Microsoft Project 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2013 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Project 2013 user settings continue to synchronize.
 
@@ -3989,16 +2817,11 @@ If you disable this policy setting, Microsoft Project 2013 user settings are exc
 
 If you do not configure this policy setting, any defined values will be deleted.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Project 2013*
+-   GP Friendly name: *Microsoft Project 2013*
 -   GP name: *MicrosoftOffice2013Project*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -4011,32 +2834,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4052,7 +2857,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Project 2013. Microsoft Project 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Project 2013. Microsoft Project 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2013 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Project 2013 will continue to be backed up.
 
@@ -4061,16 +2866,10 @@ If you disable this policy setting, certain user settings of Microsoft Project 2
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Project 2013 backup only*
+-   GP Friendly name: *Project 2013 backup only*
 -   GP name: *MicrosoftOffice2013ProjectBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -4083,32 +2882,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4124,7 +2905,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Publisher 2013. By default, the user settings of Microsoft Publisher 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Publisher 2013. By default, the user settings of Microsoft Publisher 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2013 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Publisher 2013 user settings continue to synchronize.
 
@@ -4133,16 +2914,11 @@ If you disable this policy setting, Microsoft Publisher 2013 user settings are e
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Publisher 2013*
+-   GP Friendly name: *Microsoft Publisher 2013*
 -   GP name: *MicrosoftOffice2013Publisher*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -4155,32 +2931,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4196,7 +2954,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Publisher 2013. Microsoft Publisher 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Publisher 2013. Microsoft Publisher 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2013 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Publisher 2013 will continue to be backed up.
 
@@ -4205,16 +2963,11 @@ If you disable this policy setting, certain user settings of Microsoft Publisher
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Publisher 2013 backup only*
+-   GP Friendly name: *Publisher 2013 backup only*
 -   GP name: *MicrosoftOffice2013PublisherBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -4227,32 +2980,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4268,7 +3003,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2013. By default, the user settings of Microsoft SharePoint Designer 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2013. By default, the user settings of Microsoft SharePoint Designer 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2013 from synchronization between computers.
 
 If you enable this policy setting, Microsoft SharePoint Designer 2013 user settings continue to synchronize.
 
@@ -4277,16 +3012,11 @@ If you disable this policy setting, Microsoft SharePoint Designer 2013 user sett
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft SharePoint Designer 2013*
+-   GP Friendly name: *Microsoft SharePoint Designer 2013*
 -   GP name: *MicrosoftOffice2013SharePointDesigner*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -4295,35 +3025,18 @@ ADMX Info:
 
 
                  
 
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesignerBackup**  
+
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesignerBackup**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4339,7 +3052,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft SharePoint Designer 2013. Microsoft SharePoint Designer 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft SharePoint Designer 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft SharePoint Designer 2013. Microsoft SharePoint Designer 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft SharePoint Designer 2013 settings.
 
 If you enable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will continue to be backed up.
 
@@ -4348,16 +3061,11 @@ If you disable this policy setting, certain user settings of Microsoft SharePoin
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *SharePoint Designer 2013 backup only*
+-   GP Friendly name: *SharePoint Designer 2013 backup only*
 -   GP name: *MicrosoftOffice2013SharePointDesignerBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -4366,35 +3074,18 @@ ADMX Info:
 
 
                  
 
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013UploadCenter**  
+
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013UploadCenter**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4410,7 +3101,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 2013 Upload Center. By default, the user settings of Microsoft Office 2013 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2013 Upload Center from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Office 2013 Upload Center. By default, the user settings of Microsoft Office 2013 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2013 Upload Center from synchronization between computers.
 
 If you enable this policy setting, Microsoft Office 2013 Upload Center user settings continue to synchronize.
 
@@ -4419,16 +3110,10 @@ If you disable this policy setting, Microsoft Office 2013 Upload Center user set
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 2013 Upload Center*
+-   GP Friendly name: *Microsoft Office 2013 Upload Center*
 -   GP name: *MicrosoftOffice2013UploadCenter*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -4441,32 +3126,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4482,7 +3149,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Visio 2013. By default, the user settings of Microsoft Visio 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Visio 2013. By default, the user settings of Microsoft Visio 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2013 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Visio 2013 user settings continue to synchronize.
 
@@ -4491,16 +3158,11 @@ If you disable this policy setting, Microsoft Visio 2013 user settings are exclu
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Visio 2013*
+-   GP Friendly name: *Microsoft Visio 2013*
 -   GP name: *MicrosoftOffice2013Visio*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -4513,32 +3175,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4554,7 +3198,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Visio 2013. Microsoft Visio 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Visio 2013. Microsoft Visio 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2013 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Visio 2013 will continue to be backed up.
 
@@ -4563,16 +3207,11 @@ If you disable this policy setting, certain user settings of Microsoft Visio 201
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Visio 2013 backup only*
+-   GP Friendly name: *Visio 2013 backup only*
 -   GP name: *MicrosoftOffice2013VisioBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -4585,32 +3224,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4626,7 +3247,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Word 2013. By default, the user settings of Microsoft Word 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2013 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Word 2013. By default, the user settings of Microsoft Word 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2013 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Word 2013 user settings continue to synchronize.
 
@@ -4635,16 +3256,10 @@ If you disable this policy setting, Microsoft Word 2013 user settings are exclud
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Word 2013*
+-   GP Friendly name: *Microsoft Word 2013*
 -   GP name: *MicrosoftOffice2013Word*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -4657,32 +3272,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4698,7 +3295,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Word 2013. Microsoft Word 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2013 settings.
+This policy setting configures the backup of certain user settings for Microsoft Word 2013. Microsoft Word 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2013 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Word 2013 will continue to be backed up.
 
@@ -4707,16 +3304,10 @@ If you disable this policy setting, certain user settings of Microsoft Word 2013
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Word 2013 backup only*
+-   GP Friendly name: *Word 2013 backup only*
 -   GP name: *MicrosoftOffice2013WordBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -4729,32 +3320,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4770,7 +3343,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Access 2016. By default, the user settings of Microsoft Access 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Access 2016. By default, the user settings of Microsoft Access 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2016 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Access 2016 user settings continue to synchronize.
 
@@ -4779,16 +3352,10 @@ If you disable this policy setting, Microsoft Access 2016 user settings are excl
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Access 2016*
+-   GP Friendly name: *Microsoft Access 2016*
 -   GP name: *MicrosoftOffice2016Access*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -4801,32 +3368,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4842,7 +3391,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Access 2016. Microsoft Access 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Access 2016. Microsoft Access 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2016 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Access 2016 will continue to be backed up.
 
@@ -4851,16 +3400,11 @@ If you disable this policy setting, certain user settings of Microsoft Access 20
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Access 2016 backup only*
+-   GP Friendly name: *Access 2016 backup only*
 -   GP name: *MicrosoftOffice2016AccessBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -4873,32 +3417,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4914,7 +3440,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. By default, the user settings which are common between the Microsoft Office Suite 2016 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers.
+This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. By default, the user settings which are common between the Microsoft Office Suite 2016 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers.
 
 If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2016 applications continue to synchronize.
 
@@ -4923,16 +3449,11 @@ If you disable this policy setting, the user settings which are common between t
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 2016 Common Settings*
+-   GP Friendly name: *Microsoft Office 2016 Common Settings*
 -   GP name: *MicrosoftOffice2016Common*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -4945,32 +3466,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4986,7 +3489,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2016 applications.
+This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2016 applications.
 Microsoft Office Suite 2016 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2016 applications.
 
 If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will continue to be backed up.
@@ -4996,16 +3499,11 @@ If you disable this policy setting, certain user settings which are common betwe
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Common 2016 backup only*
+-   GP Friendly name: *Common 2016 backup only*
 -   GP name: *MicrosoftOffice2016CommonBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -5018,32 +3516,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5059,7 +3539,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Excel 2016. By default, the user settings of Microsoft Excel 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Excel 2016. By default, the user settings of Microsoft Excel 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2016 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Excel 2016 user settings continue to synchronize.
 
@@ -5068,16 +3548,11 @@ If you disable this policy setting, Microsoft Excel 2016 user settings are exclu
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Excel 2016*
+-   GP Friendly name: *Microsoft Excel 2016*
 -   GP name: *MicrosoftOffice2016Excel*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -5090,32 +3565,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5131,7 +3588,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Excel 2016. Microsoft Excel 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Excel 2016. Microsoft Excel 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2016 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Excel 2016 will continue to be backed up.
 
@@ -5140,16 +3597,11 @@ If you disable this policy setting, certain user settings of Microsoft Excel 201
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Excel 2016 backup only*
+-   GP Friendly name: *Excel 2016 backup only*
 -   GP name: *MicrosoftOffice2016ExcelBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -5162,32 +3614,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5203,7 +3637,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Lync 2016. By default, the user settings of Microsoft Lync 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Lync 2016. By default, the user settings of Microsoft Lync 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2016 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Lync 2016 user settings continue to synchronize.
 
@@ -5212,16 +3646,11 @@ If you disable this policy setting, Microsoft Lync 2016 user settings are exclud
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Lync 2016*
+-   GP Friendly name: *Microsoft Lync 2016*
 -   GP name: *MicrosoftOffice2016Lync*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -5234,32 +3663,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5275,7 +3686,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Lync 2016. Microsoft Lync 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Lync 2016. Microsoft Lync 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2016 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Lync 2016 will continue to be backed up.
 
@@ -5284,16 +3695,11 @@ If you disable this policy setting, certain user settings of Microsoft Lync 2016
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Lync 2016 backup only*
+-   GP Friendly name: *Lync 2016 backup only*
 -   GP name: *MicrosoftOffice2016LyncBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -5306,32 +3712,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5347,7 +3735,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for OneDrive for Business 2016. By default, the user settings of OneDrive for Business 2016 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for OneDrive for Business 2016. By default, the user settings of OneDrive for Business 2016 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2016 from synchronization between computers.
 
 If you enable this policy setting, OneDrive for Business 2016 user settings continue to synchronize.
 
@@ -5356,16 +3744,11 @@ If you disable this policy setting, OneDrive for Business 2016 user settings are
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft OneDrive for Business 2016*
+-   GP Friendly name: *Microsoft OneDrive for Business 2016*
 -   GP name: *MicrosoftOffice2016OneDriveForBusiness*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -5378,32 +3761,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5419,7 +3784,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft OneNote 2016. By default, the user settings of Microsoft OneNote 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft OneNote 2016. By default, the user settings of Microsoft OneNote 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2016 from synchronization between computers.
 
 If you enable this policy setting, Microsoft OneNote 2016 user settings continue to synchronize.
 
@@ -5428,16 +3793,10 @@ If you disable this policy setting, Microsoft OneNote 2016 user settings are exc
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft OneNote 2016*
+-   GP Friendly name: *Microsoft OneNote 2016*
 -   GP name: *MicrosoftOffice2016OneNote*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -5450,32 +3809,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5491,7 +3832,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft OneNote 2016. Microsoft OneNote 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft OneNote 2016. Microsoft OneNote 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2016 settings.
 
 If you enable this policy setting, certain user settings of Microsoft OneNote 2016 will continue to be backed up.
 
@@ -5500,16 +3841,11 @@ If you disable this policy setting, certain user settings of Microsoft OneNote 2
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *OneNote 2016 backup only*
+-   GP Friendly name: *OneNote 2016 backup only*
 -   GP name: *MicrosoftOffice2016OneNoteBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -5522,32 +3858,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5563,7 +3881,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Outlook 2016. By default, the user settings of Microsoft Outlook 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Outlook 2016. By default, the user settings of Microsoft Outlook 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2016 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Outlook 2016 user settings continue to synchronize.
 
@@ -5572,16 +3890,10 @@ If you disable this policy setting, Microsoft Outlook 2016 user settings are exc
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Outlook 2016*
+-   GP Friendly name: *Microsoft Outlook 2016*
 -   GP name: *MicrosoftOffice2016Outlook*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -5594,32 +3906,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5635,7 +3929,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Outlook 2016. Microsoft Outlook 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Outlook 2016. Microsoft Outlook 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2016 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Outlook 2016 will continue to be backed up.
 
@@ -5644,16 +3938,11 @@ If you disable this policy setting, certain user settings of Microsoft Outlook 2
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Outlook 2016 backup only*
+-   GP Friendly name: *Outlook 2016 backup only*
 -   GP name: *MicrosoftOffice2016OutlookBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -5666,32 +3955,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5707,7 +3978,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2016. By default, the user settings of Microsoft PowerPoint 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2016. By default, the user settings of Microsoft PowerPoint 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2016 from synchronization between computers.
 
 If you enable this policy setting, Microsoft PowerPoint 2016 user settings continue to synchronize.
 
@@ -5716,16 +3987,10 @@ If you disable this policy setting, Microsoft PowerPoint 2016 user settings are
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft PowerPoint 2016*
+-   GP Friendly name: *Microsoft PowerPoint 2016*
 -   GP name: *MicrosoftOffice2016PowerPoint*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -5738,32 +4003,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5779,7 +4026,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2016. Microsoft PowerPoint 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2016. Microsoft PowerPoint 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2016 settings.
 
 If you enable this policy setting, certain user settings of Microsoft PowerPoint 2016 will continue to be backed up.
 
@@ -5788,16 +4035,10 @@ If you disable this policy setting, certain user settings of Microsoft PowerPoin
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *PowerPoint 2016 backup only*
+-   GP Friendly name: *PowerPoint 2016 backup only*
 -   GP name: *MicrosoftOffice2016PowerPointBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -5810,32 +4051,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5851,7 +4074,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Project 2016.
+This policy setting configures the synchronization of user settings for Microsoft Project 2016.
 By default, the user settings of Microsoft Project 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2016 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Project 2016 user settings continue to synchronize.
@@ -5861,16 +4084,11 @@ If you disable this policy setting, Microsoft Project 2016 user settings are exc
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Project 2016*
+-   GP Friendly name: *Microsoft Project 2016*
 -   GP name: *MicrosoftOffice2016Project*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -5883,32 +4101,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5924,7 +4124,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Project 2016. Microsoft Project 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Project 2016. Microsoft Project 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2016 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Project 2016 will continue to be backed up.
 
@@ -5932,16 +4132,11 @@ If you disable this policy setting, certain user settings of Microsoft Project 2
 
 If you do not configure this policy setting, any defined values will be deleted.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Project 2016 backup only*
+-   GP Friendly name: *Project 2016 backup only*
 -   GP name: *MicrosoftOffice2016ProjectBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -5954,32 +4149,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5995,7 +4172,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Publisher 2016. By default, the user settings of Microsoft Publisher 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Publisher 2016. By default, the user settings of Microsoft Publisher 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2016 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Publisher 2016 user settings continue to synchronize.
 
@@ -6004,16 +4181,11 @@ If you disable this policy setting, Microsoft Publisher 2016 user settings are e
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Publisher 2016*
+-   GP Friendly name: *Microsoft Publisher 2016*
 -   GP name: *MicrosoftOffice2016Publisher*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -6026,32 +4198,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6067,7 +4221,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Publisher 2016. Microsoft Publisher 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Publisher 2016. Microsoft Publisher 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2016 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Publisher 2016 will continue to be backed up.
 
@@ -6076,16 +4230,11 @@ If you disable this policy setting, certain user settings of Microsoft Publisher
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Publisher 2016 backup only*
+-   GP Friendly name: *Publisher 2016 backup only*
 -   GP name: *MicrosoftOffice2016PublisherBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -6094,35 +4243,18 @@ ADMX Info:
 
 
                  
 
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016UploadCenter**  
+
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016UploadCenter**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6138,7 +4270,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 2016 Upload Center. By default, the user settings of Microsoft Office 2016 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2016 Upload Center from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Office 2016 Upload Center. By default, the user settings of Microsoft Office 2016 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2016 Upload Center from synchronization between computers.
 
 If you enable this policy setting, Microsoft Office 2016 Upload Center user settings continue to synchronize.
 
@@ -6147,16 +4279,11 @@ If you disable this policy setting, Microsoft Office 2016 Upload Center user set
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 2016 Upload Center*
+-   GP Friendly name: *Microsoft Office 2016 Upload Center*
 -   GP name: *MicrosoftOffice2016UploadCenter*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -6169,32 +4296,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6210,7 +4319,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Visio 2016. By default, the user settings of Microsoft Visio 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Visio 2016. By default, the user settings of Microsoft Visio 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2016 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Visio 2016 user settings continue to synchronize.
 
@@ -6219,16 +4328,10 @@ If you disable this policy setting, Microsoft Visio 2016 user settings are exclu
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Visio 2016*
+-   GP Friendly name: *Microsoft Visio 2016*
 -   GP name: *MicrosoftOffice2016Visio*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -6241,32 +4344,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6282,7 +4367,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Visio 2016. Microsoft Visio 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Visio 2016. Microsoft Visio 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2016 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Visio 2016 will continue to be backed up.
 
@@ -6291,16 +4376,11 @@ If you disable this policy setting, certain user settings of Microsoft Visio 201
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Visio 2016 backup only*
+-   GP Friendly name: *Visio 2016 backup only*
 -   GP name: *MicrosoftOffice2016VisioBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -6313,32 +4393,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6354,7 +4416,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Word 2016. By default, the user settings of Microsoft Word 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2016 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Word 2016. By default, the user settings of Microsoft Word 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2016 from synchronization between computers.
 
 If you enable this policy setting, Microsoft Word 2016 user settings continue to synchronize.
 
@@ -6363,16 +4425,10 @@ If you disable this policy setting, Microsoft Word 2016 user settings are exclud
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Word 2016*
+-   GP Friendly name: *Microsoft Word 2016*
 -   GP name: *MicrosoftOffice2016Word*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -6385,32 +4441,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6426,7 +4464,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Word 2016. Microsoft Word 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2016 settings.
+This policy setting configures the backup of certain user settings for Microsoft Word 2016. Microsoft Word 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2016 settings.
 
 If you enable this policy setting, certain user settings of Microsoft Word 2016 will continue to be backed up.
 
@@ -6435,16 +4473,11 @@ If you disable this policy setting, certain user settings of Microsoft Word 2016
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Word 2016 backup only*
+-   GP Friendly name: *Word 2016 backup only*
 -   GP name: *MicrosoftOffice2016WordBackup*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -6457,32 +4490,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6498,7 +4513,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2013 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Access 2013 user settings continue to sync with UE-V.
 
@@ -6507,16 +4522,11 @@ If you disable this policy setting, Microsoft Office 365 Access 2013 user settin
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Access 2013*
+-   GP Friendly name: *Microsoft Office 365 Access 2013*
 -   GP name: *MicrosoftOffice365Access2013*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -6529,32 +4539,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6570,7 +4562,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2016 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Access 2016 user settings continue to sync with UE-V.
 
@@ -6579,16 +4571,11 @@ If you disable this policy setting, Microsoft Office 365 Access 2016 user settin
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Access 2016*
+-   GP Friendly name: *Microsoft Office 365 Access 2016*
 -   GP name: *MicrosoftOffice365Access2016*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -6601,32 +4588,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6642,7 +4611,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2013 applications will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2013 applications will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers with UE-V.
 
 If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications continue to synchronize with UE-V.
 
@@ -6651,16 +4620,11 @@ If you disable this policy setting, user settings which are common between the M
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Common 2013*
+-   GP Friendly name: *Microsoft Office 365 Common 2013*
 -   GP name: *MicrosoftOffice365Common2013*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -6669,35 +4633,18 @@ ADMX Info:
 
 
                  
 
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2016**  
+
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2016**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6713,7 +4660,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2016 applications will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2016 applications will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers with UE-V.
 
 If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications continue to synchronize with UE-V.
 
@@ -6722,16 +4669,11 @@ If you disable this policy setting, user settings which are common between the M
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Common 2016*
+-   GP Friendly name: *Microsoft Office 365 Common 2016*
 -   GP name: *MicrosoftOffice365Common2016*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -6744,32 +4686,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6785,7 +4709,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2013 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Excel 2013 user settings continue to sync with UE-V.
 
@@ -6794,16 +4718,11 @@ If you disable this policy setting, Microsoft Office 365 Excel 2013 user setting
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Excel 2013*
+-   GP Friendly name: *Microsoft Office 365 Excel 2013*
 -   GP name: *MicrosoftOffice365Excel2013*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -6816,32 +4735,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6857,7 +4758,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2016 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Excel 2016 user settings continue to sync with UE-V.
 
@@ -6866,16 +4767,11 @@ If you disable this policy setting, Microsoft Office 365 Excel 2016 user setting
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Excel 2016*
+-   GP Friendly name: *Microsoft Office 365 Excel 2016*
 -   GP name: *MicrosoftOffice365Excel2016*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -6888,32 +4784,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6929,7 +4807,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 InfoPath 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 InfoPath 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 InfoPath 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 InfoPath 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 InfoPath 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 InfoPath 2013 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 InfoPath 2013 user settings continue to sync with UE-V.
 
@@ -6937,16 +4815,11 @@ If you disable this policy setting, Microsoft Office 365 InfoPath 2013 user sett
 
 If you do not configure this policy setting, any defined values will be deleted.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 InfoPath 2013*
+-   GP Friendly name: *Microsoft Office 365 InfoPath 2013*
 -   GP name: *MicrosoftOffice365InfoPath2013*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -6959,32 +4832,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7000,7 +4855,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2013 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Lync 2013 user settings continue to sync with UE-V.
 
@@ -7009,16 +4864,11 @@ If you disable this policy setting, Microsoft Office 365 Lync 2013 user settings
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Lync 2013*
+-   GP Friendly name: *Microsoft Office 365 Lync 2013*
 -   GP name: *MicrosoftOffice365Lync2013*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -7031,32 +4881,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7072,7 +4904,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2016 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Lync 2016 user settings continue to sync with UE-V.
 
@@ -7081,16 +4913,11 @@ If you disable this policy setting, Microsoft Office 365 Lync 2016 user settings
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Lync 2016*
+-   GP Friendly name: *Microsoft Office 365 Lync 2016*
 -   GP name: *MicrosoftOffice365Lync2016*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -7103,32 +4930,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7144,7 +4953,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2013 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 OneNote 2013 user settings continue to sync with UE-V.
 
@@ -7153,16 +4962,11 @@ If you disable this policy setting, Microsoft Office 365 OneNote 2013 user setti
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 OneNote 2013*
+-   GP Friendly name: *Microsoft Office 365 OneNote 2013*
 -   GP name: *MicrosoftOffice365OneNote2013*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -7175,32 +4979,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7216,7 +5002,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2016 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 OneNote 2016 user settings continue to sync with UE-V.
 
@@ -7225,16 +5011,11 @@ If you disable this policy setting, Microsoft Office 365 OneNote 2016 user setti
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 OneNote 2016*
+-   GP Friendly name: *Microsoft Office 365 OneNote 2016*
 -   GP name: *MicrosoftOffice365OneNote2016*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -7247,32 +5028,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7288,7 +5051,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2013 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Outlook 2013 user settings continue to sync with UE-V.
 
@@ -7297,16 +5060,11 @@ If you disable this policy setting, Microsoft Office 365 Outlook 2013 user setti
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Outlook 2013*
+-   GP Friendly name: *Microsoft Office 365 Outlook 2013*
 -   GP name: *MicrosoftOffice365Outlook2013*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -7319,32 +5077,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7360,7 +5100,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2016 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Outlook 2016 user settings continue to sync with UE-V.
 
@@ -7369,16 +5109,11 @@ If you disable this policy setting, Microsoft Office 365 Outlook 2016 user setti
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Outlook 2016*
+-   GP Friendly name: *Microsoft Office 365 Outlook 2016*
 -   GP name: *MicrosoftOffice365Outlook2016*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -7391,32 +5126,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7432,7 +5149,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2013 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings continue to sync with UE-V.
 
@@ -7441,16 +5158,11 @@ If you disable this policy setting, Microsoft Office 365 PowerPoint 2013 user se
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 PowerPoint 2013*
+-   GP Friendly name: *Microsoft Office 365 PowerPoint 2013*
 -   GP name: *MicrosoftOffice365PowerPoint2013*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -7463,32 +5175,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7504,7 +5198,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2016 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings continue to sync with UE-V.
 
@@ -7513,16 +5207,11 @@ If you disable this policy setting, Microsoft Office 365 PowerPoint 2016 user se
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 PowerPoint 2016*
+-   GP Friendly name: *Microsoft Office 365 PowerPoint 2016*
 -   GP name: *MicrosoftOffice365PowerPoint2016*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -7535,32 +5224,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7576,7 +5247,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2013 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Project 2013 user settings continue to sync with UE-V.
 
@@ -7585,16 +5256,11 @@ If you disable this policy setting, Microsoft Office 365 Project 2013 user setti
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Project 2013*
+-   GP Friendly name: *Microsoft Office 365 Project 2013*
 -   GP name: *MicrosoftOffice365Project2013*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -7603,35 +5269,18 @@ ADMX Info:
 
 
                  
 
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2016**  
+
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2016**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7647,7 +5296,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2016 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Project 2016 user settings continue to sync with UE-V.
 
@@ -7656,16 +5305,11 @@ If you disable this policy setting, Microsoft Office 365 Project 2016 user setti
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Project 2016*
+-   GP Friendly name: *Microsoft Office 365 Project 2016*
 -   GP name: *MicrosoftOffice365Project2016*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -7678,32 +5322,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7719,7 +5345,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2013 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Publisher 2013 user settings continue to sync with UE-V.
 
@@ -7728,16 +5354,11 @@ If you disable this policy setting, Microsoft Office 365 Publisher 2013 user set
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Publisher 2013*
+-   GP Friendly name: *Microsoft Office 365 Publisher 2013*
 -   GP name: *MicrosoftOffice365Publisher2013*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -7750,32 +5371,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7791,7 +5394,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2016 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Publisher 2016 user settings continue to sync with UE-V.
 
@@ -7800,16 +5403,10 @@ If you disable this policy setting, Microsoft Office 365 Publisher 2016 user set
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Publisher 2016*
+-   GP Friendly name: *Microsoft Office 365 Publisher 2016*
 -   GP name: *MicrosoftOffice365Publisher2016*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -7822,32 +5419,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7863,7 +5442,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 SharePoint Designer 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 SharePoint Designer 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 SharePoint Designer 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 SharePoint Designer 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 SharePoint Designer 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 SharePoint Designer 2013 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings continue to sync with UE-V.
 
@@ -7872,16 +5451,11 @@ If you disable this policy setting, Microsoft Office 365 SharePoint Designer 201
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 SharePoint Designer 2013*
+-   GP Friendly name: *Microsoft Office 365 SharePoint Designer 2013*
 -   GP name: *MicrosoftOffice365SharePointDesigner2013*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -7894,32 +5468,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7935,7 +5491,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2013 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Visio 2013 user settings continue to sync with UE-V.
 
@@ -7944,16 +5500,10 @@ If you disable this policy setting, Microsoft Office 365 Visio 2013 user setting
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Visio 2013*
+-   GP Friendly name: *Microsoft Office 365 Visio 2013*
 -   GP name: *MicrosoftOffice365Visio2013*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -7966,32 +5516,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8007,7 +5539,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2016 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Visio 2016 user settings continue to sync with UE-V.
 
@@ -8016,16 +5548,11 @@ If you disable this policy setting, Microsoft Office 365 Visio 2016 user setting
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Visio 2016*
+-   GP Friendly name: *Microsoft Office 365 Visio 2016*
 -   GP name: *MicrosoftOffice365Visio2016*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -8038,32 +5565,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8079,7 +5588,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2013 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2013 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Word 2013 user settings continue to sync with UE-V.
 
@@ -8088,16 +5597,11 @@ If you disable this policy setting, Microsoft Office 365 Word 2013 user settings
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Word 2013*
+-   GP Friendly name: *Microsoft Office 365 Word 2013*
 -   GP name: *MicrosoftOffice365Word2013*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -8110,32 +5614,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8151,7 +5637,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2016 from synchronization between computers with UE-V.
+This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2016 from synchronization between computers with UE-V.
 
 If you enable this policy setting, Microsoft Office 365 Word 2016 user settings continue to sync with UE-V.
 
@@ -8160,16 +5646,11 @@ If you disable this policy setting, Microsoft Office 365 Word 2016 user settings
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Microsoft Office 365 Word 2016*
+-   GP Friendly name: *Microsoft Office 365 Word 2016*
 -   GP name: *MicrosoftOffice365Word2016*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -8182,32 +5663,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/Music**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8223,7 +5686,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Music app. By default, the user settings of Music sync between computers. Use the policy setting to prevent the user settings of Music from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Music app. By default, the user settings of Music sync between computers. Use the policy setting to prevent the user settings of Music from synchronizing between computers.
 
 If you enable this policy setting, Music user settings continue to sync.
 
@@ -8231,16 +5694,11 @@ If you disable this policy setting, Music user settings are excluded from the sy
 
 If you do not configure this policy setting, any defined values will be deleted.
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Music*
+-   GP Friendly name: *Music*
 -   GP name: *Music*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -8253,32 +5711,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/News**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8294,7 +5734,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the News app. By default, the user settings of News sync between computers. Use the policy setting to prevent the user settings of News from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the News app. By default, the user settings of News sync between computers. Use the policy setting to prevent the user settings of News from synchronizing between computers.
 
 If you enable this policy setting, News user settings continue to sync.
 
@@ -8303,16 +5743,11 @@ If you disable this policy setting, News user settings are excluded from synchro
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *News*
+-   GP Friendly name: *News*
 -   GP name: *News*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -8325,32 +5760,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/Notepad**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8366,7 +5783,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings of Notepad. By default, the user settings of Notepad synchronize between computers. Use the policy setting to prevent the user settings of Notepad from synchronization between computers.
+This policy setting configures the synchronization of user settings of Notepad. By default, the user settings of Notepad synchronize between computers. Use the policy setting to prevent the user settings of Notepad from synchronization between computers.
 
 If you enable this policy setting, the Notepad user settings continue to synchronize. 
 
@@ -8375,16 +5792,11 @@ If you disable this policy setting, Notepad user settings are excluded from the
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Notepad*
+-   GP Friendly name: *Notepad*
 -   GP name: *Notepad*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -8397,32 +5809,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/Reader**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8438,7 +5832,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Reader app. By default, the user settings of Reader sync between computers. Use the policy setting to prevent the user settings of Reader from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Reader app. By default, the user settings of Reader sync between computers. Use the policy setting to prevent the user settings of Reader from synchronizing between computers.
 
 If you enable this policy setting, Reader user settings continue to sync.
 
@@ -8448,16 +5842,11 @@ If you do not configure this policy setting, any defined values will be deleted.
       
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Reader*
+-   GP Friendly name: *Reader*
 -   GP name: *Reader*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -8470,32 +5859,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/RepositoryTimeout**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8511,23 +5882,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settings storage location. You can use this setting to override the default value of 2000 milliseconds. 
+This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settings storage location. You can use this setting to override the default value of 2000 milliseconds. 
 
 If you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings. 
 
 If you disable or do not configure this policy setting, the default value of 2000 milliseconds is used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Synchronization timeout*
+-   GP Friendly name: *Synchronization timeout*
 -   GP name: *RepositoryTimeout*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -8540,32 +5906,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/SettingsStoragePath**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8581,23 +5929,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures where the settings package files that contain user settings are stored.
+This policy setting configures where the settings package files that contain user settings are stored.
 
 If you enable this policy setting, the user settings are stored in the specified location. 
 
 If you disable or do not configure this policy setting, the user settings are stored in the user’s home directory if configured for your environment. 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Settings storage path*
+-   GP Friendly name: *Settings storage path*
 -   GP name: *SettingsStoragePath*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -8610,32 +5953,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8651,7 +5976,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures where custom settings location templates are stored and if the catalog will be used to replace the default Microsoft templates installed with the UE-V Agent.
+This policy setting configures where custom settings location templates are stored and if the catalog will be used to replace the default Microsoft templates installed with the UE-V Agent.
 
 If you enable this policy setting, the UE-V Agent checks the specified location once each day and updates its synchronization behavior based on the templates in this location. Settings location templates added or updated since the last check are registered by the UE-V Agent. The UE-V Agent deregisters templates that were removed from this location.
 
@@ -8664,16 +5989,11 @@ If you disable this policy setting, the UE-V Agent will not use the custom setti
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Settings template catalog path*
+-   GP Friendly name: *Settings template catalog path*
 -   GP name: *SettingsTemplateCatalogPath*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -8686,32 +6006,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/Sports**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8727,7 +6029,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Sports app. By default, the user settings of Sports sync between computers. Use the policy setting to prevent the user settings of Sports from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Sports app. By default, the user settings of Sports sync between computers. Use the policy setting to prevent the user settings of Sports from synchronizing between computers.
 
 If you enable this policy setting, Sports user settings continue to sync.
 
@@ -8736,16 +6038,11 @@ If you disable this policy setting, Sports user settings are excluded from synch
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Sports*
+-   GP Friendly name: *Sports*
 -   GP name: *Sports*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -8758,32 +6055,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/SyncEnabled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8799,19 +6078,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable or disable User Experience Virtualization (UE-V). Only applies to Windows 10 or earlier.
+This policy setting allows you to enable or disable User Experience Virtualization (UE-V). Only applies to Windows 10 or earlier.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Use User Experience Virtualization (UE-V)*
+-   GP Friendly name: *Use User Experience Virtualization (UE-V)*
 -   GP name: *SyncEnabled*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -8820,35 +6094,18 @@ ADMX Info:
 
 
                  
 
-**ADMX_UserExperienceVirtualization/SyncOverMeteredNetwork**  
+
+**ADMX_UserExperienceVirtualization/SyncOverMeteredNetwork**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8864,7 +6121,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections. By default, the UE-V Agent does not synchronize settings over a metered connection.
+This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections. By default, the UE-V Agent does not synchronize settings over a metered connection.
 
 With this setting enabled, the UE-V Agent synchronizes settings over a metered connection.
 
@@ -8873,16 +6130,11 @@ With this setting disabled, the UE-V Agent does not synchronize settings over a
 If you do not configure this policy setting, any defined values are deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Sync settings over metered connections*
+-   GP Friendly name: *Sync settings over metered connections*
 -   GP name: *SyncOverMeteredNetwork*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -8895,32 +6147,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8936,7 +6170,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection. By default, the UE-V Agent does not synchronize settings over a metered connection that is roaming.
+This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection. By default, the UE-V Agent does not synchronize settings over a metered connection that is roaming.
 
 With this setting enabled, the UE-V Agent synchronizes settings over a metered connection that is roaming.
 
@@ -8945,16 +6179,11 @@ With this setting disabled, the UE-V Agent will not synchronize settings over a
 If you do not configure this policy setting, any defined values are deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Sync settings over metered connections even when roaming*
+-   GP Friendly name: *Sync settings over metered connections even when roaming*
 -   GP name: *SyncOverMeteredNetworkWhenRoaming*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -8967,32 +6196,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/SyncProviderPingEnabled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9008,7 +6219,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the User Experience Virtualization (UE-V) sync provider to ping the settings storage path before attempting to sync settings. If the ping is successful then the sync provider attempts to synchronize the settings packages. If the ping is unsuccessful then the sync provider doesn’t attempt the synchronization.
+This policy setting allows you to configure the User Experience Virtualization (UE-V) sync provider to ping the settings storage path before attempting to sync settings. If the ping is successful then the sync provider attempts to synchronize the settings packages. If the ping is unsuccessful then the sync provider doesn’t attempt the synchronization.
 
 If you enable this policy setting, the sync provider pings the settings storage location before synchronizing settings packages.
 
@@ -9017,16 +6228,11 @@ If you disable this policy setting, the sync provider doesn’t ping the setting
 If you do not configure this policy, any defined values will be deleted.    
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Ping the settings storage location before sync*
+-   GP Friendly name: *Ping the settings storage location before sync*
 -   GP name: *SyncProviderPingEnabled*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -9039,32 +6245,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9079,7 +6267,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines the default settings sync behavior of the User Experience Virtualization (UE-V) Agent for Windows apps that are not explicitly listed in Windows App List. By default, the UE-V Agent only synchronizes settings of those Windows apps included in the Windows App List.
+This policy setting defines the default settings sync behavior of the User Experience Virtualization (UE-V) Agent for Windows apps that are not explicitly listed in Windows App List. By default, the UE-V Agent only synchronizes settings of those Windows apps included in the Windows App List.
 
 With this setting enabled, the settings of all Windows apps not expressly disable in the Windows App List are synchronized.
 
@@ -9088,16 +6276,11 @@ With this setting disabled, only the settings of the Windows apps set to synchro
 If you do not configure this policy setting, any defined values are deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Sync Unlisted Windows Apps*
+-   GP Friendly name: *Sync Unlisted Windows Apps*
 -   GP name: *SyncUnlistedWindows8Apps*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -9110,32 +6293,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/Travel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9151,7 +6316,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Travel app. By default, the user settings of Travel sync between computers. Use the policy setting to prevent the user settings of Travel from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Travel app. By default, the user settings of Travel sync between computers. Use the policy setting to prevent the user settings of Travel from synchronizing between computers.
 
 If you enable this policy setting, Travel user settings continue to sync.
 
@@ -9160,16 +6325,11 @@ If you disable this policy setting, Travel user settings are excluded from synch
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Travel*
+-   GP Friendly name: *Travel*
 -   GP name: *Travel*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -9182,32 +6342,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/TrayIconEnabled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9222,23 +6364,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables the User Experience Virtualization (UE-V) tray icon. By default, an icon appears in the system tray that displays notifications for UE-V. This icon also provides a link to the UE-V Agent application, Company Settings Center. Users can open the Company Settings Center by right-clicking the icon and selecting Open or by double-clicking the icon. When this group policy setting is enabled, the UE-V tray icon is visible, the UE-V notifications display, and the Company Settings Center is accessible from the tray icon.
+This policy setting enables the User Experience Virtualization (UE-V) tray icon. By default, an icon appears in the system tray that displays notifications for UE-V. This icon also provides a link to the UE-V Agent application, Company Settings Center. Users can open the Company Settings Center by right-clicking the icon and selecting Open or by double-clicking the icon. When this group policy setting is enabled, the UE-V tray icon is visible, the UE-V notifications display, and the Company Settings Center is accessible from the tray icon.
 
 With this setting disabled, the tray icon does not appear in the system tray, UE-V never displays notifications, and the user cannot access Company Settings Center from the system tray. The Company Settings Center remains accessible through the Control Panel and the Start menu or Start screen.
 
 If you do not configure this policy setting, any defined values are deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Tray Icon*
+-   GP Friendly name: *Tray Icon*
 -   GP name: *TrayIconEnabled*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -9251,32 +6387,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/Video**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9292,7 +6410,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Video app. By default, the user settings of Video sync between computers. Use the policy setting to prevent the user settings of Video from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Video app. By default, the user settings of Video sync between computers. Use the policy setting to prevent the user settings of Video from synchronizing between computers.
 
 If you enable this policy setting, Video user settings continue to sync.
 
@@ -9301,16 +6419,11 @@ If you disable this policy setting, Video user settings are excluded from synchr
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Video*
+-   GP Friendly name: *Video*
 -   GP name: *Video*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -9323,32 +6436,14 @@ ADMX Info:
 **ADMX_UserExperienceVirtualization/Weather**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9364,7 +6459,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Weather app. By default, the user settings of Weather sync between computers. Use the policy setting to prevent the user settings of Weather from synchronizing between computers.
+This policy setting configures the synchronization of user settings for the Weather app. By default, the user settings of Weather sync between computers. Use the policy setting to prevent the user settings of Weather from synchronizing between computers.
 
 If you enable this policy setting, Weather user settings continue to sync.
 
@@ -9373,16 +6468,11 @@ If you disable this policy setting, Weather user settings are excluded from sync
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Weather*
+-   GP Friendly name: *Weather*
 -   GP name: *Weather*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -9391,35 +6481,18 @@ ADMX Info:
 
 
                  
 
-**ADMX_UserExperienceVirtualization/Wordpad**  
+
+**ADMX_UserExperienceVirtualization/Wordpad**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9435,7 +6508,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings of WordPad. By default, the user settings of WordPad synchronize between computers. Use the policy setting to prevent the user settings of WordPad from synchronization between computers.
+This policy setting configures the synchronization of user settings of WordPad. By default, the user settings of WordPad synchronize between computers. Use the policy setting to prevent the user settings of WordPad from synchronization between computers.
 
 If you enable this policy setting, the WordPad user settings continue to synchronize. 
 
@@ -9444,16 +6517,11 @@ If you disable this policy setting, WordPad user settings are excluded from the
 If you do not configure this policy setting, any defined values will be deleted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *WordPad*
+-   GP Friendly name: *WordPad*
 -   GP name: *Wordpad*
 -   GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
 -   GP ADMX file name: *UserExperienceVirtualization.admx*
@@ -9461,7 +6529,6 @@ ADMX Info:
 
 
 
                  
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
index 2382a9fb8e..01ff1725af 100644
--- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
@@ -6,18 +6,22 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/11/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_UserProfiles
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
                  
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 ## ADMX_UserProfiles policies  
 
@@ -55,32 +59,14 @@ manager: dansimp
 **ADMX_UserProfiles/CleanupProfiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -95,23 +81,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.
+This policy setting allows an administrator to automatically delete user profiles on system restart that haven't been used within a specified number of days.
 
-If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that have not been used within the specified number of days. 
+> [!NOTE]
+> One day is interpreted as 24 hours after a specific user profile was accessed.
 
-If you disable or do not configure this policy setting, User Profile Service will not automatically delete any profiles on the next system restart.
+If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that haven't been used within the specified number of days. 
+
+If you disable or don't configure this policy setting, User Profile Service won't automatically delete any profiles on the next system restart.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Delete user profiles older than a specified number of days on system restart*
+-   GP Friendly name: *Delete user profiles older than a specified number of days on system restart*
 -   GP name: *CleanupProfiles*
 -   GP path: *System\User Profiles*
 -   GP ADMX file name: *UserProfiles.admx*
@@ -124,32 +107,14 @@ ADMX Info:
 **ADMX_UserProfiles/DontForceUnloadHive**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -164,25 +129,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether Windows forcefully unloads the user's registry at logoff, even if there are open handles to the per-user registry keys. 
+This policy setting controls whether Windows forcefully unloads the user's registry at sign out, even if there are open handles to the per-user registry keys. 
 
-Note: This policy setting should only be used for cases where you may be running into application compatibility issues due to this specific Windows behavior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user profile.
+> [!NOTE]
+> This policy setting should only be used for cases where you may be running into application compatibility issues due to this specific Windows behavior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user profile.
 
-If you enable this policy setting, Windows will not forcefully unload the users registry at logoff, but will unload the registry when all open handles to the per-user registry keys are closed.
+If you enable this policy setting, Windows won't forcefully unload the user's registry at sign out, but will unload the registry when all open handles to the per-user registry keys are closed.
 
-If you disable or do not configure this policy setting, Windows will always unload the users registry at logoff, even if there are any open handles to the per-user registry keys at user logoff.
+If you disable or don't configure this policy setting, Windows will always unload the user's registry at sign out, even if there are any open handles to the per-user registry keys at user sign out.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not forcefully unload the users registry at user logoff*
+-   GP Friendly name: *Do not forcefully unload the users registry at user logoff*
 -   GP name: *DontForceUnloadHive*
 -   GP path: *System\User Profiles*
 -   GP ADMX file name: *UserProfiles.admx*
@@ -195,32 +155,14 @@ ADMX Info:
 **ADMX_UserProfiles/LeaveAppMgmtData**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -235,28 +177,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.
+This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.
 
-By default Windows deletes all information related to a roaming user (which includes the user's settings, data, Windows Installer related data, and the like) when their profile is deleted. As a result, the next time a roaming user whose profile was previously deleted on that client logs on, they will need to reinstall all apps published via policy at logon increasing logon time. You can use this policy setting to change this behavior.
+By default Windows deletes all information related to a roaming user (which includes the user's settings, data, Windows Installer related data, and the like) when their profile is deleted. As a result, the next time roaming users whose profiles were previously deleted on that client sign in, they'll need to reinstall all apps published via policy at sign in, increasing sign-in time. You can use this policy setting to change this behavior.
 
-If you enable this policy setting, Windows will not delete Windows Installer or Group Policy software installation data for roaming users when profiles are deleted from the machine. This will improve the performance of Group Policy based Software Installation during user logon when a user profile is deleted and that user subsequently logs on to the machine.
+If you enable this policy setting, Windows won't delete Windows Installer or Group Policy software installation data for roaming users when profiles are deleted from the machine. This data retention will improve the performance of Group Policy-based Software Installation during user sign in when a user profile is deleted and that user later signs in to the machine.
 
-If you disable or do not configure this policy setting, Windows will delete the entire profile for roaming users, including the Windows Installer and Group Policy software installation data when those profiles are deleted.
+If you disable or don't configure this policy setting, Windows will delete the entire profile for roaming users, including the Windows Installer and Group Policy software installation data when those profiles are deleted.
 
 > [!NOTE]
 > If this policy setting is enabled for a machine, local administrator action is required to remove the Windows Installer or Group Policy software installation data stored in the registry and file system of roaming users' profiles on the machine.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Leave Windows Installer and Group Policy Software Installation Data*
+-   GP Friendly name: *Leave Windows Installer and Group Policy Software Installation Data*
 -   GP name: *LeaveAppMgmtData*
 -   GP path: *System\User Profiles*
 -   GP ADMX file name: *UserProfiles.admx*
@@ -269,32 +205,14 @@ ADMX Info:
 **ADMX_UserProfiles/LimitSize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -309,9 +227,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting sets the maximum size of each user profile and determines the system's response when a user profile reaches the maximum size. This policy setting affects both local and roaming profiles.
+This policy setting sets the maximum size of each user profile and determines the system's response when a user profile reaches the maximum size. This policy setting affects both local and roaming profiles.
 
-If you disable this policy setting or do not configure it, the system does not limit the size of user profiles.
+If you disable this policy setting or don't configure it, the system doesn't limit the size of user profiles.
 
 If you enable this policy setting, you can:
 
@@ -321,20 +239,11 @@ If you enable this policy setting, you can:
 - Specify a customized message notifying users of the oversized profile.
 - Determine how often the customized message is displayed.
 
-> [!NOTE]
-> In operating systems earlier than Microsoft Windows Vista, Windows will not allow users to log off until the profile size has been reduced to within the allowable limit. In Microsoft Windows Vista, Windows will not block users from logging off. Instead, if the user has a roaming user profile, Windows will not synchronize the user's profile with the roaming profile server if the maximum profile size limit specified here is exceeded.
-
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Limit profile size*
+-   GP Friendly name: *Limit profile size*
 -   GP name: *LimitSize*
 -   GP path: *System\User Profiles*
 -   GP ADMX file name: *UserProfiles.admx*
@@ -347,32 +256,14 @@ ADMX Info:
 **ADMX_UserProfiles/ProfileErrorAction**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -387,27 +278,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting will automatically log off a user when Windows cannot load their profile. 
+This policy setting will automatically sign out a user when Windows can't load their profile. 
 
-If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading, Windows logs on the user with a temporary profile. This policy setting allows the administrator to disable this behavior, preventing Windows from logging on the user with a temporary profile.
+If Windows can't access the user profile folder or the profile contains errors that prevent it from loading, Windows logs on the user with a temporary profile. This policy setting allows the administrator to disable this behavior, preventing Windows from logging on the user with a temporary profile.
 
-If you enable this policy setting, Windows will not log on a user with a temporary profile. Windows logs the user off if their profile cannot be loaded.
+If you enable this policy setting, Windows won't sign in users with a temporary profile. Windows signs out the users if their profiles can't be loaded.
 
-If you disable this policy setting or do not configure it, Windows logs on the user with a temporary profile when Windows cannot load their user profile.
+If you disable this policy setting or don't configure it, Windows logs on the user with a temporary profile when Windows can't load their user profile.
 
 Also, see the "Delete cached copies of roaming profiles" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not log users on with temporary profiles*
+-   GP Friendly name: *Do not log users on with temporary profiles*
 -   GP name: *ProfileErrorAction*
 -   GP path: *System\User Profiles*
 -   GP ADMX file name: *UserProfiles.admx*
@@ -420,32 +305,14 @@ ADMX Info:
 **ADMX_UserProfiles/SlowLinkTimeOut**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -460,7 +327,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network speed. 
+This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network speed. 
 
 To determine the network performance characteristics, a connection is made to the file share storing the user's profile and 64 kilobytes of data is transferred. From that connection and data transfer, the network's latency and connection speed are determined.
 
@@ -468,19 +335,13 @@ This policy setting and related policy settings in this folder together define t
 
 If you enable this policy setting, you can change how long Windows waits for a response from the server before considering the connection to be slow.
 
-If you disable or do not configure this policy setting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 milliseconds to respond.Consider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up connections.Important: If the "Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming profiles" policy setting is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection.
+If you disable or don't configure this policy setting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 milliseconds to respond.Consider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up connections.Important: If the "Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming profiles" policy setting is enabled, there's no local copy of the roaming profile to load when the system detects a slow connection.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Control slow network connection timeout for user profiles*
+-   GP Friendly name: *Control slow network connection timeout for user profiles*
 -   GP name: *SlowLinkTimeOut*
 -   GP path: *System\User Profiles*
 -   GP ADMX file name: *UserProfiles.admx*
@@ -493,32 +354,14 @@ ADMX Info:
 **ADMX_UserProfiles/USER_HOME**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -533,32 +376,26 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the location and root (file share or local path) of a user's home folder for a logon session.
+This policy setting allows you to specify the location and root (file share or local path) of a user's home folder for a sign-in session.
 
 If you enable this policy setting, the user's home folder is configured to the specified local or network location, creating a new folder for each user name.
 
 To use this policy setting, in the Location list, choose the location for the home folder. If you choose “On the network,” enter the path to a file share in the Path box (for example, \\\\ComputerName\ShareName), and then choose the drive letter to assign to the file share. If you choose “On the local computer,” enter a local path (for example, C:\HomeFolder) in the Path box.
 
-Do not specify environment variables or ellipses in the path. Also, do not specify a placeholder for the user name because the user name will be appended at logon.
+Don't specify environment variables or ellipses in the path. Also, don't specify a placeholder for the user name because the user name will be appended at sign in.
 
 > [!NOTE]
 > The Drive letter box is ignored if you choose “On the local computer” from the Location list. If you choose “On the local computer” and enter a file share, the user's home folder will be placed in the network location without mapping the file share to a drive letter.
 
-If you disable or do not configure this policy setting, the user's home folder is configured as specified in the user's Active Directory Domain Services account.
+If you disable or don't configure this policy setting, the user's home folder is configured as specified in the user's Active Directory Domain Services account.
 
 If the "Set Remote Desktop Services User Home Directory" policy setting is enabled, the “Set user home folder” policy setting has no effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set user home folder*
+-   GP Friendly name: *Set user home folder*
 -   GP name: *USER_HOME*
 -   GP path: *System\User Profiles*
 -   GP ADMX file name: *UserProfiles.admx*
@@ -571,32 +408,14 @@ ADMX Info:
 **ADMX_UserProfiles/UserInfoAccessAction**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -611,27 +430,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting prevents users from managing the ability to allow apps to access the user name, account picture, and domain information.
+This setting prevents users from managing the ability to allow apps to access the user name, account picture, and domain information.
 
 If you enable this policy setting, sharing of user name, picture and domain information may be controlled by setting one of the following options:
 
-- "Always on" - users will not be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's UPN, SIP/URI, and DNS.
+- "Always on" - users won't be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's UPN, SIP/URI, and DNS.
 
-- "Always off" - users will not be able to change this setting and the user's name and account picture will not be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will not be able to retrieve the user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources.
+- "Always off" - users won't be able to change this setting and the user's name and account picture won't be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability won't be able to retrieve the user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources.
 
-If you do not configure or disable this policy the user will have full control over this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources if users choose to turn the setting off.
+If you don't configure or disable this policy the user will have full control over this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources if users choose to turn off the setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *User management of sharing user name, account picture, and domain information with apps (not desktop apps)*
+-   GP Friendly name: *User management of sharing user name, account picture, and domain information with apps (not desktop apps)*
 -   GP name: *UserInfoAccessAction*
 -   GP path: *System\User Profiles*
 -   GP ADMX file name: *UserProfiles.admx*
@@ -641,6 +454,4 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md
index 7a60fbadde..880375abd7 100644
--- a/windows/client-management/mdm/policy-csp-admx-w32time.md
+++ b/windows/client-management/mdm/policy-csp-admx-w32time.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/28/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_W32Time
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -43,32 +47,14 @@ manager: dansimp
 **ADMX_W32Time/W32TIME_POLICY_CONFIG**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -83,11 +69,11 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs.
+This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs.
 
-If this policy setting is enabled, W32time Service on target machines use the settings provided here. Otherwise, the service on target machines use locally configured settings values.
+If this policy setting is enabled, W32time Service on target machines use the settings provided here. Otherwise, the Service on target machines use locally configured settings values.
 
-For more details on individual parameters, combinations of parameter values as well as definitions of flags, see https://go.microsoft.com/fwlink/?linkid=847809.
+For more information on individual parameters, combinations of parameter values, and definitions of flags, see https://go.microsoft.com/fwlink/?linkid=847809.
 
 **FrequencyCorrectRate**
 This parameter controls the rate at which the W32time corrects the local clock's frequency. Lower values cause slower corrections; larger values cause more frequent corrections. Default: 4 (scalar).
@@ -131,7 +117,7 @@ This parameter controls special events that may be logged to the Event Viewer Sy
 This parameter indicates the maximum error in seconds that is reported by the NTP server to clients that are requesting a time sample. (Applies only when the NTP server is using the time of the local CMOS clock.) Default: 10 seconds.
 
 **MaxPollInterval**
-This parameter controls the maximum polling interval, which defines the maximum amount of time between polls of a peer. Default: 10 in log base-2, or 1024 seconds. (Should not be set higher than 15.)
+This parameter controls the maximum polling interval, which defines the maximum amount of time between polls of a peer. Default: 10 in log base-2, or 1024 seconds. (Shouldn't be set higher than 15.)
 
 **MinPollInterval**
 This parameter controls the minimum polling interval that defines the minimum amount of time between polls of a peer. Default: 6 in log base-2, or 64 seconds.
@@ -140,10 +126,10 @@ This parameter controls the minimum polling interval that defines the minimum am
 This parameter indicates the maximum number of seconds a system clock can nominally hold its accuracy without synchronizing with a time source. If this period of time passes without W32time obtaining new samples from any of its input providers, W32time initiates a rediscovery of time sources. Default: 7800 seconds.
 
 **RequireSecureTimeSyncRequests**
-This parameter controls whether or not the DC will respond to time sync requests that use older authentication protocols. If enabled (set to 1), the DC will not respond to requests using such protocols. Default: 0 Boolean.
+This parameter controls whether or not the DC will respond to time sync requests that use older authentication protocols. If enabled (set to 1), the DC won't respond to requests using such protocols. Default: 0 Boolean.
 
 **UtilizeSslTimeData**
-This parameter controls whether W32time will use time data computed from SSL traffic on the machine as an additional input for correcting the local clock.  Default: 1 (enabled) Boolean
+This parameter controls whether W32time will use time data computed from SSL traffic on the machine as an extra input for correcting the local clock.  Default: 1 (enabled) Boolean
 
 **ClockAdjustmentAuditLimit**
 This parameter specifies the smallest local clock adjustments that may be logged to the W32time service event log on the target machine. Default: 800 Parts per million (PPM).
@@ -157,25 +143,20 @@ This parameter specifies the maximum amount of time that an entry can remain in
 This parameter controls the maximum number of entries that are allowed in the chaining table. If the chaining table is full and no expired entries can be removed, any incoming requests are discarded. Default: 128 entries.
 
 **ChainMaxHostEntries**
-This parameter controls the maximum number of entries that are allowed in the chaining table for a particular host. Default: 4 entries.
+This parameter controls the maximum number of entries that are allowed in the chaining table for a particular host. Default: Four entries.
 
 **ChainDisable**
-This parameter controls whether or not the chaining mechanism is disabled. If chaining is disabled (set to 0), the RODC can synchronize with any domain controller, but hosts that do not have their passwords cached on the RODC will not be able to synchronize with the RODC. Default: 0 Boolean.
+This parameter controls whether or not the chaining mechanism is disabled. If chaining is disabled (set to 0), the RODC can synchronize with any domain controller, but hosts that don't have their passwords cached on the RODC won't be able to synchronize with the RODC. Default: 0 Boolean.
 
 **ChainLoggingRate**
 This parameter controls the frequency at which an event that indicates the number of successful and unsuccessful chaining attempts is logged to the System log in Event Viewer. Default: 30 minutes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Global Configuration Settings*
+-   GP Friendly name: *Global Configuration Settings*
 -   GP name: *W32TIME_POLICY_CONFIG*
 -   GP path: *System\Windows Time Service*
 -   GP ADMX file name: *W32Time.admx*
@@ -188,32 +169,14 @@ ADMX Info:
 **ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -228,11 +191,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies a set of parameters for controlling the Windows NTP Client.
+This policy setting specifies a set of parameters for controlling the Windows NTP Client.
 
 If you enable this policy setting, you can specify the following parameters for the Windows NTP Client.
 
-If you disable or do not configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters.
+If you disable or don't configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters.
 
 **NtpServer**
 The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings.  The default value is ""time.windows.com,0x09"". 
@@ -241,7 +204,7 @@ The Domain Name System (DNS) name or IP address of an NTP time source. This valu
 This value controls the authentication that W32time uses. The default value is NT5DS.
 
 **CrossSiteSyncFlags**
-This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client should not attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value is not set. The default value is 2 decimal (0x02 hexadecimal).
+This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client shouldn't attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value isn't set. The default value is 2 decimal (0x02 hexadecimal).
 
 **ResolvePeerBackoffMinutes**
 This value, expressed in minutes, controls how long W32time waits before it attempts to resolve a DNS name when a previous attempt failed. The default value is 15 minutes.
@@ -253,19 +216,14 @@ This value controls how many times W32time attempts to resolve a DNS name before
 This NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that is set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds.
 
 **EventLogFlags**
-This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it is a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged.
+This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it's a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Windows NTP Client*
+-   GP Friendly name: *Configure Windows NTP Client*
 -   GP name: *W32TIME_POLICY_CONFIGURE_NTPCLIENT*
 -   GP path: *System\Windows Time Service\Time Providers*
 -   GP ADMX file name: *W32Time.admx*
@@ -278,32 +236,14 @@ ADMX Info:
 **ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -318,25 +258,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the Windows NTP Client is enabled.
+This policy setting specifies whether the Windows NTP Client is enabled.
 
 Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.
 
 If you enable this policy setting, you can set the local computer clock to synchronize time with NTP servers.
 
-If you disable or do not configure this policy setting, the local computer clock does not synchronize time with NTP servers.
+If you disable or don't configure this policy setting, the local computer clock doesn't synchronize time with NTP servers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable Windows NTP Client*
+-   GP Friendly name: *Enable Windows NTP Client*
 -   GP name: *W32TIME_POLICY_ENABLE_NTPCLIENT*
 -   GP path: *System\Windows Time Service\Time Providers*
 -   GP ADMX file name: *W32Time.admx*
@@ -349,32 +284,14 @@ ADMX Info:
 **ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -389,23 +306,17 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the Windows NTP Server is enabled.
+This policy setting allows you to specify whether the Windows NTP Server is enabled.
 
 If you enable this policy setting for the Windows NTP Server, your computer can service NTP requests from other computers.
 
-If you disable or do not configure this policy setting, your computer cannot service NTP requests from other computers.
+If you disable or don't configure this policy setting, your computer can't service NTP requests from other computers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enable Windows NTP Server*
+-   GP Friendly name: *Enable Windows NTP Server*
 -   GP name: *W32TIME_POLICY_ENABLE_NTPSERVER*
 -   GP path: *System\Windows Time Service\Time Providers*
 -   GP ADMX file name: *W32Time.admx*
@@ -414,8 +325,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md
index 85f0ad3341..7af1124e31 100644
--- a/windows/client-management/mdm/policy-csp-admx-wcm.md
+++ b/windows/client-management/mdm/policy-csp-admx-wcm.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/22/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_WCM
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -40,32 +44,14 @@ manager: dansimp
 **ADMX_WCM/WCM_DisablePowerManagement**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -80,23 +66,17 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that power management is disabled when the machine enters connected standby mode.
+This policy setting specifies that power management is disabled when the machine enters connected standby mode.
 
-If this policy setting is enabled, Windows Connection Manager does not manage adapter radios to reduce power consumption when the machine enters connected standby mode.
+If this policy setting is enabled, Windows Connection Manager doesn't manage adapter radios to reduce power consumption when the machine enters connected standby mode.
 
-If this policy setting is not configured or is disabled, power management is enabled when the machine enters connected standby mode.
+If this policy setting isn't configured or is disabled, power management is enabled when the machine enters connected standby mode.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disable power management in connected standby mode*
+-   GP Friendly name: *Disable power management in connected standby mode*
 -   GP name: *WCM_DisablePowerManagement*
 -   GP path: *Network\Windows Connection Manager*
 -   GP ADMX file name: *WCM.admx*
@@ -109,32 +89,14 @@ ADMX Info:
 **ADMX_WCM/WCM_EnableSoftDisconnect**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -149,7 +111,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows will soft-disconnect a computer from a network.
+This policy setting determines whether Windows will soft-disconnect a computer from a network.
 
 If this policy setting is enabled or not configured, Windows will soft-disconnect a computer from a network when it determines that the computer should no longer be connected to a network.
 
@@ -159,21 +121,16 @@ When soft disconnect is enabled:
 
 - When Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted.
 - Windows then checks the traffic level on the network periodically. If the traffic level is above a certain threshold, no further action is taken. The computer stays connected to the network and continues to use it. For example, if the network connection is currently being used to download files from the Internet, the files will continue to be downloaded using that network connection.
-- When the network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they’re not actively using it (for example, email apps) might lose their connection. If this happens, these apps should re-establish their connection over a different network.
+- When the network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they’re not actively using it (for example, email apps) might lose their connection. If this connection loss happens, these apps should re-establish their connection over a different network.
 
-This policy setting depends on other group policy settings. For example, if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled, Windows will not disconnect from any networks.
+This policy setting depends on other group policy settings. For example, if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled, Windows won't disconnect from any networks.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable Windows to soft-disconnect a computer from a network*
+-   GP Friendly name: *Enable Windows to soft-disconnect a computer from a network*
 -   GP name: *WCM_EnableSoftDisconnect*
 -   GP path: *Network\Windows Connection Manager*
 -   GP ADMX file name: *WCM.admx*
@@ -186,32 +143,14 @@ ADMX Info:
 **ADMX_WCM/WCM_MinimizeConnections**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -226,11 +165,11 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines if a computer can have multiple connections to the internet or to a Windows domain. If multiple connections are allowed, it then determines how network traffic will be routed.
+This policy setting determines if a computer can have multiple connections to the internet or to a Windows domain. If multiple connections are allowed, it then determines how network traffic will be routed.
 
-If this policy setting is set to 0, a computer can have simultaneous connections to the internet, to a Windows domain, or to both. Internet traffic can be routed over any connection - including a cellular connection and any metered network. This was previously the Disabled state for this policy setting. This option was first available in Windows 8.
-
-If this policy setting is set to 1, any new automatic internet connection is blocked when the computer has at least one active internet connection to a preferred type of network. Here's the order of preference (from most preferred to least preferred): Ethernet, WLAN, then cellular. Ethernet is always preferred when connected. Users can still manually connect to any network. This was previously the Enabled state for this policy setting. This option was first available in Windows 8.
+If this policy setting is set to 0, a computer can have simultaneous connections to the internet, to a Windows domain, or to both. Internet traffic can be routed over any connection - including a cellular connection and any metered network. This value of 0 was previously the "Disabled" state for this policy setting. This option was first available in Windows 8.
+    
+If this policy setting is set to 1, any new automatic internet connection is blocked when the computer has at least one active internet connection to a preferred type of network. Here's the order of preference (from most preferred to least preferred): Ethernet, WLAN, then cellular. Ethernet is always preferred when connected. Users can still manually connect to any network. This value of 1 was previously the "Enabled" state for this policy setting. This option was first available in Windows 8.
 
 If this policy setting is set to 2, the behavior is similar to 1. However, if a cellular data connection is available, it will always stay connected for services that require a cellular connection. When the user is connected to a WLAN or Ethernet connection, no internet traffic will be routed over the cellular connection. This option was first available in Windows 10 (Version 1703).
 
@@ -239,16 +178,10 @@ If this policy setting is set to 3, the behavior is similar to 2. However, if th
 This policy setting is related to the "Enable Windows to soft-disconnect a computer from a network" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Minimize the number of simultaneous connections to the Internet or a Windows Domain*
+-   GP Friendly name: *Minimize the number of simultaneous connections to the Internet or a Windows Domain*
 -   GP name: *WCM_MinimizeConnections*
 -   GP path: *Network\Windows Connection Manager*
 -   GP ADMX file name: *WCM.admx*
@@ -257,8 +190,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md
new file mode 100644
index 0000000000..a4a59c9cbd
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-wdi.md
@@ -0,0 +1,137 @@
+---
+title: Policy CSP - ADMX_WDI
+description: Policy CSP - ADMX_WDI
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 11/09/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WDI
+
+
                  
+
+
+## ADMX_WDI policies  
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+  
                  
+    ADMX_WDI/WdiDpsScenarioExecutionPolicy
+  
                  
+  
                  
+    ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_WDI/WdiDpsScenarioExecutionPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting determines the data retention limit for Diagnostic Policy Service (DPS) scenario data.  
+- If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached.  
+- If you disable or don't configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size.  
+No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.  
+This policy setting will only take effect when the Diagnostic Policy Service is in the running state.  
+When the service is stopped or disabled, diagnostic scenario data won't be deleted.  
+The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Diagnostics: Configure scenario retention*
+-   GP name: *WdiDpsScenarioExecutionPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics*
+-   GP ADMX file name: *WDI.admx*
+
+
+
+
                  
+
+
+**ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting determines the execution level for Diagnostic Policy Service (DPS) scenarios.  
+
+- If you enable this policy setting, you must select an execution level from the drop-down menu. 
+
+If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available.  
+
+- If you disable this policy setting, Windows can't detect, troubleshoot, or resolve any problems that are handled by the DPS. 
+
+If you don't configure this policy setting, the DPS enables all scenarios for resolution by default, unless you configure separate scenario-specific policy settings. This policy setting takes precedence over any scenario-specific policy settings when it's enabled or disabled.  Scenario-specific policy settings only take effect if this policy setting isn't configured. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Diagnostics: Configure scenario execution level*
+-   GP name: *WdiDpsScenarioDataSizeLimitPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics*
+-   GP ADMX file name: *WDI.admx*
+
+
+
+
                  
+
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md
index de5d9fde63..25ce545184 100644
--- a/windows/client-management/mdm/policy-csp-admx-wincal.md
+++ b/windows/client-management/mdm/policy-csp-admx-wincal.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/28/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_WinCal
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -37,32 +41,14 @@ manager: dansimp
 **ADMX_WinCal/TurnOffWinCal_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -77,7 +63,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
+Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
 
 If you enable this setting, Windows Calendar will be turned off.
 
@@ -86,16 +72,10 @@ If you disable or do not configure this setting, Windows Calendar will be turned
 The default is for Windows Calendar to be turned on.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off Windows Calendar*
+-   GP Friendly name: *Turn off Windows Calendar*
 -   GP name: *TurnOffWinCal_1*
 -   GP path: *Windows Components\Windows Calendar*
 -   GP ADMX file name: *WinCal.admx*
@@ -110,32 +90,14 @@ ADMX Info:
 **ADMX_WinCal/TurnOffWinCal_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -150,7 +112,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
+Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
 
 If you enable this setting, Windows Calendar will be turned off.
 
@@ -159,16 +121,11 @@ If you disable or do not configure this setting, Windows Calendar will be turned
 The default is for Windows Calendar to be turned on.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Windows Calendar*
+-   GP Friendly name: *Turn off Windows Calendar*
 -   GP name: *TurnOffWinCal_2*
 -   GP path: *Windows Components\Windows Calendar*
 -   GP ADMX file name: *WinCal.admx*
@@ -177,8 +134,5 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md
deleted file mode 100644
index 5902416124..0000000000
--- a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md
+++ /dev/null
@@ -1,106 +0,0 @@
----
-title: Policy CSP - ADMX_WindowsAnytimeUpgrade
-description: Policy CSP - ADMX_WindowsAnytimeUpgrade
-ms.author: dansimp
-ms.localizationpriority: medium
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 09/29/2020
-ms.reviewer: 
-manager: dansimp
----
-
-# Policy CSP - ADMX_WindowsAnytimeUpgrade
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
-
                  
-
-
-## ADMX_WindowsAnytimeUpgrade policies  
-
-
                  
-  
                  
-    ADMX_WindowsAnytimeUpgrade/Disabled
-  
                  
-
                  
-
-
-
                  
-
-
-**ADMX_WindowsAnytimeUpgrade/Disabled**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
-
-
-
                  
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-> * User
-
-
                  
-
-
-
-Available in the latest Windows 10 Insider Preview Build. By default, Add features to Windows 10 is available for all administrators. 
-
-If you enable this policy setting, the wizard will not run.
-
-If you disable this policy setting or set it to Not Configured, the wizard will run.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Prevent the wizard from running.*
--   GP name: *Disabled*
--   GP path: *Windows Components\Add features to Windows 10*
--   GP ADMX file name: *WindowsAnytimeUpgrade.admx*
-
-
-
-
                  
-
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
-
diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
new file mode 100644
index 0000000000..807a4c84ff
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
@@ -0,0 +1,134 @@
+---
+title: Policy CSP - ADMX_WindowsColorSystem
+description: Policy CSP - ADMX_WindowsColorSystem
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 10/27/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsColorSystem
+
+
                  
+
+
+## ADMX_WindowsColorSystem policies  
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+  
                  
+    ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_1
+  
                  
+  
                  
+    ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_2
+  
                  
+
                  
+
+
+
                  
+
+
+**WindowsColorSystem/ProhibitChangingInstalledProfileList_1**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting affects the ability of users to install or uninstall color profiles.  
+
+- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.  
+
+- If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Prohibit installing or uninstalling color profiles*
+-   GP name: *ProhibitChangingInstalledProfileList_1*
+-   GP path: *Windows Components\Windows Color System*
+-   GP ADMX file name: *WindowsColorSystem.admx*
+
+
+
+
                  
+
+
+**WindowsColorSystem/ProhibitChangingInstalledProfileList_2**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting affects the ability of users to install or uninstall color profiles.  
+
+- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.  
+
+- If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Prohibit installing or uninstalling color profiles*
+-   GP name: *ProhibitChangingInstalledProfileList_2*
+-   GP path: *Windows Components\Windows Color System*
+-   GP ADMX file name: *WindowsColorSystem.admx*
+
+
+
+
+
                  
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
index d65677d585..1922a73f28 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/28/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_WindowsConnectNow
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -40,32 +44,14 @@ manager: dansimp
 **ADMX_WindowsConnectNow/WCN_DisableWcnUi_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -80,23 +66,17 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits access to Windows Connect Now (WCN) wizards. 
+This policy setting prohibits access to Windows Connect Now (WCN) wizards. 
 
-If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. 
+If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. 
 
-If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
+If you disable or don't configure this policy setting, users can access the wizard tasks. They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prohibit access of the Windows Connect Now wizards*
+-   GP Friendly name: *Prohibit access of the Windows Connect Now wizards*
 -   GP name: *WCN_DisableWcnUi_1*
 -   GP path: *Network\Windows Connect Now*
 -   GP ADMX file name: *WindowsConnectNow.admx*
@@ -109,32 +89,14 @@ ADMX Info:
 **ADMX_WindowsConnectNow/WCN_DisableWcnUi_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -149,23 +111,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits access to Windows Connect Now (WCN) wizards. 
+This policy setting prohibits access to Windows Connect Now (WCN) wizards. 
 
-If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. 
+If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. 
 
-If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
+If you disable or don't configure this policy setting, users can access the wizard tasks. They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit access of the Windows Connect Now wizards*
+-   GP Friendly name: *Prohibit access of the Windows Connect Now wizards*
 -   GP name: *WCN_DisableWcnUi_2*
 -   GP path: *Network\Windows Connect Now*
 -   GP ADMX file name: *WindowsConnectNow.admx*
@@ -178,32 +135,14 @@ ADMX Info:
 **ADMX_WindowsConnectNow/WCN_EnableRegistrar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -218,29 +157,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives.
+This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives.
 
-Additional options are available to allow discovery and configuration over a specific medium. 
+More options are available to allow discovery and configuration over a specific medium. 
 
-If you enable this policy setting, additional choices are available to turn off the operations over a specific medium. 
+If you enable this policy setting, more choices are available to turn off the operations over a specific medium. 
 
 If you disable this policy setting, operations are disabled over all media. 
 
-If you do not configure this policy setting, operations are enabled over all media. 
+If you don't configure this policy setting, operations are enabled over all media. 
 
 The default for this policy setting allows operations over all media.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configuration of wireless settings using Windows Connect Now*
+-   GP Friendly name: *Configuration of wireless settings using Windows Connect Now*
 -   GP name: *WCN_EnableRegistrar*
 -   GP path: *Network\Windows Connect Now*
 -   GP ADMX file name: *WindowsConnectNow.admx*
@@ -249,8 +183,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
index 352dd76846..8f4e9a4209 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/29/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_WindowsExplorer
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -245,32 +250,14 @@ manager: dansimp
 **ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -285,9 +272,9 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent data loss when you change the target location for Folder Redirection, and the new and old targets point to the same network share, but have different network paths.
+This policy setting allows you to prevent data loss when you change the target location for Folder Redirection, and the new and old targets point to the same network share, but have different network paths.
 
-If you enable this policy setting, Folder Redirection creates a temporary file in the old location in order to verify that new and old locations point to the same network share. If both new and old locations point to the same share, the target path is updated and files are not copied or deleted. The temporary file is deleted.
+If you enable this policy setting, Folder Redirection creates a temporary file in the old location in order to verify that new and old locations point to the same network share. If both new and old locations point to the same share, the target path is updated and files aren't copied or deleted. The temporary file is deleted.
 
 If you disable or do not configure this policy setting, Folder Redirection does not create a temporary file and functions as if both new and old locations point to different shares when their network paths are different.
 
@@ -295,16 +282,11 @@ If you disable or do not configure this policy setting, Folder Redirection does
 > If the paths point to different network shares, this policy setting is not required. If the paths point to the same network share, any data contained in the redirected folders is deleted if this policy setting is not enabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Verify old and new Folder Redirection targets point to the same share before redirecting*
+-   GP Friendly name: *Verify old and new Folder Redirection targets point to the same share before redirecting*
 -   GP name: *CheckSameSourceAndTargetForFRAndDFS*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -318,32 +300,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/ClassicShell**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -358,7 +322,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting allows an administrator to revert specific Windows Shell behavior to classic Shell behavior.
+This setting allows an administrator to revert specific Windows Shell behavior to classic Shell behavior.
 
 If you enable this setting, users cannot configure their system to open items by single-clicking (such as in Mouse in Control Panel). As a result, the user interface looks and operates like the interface for Windows NT 4.0, and users cannot restore the new features.
 
@@ -366,20 +330,13 @@ Enabling this policy will also turn off the preview pane and set the folder opti
 
 If you disable or not configure this policy, the default File Explorer behavior is applied to the user.
 
-> [!NOTE]
-> In operating systems earlier than Windows Vista, enabling this policy will also disable the Active Desktop and Web view. This setting will also take precedence over the "Enable Active Desktop" setting. If both policies are enabled, Active Desktop is disabled. Also, see the "Disable Active Desktop" setting in User Configuration\Administrative Templates\Desktop\Active Desktop and the "Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon" setting in User Configuration\Administrative Templates\Windows Components\File Explorer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on Classic Shell*
+-   GP Friendly name: *Turn on Classic Shell*
 -   GP name: *ClassicShell*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -392,32 +349,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/ConfirmFileDelete**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -432,23 +371,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Allows you to have File Explorer display a confirmation dialog  whenever a file is deleted or moved to the Recycle Bin.
+Allows you to have File Explorer display a confirmation dialog  whenever a file is deleted or moved to the Recycle Bin.
 
 If you enable this setting, a confirmation dialog is displayed when a file is deleted or moved to the Recycle Bin by the user.
 
 If you disable or do not configure this setting, the default behavior of not displaying a confirmation dialog occurs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Display confirmation dialog when deleting files*
+-   GP Friendly name: *Display confirmation dialog when deleting files*
 -   GP name: *ConfirmFileDelete*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -461,32 +395,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/DefaultLibrariesLocation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -502,23 +418,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a location where all default Library definition files for users/machines reside.
+This policy setting allows you to specify a location where all default Library definition files for users/machines reside.
 
 If you enable this policy setting, administrators can specify a path where all default Library definition files for users reside. The user will not be allowed to make changes to these Libraries from the UI. On every logon, the policy settings are verified and Libraries for the user are updated or changed according to the path defined.
 
 If you disable or do not configure this policy setting, no changes are made to the location of the default Library definition files.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Location where all default Library definition files for users/machines reside.*
+-   GP Friendly name: *Location where all default Library definition files for users/machines reside.*
 -   GP name: *DefaultLibrariesLocation*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -531,32 +442,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -572,23 +465,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation, and to include the intermediate layers provided by the Property System.
+Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation, and to include the intermediate layers provided by the Property System.
 
 This behavior is consistent with Windows Vista's behavior in this scenario.
 
 This disables access to user-defined properties, and properties stored in NTFS secondary streams.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Disable binding directly to IPropertySetStorage without intermediate layers.*
+-   GP Friendly name: *Disable binding directly to IPropertySetStorage without intermediate layers.*
 -   GP name: *DisableBindDirectlyToPropertySetStorage*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -601,32 +489,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/DisableIndexedLibraryExperience**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -641,7 +511,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly.
+This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly.
 
 If you enable this policy, some Windows Libraries features will be turned off to better handle included folders that have been redirected to non-indexed network locations.
 
@@ -658,16 +528,11 @@ If you enable this policy, Windows Libraries features that rely on indexed file
 If you disable or do not configure this policy, all default Windows Libraries features will be enabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Windows Libraries features that rely on indexed file data*
+-   GP Friendly name: *Turn off Windows Libraries features that rely on indexed file data*
 -   GP name: *DisableIndexedLibraryExperience*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -681,32 +546,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/DisableKnownFolders**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -721,26 +568,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a list of known folders that should be disabled.
+This policy setting allows you to specify a list of known folders that should be disabled.
 
 Disabling a known folder will prevent the underlying file or directory from being created via the known folder API. If the folder exists before the policy is applied, the folder must be manually deleted since the policy only blocks the creation of the folder.
 
-You can specify a known folder using its known folder id or using its canonical name. For example, the Sample Videos known folder can be disabled by specifying {440fcffd-a92b-4739-ae1a-d4a54907c53f} or SampleVideos.
+You can specify a known folder using its known folder ID or using its canonical name. For example, the Sample Videos known folder can be disabled by specifying {440fcffd-a92b-4739-ae1a-d4a54907c53f} or SampleVideos.
 
 > [!NOTE]
 > Disabling a known folder can introduce application compatibility issues in applications that depend on the existence of the known folder.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Disable Known Folders*
+-   GP Friendly name: *Disable Known Folders*
 -   GP name: *DisableKnownFolders*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -753,32 +595,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/DisableSearchBoxSuggestions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -793,7 +617,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.
+Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.
 
 File Explorer shows suggestion pop-ups as users type into the Search Box.
 
@@ -803,16 +627,11 @@ These suggestions are based on their past entries into the Search Box.
 > If you enable this policy, File Explorer will not show suggestion pop-ups as users type into the Search Box, and it will not store Search Box entries into the registry for future references. If the user types a property, values that match this property will be shown but no data will be saved in the registry or re-shown on subsequent uses of the search box.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off display of recent search entries in the File Explorer search box*
+-   GP Friendly name: *Turn off display of recent search entries in the File Explorer search box*
 -   GP name: *DisableSearchBoxSuggestions*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -826,32 +645,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -866,7 +667,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether remote paths can be used for file shortcut (.lnk file) icons.
+This policy setting determines whether remote paths can be used for file shortcut (.lnk file) icons.
 
 If you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths.
 
@@ -876,16 +677,11 @@ If you disable or do not configure this policy setting, file shortcut icons that
 > Allowing the use of remote paths in file shortcut icons can expose users’ computers to security risks.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow the use of remote paths in file shortcut icons*
+-   GP Friendly name: *Allow the use of remote paths in file shortcut icons*
 -   GP name: *EnableShellShortcutIconRemotePath*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -899,32 +695,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/EnableSmartScreen**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -939,7 +717,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. 
+This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. 
 
 Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.
 
@@ -955,16 +733,11 @@ If you disable this policy, SmartScreen will be turned off for all users. Users
 If you do not configure this policy, SmartScreen will be enabled by default, but users may change their settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Windows Defender SmartScreen*
+-   GP Friendly name: *Configure Windows Defender SmartScreen*
 -   GP name: *EnableSmartScreen*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -977,32 +750,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/EnforceShellExtensionSecurity**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1017,7 +772,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This setting is designed to ensure that shell extensions can operate on a per-user basis.
+This setting is designed to ensure that shell extensions can operate on a per-user basis.
 
 If you enable this setting, Windows is directed to only run those shell extensions that have either been approved by an administrator or that will not impact other users of the machine. A shell extension only runs if there is an entry in at least one of the following locations in registry.
 
@@ -1026,16 +781,11 @@ For shell extensions that have been approved by the administrator and are availa
 For shell extensions to run on a per-user basis, there must be an entry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow only per user or approved shell extensions*
+-   GP Friendly name: *Allow only per user or approved shell extensions*
 -   GP name: *EnforceShellExtensionSecurity*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -1048,32 +798,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1089,23 +821,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are opened.
+This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are opened.
 
 If you enable this policy setting, you can set how the ribbon appears the first time users open File Explorer and whenever they open new windows.
 
 If you disable or do not configure this policy setting, users can choose how the ribbon appears when they open new windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Start File Explorer with ribbon minimized*
+-   GP Friendly name: *Start File Explorer with ribbon minimized*
 -   GP name: *ExplorerRibbonStartsMinimized*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -1118,32 +845,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/HideContentViewModeSnippets**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1158,23 +867,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off the display of snippets in Content view mode.
+This policy setting allows you to turn off the display of snippets in Content view mode.
 
 If you enable this policy setting, File Explorer will not display snippets in Content view mode.
 
 If you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off the display of snippets in Content view mode*
+-   GP Friendly name: *Turn off the display of snippets in Content view mode*
 -   GP name: *HideContentViewModeSnippets*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -1187,32 +891,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1228,7 +914,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
 
 If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
 
@@ -1239,16 +925,11 @@ If you do not configure this policy setting, users can preview items and get cus
 Changes to this setting may not be applied until the user logs off from Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchPreview_Internet*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -1261,32 +942,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1302,7 +965,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
 
 If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
 
@@ -1313,16 +976,11 @@ If you do not configure this policy setting, users can preview items and get cus
 Changes to this setting may not be applied until the user logs off from Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP Friendly name: *Allow OpenSearch queries in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchPreview_InternetLockdown*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -1335,32 +993,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1376,7 +1016,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
 
 If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
 
@@ -1387,16 +1027,11 @@ If you do not configure this policy setting, users can preview items and get cus
 Changes to this setting may not be applied until the user logs off from Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchPreview_Intranet*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -1409,32 +1044,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1450,7 +1067,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
 
 If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
 
@@ -1461,16 +1078,11 @@ If you do not configure this policy setting, users can preview items and get cus
 Changes to this setting may not be applied until the user logs off from Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchPreview_IntranetLockdown*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -1483,32 +1095,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1524,7 +1118,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
 
 If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
 
@@ -1535,16 +1129,11 @@ If you do not configure this policy setting, users can preview items and get cus
 Changes to this setting may not be applied until the user logs off from Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchPreview_LocalMachine*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -1557,32 +1146,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1598,7 +1169,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
 
 If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
 
@@ -1609,16 +1180,11 @@ If you do not configure this policy setting, users can preview items and get cus
 Changes to this setting may not be applied until the user logs off from Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchPreview_LocalMachineLockdown*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -1631,32 +1197,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1672,7 +1220,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
 
 If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
 
@@ -1683,16 +1231,11 @@ If you do not configure this policy setting, users cannot preview items or get c
 Changes to this setting may not be applied until the user logs off from Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchPreview_Restricted*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -1705,32 +1248,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1746,7 +1271,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
 
 If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
 
@@ -1757,16 +1282,11 @@ If you do not configure this policy setting, users cannot preview items or get c
 Changes to this setting may not be applied until the user logs off from Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchPreview_RestrictedLockdown*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -1779,32 +1299,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1820,7 +1322,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
 
 If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
 
@@ -1831,16 +1333,11 @@ If you do not configure this policy setting, users can preview items and get cus
 Changes to this setting may not be applied until the user logs off from Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchPreview_Trusted*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -1853,32 +1350,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1894,7 +1373,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
 
 If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
 
@@ -1905,16 +1384,11 @@ If you do not configure this policy setting, users can preview items and get cus
 Changes to this setting may not be applied until the user logs off from Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchPreview_TrustedLockdown*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -1927,32 +1401,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1968,7 +1424,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
 
 If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
@@ -1977,16 +1433,11 @@ If you disable this policy setting, users are prevented from performing OpenSear
 If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP Friendly name: *Allow OpenSearch queries in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchQuery_Internet*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -1999,32 +1450,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2040,7 +1473,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
 
 If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
@@ -2049,16 +1482,11 @@ If you disable this policy setting, users are prevented from performing OpenSear
 If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP Friendly name: *Allow OpenSearch queries in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchQuery_InternetLockdown*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -2071,32 +1499,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2112,7 +1522,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
 
 If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
@@ -2121,16 +1531,11 @@ If you disable this policy setting, users are prevented from performing OpenSear
 If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP Friendly name: *Allow OpenSearch queries in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchQuery_Intranet*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -2143,32 +1548,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2184,7 +1571,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
 
 If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
@@ -2193,16 +1580,11 @@ If you disable this policy setting, users are prevented from performing OpenSear
 If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP Friendly name: *Allow OpenSearch queries in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchQuery_IntranetLockdown*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -2215,32 +1597,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2256,7 +1620,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
 
 If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
@@ -2265,16 +1629,11 @@ If you disable this policy setting, users are prevented from performing OpenSear
 If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP Friendly name: *Allow OpenSearch queries in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchQuery_LocalMachine*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -2287,32 +1646,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2328,7 +1669,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
 
 If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
@@ -2337,16 +1678,11 @@ If you disable this policy setting, users are prevented from performing OpenSear
 If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP Friendly name: *Allow OpenSearch queries in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchQuery_LocalMachineLockdown*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -2359,32 +1695,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2400,7 +1718,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
 
 If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
@@ -2409,16 +1727,11 @@ If you disable this policy setting, users are prevented from performing OpenSear
 If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Search Connectors.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP Friendly name: *Allow OpenSearch queries in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchQuery_Restricted*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -2432,32 +1745,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2473,7 +1768,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
 
 If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
@@ -2482,16 +1777,11 @@ If you disable this policy setting, users are prevented from performing OpenSear
 If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Search Connectors.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP Friendly name: *Allow OpenSearch queries in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchQuery_RestrictedLockdown*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -2505,32 +1795,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2546,7 +1818,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
 
 If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
@@ -2555,16 +1827,11 @@ If you disable this policy setting, users are prevented from performing OpenSear
 If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP Friendly name: *Allow OpenSearch queries in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchQuery_Trusted*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -2577,32 +1844,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2618,7 +1867,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
 
 If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
@@ -2627,16 +1876,11 @@ If you disable this policy setting, users are prevented from performing OpenSear
 If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP Friendly name: *Allow OpenSearch queries in File Explorer*
 -   GP name: *IZ_Policy_OpenSearchQuery_TrustedLockdown*
 -   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -2649,32 +1893,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2689,7 +1915,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.
+This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.
 
 Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path, then, by default, it searches for the target in the original path. If the shortcut has been copied to a different computer, the original path might lead to a network computer, including external resources, such as an Internet server.
 
@@ -2698,16 +1924,11 @@ If you enable this policy setting, Windows only searches the current target path
 If you disable or do not configure this policy setting, Windows searches for the original path when it cannot find the target file in the current target path.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not track Shell shortcuts during roaming*
+-   GP Friendly name: *Do not track Shell shortcuts during roaming*
 -   GP name: *LinkResolveIgnoreLinkInfo*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -2720,32 +1941,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/MaxRecentDocs**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2760,23 +1963,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set the maximum number of shortcuts the system can display in the Recent Items menu on the Start menu. The Recent Items menu contains shortcuts to the nonprogram files the user has most recently opened.
+This policy setting allows you to set the maximum number of shortcuts the system can display in the Recent Items menu on the Start menu. The Recent Items menu contains shortcuts to the nonprogram files the user has most recently opened.
 
 If you enable this policy setting, the system displays the number of shortcuts specified by the policy setting.
 
 If you disable or do not configure this policy setting, by default, the system displays shortcuts to the 10 most recently opened documents.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Maximum number of recent documents*
+-   GP Friendly name: *Maximum number of recent documents*
 -   GP name: *MaxRecentDocs*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -2789,32 +1987,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoBackButton**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2829,27 +2009,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Hide the Back button in the Open dialog box. This policy setting lets you remove new features added in Microsoft Windows 2000 Professional, so the Open dialog box appears as it did in Windows NT 4.0 and earlier. This policy setting affects only programs that use the standard Open dialog box provided to developers of Windows programs.
+Hide the Back button in the Open dialog box. This policy setting lets you remove new features added in Microsoft Windows 2000 Professional, so the Open dialog box appears as it did in Windows NT 4.0 and earlier. This policy setting affects only programs that use the standard Open dialog box provided to developers of Windows programs.
 
 If you enable this policy setting, the Back button is removed from the standard Open dialog box.
 
 If you disable or do not configure this policy setting, the Back button is displayed for any standard Open dialog box. To see an example of the standard Open dialog box, start Notepad and, on the File menu, click Open.
 
-> [!NOTE]
-> In Windows Vista, this policy  setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. Also, third-party applications with Windows 2000 or later certification to are required to adhere to this policy setting.
-
-
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide the common dialog back button*
+-   GP Friendly name: *Hide the common dialog back button*
 -   GP name: *NoBackButton*
 -   GP path: *Windows Components\File Explorer\Common Open File Dialog*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -2862,32 +2033,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoCDBurning**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2902,7 +2055,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.
+This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.
 
 If you enable this policy setting, all features in the File Explorer that allow you to use your CD writer are removed.
 
@@ -2912,16 +2065,11 @@ If you disable or do not configure this policy setting, users are able to use th
 > This policy setting does not prevent users from using third-party applications to create or modify CDs using a CD writer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove CD Burning features*
+-   GP Friendly name: *Remove CD Burning features*
 -   GP name: *NoCDBurning*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -2934,32 +2082,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoCacheThumbNailPictures**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2974,9 +2104,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off caching of thumbnail pictures.
+This policy setting allows you to turn off caching of thumbnail pictures.
 
-If you enable this policy setting, thumbnail views are not cached.
+If you enable this policy setting, thumbnail views aren't cached.
 
 If you disable or do not configure this policy setting, thumbnail views are cached.
 
@@ -2984,16 +2114,11 @@ If you disable or do not configure this policy setting, thumbnail views are cach
 > For shared corporate workstations or computers where security is a top concern, you should enable this policy setting to turn off the thumbnail view cache, because the thumbnail cache can be read by everyone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off caching of thumbnail pictures*
+-   GP Friendly name: *Turn off caching of thumbnail pictures*
 -   GP name: *NoCacheThumbNailPictures*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -3006,32 +2131,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoChangeAnimation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3046,7 +2153,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from enabling or disabling minor animations in the operating system for the movement of windows, menus, and lists.
+This policy setting allows you to prevent users from enabling or disabling minor animations in the operating system for the movement of windows, menus, and lists.
 
 If you enable this policy setting, the "Use transition effects for menus and tooltips" option in Display in Control Panel is disabled, and cannot be toggled by users.
 
@@ -3055,16 +2162,11 @@ Effects, such as animation, are designed to enhance the user's experience but mi
 If you disable or do not configure this policy setting, users are allowed to turn on or off these minor system animations using the "Use transition effects for menus and tooltips" option in Display in Control Panel.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove UI to change menu animation setting*
+-   GP Friendly name: *Remove UI to change menu animation setting*
 -   GP name: *NoChangeAnimation*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -3077,32 +2179,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3117,21 +2201,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Disables the "Hide keyboard navigation indicators until I use the ALT key" option in Display in Control Panel. When this Display Properties option is selected, the underlining that indicates a keyboard shortcut character (hot key) does not appear on menus until you press ALT.
+Disables the "Hide keyboard navigation indicators until I use the ALT key" option in Display in Control Panel. When this Display Properties option is selected, the underlining that indicates a keyboard shortcut character (hot key) does not appear on menus until you press ALT.
 
 Effects, such as transitory underlines, are designed to enhance the user's experience but might be confusing or distracting to some users.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove UI to change keyboard navigation indicator setting*
+-   GP Friendly name: *Remove UI to change keyboard navigation indicator setting*
 -   GP name: *NoChangeKeyboardNavigationIndicators*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -3144,32 +2223,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoDFSTab**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3184,23 +2245,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the DFS tab from File Explorer.
+This policy setting allows you to remove the DFS tab from File Explorer.
 
 If you enable this policy setting, the DFS (Distributed File System) tab is removed from File Explorer and from other programs that use the File Explorer browser, such as My Computer. As a result, users cannot use this tab to view or change the properties of the DFS shares available from their computer. This policy setting does not prevent users from using other methods to configure DFS.
 
 If you disable or do not configure this policy setting, the DFS tab is available.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove DFS tab*
+-   GP Friendly name: *Remove DFS tab*
 -   GP name: *NoDFSTab*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -3213,32 +2269,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoDrives**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3253,7 +2291,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide these specified drives in My Computer.
+This policy setting allows you to hide these specified drives in My Computer.
 
 This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also, the drive letters representing the selected drives do not appear in the standard Open dialog box.
 
@@ -3265,16 +2303,11 @@ If you enable this policy setting, select a drive or combination of drives in th
 If you disable or do not configure this policy setting, all drives are displayed, or select the "Do not restrict drives" option in the drop-down list. Also, see the "Prevent access to drives from My Computer" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide these specified drives in My Computer*
+-   GP Friendly name: *Hide these specified drives in My Computer*
 -   GP name: *NoDrives*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -3287,32 +2320,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoEntireNetwork**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3327,7 +2342,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes all computers outside of the user's workgroup or local domain from lists of network resources in File Explorer and Network Locations.
+Removes all computers outside of the user's workgroup or local domain from lists of network resources in File Explorer and Network Locations.
 
 If you enable this setting, the system removes the Entire Network option and the icons representing networked computers from Network Locations and from the browser associated with the Map Network Drive option.
 
@@ -3339,16 +2354,11 @@ To remove computers in the user's workgroup or domain from lists of network reso
 > It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *No Entire Network in Network Locations*
+-   GP Friendly name: *No Entire Network in Network Locations*
 -   GP name: *NoEntireNetwork*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -3361,32 +2371,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoFileMRU**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3401,7 +2393,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes the list of most recently used files from the Open dialog box.
+Removes the list of most recently used files from the Open dialog box.
 
 If you disable this setting or do not configure it, the "File name" field includes a drop-down list of recently used files. If you enable this setting, the "File name" field is a simple text box. Users must browse directories to find a file or type a file name in the text box.
 
@@ -3409,20 +2401,14 @@ This setting, and others in this folder, lets you remove new features added in W
 
 To see an example of the standard Open dialog box, start WordPad and, on the File menu, click Open.
 
-> [!NOTE]
-> In Windows Vista, this policy  setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
+
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide the dropdown list of recent files*
+-   GP Friendly name: *Hide the dropdown list of recent files*
 -   GP name: *NoFileMRU*
 -   GP path: *Windows Components\File Explorer\Common Open File Dialog*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -3435,32 +2421,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoFileMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3475,21 +2443,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes the File menu from My Computer and File Explorer.
+Removes the File menu from My Computer and File Explorer.
 
 This setting does not prevent users from using other methods to perform tasks available on the File menu.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove File menu from File Explorer*
+-   GP Friendly name: *Remove File menu from File Explorer*
 -   GP name: *NoFileMenu*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -3502,32 +2465,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoFolderOptions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3542,7 +2487,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer.
+This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer.
 
 Folder Options allows users to change the way files and folders open, what appears in the navigation pane, and other advanced view settings.
 
@@ -3551,16 +2496,11 @@ If you enable this policy setting, users will receive an error message if they t
 If you disable or do not configure this policy setting, users can open Folder Options from the View tab on the ribbon.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon*
+-   GP Friendly name: *Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon*
 -   GP name: *NoFolderOptions*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -3573,32 +2513,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoHardwareTab**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3613,19 +2535,14 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes the Hardware tab. This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio Devices in Control Panel. It also removes the Hardware tab from the Properties dialog box for all local drives, including hard drives, floppy disk drives, and CD-ROM drives. As a result, users cannot use the Hardware tab to view or change the device list or device properties, or use the Troubleshoot button to resolve problems with the device.
+Removes the Hardware tab. This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio Devices in Control Panel. It also removes the Hardware tab from the Properties dialog box for all local drives, including hard drives, floppy disk drives, and CD-ROM drives. As a result, users cannot use the Hardware tab to view or change the device list or device properties, or use the Troubleshoot button to resolve problems with the device.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Hardware tab*
+-   GP Friendly name: *Remove Hardware tab*
 -   GP name: *NoHardwareTab*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -3638,32 +2555,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoManageMyComputerVerb**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3678,26 +2577,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.
+Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.
 
 The Manage item opens Computer Management (Compmgmt.msc), a console tool that includes many of the primary Windows 2000 administrative tools, such as Event Viewer, Device Manager, and Disk Management. You must be an administrator to use many of the features of these tools.
 
 This setting does not remove the Computer Management item from the Start menu (Start, Programs, Administrative Tools, Computer Management), nor does it prevent users from using other methods to start Computer Management.
 
-> [!TIP]
+> [!NOTE]
 > To hide all context menus, use the "Remove File Explorer's default context menu" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hides the Manage item on the File Explorer context menu*
+-   GP Friendly name: *Hides the Manage item on the File Explorer context menu*
 -   GP name: *NoManageMyComputerVerb*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -3710,32 +2604,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoMyComputerSharedDocuments**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3750,26 +2626,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Shared Documents folder from My Computer. When a Windows client is in a workgroup, a Shared Documents icon appears in the File Explorer Web view under "Other Places" and also under "Files Stored on This Computer" in My Computer. Using this policy setting, you can choose not to have these items displayed.
+This policy setting allows you to remove the Shared Documents folder from My Computer. When a Windows client is in a workgroup, a Shared Documents icon appears in the File Explorer Web view under "Other Places" and also under "Files Stored on This Computer" in My Computer. Using this policy setting, you can choose not to have these items displayed.
 
 If you enable this policy setting, the Shared Documents folder is not displayed in the Web view or in My Computer.
 
 If you disable or do not configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup.
 
-> [!NOTE]
-> The ability to remove the Shared Documents folder via Group Policy is only available on Windows XP Professional.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Remove Shared Documents from My Computer*
+-   GP Friendly name: *Remove Shared Documents from My Computer*
 -   GP name: *NoMyComputerSharedDocuments*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -3782,32 +2650,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoNetConnectDisconnect**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3822,28 +2672,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from using File Explorer or Network Locations to map or disconnect network drives.
+Prevents users from using File Explorer or Network Locations to map or disconnect network drives.
 
 If you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appear when you right-click the File Explorer or Network Locations icons.
 
 This setting does not prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box.
 
 > [!NOTE]
-> This setting was documented incorrectly on the Explain tab in Group Policy for Windows 2000. The Explain tab states incorrectly that this setting prevents users from connecting and disconnecting drives.
+> This setting was documented incorrectly on the Explain tab in MDM Policy for Windows 2000. The Explain tab states incorrectly that this setting prevents users from connecting and disconnecting drives.
 >
 > It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove "Map Network Drive" and "Disconnect Network Drive"*
+-   GP Friendly name: *Remove "Map Network Drive" and "Disconnect Network Drive"*
 -   GP name: *NoNetConnectDisconnect*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -3856,32 +2701,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoNewAppAlert**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3896,21 +2723,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy removes the end-user notification for new application associations. These associations are based on file types (e.g. *.txt) or protocols (e.g. http:).
+This policy removes the end-user notification for new application associations. These associations are based on file types (e.g. *.txt) or protocols (e.g. http:).
 
-If this group policy is enabled, no notifications will be shown. If the group policy is not configured or disabled, notifications will be shown to the end user if a new application has been installed that can handle the file type or protocol association that was invoked.
+If this MDM Policy is enabled, no notifications will be shown. If the MDM Policy is not configured or disabled, notifications will be shown to the end user if a new application has been installed that can handle the file type or protocol association that was invoked.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not show the 'new application installed' notification*
+-   GP Friendly name: *Do not show the 'new application installed' notification*
 -   GP name: *NoNewAppAlert*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -3923,32 +2745,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoPlacesBar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3963,24 +2767,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes the shortcut bar from the Open dialog box. This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.
+Removes the shortcut bar from the Open dialog box. This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.
 
 To see an example of the standard Open dialog box, start WordPad and, on the File menu, click Open.
 
-> [!NOTE]
-> In Windows Vista, this policy  setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
-
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide the common dialog places bar*
+-   GP Friendly name: *Hide the common dialog places bar*
 -   GP name: *NoPlacesBar*
 -   GP path: *Windows Components\File Explorer\Common Open File Dialog*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -3993,32 +2789,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoRecycleFiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4033,23 +2811,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. When a file or folder is deleted in File Explorer, a copy of the file or folder is placed in the Recycle Bin. Using this setting, you can change this behavior.
+When a file or folder is deleted in File Explorer, a copy of the file or folder is placed in the Recycle Bin. Using this setting, you can change this behavior.
 
 If you enable this setting, files and folders that are deleted using File Explorer will not be placed in the Recycle Bin and will therefore be permanently deleted.
 
 If you disable or do not configure this setting, files and folders deleted using File Explorer will be placed in the Recycle Bin.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not move deleted files to the Recycle Bin*
+-   GP Friendly name: *Do not move deleted files to the Recycle Bin*
 -   GP name: *NoRecycleFiles*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -4062,32 +2835,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoRunAsInstallPrompt**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4102,27 +2857,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from submitting alternate logon credentials to install a program.
+Prevents users from submitting alternate logon credentials to install a program.
 
-This setting suppresses the "Install Program As Other User" dialog box for local and network installations. This dialog box, which prompts the current user for the user name and password of an administrator, appears when users who are not administrators try to install programs locally on their computers. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials.
+This setting suppresses the "Install Program As Other User" dialog box for local and network installations. This dialog box, which prompts the current user for the user name and password of an administrator, appears when users who aren't administrators try to install programs locally on their computers. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials.
 
 Many programs can be installed only by an administrator. If you enable this setting and a user does not have sufficient permissions to install a program, the installation continues with the current user's logon credentials. As a result, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly.
 
 If you disable this setting or do not configure it, the "Install Program As Other User" dialog box appears whenever users install programs locally on the computer.
 
-By default, users are not prompted for alternate logon credentials when installing programs from a network share. If enabled, this setting overrides the "Request credentials for network installations" setting.
+By default, users aren't prompted for alternate logon credentials when installing programs from a network share. If enabled, this setting overrides the "Request credentials for network installations" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not request alternate credentials*
+-   GP Friendly name: *Do not request alternate credentials*
 -   GP name: *NoRunAsInstallPrompt*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -4135,32 +2885,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoSearchInternetTryHarderButton**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4175,23 +2907,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy, the "Internet" "Search again" link will not be shown when the user performs a search in the Explorer window.
+If you enable this policy, the "Internet" "Search again" link will not be shown when the user performs a search in the Explorer window.
 
 If you disable this policy, there will be an "Internet" "Search again" link when the user performs a search in the Explorer window. This button launches a search in the default browser with the search terms.
 
 If you do not configure this policy (default), there will be an "Internet" link when the user performs a search in the Explorer window.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove the Search the Internet "Search again" link*
+-   GP Friendly name: *Remove the Search the Internet "Search again" link*
 -   GP name: *NoSearchInternetTryHarderButton*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -4204,32 +2931,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoSecurityTab**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4244,23 +2953,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes the Security tab from File Explorer.
+Removes the Security tab from File Explorer.
 
 If you enable this setting, users opening the Properties dialog box for all file system objects, including folders, files, shortcuts, and drives, will not be able to access the Security tab. As a result, users will be able to neither change the security settings nor view a list of all users that have access to the resource in question.
 
 If you disable or do not configure this setting, users will be able to access the security tab.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Security tab*
+-   GP Friendly name: *Remove Security tab*
 -   GP name: *NoSecurityTab*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -4273,32 +2977,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoShellSearchButton**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4313,23 +2999,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Search button from the File Explorer toolbar. If you enable this policy setting, the Search button is removed from the Standard Buttons toolbar that appears in File Explorer and other programs that use the File Explorer window, such as My Computer and Network Locations. Enabling this policy setting does not remove the Search button or affect any search features of Internet browser windows, such as the Internet Explorer window.
+This policy setting allows you to remove the Search button from the File Explorer toolbar. If you enable this policy setting, the Search button is removed from the Standard Buttons toolbar that appears in File Explorer and other programs that use the File Explorer window, such as My Computer and Network Locations. Enabling this policy setting does not remove the Search button or affect any search features of Internet browser windows, such as the Internet Explorer window.
 
 If you disable or do not configure this policy setting, the Search button is available from the File Explorer toolbar.
 
 This policy setting does not affect the Search items on the File Explorer context menu or on the Start menu. To remove Search from the Start menu, use the "Remove Search menu from Start menu" policy setting (in User Configuration\Administrative Templates\Start Menu and Taskbar). To hide all context menus, use the "Remove File Explorer's default context menu" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove Search button from File Explorer*
+-   GP Friendly name: *Remove Search button from File Explorer*
 -   GP name: *NoShellSearchButton*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -4342,32 +3023,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoStrCmpLogical**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4383,23 +3046,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order.
+This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order.
 
 If you enable this policy setting, File Explorer will sort file names by each digit in a file name (for example, 111 < 22 < 3).
 
 If you disable or do not configure this policy setting, File Explorer will sort file names by increasing number value (for example, 3 < 22 < 111).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off numerical sorting in File Explorer*
+-   GP Friendly name: *Turn off numerical sorting in File Explorer*
 -   GP name: *NoStrCmpLogical*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -4412,32 +3070,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoViewContextMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4452,21 +3092,16 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item.
+Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item.
 
 If you enable this setting, menus do not appear when you right-click the desktop or when you right-click the items in File Explorer. This setting does not prevent users from using other methods to issue commands available on the shortcut menus.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove File Explorer's default context menu*
+-   GP Friendly name: *Remove File Explorer's default context menu*
 -   GP name: *NoViewContextMenu*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -4479,32 +3114,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoViewOnDrive**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4519,7 +3136,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prevents users from using My Computer to gain access to the content of selected drives.
+Prevents users from using My Computer to gain access to the content of selected drives.
 
 If you enable this setting, users can browse the directory structure of the selected drives in My Computer or File Explorer, but they cannot open folders and access the contents (open the files in the folders or see the files in the folders). Also, they cannot use the Run dialog box or the Map Network Drive dialog box to view the directories on these drives.
 
@@ -4531,16 +3148,11 @@ To use this setting, select a drive or combination of drives from the drop-down
 > Also, this setting does not prevent users from using programs to access local and network drives. And, it does not prevent them from using the Disk Management snap-in to view and change drive characteristics. Also, see the "Hide these specified drives in My Computer" setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent access to drives from My Computer*
+-   GP Friendly name: *Prevent access to drives from My Computer*
 -   GP name: *NoViewOnDrive*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -4553,32 +3165,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoWindowsHotKeys**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4593,7 +3187,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Turn off Windows Key hotkeys. Keyboards with a Windows key provide users with shortcuts to common shell features. For example, pressing the keyboard sequence Windows+R opens the Run dialog box; pressing Windows+E starts File Explorer.
+Turn off Windows Key hotkeys. Keyboards with a Windows key provide users with shortcuts to common shell features. For example, pressing the keyboard sequence Windows+R opens the Run dialog box; pressing Windows+E starts File Explorer.
 
 By using this setting, you can disable these Windows Key hotkeys.
 
@@ -4602,16 +3196,11 @@ If you enable this setting, the Windows Key hotkeys are unavailable.
 If you disable or do not configure this setting, the Windows Key hotkeys are available.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Windows Key hotkeys*
+-   GP Friendly name: *Turn off Windows Key hotkeys*
 -   GP name: *NoWindowsHotKeys*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -4624,32 +3213,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/NoWorkgroupContents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4664,7 +3235,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove computers in the user's workgroup and domain from lists of network resources in File Explorer and Network Locations.
+This policy setting allows you to remove computers in the user's workgroup and domain from lists of network resources in File Explorer and Network Locations.
 
 If you enable this policy setting, the system removes the "Computers Near Me" option and the icons representing nearby computers from Network Locations. This policy setting also removes these icons from the Map Network Drive browser.
 
@@ -4675,16 +3246,11 @@ This policy setting does not prevent users from connecting to computers in their
 To remove network computers from lists of network resources, use the "No Entire Network in Network Locations" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *No Computers Near Me in Network Locations*
+-   GP Friendly name: *No Computers Near Me in Network Locations*
 -   GP name: *NoWorkgroupContents*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -4697,32 +3263,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/PlacesBar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4737,7 +3285,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Configures the list of items displayed in the Places Bar in the Windows File/Open dialog. If enable this setting you can specify from 1 to 5 items to be displayed in the Places Bar.
+Configures the list of items displayed in the Places Bar in the Windows File/Open dialog. If enable this setting you can specify from 1 to 5 items to be displayed in the Places Bar.
 
 The valid items you may display in the Places Bar are:
 
@@ -4753,20 +3301,13 @@ Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachment
 
 If you disable or do not configure this setting the default list of items will be displayed in the Places Bar.
 
-> [!NOTE]
-> In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Items displayed in Places Bar*
+-   GP Friendly name: *Items displayed in Places Bar*
 -   GP name: *PlacesBar*
 -   GP path: *Windows Components\File Explorer\Common Open File Dialog*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -4779,32 +3320,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/PromptRunasInstallNetPath**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4819,7 +3342,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Prompts users for alternate logon credentials during network-based installations.
+Prompts users for alternate logon credentials during network-based installations.
 
 This setting displays the "Install Program As Other User" dialog box even when a program is being installed from files on a network computer across a local area network connection.
 
@@ -4827,22 +3350,17 @@ If you disable this setting or do not configure it, this dialog box appears only
 
 The "Install Program as Other User" dialog box prompts the current user for the user name and password of an administrator. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials.
 
-If the dialog box does not appear, the installation proceeds with the current user's permissions. If these permissions are not sufficient, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly.
+If the dialog box does not appear, the installation proceeds with the current user's permissions. If these permissions aren't sufficient, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly.
 
 > [!NOTE]
-> If it is enabled, the "Do not request alternate credentials" setting takes precedence over this setting. When that setting is enabled, users are not prompted for alternate logon credentials on any installation.
+> If it is enabled, the "Do not request alternate credentials" setting takes precedence over this setting. When that setting is enabled, users aren't prompted for alternate logon credentials on any installation.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Request credentials for network installations*
+-   GP Friendly name: *Request credentials for network installations*
 -   GP name: *PromptRunasInstallNetPath*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -4855,32 +3373,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/RecycleBinSize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4895,7 +3395,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Limits the percentage of a volume's disk space that can be used to store deleted files.
+Limits the percentage of a volume's disk space that can be used to store deleted files.
 
 If you enable this setting, the user has a maximum amount of disk space that may be used for the Recycle Bin on their workstation.
 
@@ -4905,16 +3405,11 @@ If you disable or do not configure this setting, users can change the total amou
 > This setting is applied to all volumes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Maximum allowed Recycle Bin size*
+-   GP Friendly name: *Maximum allowed Recycle Bin size*
 -   GP name: *RecycleBinSize*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -4927,32 +3422,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4967,7 +3444,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.
+This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications aren't able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.
 
 If you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files.
 
@@ -4976,16 +3453,11 @@ If you disable this policy setting the protocol is in the protected mode, allowi
 If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off shell protocol protected mode*
+-   GP Friendly name: *Turn off shell protocol protected mode*
 -   GP name: *ShellProtocolProtectedModeTitle_1*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -4998,32 +3470,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5038,7 +3492,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.
+This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications aren't able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.
 
 If you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files.
 
@@ -5047,16 +3501,11 @@ If you disable this policy setting the protocol is in the protected mode, allowi
 If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off shell protocol protected mode*
+-   GP Friendly name: *Turn off shell protocol protected mode*
 -   GP name: *ShellProtocolProtectedModeTitle_2*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -5069,32 +3518,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/ShowHibernateOption**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5109,7 +3540,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Shows or hides hibernate from the power options menu.
+Shows or hides hibernate from the power options menu.
 
 If you enable this policy setting, the hibernate option will be shown in the Power Options menu (as long as it is supported by the machine's hardware).
 
@@ -5118,16 +3549,11 @@ If you disable this policy setting, the hibernate option will never be shown in
 If you do not configure this policy setting, users will be able to choose whether they want hibernate to show through the Power Options Control Panel.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Show hibernate in the power options menu*
+-   GP Friendly name: *Show hibernate in the power options menu*
 -   GP name: *ShowHibernateOption*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -5140,32 +3566,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/ShowSleepOption**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5180,7 +3588,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Shows or hides sleep from the power options menu.
+Shows or hides sleep from the power options menu.
 
 If you enable this policy setting, the sleep option will be shown in the Power Options menu (as long as it is supported by the machine's hardware).
 
@@ -5189,16 +3597,11 @@ If you disable this policy setting, the sleep option will never be shown in the
 If you do not configure this policy setting, users will be able to choose whether they want sleep to show through the Power Options Control Panel.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Show sleep in the power options menu*
+-   GP Friendly name: *Show sleep in the power options menu*
 -   GP name: *ShowSleepOption*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -5211,32 +3614,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/TryHarderPinnedLibrary**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5251,27 +3636,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows up to five Libraries or Search Connectors to be pinned to the "Search again" links and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. To add a Library or Search Connector link, specify the path of the .Library-ms or .searchConnector-ms file in the "Location" text box (for example, "C:\sampleLibrary.Library-ms" for the Documents library, or "C:\sampleSearchConnector.searchConnector-ms" for a Search Connector). The pinned link will only work if this path is valid and the location contains the specified .Library-ms or .searchConnector-ms file.
+This policy setting allows up to five Libraries or Search Connectors to be pinned to the "Search again" links and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. To add a Library or Search Connector link, specify the path of the .Library-ms or .searchConnector-ms file in the "Location" text box (for example, "C:\sampleLibrary.Library-ms" for the Documents library, or "C:\sampleSearchConnector.searchConnector-ms" for a Search Connector). The pinned link will only work if this path is valid and the location contains the specified .Library-ms or .searchConnector-ms file.
 
 You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.
 
-The first several links will also be pinned to the Start menu. A total of four links can be included on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via Group Policy. The "Search the Internet" link is pinned second, if it is pinned via Group Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Search Connectors/Libraries and pinned Internet/intranet search links. Search Connector/Library links take precedence over Internet/intranet search links.
+The first several links will also be pinned to the Start menu. A total of four links can be included on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via MDM Policy. The "Search the Internet" link is pinned second, if it is pinned via MDM Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" MDM Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Search Connectors/Libraries and pinned Internet/intranet search links. Search Connector/Library links take precedence over Internet/intranet search links.
 
 If you enable this policy setting, the specified Libraries or Search Connectors will appear in the "Search again" links and the Start menu links.
 
 If you disable or do not configure this policy setting, no Libraries or Search Connectors will appear in the "Search again" links or the Start menu links.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Pin Libraries or Search Connectors to the "Search again" links and the Start menu*
+-   GP Friendly name: *Pin Libraries or Search Connectors to the "Search again" links and the Start menu*
 -   GP name: *TryHarderPinnedLibrary*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -5284,32 +3664,14 @@ ADMX Info:
 **ADMX_WindowsExplorer/TryHarderPinnedOpenSearch**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5324,27 +3686,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search results in File Explorer and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, http://www.example.com/results.aspx?q={searchTerms}).
+This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search results in File Explorer and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, `https://www.example.com/results.aspx?q={searchTerms}`).
 
 You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.
 
-The first several links will also be pinned to the Start menu. A total of four links can be pinned on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via Group Policy. The "Search the Internet" link is pinned second, if it is pinned via Group Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Internet/intranet links and pinned Search Connectors/Libraries. Search Connector/Library links take precedence over Internet/intranet search links.
+The first several links will also be pinned to the Start menu. A total of four links can be pinned on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via MDM Policy. The "Search the Internet" link is pinned second, if it is pinned via MDM Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" MDM Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Internet/intranet links and pinned Search Connectors/Libraries. Search Connector/Library links take precedence over Internet/intranet search links.
 
 If you enable this policy setting, the specified Internet sites will appear in the "Search again" links and the Start menu links.
 
 If you disable or do not configure this policy setting, no custom Internet search sites will be added to the "Search again" links or the Start menu links.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Pin Internet search sites to the "Search again" links and the Start menu*
+-   GP Friendly name: *Pin Internet search sites to the "Search again" links and the Start menu*
 -   GP name: *TryHarderPinnedOpenSearch*
 -   GP path: *Windows Components\File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -5353,7 +3710,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md b/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md
deleted file mode 100644
index 66662cba51..0000000000
--- a/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md
+++ /dev/null
@@ -1,348 +0,0 @@
----
-title: Policy CSP - ADMX_WindowsFileProtection
-description: Policy CSP - ADMX_WindowsFileProtection
-ms.author: dansimp
-ms.localizationpriority: medium
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 01/03/2021
-ms.reviewer: 
-manager: dansimp
----
-
-# Policy CSP - ADMX_WindowsFileProtection
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
-
                  
-
-
-## ADMX_WindowsFileProtection policies  
-
-
                  
-  
                  
-    ADMX_WindowsFileProtection/WFPShowProgress
-  
                  
-  
                  
-    ADMX_WindowsFileProtection/WFPQuota
-  
                  
-  
                  
-    ADMX_WindowsFileProtection/WFPScan
-  
                  
-  
                  
-    ADMX_WindowsFileProtection/WFPDllCacheDir
-  
                  
-
                  
-
-
-
                  
-
-
-**ADMX_WindowsFileProtection/WFPShowProgress**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
-
-
-
                  
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Machine
-
-
                  
-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting hides the file scan progress window. This window provides status information to sophisticated users, but it might confuse the users.  
-
-- If you enable this policy setting, the file scan window does not appear during file scanning.  
-- If you disable or do not configure this policy setting, the file scan progress window appears.
-
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Hide the file scan progress window*
--   GP name: *WFPShowProgress*
--   GP path: *Windows File Protection!SfcShowProgress*
--   GP ADMX file name: *WindowsFileProtection.admx*
-
-
-
-
                  
-
-
-**ADMX_WindowsFileProtection/WFPQuota**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
-
-
-
                  
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Machine
-
-
                  
-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the maximum amount of disk space that can be used for the Windows File Protection file cache.  
-Windows File Protection adds protected files to the cache until the cache content reaches the quota. 
-If the quota is greater than 50 MB, Windows File Protection adds other important Windows XP files to the cache until the cache size reaches the quota.  
-
-- If you enable this policy setting, enter the maximum amount of disk space to be used (in MB). 
-To indicate that the cache size is unlimited, select "4294967295" as the maximum amount of disk space.  
-
-- If you disable this policy setting or do not configure it, the default value is set to 50 MB on Windows XP Professional and is unlimited (4294967295 MB) on Windows Server 2003.
-> [!NOTE]
-> Icon size is dependent upon what the user has set it to in the previous session.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Limit Windows File Protection cache size*
--   GP name: *WFPQuota*
--   GP path: *System\Windows File Protection*
--   GP ADMX file name: *WindowsFileProtection.admx*
-
-
-
-
                  
-
-
-**ADMX_WindowsFileProtection/WFPScan**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
-
-
-
                  
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Machine
-
-
                  
-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set when Windows File Protection scans protected files. 
-This policy setting directs Windows File Protection to enumerate and scan all system files for changes.  
-
-- If you enable this policy setting, select a rate from the "Scanning Frequency" box. 
-You can use this setting to direct Windows File Protection to scan files more often.  
---  "Do not scan during startup," the default, scans files only during setup.  
---  "Scan during startup" also scans files each time you start Windows XP. 
-This setting delays each startup. 
- 
-- If you disable or do not configure this policy setting, by default, files are scanned only during setup.  
-
-> [!NOTE]
-> This policy setting affects file scanning only. It does not affect the standard background file change detection that Windows File Protection provides.
-
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Set Windows File Protection scanning*
--   GP name: *WFPScan*
--   GP path: *System\Windows File Protection*
--   GP ADMX file name: *WindowsFileProtection.admx*
-
-
-
-
                  
-
-
-**ADMX_WindowsFileProtection/WFPDllCacheDir**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
-
-
-
                  
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Machine
-
-
                  
-
-
-
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies an alternate location for the Windows File Protection cache.
-
-- If you enable this policy setting, enter the fully qualified local path to the new location in the "Cache file path" box.
-- If you disable this setting or do not configure it, the Windows File Protection cache is located in the "%Systemroot%\System32\Dllcache directory". 
-
-> [!NOTE]
-> Do not add the cache on a network shared directory.
-
-
-> [!NOTE]
-> For Windows Vista, Windows Server 2008, and earlier versions of Windows, the module name, for example timedate.cpl or inetcpl.cpl, should be entered. If a Control Panel item does not have a CPL file, or the CPL file contains multiple applets, then its module name and string resource identification number should be entered. For example, enter @systemcpl.dll,-1 for System or @themecpl.dll,-1 for Personalization. A complete list of canonical and module names of Control Panel items can be found in MSDN by searching "Control Panel items".
-
-If both the "Hide specified Control Panel items" setting and the "Show only specified Control Panel items" setting are enabled, the "Show only specified Control Panel items" setting is ignored.
-
-> [!NOTE]
-> The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead.
->
-> To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:  
--   GP English name: *Specify Windows File Protection cache location*
--   GP name: *WFPDllCacheDir*
--   GP path: *System\Windows File Protection*
--   GP ADMX file name: *WindowsFileProtection.admx*
-
-
-
-
                  
-
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
-
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
index 301c276ef2..477a03bb2f 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/13/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_WindowsMediaDRM
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -34,32 +38,14 @@ manager: dansimp
 **ADMX_WindowsMediaDRM/DisableOnline**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,7 +60,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).
+This policy setting prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).
 
 When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades.
 
@@ -83,16 +69,11 @@ When this policy is enabled, programs are not able to acquire licenses for secur
 When this policy is either disabled or not configured, Windows Media DRM functions normally and will connect to the Internet (or intranet) to acquire licenses, download security upgrades, and perform license restoration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent Windows Media DRM Internet Access*
+-   GP Friendly name: *Prevent Windows Media DRM Internet Access*
 -   GP name: *DisableOnline*
 -   GP path: *Windows Components\Windows Media Digital Rights Management*
 -   GP ADMX file name: *WindowsMediaDRM.admx*
@@ -101,8 +82,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
index 86aa3334d8..c4325fa43a 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
@@ -6,15 +6,19 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/09/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_WindowsMediaPlayer
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -94,32 +98,14 @@ manager: dansimp
 **ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -134,7 +120,7 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the HTTP proxy settings for Windows Media Player.
+This policy setting allows you to specify the HTTP proxy settings for Windows Media Player.
 
 If you enable this policy setting, select one of the following proxy types:
 
@@ -144,25 +130,20 @@ If you enable this policy setting, select one of the following proxy types:
 
 If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified because no default settings are used for the proxy. The options are ignored if Autodetect or Browser is selected.
 
-The Configure button on the Network tab in the Player is not available for the HTTP protocol and the proxy cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden.
+The Configure button on the Network tab in the Player isn't available for the HTTP protocol and the proxy can't be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden.
 
-This policy is ignored if the "Streaming media protocols" policy setting is enabled and HTTP is not selected.
+This policy is ignored if the "Streaming media protocols" policy setting is enabled and HTTP isn't selected.
 
-If you disable this policy setting, the HTTP proxy server cannot be used and the user cannot configure the HTTP proxy.
+If you disable this policy setting, the HTTP proxy server can't be used and the user can't configure the HTTP proxy.
 
-If you do not configure this policy setting, users can configure the HTTP proxy settings.
+If you don't configure this policy setting, users can configure the HTTP proxy settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure HTTP Proxy*
+-   GP Friendly name: *Configure HTTP Proxy*
 -   GP name: *ConfigureHTTPProxySettings*
 -   GP path: *Windows Components\Windows Media Player\Networking*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -175,32 +156,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -215,7 +178,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the MMS proxy settings for Windows Media Player.
+This policy setting allows you to specify the MMS proxy settings for Windows Media Player.
 
 If you enable this policy setting, select one of the following proxy types:
 
@@ -224,25 +187,20 @@ If you enable this policy setting, select one of the following proxy types:
 
 If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetect is selected.
 
-The Configure button on the Network tab in the Player is not available and the protocol cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden.
+The Configure button on the Network tab in the Player isn't available and the protocol can't be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden.
 
-This policy setting is ignored if the "Streaming media protocols" policy setting is enabled and Multicast is not selected.
+This policy setting is ignored if the "Streaming media protocols" policy setting is enabled and Multicast isn't selected.
 
-If you disable this policy setting, the MMS proxy server cannot be used and users cannot configure the MMS proxy settings.
+If you disable this policy setting, the MMS proxy server can't be used and users can't configure the MMS proxy settings.
 
-If you do not configure this policy setting, users can configure the MMS proxy settings.
+If you don't configure this policy setting, users can configure the MMS proxy settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure MMS Proxy*
+-   GP Friendly name: *Configure MMS Proxy*
 -   GP name: *ConfigureMMSProxySettings*
 -   GP path: *Windows Components\Windows Media Player\Networking*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -255,32 +213,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/ConfigureRTSPProxySettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -295,7 +235,7 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the RTSP proxy settings for Windows Media Player.
+This policy setting allows you to specify the RTSP proxy settings for Windows Media Player.
 
 If you enable this policy setting, select one of the following proxy types:
 
@@ -304,23 +244,18 @@ If you enable this policy setting, select one of the following proxy types:
 
 If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetect is selected.
 
-The Configure button on the Network tab in the Player is not available and the protocol cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden.
+The Configure button on the Network tab in the Player isn't available and the protocol can't be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden.
 
-If you disable this policy setting, the RTSP proxy server cannot be used and users cannot change the RTSP proxy settings.
+If you disable this policy setting, the RTSP proxy server can't be used and users can't change the RTSP proxy settings.
 
-If you do not configure this policy setting, users can configure the RTSP proxy settings.
+If you don't configure this policy setting, users can configure the RTSP proxy settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure RTSP Proxy*
+-   GP Friendly name: *Configure RTSP Proxy*
 -   GP name: *ConfigureRTSPProxySettings*
 -   GP path: *Windows Components\Windows Media Player\Networking*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -333,32 +268,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/DisableAutoUpdate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -373,25 +290,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off do not show first use dialog boxes.
+This policy setting allows you to turn off do not show first use dialog boxes.
 
 If you enable this policy setting, the Privacy Options and Installation Options dialog boxes are prevented from being displayed the first time a user starts Windows Media Player.
 
-This policy setting prevents the dialog boxes which allow users to select privacy, file types, and other desktop options from being displayed when the Player is first started. Some of the options can be configured by using other Windows Media Player group policies.
+This policy setting prevents the dialog boxes that allow users to select privacy, file types, and other desktop options from being displayed when the Player is first started. Some of the options can be configured by using other Windows Media Player group policies.
 
-If you disable or do not configure this policy setting, the dialog boxes are displayed when the user starts the Player for the first time.
+If you disable or don't configure this policy setting, the dialog boxes are displayed when the user starts the Player for the first time.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent Automatic Updates*
+-   GP Friendly name: *Prevent Automatic Updates*
 -   GP name: *DisableAutoUpdate*
 -   GP path: *Windows Components\Windows Media Player*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -404,32 +316,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/DisableNetworkSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -444,23 +338,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide the Network tab.
+This policy setting allows you to hide the Network tab.
 
 If you enable this policy setting, the Network tab in Windows Media Player is hidden. The default network settings are used unless the user has previously defined network settings for the Player.
 
-If you disable or do not configure this policy setting, the Network tab appears and users can use it to configure network settings.
+If you disable or don't configure this policy setting, the Network tab appears and users can use it to configure network settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide Network Tab*
+-   GP Friendly name: *Hide Network Tab*
 -   GP name: *DisableNetworkSettings*
 -   GP path: *Windows Components\Windows Media Player\Networking*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -473,32 +362,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/DisableSetupFirstUseConfiguration**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -513,25 +384,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.
+This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.
 
-If you enable this policy setting, the anchor window is hidden when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available.
+If you enable this policy setting, the anchor window is hidden when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays isn't available.
 
-If you disable or do not configure this policy setting, users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player.
+If you disable or don't configure this policy setting, users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player.
 
-If you do not configure this policy setting, and the "Set and lock skin" policy setting is enabled, some options in the anchor window are not available.
+If you don't configure this policy setting, and the "Set and lock skin" policy setting is enabled, some options in the anchor window aren't available.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do Not Show First Use Dialog Boxes*
+-   GP Friendly name: *Do Not Show First Use Dialog Boxes*
 -   GP name: *DisableSetupFirstUseConfiguration*
 -   GP path: *Windows Components\Windows Media Player*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -544,32 +410,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/DoNotShowAnchor**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -584,25 +432,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the anchor window from being displayed when Windows Media Player is in skin mode.
+This policy setting prevents the anchor window from being displayed when Windows Media Player is in skin mode.
 
-This policy hides the anchor window when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available.
+This policy hides the anchor window when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays isn't available.
 
-When this policy is not configured or disabled, users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player.
+When this policy isn't configured or disabled, users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player.
 
-When this policy is not configured and the Set and Lock Skin policy is enabled, some options in the anchor window are not available.
+When this policy isn't configured and the Set and Lock Skin policy is enabled, some options in the anchor window aren't available.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do Not Show Anchor*
+-   GP Friendly name: *Do Not Show Anchor*
 -   GP name: *DoNotShowAnchor*
 -   GP path: *Windows Components\Windows Media Player\User Interface*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -615,32 +458,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/DontUseFrameInterpolation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -655,27 +480,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent video smoothing from occurring.
+This policy setting allows you to prevent video smoothing from occurring.
 
-If you enable this policy setting, video smoothing is prevented, which can improve video playback on computers with limited resources. In addition, the Use Video Smoothing check box in the Video Acceleration Settings dialog box in the Player is cleared and is not available.
+If you enable this policy setting, video smoothing is prevented, which can improve video playback on computers with limited resources. In addition, the Use Video Smoothing check box in the Video Acceleration Settings dialog box in the Player is cleared and isn't available.
 
-If you disable this policy setting, video smoothing occurs if necessary, and the Use Video Smoothing check box is selected and is not available.
+If you disable this policy setting, video smoothing occurs if necessary, and the Use Video Smoothing check box is selected and isn't available.
 
-If you do not configure this policy setting, video smoothing occurs if necessary. Users can change the setting for the Use Video Smoothing check box.
+If you don't configure this policy setting, video smoothing occurs if necessary. Users can change the setting for the Use Video Smoothing check box.
 
 Video smoothing is available only on the Windows XP Home Edition and Windows XP Professional operating systems.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent Video Smoothing*
+-   GP Friendly name: *Prevent Video Smoothing*
 -   GP name: *DontUseFrameInterpolation*
 -   GP path: *Windows Components\Windows Media Player*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -688,32 +508,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/EnableScreenSaver**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -728,25 +530,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows a screen saver to interrupt playback.
+This policy setting allows a screen saver to interrupt playback.
 
-If you enable this policy setting, a screen saver is displayed during playback of digital media according to the options selected on the Screen Saver tab in the Display Properties dialog box in Control Panel. The Allow screen saver during playback check box on the Player tab in the Player is selected and is not available.
+If you enable this policy setting, a screen saver is displayed during playback of digital media according to the options selected on the Screen Saver tab in the Display Properties dialog box in Control Panel. The Allow screen saver during playback check box on the Player tab in the Player is selected and isn't available.
 
-If you disable this policy setting, a screen saver does not interrupt playback even if users have selected a screen saver. The Allow screen saver during playback check box is cleared and is not available.
+If you disable this policy setting, a screen saver doesn't interrupt playback even if users have selected a screen saver. The Allow screen saver during playback check box is cleared and isn't available.
 
-If you do not configure this policy setting, users can change the setting for the Allow screen saver during playback check box.
+If you don't configure this policy setting, users can change the setting for the Allow screen saver during playback check box.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow Screen Saver*
+-   GP Friendly name: *Allow Screen Saver*
 -   GP name: *EnableScreenSaver*
 -   GP path: *Windows Components\Windows Media Player\Playback*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -759,32 +556,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/HidePrivacyTab**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -799,25 +578,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide the Privacy tab in Windows Media Player.
+This policy setting allows you to hide the Privacy tab in Windows Media Player.
 
 If you enable this policy setting, the "Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet" check box on the Media Library tab is available, even though the Privacy tab is hidden, unless the "Prevent music file media information retrieval" policy setting is enabled.
 
 The default privacy settings are used for the options on the Privacy tab unless the user changed the settings previously.
 
-If you disable or do not configure this policy setting, the Privacy tab is not hidden, and users can configure any privacy settings not configured by other polices.
+If you disable or don't configure this policy setting, the Privacy tab isn't hidden, and users can configure any privacy settings not configured by other policies.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent Automatic Updates*
+-   GP Friendly name: *Prevent Automatic Updates*
 -   GP name: *HidePrivacyTab*
 -   GP path: *Windows Components\Windows Media Player\User Interface*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -830,32 +604,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/HideSecurityTab**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -870,23 +626,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide the Security tab in Windows Media Player.
+This policy setting allows you to hide the Security tab in Windows Media Player.
 
 If you enable this policy setting, the default security settings for the options on the Security tab are used unless the user changed the settings previously. Users can still change security and zone settings by using Internet Explorer unless these settings have been hidden or disabled by Internet Explorer policies.
 
-If you disable or do not configure this policy setting, users can configure the security settings on the Security tab.
+If you disable or don't configure this policy setting, users can configure the security settings on the Security tab.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide Security Tab*
+-   GP Friendly name: *Hide Security Tab*
 -   GP name: *HideSecurityTab*
 -   GP path: *Windows Components\Windows Media Player\User Interface*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -899,32 +650,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/NetworkBuffering**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -939,28 +672,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether network buffering uses the default or a specified number of seconds.
+This policy setting allows you to specify whether network buffering uses the default or a specified number of seconds.
 
-If you enable this policy setting, select one of the following options to specify the number of seconds streaming media is buffered before it is played.
+If you enable this policy setting, select one of the following options to specify the number of seconds streaming media is buffered before it's played.
 
 - Custom: the number of seconds, up to 60, that streaming media is buffered.
 - Default: default network buffering is used and the number of seconds that is specified is ignored.
 
-The "Use default buffering" and "Buffer" options on the Performance tab in the Player are not available.
+The "Use default buffering" and "Buffer" options on the Performance tab in the Player aren't available.
 
-If you disable or do not configure this policy setting, users can change the buffering options on the Performance tab.
+If you disable or don't configure this policy setting, users can change the buffering options on the Performance tab.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Configure Network Buffering*
+-   GP Friendly name: *Configure Network Buffering*
 -   GP name: *NetworkBuffering*
 -   GP path: *Windows Components\Windows Media Player\Networking*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -973,32 +701,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/PolicyCodecUpdate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1013,25 +723,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent Windows Media Player from downloading codecs.
+This policy setting allows you to prevent Windows Media Player from downloading codecs.
 
-If you enable this policy setting, the Player is prevented from automatically downloading codecs to your computer. In addition, the Download codecs automatically check box on the Player tab in the Player is not available.
+If you enable this policy setting, the Player is prevented from automatically downloading codecs to your computer. In addition, the Download codecs automatically check box on the Player tab in the Player isn't available.
 
-If you disable this policy setting, codecs are automatically downloaded and the Download codecs automatically check box is not available.
+If you disable this policy setting, codecs are automatically downloaded and the Download codecs automatically check box isn't available.
 
-If you do not configure this policy setting, users can change the setting for the Download codecs automatically check box.
+If you don't configure this policy setting, users can change the setting for the Download codecs automatically check box.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent Codec Download*
+-   GP Friendly name: *Prevent Codec Download*
 -   GP name: *PolicyCodecUpdate*
 -   GP path: *Windows Components\Windows Media Player\Playback*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -1044,32 +749,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/PreventCDDVDMetadataRetrieval**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1084,23 +771,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.
+This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.
 
-If you enable this policy setting, the Player is prevented from automatically obtaining media information from the Internet for CDs and DVDs played by users. In addition, the Retrieve media information for CDs and DVDs from the Internet check box on the Privacy Options tab in the first use dialog box and on the Privacy tab in the Player are not selected and are not available.
+If you enable this policy setting, the Player is prevented from automatically obtaining media information from the Internet for CDs and DVDs played by users. In addition, the Retrieve media information for CDs and DVDs from the Internet check box on the Privacy Options tab in the first use dialog box and on the Privacy tab in the Player aren't selected and aren't available.
 
-If you disable or do not configure this policy setting, users can change the setting of the Retrieve media information for CDs and DVDs from the Internet check box.
+If you disable or don't configure this policy setting, users can change the setting of the Retrieve media information for CDs and DVDs from the Internet check box.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent CD and DVD Media Information Retrieval*
+-   GP Friendly name: *Prevent CD and DVD Media Information Retrieval*
 -   GP name: *PreventCDDVDMetadataRetrieval*
 -   GP path: *Windows Components\Windows Media Player*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -1113,32 +795,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/PreventLibrarySharing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1153,23 +817,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent media sharing from Windows Media Player.
+This policy setting allows you to prevent media sharing from Windows Media Player.
 
 If you enable this policy setting, any user on this computer is prevented from sharing digital media content from Windows Media Player with other computers and devices that are on the same network. Media sharing is disabled from Windows Media Player or from programs that depend on the Player's media sharing feature.
 
-If you disable or do not configure this policy setting, anyone using Windows Media Player can turn media sharing on or off.
+If you disable or don't configure this policy setting, anyone using Windows Media Player can turn media sharing on or off.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent Media Sharing*
+-   GP Friendly name: *Prevent Media Sharing*
 -   GP name: *PreventLibrarySharing*
 -   GP path: *Windows Components\Windows Media Player*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -1182,32 +841,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/PreventMusicFileMetadataRetrieval**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1222,23 +863,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent media information for music files from being retrieved from the Internet.
+This policy setting allows you to prevent media information for music files from being retrieved from the Internet.
 
-If you enable this policy setting, the Player is prevented from automatically obtaining media information for music files such as Windows Media Audio (WMA) and MP3 files from the Internet. In addition, the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box in the first use dialog box and on the Privacy and Media Library tabs in the Player are not selected and are not available.
+If you enable this policy setting, the Player is prevented from automatically obtaining media information for music files such as Windows Media Audio (WMA) and MP3 files from the Internet. In addition, the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box in the first use dialog box and on the Privacy and Media Library tabs in the Player aren't selected and aren't available.
 
-If you disable or do not configure this policy setting, users can change the setting of the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box.
+If you disable or don't configure this policy setting, users can change the setting of the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent Music File Media Information Retrieval*
+-   GP Friendly name: *Prevent Music File Media Information Retrieval*
 -   GP name: *PreventMusicFileMetadataRetrieval*
 -   GP path: *Windows Components\Windows Media Player*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -1251,32 +887,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/PreventQuickLaunchShortcut**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1291,23 +909,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar.
+This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar.
 
-If you enable this policy setting, the user cannot add the shortcut for the Player to the Quick Launch bar.
+If you enable this policy setting, the user can't add the shortcut for the Player to the Quick Launch bar.
 
-If you disable or do not configure this policy setting, the user can choose whether to add the shortcut for the Player to the Quick Launch bar.
+If you disable or don't configure this policy setting, the user can choose whether to add the shortcut for the Player to the Quick Launch bar.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent Quick Launch Toolbar Shortcut Creation*
+-   GP Friendly name: *Prevent Quick Launch Toolbar Shortcut Creation*
 -   GP name: *PreventQuickLaunchShortcut*
 -   GP path: *Windows Components\Windows Media Player*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -1320,32 +933,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/PreventRadioPresetsRetrieval**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1359,23 +954,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent radio station presets from being retrieved from the Internet.
+This policy setting allows you to prevent radio station presets from being retrieved from the Internet.
 
-If you enable this policy setting, the Player is prevented from automatically retrieving radio station presets from the Internet and displaying them in Media Library. In addition, presets that exist before the policy is configured are not be updated, and presets a user adds are not be displayed.
+If you enable this policy setting, the Player is prevented from automatically retrieving radio station presets from the Internet and displaying them in Media Library. In addition, presets that exist before the policy is configured aren't updated, and the presets that a user adds aren't displayed.
 
-If you disable or do not configure this policy setting, the Player automatically retrieves radio station presets from the Internet.
+If you disable or don't configure this policy setting, the Player automatically retrieves radio station presets from the Internet.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *PPrevent Radio Station Preset Retrieval*
+-   GP Friendly name: *PPrevent Radio Station Preset Retrieval*
 -   GP name: *PreventRadioPresetsRetrieval*
 -   GP path: *Windows Components\Windows Media Player*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -1388,32 +978,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1428,23 +1000,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop.
+This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop.
 
-If you enable this policy setting, users cannot add the Player shortcut icon to their desktops.
+If you enable this policy setting, users can't add the Player shortcut icon to their desktops.
 
-If you disable or do not configure this policy setting, users can choose whether to add the Player shortcut icon to their desktops.
+If you disable or don't configure this policy setting, users can choose whether to add the Player shortcut icon to their desktops.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent Desktop Shortcut Creation*
+-   GP Friendly name: *Prevent Desktop Shortcut Creation*
 -   GP name: *PreventWMPDeskTopShortcut*
 -   GP path: *Windows Components\Windows Media Player*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -1457,32 +1024,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/SkinLockDown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1497,27 +1046,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set and lock Windows Media Player in skin mode, using a specified skin.
+This policy setting allows you to set and lock Windows Media Player in skin mode, using a specified skin.
 
 If you enable this policy setting, the Player displays only in skin mode using the skin specified in the Skin box on the Setting tab.
 
-You must use the complete file name for the skin (for example, skin_name.wmz), and the skin must be installed in the %programfiles%\Windows Media Player\Skins Folder on a user's computer. If the skin is not installed on a user's computer, or if the Skin box is blank, the Player opens by using the Corporate skin. The only way to specify the Corporate skin is to leave the Skin box blank.
+You must use the complete file name for the skin (for example, skin_name.wmz), and the skin must be installed in the %programfiles%\Windows Media Player\Skins Folder on a user's computer. If the skin isn't installed on a user's computer, or if the Skin box is blank, the Player opens by using the Corporate skin. The only way to specify the Corporate skin is to leave the Skin box blank.
 
-A user has access only to the Player features that are available with the specified skin. Users cannot switch the Player to full mode and cannot choose a different skin.
+A user has access only to the Player features that are available with the specified skin. Users can't switch the Player to full mode and can't choose a different skin.
 
-If you disable or do not configure this policy setting, users can display the Player in full or skin mode and have access to all available features of the Player.
+If you disable or don't configure this policy setting, users can display the Player in full or skin mode and have access to all available features of the Player.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set and Lock Skin*
+-   GP Friendly name: *Set and Lock Skin*
 -   GP name: *SkinLockDown*
 -   GP path: *Windows Components\Windows Media Player\User Interface*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -1530,32 +1074,14 @@ ADMX Info:
 **ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1570,27 +1096,22 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify that Windows Media Player can attempt to use selected protocols when receiving streaming media from a server running Windows Media Services.
+This policy setting allows you to specify that Windows Media Player can attempt to use selected protocols when receiving streaming media from a server running Windows Media Services.
 
-If you enable this policy setting, the protocols that are selected on the Network tab of the Player are used to receive a stream initiated through an MMS or RTSP URL from a Windows Media server. If the RSTP/UDP check box is selected, a user can specify UDP ports in the Use ports check box. If the user does not specify UDP ports, the Player uses default ports when using the UDP protocol. This policy setting also specifies that multicast streams can be received if the "Allow the Player to receive multicast streams" check box on the Network tab is selected.
+If you enable this policy setting, the protocols that are selected on the Network tab of the Player are used to receive a stream initiated through an MMS or RTSP URL from a Windows Media server. If the RSTP/UDP check box is selected, a user can specify UDP ports in the Use ports check box. If the user doesn't specify UDP ports, the Player uses default ports when using the UDP protocol. This policy setting also specifies that multicast streams can be received if the "Allow the Player to receive multicast streams" check box on the Network tab is selected.
 
-If you enable this policy setting, the administrator must also specify the protocols that are available to users on the Network tab. If the administrator does not specify any protocols, the Player cannot access an MMS or RTSP URL from a Windows Media server. If the "Hide network tab" policy setting is enabled, the entire Network tab is hidden.
+If you enable this policy setting, the administrator must also specify the protocols that are available to users on the Network tab. If the administrator doesn't specify any protocols, the Player can't access an MMS or RTSP URL from a Windows Media server. If the "Hide network tab" policy setting is enabled, the entire Network tab is hidden.
 
-If you do not configure this policy setting, users can select the protocols to use on the Network tab.
+If you don't configure this policy setting, users can select the protocols to use on the Network tab.
 
-If you disable this policy setting, the Protocols for MMS URLs and Multicast streams areas of the Network tab are not available and the Player cannot receive an MMS or RTSP stream from a Windows Media server.
+If you disable this policy setting, the Protocols for MMS URLs and Multicast streams areas of the Network tab aren't available and the Player can't receive an MMS or RTSP stream from a Windows Media server.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Streaming Media Protocols*
+-   GP Friendly name: *Streaming Media Protocols*
 -   GP name: *WindowsStreamingMediaProtocols*
 -   GP path: *Windows Components\Windows Media Player\Networking*
 -   GP ADMX file name: *WindowsMediaPlayer.admx*
@@ -1599,8 +1120,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
index 89752639b2..1d922a36c6 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/16/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_WindowsRemoteManagement
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
                  
 
@@ -37,32 +42,15 @@ manager: dansimp
 **ADMX_WindowsRemoteManagement/DisallowKerberos_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -77,21 +65,16 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network.
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network.
 
 If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network.  If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Disallow Kerberos authentication*
+-   GP Friendly name: *Disallow Kerberos authentication*
 -   GP name: *DisallowKerberos_1*
 -   GP path: *Windows Components\Windows Remote Management (WinRM)\WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -105,32 +88,15 @@ ADMX Info:
 **ADMX_WindowsRemoteManagement/DisallowKerberos_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -145,23 +111,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.
 
 If you enable this policy setting, the Windows Remote Management (WinRM) client does not use Kerberos authentication directly. Kerberos can still be used if the WinRM client is using the Negotiate authentication and Kerberos is selected.
 
 If you disable or do not configure this policy setting, the WinRM client uses the Kerberos authentication directly.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Disallow Kerberos authentication*
+-   GP Friendly name: *Disallow Kerberos authentication*
 -   GP name: *DisallowKerberos_2*
 -   GP path: *Windows Components\Windows Remote Management (WinRM)\WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -170,7 +131,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
index ce460a7d15..c1c177297f 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
@@ -6,15 +6,22 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/26/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_WindowsStore
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+
 
 
                  
 
@@ -46,32 +53,14 @@ manager: dansimp
 **ADMX_WindowsStore/DisableAutoDownloadWin8**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -86,23 +75,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the automatic download of app updates on PCs running Windows 8.
+This policy setting enables or disables the automatic download of app updates on PCs running Windows 8.
 
 If you enable this setting, the automatic download of app updates is turned off.  If you disable this setting, the automatic download of app updates is turned on.
 
 If you don't configure this setting, the automatic download of app updates is determined by a registry setting that the user can change using Settings in the Windows Store.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Automatic Download of updates on Win8 machines*
+-   GP Friendly name: *Turn off Automatic Download of updates on Win8 machines*
 -   GP name: *DisableAutoDownloadWin8*
 -   GP path: *Windows Components\Store*
 -   GP ADMX file name: *WindowsStore.admx*
@@ -117,32 +101,15 @@ ADMX Info:
 **ADMX_WindowsStore/DisableOSUpgrade_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -157,23 +124,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+This policy setting enables or disables the Store offer to update to the latest version of Windows.
 
 If you enable this setting, the Store application will not offer updates to the latest version of Windows.
 
 If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off the offer to update to the latest version of Windows*
+-   GP Friendly name: *Turn off the offer to update to the latest version of Windows*
 -   GP name: *DisableOSUpgrade_1*
 -   GP path: *Windows Components\Store*
 -   GP ADMX file name: *WindowsStore.admx*
@@ -188,32 +150,15 @@ ADMX Info:
 **ADMX_WindowsStore/DisableOSUpgrade_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -228,30 +173,25 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+This policy setting enables or disables the Store offer to update to the latest version of Windows.
 
 If you enable this setting, the Store application will not offer updates to the latest version of Windows.
 
 If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off the offer to update to the latest version of Windows*
+-   GP Friendly name: *Turn off the offer to update to the latest version of Windows*
 -   GP name: *DisableOSUpgrade_2*
 -   GP path: *Windows Components\Store*
 -   GP ADMX file name: *WindowsStore.admx*
 
 
 
-
                  
+
 
 
                  
 
@@ -259,32 +199,15 @@ ADMX Info:
 **ADMX_WindowsStore/RemoveWindowsStore_1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -299,23 +222,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies or allows access to the Store application.
+This policy setting denies or allows access to the Store application.
 
 If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
 
 If you disable or don't configure this setting, access to the Store application is allowed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off the Store application*
+-   GP Friendly name: *Turn off the Store application*
 -   GP name: *RemoveWindowsStore_1*
 -   GP path: *Windows Components\Store*
 -   GP ADMX file name: *WindowsStore.admx*
@@ -330,32 +248,15 @@ ADMX Info:
 **ADMX_WindowsStore/RemoveWindowsStore_2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -370,23 +271,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies or allows access to the Store application.
+This policy setting denies or allows access to the Store application.
 
 If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
 
 If you disable or don't configure this setting, access to the Store application is allowed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off the Store application*
+-   GP Friendly name: *Turn off the Store application*
 -   GP name: *RemoveWindowsStore_2*
 -   GP path: *Windows Components\Store*
 -   GP ADMX file name: *WindowsStore.admx*
@@ -395,6 +291,5 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md
index 29981fc6c6..452cf045a2 100644
--- a/windows/client-management/mdm/policy-csp-admx-wininit.md
+++ b/windows/client-management/mdm/policy-csp-admx-wininit.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/29/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_WinInit
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
                  
 
@@ -40,32 +45,15 @@ manager: dansimp
 **ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -80,23 +68,18 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.
+This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shut down this system from a remote Windows XP or Windows Server 2003 system.
 
-If you enable this policy setting, the system does not create the named pipe remote shutdown interface.
+If you enable this policy setting, the system doesn't create the named pipe remote shutdown interface.
 
-If you disable or do not configure this policy setting, the system creates the named pipe remote shutdown interface.
+If you disable or don't configure this policy setting, the system creates the named pipe remote shutdown interface.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off legacy remote shutdown interface*
+-   GP Friendly name: *Turn off legacy remote shutdown interface*
 -   GP name: *DisableNamedPipeShutdownPolicyDescription*
 -   GP path: *Windows Components\Shutdown Options*
 -   GP ADMX file name: *WinInit.admx*
@@ -109,32 +92,15 @@ ADMX Info:
 **ADMX_WinInit/Hiberboot**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -149,23 +115,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the use of fast startup.  
+This policy setting controls the use of fast startup.  
 
 If you enable this policy setting, the system requires hibernate to be enabled.
 
-If you disable or do not configure this policy setting, the local setting is used.
+If you disable or don't configure this policy setting, the local setting is used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Require use of fast startup*
+-   GP Friendly name: *Require use of fast startup*
 -   GP name: *Hiberboot*
 -   GP path: *System\Shutdown*
 -   GP ADMX file name: *WinInit.admx*
@@ -178,32 +139,15 @@ ADMX Info:
 **ADMX_WinInit/ShutdownTimeoutHungSessionsDescription**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -218,23 +162,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.
+This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.
 
 If you enable this policy setting, the system waits for the hung logon sessions for the number of minutes specified.
 
-If you disable or do not configure this policy setting, the default timeout value is 3 minutes for workstations and 15 minutes for servers.
+If you disable or don't configure this policy setting, the default timeout value is 3 minutes for workstations and 15 minutes for servers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Timeout for hung logon sessions during shutdown*
+-   GP Friendly name: *Timeout for hung logon sessions during shutdown*
 -   GP name: *ShutdownTimeoutHungSessionsDescription*
 -   GP path: *Windows Components\Shutdown Options*
 -   GP ADMX file name: *WinInit.admx*
@@ -243,8 +182,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md
index 1867096ce5..f21fb8b148 100644
--- a/windows/client-management/mdm/policy-csp-admx-winlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/09/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_WinLogon
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
                  
 
@@ -49,32 +54,15 @@ manager: dansimp
 **ADMX_WinLogon/CustomShell**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -89,26 +77,21 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. Specifies an alternate user interface.  The Explorer program (%windir%\explorer.exe) creates the familiar Windows interface, but you can use this setting to specify an alternate interface.
+Specifies an alternate user interface.  The Explorer program (%windir%\explorer.exe) creates the familiar Windows interface, but you can use this setting to specify an alternate interface.
 
-If you enable this setting, the system starts the interface you specify instead of Explorer.exe.  To use this setting, copy your interface program to a network share or to your system drive. Then, enable this setting, and type the name of the interface program, including the file name extension, in the Shell name text box. If the interface program file is not located in a folder specified in the Path environment variable for your system, enter the fully qualified path to the file.
+If you enable this setting, the system starts the interface you specify instead of Explorer.exe.  To use this setting, copy your interface program to a network share or to your system drive. Then, enable this setting, and type the name of the interface program, including the file name extension, in the Shell name text box. If the interface program file isn't located in a folder specified in the Path environment variable for your system, enter the fully qualified path to the file.
 
-If you disable this setting or do not configure it, the setting is ignored and the system displays the Explorer interface.
+If you disable this setting or don't configure it, the setting is ignored and the system displays the Explorer interface.
 
 > [!TIP]
 > To find the folders indicated by the Path environment variable, click System Properties in Control Panel, click the Advanced tab, click the Environment Variables button, and then, in the System variables box, click Path.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Custom User Interface*
+-   GP Friendly name: *Custom User Interface*
 -   GP name: *CustomShell*
 -   GP path: *System*
 -   GP ADMX file name: *WinLogon.admx*
@@ -121,32 +104,15 @@ ADMX Info:
 **ADMX_WinLogon/DisplayLastLogonInfoDescription**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -161,25 +127,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.
+This policy setting controls whether or not the system displays information about previous sign-ins and sign-in failures to the user.
 
-For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level, if you enable this setting, a message appears after the user logs on that displays the date and time of the last successful logon by that user, the date and time of the last unsuccessful logon attempted with that user name, and the number of unsuccessful logons since the last successful logon by that user. This message must be acknowledged by the user before the user is presented with the Microsoft Windows desktop.
+For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level, if you enable this setting, a message appears after the user logs on that displays the date and time of the last successful sign in by that user, the date and time of the last unsuccessful sign in attempted with that user name, and the number of unsuccessful logons since the last successful sign in by that user. This message must be acknowledged by the user before the user is presented with the Microsoft Windows desktop.
 
-For domain user accounts in Windows Server 2003, Windows 2000 native, or Windows 2000 mixed functional level domains, if you enable this setting, a warning message will appear that Windows could not retrieve the information and the user will not be able to log on. Therefore, you should not enable this policy setting if the domain is not at the Windows Server 2008 domain functional level.
+For domain user accounts in Windows Server 2003, Windows 2000 native, or Windows 2000 mixed functional level domains, if you enable this setting, a warning message will appear that Windows couldn't retrieve the information and the user won't be able to sign in. Therefore, you shouldn't enable this policy setting if the domain isn't at the Windows Server 2008 domain functional level.
 
-If you disable or do not configure this setting, messages about the previous logon or logon failures are not displayed.
+If you disable or don't configure this setting, messages about the previous sign in or sign-in failures aren't displayed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Display information about previous logons during user logon*
+-   GP Friendly name: *Display information about previous logons during user logon*
 -   GP name: *DisplayLastLogonInfoDescription*
 -   GP path: *Windows Components\Windows Logon Options*
 -   GP ADMX file name: *WinLogon.admx*
@@ -193,32 +154,15 @@ ADMX Info:
 **ADMX_WinLogon/LogonHoursNotificationPolicyDescription**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -233,26 +177,21 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default, a user is notified before logon hours expire, if actions have been set to occur when the logon hours expire.
+This policy controls whether the signed-in user should be notified when their sign-in hours are about to expire. By default, a user is notified before sign-in hours expire, if actions have been set to occur when the sign-in hours expire.
 
-If you enable this setting, warnings are not displayed to the user before the logon hours expire.
+If you enable this setting, warnings aren't displayed to the user before the sign-in hours expire.
 
-If you disable or do not configure this setting, users receive warnings before the logon hours expire, if actions have been set to occur when the logon hours expire.
+If you disable or don't configure this setting, users receive warnings before the sign-in hours expire, if actions have been set to occur when the sign-in hours expire.
 
 > [!NOTE]
 > If you configure this setting, you might want to examine and appropriately configure the “Set action to take when logon hours expire” setting. If “Set action to take when logon hours expire” is disabled or not configured, the “Remove logon hours expiration warnings” setting will have no effect, and users receive no warnings about logon hour expiration
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remove logon hours expiration warnings*
+-   GP Friendly name: *Remove logon hours expiration warnings*
 -   GP name: *LogonHoursNotificationPolicyDescription*
 -   GP path: *Windows Components\Windows Logon Options*
 -   GP ADMX file name: *WinLogon.admx*
@@ -265,32 +204,15 @@ ADMX Info:
 **ADMX_WinLogon/LogonHoursPolicyDescription**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -305,28 +227,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the workstation, disconnect the user, or log the user off completely.
+This policy controls which action will be taken when the sign-in hours expire for the logged on user. The actions include lock the workstation, disconnect the user, or log the user off completely.
 
-If you choose to lock or disconnect a session, the user cannot unlock the session or reconnect except during permitted logon hours.
+If you choose to lock or disconnect a session, the user can't unlock the session or reconnect except during permitted sign-in hours.
 
-If you choose to log off a user, the user cannot log on again except during permitted logon hours. If you choose to log off a user, the user might lose unsaved data.  If you enable this setting, the system will perform the action you specify when the user’s logon hours expire.
+If you choose to sign out a user, the user can't sign in again except during permitted sign-in hours. If you choose to sign out a user, the user might lose unsaved data.  If you enable this setting, the system will perform the action you specify when the user’s sign-in hours expire.
 
-If you disable or do not configure this setting, the system takes no action when the user’s logon hours expire. The user can continue the existing session, but cannot log on to a new session.
+If you disable or don't configure this setting, the system takes no action when the user’s sign-in hours expire. The user can continue the existing session, but can't sign in to a new session.
 
 > [!NOTE]
 > If you configure this setting, you might want to examine and appropriately configure the “Remove logon hours expiration warnings” setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set action to take when logon hours expire*
+-   GP Friendly name: *Set action to take when logon hours expire*
 -   GP name: *LogonHoursPolicyDescription*
 -   GP path: *Windows Components\Windows Logon Options*
 -   GP ADMX file name: *WinLogon.admx*
@@ -339,32 +256,15 @@ ADMX Info:
 **ADMX_WinLogon/ReportCachedLogonPolicyDescription**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -380,23 +280,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and he has been logged on using previously stored account information.
+This policy controls whether the signed-in user should be notified if the sign-in server couldn't be contacted during sign in and if they've been signed in using previously stored account information.
 
 If enabled, a notification popup will be displayed to the user when the user logs on with cached credentials.
 
 If disabled or not configured, no popup will be displayed to the user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Report when logon server was not available during user logon*
+-   GP Friendly name: *Report when logon server was not available during user logon*
 -   GP name: *ReportCachedLogonPolicyDescription*
 -   GP path: *Windows Components\Windows Logon Options*
 -   GP ADMX file name: *WinLogon.admx*
@@ -409,32 +304,15 @@ ADMX Info:
 **ADMX_WinLogon/SoftwareSASGeneration**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -449,28 +327,23 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS).
+This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS).
 
 If you enable this policy setting, you have one of four options:  
 
-- If you set this policy setting to "None," user mode software cannot simulate the SAS.
+- If you set this policy setting to "None," user mode software can't simulate the SAS.
 - If you set this policy setting to "Services," services can simulate the SAS.
 - If you set this policy setting to "Ease of Access applications," Ease of Access applications can simulate the SAS.
 - If you set this policy setting to "Services and Ease of Access applications," both services and Ease of Access applications can simulate the SAS.
 
-If you disable or do not configure this setting, only Ease of Access applications running on the secure desktop can simulate the SAS.
+If you disable or don't configure this setting, only Ease of Access applications running on the secure desktop can simulate the SAS.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Disable or enable software Secure Attention Sequence*
+-   GP Friendly name: *Disable or enable software Secure Attention Sequence*
 -   GP name: *SoftwareSASGeneration*
 -   GP path: *Windows Components\Windows Logon Options*
 -   GP ADMX file name: *WinLogon.admx*
@@ -479,7 +352,6 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md
index afef9cf403..1b02e8ef54 100644
--- a/windows/client-management/mdm/policy-csp-admx-winsrv.md
+++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 02/25/2021
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_Winsrv
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
                  
 
@@ -34,32 +39,15 @@ manager: dansimp
 **ADMX_Winsrv/AllowBlockingAppsAtShutdown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -74,27 +62,22 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Windows will allow console applications and GUI applications without visible top-level windows to block or cancel shutdown.
+This policy setting specifies whether Windows will allow console applications and GUI applications without visible top-level windows to block or cancel shutdown.
 
 By default, such applications are automatically terminated if they attempt to cancel shutdown or block it indefinitely.
 
-- If you enable this setting, console applications or GUI applications without visible top-level windows that block or cancel shutdown will not be automatically terminated during shutdown.
-- If you disable or do not configure this setting, these applications will be automatically terminated during shutdown, helping to ensure that windows can shut down faster and more smoothly.
+- If you enable this setting, console applications or GUI applications without visible top-level windows that block or cancel shutdown won't be automatically terminated during shutdown.
+- If you disable or don't configure this setting, these applications will be automatically terminated during shutdown, helping to ensure that windows can shut down faster and more smoothly.
 
 > [!NOTE]
 > This policy setting applies to all sites in Trusted zones.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off automatic termination of applications that block or cancel shutdown*
+-   GP Friendly name: *Turn off automatic termination of applications that block or cancel shutdown*
 -   GP name: *AllowBlockingAppsAtShutdown*
 -   GP path: *System\Shutdown Options*
 -   GP ADMX file name: *Winsrv.admx*
@@ -103,8 +86,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
index 8dc6686b17..588277efab 100644
--- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/27/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_wlansvc
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
                  
 
@@ -40,32 +45,14 @@ manager: dansimp
 **ADMX_wlansvc/SetCost**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -80,25 +67,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the cost of Wireless LAN (WLAN) connections on the local machine.
+This policy setting configures the cost of Wireless LAN (WLAN) connections on the local machine.
 
 If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all WLAN connections on the local machine:
 
 - Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.
-- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.  
-- Variable: This connection is costed on a per byte basis.  If this policy setting is disabled or is not configured, the cost of Wireless LAN connections is Unrestricted by default.
+- Fixed: Use of this connection isn't restricted by usage charges and capacity constraints up to a certain data limit.  
+- Variable: This connection is costed on a per byte basis.  If this policy setting is disabled or isn't configured, the cost of Wireless LAN connections is Unrestricted by default.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set Cost*
+-   GP Friendly name: *Set Cost*
 -   GP name: *IncludeCmdLine*
 -   GP path: *Network\WLAN Service\WLAN Media Cost*
 -   GP ADMX file name: *wlansvc.admx*
@@ -111,32 +93,14 @@ ADMX Info:
 **ADMX_wlansvc/SetPINEnforced**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -151,23 +115,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy applies to Wireless Display connections. This policy means that the use of a PIN for pairing to Wireless Display devices is required rather than optional.
+This policy applies to Wireless Display connections. This policy means that the use of a PIN for pairing to Wireless Display devices is required rather than optional.
 
 Conversely it means that Push Button is NOT allowed.
 
-If this policy setting is disabled or is not configured, by default Push Button pairing is allowed (but not necessarily preferred).
+If this policy setting is disabled or isn't configured, by default Push Button pairing is allowed (but not necessarily preferred).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Require PIN pairing*
+-   GP Friendly name: *Require PIN pairing*
 -   GP name: *SetPINEnforced*
 -   GP path: *Network\Wireless Display*
 -   GP ADMX file name: *wlansvc.admx*
@@ -180,32 +139,14 @@ ADMX Info:
 **ADMX_wlansvc/SetPINPreferred**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -220,23 +161,18 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy applies to Wireless Display connections. This policy changes the preference order of the pairing methods.
+This policy applies to Wireless Display connections. This policy changes the preference order of the pairing methods.
 
 When enabled, it makes the connections to prefer a PIN for pairing to Wireless Display devices over the Push Button pairing method.
 
-If this policy setting is disabled or is not configured, by default Push Button pairing is preferred (if allowed by other policies).
+If this policy setting is disabled or isn't configured, by default Push Button pairing is preferred (if allowed by other policies).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prefer PIN pairing*
+-   GP Friendly name: *Prefer PIN pairing*
 -   GP name: *SetPINPreferred*
 -   GP path: *Network\Wireless Display*
 -   GP ADMX file name: *wlansvc.admx*
@@ -245,8 +181,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-admx-wordwheel.md b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
new file mode 100644
index 0000000000..45948daa4a
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
@@ -0,0 +1,85 @@
+---
+title: Policy CSP - ADMX_WordWheel
+description: Policy CSP - ADMX_WordWheel
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/22/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WordWheel
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_WordWheel policies  
+
+
                  
+  
                  
+    ADMX_WordWheel/CustomSearch
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_WordWheel/CustomSearch**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+Set up the menu name and URL for the custom Internet search provider.  
+
+- If you enable this setting, the specified menu name and URL will be used for Internet searches.  
+- If you disable or not configure this setting, the default Internet search provider will be used.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Custom Instant Search Internet search provider*
+-   GP name: *CustomSearch*
+-   GP path: *Windows Components\Instant Search*
+-   GP ADMX file name: *WordWheel.admx*
+
+
+
+
                  
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
new file mode 100644
index 0000000000..2b291fdd5f
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
@@ -0,0 +1,192 @@
+---
+title: Policy CSP - ADMX_WorkFoldersClient
+description: Policy CSP - ADMX_WorkFoldersClient
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/22/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WorkFoldersClient
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+## ADMX_WorkFoldersClient policies  
+
+
                  
+  
                  
+    ADMX_WorkFoldersClient/Pol_UserEnableTokenBroker
+  
                  
+  
                  
+    ADMX_WorkFoldersClient/Pol_UserEnableWorkFolders
+  
                  
+  
                  
+    ADMX_WorkFoldersClient/Pol_MachineEnableWorkFolders
+  
                  
+
                  
+
+
+
                  
+
+
+**ADMX_WorkFoldersClient/Pol_UserEnableTokenBroker**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting specifies whether Work Folders should be set up automatically for all users of the affected computer.
+
+- If you enable this policy setting, Work Folders will be set up automatically for all users of the affected computer. 
+
+This folder creation prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting doesn't apply to a user, Work Folders isn't automatically set up.
+- If you disable or don't configure this policy setting, Work Folders uses the "Force automatic setup" option of the "Specify Work Folders settings" policy setting to determine whether to automatically set up Work Folders for a given user.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Force automatic setup for all users*
+-   GP name: *Pol_UserEnableTokenBroker*
+-   GP path: *Windows Components\Work Folders*
+-   GP ADMX file name: *WorkFoldersClient.admx*
+
+
+
+
+
                  
+
+
+**ADMX_WorkFoldersClient/Pol_UserEnableWorkFolders**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy setting specifies the Work Folders server for affected users, and whether or not users are allowed to change settings when setting up Work Folders on a domain-joined computer.  
+
+- If you enable this policy setting, affected users receive Work Folders settings when they sign in to a domain-joined PC. 
+
+If this policy setting is disabled or not configured, no Work Folders settings are specified for the affected users, though users can manually set up Work Folders by using the Work Folders Control Panel item. The "Work Folders URL" can specify either the URL used by the organization for Work Folders discovery, or the specific URL of the file server that stores the affected users' data. The "Work Folders Local Path" specifies the local folder used on the client machine to sync files. This path may contain environment variables. 
+
+> [!NOTE]
+> In order for this configuration to take effect, a valid 'Work Folders URL' must also be specified.
+
+The “On-demand file access preference” option controls whether to enable on-demand file access. When enabled, the user controls which files in Work Folders are available offline on a given PC. The rest of the files in Work Folders are always visible and don’t take up any space on the PC, but the user must be connected to the Internet to access them. If you enable this policy setting, on-demand file access is enabled.  
+
+- If you disable this policy setting, on-demand file access is disabled, and enough storage space to store all the user’s files is required on each of their PCs.  
+
+If you specify User choice or don't configure this policy setting, the user decides whether to enable on-demand file access. However, if the Force automatic setup policy setting is enabled, Work Folders is set up automatically with on-demand file access enabled. 
+
+The "Force automatic setup" option specifies that Work Folders should be set up automatically without prompting users. This automatic setup prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. By default, Work Folders is stored in the "%USERPROFILE%\Work Folders" folder. If this option isn't specified, users must use the Work Folders Control Panel item on their computers to set up Work Folders.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Specify Work Folders settings*
+-   GP name: *Pol_UserEnableWorkFolders*
+-   GP path: *Windows Components\Work Folders*
+-   GP ADMX file name: *WorkFoldersClient.admx*
+
+
+
+
                  
+
+
+**ADMX_WorkFoldersClient/Pol_MachineEnableWorkFolders**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy specifies whether Work Folders should use Token Broker for interactive AD FS authentication instead of its own OAuth2 token flow used in previous versions.
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Enables the use of Token Broker for AD FS authentication*
+-   GP name: *Pol_MachineEnableWorkFolders*
+-   GP path: *Windows Components\Work Folders*
+-   GP ADMX file name: *WorkFoldersClient.admx*
+
+
+
+
+
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md
index 99ac55e97e..3cfe80c0cc 100644
--- a/windows/client-management/mdm/policy-csp-admx-wpn.md
+++ b/windows/client-management/mdm/policy-csp-admx-wpn.md
@@ -6,15 +6,20 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/13/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - ADMX_WPN
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
                  
 
@@ -49,32 +54,15 @@ manager: dansimp
 **ADMX_WPN/NoCallsDuringQuietHours**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -89,25 +77,20 @@ manager: dansimp
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting blocks voice and video calls during Quiet Hours.
+This policy setting blocks voice and video calls during Quiet Hours.
 
-If you enable this policy setting, voice and video calls will be blocked during the designated Quiet Hours time window each day, and users will not be able to customize any other Quiet Hours settings.
+If you enable this policy setting, voice and video calls will be blocked during the designated Quiet Hours time window each day, and users won't be able to customize any other Quiet Hours settings.
 
-If you disable this policy setting, voice and video calls will be allowed during Quiet Hours, and users will not be able to customize this or any other Quiet Hours settings.
+If you disable this policy setting, voice and video calls will be allowed during Quiet Hours, and users won't be able to customize this or any other Quiet Hours settings.
 
-If you do not configure this policy setting, voice and video calls will be allowed during Quiet Hours by default. Administrators and users will be able to modify this setting.
+If you don't configure this policy setting, voice and video calls will be allowed during Quiet Hours by default. Administrators and users will be able to modify this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off calls during Quiet Hours*
+-   GP Friendly name: *Turn off calls during Quiet Hours*
 -   GP name: *NoCallsDuringQuietHours*
 -   GP path: *Start Menu and Taskbar\Notifications*
 -   GP ADMX file name: *WPN.admx*
@@ -120,32 +103,15 @@ ADMX Info:
 **ADMX_WPN/NoLockScreenToastNotification**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -160,25 +126,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off toast notifications on the lock screen.
+This policy setting turns off toast notifications on the lock screen.
 
-If you enable this policy setting, applications will not be able to raise toast notifications on the lock screen.
+If you enable this policy setting, applications won't be able to raise toast notifications on the lock screen.
 
-If you disable or do not configure this policy setting, toast notifications on the lock screen are enabled and can be turned off by the administrator or user.
+If you disable or don't configure this policy setting, toast notifications on the lock screen are enabled and can be turned off by the administrator or user.
 
 No reboots or service restarts are required for this policy setting to take effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off toast notifications on the lock screen*
+-   GP Friendly name: *Turn off toast notifications on the lock screen*
 -   GP name: *NoLockScreenToastNotification*
 -   GP path: *Start Menu and Taskbar\Notifications*
 -   GP ADMX file name: *WPN.admx*
@@ -191,32 +152,15 @@ ADMX Info:
 **ADMX_WPN/NoQuietHours**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -231,25 +175,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off Quiet Hours functionality.
+This policy setting turns off Quiet Hours functionality.
 
-If you enable this policy setting, toast notifications will not be suppressed and some background tasks will not be deferred during the designated Quiet Hours time window each day.
+If you enable this policy setting, toast notifications won't be suppressed and some background tasks won't be deferred during the designated Quiet Hours time window each day.
 
-If you disable this policy setting, toast notifications will be suppressed and some background task deferred during the designated Quiet Hours time window. Users will not be able to change this or any other Quiet Hours settings.
+If you disable this policy setting, toast notifications will be suppressed and some background task deferred during the designated Quiet Hours time window. Users won't be able to change this or any other Quiet Hours settings.
 
-If you do not configure this policy setting, Quiet Hours are enabled by default but can be turned off or by the administrator or user.
+If you don't configure this policy setting, Quiet Hours are enabled by default but can be turned off or by the administrator or user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Quiet Hours*
+-   GP Friendly name: *Turn off Quiet Hours*
 -   GP name: *NoQuietHours*
 -   GP path: *Start Menu and Taskbar\Notifications*
 -   GP ADMX file name: *WPN.admx*
@@ -262,32 +201,15 @@ ADMX Info:
 **ADMX_WPN/NoToastNotification**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -302,29 +224,24 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off toast notifications for applications.
+This policy setting turns off toast notifications for applications.
 
-If you enable this policy setting, applications will not be able to raise toast notifications.
+If you enable this policy setting, applications won't be able to raise toast notifications.
 
-Note that this policy does not affect taskbar notification balloons.
+This policy doesn't affect taskbar notification balloons.
 
-Note that Windows system features are not affected by this policy.  You must enable/disable system features individually to stop their ability to raise toast notifications.
+Windows system features aren't affected by this policy.  You must enable/disable system features individually to stop their ability to raise toast notifications.
 
-If you disable or do not configure this policy setting, toast notifications are enabled and can be turned off by the administrator or user.
+If you disable or don't configure this policy setting, toast notifications are enabled and can be turned off by the administrator or user.
 
 No reboots or service restarts are required for this policy setting to take effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off toast notifications*
+-   GP Friendly name: *Turn off toast notifications*
 -   GP name: *NoToastNotification*
 -   GP path: *Start Menu and Taskbar\Notifications*
 -   GP ADMX file name: *WPN.admx*
@@ -337,32 +254,15 @@ ADMX Info:
 **ADMX_WPN/QuietHoursDailyBeginMinute**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -377,25 +277,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to begin each day.
+This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to begin each day.
 
-If you enable this policy setting, the specified time will be used, and users will not be able to customize any Quiet Hours settings.
+If you enable this policy setting, the specified time will be used, and users won't be able to customize any Quiet Hours settings.
 
-If you disable this policy setting, a default value will be used, and users will not be able to change it or any other Quiet Hours setting.
+If you disable this policy setting, a default value will be used, and users won't be able to change it or any other Quiet Hours setting.
 
-If you do not configure this policy setting, a default value will be used, which administrators and users will be able to modify.
+If you don't configure this policy setting, a default value will be used, which administrators and users will be able to modify.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set the time Quiet Hours begins each day*
+-   GP Friendly name: *Set the time Quiet Hours begins each day*
 -   GP name: *QuietHoursDailyBeginMinute*
 -   GP path: *Start Menu and Taskbar\Notifications*
 -   GP ADMX file name: *WPN.admx*
@@ -408,32 +303,15 @@ ADMX Info:
 **ADMX_WPN/QuietHoursDailyEndMinute**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -448,25 +326,20 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to end each day.
+This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to end each day.
 
-If you enable this policy setting, the specified time will be used, and users will not be able to customize any Quiet Hours settings.
+If you enable this policy setting, the specified time will be used, and users won't be able to customize any Quiet Hours settings.
 
-If you disable this policy setting, a default value will be used, and users will not be able to change it or any other Quiet Hours setting.
+If you disable this policy setting, a default value will be used, and users won't be able to change it or any other Quiet Hours setting.
 
-If you do not configure this policy setting, a default value will be used, which administrators and users will be able to modify.
+If you don't configure this policy setting, a default value will be used, which administrators and users will be able to modify.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set the time Quiet Hours ends each day*
+-   GP Friendly name: *Set the time Quiet Hours ends each day*
 -   GP name: *QuietHoursDailyEndMinute*
 -   GP path: *Start Menu and Taskbar\Notifications*
 -   GP ADMX file name: *WPN.admx*
@@ -475,8 +348,7 @@ ADMX Info:
 
 
                  
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index eb4a7086d1..5cebcba3b5 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -1,11 +1,11 @@
 ---
 title: Policy CSP - ApplicationDefaults
-description: Learn about various Policy configuration service provider (CSP) - ApplicationDefaults, including SyncML, for Windows 10.
+description: Learn about various Policy configuration service providers (CSP) - ApplicationDefaults, including SyncML, for Windows 10.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -37,32 +37,14 @@ manager: dansimp
 **ApplicationDefaults/DefaultAssociationsConfiguration**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -77,14 +59,14 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1703. This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml), and then needs to be  base64 encoded before being added to SyncML.
+This policy allows an administrator to set default file type and protocol associations. When set, default associations are applied on sign in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml). Then, it needs to be base64 encoded before being added to SyncML.
  
-If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied.
+If policy is enabled and the client machine is having Azure Active Directory, the associations assigned in SyncML are processed and default associations are applied.
 
 
 
 ADMX Info:  
--   GP English name: *Set a default associations configuration file*
+-   GP Friendly name: *Set a default associations configuration file*
 -   GP name: *DefaultAssociationsConfiguration*
 -   GP element: *DefaultAssociationsConfiguration_TextBox*
 -   GP path: *File Explorer*
@@ -100,7 +82,7 @@ To create the SyncML, follow these steps:
 
                • Paste the base64 encoded XML into the SyncML
                  • 
 
 
-Here is an example output from the dism default association export command:
+Here's an example output from the dism default association export command:
 
 ```xml
 
@@ -113,13 +95,13 @@ Here is an example output from the dism default association export command:
 
@@ -153,32 +135,14 @@ Here is the SyncMl example:
 **ApplicationDefaults/EnableAppUriHandlers**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -195,16 +159,16 @@ Here is the SyncMl example:
 
 This policy setting determines whether Windows supports web-to-app linking with app URI handlers.
 
-Enabling this policy setting enables web-to-app linking so that apps can be launched with a http(s) URI.
+Enabling this policy setting enables web-to-app linking so that apps can be launched with an http(s) URI.
 
 Disabling this policy disables web-to-app linking and http(s) URIs will be opened in the default browser instead of launching the associated app.
 
-If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
+If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
 
 
 
 ADMX Info:  
--   GP English name: *Configure web-to-app linking with app URI handlers*
+-   GP Friendly name: *Configure web-to-app linking with app URI handlers*
 -   GP name: *EnableAppUriHandlers*
 -   GP path: *System/Group Policy*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -217,16 +181,7 @@ This setting supports a range of values between 0 and 1.
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 9bbbdcc162..1bddb1ae40 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -1,11 +1,11 @@
 ---
 title: Policy CSP - ApplicationManagement
-description: Learn about various Policy configuration service provider (CSP) - ApplicationManagement, including SyncML, for Windows 10.
+description: Learn about various Policy configuration service providers (CSP) - ApplicationManagement, including SyncML, for Windows 10.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 02/11/2020
 ms.reviewer: 
@@ -20,6 +20,9 @@ manager: dansimp
 ## ApplicationManagement policies  
 
 
                  
+  
                  
+    ApplicationManagement/AllowAutomaticAppArchiving
+  
                  
   
                  
     ApplicationManagement/AllowAllTrustedApps
   
                  
@@ -65,38 +68,76 @@ manager: dansimp
 
                  
 
 
+
                  
+
+
+**ApplicationManagement/AllowAutomaticAppArchiving**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
                  
+
+
+
+This policy setting controls whether the system can archive infrequently used apps.
+
+- If you enable this policy setting, then the system will periodically check for and archive infrequently used apps.
+
+- If you disable this policy setting, then the system won't archive any apps.
+
+If you don't configure this policy setting (default), then the system will follow default behavior, which is to periodically check for and archive infrequently used apps, and the user will be able to configure this setting themselves.
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow all trusted apps to install*
+-   GP name: *AllowAutomaticAppArchiving*
+-   GP path: *Windows Components/App Package Deployment*
+-   GP ADMX file name: *AppxPackageManager.admx*
+
+
+
+The following list shows the supported values:
+
+-   0 - Explicit disable.
+-   1 - Explicit enable.
+-   65535 (default) - Not configured.
+
+
+
+
 
                  
 
 
 **ApplicationManagement/AllowAllTrustedApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -118,7 +159,7 @@ Most restricted value is 0.
 
 
 ADMX Info:  
--   GP English name: *Allow all trusted apps to install*
+-   GP Friendly name: *Allow all trusted apps to install*
 -   GP name: *AppxDeploymentAllowAllTrustedApps*
 -   GP path: *Windows Components/App Package Deployment*
 -   GP ADMX file name: *AppxPackageManager.admx*
@@ -140,32 +181,14 @@ The following list shows the supported values:
 **ApplicationManagement/AllowAppStoreAutoUpdate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -180,7 +203,7 @@ The following list shows the supported values:
 
 
 
-Specifies whether automatic update of apps from Microsoft Store are allowed.
+Specifies whether automatic update of apps from Microsoft Store is allowed.
 
 
 Most restricted value is 0.
@@ -188,7 +211,7 @@ Most restricted value is 0.
 
 
 ADMX Info:  
--   GP English name: *Turn off Automatic Download and Install of updates*
+-   GP Friendly name: *Turn off Automatic Download and Install of updates*
 -   GP name: *DisableAutoInstall*
 -   GP path: *Windows Components/Store*
 -   GP ADMX file name: *WindowsStore.admx*
@@ -209,32 +232,14 @@ The following list shows the supported values:
 **ApplicationManagement/AllowDeveloperUnlock**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -256,7 +261,7 @@ Most restricted value is 0.
 
 
 ADMX Info:  
--   GP English name: *Allows development of Windows Store apps and installing them from an integrated development environment (IDE)*
+-   GP Friendly name: *Allows development of Windows Store apps and installing them from an integrated development environment (IDE)*
 -   GP name: *AllowDevelopmentWithoutDevLicense*
 -   GP path: *Windows Components/App Package Deployment*
 -   GP ADMX file name: *AppxPackageManager.admx*
@@ -278,32 +283,14 @@ The following list shows the supported values:
 **ApplicationManagement/AllowGameDVR**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -321,14 +308,14 @@ The following list shows the supported values:
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
 
-Specifies whether DVR and broadcasting is allowed.
+Specifies whether DVR and broadcasting are allowed.
 
 Most restricted value is 0.
 
 
 
 ADMX Info:  
--   GP English name: *Enables or disables Windows Game Recording and Broadcasting*
+-   GP Friendly name: *Enables or disables Windows Game Recording and Broadcasting*
 -   GP name: *AllowGameDVR*
 -   GP path: *Windows Components/Windows Game Recording and Broadcasting*
 -   GP ADMX file name: *GameDVR.admx*
@@ -349,32 +336,14 @@ The following list shows the supported values:
 **ApplicationManagement/AllowSharedUserAppData**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -395,7 +364,7 @@ The following list shows the supported values:
 
 
 ADMX Info:  
--   GP English name: *Allow a Windows app to share application data between users*
+-   GP Friendly name: *Allow a Windows app to share application data between users*
 -   GP name: *AllowSharedLocalAppData*
 -   GP path: *Windows Components/App Package Deployment*
 -   GP ADMX file name: *AppxPackageManager.admx*
@@ -417,33 +386,14 @@ Most restricted value: 0
 **ApplicationManagement/BlockNonAdminUserInstall**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
 
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscheck mark8
                  Enterprisecheck mark8
                  Educationcheck mark8
                  
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -458,18 +408,18 @@ Most restricted value: 0
 
 
 
-Added in Windows 10, version 2004.
+
 
 Manages non-administrator users' ability to install Windows app packages.
 
 If you enable this policy, non-administrators will be unable to initiate installation of Windows app packages. Administrators who wish to install an app will need to do so from an Administrator context (for example, an Administrator PowerShell window). All users will still be able to install Windows app packages via the Microsoft Store, if permitted by other policies.
 
-If you disable or do not configure this policy, all users will be able to initiate installation of Windows app packages.
+If you disable or don't configure this policy, all users will be able to initiate installation of Windows app packages.
 
 
 
 ADMX Info:  
--   GP English name: *Prevent non-admin users from installing packaged Windows apps*
+-   GP Friendly name: *Prevent non-admin users from installing packaged Windows apps*
 -   GP name: *BlockNonAdminUserInstall*
 -   GP path: *Windows Components/App Package Deployment*
 -   GP ADMX file name: *AppxPackageManager.admx*
@@ -478,7 +428,7 @@ ADMX Info:
 
 The following list shows the supported values:  
 - 0 (default) - Disabled. All users will be able to initiate installation of Windows app packages.
-- 1 - Enabled. Non-administrator users will not be able to initiate installation of Windows app packages.
+- 1 - Enabled. Non-administrator users won't be able to initiate installation of Windows app packages.
 
 
 
@@ -494,32 +444,14 @@ The following list shows the supported values:
 **ApplicationManagement/DisableStoreOriginatedApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -539,7 +471,7 @@ Added in Windows 10, version 1607. Boolean value that disables the launch of al
 
 
 ADMX Info:  
--   GP English name: *Disable all apps from Microsoft Store*
+-   GP Friendly name: *Disable all apps from Microsoft Store*
 -   GP name: *DisableStoreApps*
 -   GP path: *Windows Components/Store*
 -   GP ADMX file name: *WindowsStore.admx*
@@ -560,32 +492,14 @@ The following list shows the supported values:
 **ApplicationManagement/LaunchAppAfterLogOn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -600,9 +514,9 @@ The following list shows the supported values:
 
 
 
-List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are launched after logon. This policy allows the IT admin to specify a list of applications that users can run after logging on to the device.
+List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are launched after a sign in. This policy allows the IT admin to specify a list of applications that users can run after logging on to the device.
 
-For this policy to work, the Windows apps need to declare in their manifest that they will use the start up task. Example of the declaration here: 
+For this policy to work, the Windows apps need to declare in their manifest that they'll use the startup task. Example of the declaration here: 
 
 ```xml
  
@@ -631,32 +545,14 @@ For this policy to work, the Windows apps need to declare in their manifest that
 **ApplicationManagement/MSIAllowUserControlOverInstall**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscross mark
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -675,7 +571,7 @@ Added in Windows 10, version 1803. This policy setting permits users to change i
 
 If you enable this policy setting, some of the security features of Windows Installer are bypassed. It permits installations to complete that otherwise would be halted due to a security violation.
 
-If you disable or do not configure this policy setting, the security features of Windows Installer prevent users from changing installation options typically reserved for system administrators, such as specifying the directory to which files are installed.
+If you disable or don't configure this policy setting, the security features of Windows Installer prevent users from changing installation options typically reserved for system administrators, such as specifying the directory to which files are installed.
 
 If Windows Installer detects that an installation package has permitted the user to change a protected option, it stops the installation and displays a message. These security features operate only when the installation program is running in a privileged security context in which it has access to directories denied to the user.
 
@@ -684,7 +580,7 @@ This policy setting is designed for less restrictive environments. It can be use
 
 
 ADMX Info:  
--   GP English name: *Allow user control over installs*
+-   GP Friendly name: *Allow user control over installs*
 -   GP name: *EnableUserControl*
 -   GP path: *Windows Components/Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -702,32 +598,14 @@ This setting supports a range of values between 0 and 1.
 **ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscross mark
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -745,18 +623,20 @@ This setting supports a range of values between 0 and 1.
 
 Added in Windows 10, version 1803. This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.
 
-If you enable this policy setting, privileges are extended to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add or Remove Programs in Control Panel. This profile setting lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.
+If you enable this policy setting, privileges are extended to all programs. These privileges are reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add or Remove Programs in Control Panel. This profile setting lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.
 
-If you disable or do not configure this policy setting, the system applies the current user's permissions when it installs programs that a system administrator does not distribute or offer.
+If you disable or don't configure this policy setting, the system applies the current user's permissions when it installs programs that a system administrator doesn't distribute or offer.
 
-Note: This policy setting appears both in the Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders.
+> [!NOTE]
+> This policy setting appears both in the Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders.
 
-Caution: Skilled users can take advantage of the permissions this policy setting grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy setting is not guaranteed to be secure.
+> [!CAUTION]
+> Skilled users can take advantage of the permissions this policy setting grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy setting is not guaranteed to be secure.
 
 
 
 ADMX Info:  
--   GP English name: *Always install with elevated privileges*
+-   GP Friendly name: *Always install with elevated privileges*
 -   GP name: *AlwaysInstallElevated*
 -   GP path: *Windows Components/Windows Installer*
 -   GP ADMX file name: *MSI.admx*
@@ -774,32 +654,14 @@ This setting supports a range of values between 0 and 1.
 **ApplicationManagement/RequirePrivateStoreOnly**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -823,7 +685,7 @@ Most restricted value is 1.
 
 
 ADMX Info:  
--   GP English name: *Only display the private store within the Microsoft Store*
+-   GP Friendly name: *Only display the private store within the Microsoft Store*
 -   GP name: *RequirePrivateStoreOnly*
 -   GP path: *Windows Components/Store*
 -   GP ADMX file name: *WindowsStore.admx*
@@ -844,32 +706,14 @@ The following list shows the supported values:
 **ApplicationManagement/RestrictAppDataToSystemVolume**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -891,7 +735,7 @@ Most restricted value is 1.
 
 
 ADMX Info:  
--   GP English name: *Prevent users' app data from being stored on non-system volumes*
+-   GP Friendly name: *Prevent users' app data from being stored on non-system volumes*
 -   GP name: *RestrictAppDataToSystemVolume*
 -   GP path: *Windows Components/App Package Deployment*
 -   GP ADMX file name: *AppxPackageManager.admx*
@@ -912,32 +756,14 @@ The following list shows the supported values:
 **ApplicationManagement/RestrictAppToSystemVolume**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -959,7 +785,7 @@ Most restricted value is 1.
 
 
 ADMX Info:  
--   GP English name: *Disable installing Windows apps on non-system volumes*
+-   GP Friendly name: *Disable installing Windows apps on non-system volumes*
 -   GP name: *DisableDeploymentToNonSystemVolumes*
 -   GP path: *Windows Components/App Package Deployment*
 -   GP ADMX file name: *AppxPackageManager.admx*
@@ -980,32 +806,14 @@ The following list shows the supported values:
 **ApplicationManagement/ScheduleForceRestartForUpdateFailures**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1026,6 +834,9 @@ Value type is string.
 
 
 
+> [!NOTE]
+> The check for recurrence is done in a case sensitive manner. For instance the value needs to be “Daily” instead of “daily”. The wrong case will cause SmartRetry to fail to execute.
+
 
 
 Sample SyncML:
@@ -1045,7 +856,7 @@ Sample SyncML:
          
          
            
@@ -1100,15 +911,6 @@ XSD:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index 2a224f8bfe..c8db68a7e0 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -14,6 +14,12 @@ manager: dansimp
 
 # Policy CSP - AppRuntime
 
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 
                  
@@ -34,32 +40,15 @@ manager: dansimp
 **AppRuntime/AllowMicrosoftAccountsToBeOptional**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -81,16 +70,11 @@ If you enable this policy setting, Windows Store apps that typically require a M
 If you disable or do not configure this policy setting, users will need to sign in with a Microsoft account.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow Microsoft accounts to be optional*
+-   GP Friendly name: *Allow Microsoft accounts to be optional*
 -   GP name: *AppxRuntimeMicrosoftAccountsOptional*
 -   GP path: *Windows Components/App runtime*
 -   GP ADMX file name: *AppXRuntime.admx*
@@ -99,16 +83,7 @@ ADMX Info:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index 63cdb4036d..24c9070487 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -14,6 +14,12 @@ manager: dansimp
 
 # Policy CSP - AppVirtualization
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 
                  
@@ -115,32 +121,15 @@ manager: dansimp
 **AppVirtualization/AllowAppVClient**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -158,16 +147,11 @@ manager: dansimp
 This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable App-V Client*
+-   GP Friendly name: *Enable App-V Client*
 -   GP name: *EnableAppV*
 -   GP path: *System/App-V*
 -   GP ADMX file name: *appv.admx*
@@ -181,32 +165,14 @@ ADMX Info:
 **AppVirtualization/AllowDynamicVirtualization**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -224,16 +190,11 @@ ADMX Info:
 Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable Dynamic Virtualization*
+-   GP Friendly name: *Enable Dynamic Virtualization*
 -   GP name: *Virtualization_JITVEnable*
 -   GP path: *System/App-V/Virtualization*
 -   GP ADMX file name: *appv.admx*
@@ -247,32 +208,14 @@ ADMX Info:
 **AppVirtualization/AllowPackageCleanup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -290,16 +233,11 @@ ADMX Info:
 Enables automatic cleanup of appv packages that were added after Windows10 anniversary release.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable automatic cleanup of unused appv packages*
+-   GP Friendly name: *Enable automatic cleanup of unused appv packages*
 -   GP name: *PackageManagement_AutoCleanupEnable*
 -   GP path: *System/App-V/PackageManagement*
 -   GP ADMX file name: *appv.admx*
@@ -313,32 +251,14 @@ ADMX Info:
 **AppVirtualization/AllowPackageScripts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -356,16 +276,11 @@ ADMX Info:
 Enables scripts defined in the package manifest of configuration files that should run.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable Package Scripts*
+-   GP Friendly name: *Enable Package Scripts*
 -   GP name: *Scripting_Enable_Package_Scripts*
 -   GP path: *System/App-V/Scripting*
 -   GP ADMX file name: *appv.admx*
@@ -379,32 +294,14 @@ ADMX Info:
 **AppVirtualization/AllowPublishingRefreshUX**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -422,16 +319,11 @@ ADMX Info:
 Enables a UX to display to the user when a publishing refresh is performed on the client.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable Publishing Refresh UX*
+-   GP Friendly name: *Enable Publishing Refresh UX*
 -   GP name: *Enable_Publishing_Refresh_UX*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
@@ -445,32 +337,14 @@ ADMX Info:
 **AppVirtualization/AllowReportingServer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -487,27 +361,22 @@ ADMX Info:
 
 Reporting Server URL: Displays the URL of reporting server.
 
-Reporting Time: When the client data should be reported to the server. Acceptable range is 0~23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, e.g. 9AM.
+Reporting Time: When the client data should be reported to the server. Acceptable range is 0~23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, for example, 9AM.
 
 Delay reporting for the random minutes: The maximum minutes of random delay on top of the reporting time. For a busy system, the random delay will help reduce the server load.
 
 Repeat reporting for every (days): The periodical interval in days for sending the reporting data.
 
-Data Cache Limit: This value specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The default value is 20 MB. The size applies to the cache in memory. When the limit is reached, the log file will roll over. When a new record is to be added (bottom of the list), one or more of the oldest records (top of the list) will be deleted to make room. A warning will be logged to the Client log and the event log the first time this occurs, and will not be logged again until after the cache has been successfully cleared on transmission and the log has filled up again.
+Data Cache Limit: This value specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The default value is 20 MB. The size applies to the cache in memory. When the limit is reached, the log file will roll over. When a new record is to be added (bottom of the list), one or more of the oldest records (top of the list) will be deleted to make room. A warning will be logged to the Client log and the event log the first time this deletion occurs, and won't be logged again until after the cache has been successfully cleared on transmission and the log has filled up again.
 
-Data Block Size: This value specifies the maximum size in bytes to transmit to the server at once on a reporting upload, to avoid permanent transmission failures when the log has reached a significant size. The  default value is 65536. When transmitting report data to the server, one block at a time of application records that is less than or equal to the block size in bytes of XML data will be removed from the cache and sent to the server. Each block will have the general Client data and global package list data prepended, and these will not factor into the block size calculations; the potential exists for an extremely large package list to result in transmission failures over low bandwidth or unreliable connections.
+Data Block Size: This value specifies the maximum size in bytes to transmit to the server at once on a reporting upload, to avoid permanent transmission failures when the log has reached a significant size. The  default value is 65536. When report data is being transmitted to the server, one block at a time of application records that is less than or equal to the block size in bytes of XML data will be removed from the cache and sent to the server. Each block will have the general Client data and global package list data prepended, and these components won't factor into the block size calculations; the potential exists for a large package list to result in transmission failures over low bandwidth or unreliable connections.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Reporting Server*
+-   GP Friendly name: *Reporting Server*
 -   GP name: *Reporting_Server_Policy*
 -   GP path: *System/App-V/Reporting*
 -   GP ADMX file name: *appv.admx*
@@ -521,32 +390,14 @@ ADMX Info:
 **AppVirtualization/AllowRoamingFileExclusions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -561,19 +412,14 @@ ADMX Info:
 
 
 
-Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'.
+Specifies the file paths relative to %userprofile% that don't roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Roaming File Exclusions*
+-   GP Friendly name: *Roaming File Exclusions*
 -   GP name: *Integration_Roaming_File_Exclusions*
 -   GP path: *System/App-V/Integration*
 -   GP ADMX file name: *appv.admx*
@@ -587,32 +433,14 @@ ADMX Info:
 **AppVirtualization/AllowRoamingRegistryExclusions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -627,19 +455,14 @@ ADMX Info:
 
 
 
-Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients.
+Specifies the registry paths that don't roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Roaming Registry Exclusions*
+-   GP Friendly name: *Roaming Registry Exclusions*
 -   GP name: *Integration_Roaming_Registry_Exclusions*
 -   GP path: *System/App-V/Integration*
 -   GP ADMX file name: *appv.admx*
@@ -653,32 +476,14 @@ ADMX Info:
 **AppVirtualization/AllowStreamingAutoload**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -696,16 +501,11 @@ ADMX Info:
 Specifies how new packages should be loaded automatically by App-V on a specific computer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify what to load in background (aka AutoLoad)*
+-   GP Friendly name: *Specify what to load in background (also known as AutoLoad)*
 -   GP name: *Steaming_Autoload*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
@@ -719,32 +519,14 @@ ADMX Info:
 **AppVirtualization/ClientCoexistenceAllowMigrationmode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -759,19 +541,14 @@ ADMX Info:
 
 
 
-Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V.
+Migration mode allows the App-V client to modify shortcuts and FTAs for packages created using a previous version of App-V.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable Migration Mode*
+-   GP Friendly name: *Enable Migration Mode*
 -   GP name: *Client_Coexistence_Enable_Migration_mode*
 -   GP path: *System/App-V/Client Coexistence*
 -   GP ADMX file name: *appv.admx*
@@ -785,32 +562,14 @@ ADMX Info:
 **AppVirtualization/IntegrationAllowRootGlobal**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -825,19 +584,14 @@ ADMX Info:
 
 
 
-Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration.
+Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links aren't used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Integration Root User*
+-   GP Friendly name: *Integration Root User*
 -   GP name: *Integration_Root_User*
 -   GP path: *System/App-V/Integration*
 -   GP ADMX file name: *appv.admx*
@@ -851,32 +605,14 @@ ADMX Info:
 **AppVirtualization/IntegrationAllowRootUser**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -891,19 +627,14 @@ ADMX Info:
 
 
 
-Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration.
+Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links aren't used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Integration Root Global*
+-   GP Friendly name: *Integration Root Global*
 -   GP name: *Integration_Root_Global*
 -   GP path: *System/App-V/Integration*
 -   GP ADMX file name: *appv.admx*
@@ -917,32 +648,14 @@ ADMX Info:
 **AppVirtualization/PublishingAllowServer1**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -963,7 +676,7 @@ Publishing Server URL: Displays the URL of publishing server.
 
 Global Publishing Refresh: Enables global publishing refresh (Boolean).
 
-Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).
+Global Publishing Refresh On Logon: Triggers a global publishing refresh on a sign in(Boolean).
 
 Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
 
@@ -971,23 +684,18 @@ Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23,
 
 User Publishing Refresh: Enables user publishing refresh (Boolean).
 
-User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).
+User Publishing Refresh On Logon: Triggers a user publishing refresh on a sign in (Boolean).
 
 User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
 
 User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Publishing Server 1 Settings*
+-   GP Friendly name: *Publishing Server 1 Settings*
 -   GP name: *Publishing_Server1_Policy*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
@@ -1001,32 +709,14 @@ ADMX Info:
 **AppVirtualization/PublishingAllowServer2**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1047,7 +737,7 @@ Publishing Server URL: Displays the URL of publishing server.
 
 Global Publishing Refresh: Enables global publishing refresh (Boolean).
 
-Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).
+Global Publishing Refresh On Logon: Triggers a global publishing refresh on a sign in (Boolean).
 
 Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
 
@@ -1055,23 +745,18 @@ Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23,
 
 User Publishing Refresh: Enables user publishing refresh (Boolean).
 
-User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).
+User Publishing Refresh On Logon: Triggers a user publishing refresh on la sign in (Boolean).
 
 User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
 
 User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Publishing Server 2 Settings*
+-   GP Friendly name: *Publishing Server 2 Settings*
 -   GP name: *Publishing_Server2_Policy*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
@@ -1085,32 +770,14 @@ ADMX Info:
 **AppVirtualization/PublishingAllowServer3**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1131,7 +798,7 @@ Publishing Server URL: Displays the URL of publishing server.
 
 Global Publishing Refresh: Enables global publishing refresh (Boolean).
 
-Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).
+Global Publishing Refresh On Logon: Triggers a global publishing refresh on a sign in (Boolean).
 
 Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
 
@@ -1139,23 +806,18 @@ Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23,
 
 User Publishing Refresh: Enables user publishing refresh (Boolean).
 
-User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).
+User Publishing Refresh On Logon: Triggers a user publishing refresh on a sign in (Boolean).
 
 User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
 
 User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Publishing Server 3 Settings*
+-   GP Friendly name: *Publishing Server 3 Settings*
 -   GP name: *Publishing_Server3_Policy*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
@@ -1169,32 +831,14 @@ ADMX Info:
 **AppVirtualization/PublishingAllowServer4**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1215,7 +859,7 @@ Publishing Server URL: Displays the URL of publishing server.
 
 Global Publishing Refresh: Enables global publishing refresh (Boolean).
 
-Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).
+Global Publishing Refresh On Logon: Triggers a global publishing refresh on a sign in (Boolean).
 
 Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
 
@@ -1223,23 +867,18 @@ Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23,
 
 User Publishing Refresh: Enables user publishing refresh (Boolean).
 
-User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).
+User Publishing Refresh On Logon: Triggers a user publishing refresh on a sign in (Boolean).
 
 User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
 
 User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Publishing Server 4 Settings*
+-   GP Friendly name: *Publishing Server 4 Settings*
 -   GP name: *Publishing_Server4_Policy*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
@@ -1253,32 +892,14 @@ ADMX Info:
 **AppVirtualization/PublishingAllowServer5**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1299,7 +920,7 @@ Publishing Server URL: Displays the URL of publishing server.
 
 Global Publishing Refresh: Enables global publishing refresh (Boolean).
 
-Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).
+Global Publishing Refresh On Logon: Triggers a global publishing refresh on a sign in (Boolean).
 
 Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
 
@@ -1307,23 +928,18 @@ Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23,
 
 User Publishing Refresh: Enables user publishing refresh (Boolean).
 
-User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).
+User Publishing Refresh On Logon: Triggers a user publishing refresh on a sign in (Boolean).
 
 User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
 
 User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Publishing Server 5 Settings*
+-   GP Friendly name: *Publishing Server 5 Settings*
 -   GP name: *Publishing_Server5_Policy*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
@@ -1337,32 +953,14 @@ ADMX Info:
 **AppVirtualization/StreamingAllowCertificateFilterForClient_SSL**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1380,16 +978,11 @@ ADMX Info:
 Specifies the path to a valid certificate in the certificate store.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Certificate Filter For Client SSL*
+-   GP Friendly name: *Certificate Filter For Client SSL*
 -   GP name: *Streaming_Certificate_Filter_For_Client_SSL*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
@@ -1403,32 +996,14 @@ ADMX Info:
 **AppVirtualization/StreamingAllowHighCostLaunch**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1443,19 +1018,14 @@ ADMX Info:
 
 
 
-This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (e.g. 4G).
+This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (for example, 4G).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection*
+-   GP Friendly name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection*
 -   GP name: *Streaming_Allow_High_Cost_Launch*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
@@ -1469,32 +1039,14 @@ ADMX Info:
 **AppVirtualization/StreamingAllowLocationProvider**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1512,16 +1064,11 @@ ADMX Info:
 Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Location Provider*
+-   GP Friendly name: *Location Provider*
 -   GP name: *Streaming_Location_Provider*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
@@ -1535,32 +1082,14 @@ ADMX Info:
 **AppVirtualization/StreamingAllowPackageInstallationRoot**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1578,16 +1107,11 @@ ADMX Info:
 Specifies directory where all new applications and updates will be installed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Package Installation Root*
+-   GP Friendly name: *Package Installation Root*
 -   GP name: *Streaming_Package_Installation_Root*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
@@ -1601,32 +1125,14 @@ ADMX Info:
 **AppVirtualization/StreamingAllowPackageSourceRoot**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1644,16 +1150,11 @@ ADMX Info:
 Overrides source location for downloading package content.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Package Source Root*
+-   GP Friendly name: *Package Source Root*
 -   GP name: *Streaming_Package_Source_Root*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
@@ -1667,32 +1168,14 @@ ADMX Info:
 **AppVirtualization/StreamingAllowReestablishmentInterval**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1710,16 +1193,11 @@ ADMX Info:
 Specifies the number of seconds between attempts to reestablish a dropped session.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Reestablishment Interval*
+-   GP Friendly name: *Reestablishment Interval*
 -   GP name: *Streaming_Reestablishment_Interval*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
@@ -1733,32 +1211,14 @@ ADMX Info:
 **AppVirtualization/StreamingAllowReestablishmentRetries**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1776,16 +1236,11 @@ ADMX Info:
 Specifies the number of times to retry a dropped session.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Reestablishment Retries*
+-   GP Friendly name: *Reestablishment Retries*
 -   GP name: *Streaming_Reestablishment_Retries*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
@@ -1799,32 +1254,14 @@ ADMX Info:
 **AppVirtualization/StreamingSharedContentStoreMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1839,19 +1276,14 @@ ADMX Info:
 
 
 
-Specifies that streamed package contents will be not be saved to the local hard disk.
+Specifies that streamed package contents won't be saved to the local hard disk.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Shared Content Store (SCS) mode*
+-   GP Friendly name: *Shared Content Store (SCS) mode*
 -   GP name: *Streaming_Shared_Content_Store_Mode*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
@@ -1865,32 +1297,14 @@ ADMX Info:
 **AppVirtualization/StreamingSupportBranchCache**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1905,19 +1319,14 @@ ADMX Info:
 
 
 
-If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache
+If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support isn't desired, this setting should be disabled. The client can then apply HTTP optimizations that are incompatible with BranchCache.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enable Support for BranchCache*
+-   GP Friendly name: *Enable Support for BranchCache*
 -   GP name: *Streaming_Support_Branch_Cache*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
@@ -1931,32 +1340,14 @@ ADMX Info:
 **AppVirtualization/StreamingVerifyCertificateRevocationList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1974,16 +1365,11 @@ ADMX Info:
 Verifies Server certificate revocation status before streaming using HTTPS.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Verify certificate revocation list*
+-   GP Friendly name: *Verify certificate revocation list*
 -   GP name: *Streaming_Verify_Certificate_Revocation_List*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
@@ -1997,32 +1383,14 @@ ADMX Info:
 **AppVirtualization/VirtualComponentsAllowList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2040,16 +1408,11 @@ ADMX Info:
 Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc.). Only processes whose full path matches one of these items can use virtual components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Virtual Component Process Allow List*
+-   GP Friendly name: *Virtual Component Process Allow List*
 -   GP name: *Virtualization_JITVAllowList*
 -   GP path: *System/App-V/Virtualization*
 -   GP ADMX file name: *appv.admx*
@@ -2058,16 +1421,7 @@ ADMX Info:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index e808f11e13..b182ba287e 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -14,6 +14,13 @@ manager: dansimp
 
 # Policy CSP - AttachmentManager
 
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 
                  
@@ -40,32 +47,15 @@ manager: dansimp
 **AttachmentManager/DoNotPreserveZoneInformation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -80,25 +70,20 @@ manager: dansimp
 
 
 
-This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments.
+This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This feature requires NTFS in order to function correctly, and will fail without notice on FAT32. If the zone information is not preserved, Windows can't make proper risk assessments.
 
-If you enable this policy setting, Windows does not mark file attachments with their zone information.
+If you enable this policy setting, Windows doesn't mark file attachments with their zone information.
 
 If you disable this policy setting, Windows marks file attachments with their zone information.
 
-If you do not configure this policy setting, Windows marks file attachments with their zone information.
+If you don't configure this policy setting, Windows marks file attachments with their zone information.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not preserve zone information in file attachments*
+-   GP Friendly name: *Do not preserve zone information in file attachments*
 -   GP name: *AM_MarkZoneOnSavedAtttachments*
 -   GP path: *Windows Components/Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*
@@ -112,32 +97,15 @@ ADMX Info:
 **AttachmentManager/HideZoneInfoMechanism**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -158,19 +126,14 @@ If you enable this policy setting, Windows hides the check box and Unblock butto
 
 If you disable this policy setting, Windows shows the check box and Unblock button.
 
-If you do not configure this policy setting, Windows hides the check box and Unblock button.
+If you don't configure this policy setting, Windows hides the check box and Unblock button.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Hide mechanisms to remove zone information*
+-   GP Friendly name: *Hide mechanisms to remove zone information*
 -   GP name: *AM_RemoveZoneInfo*
 -   GP path: *Windows Components/Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*
@@ -184,32 +147,15 @@ ADMX Info:
 **AttachmentManager/NotifyAntivirusPrograms**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -224,25 +170,20 @@ ADMX Info:
 
 
 
-This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant. 
+This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they'll all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, the subsequent calls would be redundant.
 
 If you enable this policy setting, Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened.
 
-If you disable this policy setting, Windows does not call the registered antivirus programs when file attachments are opened.
+If you disable this policy setting, Windows doesn't call the registered antivirus programs when file attachments are opened.
 
-If you do not configure this policy setting, Windows does not call the registered antivirus programs when file attachments are opened.
+If you don't configure this policy setting, Windows doesn't call the registered antivirus programs when file attachments are opened.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Notify antivirus programs when opening attachments*
+-   GP Friendly name: *Notify antivirus programs when opening attachments*
 -   GP name: *AM_CallIOfficeAntiVirus*
 -   GP path: *Windows Components/Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*
@@ -251,16 +192,7 @@ ADMX Info:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md
index 73c539f766..6960e68f36 100644
--- a/windows/client-management/mdm/policy-csp-audit.md
+++ b/windows/client-management/mdm/policy-csp-audit.md
@@ -1,11 +1,11 @@
 ---
 title: Policy CSP - Audit
-description: Learn how the Policy CSP - Audit setting causes an audit event to be generated when an account can't log on to a computer because the account is locked out.
+description: Learn how the Policy CSP - Audit setting causes an audit event to be generated when an account can't sign in to a computer because the account is locked out.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ---
@@ -204,32 +204,15 @@ ms.date: 09/27/2019
 **Audit/AccountLogonLogoff_AuditAccountLockout**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -244,27 +227,27 @@ ms.date: 09/27/2019
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by a failed attempt to log on to an account that is locked out.
+This policy setting allows you to audit events generated by a failed attempt to sign in to an account that is locked out.
 
-If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. Success audits record successful attempts and Failure audits record unsuccessful attempts.
+If you configure this policy setting, an audit event is generated when an account can't sign in to a computer because the account is locked out. Success audits record successful attempts and Failure audits record unsuccessful attempts.
 
-Logon events are essential for understanding user activity and to detect potential attacks.
+Sign-in events are essential for understanding user activity and to detect potential attacks.
 
 Volume: Low.
 
 
 
 GP Info:  
--   GP English name: *Audit Account Lockout*
+-   GP Friendly name: *Audit Account Lockout*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff*
 
 
 
 The following are the supported values:  
-- 0 — Off/None
-- 1 (default) — Success 
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success 
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -281,32 +264,15 @@ The following are the supported values:
 **Audit/AccountLogonLogoff_AuditGroupMembership**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -321,24 +287,24 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy allows you to audit the group membership information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
+This policy allows you to audit the group membership information in the user's sign-in token. Events in this subcategory are generated on the computer on which a sign-in session is created. For an interactive sign in, the security audit event is generated on the computer that the user logged on to. For a network sign in, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
 
-When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group membership information cannot fit in a single security audit event.
+When this setting is configured, one or more security audit events are generated for each successful sign in. Enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group membership information can't fit in a single security audit event.
 
 Volume: Low on a client computer. Medium on a domain controller or a network server.
 
 
 GP Info:  
--   GP English name: *Audit Group Membership*
+-   GP Friendly name: *Audit Group Membership*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -355,32 +321,15 @@ The following are the supported values:
 **Audit/AccountLogonLogoff_AuditIPsecExtendedMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -395,26 +344,26 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.
+This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.
 
 If you configure this policy setting, an audit event is generated during an IPsec Extended Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated during an IPsec Extended Mode negotiation.
+If you don't configure this policy setting, no audit event is generated during an IPsec Extended Mode negotiation.
 
 Volume: High.
 
 
 
 GP Info:  
--   GP English name: *Audit IPsec Extended Mode*
+-   GP Friendly name: *Audit IPsec Extended Mode*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -431,32 +380,15 @@ The following are the supported values:
 **Audit/AccountLogonLogoff_AuditIPsecMainMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -471,25 +403,25 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.
+This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.
 
 If you configure this policy setting, an audit event is generated during an IPsec Main Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated during an IPsec Main Mode negotiation.
+If you don't configure this policy setting, no audit event is generated during an IPsec Main Mode negotiation.
 
 Volume: High.
 
 
 GP Info:  
--   GP English name: *Audit IPsec Main Mode*
+-   GP Friendly name: *Audit IPsec Main Mode*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -506,32 +438,15 @@ The following are the supported values:
 **Audit/AccountLogonLogoff_AuditIPsecQuickMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -546,24 +461,24 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
+This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
 
-If you configure this policy setting, an audit event is generated during an IPsec Quick Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do not configure this policy setting, no audit event is generated during an IPsec Quick Mode negotiation.
+If you configure this policy setting, an audit event is generated during an IPsec Quick Mode negotiation. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you don't configure this policy setting, no audit event is generated during an IPsec Quick Mode negotiation.
 
 Volume: High.
 
 
 GP Info:  
--   GP English name: *Audit IPsec Quick Mode*
+-   GP Friendly name: *Audit IPsec Quick Mode*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -580,32 +495,15 @@ The following are the supported values:
 **Audit/AccountLogonLogoff_AuditLogoff**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -620,25 +518,25 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged on to.
+This policy setting allows you to audit events generated by the closing of a sign-in session. These events occur on the computer that was accessed. For an interactive sign out the security audit event is generated on the computer that the user account logged on to.
 
-If you configure this policy setting, an audit event is generated when a logon session is closed. Success audits record successful attempts to close sessions and Failure audits record unsuccessful attempts to close sessions.
-If you do not configure this policy setting, no audit event is generated when a logon session is closed.
+If you configure this policy setting, an audit event is generated when a sign-in session is closed. Success audits record successful attempts to close sessions and Failure audits record unsuccessful attempts to close sessions.
+If you don't configure this policy setting, no audit event is generated when a sign-in session is closed.
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Logoff*
+-   GP Friendly name: *Audit Logoff*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff*
 
 
 
 The following are the supported values:  
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -655,32 +553,15 @@ The following are the supported values:
 **Audit/AccountLogonLogoff_AuditLogon**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -695,28 +576,28 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by user account logon attempts on the computer.
-Events in this subcategory are related to the creation of logon sessions and occur on the computer which was accessed. For an interactive logon, the security audit event is generated on the computer that the user account logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. 
+This policy setting allows you to audit events generated by user account sign-in attempts on the computer.
+Events in this subcategory are related to the creation of sign in sessions and occur on the computer that was accessed. For an interactive sign in, the security audit event is generated on the computer that the user account signed in to. For a network sign in, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. 
 The following events are included:  
-- Successful logon attempts.
-- Failed logon attempts.
-- Logon attempts using explicit credentials. This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch logon configurations, such as scheduled tasks or when using the RUNAS command.
-- Security identifiers (SIDs) were filtered and not allowed to log on.
+- Successful sign in attempts.
+- Failed sign in attempts.
+- Sign-in attempts using explicit credentials. This event is generated when a process attempts to sign in an account by explicitly specifying that account’s credentials. This process most commonly occurs in batch sign-in configurations, such as scheduled tasks or when using the RUNAS command.
+- Security identifiers (SIDs) were filtered and not allowed to sign in.
 
 Volume: Low on a client computer. Medium on a domain controller or a network server.
 
 
 GP Info:  
--   GP English name: *Audit Logon*
+-   GP Friendly name: *Audit Logon*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff*
 
 
 
 The following are the supported values:  
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -733,32 +614,15 @@ The following are the supported values:
 **Audit/AccountLogonLogoff_AuditNetworkPolicyServer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -773,24 +637,24 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock.
+This policy setting allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock.
 If you configure this policy setting, an audit event is generated for each IAS and NAP user access request. Success audits record successful user access requests and Failure audits record unsuccessful attempts.
-If you do not configure this policy settings, IAS and NAP user access requests are not audited.
+If you don't configure this policy settings, IAS and NAP user access requests aren't audited.
 
 Volume: Medium or High on NPS and IAS server. No volume on other computers.
 
 
 GP Info:  
--   GP English name: *Audit Network Policy Server*
+-   GP Friendly name: *Audit Network Policy Server*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff*
 
 
 
 The following are the supported values:  
-- 0 — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 (default) — Success+Failure
+- 0—Off/None
+- 1—Success
+- 2—Failure
+- 3 (default)—Success+Failure
 
 
 
@@ -807,32 +671,15 @@ The following are the supported values:
 **Audit/AccountLogonLogoff_AuditOtherLogonLogoffEvents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -847,7 +694,7 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit other logon/logoff-related events that are not covered in the “Logon/Logoff” policy setting, such as the following:  
+This policy setting allows you to audit other logon/logoff-related events that aren't covered in the “Logon/Logoff” policy setting, such as the following:  
 - Terminal Services session disconnections.
 - New Terminal Services sessions.
 - Locking and unlocking a workstation.
@@ -861,16 +708,16 @@ Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Other Logon Logoff Events*
+-   GP Friendly name: *Audit Other Logon Logoff Events*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff*
 
 
 
-The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+The following values are the supported values:  
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -887,32 +734,15 @@ The following are the supported values:
 **Audit/AccountLogonLogoff_AuditSpecialLogon**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -927,24 +757,24 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by special logons, such as the following:  
-- The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level.
-- A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see [Audit Special Logon](/windows/security/threat-protection/auditing/audit-special-logon).
+This policy setting allows you to audit events generated by special sign ins, such as:  
+- The use of a special sign in, which is a sign in that has administrator-equivalent privileges and can be used to elevate a process to a higher level.
+- A sign in by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during sign in and the subcategory is enabled, an event is logged. For more information about this feature, see [Audit Special Logon](/windows/security/threat-protection/auditing/audit-special-logon).
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Special Logon*
+-   GP Friendly name: *Audit Special Logon*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff*
 
 
 
 The following are the supported values:  
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -961,32 +791,15 @@ The following are the supported values:
 **Audit/AccountLogonLogoff_AuditUserDeviceClaims**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1001,26 +814,26 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy allows you to audit user and device claims information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
+This policy allows you to audit user and device claims information in the user's sign-in token. Events in this subcategory are generated on the computer on which a sign-in session is created. For an interactive sign in, the security audit event is generated on the computer that the user signed in to. For a network sign in, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
 
-User claims are added to a logon token when claims are included with a user's account attributes in Active Directory. Device claims are added to the logon token when claims are included with a device's computer account attributes in Active Directory. In addition, compound identity must be enabled for the domain and on the computer where the user logged on.
+User claims are added to a sign-in token when claims are included with a user's account attributes in Active Directory. Device claims are added to the sign-in token when claims are included with a device's computer account attributes in Active Directory. In addition, compound identity must be enabled for the domain and on the computer where the user logged on.
 
-When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the user and device claims information cannot fit in a single security audit event.
+When this setting is configured, one or more security audit events are generated for each successful sign in. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the user and device claims information can't fit in a single security audit event.
 
 Volume: Low on a client computer. Medium on a domain controller or a network server.
 
 
 GP Info:  
--   GP English name: *Audit User Device Claims*
+-   GP Friendly name: *Audit User Device Claims*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -1037,32 +850,15 @@ The following are the supported values:
 **Audit/AccountLogon_AuditCredentialValidation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1077,7 +873,7 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by validation tests on user account logon credentials.
+This policy setting allows you to audit events generated by validation tests on user account sign-in credentials.
 
 Events in this subcategory occur only on the computer that is authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the local computer is authoritative.
 
@@ -1085,16 +881,16 @@ Volume: High on domain controllers.
 
 
 GP Info:  
--   GP English name: *Audit Credential Validation*
+-   GP Friendly name: *Audit Credential Validation*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -1111,32 +907,15 @@ The following are the supported values:
 **Audit/AccountLogon_AuditKerberosAuthenticationService**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1151,25 +930,25 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests.
+This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests.
 
 If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT request. Success audits record successful requests and Failure audits record unsuccessful requests.
-If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT request.
+If you don't configure this policy setting, no audit event is generated after a Kerberos authentication TGT request.
 
 Volume: High on Kerberos Key Distribution Center servers.
 
 
 GP Info:  
--   GP English name: *Audit Kerberos Authentication Service*
+-   GP Friendly name: *Audit Kerberos Authentication Service*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -1186,32 +965,15 @@ The following are the supported values:
 **Audit/AccountLogon_AuditKerberosServiceTicketOperations**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1226,25 +988,25 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests submitted for user accounts.
+This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests submitted for user accounts.
 
 If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT is requested for a user account. Success audits record successful requests and Failure audits record unsuccessful requests.
-If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT is request for a user account.
+If you don't configure this policy setting, no audit event is generated after a Kerberos authentication TGT is request for a user account.
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Kerberos Service Ticket Operations*
+-   GP Friendly name: *Audit Kerberos Service Ticket Operations*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -1261,32 +1023,15 @@ The following are the supported values:
 **Audit/AccountLogon_AuditOtherAccountLogonEvents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1301,23 +1046,23 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets.
+This policy setting allows you to audit events generated by responses to credential requests submitted for a user account sign in that aren't credential validation or Kerberos tickets.
 
 Currently, there are no events in this subcategory.
 
 
 
 GP Info:  
--   GP English name: *Audit Other Account Logon Events*
+-   GP Friendly name: *Audit Other Account Logon Events*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -1334,32 +1079,15 @@ The following are the supported values:
 **Audit/AccountManagement_AuditApplicationGroupManagement**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1374,27 +1102,27 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to application groups, such as the following:  
+This policy setting allows you to audit events generated by changes to application groups as follows:  
 - Application group is created, changed, or deleted.
 - Member is added or removed from an application group.
 
 If you configure this policy setting, an audit event is generated when an attempt to change an application group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when an application group changes.
+If you don't configure this policy setting, no audit event is generated when an application group changes.
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Application Group Management*
+-   GP Friendly name: *Audit Application Group Management*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -1411,32 +1139,15 @@ The following are the supported values:
 **Audit/AccountManagement_AuditComputerAccountManagement**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1451,25 +1162,25 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to computer accounts such as when a computer account is created, changed, or deleted.
+This policy setting allows you to audit events generated by changes to computer accounts such as when a computer account is created, changed, or deleted.
 
 If you configure this policy setting, an audit event is generated when an attempt to change a computer account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a computer account changes.
+If you don't configure this policy setting, no audit event is generated when a computer account changes.
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Computer Account Management*
+-   GP Friendly name: *Audit Computer Account Management*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -1486,32 +1197,15 @@ The following are the supported values:
 **Audit/AccountManagement_AuditDistributionGroupManagement**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1526,13 +1220,13 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to distribution groups, such as the following:  
+This policy setting allows you to audit events generated by changes to distribution groups as follows:  
 - Distribution group is created, changed, or deleted.
 - Member is added or removed from a distribution group.
 - Distribution group type is changed.
 
 If you configure this policy setting, an audit event is generated when an attempt to change a distribution group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a distribution group changes.
+If you don't configure this policy setting, no audit event is generated when a distribution group changes.
 
 > [!Note]
 > Events in this subcategory are logged only on domain controllers.
@@ -1541,16 +1235,16 @@ Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Distribution Group Management*
+-   GP Friendly name: *Audit Distribution Group Management*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -1567,32 +1261,15 @@ The following are the supported values:
 **Audit/AccountManagement_AuditOtherAccountManagementEvents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1607,30 +1284,30 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by other user account changes that are not covered in this category, such as the following:  
-- The password hash of a user account was accessed. This typically happens during an Active Directory Management Tool password migration.
+This policy setting allows you to audit events generated by other user account changes that aren't covered in this category, such as:  
+- The password hash of a user account was accessed. This change happens during an Active Directory Management Tool password migration.
 - The Password Policy Checking API was called. Calls to this function can be part of an attack when a malicious application tests the policy to reduce the number of attempts during a password dictionary attack.
 - Changes to the Default Domain Group Policy under the following Group Policy paths:
 Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy
 Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy.
 
 > [!Note]
-> The security audit event is logged when the policy setting is applied. It does not occur at the time when the settings are modified.
+> The security audit event is logged when the policy setting is applied. It doesn't occur at the time when the settings are modified.
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Other Account Management Events*
+-   GP Friendly name: *Audit Other Account Management Events*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -1647,32 +1324,15 @@ The following are the supported values:
 **Audit/AccountManagement_AuditSecurityGroupManagement**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1687,28 +1347,28 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to security groups, such as the following:  
+This policy setting allows you to audit events generated by changes to security groups, such as:  
 - Security group is created, changed, or deleted.
 - Member is added or removed from a security group.
 - Group type is changed.
 
 If you configure this policy setting, an audit event is generated when an attempt to change a security group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a security group changes.
+If you don't configure this policy setting, no audit event is generated when a security group changes.
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Security Group Management*
+-   GP Friendly name: *Audit Security Group Management*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management*
 
 
 
 The following are the supported values:  
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -1725,32 +1385,15 @@ The following are the supported values:
 **Audit/AccountManagement_AuditUserAccountManagement**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1765,8 +1408,8 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit changes to user accounts. 
-Events include the following:  
+This policy setting allows you to audit changes to user accounts. 
+The events included are as follows:  
 - A user account is created, changed, deleted; renamed, disabled, enabled, locked out, or unlocked.
 - A user account’s password is set or changed.
 - A security identifier (SID) is added to the SID History of a user account.
@@ -1775,22 +1418,22 @@ Events include the following:
 - Credential Manager credentials are backed up or restored.
 
 If you configure this policy setting, an audit event is generated when an attempt to change a user account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. 
-If you do not configure this policy setting, no audit event is generated when a user account changes.
+If you don't configure this policy setting, no audit event is generated when a user account changes.
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit User Account Management*
+-   GP Friendly name: *Audit User Account Management*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management*
 
 
 
 The following are the supported values:  
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -1807,32 +1450,15 @@ The following are the supported values:
 **Audit/DSAccess_AuditDetailedDirectoryServiceReplication**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1847,23 +1473,23 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by detailed Active Directory Domain Services (AD DS) replication between domain controllers.
+This policy setting allows you to audit events generated by detailed Active Directory Domain Services (AD DS) replication between domain controllers.
 
 Volume: High.
 
 
 
 GP Info:  
--   GP English name: *Audit Detailed Directory Service Replication*
+-   GP Friendly name: *Audit Detailed Directory Service Replication*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/DS Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -1880,32 +1506,15 @@ The following are the supported values:
 **Audit/DSAccess_AuditDirectoryServiceAccess**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1920,7 +1529,7 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated when an Active Directory Domain Services (AD DS) object is accessed. 
+This policy setting allows you to audit events generated when an Active Directory Domain Services (AD DS) object is accessed. 
 
 Only AD DS objects with a matching system access control list (SACL) are logged.
 
@@ -1930,16 +1539,16 @@ Volume: High on domain controllers. None on client computers.
 
 
 GP Info:  
--   GP English name: *Audit Directory Service Access*
+-   GP Friendly name: *Audit Directory Service Access*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/DS Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -1956,32 +1565,15 @@ The following are the supported values:
 **Audit/DSAccess_AuditDirectoryServiceChanges**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1996,32 +1588,32 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted.
+This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted.
 
 When possible, events logged in this subcategory indicate the old and new values of the object’s properties.
 
 Events in this subcategory are logged only on domain controllers, and only objects in AD DS with a matching system access control list (SACL) are logged.
 
 > [!Note]
-> Actions on some objects and properties do not cause audit events to be generated due to settings on the object class in the schema.
+> Actions on some objects and properties don't cause audit events to be generated due to settings on the object class in the schema.
 
 If you configure this policy setting, an audit event is generated when an attempt to change an object in AD DS is made. Success audits record successful attempts, however unsuccessful attempts are NOT recorded.
-If you do not configure this policy setting, no audit event is generated when an attempt to change an object in AD DS object is made.
+If you don't configure this policy setting, no audit event is generated when an attempt to change an object in AD DS object is made.
 
 Volume: High on domain controllers only.
 
 
 GP Info:  
--   GP English name: *Audit Directory Service Changes*
+-   GP Friendly name: *Audit Directory Service Changes*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/DS Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -2038,32 +1630,15 @@ The following are the supported values:
 **Audit/DSAccess_AuditDirectoryServiceReplication**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2078,10 +1653,10 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit replication between two Active Directory Domain Services (AD DS) domain controllers.
+This policy setting allows you to audit replication between two Active Directory Domain Services (AD DS) domain controllers.
 
 If you configure this policy setting, an audit event is generated during AD DS replication. Success audits record successful replication and Failure audits record unsuccessful replication.
-If you do not configure this policy setting, no audit event is generated during AD DS replication.
+If you don't configure this policy setting, no audit event is generated during AD DS replication.
 
 >[!Note]
 > Events in this subcategory are logged only on domain controllers.
@@ -2090,16 +1665,16 @@ Volume: Medium on domain controllers. None on client computers.
 
 
 GP Info:  
--   GP English name: *Audit Directory Service Replication*
+-   GP Friendly name: *Audit Directory Service Replication*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/DS Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -2116,32 +1691,15 @@ The following are the supported values:
 **Audit/DetailedTracking_AuditDPAPIActivity**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2156,25 +1714,25 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see https://go.microsoft.com/fwlink/?LinkId=121720.
+This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see https://go.microsoft.com/fwlink/?LinkId=121720.
 
 If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests.
-If you do not configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI.
+If you don't configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI.
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit DPAPI Activity*
+-   GP Friendly name: *Audit DPAPI Activity*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -2190,32 +1748,15 @@ The following are the supported values:
 **Audit/DetailedTracking_AuditPNPActivity**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2230,25 +1771,25 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit when plug and play detects an external device.
+This policy setting allows you to audit when plug and play detects an external device.
 
 If you configure this policy setting, an audit event is generated whenever plug and play detects an external device. Only Success audits are recorded for this category.
-If you do not configure this policy setting, no audit event is generated when an external device is detected by plug and play.
+If you don't configure this policy setting, no audit event is generated when an external device is detected by plug and play.
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit PNP Activity*
+-   GP Friendly name: *Audit PNP Activity*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -2264,32 +1805,15 @@ The following are the supported values:
 **Audit/DetailedTracking_AuditProcessCreation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2304,25 +1828,25 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated when a process is created or starts. The name of the application or user that created the process is also audited.
+This policy setting allows you to audit events generated when a process is created or starts. The name of the application or user that created the process is also audited.
 
 If you configure this policy setting, an audit event is generated when a process is created. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a process is created.
+If you don't configure this policy setting, no audit event is generated when a process is created.
 
 Volume: Depends on how the computer is used.
 
 
 GP Info:  
--   GP English name: *Audit Process Creation*
+-   GP Friendly name: *Audit Process Creation*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -2338,32 +1862,15 @@ The following are the supported values:
 **Audit/DetailedTracking_AuditProcessTermination**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2378,25 +1885,25 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated when a process ends. 
+This policy setting allows you to audit events generated when a process ends. 
 
 If you configure this policy setting, an audit event is generated when a process ends. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a process ends.
+If you don't configure this policy setting, no audit event is generated when a process ends.
 
 Volume: Depends on how the computer is used.
 
 
 GP Info:  
--   GP English name: *Audit Process Termination*
+-   GP Friendly name: *Audit Process Termination*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking*
 
 
 
 The following are the supported values:  
-- 0 — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -2412,32 +1919,15 @@ The following are the supported values:
 **Audit/DetailedTracking_AuditRPCEvents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2452,25 +1942,25 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit inbound remote procedure call (RPC) connections.
+This policy setting allows you to audit inbound remote procedure call (RPC) connections.
 
 If you configure this policy setting, an audit event is generated when a remote RPC connection is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a remote RPC connection is attempted.
+If you don't configure this policy setting, no audit event is generated when a remote RPC connection is attempted.
 
 Volume: High on RPC servers.
 
 
 GP Info:  
--   GP English name: *Audit RPC Events*
+-   GP Friendly name: *Audit RPC Events*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -2486,32 +1976,15 @@ The following are the supported values:
 **Audit/DetailedTracking_AuditTokenRightAdjusted**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2526,22 +1999,22 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by adjusting the privileges of a token.
+This policy setting allows you to audit events generated by adjusting the privileges of a token.
 
 Volume: High.
 
 
 GP Info:  
--   GP English name: *Audit Token Right Adjusted*
+-   GP Friendly name: *Audit Token Right Adjusted*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -2558,32 +2031,15 @@ The following are the supported values:
 **Audit/ObjectAccess_AuditApplicationGenerated**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2598,7 +2054,7 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit applications that generate events using the Windows Auditing application programming interfaces (APIs). Applications designed to use the Windows Auditing API use this subcategory to log auditing events related to their function.
+This policy setting allows you to audit applications that generate events using the Windows Auditing application programming interfaces (APIs). Applications designed to use the Windows Auditing API use this subcategory to log auditing events related to their function.
 Events in this subcategory include:  
 - Creation of an application client context.
 - Deletion of an application client context.
@@ -2609,16 +2065,16 @@ Volume: Depends on the applications that are generating them.
 
 
 GP Info:  
--   GP English name: *Audit Application Generated*
+-   GP Friendly name: *Audit Application Generated*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -2634,32 +2090,15 @@ The following are the supported values:
 **Audit/ObjectAccess_AuditCentralAccessPolicyStaging**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2674,29 +2113,29 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit access requests where the permission granted or denied by a proposed policy differs from the current central access policy on an object.
+This policy setting allows you to audit access requests where the permission granted or denied by a proposed policy differs from the current central access policy on an object.
 
-If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that granted by the proposed policy. The resulting audit event will be generated as follows:  
+If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that of the permission granted by the proposed policy. The resulting audit event will be generated as follows:  
 1. Success audits, when configured, records access attempts when the current central access policy grants access but the proposed policy denies access.
 2. Failure audits when configured records access attempts when:  
-   - The current central access policy does not grant access but the proposed policy grants access.
-   - A principal requests the maximum access rights they are allowed and the access rights granted by the current central access policy are different than the access rights granted by the proposed policy.
+   - The current central access policy doesn't grant access but the proposed policy grants access.
+   - A principal requests the maximum access rights they're allowed and the access rights granted by the current central access policy are different than the access rights granted by the proposed policy.
 
 Volume: Potentially high on a file server when the proposed policy differs significantly from the current central access policy.
 
 
 
 GP Info:  
--   GP English name: *Audit Central Access Policy Staging*
+-   GP Friendly name: *Audit Central Access Policy Staging*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -2713,32 +2152,15 @@ The following are the supported values:
 **Audit/ObjectAccess_AuditCertificationServices**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2753,8 +2175,8 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit Active Directory Certificate Services (AD CS) operations.
-AD CS operations include the following:  
+This policy setting allows you to audit Active Directory Certificate Services (AD CS) operations.
+AD CS operations include:  
 
 - AD CS startup/shutdown/backup/restore.
 - Changes to the certificate revocation list (CRL).
@@ -2777,16 +2199,16 @@ Volume: Medium or Low on computers running Active Directory Certificate Services
 
 
 GP Info:  
--   GP English name: *Audit Certification Services*
+-   GP Friendly name: *Audit Certification Services*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -2802,32 +2224,15 @@ The following are the supported values:
 **Audit/ObjectAccess_AuditDetailedFileShare**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2842,7 +2247,7 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share.  Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access.
+This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share.  Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access.
 
 If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures.
 
@@ -2853,16 +2258,16 @@ Volume: High on a file server or domain controller because of SYSVOL network acc
 
 
 GP Info:  
--   GP English name: *Audit Detailed File Share*
+-   GP Friendly name: *Audit Detailed File Share*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -2878,32 +2283,15 @@ The following are the supported values:
 **Audit/ObjectAccess_AuditFileShare**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2918,7 +2306,7 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit attempts to access a shared folder.
+This policy setting allows you to audit attempts to access a shared folder.
 
 If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder. If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures.
 
@@ -2929,16 +2317,16 @@ Volume: High on a file server or domain controller because of SYSVOL network acc
 
 
 GP Info:  
--   GP English name: *Audit File Share*
+-   GP Friendly name: *Audit File Share*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -2954,32 +2342,15 @@ The following are the supported values:
 **Audit/ObjectAccess_AuditFileSystem**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2994,10 +2365,10 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL. For more information about enabling object access auditing, see [Apply a basic audit policy on a file or folder](/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder).
+This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL. For more information about enabling object access auditing, see [Apply a basic audit policy on a file or folder](/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder).
 
 If you configure this policy setting, an audit event is generated each time an account accesses a file system object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL.
+If you don't configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL.
 
 > [!Note]
 > You can set a SACL on a file system object using the Security tab in that object's Properties dialog box.
@@ -3006,16 +2377,16 @@ Volume: Depends on how the file system SACLs are configured.
 
 
 GP Info:  
--   GP English name: *Audit File System*
+-   GP Friendly name: *Audit File System*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -3031,32 +2402,15 @@ The following are the supported values:
 **Audit/ObjectAccess_AuditFilteringPlatformConnection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -3071,7 +2425,7 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP). 
+This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP). 
 The following events are included:  
 - The Windows Firewall Service blocks an application from accepting incoming connections on the network.
 - The WFP allows a connection.
@@ -3085,22 +2439,22 @@ The following events are included:
 
 If you configure this policy setting, an audit event is generated when connections are allowed or blocked by the WFP. Success audits record events generated when connections are allowed and Failure audits record events generated when connections are blocked.
 
-If you do not configure this policy setting, no audit event is generated when connected are allowed or blocked by the WFP.
+If you don't configure this policy setting, no audit event is generated when connected are allowed or blocked by the WFP.
 
 Volume: High.
 
 
 GP Info:  
--   GP English name: *Audit Filtering Platform Connection*
+-   GP Friendly name: *Audit Filtering Platform Connection*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -3116,32 +2470,15 @@ The following are the supported values:
 **Audit/ObjectAccess_AuditFilteringPlatformPacketDrop**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -3156,23 +2493,23 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit packets that are dropped by Windows Filtering Platform (WFP).
+This policy setting allows you to audit packets that are dropped by Windows Filtering Platform (WFP).
 
 Volume: High.
 
 
 
 GP Info:  
--   GP English name: *Audit Filtering Platform Packet Drop*
+-   GP Friendly name: *Audit Filtering Platform Packet Drop*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -3188,32 +2525,15 @@ The following are the supported values:
 **Audit/ObjectAccess_AuditHandleManipulation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -3228,28 +2548,28 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events.
+This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events.
 
 If you configure this policy setting, an audit event is generated when a handle is manipulated. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a handle is manipulated.
+If you don't configure this policy setting, no audit event is generated when a handle is manipulated.
 
 > [!Note]
-> Events in this subcategory generate events only for object types where the corresponding Object Access subcategory is enabled. For example, if File system object access is enabled, handle manipulation security audit events are generated. If Registry object access is not enabled, handle manipulation security audit events will not be generated.
+> Events in this subcategory generate events only for object types where the corresponding Object Access subcategory is enabled. For example, if File system object access is enabled, handle manipulation security audit events are generated. If Registry object access isn't enabled, handle manipulation security audit events will not be generated.
 
 Volume: Depends on how SACLs are configured.
 
 
 GP Info:  
--   GP English name: *Audit Handle Manipulation*
+-   GP Friendly name: *Audit Handle Manipulation*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -3265,32 +2585,15 @@ The following are the supported values:
 **Audit/ObjectAccess_AuditKernelObject**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -3305,7 +2608,7 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit attempts to access the kernel, which includes mutexes and semaphores. 
+This policy setting allows you to audit attempts to access the kernel, which includes mutexes and semaphores. 
 Only kernel objects with a matching system access control list (SACL) generate security audit events.
 
 > [!Note]
@@ -3315,16 +2618,16 @@ Volume: High if auditing access of global system objects is enabled.
 
 
 GP Info:  
--   GP English name: *Audit Kernel Object*
+-   GP Friendly name: *Audit Kernel Object*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -3340,32 +2643,15 @@ The following are the supported values:
 **Audit/ObjectAccess_AuditOtherObjectAccessEvents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -3380,7 +2666,7 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by the management of task scheduler jobs or COM+ objects. 
+This policy setting allows you to audit events generated by the management of task scheduler jobs or COM+ objects. 
 For scheduler jobs, the following are audited:  
 - Job created.
 - Job deleted.
@@ -3397,16 +2683,16 @@ Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Other Object Access Events*
+-   GP Friendly name: *Audit Other Object Access Events*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -3422,32 +2708,15 @@ The following are the supported values:
 **Audit/ObjectAccess_AuditRegistry**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -3462,10 +2731,10 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL.
+This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL.
 
 If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL.
+If you don't configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL.
 
 > [!Note]
 > You can set a SACL on a registry object using the Permissions dialog box.
@@ -3474,16 +2743,16 @@ Volume: Depends on how registry SACLs are configured.
 
 
 GP Info:  
--   GP English name: *Audit Registry*
+-   GP Friendly name: *Audit Registry*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -3499,32 +2768,15 @@ The following are the supported values:
 **Audit/ObjectAccess_AuditRemovableStorage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -3539,25 +2791,25 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated only for all objects for all types of access requested.
+This policy setting allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated only for all objects for all types of access requested.
 
 If you configure this policy setting, an audit event is generated each time an account accesses a file system object on a removable storage. Success audits record successful attempts and Failure audits record unsuccessful attempts.
 
-If you do not configure this policy setting, no audit event is generated when an account accesses a file system object on a removable storage.
+If you don't configure this policy setting, no audit event is generated when an account accesses a file system object on a removable storage.
 
 
 
 GP Info:  
--   GP English name: *Audit Removable Storage*
+-   GP Friendly name: *Audit Removable Storage*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -3573,32 +2825,15 @@ The following are the supported values:
 **Audit/ObjectAccess_AuditSAM**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -3613,35 +2848,35 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects.
-SAM objects include the following:  
+This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects.
+SAM objects include:  
 - SAM_ALIAS -- A local group.
-- SAM_GROUP -- A group that is not a local group.
+- SAM_GROUP -- A group that isn't a local group.
 - SAM_USER – A user account.
 - SAM_DOMAIN – A domain.
 - SAM_SERVER – A computer account.
 
 If you configure this policy setting, an audit event is generated when an attempt to access a kernel object is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when an attempt to access a kernel object is made.
+If you don't configure this policy setting, no audit event is generated when an attempt to access a kernel object is made.
 
 > [!Note]
 > Only the System Access Control List (SACL) for SAM_SERVER can be modified.
 
-Volume: High on domain controllers. For information about reducing the amount of events generated in this subcategory, see [article 841001 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121698).
+Volume: High on domain controllers. For information about reducing the number of events generated in this subcategory, see [article 841001 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121698).
 
 
 
 GP Info:  
--   GP English name: *Audit SAM*
+-   GP Friendly name: *Audit SAM*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -3657,32 +2892,15 @@ The following are the supported values:
 **Audit/PolicyChange_AuditAuthenticationPolicyChange**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -3697,7 +2915,7 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to the authentication policy, such as the following:  
+This policy setting allows you to audit events generated by changes to the authentication policy, such as:  
 - Creation of forest and domain trusts.
 - Modification of forest and domain trusts.
 - Removal of forest and domain trusts.
@@ -3711,25 +2929,25 @@ Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 a
 - Namespace collision. For example, when a new trust has the same name as an existing namespace name.
 
 If you configure this policy setting, an audit event is generated when an attempt to change the authentication policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when the authentication policy is changed.
+If you don't configure this policy setting, no audit event is generated when the authentication policy is changed.
 
 > [!Note]
-> The security audit event is logged when the group policy is applied. It does not occur at the time when the settings are modified.
+> The security audit event is logged when the group policy is applied. It doesn't occur at the time when the settings are modified.
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Authentication Policy Change*
+-   GP Friendly name: *Audit Authentication Policy Change*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change*
 
 
 
 The following are the supported values:  
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -3746,32 +2964,15 @@ The following are the supported values:
 **Audit/PolicyChange_AuditAuthorizationPolicyChange**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -3786,30 +2987,30 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to the authorization policy, such as the following:  
-- Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the “Authentication Policy Change” subcategory.
-- Removal of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the “Authentication Policy Change” subcategory.
+This policy setting allows you to audit events generated by changes to the authorization policy, such as:  
+- Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that aren't audited through the “Authentication Policy Change” subcategory.
+- Removal of user rights (privileges), such as SeCreateTokenPrivilege, that aren't audited through the “Authentication Policy Change” subcategory.
 - Changes in the Encrypted File System (EFS) policy.
 - Changes to the Resource attributes of an object.
 - Changes to the Central Access Policy (CAP) applied to an object.
 
 If you configure this policy setting, an audit event is generated when an attempt to change the authorization policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when the authorization policy changes.
+If you don't configure this policy setting, no audit event is generated when the authorization policy changes.
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Authorization Policy Change*
+-   GP Friendly name: *Audit Authorization Policy Change*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -3826,32 +3027,15 @@ The following are the supported values:
 **Audit/PolicyChange_AuditFilteringPlatformPolicyChange**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -3866,29 +3050,29 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes to the Windows Filtering Platform (WFP), such as the following: 
+This policy setting allows you to audit events generated by changes to the Windows Filtering Platform (WFP), such as: 
 - IPsec services status.
 - Changes to IPsec policy settings.
 - Changes to Windows Firewall policy settings.
 - Changes to WFP providers and engine.
 
 If you configure this policy setting, an audit event is generated when a change to the WFP is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when a change occurs to the WFP.
+If you don't configure this policy setting, no audit event is generated when a change occurs to the WFP.
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Filtering Platform Policy Change*
+-   GP Friendly name: *Audit Filtering Platform Policy Change*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -3905,32 +3089,15 @@ The following are the supported values:
 **Audit/PolicyChange_AuditMPSSVCRuleLevelPolicyChange**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -3945,8 +3112,8 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. 
-Events include the following:  
+This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. 
+Events include:  
 - Reporting of active policies when Windows Firewall service starts.
 - Changes to Windows Firewall rules.
 - Changes to Windows Firewall exception list.
@@ -3955,22 +3122,22 @@ Events include the following:
 - Changes to Windows Firewall Group Policy settings.
 
 If you configure this policy setting, an audit event is generated by attempts to change policy rules used by the MPSSVC. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated by changes in policy rules used by the MPSSVC.
+If you don't configure this policy setting, no audit event is generated by changes in policy rules used by the MPSSVC.
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit MPSSVC Rule Level Policy Change*
+-   GP Friendly name: *Audit MPSSVC Rule Level Policy Change*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -3987,32 +3154,15 @@ The following are the supported values:
 **Audit/PolicyChange_AuditOtherPolicyChangeEvents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -4027,7 +3177,7 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by other security policy changes that are not audited in the policy change category, such as the following:  
+This policy setting allows you to audit events generated by other security policy changes that aren't audited in the policy change category, such as:  
 - Trusted Platform Module (TPM) configuration changes.
 - Kernel-mode cryptographic self tests.
 - Cryptographic provider operations.
@@ -4039,16 +3189,16 @@ Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Other Policy Change Events*
+-   GP Friendly name: *Audit Other Policy Change Events*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -4065,32 +3215,15 @@ The following are the supported values:
 **Audit/PolicyChange_AuditPolicyChange**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -4105,7 +3238,7 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit changes in the security audit policy settings, such as the following:  
+This policy setting allows you to audit changes in the security audit policy settings, such as:  
 - Settings permissions and audit settings on the Audit Policy object.
 - Changes to the system audit policy.
 - Registration of security event sources.
@@ -4122,16 +3255,16 @@ Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Policy Change*
+-   GP Friendly name: *Audit Policy Change*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change*
 
 
 
 The following are the supported values:  
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -4148,32 +3281,15 @@ The following are the supported values:
 **Audit/PrivilegeUse_AuditNonSensitivePrivilegeUse**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -4188,14 +3304,14 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights).
+This policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights).
 The following privileges are non-sensitive:  
 - Access Credential Manager as a trusted caller.
 - Access this computer from the network.
 - Add workstations to domain.
 - Adjust memory quotas for a process.
-- Allow log on locally.
-- Allow log on through Terminal Services.
+- Allow Logon Locally.
+- Allow Logon Through Terminal Services.
 - Bypass traverse checking.
 - Change the system time.
 - Create a pagefile.
@@ -4222,22 +3338,22 @@ The following privileges are non-sensitive:
 - Synchronize directory service data.
 
 If you configure this policy setting, an audit event is generated when a non-sensitive privilege is called. Success audits record successful calls and Failure audits record unsuccessful calls.
-If you do not configure this policy setting, no audit event is generated when a non-sensitive privilege is called.
+If you don't configure this policy setting, no audit event is generated when a non-sensitive privilege is called.
 
 Volume: Very High.
 
 
 GP Info:  
--   GP English name: *Audit Non Sensitive Privilege Use*
+-   GP Friendly name: *Audit Non Sensitive Privilege Use*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Privilege Use*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -4253,32 +3369,15 @@ The following are the supported values:
 **Audit/PrivilegeUse_AuditOtherPrivilegeUseEvents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -4298,16 +3397,16 @@ Not used.
 
 
 GP Info:  
--   GP English name: *Audit Other Privilege Use Events*
+-   GP Friendly name: *Audit Other Privilege Use Events*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Privilege Use*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -4323,32 +3422,15 @@ The following are the supported values:
 **Audit/PrivilegeUse_AuditSensitivePrivilegeUse**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -4363,9 +3445,9 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated when sensitive privileges (user rights) are used, such as the following:  
+This policy setting allows you to audit events generated when sensitive privileges (user rights) are used, such as:  
 - A privileged service is called.
-- One of the following privileges are called:  
+- One of the following privileges is called:  
     - Act as part of the operating system.
     - Back up files and directories.
     - Create a token object.
@@ -4381,22 +3463,22 @@ Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 a
     - Take ownership of files or other objects.
 
 If you configure this policy setting, an audit event is generated when sensitive privilege requests are made. Success audits record successful requests and Failure audits record unsuccessful requests.
-If you do not configure this policy setting, no audit event is generated when sensitive privilege requests are made.
+If you don't configure this policy setting, no audit event is generated when sensitive privilege requests are made.
 
 Volume: High.
 
 
 GP Info:  
--   GP English name: *Audit Sensitive Privilege Use*
+-   GP Friendly name: *Audit Sensitive Privilege Use*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Privilege Use*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -4412,32 +3494,15 @@ The following are the supported values:
 **Audit/System_AuditIPsecDriver**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -4452,31 +3517,31 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by the IPsec filter driver, such as the following:  
+This policy setting allows you to audit events generated by the IPsec filter driver, such as:  
 - Startup and shutdown of the IPsec services.
 - Network packets dropped due to integrity check failure.
 - Network packets dropped due to replay check failure.
 - Network packets dropped due to being in plaintext.
-- Network packets received with incorrect Security Parameter Index (SPI). This may indicate that either the network card is not working correctly or the driver needs to be updated.
+- Network packets received with incorrect Security Parameter Index (SPI). This incorrect value may indicate that either the network card isn't working correctly or the driver needs to be updated.
 - Inability to process IPsec filters.
 
 If you configure this policy setting, an audit event is generated on an IPsec filter driver operation. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated on an IPSec filter driver operation.
+If you don't configure this policy setting, no audit event is generated on an IPSec filter driver operation.
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit IPsec Driver*
+-   GP Friendly name: *Audit IPsec Driver*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/System*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -4493,32 +3558,15 @@ The following are the supported values:
 **Audit/System_AuditOtherSystemEvents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -4533,7 +3581,7 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit any of the following events:  
+This policy setting allows you to audit any of the following events:  
 - Startup and shutdown of the Windows Firewall service and driver.
 - Security policy processing by the Windows Firewall Service.
 - Cryptography key file and migration operations.
@@ -4542,16 +3590,16 @@ Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Other System Events*
+-   GP Friendly name: *Audit Other System Events*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/System*
 
 
 
 The following are the supported values:  
-- 0 — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 (default) — Success+Failure
+- 0—Off/None
+- 1—Success
+- 2—Failure
+- 3 (default)—Success+Failure
 
 
 
@@ -4568,32 +3616,15 @@ The following are the supported values:
 **Audit/System_AuditSecurityStateChange**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -4608,7 +3639,7 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events generated by changes in the security state of the computer, such as the following events:  
+This policy setting allows you to audit events generated by changes in the security state of the computer, such as the following events:  
 - Startup and shutdown of the computer.
 - Change of system time.
 - Recovering the system from CrashOnAuditFail, which is logged after a system restarts when the security event log is full and the CrashOnAuditFail registry entry is configured.
@@ -4617,16 +3648,16 @@ Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit Security State Change*
+-   GP Friendly name: *Audit Security State Change*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/System*
 
 
 
 The following are the supported values:  
-- 0 — Off/None
-- 1 (default) — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0—Off/None
+- 1 (default)—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -4643,32 +3674,15 @@ The following are the supported values:
 **Audit/System_AuditSecuritySystemExtension**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -4683,27 +3697,27 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events related to security system extensions or services, such as the following:  
-- A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It is used to authenticate logon attempts, submit logon requests, and any account or password changes. Examples of security system extensions are Kerberos and NTLM.
+This policy setting allows you to audit events related to security system extensions or services, such as the following:  
+- A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It's used to authenticate sign-in attempts, submit sign-in requests, and any account or password changes. Examples of security system extensions are Kerberos and NTLM.
 - A service is installed and registered with the Service Control Manager. The audit log contains information about the service name, binary, type, start type, and service account.
 
 If you configure this policy setting, an audit event is generated when an attempt is made to load a security system extension. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-If you do not configure this policy setting, no audit event is generated when an attempt is made to load a security system extension.
+If you don't configure this policy setting, no audit event is generated when an attempt is made to load a security system extension.
 
 Volume: Low. Security system extension events are generated more often on a domain controller than on client computers or member servers.
 
 
 GP Info:  
--   GP English name: *Audit Security System Extension*
+-   GP Friendly name: *Audit Security System Extension*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/System*
 
 
 
 The following are the supported values:  
-- 0 (default) — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 — Success+Failure
+- 0 (default)—Off/None
+- 1—Success
+- 2—Failure
+- 3—Success+Failure
 
 
 
@@ -4720,32 +3734,15 @@ The following are the supported values:
 **Audit/System_AuditSystemIntegrity**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -4760,27 +3757,27 @@ The following are the supported values:
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809 and 1803 through servicing. This policy setting allows you to audit events that violate the integrity of the security subsystem, such as the following:  
-- Events that could not be written to the event log because of a problem with the auditing system.
-- A process that uses a local procedure call (LPC) port that is not valid in an attempt to impersonate a client by replying, reading, or writing to or from a client address space.
+This policy setting allows you to audit events that violate the integrity of the security subsystem, such as:  
+- Events that couldn't be written to the event log because of a problem with the auditing system.
+- A process that uses a local procedure call (LPC) port that isn't valid in an attempt to impersonate a client by replying, reading, or writing to or from a client address space.
 - The detection of a Remote Procedure Call (RPC) that compromises system integrity.
-- The detection of a hash value of an executable file that is not valid as determined by Code Integrity.
+- The detection of a hash value of an executable file that isn't valid as determined by Code Integrity.
 - Cryptographic operations that compromise system integrity.
 
 Volume: Low.
 
 
 GP Info:  
--   GP English name: *Audit System Integrity*
+-   GP Friendly name: *Audit System Integrity*
 -   GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/System*
 
 
 
 The following are the supported values:  
-- 0 — Off/None
-- 1 — Success
-- 2 — Failure
-- 3 (default) — Success+Failure
+- 0—Off/None
+- 1—Success
+- 2—Failure
+- 3 (default)—Success+Failure
 
 
 
@@ -4792,15 +3789,6 @@ The following are the supported values:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 1b75bd9a6b..f1263416b4 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -1,11 +1,11 @@
 ---
 title: Policy CSP - Authentication
-description: The Policy CSP - Authentication setting allows the Azure AD tenant administrators to enable self service password reset feature on the Windows sign in screen.
+description: The Policy CSP - Authentication setting allows the Azure AD tenant administrators to enable self service password reset feature on the Windows sign-in screen.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.reviewer: bobgil
 manager: dansimp
@@ -39,6 +39,9 @@ manager: dansimp
   
                  
     Authentication/ConfigureWebSignInAllowedUrls
   
                  
+  
                  
+    Authentication/ConfigureWebcamAccessDomainNames
+  
                  
   
                  
     Authentication/EnableFastFirstSignIn
   
                  
@@ -57,32 +60,15 @@ manager: dansimp
 **Authentication/AllowAadPasswordReset**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -97,7 +83,7 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen.
+Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the Windows logon screen.
 
 
 
@@ -115,32 +101,15 @@ The following list shows the supported values:
 **Authentication/AllowEAPCertSSO**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -173,32 +142,15 @@ The following list shows the supported values:
 **Authentication/AllowFastReconnect**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -233,32 +185,15 @@ The following list shows the supported values:
 **Authentication/AllowFidoDeviceSignon**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -273,18 +208,18 @@ The following list shows the supported values:
 
 
 
-Preview release in Windows 10, version 1709. Supported in the next release. Specifies whether Fast Identity Online (FIDO) device can be used to sign on. This policy enables the Windows logon credential provider for FIDO 2.0
+Supported in the next release. Specifies whether Fast Identity Online (FIDO) device can be used to sign on. This policy enables the Windows logon credential provider for FIDO 2.0
 
 Value type is integer.
 
-Here is an example scenario: At Contoso, there are a lot of shared devices and kiosks that employees throughout the day using as many as 20 different devices. To minimize the loss in productivity when employees have to login with username and password every time they pick up a device, the IT admin deploys SharePC CSP and Authentication/AllowFidoDeviceSignon policy to shared devices. The IT admin provisions and distributes FIDO 2.0 devices to employees, which allows them to authenticate to various shared devices and PCs.
+Here's an example scenario: At Contoso, there are many shared devices and kiosks that employees use throughout the day, for example, employees use as many as 20 different devices. To minimize the loss in productivity when employees have to sign in with username and password every time they pick up a device, the IT admin deploys SharePC CSP and Authentication/AllowFidoDeviceSignon policy to shared devices. The IT admin provisions and distributes FIDO 2.0 devices to employees, which allows them to authenticate to various shared devices and PCs.
 
 
 
 The following list shows the supported values:
 
--   0 - Do not allow. The FIDO device credential provider disabled. 
--   1 - Allow. The FIDO device credential provider is enabled and allows usage of FIDO devices to sign into an Windows.
+-   0 - Don't allow. The FIDO device credential provider disabled.
+-   1 - Allow. The FIDO device credential provider is enabled and allows usage of FIDO devices to sign in to Windows.
 
 
 
@@ -295,32 +230,15 @@ The following list shows the supported values:
 **Authentication/AllowSecondaryAuthenticationDevice**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -335,16 +253,16 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows.
+Allows secondary authentication devices to work with Windows.
 
 The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premises only environment, cloud domain-joined in a hybrid environment, and BYOD).
 
-In the next major release of Windows 10, the default for this policy for consumer devices will be changed to off. This will only affect users that have not already set up a secondary authentication device.
+In the next major release of Windows 10, the default for this policy for consumer devices will be changed to off. This change will only affect users that have not already set up a secondary authentication device.
 
 
 
 ADMX Info:  
--   GP English name: *Allow companion device for secondary authentication*
+-   GP Friendly name: *Allow companion device for secondary authentication*
 -   GP name: *MSSecondaryAuthFactor_AllowSecondaryAuthenticationDevice*
 -   GP path: *Windows Components/Microsoft Secondary Authentication Factor*
 -   GP ADMX file name: *DeviceCredential.admx*
@@ -365,32 +283,15 @@ The following list shows the supported values:
 **Authentication/ConfigureWebSignInAllowedUrls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -405,10 +306,59 @@ The following list shows the supported values:
 
 
 
-Available in Windows 10, version 1803. Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092).
+Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092).
 
 **Example**: If your organization's PIN reset or Web Sign-in authentication flow is expected to navigate to two domains, accounts.contoso.com and signin.contoso.com, the policy value should be "accounts.contoso.com;signin.contoso.com".
 
+
+
+
+
+
+
+
+
+
+
+
+
+
                  
+
+
+**Authentication/ConfigureWebcamAccessDomainNames**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+Specifies the list of domain names that are allowed to access the webcam in Web Sign-in Windows device sign-in scenarios.
+
+Web Sign-in is only supported on Azure AD Joined PCs.
+
+**Example**: If your organization federates to "Contoso IDP" and your Web Sign-in portal at "signinportal.contoso.com" requires webcam access, the policy value should be "contoso.com".
+
+
 
 
 
@@ -427,32 +377,15 @@ Available in Windows 10, version 1803. Specifies the list of domains that are al
 **Authentication/EnableFastFirstSignIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -468,7 +401,7 @@ Available in Windows 10, version 1803. Specifies the list of domains that are al
 
 
 > [!Warning]
-> This policy is in preview mode only and therefore not meant or recommended for production purposes.
+> The Web Sign-in feature is in private preview mode only and not meant or recommended for production purposes. This setting is not currently supported at this time. 
 
 This policy is intended for use on Shared PCs to enable a quick first sign-in experience for a user. It works by automatically connecting new non-admin Azure Active Directory (Azure AD) accounts to the pre-configured candidate local accounts.
 
@@ -479,7 +412,7 @@ Value type is integer. Supported values:
 
 - 0 - (default) The feature defaults to the existing SKU and device capabilities.
 - 1 - Enabled. Auto connect new non-admin Azure AD accounts to pre-configured candidate local accounts
-- 2 - Disabled. Do not auto connect new non-admin Azure AD accounts to pre-configured local accounts
+- 2 - Disabled. Don't auto connect new non-admin Azure AD accounts to pre-configured local accounts
 
 
 
@@ -499,32 +432,15 @@ Value type is integer. Supported values:
 **Authentication/EnableWebSignIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -540,7 +456,7 @@ Value type is integer. Supported values:
 
 
 > [!Warning]
-> This policy is in preview mode only and therefore not meant or recommended for production purposes.
+> The Web Sign-in feature is in private preview mode only and not meant or recommended for production purposes. This setting is not currently supported at this time. 
 
 "Web Sign-in" is a new way of signing into a Windows PC. It enables Windows logon support for new Azure AD credentials, like Temporary Access Pass.
 
@@ -550,8 +466,8 @@ Value type is integer. Supported values:
 Value type is integer. Supported values:
 
 - 0 - (default) The feature defaults to the existing SKU and device capabilities.
-- 1 - Enabled. Web Credential Provider will be enabled for Sign In
-- 2 - Disabled. Web Credential Provider will not be enabled for Sign In
+- 1 - Enabled. Web Credential Provider will be enabled for a sign in.
+- 2 - Disabled. Web Credential Provider won't be enabled for a sign in.
 
 
 
@@ -571,32 +487,15 @@ Value type is integer. Supported values:
 **Authentication/PreferredAadTenantDomainName**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -613,7 +512,7 @@ Value type is integer. Supported values:
 
 Specifies the preferred domain among available domains in the Azure AD tenant.
 
-Example: If your organization is using the "@contoso.com" tenant domain name, the policy value should be "contoso.com". For the user "abby@constoso.com", she would then be able to sign in using "abby" in the username field instead of "abby@contoso.com".
+Example: If your organization is using the "@contoso.com" tenant domain name, the policy value should be "contoso.com". For the user "abby@constoso.com", a sign in is done using "abby" in the username field instead of "abby@contoso.com".
 
 
 Value type is string.
@@ -631,15 +530,6 @@ Value type is string.
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index 15b769497e..365d7cf732 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -14,6 +14,12 @@ manager: dansimp
 
 # Policy CSP - Autoplay
 
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 
                  
@@ -40,32 +46,15 @@ manager: dansimp
 **Autoplay/DisallowAutoplayForNonVolumeDevices**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -83,21 +72,16 @@ manager: dansimp
 
 This policy setting disallows AutoPlay for MTP devices like cameras or phones.
 
-If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones.
+If you enable this policy setting, AutoPlay isn't allowed for MTP devices like cameras or phones.
 
-If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices.
+If you disable or don't configure this policy setting, AutoPlay is enabled for non-volume devices.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Disallow Autoplay for non-volume devices*
+-   GP Friendly name: *Disallow Autoplay for non-volume devices*
 -   GP name: *NoAutoplayfornonVolume*
 -   GP path: *Windows Components/AutoPlay Policies*
 -   GP ADMX file name: *AutoPlay.admx*
@@ -111,32 +95,15 @@ ADMX Info:
 **Autoplay/SetDefaultAutoRunBehavior**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -154,11 +121,11 @@ ADMX Info:
 
 This policy setting sets the default behavior for Autorun commands.
 
-Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines.
+Autorun commands are stored in autorun.inf files. They often launch the installation program or other routines.
 
 Prior to Windows Vista, when media containing an autorun command is inserted, the system will automatically execute the program without user intervention.
 
-This creates a major security concern as code may be executed without user's knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog.
+This automatic execution creates a major security concern as code may be executed without user's knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog.
 
 If you enable this policy setting, an Administrator can change the default Windows Vista or later behavior for autorun to:
 
@@ -168,16 +135,11 @@ b) Revert back to pre-Windows Vista behavior of automatically executing the auto
 If you disable or not configure this policy setting, Windows Vista or later will prompt the user whether autorun command is to be run.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set the default behavior for AutoRun*
+-   GP Friendly name: *Set the default behavior for AutoRun*
 -   GP name: *NoAutorun*
 -   GP path: *Windows Components/AutoPlay Policies*
 -   GP ADMX file name: *AutoPlay.admx*
@@ -191,32 +153,15 @@ ADMX Info:
 **Autoplay/TurnOffAutoPlay**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -238,27 +183,22 @@ Autoplay begins reading from a drive as soon as you insert media in the drive. A
 
 Prior to Windows XP SP2, Autoplay is disabled by default on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and on network drives.
 
-Starting with Windows XP SP2, Autoplay is enabled for removable drives as well, including Zip drives and some USB mass storage devices.
+With Windows XP SP2 onward, Autoplay is enabled for removable drives as well, including Zip drives and some USB mass storage devices.
 
 If you enable this policy setting, Autoplay is disabled on CD-ROM and removable media drives, or disabled on all drives.
 
-This policy setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on drives on which it is disabled by default.
+This policy setting disables Autoplay on other types of drives. You can't use this setting to enable Autoplay on drives on which it's disabled by default.
 
-If you disable or do not configure this policy setting, AutoPlay is enabled.
+If you disable or don't configure this policy setting, AutoPlay is enabled.
 
 Note: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off Autoplay*
+-   GP Friendly name: *Turn off Autoplay*
 -   GP name: *Autorun*
 -   GP path: *Windows Components/AutoPlay Policies*
 -   GP ADMX file name: *AutoPlay.admx*
@@ -267,16 +207,7 @@ ADMX Info:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md
index 03fcf174ca..add5331983 100644
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@@ -1,18 +1,18 @@
 ---
-title: Policy CSP - Bitlocker
-description: Use the Policy configuration service provider (CSP) - Bitlocker to manage encryption of PCs and devices.
+title: Policy CSP - BitLocker
+description: Use the Policy configuration service provider (CSP) - BitLocker to manage encryption of PCs and devices.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
 manager: dansimp
 ---
 
-# Policy CSP - Bitlocker
+# Policy CSP - BitLocker
 
 
 
@@ -22,7 +22,7 @@ manager: dansimp
 
                  
 
 
-## Bitlocker policies  
+## BitLocker policies  
 
 
                  
   
                  
@@ -37,32 +37,15 @@ manager: dansimp
 **Bitlocker/EncryptionMethod**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -95,15 +78,6 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md
index 2bcc10ea45..7b7b384396 100644
--- a/windows/client-management/mdm/policy-csp-bits.md
+++ b/windows/client-management/mdm/policy-csp-bits.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -55,32 +55,15 @@ If BITS/BandwidthThrottlingStartTime or BITS/BandwidthThrottlingEndTime are NOT
 **BITS/BandwidthThrottlingEndTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscross mark
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -95,7 +78,7 @@ If BITS/BandwidthThrottlingStartTime or BITS/BandwidthThrottlingEndTime are NOT
 
 
 
-This policy specifies the bandwidth throttling **end time** that Background Intelligent Transfer Service (BITS) uses for background transfers. This policy setting does not affect foreground transfers. This policy is based on the 24-hour clock.
+This policy specifies the bandwidth throttling **end time** that Background Intelligent Transfer Service (BITS) uses for background transfers. This policy setting doesn't affect foreground transfers. This policy is based on the 24-hour clock.
 
 Value type is integer. Default value is 17 (5 PM).
 
@@ -105,16 +88,17 @@ You can specify a limit to use during a specific time interval and at all other
 
 Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrottlingEndTime, BandwidthThrottlingTransferRate), BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0.
 
-If you disable or do not configure this policy setting, BITS uses all available unused bandwidth.
+If you disable or don't configure this policy setting, BITS uses all available unused bandwidth.
 
-Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
+> [!NOTE]
+> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting doesn't affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
 
 Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
 
 
 
 ADMX Info:  
--   GP English name: *Limit the maximum network bandwidth for BITS background transfers*
+-   GP Friendly name: *Limit the maximum network bandwidth for BITS background transfers*
 -   GP name: *BITS_MaxBandwidth*
 -   GP element: *BITS_BandwidthLimitSchedTo*
 -   GP path: *Network/Background Intelligent Transfer Service (BITS)*
@@ -138,32 +122,14 @@ ADMX Info:
 **BITS/BandwidthThrottlingStartTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscross mark
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -178,7 +144,7 @@ ADMX Info:
 
 
 
-This policy specifies the bandwidth throttling **start time** that Background Intelligent Transfer Service (BITS) uses for background transfers. This policy setting does not affect foreground transfers. This policy is based on the 24-hour clock.
+This policy specifies the bandwidth throttling **start time** that Background Intelligent Transfer Service (BITS) uses for background transfers. This policy setting doesn't affect foreground transfers. This policy is based on the 24-hour clock.
 
 Value type is integer. Default value is 8 (8 am).
 
@@ -186,18 +152,19 @@ Supported value range: 0 - 23
 
 You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours.
 
-Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrottlingEndTime, BandwidthThrottlingTransferRate), BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0.
+BITS, by using the three policies together (BandwidthThrottlingStartTime, BandwidthThrottlingEndTime, BandwidthThrottlingTransferRate), will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0.
 
-If you disable or do not configure this policy setting, BITS uses all available unused bandwidth.
+If you disable or don't configure this policy setting, BITS uses all available unused bandwidth.
 
-Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
+> [!NOTE]
+> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting doesn't affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
 
 Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
 
 
 
 ADMX Info:  
--   GP English name: *Limit the maximum network bandwidth for BITS background transfers*
+-   GP Friendly name: *Limit the maximum network bandwidth for BITS background transfers*
 -   GP name: *BITS_MaxBandwidth*
 -   GP element: *BITS_BandwidthLimitSchedFrom*
 -   GP path: *Network/Background Intelligent Transfer Service (BITS)*
@@ -221,32 +188,14 @@ ADMX Info:
 **BITS/BandwidthThrottlingTransferRate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscross mark
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -261,7 +210,7 @@ ADMX Info:
 
 
 
-This policy specifies the bandwidth throttling **transfer rate** in kilobits per second (Kbps) that Background Intelligent Transfer Service (BITS) uses for background transfers. This policy setting does not affect foreground transfers.
+This policy specifies the bandwidth throttling **transfer rate** in kilobits per second (Kbps) that Background Intelligent Transfer Service (BITS) uses for background transfers. This policy setting doesn't affect foreground transfers.
 
 Value type is integer. Default value is 1000.
 
@@ -269,18 +218,19 @@ Supported value range: 0 - 4294967200
 
 You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours.
 
-Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrottlingEndTime, BandwidthThrottlingTransferRate), BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0.
+BITS, by using the three policies together (BandwidthThrottlingStartTime, BandwidthThrottlingEndTime, BandwidthThrottlingTransferRate), will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0.
 
-If you disable or do not configure this policy setting, BITS uses all available unused bandwidth.
+If you disable or don't configure this policy setting, BITS uses all available unused bandwidth.
 
-Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
+> [!NOTE]
+> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting doesn't affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
 
 Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
 
 
 
 ADMX Info:  
--   GP English name: *Limit the maximum network bandwidth for BITS background transfers*
+-   GP Friendly name: *Limit the maximum network bandwidth for BITS background transfers*
 -   GP name: *BITS_MaxBandwidth*
 -   GP element: *BITS_MaxTransferRateText*
 -   GP path: *Network/Background Intelligent Transfer Service (BITS)*
@@ -304,32 +254,14 @@ ADMX Info:
 **BITS/CostedNetworkBehaviorBackgroundPriority**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscross mark
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -346,7 +278,7 @@ ADMX Info:
 
 This policy setting defines the default behavior that the Background Intelligent Transfer Service (BITS) uses for background transfers when the system is connected to a costed network (3G, etc.). Download behavior policies further limit the network usage of background transfers.
 
-If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority.
+If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting doesn't override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority.
 
 For example, you can specify that background jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are:
 -  1 -    Always transfer
@@ -358,7 +290,7 @@ For example, you can specify that background jobs are by default to transfer onl
 
 
 ADMX Info:  
--   GP English name: *Set default download behavior for BITS jobs on costed networks*
+-   GP Friendly name: *Set default download behavior for BITS jobs on costed networks*
 -   GP name: *BITS_SetTransferPolicyOnCostedNetwork*
 -   GP element: *BITS_TransferPolicyNormalPriorityValue*
 -   GP path: *Network/Background Intelligent Transfer Service (BITS)*
@@ -382,32 +314,14 @@ ADMX Info:
 **BITS/CostedNetworkBehaviorForegroundPriority**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscross mark
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -424,7 +338,7 @@ ADMX Info:
 
 This policy setting defines the default behavior that the foreground Intelligent Transfer Service (BITS) uses for foreground transfers when the system is connected to a costed network (3G, etc.). Download behavior policies further limit the network usage of foreground transfers.
 
-If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority.
+If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting doesn't override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority.
 
 For example, you can specify that foreground jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are:
 -  1 -    Always transfer
@@ -436,7 +350,7 @@ For example, you can specify that foreground jobs are by default to transfer onl
 
 
 ADMX Info:  
--   GP English name: *Set default download behavior for BITS jobs on costed networks*
+-   GP Friendly name: *Set default download behavior for BITS jobs on costed networks*
 -   GP name: *BITS_SetTransferPolicyOnCostedNetwork*
 -   GP element: *BITS_TransferPolicyForegroundPriorityValue*
 -   GP path: *Network/Background Intelligent Transfer Service (BITS)*
@@ -460,32 +374,14 @@ ADMX Info:
 **BITS/JobInactivityTimeout**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscross mark
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -510,14 +406,14 @@ Value type is integer. Default is 90 days.
 Supported values range: 0 - 999
 
 Consider increasing the timeout value if computers tend to stay offline for a long period of time and still have pending jobs. 
-Consider decreasing this value if you are concerned about orphaned jobs occupying disk space.
+Consider decreasing this value if you're concerned about orphaned jobs occupying disk space.
 
-If you disable or do not configure this policy setting, the default value of 90 (days) will be used for the inactive job timeout.
+If you disable or don't configure this policy setting, the default value of 90 (days) will be used for the inactive job timeout.
 
 
 
 ADMX Info:  
--   GP English name: *Timeout for inactive BITS jobs*
+-   GP Friendly name: *Timeout for inactive BITS jobs*
 -   GP name: *BITS_Job_Timeout*
 -   GP element: *BITS_Job_Timeout_Time*
 -   GP path: *Network/Background Intelligent Transfer Service (BITS)*
@@ -540,16 +436,7 @@ Supported values range: 0 - 999
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index 6426fba5e8..a27b8b0f61 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 02/12/2020
 ms.reviewer: 
@@ -50,32 +50,15 @@ manager: dansimp
 **Bluetooth/AllowAdvertising**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -92,7 +75,7 @@ manager: dansimp
 
 Specifies whether the device can send out Bluetooth advertisements.
 
-If this is not set or it is deleted, the default value of 1 (Allow) is used.
+If this policy isn't set or is deleted, the default value of 1 (Allow) is used.
 
 Most restricted value is 0.
 
@@ -100,7 +83,7 @@ Most restricted value is 0.
 
 The following list shows the supported values:
 
--   0 – Not allowed. When set to 0, the device will not send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is not received by the peripheral.
+-   0 – Not allowed. When set to 0, the device won't send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement isn't received by the peripheral.
 -   1 (default) – Allowed. When set to 1, the device will send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is received by the peripheral.
 
 
@@ -112,32 +95,15 @@ The following list shows the supported values:
 **Bluetooth/AllowDiscoverableMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -154,7 +120,7 @@ The following list shows the supported values:
 
 Specifies whether other Bluetooth-enabled devices can discover the device.
 
-If this is not set or it is deleted, the default value of 1 (Allow) is used.
+If this policy isn't set or is deleted, the default value of 1 (Allow) is used.
 
 Most restricted value is 0.
 
@@ -162,7 +128,7 @@ Most restricted value is 0.
 
 The following list shows the supported values:
 
--   0 – Not allowed. When set to 0, other devices will not be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that you cannot see the name of the device.
+-   0 – Not allowed. When set to 0, other devices won't be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that you can't see the name of the device.
 -   1 (default) – Allowed. When set to 1, other devices will be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel and verify that you can discover it.
 
 
@@ -174,32 +140,15 @@ The following list shows the supported values:
 **Bluetooth/AllowPrepairing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -232,32 +181,15 @@ The following list shows the supported values:
 **Bluetooth/AllowPromptedProximalConnections**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -272,7 +204,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. This policy allows the IT admin to block users on these managed devices from using Swift Pair and other proximity based scenarios.
+This policy allows the IT admin to block users on these managed devices from using Swift Pair and other proximity based scenarios.
 
 
 
@@ -290,32 +222,15 @@ The following list shows the supported values:
 **Bluetooth/LocalDeviceName**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -332,9 +247,9 @@ The following list shows the supported values:
 
 Sets the local Bluetooth device name.
 
-If this is set, the value that it is set to will be used as the Bluetooth device name. To verify the policy is set, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that the value that was specified.
+If this name is set, the value that it's set to will be used as the Bluetooth device name. To verify the policy is set, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that the value that was specified.
 
-If this policy is not set or it is deleted, the default local radio name is used.
+If this policy isn't set or is deleted, the default local radio name is used.
 
 
 
@@ -345,32 +260,15 @@ If this policy is not set or it is deleted, the default local radio name is used
 **Bluetooth/ServicesAllowedList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -385,7 +283,7 @@ If this policy is not set or it is deleted, the default local radio name is used
 
 
 
-Added in Windows 10, version 1511. Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.
+Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.
 
 The default value is an empty string. For more information, see [ServicesAllowedList usage guide](#servicesallowedlist-usage-guide)
 
@@ -398,32 +296,15 @@ The default value is an empty string. For more information, see [ServicesAllowed
 **Bluetooth/SetMinimumEncryptionKeySize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark8
                  Businesscheck mark8
                  Enterprisecheck mark8
                  Educationcheck mark8
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -438,7 +319,7 @@ The default value is an empty string. For more information, see [ServicesAllowed
 
 
 
-Added in Windows 10, version 2004. There are multiple levels of encryption strength when pairing Bluetooth devices. This policy helps prevent weaker devices cryptographically being used in high security environments.
+There are multiple levels of encryption strength when pairing Bluetooth devices. This policy helps prevent weaker devices cryptographically being used in high security environments.
 
 
 
@@ -446,7 +327,7 @@ The following list shows the supported values:
 - 0 (default) - All Bluetooth traffic is allowed.
 - N - A number from 1 through 16 representing the bytes that must be used in the encryption process. Currently, 16 is the largest allowed value for N and 16 bytes is the largest key size that Bluetooth supports. If you want to enforce Windows to always use Bluetooth encryption, ignoring the precise encryption key strength, use 1 as the value for N.
 
-For more information on allowed key sizes, refer to Bluetooth Core Specification v5.1.
+For more information on allowed key sizes, see Bluetooth Core Specification v5.1.
 
 
 
@@ -458,23 +339,14 @@ For more information on allowed key sizes, refer to Bluetooth Core Specification
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
                  
 
 ## ServicesAllowedList usage guide
 
-When the Bluetooth/ServicesAllowedList policy is provisioned, it will only allow pairing and connections of Windows PCs and phones to explicitly defined Bluetooth profiles and services. It is an allowed list, enabling admins to still allow custom Bluetooth profiles that are not defined by the Bluetooth Special Interests Group (SIG).
+When the Bluetooth/ServicesAllowedList policy is provisioned, it will only allow pairing and connections of Windows PCs and phones to explicitly defined Bluetooth profiles and services. It's an allowed list, enabling admins to still allow custom Bluetooth profiles that aren't defined by the Bluetooth Special Interests Group (SIG).
 
 - Disabling a service shall block incoming and outgoing connections for such services
 - Disabling a service shall not publish an SDP record containing the service being blocked
@@ -509,7 +381,7 @@ Hands Free Profile UUID = base UUID + 0x111E to the beginning = 0000**111E**-000
 |Headset Service Class|For older voice-enabled headsets|0x1108|
 |PnP Information|Used to identify devices occasionally|0x1200|
 
-This means that if you only want Bluetooth headsets, the UUIDs to include are:
+If you only want Bluetooth headsets, the UUIDs to include are:
 
 {0000111E-0000-1000-8000-00805F9B34FB};{00001203-0000-1000-8000-00805F9B34FB};{00001108-0000-1000-8000-00805F9B34FB};{00001200-0000-1000-8000-00805F9B34FB}
 
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index ca1ff0bcbb..5deb121be6 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -15,7 +15,8 @@ ms.localizationpriority: medium
 # Policy CSP - Browser
 
 > [!NOTE]
-> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](/DeployEdge/).
+> These settings are for the previous version of Microsoft Edge (version 45 and earlier) and are deprecated. These settings will be removed in a future Windows release. Microsoft recommends updating your version of Microsoft Edge to version 77 or later and use the ADMX Ingestion function for management. Learn more about how to [Configure Microsoft Edge using Mobile Device Management](/deployedge/configure-edge-with-mdm).
+
 
 
 ## Browser policies  
@@ -199,32 +200,15 @@ ms.localizationpriority: medium
 **Browser/AllowAddressBarDropdown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -248,7 +232,7 @@ ms.localizationpriority: medium
 
 
 ADMX Info:  
--   GP English name: *Allow Address bar drop-down list suggestions*
+-   GP Friendly name: *Allow Address bar drop-down list suggestions*
 -   GP name: *AllowAddressBarDropdown*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -270,32 +254,15 @@ Most restricted value: 0
 **Browser/AllowAutofill**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -317,7 +284,7 @@ Most restricted value: 0
 
 
 ADMX Info:  
--   GP English name: *Configure Autofill*
+-   GP Friendly name: *Configure Autofill*
 -   GP name: *AllowAutofill*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -337,7 +304,7 @@ To verify AllowAutofill is set to 0 (not allowed):
 
 1.  Open Microsoft Edge.
 2.  In the upper-right corner of the browser, click **…**.
-3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
+3.  Click **Settings** in the dropdown list, and select **View Advanced Settings**.
 4.  Verify the setting **Save form entries** is grayed out.
 
 
@@ -349,32 +316,15 @@ To verify AllowAutofill is set to 0 (not allowed):
 **Browser/AllowConfigurationUpdateForBooksLibrary**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -397,7 +347,7 @@ To verify AllowAutofill is set to 0 (not allowed):
 
 
 ADMX Info:  
--   GP English name: *Allow configuration updates for the Books Library*
+-   GP Friendly name: *Allow configuration updates for the Books Library*
 -   GP name: *AllowConfigurationUpdateForBooksLibrary*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -418,32 +368,15 @@ Supported values:
 **Browser/AllowCookies**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -464,7 +397,7 @@ Supported values:
 
 
 ADMX Info:  
--   GP English name: *Configure cookies*
+-   GP Friendly name: *Configure cookies*
 -   GP name: *Cookies*
 -   GP element: *CookiesListBox*
 -   GP path: *Windows Components/Microsoft Edge*
@@ -483,9 +416,9 @@ Most restricted value: 0
 
 To verify AllowCookies is set to 0 (not allowed):
 
-1.  Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile.
+1.  Open Microsoft Edge.
 2.  In the upper-right corner of the browser, click **…**.
-3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
+3.  Click **Settings** in the dropdown list, and select **View Advanced Settings**.
 4.  Verify the setting **Cookies** is disabled.
 
 
@@ -497,32 +430,15 @@ To verify AllowCookies is set to 0 (not allowed):
 **Browser/AllowDeveloperTools**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -538,15 +454,13 @@ To verify AllowCookies is set to 0 (not allowed):
 
 
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
 
 [!INCLUDE [allow-developer-tools-shortdesc](../includes/allow-developer-tools-shortdesc.md)]
 
 
 
 ADMX Info:  
--   GP English name: *Allow Developer Tools*
+-   GP Friendly name: *Allow Developer Tools*
 -   GP name: *AllowDeveloperTools*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -568,32 +482,15 @@ Most restricted value: 0
 **Browser/AllowDoNotTrack**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -614,7 +511,7 @@ Most restricted value: 0
 
 
 ADMX Info:  
--   GP English name: *Configure Do Not Track*
+-   GP Friendly name: *Configure Do Not Track*
 -   GP name: *AllowDoNotTrack*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -623,7 +520,7 @@ ADMX Info:
 
 Supported values:
 
-- Blank (default) - Do not send tracking information but let users choose to send tracking information to sites they visit.
+- Blank (default) - Don't send tracking information but let users choose to send tracking information to sites they visit.
 - 0 - Never send tracking information.
 - 1 - Send tracking information.
 
@@ -632,9 +529,9 @@ Most restricted value: 1
 
 To verify AllowDoNotTrack is set to 0 (not allowed):
 
-1.  Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile.
+1.  Open Microsoft Edge.
 2.  In the upper-right corner of the browser, click **…**.
-3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
+3.  Click **Settings** in the dropdown list, and select **View Advanced Settings**.
 4.  Verify the setting **Send Do Not Track requests** is grayed out.
 
 
@@ -646,32 +543,15 @@ To verify AllowDoNotTrack is set to 0 (not allowed):
 **Browser/AllowExtensions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -694,7 +574,7 @@ To verify AllowDoNotTrack is set to 0 (not allowed):
 
 
 ADMX Info:  
--   GP English name: *Allow Extensions*
+-   GP Friendly name: *Allow Extensions*
 -   GP name: *AllowExtensions*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -715,32 +595,15 @@ Supported values:
 **Browser/AllowFlash**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -763,7 +626,7 @@ Supported values:
 
 
 ADMX Info:  
--   GP English name: *Allow Adobe Flash*
+-   GP Friendly name: *Allow Adobe Flash*
 -   GP name: *AllowFlash*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -784,32 +647,15 @@ Supported values:
 **Browser/AllowFlashClickToRun**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -833,7 +679,7 @@ Supported values:
 
 
 ADMX Info:  
--   GP English name: *Configure the Adobe Flash Click-to-Run setting*
+-   GP Friendly name: *Configure the Adobe Flash Click-to-Run setting*
 -   GP name: *AllowFlashClickToRun*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -843,7 +689,7 @@ ADMX Info:
 Supported values:
 
 -   0 – Load and run Adobe Flash content automatically.
--   1 (default) – Does not load or run Adobe Flash content automatically. Requires action from the user.
+-   1 (default) – Doesn't load or run Adobe Flash content automatically. Requires action from the user.
 
 Most restricted value: 1
 
@@ -856,32 +702,15 @@ Most restricted value: 1
 **Browser/AllowFullScreenMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -904,7 +733,7 @@ Most restricted value: 1
 
 
 ADMX Info:  
--   GP English name: *Allow FullScreen Mode*
+-   GP Friendly name: *Allow FullScreen Mode*
 -   GP name: *AllowFullScreenMode*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -933,32 +762,15 @@ Most restricted value: 0
 **Browser/AllowInPrivate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -979,7 +791,7 @@ Most restricted value: 0
 
 
 ADMX Info:  
--   GP English name: *Allow InPrivate browsing*
+-   GP Friendly name: *Allow InPrivate browsing*
 -   GP name: *AllowInPrivate*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -1002,32 +814,15 @@ Most restricted value:  0
 **Browser/AllowMicrosoftCompatibilityList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -1052,7 +847,7 @@ Most restricted value:  0
 
 
 ADMX Info:  
--   GP English name: *Allow Microsoft Compatibility List*
+-   GP Friendly name: *Allow Microsoft Compatibility List*
 -   GP name: *AllowCVList*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -1075,32 +870,15 @@ Most restricted value:  0
 **Browser/AllowPasswordManager**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -1122,7 +900,7 @@ Most restricted value:  0
 
 
 ADMX Info:  
--   GP English name: *Configure Password Manager*
+-   GP Friendly name: *Configure Password Manager*
 -   GP name: *AllowPasswordManager*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -1153,32 +931,15 @@ To verify AllowPasswordManager is set to 0 (not allowed):
 **Browser/AllowPopups**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -1200,7 +961,7 @@ To verify AllowPasswordManager is set to 0 (not allowed):
 
 
 ADMX Info:  
--   GP English name: *Configure Pop-up Blocker*
+-   GP Friendly name: *Configure Pop-up Blocker*
 -   GP name: *AllowPopups*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -1220,7 +981,7 @@ Most restricted value: 1
 To verify AllowPopups is set to 0 (not allowed):
 
 1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
-2.  Verify the setting **Block pop-ups** is disabled.
+2.  Verify whether the setting **Block pop-ups** is disabled.
 
 
 
@@ -1231,32 +992,15 @@ To verify AllowPopups is set to 0 (not allowed):
 **Browser/AllowPrelaunch**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -1280,7 +1024,7 @@ To verify AllowPopups is set to 0 (not allowed):
 
 
 ADMX Info:  
--   GP English name: *Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed*
+-   GP Friendly name: *Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed*
 -   GP name: *AllowPrelaunch*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -1309,32 +1053,15 @@ Most restricted value: 0
 **Browser/AllowPrinting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -1357,7 +1084,7 @@ Most restricted value: 0
 
 
 ADMX Info:  
--   GP English name: *Allow printing*
+-   GP Friendly name: *Allow printing*
 -   GP name: *AllowPrinting*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -1386,32 +1113,15 @@ Most restricted value: 0
 **Browser/AllowSavingHistory**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -1434,7 +1144,7 @@ Most restricted value: 0
 
 
 ADMX Info:  
--   GP English name: *Allow Saving History*
+-   GP Friendly name: *Allow Saving History*
 -   GP name: *AllowSavingHistory*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -1463,32 +1173,15 @@ Most restricted value: 0
 **Browser/AllowSearchEngineCustomization**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -1515,7 +1208,7 @@ Most restricted value: 0
 
 
 ADMX Info:  
--   GP English name: *Allow search engine customization*
+-   GP Friendly name: *Allow search engine customization*
 -   GP name: *AllowSearchEngineCustomization*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -1538,32 +1231,15 @@ Most restricted value: 0
 **Browser/AllowSearchSuggestionsinAddressBar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -1584,7 +1260,7 @@ Most restricted value: 0
 
 
 ADMX Info:  
--   GP English name: *Configure search suggestions in Address bar*
+-   GP Friendly name: *Configure search suggestions in Address bar*
 -   GP name: *AllowSearchSuggestionsinAddressBar*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -1608,32 +1284,15 @@ Most restricted value: 0
 **Browser/AllowSideloadingOfExtensions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -1656,7 +1315,7 @@ Most restricted value: 0
 
 
 ADMX Info:  
--   GP English name: *Allow sideloading of Extensions*
+-   GP Friendly name: *Allow sideloading of Extensions*
 -   GP name: *AllowSideloadingOfExtensions*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -1665,7 +1324,7 @@ ADMX Info:
 
 Supported values:
 
-- 0 - Prevented/not allowed. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled).
+- 0 - Prevented/not allowed. Disabling doesn't prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this sideloading, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled).
 - 1 (default) - Allowed.
 
 Most restricted value: 0
@@ -1685,32 +1344,15 @@ Most restricted value: 0
 **Browser/AllowSmartScreen**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -1731,7 +1373,7 @@ Most restricted value: 0
 
 
 ADMX Info:  
--   GP English name: *Configure Windows Defender SmartScreen*
+-   GP Friendly name: *Configure Windows Defender SmartScreen*
 -   GP name: *AllowSmartScreen*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -1741,7 +1383,7 @@ ADMX Info:
 Supported values:
 
 - Blank - Users can choose to use Windows Defender SmartScreen.
-- 0 – Turned off. Do not protect users from potential threats and prevent users from turning it on.
+- 0 – Turned off. Don't protect users from potential threats and prevent users from turning it on.
 - 1 (default) – Turned on. Protect users from potential threats and prevent users from turning it off.
 
 Most restricted value: 1
@@ -1762,32 +1404,15 @@ To verify AllowSmartScreen is set to 0 (not allowed):
 **Browser/AllowTabPreloading**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -1810,7 +1435,7 @@ To verify AllowSmartScreen is set to 0 (not allowed):
 
 
 ADMX Info:  
--   GP English name: *Allow Microsoft Edge to start and load the Start and New Tab pages in the background at Windows startup and each time Microsoft Edge is closed*
+-   GP Friendly name: *Allow Microsoft Edge to start and load the Start and New Tab pages in the background at Windows startup and each time Microsoft Edge is closed*
 -   GP name: *AllowTabPreloading*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -1838,32 +1463,15 @@ Most restricted value: 1
 **Browser/AllowWebContentOnNewTabPage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -1886,7 +1494,7 @@ Most restricted value: 1
 
 
 ADMX Info:  
--   GP English name: *Allow web content on New Tab page*
+-   GP Friendly name: *Allow web content on New Tab page*
 -   GP name: *AllowWebContentOnNewTabPage*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -1914,32 +1522,15 @@ Supported values:
 **Browser/AlwaysEnableBooksLibrary**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -1963,7 +1554,7 @@ Supported values:
 
 
 ADMX Info:  
--   GP English name: *Always show the Books Library in Microsoft Edge*
+-   GP Friendly name: *Always show the Books Library in Microsoft Edge*
 -   GP name: *AlwaysEnableBooksLibrary*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -1986,32 +1577,15 @@ Most restricted value: 0
 **Browser/ClearBrowsingDataOnExit**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -2034,7 +1608,7 @@ Most restricted value: 0
 
 
 ADMX Info:  
--   GP English name: *Allow clearing browsing data on exit*
+-   GP Friendly name: *Allow clearing browsing data on exit*
 -   GP name: *AllowClearingBrowsingDataOnExit*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -2050,12 +1624,12 @@ Most restricted value: 1
 
 
 
-To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set to 1): 
+To verify whether browsing data is cleared on exit (ClearBrowsingDataOnExit is set to 1): 
 
 1. Open Microsoft Edge and browse to websites.
 2. Close the Microsoft Edge window.
 3. Open Microsoft Edge and start typing the same URL in address bar. 
-4. Verify that it does not auto-complete from history.
+4. Verify that it doesn't auto-complete from history.
 
 
 
@@ -2066,32 +1640,15 @@ To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set
 **Browser/ConfigureAdditionalSearchEngines**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -2118,7 +1675,7 @@ To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set
 
 
 ADMX Info:  
--   GP English name: *Configure additional search engines*
+-   GP Friendly name: *Configure additional search engines*
 -   GP name: *ConfigureAdditionalSearchEngines*
 -   GP element: *ConfigureAdditionalSearchEngines_Prompt*
 -   GP path: *Windows Components/Microsoft Edge*
@@ -2129,7 +1686,7 @@ ADMX Info:
 Supported values:
 
 -   0 (default) – Prevented/not allowed. Microsoft Edge uses the search engine specified in App settings.
                  If you enabled this policy and now want to disable it, disabling removes all previously configured search engines.
--   1 – Allowed. Add up to five additional search engines and set any one of them as the default.
                  For each search engine added you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](/microsoft-edge/dev-guide/browser/search-provider-discovery).
+-   1 – Allowed. Add up to five more search engines and set any one of them as the default.
                  For each search engine added, you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](/microsoft-edge/dev-guide/browser/search-provider-discovery).
 
 Most restricted value: 0
 
@@ -2141,32 +1698,15 @@ Most restricted value: 0
 **Browser/ConfigureFavoritesBar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -2189,7 +1729,7 @@ Most restricted value: 0
 
 
 ADMX Info:  
--   GP English name: *Configure Favorites Bar*
+-   GP Friendly name: *Configure Favorites Bar*
 -   GP name: *ConfigureFavoritesBar*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -2218,32 +1758,15 @@ Supported values:
 **Browser/ConfigureHomeButton**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -2265,7 +1788,7 @@ Supported values:
 
 
 ADMX Info:  
--   GP English name: *Configure Home Button*
+-   GP Friendly name: *Configure Home Button*
 -   GP name: *ConfigureHomeButton*
 -   GP element: *ConfigureHomeButtonDropdown*
 -   GP path: *Windows Components/Microsoft Edge*
@@ -2299,32 +1822,15 @@ Supported values:
 **Browser/ConfigureKioskMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -2350,7 +1856,7 @@ For this policy to work, you must configure Microsoft Edge in assigned access; o
 
 
 ADMX Info:  
--   GP English name: *Configure kiosk mode*
+-   GP Friendly name: *Configure kiosk mode*
 -   GP name: *ConfigureKioskMode*
 -   GP element: *ConfigureKioskMode_TextBox*
 -   GP path: *Windows Components/Microsoft Edge*
@@ -2365,7 +1871,7 @@ Supported values:
 - If it’s one of many apps, Microsoft Edge runs as normal.
 
 **1**: 
-- If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy. _**For single-app public browsing:**_ If you do not configure the Configure kiosk reset after idle timeout policy and you enable this policy, Microsoft Edge kiosk resets after 5 minutes of idle time.
+- If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy. _**For single-app public browsing:**_ If you don't configure the Configure kiosk reset after idle timeout policy and you enable this policy, Microsoft Edge kiosk resets after 5 minutes of idle time.
 - If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge.
 
 
@@ -2383,32 +1889,15 @@ Supported values:
 **Browser/ConfigureKioskResetAfterIdleTimeout**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -2433,7 +1922,7 @@ You must set ConfigureKioskMode to enabled (1 - InPrivate public browsing) and c
 
 
 ADMX Info:  
--   GP English name: *Configure kiosk reset after idle timeout*
+-   GP Friendly name: *Configure kiosk reset after idle timeout*
 -   GP name: *ConfigureKioskResetAfterIdleTimeout*
 -   GP element: *ConfigureKioskResetAfterIdleTimeout_TextBox*
 -   GP path: *Windows Components/Microsoft Edge*
@@ -2462,32 +1951,15 @@ Supported values:
 **Browser/ConfigureOpenMicrosoftEdgeWith**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -2516,7 +1988,7 @@ When you enable this policy and select an option, and also enter the URLs of the
 
 
 ADMX Info:  
--   GP English name: *Configure Open Microsoft Edge With*
+-   GP Friendly name: *Configure Open Microsoft Edge With*
 -   GP name: *ConfigureOpenEdgeWith*
 -   GP element: *ConfigureOpenEdgeWithListBox*
 -   GP path: *Windows Components/Microsoft Edge*
@@ -2551,32 +2023,15 @@ Supported values:
 **Browser/ConfigureTelemetryForMicrosoft365Analytics**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -2598,7 +2053,7 @@ Supported values:
 
 
 ADMX Info:  
--   GP English name: *Configure collection of browsing data for Microsoft 365 Analytics*
+-   GP Friendly name: *Configure collection of browsing data for Microsoft 365 Analytics*
 -   GP name: *ConfigureTelemetryForMicrosoft365Analytics*
 -   GP element: *ZonesListBox*
 -   GP path: *Data Collection and Preview Builds*
@@ -2629,32 +2084,15 @@ Most restricted value: 0
 **Browser/DisableLockdownOfStartPages**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -2675,15 +2113,15 @@ Most restricted value: 0
 [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../includes/disable-lockdown-of-start-pages-shortdesc.md)]
   
 > [!NOTE]
-> This policy has no effect when the Browser/HomePages policy is not configured. 
+> This policy has no effect when the Browser/HomePages policy isn't configured. 
  
 > [!IMPORTANT]
-> This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the [Microsoft browser extension policy](/legal/windows/agreements/microsoft-browser-extension-policy).
+> This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the [Microsoft browser extension policy](/legal/microsoft-edge/microsoft-browser-extension-policy).
 
 
 
 ADMX Info:  
--   GP English name: *Disable lockdown of Start pages*
+-   GP Friendly name: *Disable lockdown of Start pages*
 -   GP name: *DisableLockdownOfStartPages*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -2705,32 +2143,15 @@ Most restricted value: 0
 **Browser/EnableExtendedBooksTelemetry**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -2752,7 +2173,7 @@ Most restricted value: 0
 
 
 ADMX Info:  
--   GP English name: *Allow extended telemetry for the Books tab*
+-   GP Friendly name: *Allow extended telemetry for the Books tab*
 -   GP name: *EnableExtendedBooksTelemetry*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -2774,32 +2195,15 @@ Most restricted value: 0
 **Browser/EnterpriseModeSiteList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -2818,15 +2222,10 @@ Most restricted value: 0
 
 [!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../includes/configure-enterprise-mode-site-list-shortdesc.md)]
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
- 
-
 
 
 ADMX Info:  
--   GP English name: *Configure the Enterprise Mode Site List*
+-   GP Friendly name: *Configure the Enterprise Mode Site List*
 -   GP name: *EnterpriseModeSiteList*
 -   GP element: *EnterSiteListPrompt*
 -   GP path: *Windows Components/Microsoft Edge*
@@ -2836,7 +2235,7 @@ ADMX Info:
 
 Supported values:
 
--   0 (default) - Turned off. Microsoft Edge does not check the Enterprise Mode Site List, and in this case, users might experience problems while using legacy apps.
+-   0 (default) - Turned off. Microsoft Edge doesn't check the Enterprise Mode Site List, and in this case, users might experience problems while using legacy apps.
 -   1 - Turned on. Microsoft Edge checks the Enterprise Mode Site List if configured. If an XML file exists in the cache container, IE11 waits 65 seconds and then checks the local cache for a new version from the server. If the server has a different version, Microsoft Edge uses the server file and stores it in the cache container. If you already use a site list, Enterprise Mode continues to work during the 65 second, but uses the existing file. To add the location to your site list, enter it in the {URI} box.
                  For details on how to configure the Enterprise Mode Site List, see [Interoperability and enterprise guidance](/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp).
 
 
@@ -2849,32 +2248,15 @@ Supported values:
 **Browser/EnterpriseSiteListServiceUrl**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -2902,32 +2284,15 @@ Supported values:
 **Browser/HomePages**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -2943,20 +2308,17 @@ Supported values:
 
 
 
-> [!NOTE]
-> This policy is only available for Windows 10 for desktop and not supported in Windows 10 Mobile.
-
 
 [!INCLUDE [configure-start-pages-shortdesc](../includes/configure-start-pages-shortdesc.md)]
 
 **Version 1607**
                  
-Starting with this version, the HomePages policy enforces that users cannot change the Start pages settings.
+From this version, the HomePages policy enforces that users can't change the Start pages settings.
 
 **Version 1703**
                  
 If you don't want to send traffic to Microsoft, use the \ value, which honors both domain and non-domain-joined devices when it's the only configured URL. 
 
 **Version 1809**
                  
-When you enable the Configure Open Microsoft Edge With policy and select an option, and you enter the URLs of the pages your want to load as the Start pages in this policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the HomePages policy. 
+When you enable the Configure Open Microsoft Edge With policy and select an option, and you enter the URLs of the pages you want to load as the Start pages in this policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the HomePages policy. 
 
 
 > [!NOTE]
@@ -2965,7 +2327,7 @@ When you enable the Configure Open Microsoft Edge With policy and select an opti
 
 
 ADMX Info:  
--   GP English name: *Configure Start pages*
+-   GP Friendly name: *Configure Start pages*
 -   GP name: *HomePages*
 -   GP element: *HomePagesPrompt*
 -   GP path: *Windows Components/Microsoft Edge*
@@ -2987,32 +2349,15 @@ Supported values:
 **Browser/LockdownFavorites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -3036,7 +2381,7 @@ Supported values:
 
 
 ADMX Info:  
--   GP English name: *Prevent changes to Favorites on Microsoft Edge*
+-   GP Friendly name: *Prevent changes to Favorites on Microsoft Edge*
 -   GP name: *LockdownFavorites*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -3058,32 +2403,15 @@ Most restricted value: 1
 **Browser/PreventAccessToAboutFlagsInMicrosoftEdge**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -3105,7 +2433,7 @@ Most restricted value: 1
 
 
 ADMX Info:  
--   GP English name: *Prevent access to the about:flags page in Microsoft Edge*
+-   GP Friendly name: *Prevent access to the about:flags page in Microsoft Edge*
 -   GP name: *PreventAccessToAboutFlagsInMicrosoftEdge*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -3127,32 +2455,15 @@ Most restricted value: 1
 **Browser/PreventCertErrorOverrides**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -3174,7 +2485,7 @@ Most restricted value: 1
 
 
 ADMX Info:  
--   GP English name: *Prevent certificate error overrides*
+-   GP Friendly name: *Prevent certificate error overrides*
 -   GP name: *PreventCertErrorOverrides*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -3202,32 +2513,15 @@ Most restricted value: 1
 **Browser/PreventFirstRunPage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -3250,7 +2544,7 @@ Most restricted value: 1
 
 
 ADMX Info:  
--   GP English name: *Prevent the First Run webpage from opening on Microsoft Edge*
+-   GP Friendly name: *Prevent the First Run webpage from opening on Microsoft Edge*
 -   GP name: *PreventFirstRunPage*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -3272,32 +2566,15 @@ Most restricted value: 1
 **Browser/PreventLiveTileDataCollection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -3320,7 +2597,7 @@ Most restricted value: 1
 
 
 ADMX Info:  
--   GP English name: *Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start*
+-   GP Friendly name: *Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start*
 -   GP name: *PreventLiveTileDataCollection*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -3342,32 +2619,15 @@ Most restricted value: 1
 **Browser/PreventSmartScreenPromptOverride**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -3388,7 +2648,7 @@ Most restricted value: 1
 
 
 ADMX Info:  
--   GP English name: *Prevent bypassing Windows Defender SmartScreen prompts for sites*
+-   GP Friendly name: *Prevent bypassing Windows Defender SmartScreen prompts for sites*
 -   GP name: *PreventSmartScreenPromptOverride*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -3410,32 +2670,15 @@ Most restricted value: 1
 **Browser/PreventSmartScreenPromptOverrideForFiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -3457,7 +2700,7 @@ Most restricted value: 1
 
 
 ADMX Info:  
--   GP English name: *Prevent bypassing Windows Defender SmartScreen prompts for files*
+-   GP Friendly name: *Prevent bypassing Windows Defender SmartScreen prompts for files*
 -   GP name: *PreventSmartScreenPromptOverrideForFiles*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -3479,32 +2722,15 @@ Most restricted value: 1
 **Browser/PreventTurningOffRequiredExtensions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -3525,7 +2751,7 @@ Most restricted value: 1
 
 
 ADMX Info:  
--   GP English name: *Prevent turning off required extensions*
+-   GP Friendly name: *Prevent turning off required extensions*
 -   GP name: *PreventTurningOffRequiredExtensions*
 -   GP element: *PreventTurningOffRequiredExtensions_Prompt*
 -   GP path: *Windows Components/Microsoft Edge*
@@ -3537,7 +2763,7 @@ Supported values:
 
 - Blank (default) - Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored.
 
-- String - Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper extension prevents users from turning it off:
                        _Microsoft.OneNoteWebClipper8wekyb3d8bbwe_
                  After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. 
                  Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
+- String - Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper extension prevents users from turning it off:
                        _Microsoft.OneNoteWebClipper8wekyb3d8bbwe_
                  After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. 
                  Removing extensions from the list doesn't uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy doesn't prevent users from debugging and altering the logic on an extension.
 
 
 
@@ -3554,32 +2780,15 @@ Supported values:
 **Browser/PreventUsingLocalHostIPAddressForWebRTC**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -3595,15 +2804,13 @@ Supported values:
 
 
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
 
 [!INCLUDE [prevent-using-localhost-ip-address-for-webrtc-shortdesc](../includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md)]
 
 
 
 ADMX Info:  
--   GP English name: *Prevent using Localhost IP address for WebRTC*
+-   GP Friendly name: *Prevent using Localhost IP address for WebRTC*
 -   GP name: *HideLocalHostIPAddress*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -3625,32 +2832,15 @@ Most restricted value: 1
 **Browser/ProvisionFavorites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -3676,7 +2866,7 @@ Define a default list of favorites in Microsoft Edge. In this case, the Save a F
 To define a default list of favorites:
 1. In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.
 2. Click **Import from another browser**, click **Export to file** and save the file.
-3. In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. 
                  Specify the URL as:
                  • HTTP location: "SiteList"=
                  • Local network: "SiteList"="\network\shares\URLs.html"
                  • Local file: "SiteList"=file:///c:/Users/Documents/URLs.html
                  
+3. In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. 
                  Specify the URL as:
                  • HTTP location: "SiteList"=``
                  • Local network: "SiteList"="\network\shares\URLs.html"
                  • Local file: "SiteList"=file:///c:/Users/Documents/URLs.html
                  
 
 
 >[!IMPORTANT]
@@ -3688,7 +2878,7 @@ To define a default list of favorites:
 
 
 ADMX Info:  
--   GP English name: *Provision Favorites*
+-   GP Friendly name: *Provision Favorites*
 -   GP name: *ConfiguredFavorites*
 -   GP element: *ConfiguredFavoritesPrompt*
 -   GP path: *Windows Components/Microsoft Edge*
@@ -3703,32 +2893,15 @@ ADMX Info:
 **Browser/SendIntranetTraffictoInternetExplorer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -3747,14 +2920,10 @@ ADMX Info:
 
 [!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../includes/send-all-intranet-sites-to-ie-shortdesc.md)]
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
 
 
 ADMX Info:  
--   GP English name: *Send all intranet sites to Internet Explorer 11*
+-   GP Friendly name: *Send all intranet sites to Internet Explorer 11*
 -   GP name: *SendIntranetTraffictoInternetExplorer*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -3764,7 +2933,7 @@ ADMX Info:
 Supported values:
 
 - 0 (default) - All sites, including intranet sites, open in Microsoft Edge automatically.
-- 1 - Only intranet sites open in Internet Explorer 11 automatically.
                  Enabling this policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser.
                  1. In Group Policy Editor, navigate to:

                    **Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** and click **Enable**.
                  2. Refresh the policy and then view the affected sites in Microsoft Edge.
                    A message displays saying that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.
                  
+- 1 - Only intranet sites open in Internet Explorer 11 automatically.
                  Enabling this policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser.
                  1. In Group Policy Editor, navigate to:

                    **Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** and click **Enable**.
                  2. Refresh the policy and then view the affected sites in Microsoft Edge.
                    A message displays saying that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it isn't yet running, or in a new tab.
                  
 
 Most restricted value: 0
 
@@ -3777,32 +2946,15 @@ Most restricted value: 0
 **Browser/SetDefaultSearchEngine**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -3823,7 +2975,7 @@ Most restricted value: 0
 [!INCLUDE [set-default-search-engine-shortdesc](../includes/set-default-search-engine-shortdesc.md)]
 
 > [!IMPORTANT]
-> This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the [Microsoft browser extension policy](/legal/windows/agreements/microsoft-browser-extension-policy).
+> This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the [Microsoft browser extension policy](/legal/microsoft-edge/microsoft-browser-extension-policy).
 
 
 Most restricted value:  0
@@ -3831,7 +2983,7 @@ Most restricted value:  0
 
 
 ADMX Info:  
--   GP English name: *Set default search engine*
+-   GP Friendly name: *Set default search engine*
 -   GP name: *SetDefaultSearchEngine*
 -   GP element: *SetDefaultSearchEngine_Prompt*
 -   GP path: *Windows Components/Microsoft Edge*
@@ -3841,9 +2993,9 @@ ADMX Info:
 
 Supported values:
 
-- Blank (default) - Microsoft Edge uses the default search engine specified in App settings. If you don't configure this policy and disable the [AllowSearchEngineCustomization](#browser-allowsearchenginecustomization) policy, users cannot make changes.
+- Blank (default) - Microsoft Edge uses the default search engine specified in App settings. If you don't configure this policy and disable the [AllowSearchEngineCustomization](#browser-allowsearchenginecustomization) policy, users can't make changes.
 - 0 - Microsoft Edge removes the policy-set search engine and uses the Microsoft Edge specified engine for the market.
-- 1 - Microsoft Edge uses the policy-set search engine specified in the OpenSearch XML file. Users cannot change the default search engine.
                  Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.
                  If you want users to use the default Microsoft Edge settings for each market, set the string to **EDGEDEFAULT**.
                  If you want users to use Microsoft Bing as the default search engine, then set the string to **EDGEBING**.
+- 1 - Microsoft Edge uses the policy-set search engine specified in the OpenSearch XML file. Users can't change the default search engine.
                  Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.
                  If you want users to use the default Microsoft Edge settings for each market, set the string to **EDGEDEFAULT**.
                  If you want users to use Microsoft Bing as the default search engine, then set the string to **EDGEBING**.
 
 Most restricted value: 1
 
@@ -3855,32 +3007,15 @@ Most restricted value: 1
 **Browser/SetHomeButtonURL**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -3902,7 +3037,7 @@ Most restricted value: 1
 
 
 ADMX Info:  
--   GP English name: *Set Home Button URL*
+-   GP Friendly name: *Set Home Button URL*
 -   GP name: *SetHomeButtonURL*
 -   GP element: *SetHomeButtonURLPrompt*
 -   GP path: *Windows Components/Microsoft Edge*
@@ -3930,32 +3065,15 @@ Supported values:
 **Browser/SetNewTabPageURL**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -3977,7 +3095,7 @@ Supported values:
 
 
 ADMX Info:  
--   GP English name: *Set New Tab page URL*
+-   GP Friendly name: *Set New Tab page URL*
 -   GP name: *SetNewTabPageURL*
 -   GP element: *SetNewTabPageURLPrompt*
 -   GP path: *Windows Components/Microsoft Edge*
@@ -4004,32 +3122,15 @@ Supported values:
 **Browser/ShowMessageWhenOpeningSitesInInternetExplorer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -4047,14 +3148,10 @@ Supported values:
 
 [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../includes/show-message-when-opening-sites-in-ie-shortdesc.md)]
 
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
 
 
 ADMX Info:  
--   GP English name: *Show message when opening sites in Internet Explorer*
+-   GP Friendly name: *Show message when opening sites in Internet Explorer*
 -   GP name: *ShowMessageWhenOpeningSitesInInternetExplorer*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -4063,9 +3160,9 @@ ADMX Info:
 
 Supported values:
 
--   0 (default) – No additional message displays.
--   1 – Show an additional message stating that a site has opened in IE11.
--   2 - Show an additional message with a "Keep going in Microsoft Edge" link.
+-   0 (default) – No other message displays.
+-   1 – Show another message stating that a site has opened in IE11.
+-   2 - Show another message with a "Keep going in Microsoft Edge" link.
 
 Most restricted value: 0
 
@@ -4077,32 +3174,15 @@ Most restricted value: 0
 **Browser/SuppressEdgeDeprecationNotification**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -4118,17 +3198,14 @@ Most restricted value: 0
 
 
 
-This policy allows Enterprise Admins to turn off the notification for company devices that the Edge Legacy browser is no longer supported after 3/9/2021 to avoid confusion for their enterprise users and reduce help desk calls. 
-By default, a notification will be presented to the user informing them of this upon application startup.
+This policy allows Enterprise Admins to turn off the notification for company devices that the Edge Legacy browser is no longer supported after March 9, 2021, to avoid confusion for their enterprise users and reduce help desk calls. 
+By default, a notification will be presented to the user informing them of this update upon application startup.
 With this policy, you can either allow (default) or suppress this notification.
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
 
 
 ADMX Info:  
--   GP English name: *Suppress Edge Deprecation Notification*
+-   GP Friendly name: *Suppress Edge Deprecation Notification*
 -   GP name: *SuppressEdgeDeprecationNotification*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -4142,35 +3219,18 @@ Supported values:
 
 
                  
 
-**Browser/SyncFavoritesBetweenIEAndMicrosoftEdge**  
+Browser/SyncFavoritesBetweenIEAndMicrosoftEdge
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -4191,13 +3251,10 @@ Supported values:
 
 [!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.  
-
 
 
 ADMX Info:  
--   GP English name: *Keep favorites in sync between Internet Explorer and Microsoft Edge*
+-   GP Friendly name: *Keep favorites in sync between Internet Explorer and Microsoft Edge*
 -   GP name: *SyncFavoritesBetweenIEAndMicrosoftEdge*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -4228,32 +3285,15 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
 **Browser/UnlockHomeButton**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -4276,7 +3316,7 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
 
 
 ADMX Info:  
--   GP English name: *Unlock Home Button*
+-   GP Friendly name: *Unlock Home Button*
 -   GP name: *UnlockHomeButton*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -4303,32 +3343,15 @@ Supported values:
 **Browser/UseSharedFolderForBooks**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
 
 
 
                  
@@ -4350,7 +3373,7 @@ Supported values:
 
 
 ADMX Info:  
--   GP English name: *Allow a shared Books folder*
+-   GP Friendly name: *Allow a shared Books folder*
 -   GP name: *UseSharedFolderForBooks*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -4367,15 +3390,6 @@ Most restricted value: 0
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
index 93e5c5d6cf..1a06b54ae0 100644
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -34,32 +34,15 @@ manager: dansimp
 **Camera/AllowCamera**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -81,7 +64,7 @@ Most restricted value is 0.
 
 
 ADMX Info:  
--   GP English name: *Allow Use of Camera*
+-   GP Friendly name: *Allow Use of Camera*
 -   GP name: *L_AllowCamera*
 -   GP path: *Windows Components/Camera*
 -   GP ADMX file name: *Camera.admx*
@@ -97,16 +80,7 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index ccd0ab26c1..48876d706e 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -14,6 +14,12 @@ manager: dansimp
 
 # Policy CSP - Cellular
 
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 
                  
@@ -46,32 +52,16 @@ manager: dansimp
 **Cellular/LetAppsAccessCellularData**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
 
 
 
                  
@@ -86,24 +76,24 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1709. This policy setting specifies whether Windows apps can access cellular data.
+This policy setting specifies whether Windows apps can access cellular data.
 
 You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
 
 If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device.
 
-If you choose the "Force Allow" option, Windows apps are allowed to access cellular data and employees in your organization cannot change it.
+If you choose the "Force Allow" option, Windows apps are allowed to access cellular data and employees in your organization can't change it.
 
-If you choose the "Force Deny" option, Windows apps are not allowed to access cellular data and employees in your organization cannot change it.
+If you choose the "Force Deny" option, Windows apps aren't allowed to access cellular data and employees in your organization can't change it.
 
-If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device.
+If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device.
 
 If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.”
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access cellular data*
+-   GP Friendly name: *Let Windows apps access cellular data*
 -   GP name: *LetAppsAccessCellularData*
 -   GP element: *LetAppsAccessCellularData_Enum*
 -   GP path: *Network/WWAN Service/Cellular Data Access*
@@ -126,32 +116,15 @@ The following list shows the supported values:
 **Cellular/LetAppsAccessCellularData_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -166,12 +139,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access cellular data*
+-   GP Friendly name: *Let Windows apps access cellular data*
 -   GP name: *LetAppsAccessCellularData*
 -   GP element: *LetAppsAccessCellularData_ForceAllowTheseApps_List*
 -   GP path: *Network/WWAN Service/Cellular Data Access*
@@ -186,32 +159,15 @@ ADMX Info:
 **Cellular/LetAppsAccessCellularData_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -226,12 +182,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access cellular data*
+-   GP Friendly name: *Let Windows apps access cellular data*
 -   GP name: *LetAppsAccessCellularData*
 -   GP element: *LetAppsAccessCellularData_ForceDenyTheseApps_List*
 -   GP path: *Network/WWAN Service/Cellular Data Access*
@@ -246,32 +202,15 @@ ADMX Info:
 **Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -286,12 +225,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
+List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access cellular data*
+-   GP Friendly name: *Let Windows apps access cellular data*
 -   GP name: *LetAppsAccessCellularData*
 -   GP element: *LetAppsAccessCellularData_UserInControlOfTheseApps_List*
 -   GP path: *Network/WWAN Service/Cellular Data Access*
@@ -306,32 +245,15 @@ ADMX Info:
 **Cellular/ShowAppCellularAccessUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -349,19 +271,14 @@ ADMX Info:
 This policy setting configures the visibility of the link to the per-application cellular access control page in the cellular setting UX.
 
 If this policy setting is enabled, a drop-down list box presenting possible values will be active.  Select "Hide" or "Show" to hide or show the link to the per-application cellular access control page.
-If this policy setting is disabled or is not configured, the link to the per-application cellular access control page is showed by default.
+If this policy setting is disabled or isn't configured, the link to the per-application cellular access control page is shown by default.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set Per-App Cellular Access UI Visibility*
+-   GP Friendly name: *Set Per-App Cellular Access UI Visibility*
 -   GP name: *ShowAppCellularAccessUI*
 -   GP path: *Network/WWAN Service/WWAN UI Settings*
 -   GP ADMX file name: *wwansvc.admx*
@@ -370,16 +287,7 @@ ADMX Info:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index 9e0b691757..c556897ebb 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer:
@@ -14,6 +14,14 @@ manager: dansimp
 
 # Policy CSP - Connectivity
 
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
 
                  
 
 
@@ -71,32 +79,15 @@ manager: dansimp
 **Connectivity/AllowBluetooth**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -114,9 +105,9 @@ manager: dansimp
 Allows the user to enable Bluetooth or restrict access.
 
 > [!NOTE]
->  This value is not supported in Windows Phone 8.1 MDM and EAS, Windows 10 for desktop, or Windows 10 Mobile.
+>  This value isn't supported in Windows 10.
 
-If this is not set or it is deleted, the default value of 2 (Allow) is used.
+If this policy isn't set or is deleted, the default value of 2 (Allow) is used.
 
 Most restricted value is 0.
 
@@ -124,9 +115,9 @@ Most restricted value is 0.
 
 The following list shows the supported values:
 
--   0 – Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user will not be able to turn Bluetooth on.
--   1 – Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on.
--   2 (default) – Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on.
+-   0 – Disallow Bluetooth. If the value is set to 0, the radio in the Bluetooth control panel will be grayed out and the user won't be able to turn on Bluetooth.
+-   1 – Reserved. If the value is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn on Bluetooth.
+-   2 (default) – Allow Bluetooth. If the value is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn on Bluetooth.
 
 
 
@@ -137,32 +128,15 @@ The following list shows the supported values:
 **Connectivity/AllowCellularData**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -177,15 +151,15 @@ The following list shows the supported values:
 
 
 
-Allows the cellular data channel on the device. Device reboot is not required to enforce the policy.
+Allows the cellular data channel on the device. Device reboot isn't required to enforce the policy.
 
 
 
 The following list shows the supported values:
 
--   0 – Do not allow the cellular data channel. The user cannot turn it on. This value is not supported in Windows 10, version 1511.
+-   0 – Don't allow the cellular data channel. The user can't turn it on. This value isn't supported in Windows 10, version 1511.
 -   1 (default) – Allow the cellular data channel. The user can turn it off.
--   2 - Allow the cellular data channel. The user cannot turn it off.
+-   2 - Allow the cellular data channel. The user can't turn it off.
 
 
 
@@ -196,32 +170,15 @@ The following list shows the supported values:
 **Connectivity/AllowCellularDataRoaming**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -236,14 +193,14 @@ The following list shows the supported values:
 
 
 
-Allows or disallows cellular data roaming on the device. Device reboot is not required to enforce the policy.
+Allows or disallows cellular data roaming on the device. Device reboot isn't required to enforce the policy.
 
 Most restricted value is 0.
 
 
 
 ADMX Info:
--   GP English name: *Prohibit connection to roaming Mobile Broadband networks*
+-   GP Friendly name: *Prohibit connection to roaming Mobile Broadband networks*
 -   GP name: *WCM_DisableRoaming*
 -   GP path: *Network/Windows Connection Manager*
 -   GP ADMX file name: *WCM.admx*
@@ -252,15 +209,15 @@ ADMX Info:
 
 The following list shows the supported values:
 
--   0 – Do not allow cellular data roaming. The user cannot turn it on. This value is not supported in Windows 10, version 1511.
+-   0 – Don't allow cellular data roaming. The user can't turn it on. This value isn't supported in Windows 10, version 1511.
 -   1 (default) – Allow cellular data roaming.
--   2 - Allow cellular data roaming on. The user cannot turn it off.
+-   2 - Allow cellular data roaming on. The user can't turn it off.
 
 
 
 To validate, the enterprise can confirm by observing the roaming enable switch in the UX. It will be inactive if the roaming policy is being enforced by the enterprise policy.
 
-To validate on mobile devices, do the following:
+To validate on devices, perform the following steps:
 
 1.  Go to Cellular & SIM.
 2.  Click on the SIM (next to the signal strength icon) and select **Properties**.
@@ -275,32 +232,15 @@ To validate on mobile devices, do the following:
 **Connectivity/AllowConnectedDevices**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -318,7 +258,7 @@ To validate on mobile devices, do the following:
 > [!NOTE]
 > This policy requires reboot to take effect.
 
-Added in Windows 10, version 1703. Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences.
+Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences.
 
 
 
@@ -336,32 +276,15 @@ The following list shows the supported values:
 **Connectivity/AllowPhonePCLinking**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -376,10 +299,10 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue tasks, such as reading, email, and other tasks that require linking between Phone and PC.
+This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue tasks, such as reading, email, and other tasks that require linking between Phone and PC.
 
-If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'. If you disable this policy setting, the Windows device is not allowed to be linked to phones, will remove itself from the device list of any linked Phones, and cannot participate in 'Continue on PC experiences'.
-If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
+If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'. If you disable this policy setting, the Windows device isn't allowed to be linked to phones, will remove itself from the device list of any linked Phones, and can't participate in 'Continue on PC experiences'.
+If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
 
 
 
@@ -391,14 +314,14 @@ ADMX Info:
 
 This setting supports a range of values between 0 and 1.
 
-- 0 - Do not link
+- 0 - Don't link
 - 1 (default) - Allow phone-PC linking
 
 
 
 Validation:
 
-If the Connectivity/AllowPhonePCLinking policy is configured to value 0, the add a phone button in the Phones section in settings will be grayed out and clicking it will not launch the window for a user to enter their phone number.
+If the Connectivity/AllowPhonePCLinking policy is configured to value 0, the add a phone button in the Phones section in settings will be grayed out and clicking it won't launch the window for a user to enter their phone number.
 
 Device that has previously opt-in to MMX will also stop showing on the device list.
 
@@ -411,32 +334,15 @@ Device that has previously opt-in to MMX will also stop showing on the device li
 **Connectivity/AllowUSBConnection**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecross mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|No|No|
+|Education|No|No|
+
 
 
 
                  
@@ -454,7 +360,7 @@ Device that has previously opt-in to MMX will also stop showing on the device li
 > [!NOTE]
 > Currently, this policy is supported only in HoloLens 2, Hololens (1st gen) Commercial Suite, and HoloLens (1st gen) Development Edition.
 
-Enables USB connection between the device and a computer to sync files with the device or to use developer tools to deploy or debug applications. Changing this policy does not affect USB charging.
+Enables USB connection between the device and a computer to sync files with the device or to use developer tools to deploy or debug applications. Changing this policy doesn't affect USB charging.
 
 Both Media Transfer Protocol (MTP) and IP over USB are disabled when this policy is enforced.
 
@@ -476,32 +382,15 @@ The following list shows the supported values:
 **Connectivity/AllowVPNOverCellular**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -524,7 +413,7 @@ Most restricted value is 0.
 
 The following list shows the supported values:
 
--   0 – VPN is not allowed over cellular.
+-   0 – VPN isn't allowed over cellular.
 -   1 (default) – VPN can use any connection, including cellular.
 
 
@@ -536,32 +425,15 @@ The following list shows the supported values:
 **Connectivity/AllowVPNRoamingOverCellular**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -596,32 +468,15 @@ The following list shows the supported values:
 **Connectivity/DisablePrintingOverHTTP**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -638,27 +493,22 @@ The following list shows the supported values:
 
 This policy setting specifies whether to allow printing over HTTP from this client.
 
-Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.
+Printing over HTTP allows a client to print to printers on the intranet and the Internet.
 
-Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.
+Note: This policy setting affects the client side of Internet printing only. It doesn't prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.
 
 If you enable this policy setting, it prevents this client from printing to Internet printers over HTTP.
 
-If you disable or do not configure this policy setting, users can choose to print to Internet printers over HTTP.
+If you disable or don't configure this policy setting, users can choose to print to Internet printers over HTTP.
 
 Also, see the "Web-based printing" policy setting in Computer Configuration/Administrative Templates/Printers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:
--   GP English name: *Turn off printing over HTTP*
+-   GP Friendly name: *Turn off printing over HTTP*
 -   GP name: *DisableHTTPPrinting_2*
 -   GP path: *Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -672,32 +522,15 @@ ADMX Info:
 **Connectivity/DisableDownloadingOfPrintDriversOverHTTP**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -716,23 +549,18 @@ This policy setting specifies whether to allow this client to download print dri
 
 To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.
 
-Note: This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP.  It only prohibits downloading drivers that are not already installed locally.
+Note: This policy setting doesn't prevent the client from printing to printers on the Intranet or the Internet over HTTP.  It only prohibits downloading drivers that aren't already installed locally.
 
-If you enable this policy setting, print drivers cannot be downloaded over HTTP.
+If you enable this policy setting, print drivers can't be downloaded over HTTP.
 
-If you disable or do not configure this policy setting, users can download print drivers over HTTP.
+If you disable or don't configure this policy setting, users can download print drivers over HTTP.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:
--   GP English name: *Turn off downloading of print drivers over HTTP*
+-   GP Friendly name: *Turn off downloading of print drivers over HTTP*
 -   GP name: *DisableWebPnPDownload_2*
 -   GP path: *Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -746,32 +574,15 @@ ADMX Info:
 **Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -790,23 +601,18 @@ This policy setting specifies whether Windows should download a list of provider
 
 These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry.
 
-If you enable this policy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed.
+If you enable this policy setting, Windows doesn't download providers, and only the service providers that are cached in the local registry are displayed.
 
-If you disable or do not configure this policy setting, a list of providers are downloaded when the user uses the web publishing or online ordering wizards.
+If you disable or don't configure this policy setting, a list of providers is downloaded when the user uses the web publishing or online ordering wizards.
 
-See the documentation for the web publishing and online ordering wizards for more information, including details on specifying service providers in the registry.
+For more information, including details on specifying service providers in the registry, see the documentation for the web publishing and online ordering wizards.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:
--   GP English name: *Turn off Internet download for Web publishing and online ordering wizards*
+-   GP Friendly name: *Turn off Internet download for Web publishing and online ordering wizards*
 -   GP name: *ShellPreventWPWDownload_2*
 -   GP path: *Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -820,32 +626,15 @@ ADMX Info:
 **Connectivity/DisallowNetworkConnectivityActiveTests**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -860,14 +649,14 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to  to determine if the device can communicate with the Internet.  This policy disables the NCSI active probe, preventing network connectivity to www.msftconnecttest.com.
+Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to `` to determine if the device can communicate with the Internet.  This policy disables the NCSI active probe, preventing network connectivity to `www.msftconnecttest.com`.
 
 Value type is integer.
 
 
 
 ADMX Info:
--   GP English name: *Turn off Windows Network Connectivity Status Indicator active tests*
+-   GP Friendly name: *Turn off Windows Network Connectivity Status Indicator active tests*
 -   GP name: *NoActiveProbe*
 -   GP path: *Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -881,32 +670,15 @@ ADMX Info:
 **Connectivity/HardenedUNCPaths**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -923,19 +695,14 @@ ADMX Info:
 
 This policy setting configures secure access to UNC paths.
 
-If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements.
+If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling other security requirements.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:
--   GP English name: *Hardened UNC Paths*
+-   GP Friendly name: *Hardened UNC Paths*
 -   GP name: *Pol_HardenedPaths*
 -   GP path: *Network/Network Provider*
 -   GP ADMX file name: *networkprovider.admx*
@@ -949,32 +716,15 @@ ADMX Info:
 **Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -991,23 +741,18 @@ ADMX Info:
 
 Determines whether a user can install and configure the Network Bridge.
 
-Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply.
+Important: This setting is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting doesn't apply.
 
 The Network Bridge allows users to create a layer 2 MAC bridge, enabling them to connect two or more network segments together. This connection appears in the Network Connections folder.
 
-If you disable this setting or do not configure it, the user will be able to create and modify the configuration of a Network Bridge. Enabling this setting does not remove an existing Network Bridge from the user's computer.
+If you disable this setting or don't configure it, the user will be able to create and modify the configuration of a Network Bridge. Enabling this setting doesn't remove an existing Network Bridge from the user's computer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:
--   GP English name: *Prohibit installation and configuration of Network Bridge on your DNS domain network*
+-   GP Friendly name: *Prohibit installation and configuration of Network Bridge on your DNS domain network*
 -   GP name: *NC_AllowNetBridge_NLA*
 -   GP path: *Network/Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -1017,16 +762,6 @@ ADMX Info:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-- 9 - Available in Windows 10, version 2009.
 
 
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index b1e5575610..e66ffbee8b 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -33,32 +33,15 @@ manager: dansimp
 **ControlPolicyConflict/MDMWinsOverGP**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -73,7 +56,7 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1803. This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy (GP) are set on the device.
+This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy (GP) are set on the device.
 
 > [!NOTE]
 > MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs.
@@ -88,9 +71,9 @@ The following list shows the supported values:
 - 0 (default)
 - 1 - The MDM policy is used and the GP policy is blocked.
 
-The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy. This ensures that:
+The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the first set of the policy. This activation ensures that:
 
--  GP settings that correspond to MDM applied settings are not conflicting 
+-  GP settings that correspond to MDM applied settings aren't conflicting 
 -  The current Policy Manager policies are refreshed from what MDM has set 
 -  Any values set by scripts/user outside of GP that conflict with MDM are removed
 
@@ -117,15 +100,6 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index 89e4817ce7..21357c48c3 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -14,6 +14,12 @@ manager: dansimp
 
 # Policy CSP - CredentialProviders
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 
                  
@@ -40,32 +46,15 @@ manager: dansimp
 **CredentialProviders/AllowPINLogon**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -86,21 +75,17 @@ If you enable this policy setting, a domain user can set up and sign in with a c
 
 If you disable or don't configure this policy setting, a domain user can't set up and use a convenience PIN.
 
-Note: The user's domain password will be cached in the system vault when using this feature.
+> [!NOTE]
+> The user's domain password will be cached in the system vault when using this feature.
 
 To configure Windows Hello for Business, use the Administrative Template policies under Windows Hello for Business.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn on convenience PIN sign-in*
+-   GP Friendly name: *Turn on convenience PIN sign-in*
 -   GP name: *AllowDomainPINLogon*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *credentialproviders.admx*
@@ -114,32 +99,15 @@ ADMX Info:
 **CredentialProviders/BlockPicturePassword**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -163,16 +131,11 @@ If you disable or don't configure this policy setting, a domain user can set up
 Note that the user's domain password will be cached in the system vault when using this feature.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Turn off picture password sign-in*
+-   GP Friendly name: *Turn off picture password sign-in*
 -   GP name: *BlockDomainPicturePassword*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *credentialproviders.admx*
@@ -186,32 +149,15 @@ ADMX Info:
 **CredentialProviders/DisableAutomaticReDeploymentCredentials**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -226,7 +172,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. Boolean policy to disable the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device.
+Boolean policy to disable the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device.
 
 The Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the Autopilot Reset is triggered the devices are for ready for use by information workers or students.
 
@@ -241,16 +187,7 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
index 71447f45ab..da8c5cd222 100644
--- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md
+++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -14,6 +14,12 @@ manager: dansimp
 
 # Policy CSP - CredentialsDelegation
 
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 
                  
@@ -34,32 +40,15 @@ manager: dansimp
 **CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -76,23 +65,18 @@ manager: dansimp
 
 Remote host allows delegation of non-exportable credentials
 
-When using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host.
+When credential delegation is being used, devices provide an exportable version of credentials to the remote host. This version exposes users to the risk of credential theft from attackers on the remote host.
 
 If you enable this policy setting, the host supports Restricted Admin or Remote Credential Guard mode.
 
-If you disable or do not configure this policy setting, Restricted Administration and Remote Credential Guard mode are not supported. User will always need to pass their credentials to the host.
+If you disable or don't configure this policy setting, Restricted Administration and Remote Credential Guard mode aren't supported. User will always need to pass their credentials to the host.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Remote host allows delegation of non-exportable credentials*
+-   GP Friendly name: *Remote host allows delegation of non-exportable credentials*
 -   GP name: *AllowProtectedCreds*
 -   GP path: *System/Credentials Delegation*
 -   GP ADMX file name: *CredSsp.admx*
@@ -101,16 +85,7 @@ ADMX Info:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
index 5ccf34a12e..f242322253 100644
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -14,7 +14,12 @@ manager: dansimp
 
 # Policy CSP - CredentialsUI
 
-
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -37,32 +42,15 @@ manager: dansimp
 **CredentialsUI/DisablePasswordReveal**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -80,25 +68,20 @@ manager: dansimp
 
 This policy setting allows you to configure the display of the password reveal button in password entry user experiences.
 
-If you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box.
+If you enable this policy setting, the password reveal button won't be displayed after a user types a password in the password entry text box.
 
-If you disable or do not configure this policy setting, the password reveal button will be displayed after a user types a password in the password entry text box.
+If you disable or don't configure this policy setting, the password reveal button will be displayed after a user types a password in the password entry text box.
 
 By default, the password reveal button is displayed after a user types a password in the password entry text box. To display the password, click the password reveal button.
 
 The policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Do not display the password reveal button*
+-   GP Friendly name: *Do not display the password reveal button*
 -   GP name: *DisablePasswordReveal*
 -   GP path: *Windows Components/Credential User Interface*
 -   GP ADMX file name: *credui.admx*
@@ -112,32 +95,15 @@ ADMX Info:
 **CredentialsUI/EnumerateAdministrators**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -152,23 +118,18 @@ ADMX Info:
 
 
 
-This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application.
+This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts aren't displayed when the user attempts to elevate a running application.
 
 If you enable this policy setting, all local administrator accounts on the PC will be displayed so the user can choose one and enter the correct password.
 
 If you disable this policy setting, users will always be required to type a user name and password to elevate.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Enumerate administrator accounts on elevation*
+-   GP Friendly name: *Enumerate administrator accounts on elevation*
 -   GP name: *EnumerateAdministrators*
 -   GP path: *Windows Components/Credential User Interface*
 -   GP ADMX file name: *credui.admx*
@@ -177,16 +138,7 @@ ADMX Info:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index b141d4387b..0e746278c6 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -37,32 +37,15 @@ manager: dansimp
 **Cryptography/AllowFipsAlgorithmPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -82,7 +65,7 @@ Allows or disallows the Federal Information Processing Standard (FIPS) policy.
 
 
 ADMX Info:  
--   GP English name: *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*
+-   GP Friendly name: *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -106,32 +89,15 @@ The following list shows the supported values:
 **Cryptography/TLSCipherSuites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -164,16 +130,7 @@ Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md
index afbff9a990..6b464729c7 100644
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -37,32 +37,15 @@ manager: dansimp
 **DataProtection/AllowDirectMemoryAccess**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -97,32 +80,15 @@ The following list shows the supported values:
 **DataProtection/LegacySelectiveWipeID**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -150,15 +116,6 @@ Setting used by Windows 8.1 Selective Wipe.
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index cb540b3415..73b7408f51 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -14,7 +14,12 @@ manager: dansimp
 
 # Policy CSP - DataUsage
 
-
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -50,32 +55,15 @@ This policy is deprecated in Windows 10, version 1809.
 **DataUsage/SetCost4G**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -103,16 +91,11 @@ If this policy setting is enabled, a drop-down list box presenting possible cost
 If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set 4G Cost*
+-   GP Friendly name: *Set 4G Cost*
 -   GP name: *SetCost4G*
 -   GP path: *Network/WWAN Service/WWAN Media Cost*
 -   GP ADMX file name: *wwansvc.admx*
@@ -121,16 +104,7 @@ ADMX Info:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index f70dd9c0e5..7a37cafe94 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -5,11 +5,12 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
-ms.date: 01/08/2020
+ms.date: 12/29/2021
 ms.reviewer: 
 manager: dansimp
+ms.collection: highpri
 ---
 
 # Policy CSP - Defender
@@ -43,9 +44,6 @@ manager: dansimp
   
                  
     Defender/AllowIOAVProtection
   
                  
-  
                  
-    Defender/AllowIntrusionPreventionSystem
-  
                  
   
                  
     Defender/AllowOnAccessProtection
   
                  
@@ -130,6 +128,9 @@ manager: dansimp
   
                  
     Defender/ScheduleScanTime
   
                  
+  
                  
+    Defender/SecurityIntelligenceLocation
+  
                  
   
                  
     Defender/SignatureUpdateFallbackOrder
   
                  
@@ -154,32 +155,15 @@ manager: dansimp
 **Defender/AllowArchiveScanning**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -203,7 +187,7 @@ Allows or disallows scanning of archives.
 
 
 ADMX Info:  
--   GP English name: *Scan archive files*
+-   GP Friendly name: *Scan archive files*
 -   GP name: *Scan_DisableArchiveScanning*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -224,32 +208,15 @@ The following list shows the supported values:
 **Defender/AllowBehaviorMonitoring**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -273,7 +240,7 @@ Allows or disallows Windows Defender Behavior Monitoring functionality.
 
 
 ADMX Info:  
--   GP English name: *Turn on behavior monitoring*
+-   GP Friendly name: *Turn on behavior monitoring*
 -   GP name: *RealtimeProtection_DisableBehaviorMonitoring*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -294,32 +261,15 @@ The following list shows the supported values:
 **Defender/AllowCloudProtection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -343,7 +293,7 @@ To best protect your PC, Windows Defender will send information to Microsoft abo
 
 
 ADMX Info:  
--   GP English name: *Join Microsoft MAPS*
+-   GP Friendly name: *Join Microsoft MAPS*
 -   GP name: *SpynetReporting*
 -   GP element: *SpynetReporting*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/MAPS*
@@ -365,32 +315,15 @@ The following list shows the supported values:
 **Defender/AllowEmailScanning**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -414,7 +347,7 @@ Allows or disallows scanning of email.
 
 
 ADMX Info:  
--   GP English name: *Turn on e-mail scanning*
+-   GP Friendly name: *Turn on e-mail scanning*
 -   GP name: *Scan_DisableEmailScanning*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -435,32 +368,15 @@ The following list shows the supported values:
 **Defender/AllowFullScanOnMappedNetworkDrives**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -484,7 +400,7 @@ Allows or disallows a full scan of mapped network drives.
 
 
 ADMX Info:  
--   GP English name: *Run full scan on mapped network drives*
+-   GP Friendly name: *Run full scan on mapped network drives*
 -   GP name: *Scan_DisableScanningMappedNetworkDrivesForFullScan*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -505,32 +421,15 @@ The following list shows the supported values:
 **Defender/AllowFullScanRemovableDriveScanning**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -554,7 +453,7 @@ Allows or disallows a full scan of removable drives. During a quick scan, remova
 
 
 ADMX Info:  
--   GP English name: *Scan removable drives*
+-   GP Friendly name: *Scan removable drives*
 -   GP name: *Scan_DisableRemovableDriveScanning*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -575,32 +474,15 @@ The following list shows the supported values:
 **Defender/AllowIOAVProtection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -624,7 +506,7 @@ Allows or disallows Windows Defender IOAVP Protection functionality.
 
 
 ADMX Info:  
--   GP English name: *Scan all downloaded files and attachments*
+-   GP Friendly name: *Scan all downloaded files and attachments*
 -   GP name: *RealtimeProtection_DisableIOAVProtection*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -641,98 +523,19 @@ The following list shows the supported values:
 
 
                  
 
-
-**Defender/AllowIntrusionPreventionSystem**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
-
-
-
                  
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
                  
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-Allows or disallows Windows Defender Intrusion Prevention functionality.
-
-
-
-The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-
-
-
-
                  
-
 
 **Defender/AllowOnAccessProtection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -756,7 +559,7 @@ Allows or disallows Windows Defender On Access Protection functionality.
 
 
 ADMX Info:  
--   GP English name: *Monitor file and program activity on your computer*
+-   GP Friendly name: *Monitor file and program activity on your computer*
 -   GP name: *RealtimeProtection_DisableOnAccessProtection*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -771,38 +574,24 @@ The following list shows the supported values:
 
 
 
+> [!IMPORTANT]
+> AllowOnAccessProtection is officially being deprecated.
+
 
                  
 
 
 **Defender/AllowRealtimeMonitoring**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -821,12 +610,12 @@ The following list shows the supported values:
 > This policy is only enforced in Windows 10 for desktop.
 
 
-Allows or disallows Windows Defender Realtime Monitoring functionality.
+Allows or disallows Windows Defender real-time Monitoring functionality.
 
 
 
 ADMX Info:  
--   GP English name: *Turn off real-time protection*
+-   GP Friendly name: *Turn off real-time protection*
 -   GP name: *DisableRealtimeMonitoring*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -847,32 +636,15 @@ The following list shows the supported values:
 **Defender/AllowScanningNetworkFiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -896,7 +668,7 @@ Allows or disallows a scanning of network files.
 
 
 ADMX Info:  
--   GP English name: *Scan network files*
+-   GP Friendly name: *Scan network files*
 -   GP name: *Scan_DisableScanningNetworkFiles*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -917,32 +689,15 @@ The following list shows the supported values:
 **Defender/AllowScriptScanning**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -979,32 +734,15 @@ The following list shows the supported values:
 **Defender/AllowUserUIAccess**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1023,12 +761,12 @@ The following list shows the supported values:
 > This policy is only enforced in Windows 10 for desktop.
 
 
-Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed.
+Allows or disallows user access to the Windows Defender UI. I disallowed, all Windows Defender notifications will also be suppressed.
 
 
 
 ADMX Info:  
--   GP English name: *Enable headless UI mode*
+-   GP Friendly name: *Enable headless UI mode*
 -   GP name: *UX_Configuration_UILockdown*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Client Interface*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1049,32 +787,15 @@ The following list shows the supported values:
 **Defender/AttackSurfaceReductionOnlyExclusions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark3
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1093,14 +814,14 @@ The following list shows the supported values:
 > This policy is only enforced in Windows 10 for desktop.
 
 
-Added in Windows 10, version 1709. This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe"..
+This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe"..
 
 Value type is string.
 
 
 
 ADMX Info:  
--   GP English name: *Exclude files and paths from Attack Surface Reduction Rules*
+-   GP Friendly name: *Exclude files and paths from Attack Surface Reduction Rules*
 -   GP name: *ExploitGuard_ASR_ASROnlyExclusions*
 -   GP element: *ExploitGuard_ASR_ASROnlyExclusions*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Attack Surface Reduction*
@@ -1115,32 +836,15 @@ ADMX Info:
 **Defender/AttackSurfaceReductionRules**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark3
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1159,7 +863,7 @@ ADMX Info:
 > This policy is only enforced in Windows 10 for desktop.
 
 
-Added in Windows 10, version 1709. This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule.
+This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (Azure Site Recovery) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule.
 
 For more information about ASR rule ID and status ID, see [Enable Attack Surface Reduction](/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction).
 
@@ -1168,7 +872,7 @@ Value type is string.
 
 
 ADMX Info:  
--   GP English name: *Configure Attack Surface Reduction rules*
+-   GP Friendly name: *Configure Attack Surface Reduction rules*
 -   GP name: *ExploitGuard_ASR_Rules*
 -   GP element: *ExploitGuard_ASR_Rules*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Attack Surface Reduction*
@@ -1183,32 +887,15 @@ ADMX Info:
 **Defender/AvgCPULoadFactor**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1235,7 +922,7 @@ The default value is 50.
 
 
 ADMX Info:  
--   GP English name: *Specify the maximum percentage of CPU utilization during a scan*
+-   GP Friendly name: *Specify the maximum percentage of CPU utilization during a scan*
 -   GP name: *Scan_AvgCPULoadFactor*
 -   GP element: *Scan_AvgCPULoadFactor*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Scan*
@@ -1254,32 +941,15 @@ Valid values: 0–100
 **Defender/CheckForSignaturesBeforeRunningScan**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1296,11 +966,11 @@ Valid values: 0–100
 
 This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. 
 
-This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate", but it has no effect on scans initiated manually from the user interface.
+This setting applies to scheduled scans and the command line "mpcmdrun -SigUpdate", but it has no effect on scans initiated manually from the user interface.
 
 If you enable this setting, a check for new definitions will occur before running a scan.
 
-If you disable this setting or do not configure this setting, the scan will start using the existing definitions.
+If you disable this setting or don't configure this setting, the scan will start using the existing definitions.
 
 Supported values:
 
@@ -1312,7 +982,7 @@ OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/CheckForSignaturesBeforeRunni
 
 
 ADMX Info:  
--   GP English name: *Check for the latest virus and spyware definitions before running a scheduled scan*
+-   GP Friendly name: *Check for the latest virus and spyware definitions before running a scheduled scan*
 -   GP name: *CheckForSignaturesBeforeRunningScan*
 -   GP element: *CheckForSignaturesBeforeRunningScan*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Scan*
@@ -1336,32 +1006,15 @@ ADMX Info:
 **Defender/CloudBlockLevel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark3
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1380,7 +1033,7 @@ ADMX Info:
 > This policy is only enforced in Windows 10 for desktop.
 
 
-Added in Windows 10, version 1709. This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.
+This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.
 
 If this setting is on, Microsoft Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. 
 
@@ -1392,7 +1045,7 @@ For more information about specific values that are supported, see the Microsoft
 
 
 ADMX Info:  
--   GP English name: *Select cloud protection level*
+-   GP Friendly name: *Select cloud protection level*
 -   GP name: *MpEngine_MpCloudBlockLevel*
 -   GP element: *MpCloudBlockLevel*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/MpEngine*
@@ -1404,7 +1057,7 @@ The following list shows the supported values:
 
 - 0x0 - Default windows defender blocking level
 - 0x2 - High blocking level - aggressively block unknowns while optimizing client performance (greater chance of false positives)       
-- 0x4 - High+ blocking level – aggressively block unknowns and apply additional protection measures (may impact  client performance)
+- 0x4 - High+ blocking level – aggressively block unknowns and apply more protection measures (may impact  client performance)
 - 0x6 - Zero tolerance blocking level – block all unknown executables
 
 
@@ -1416,32 +1069,15 @@ The following list shows the supported values:
 **Defender/CloudExtendedTimeout**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark3
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1459,9 +1095,9 @@ The following list shows the supported values:
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
 
-Added in Windows 10, version 1709. This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50.
+This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50.
 
-The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. 
+The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an extra 50 seconds. 
 
 For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds. 
 
@@ -1471,7 +1107,7 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se
 
 
 ADMX Info:  
--   GP English name: *Configure extended cloud check*
+-   GP Friendly name: *Configure extended cloud check*
 -   GP name: *MpEngine_MpBafsExtendedTimeout*
 -   GP element: *MpBafsExtendedTimeout*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/MpEngine*
@@ -1486,32 +1122,15 @@ ADMX Info:
 **Defender/ControlledFolderAccessAllowedApplications**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark3
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1529,12 +1148,12 @@ ADMX Info:
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications.
 
-Added in Windows 10, version 1709. This policy setting allows user-specified applications to the controlled folder access feature. Adding an allowed application means the controlled folder access feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Microsoft Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the | as the substring separator.
+Added in Windows 10, version 1709. This policy setting allows user-specified applications to the controlled folder access feature. Adding an allowed application means the controlled folder access feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it won't be necessary to add entries. Microsoft Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the | as the substring separator.
 
 
 
 ADMX Info:  
--   GP English name: *Configure allowed applications*
+-   GP Friendly name: *Configure allowed applications*
 -   GP name: *ExploitGuard_ControlledFolderAccess_AllowedApplications*
 -   GP element: *ExploitGuard_ControlledFolderAccess_AllowedApplications*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access*
@@ -1549,32 +1168,15 @@ ADMX Info:
 **Defender/ControlledFolderAccessProtectedFolders**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark3
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1592,12 +1194,12 @@ ADMX Info:
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders.
 
-Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the controlled folder access feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the | as the substring separator.
+This policy setting allows adding user-specified folder locations to the controlled folder access feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can't be changed. Value type is string. Use the | as the substring separator.
 
 
 
 ADMX Info:  
--   GP English name: *Configure protected folders*
+-   GP Friendly name: *Configure protected folders*
 -   GP name: *ExploitGuard_ControlledFolderAccess_ProtectedFolders*
 -   GP element: *ExploitGuard_ControlledFolderAccess_ProtectedFolders*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access*
@@ -1612,32 +1214,15 @@ ADMX Info:
 **Defender/DaysToRetainCleanedMalware**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1659,12 +1244,12 @@ ADMX Info:
 Time period (in days) that quarantine items will be stored on the system.
 
 
-The default value is 0, which keeps items in quarantine, and does not automatically remove them.
+The default value is 0, which keeps items in quarantine, and doesn't automatically remove them.
 
 
 
 ADMX Info:  
--   GP English name: *Configure removal of items from Quarantine folder*
+-   GP Friendly name: *Configure removal of items from Quarantine folder*
 -   GP name: *Quarantine_PurgeItemsAfterDelay*
 -   GP element: *Quarantine_PurgeItemsAfterDelay*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Quarantine*
@@ -1683,32 +1268,15 @@ Valid values: 0–90
 **Defender/DisableCatchupFullScan**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1725,9 +1293,9 @@ Valid values: 0–90
 
 This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed.  Usually these scheduled scans are missed because the computer was turned off at the scheduled time. 
 
-If you enable this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer.  If there is no scheduled scan configured, there will be no catch-up scan run. 
+If you enable this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone signs in to the computer.  If there's no scheduled scan configured, there will be no catch-up scan run. 
 
-If you disable or do not configure this setting, catch-up scans for scheduled full scans will be turned off.
+If you disable or don't configure this setting, catch-up scans for scheduled full scans will be turned off.
 
 Supported values:
 
@@ -1739,7 +1307,7 @@ OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/DisableCatchupFullScan
 
 
 ADMX Info:  
--   GP English name: *Turn on catch-up full scan*
+-   GP Friendly name: *Turn on catch-up full scan*
 -   GP name: *Scan_DisableCatchupFullScan*
 -   GP element: *Scan_DisableCatchupFullScan*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Scan*
@@ -1763,32 +1331,15 @@ ADMX Info:
 **Defender/DisableCatchupQuickScan**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1805,9 +1356,9 @@ ADMX Info:
 
 This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. 
 
-If you enable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run.
+If you enable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone signs in to the computer. If there's no scheduled scan configured, there will be no catch-up scan run.
 
-If you disable or do not configure this setting, catch-up scans for scheduled quick scans will be turned off.
+If you disable or don't configure this setting, catch-up scans for scheduled quick scans will be turned off.
 
 Supported values:
 
@@ -1819,7 +1370,7 @@ OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/DisableCatchupQuickScan
 
 
 ADMX Info:  
--   GP English name: *Turn on catch-up quick scan*
+-   GP Friendly name: *Turn on catch-up quick scan*
 -   GP name: *Scan_DisableCatchupQuickScan*
 -   GP element: *Scan_DisableCatchupQuickScan*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Scan*
@@ -1843,32 +1394,15 @@ ADMX Info:
 **Defender/EnableControlledFolderAccess**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark3
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1886,12 +1420,12 @@ ADMX Info:
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop. The previous name was EnableGuardMyFolders  and changed to EnableControlledFolderAccess.
 
-Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the controlled folder access feature. The controlled folder access feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2.
+This policy enables setting the state (On/Off/Audit) for the controlled folder access feature. The controlled folder access feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2.
 
 
 
 ADMX Info:  
--   GP English name: *Configure Controlled folder access*
+-   GP Friendly name: *Configure Controlled folder access*
 -   GP name: *ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess*
 -   GP element: *ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access*
@@ -1914,32 +1448,15 @@ The following list shows the supported values:
 **Defender/EnableLowCPUPriority**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1958,7 +1475,7 @@ This policy setting allows you to enable or disable low CPU priority for schedul
 
 If you enable this setting, low CPU priority will be used during scheduled scans.
 
-If you disable or do not configure this setting, not changes will be made to CPU priority for scheduled scans.
+If you disable or don't configure this setting, not changes will be made to CPU priority for scheduled scans.
 
 Supported values:
 
@@ -1968,7 +1485,7 @@ Supported values:
 
 
 ADMX Info:  
--   GP English name: *Configure low CPU priority for scheduled scans*
+-   GP Friendly name: *Configure low CPU priority for scheduled scans*
 -   GP name: *Scan_LowCpuPriority*
 -   GP element: *Scan_LowCpuPriority*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Scan*
@@ -1992,32 +1509,15 @@ ADMX Info:
 **Defender/EnableNetworkProtection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark3
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2035,18 +1535,18 @@ ADMX Info:
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
 
-Added in Windows 10, version 1709. This policy allows you to turn network protection on (block/audit) or off. Network protection protects employees using any app from accessing phishing scams, exploit-hosting sites, and malicious content on the Internet. This includes preventing third-party browsers from connecting to dangerous sites. Value type is integer.
+This policy allows you to turn on network protection (block/audit) or off. Network protection protects employees using any app from accessing phishing scams, exploit-hosting sites, and malicious content on the Internet. This protection includes preventing third-party browsers from connecting to dangerous sites. Value type is integer.
 
 If you enable this setting, network protection is turned on and employees can't turn it off. Its behavior can be controlled by the following options: Block and Audit.
-If you enable this policy with the ""Block"" option, users/apps will be blocked from connecting to dangerous domains. You will be able to see this activity in Windows Defender Security Center.
-If you enable this policy with the ""Audit"" option, users/apps will not be blocked from connecting to dangerous domains. However, you will still see this activity in Windows Defender Security Center.
-If you disable this policy, users/apps will not be blocked from connecting to dangerous domains. You will not see any network activity in Windows Defender Security Center.
-If you do not configure this policy, network blocking will be disabled by default.
+If you enable this policy with the ""Block"" option, users/apps will be blocked from connecting to dangerous domains. You'll be able to see this activity in Windows Defender Security Center.
+If you enable this policy with the ""Audit"" option, users/apps won't be blocked from connecting to dangerous domains. However, you'll still see this activity in Windows Defender Security Center.
+If you disable this policy, users/apps won't be blocked from connecting to dangerous domains. You'll not see any network activity in Windows Defender Security Center.
+If you don't configure this policy, network blocking will be disabled by default.
 
 
 
 ADMX Info:  
--   GP English name: *Prevent users and apps from accessing dangerous websites*
+-   GP Friendly name: *Prevent users and apps from accessing dangerous websites*
 -   GP name: *ExploitGuard_EnableNetworkProtection*
 -   GP element: *ExploitGuard_EnableNetworkProtection*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Network Protection*
@@ -2069,32 +1569,15 @@ The following list shows the supported values:
 **Defender/ExcludedExtensions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2118,7 +1601,7 @@ Allows an administrator to specify a list of file type extensions to ignore duri
 
 
 ADMX Info:  
--   GP English name: *Path Exclusions*
+-   GP Friendly name: *Path Exclusions*
 -   GP name: *Exclusions_Paths*
 -   GP element: *Exclusions_PathsList*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Exclusions*
@@ -2133,32 +1616,15 @@ ADMX Info:
 **Defender/ExcludedPaths**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2182,7 +1648,7 @@ Allows an administrator to specify a list of directory paths to ignore during a
 
 
 ADMX Info:  
--   GP English name: *Extension Exclusions*
+-   GP Friendly name: *Extension Exclusions*
 -   GP name: *Exclusions_Extensions*
 -   GP element: *Exclusions_ExtensionsList*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Exclusions*
@@ -2197,32 +1663,15 @@ ADMX Info:
 **Defender/ExcludedProcesses**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2252,7 +1701,7 @@ Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\E
 
 
 ADMX Info:  
--   GP English name: *Process Exclusions*
+-   GP Friendly name: *Process Exclusions*
 -   GP name: *Exclusions_Processes*
 -   GP element: *Exclusions_ProcessesList*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Exclusions*
@@ -2267,32 +1716,15 @@ ADMX Info:
 **Defender/PUAProtection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2311,7 +1743,7 @@ ADMX Info:
 > This policy is only enforced in Windows 10 for desktop.
 
 
-Added in Windows 10, version 1607. Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer.
+Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer.
 
 > [!NOTE]
 > Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might be unexpected or unwanted. By default in Windows 10 (version 2004 and later), Microsoft Defender Antivirus blocks apps that are considered PUA, for Enterprise (E5) devices. For more information about PUA, see [Detect and block potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
@@ -2319,7 +1751,7 @@ Added in Windows 10, version 1607. Specifies the level of detection for potenti
 
 
 ADMX Info:  
--   GP English name: *Configure detection for potentially unwanted applications*
+-   GP Friendly name: *Configure detection for potentially unwanted applications*
 -   GP name: *Root_PUAProtection*
 -   GP element: *Root_PUAProtection*
 -   GP path: *Windows Components/Microsoft Defender Antivirus*
@@ -2329,8 +1761,8 @@ ADMX Info:
 
 The following list shows the supported values:
 
--   0 (default) – PUA Protection off. Windows Defender will not protect against potentially unwanted applications.
--   1 – PUA Protection on. Detected items are blocked. They will show in history along with other threats.
+-   0 (default) – PUA Protection off. Windows Defender won't protect against potentially unwanted applications.
+-   1 – PUA Protection on. Detected items are blocked. They'll show in history along with other threats.
 -   2 – Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer.
 
 
@@ -2342,32 +1774,15 @@ The following list shows the supported values:
 **Defender/RealTimeScanDirection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2394,7 +1809,7 @@ Controls which sets of files should be monitored.
 
 
 ADMX Info:  
--   GP English name: *Configure monitoring for incoming and outgoing file and program activity*
+-   GP Friendly name: *Configure monitoring for incoming and outgoing file and program activity*
 -   GP name: *RealtimeProtection_RealtimeScanDirection*
 -   GP element: *RealtimeProtection_RealtimeScanDirection*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection*
@@ -2417,32 +1832,15 @@ The following list shows the supported values:
 **Defender/ScanParameter**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2466,7 +1864,7 @@ Selects whether to perform a quick scan or full scan.
 
 
 ADMX Info:  
--   GP English name: *Specify the scan type to use for a scheduled scan*
+-   GP Friendly name: *Specify the scan type to use for a scheduled scan*
 -   GP name: *Scan_ScanParameters*
 -   GP element: *Scan_ScanParameters*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Scan*
@@ -2488,32 +1886,15 @@ The following list shows the supported values:
 **Defender/ScheduleQuickScanTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2546,7 +1927,7 @@ The default value is 120
 
 
 ADMX Info:  
--   GP English name: *Specify the time for a daily quick scan*
+-   GP Friendly name: *Specify the time for a daily quick scan*
 -   GP name: *Scan_ScheduleQuickScantime*
 -   GP element: *Scan_ScheduleQuickScantime*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Scan*
@@ -2565,32 +1946,15 @@ Valid values: 0–1380
 **Defender/ScheduleScanDay**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2617,7 +1981,7 @@ Selects the day that the Windows Defender scan should run.
 
 
 ADMX Info:  
--   GP English name: *Specify the day of the week to run a scheduled scan*
+-   GP Friendly name: *Specify the day of the week to run a scheduled scan*
 -   GP name: *Scan_ScheduleDay*
 -   GP element: *Scan_ScheduleDay*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Scan*
@@ -2646,32 +2010,15 @@ The following list shows the supported values:
 **Defender/ScheduleScanTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2704,7 +2051,7 @@ The default value is 120.
 
 
 ADMX Info:  
--   GP English name: *Specify the time of day to run a scheduled scan*
+-   GP Friendly name: *Specify the time of day to run a scheduled scan*
 -   GP name: *Scan_ScheduleTime*
 -   GP element: *Scan_ScheduleTime*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Scan*
@@ -2719,36 +2066,70 @@ Valid values: 0–1380.
 
 
                  
 
+
+**Defender/SecurityIntelligenceLocation**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to define the security intelligence location for VDI-configured computers. 
+
+​If you disable or don't configure this setting, security intelligence will be referred from the default local source.
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Define security intelligence location for VDI clients*
+-   GP name: *SecurityIntelligenceLocation*
+-   GP element: *SecurityIntelligenceLocation*
+-   GP path: *Windows Components/Microsoft Defender Antivirus/Security Intelligence Updates*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+
+
+
+- Empty string - no policy is set
+- Non-empty string - the policy is set and security intelligence is gathered from the location
+
+
+
+
+
                  
+
 
 **Defender/SignatureUpdateFallbackOrder**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2774,16 +2155,16 @@ Possible values are:
 
 For example: InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC 
 
-If you enable this setting, definition update sources will be contacted in the order specified. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted.
+If you enable this setting, definition update sources will be contacted in the order specified. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list won't be contacted.
 
-If you disable or do not configure this setting, definition update sources will be contacted in a default order.
+If you disable or don't configure this setting, definition update sources will be contacted in a default order.
 
 OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateFallbackOrder
 
 
 
 ADMX Info:  
--   GP English name: *Define the order of sources for downloading definition updates*
+-   GP Friendly name: *Define the order of sources for downloading definition updates*
 -   GP name: *SignatureUpdate_FallbackOrder*
 -   GP element: *SignatureUpdate_FallbackOrder*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Signature Updates*
@@ -2807,32 +2188,15 @@ ADMX Info:
 **Defender/SignatureUpdateFileSharesSources**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2853,16 +2217,16 @@ For example: \\unc1\Signatures | \\unc2\Signatures
 
 The list is empty by default.
 
-If you enable this setting, the specified sources will be contacted for definition updates. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted.
+If you enable this setting, the specified sources will be contacted for definition updates. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list won't be contacted.
 
-If you disable or do not configure this setting, the list will remain empty by default and no sources will be contacted.
+If you disable or don't configure this setting, the list will remain empty by default and no sources will be contacted.
 
 OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateFileSharesSources
 
 
 
 ADMX Info:  
--   GP English name: *Define file shares for downloading definition updates*
+-   GP Friendly name: *Define file shares for downloading definition updates*
 -   GP name: *SignatureUpdate_DefinitionUpdateFileSharesSources*
 -   GP element: *SignatureUpdate_DefinitionUpdateFileSharesSources*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Signature Updates*
@@ -2886,32 +2250,15 @@ ADMX Info:
 **Defender/SignatureUpdateInterval**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2942,7 +2289,7 @@ OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateInterval
 
 
 ADMX Info:  
--   GP English name: *Specify the interval to check for definition updates*
+-   GP Friendly name: *Specify the interval to check for definition updates*
 -   GP name: *SignatureUpdate_SignatureUpdateInterval*
 -   GP element: *SignatureUpdate_SignatureUpdateInterval*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Signature Updates*
@@ -2961,32 +2308,15 @@ Valid values: 0–24.
 **Defender/SubmitSamplesConsent**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -3010,7 +2340,7 @@ Checks for the user consent level in Windows Defender to send data. If the requi
 
 
 ADMX Info:  
--   GP English name: *Send file samples when further analysis is required*
+-   GP Friendly name: *Send file samples when further analysis is required*
 -   GP name: *SubmitSamplesConsent*
 -   GP element: *SubmitSamplesConsent*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/MAPS*
@@ -3034,32 +2364,15 @@ The following list shows the supported values:
 **Defender/ThreatSeverityDefaultAction**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -3101,7 +2414,7 @@ The following list shows the supported values for possible actions:
 
 
 ADMX Info:  
--   GP English name: *Specify threat alert levels at which default action should not be taken when detected*
+-   GP Friendly name: *Specify threat alert levels at which default action should not be taken when detected*
 -   GP name: *Threats_ThreatSeverityDefaultAction*
 -   GP element: *Threats_ThreatSeverityDefaultActionList*
 -   GP path: *Windows Components/Microsoft Defender Antivirus/Threats*
@@ -3111,16 +2424,6 @@ ADMX Info:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-- 9 - Available in Windows 10, version 20H2.
 
-
\ No newline at end of file
+
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index 1031aada9c..ba4c441b84 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 06/09/2020
 ms.reviewer: 
@@ -14,6 +14,13 @@ manager: dansimp
 
 # Policy CSP - DeliveryOptimization
 
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 
                  
@@ -121,32 +128,15 @@ manager: dansimp
 **DeliveryOptimization/DOAbsoluteMaxCacheSize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -162,17 +152,17 @@ manager: dansimp
 
 
 > [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
 
 
-Added in Windows 10, version 1607. Specifies the maximum size in GB of Delivery Optimization cache. This policy overrides the DOMaxCacheSize policy. The value 0 (zero) means "unlimited" cache. Delivery Optimization will clear the cache when the device is running low on disk space.
+Specifies the maximum size in GB of Delivery Optimization cache. This policy overrides the DOMaxCacheSize policy. The value 0 (zero) means "unlimited" cache. Delivery Optimization will clear the cache when the device is running low on disk space.
 
 The default value is 10.
 
 
 
 ADMX Info:  
--   GP English name: *Absolute Max Cache Size (in GB)*
+-   GP Friendly name: *Absolute Max Cache Size (in GB)*
 -   GP name: *AbsoluteMaxCacheSize*
 -   GP element: *AbsoluteMaxCacheSize*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -187,32 +177,15 @@ ADMX Info:
 **DeliveryOptimization/DOAllowVPNPeerCaching**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -228,15 +201,15 @@ ADMX Info:
 
 
 > [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
 
 
-Added in Windows 10, version 1703. Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network.
+Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This policy means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network.
 
 
 
 ADMX Info:  
--   GP English name: *Enable Peer Caching while the device connects via VPN*
+-   GP Friendly name: *Enable Peer Caching while the device connects via VPN*
 -   GP name: *AllowVPNPeerCaching*
 -   GP element: *AllowVPNPeerCaching*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -258,32 +231,15 @@ The following list shows the supported values:
 **DeliveryOptimization/DOCacheHost**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -306,7 +262,7 @@ One or more values can be added as either fully qualified domain names (FQDN) or
 
 
 ADMX Info:  
--   GP English name: *Cache Server Hostname*
+-   GP Friendly name: *Cache Server Hostname*
 -   GP name: *CacheHost*
 -   GP element: *CacheHost*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -330,32 +286,15 @@ ADMX Info:
 **DeliveryOptimization/DOCacheHostSource**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark8
                  Businesscheck mark8
                  Enterprisecheck mark8
                  Educationcheck mark8
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -371,12 +310,12 @@ ADMX Info:
 
 
 
-This policy allows you to configure one or more Delivery Optimization in Network Cache servers through a custom DHCP Option. One or more values can be added as either fully qualified domain names (FQDN) or IP addresses.  To add multiple values, separate each FQDN or IP address by commas.
+This policy allows you to configure one or more Delivery Optimizations in Network Cache servers through a custom DHCP Option. One or more values can be added as either fully qualified domain names (FQDN) or IP addresses.  To add multiple values, separate each FQDN or IP address by commas.
 
 
 
 ADMX Info:  
--   GP English name: *Cache Server Hostname Source*
+-   GP Friendly name: *Cache Server Hostname Source*
 -   GP name: *CacheHostSource*
 -   GP element: *CacheHostSource*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -410,32 +349,15 @@ When DHCP Option ID Force (2) is set, the client will query DHCP Option ID 235 a
 **DeliveryOptimization/DODelayBackgroundDownloadFromHttp**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -450,14 +372,14 @@ When DHCP Option ID Force (2) is set, the client will query DHCP Option ID 235 a
 
 
 
-Added in Windows 10, version 1803. This policy allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer.
+This policy allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer.
 
-After the max delay is reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from peers. Note that a download that is waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 hour (3600).
+After the max delay is reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that couldn't be downloaded from peers. A download that is waiting for peer sources will appear to be stuck for the end user. The recommended value is 1 hour (3600).
 
 
 
 ADMX Info:  
--   GP English name: *Delay background download from http (in secs)*
+-   GP Friendly name: *Delay background download from http (in secs)*
 -   GP name: *DelayBackgroundDownloadFromHttp*
 -   GP element: *DelayBackgroundDownloadFromHttp*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -472,32 +394,15 @@ ADMX Info:
 **DeliveryOptimization/DODelayCacheServerFallbackBackground**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -520,7 +425,7 @@ Specifies the time in seconds to delay the fallback from Cache Server to the HTT
 
 
 ADMX Info:  
--   GP English name: *Delay Background download Cache Server fallback (in seconds)*
+-   GP Friendly name: *Delay Background download Cache Server fallback (in seconds)*
 -   GP name: *DelayCacheServerFallbackBackground*
 -   GP element: *DelayCacheServerFallbackBackground*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -545,32 +450,15 @@ Supported values: 0 - one month (in seconds)
 **DeliveryOptimization/DODelayCacheServerFallbackForeground**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -593,7 +481,7 @@ Specifies the time in seconds to delay the fallback from Cache Server to the HTT
 
 
 ADMX Info:  
--   GP English name: *Delay Foreground download Cache Server fallback (in seconds)*
+-   GP Friendly name: *Delay Foreground download Cache Server fallback (in seconds)*
 -   GP name: *DelayCacheServerFallbackForeground*
 -   GP element: *DelayCacheServerFallbackForeground*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -616,32 +504,15 @@ Supported values: 0 - one month (in seconds)
 **DeliveryOptimization/DODelayForegroundDownloadFromHttp**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -656,18 +527,18 @@ Supported values: 0 - one month (in seconds)
 
 
 
-Added in Windows 10, version 1803. This policy allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer.
+This policy allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer.
 
-After the max delay has reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from Peers.
+After the max delay has reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that couldn't be downloaded from Peers.
 
-Note that a download that is waiting for peer sources, will appear to be stuck for the end user.
+A download that is waiting for peer sources, will appear to be stuck for the end user.
 
 The recommended value is 1 minute (60).
 
 
 
 ADMX Info:  
--   GP English name: *Delay Foreground download from http (in secs)*
+-   GP Friendly name: *Delay Foreground download from http (in secs)*
 -   GP name: *DelayForegroundDownloadFromHttp*
 -   GP element: *DelayForegroundDownloadFromHttp*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -679,7 +550,7 @@ The following list shows the supported values as number of seconds:
 
 -   0 to 86400 (1 day)
 -   0 - managed by the cloud service
--   Default is not configured.
+-   Default isn't configured.
 
 
 
@@ -690,32 +561,15 @@ The following list shows the supported values as number of seconds:
 **DeliveryOptimization/DODownloadMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -731,7 +585,7 @@ The following list shows the supported values as number of seconds:
 
 
 > [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
 
 
 Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates.
@@ -739,7 +593,7 @@ Specifies the download method that Delivery Optimization can use in downloads of
 
 
 ADMX Info:  
--   GP English name: *Download Mode*
+-   GP Friendly name: *Download Mode*
 -   GP name: *DownloadMode*
 -   GP element: *DownloadMode*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -753,8 +607,8 @@ The following list shows the supported values:
 -   1 (default) – HTTP blended with peering behind the same NAT.
 -   2 – HTTP blended with peering across a private group. Peering occurs on devices in the same Active Directory Site (if it exists) or the same domain by default. When this option is selected, peering will cross NATs. To create a custom group use Group ID in combination with Mode 2.
 -   3 – HTTP blended with Internet peering.
--   99 - Simple download mode with no peering. Delivery Optimization downloads using HTTP only and does not attempt to contact the Delivery Optimization cloud services. Added in Windows 10, version 1607.
--   100 - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. Note that this value is deprecated and will be removed in a future release.
+-   99 - Simple download mode with no peering. Delivery Optimization downloads using HTTP only and doesn't attempt to contact the Delivery Optimization cloud services. Added in Windows 10, version 1607.
+-   100 - Bypass mode. Don't use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. This value is deprecated and will be removed in a future release.
 
 
 
@@ -764,32 +618,15 @@ The following list shows the supported values:
 **DeliveryOptimization/DOGroupId**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -805,18 +642,18 @@ The following list shows the supported values:
 
 
 > [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
 
 
-This Policy specifies an arbitrary group ID that the device belongs to. Use this if you need to create a single group for Local Network Peering for branches that are on different domains or are not on the same LAN. Note that this is a best effort optimization and should not be relied on for an authentication of identity.
+This policy specifies an arbitrary group ID that the device belongs to. Use this ID if you need to create a single group for Local Network Peering for branches that are on different domains or aren't on the same LAN. This approach is a best effort optimization and shouldn't be relied on for an authentication of identity.
 
 > [!NOTE]
-> You must use a GUID as the group ID.
+> You must use a GUID as the group ID.
 
 
 
 ADMX Info:  
--   GP English name: *Group ID*
+-   GP Friendly name: *Group ID*
 -   GP name: *GroupId*
 -   GP element: *GroupId*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -831,32 +668,15 @@ ADMX Info:
 **DeliveryOptimization/DOGroupIdSource**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -871,7 +691,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1803. Set this policy to restrict peer selection to a specific source. Available options are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = AAD.
+Set this policy to restrict peer selection to a specific source. Available options are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = AAD.
 
 When set, the Group ID will be assigned automatically from the selected source.
 
@@ -881,12 +701,12 @@ The options set in this policy only apply to Group (2) download mode. If Group (
 
 For option 3 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID.
 
-Starting with Windows 10, version 1903, you can use the Azure Active Directory (Azure AD) Tenant ID as a means to define groups. To do this, set the value of DOGroupIdSource to 5.
+Starting with Windows 10, version 1903, you can use the Azure Active Directory (Azure AD) Tenant ID as a means to define groups. To do this task, set the value of DOGroupIdSource to 5.
 
 
 
 ADMX Info:  
--   GP English name: *Select the source of Group IDs*
+-   GP Friendly name: *Select the source of Group IDs*
 -   GP name: *GroupIdSource*
 -   GP element: *GroupIdSource*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -911,32 +731,15 @@ The following list shows the supported values:
 **DeliveryOptimization/DOMaxBackgroundDownloadBandwidth**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark8
                  Businesscheck mark8
                  Enterprisecheck mark8
                  Educationcheck mark8
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -958,7 +761,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts
 
 
 ADMX Info:  
--   GP English name: *Maximum Background Download Bandwidth (in KB/s)*
+-   GP Friendly name: *Maximum Background Download Bandwidth (in KB/s)*
 -   GP name: *MaxBackgroundDownloadBandwidth*
 -   GP element: *MaxBackgroundDownloadBandwidth*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -973,32 +776,14 @@ ADMX Info:
 **DeliveryOptimization/DOMaxCacheAge**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1014,17 +799,17 @@ ADMX Info:
 
 
 > [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
 
 
-Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means "unlimited"; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size has not exceeded. The value 0 is new in Windows 10, version 1607.
+Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means "unlimited"; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size hasn't exceeded. The value 0 is new in Windows 10, version 1607.
 
 The default value is 259200 seconds (3 days).
 
 
 
 ADMX Info:  
--   GP English name: *Max Cache Age (in seconds)*
+-   GP Friendly name: *Max Cache Age (in seconds)*
 -   GP name: *MaxCacheAge*
 -   GP element: *MaxCacheAge*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -1039,32 +824,15 @@ ADMX Info:
 **DeliveryOptimization/DOMaxCacheSize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1080,7 +848,7 @@ ADMX Info:
 
 
 > [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
 
  
 Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100).
@@ -1090,7 +858,7 @@ The default value is 20.
 
 
 ADMX Info:  
--   GP English name: *Max Cache Size (percentage)*
+-   GP Friendly name: *Max Cache Size (percentage)*
 -   GP name: *MaxCacheSize*
 -   GP element: *MaxCacheSize*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -1128,32 +896,15 @@ This policy is deprecated. Use [DOMaxForegroundDownloadBandwidth](#deliveryoptim
 **DeliveryOptimization/DOMaxForegroundDownloadBandwidth**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark8
                  Businesscheck mark8
                  Enterprisecheck mark8
                  Educationcheck mark8
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1175,7 +926,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts
 
 
 ADMX Info:  
--   GP English name: *Maximum Foreground Download Bandwidth (in KB/s)*
+-   GP Friendly name: *Maximum Foreground Download Bandwidth (in KB/s)*
 -   GP name: *MaxForegroundDownloadBandwidth*
 -   GP element: *MaxForegroundDownloadBandwidth*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -1196,7 +947,7 @@ ADMX Info:
 
 
 
-This policy is deprecated because it only applies to uploads to Internet peers (only allowed when DownloadMode is set to 3) which is not used in commercial deployments. There is no alternate policy to use.
+This policy is deprecated because it only applies to uploads to Internet peers (only allowed when DownloadMode is set to 3) which isn't used in commercial deployments. There's no alternate policy to use.
 
 
 
@@ -1209,32 +960,15 @@ This policy is deprecated because it only applies to uploads to Internet peers (
 **DeliveryOptimization/DOMinBackgroundQos**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1250,17 +984,17 @@ This policy is deprecated because it only applies to uploads to Internet peers (
 
 
 > [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
 
 
-Added in Windows 10, version 1607. Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/sec for background downloads. This policy affects the blending of peer and HTTP sources. Delivery Optimization complements the download from the HTTP source to achieve the minimum QoS value set.
+Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/sec for background downloads. This policy affects the blending of peer and HTTP sources. Delivery Optimization complements the download from the HTTP source to achieve the minimum QoS value set.
 
 The default value is 500.
 
 
 
 ADMX Info:  
--   GP English name: *Minimum Background QoS (in KB/s)*
+-   GP Friendly name: *Minimum Background QoS (in KB/s)*
 -   GP name: *MinBackgroundQos*
 -   GP element: *MinBackgroundQos*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -1275,32 +1009,15 @@ ADMX Info:
 **DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1316,16 +1033,16 @@ ADMX Info:
 
 
 > [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions.
 
-Added in Windows 10, version 1703. Specifies any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on battery power. Uploads will automatically pause when the battery level drops below the set minimum battery level. The recommended value to set is 40 (for 40%) if you allow uploads on battery.
+Specifies any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on battery power. Uploads will automatically pause when the battery level drops below the set minimum battery level. The recommended value to set is 40 (for 40%) if you allow uploads on battery.
 
 The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used.
 
 
 
 ADMX Info:  
--   GP English name: *Allow uploads while the device is on battery while under set Battery level (percentage)*
+-   GP Friendly name: *Allow uploads while the device is on battery while under set Battery level (percentage)*
 -   GP name: *MinBatteryPercentageAllowedToUpload*
 -   GP element: *MinBatteryPercentageAllowedToUpload*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -1340,32 +1057,15 @@ ADMX Info:
 **DeliveryOptimization/DOMinDiskSizeAllowedToPeer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1381,10 +1081,10 @@ ADMX Info:
 
 
 > [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions.
 
 
-Added in Windows 10, version 1703. Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. Recommended values: 64 GB to 256 GB.
+Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. Recommended values: 64 GB to 256 GB.
 
 > [!NOTE]
 > If the DOMofidyCacheDrive policy is set, the disk size check will apply to the new working directory specified by this policy.
@@ -1394,7 +1094,7 @@ The default value is 32 GB.
 
 
 ADMX Info:  
--   GP English name: *Minimum disk size allowed to use Peer Caching (in GB)*
+-   GP Friendly name: *Minimum disk size allowed to use Peer Caching (in GB)*
 -   GP name: *MinDiskSizeAllowedToPeer*
 -   GP element: *MinDiskSizeAllowedToPeer*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -1409,32 +1109,15 @@ ADMX Info:
 **DeliveryOptimization/DOMinFileSizeToCache**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1450,17 +1133,17 @@ ADMX Info:
 
 
 > [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions.
 
 
-Added in Windows 10, version 1703. Specifies the minimum content file size in MB enabled to use Peer Caching. Recommended values: 1 MB to 100,000 MB.
+Specifies the minimum content file size in MB enabled to use Peer Caching. Recommended values: 1 MB to 100,000 MB.
 
 The default value is 100 MB.
 
 
 
 ADMX Info:  
--   GP English name: *Minimum Peer Caching Content File Size (in MB)*
+-   GP Friendly name: *Minimum Peer Caching Content File Size (in MB)*
 -   GP name: *MinFileSizeToCache*
 -   GP element: *MinFileSizeToCache*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -1475,32 +1158,15 @@ ADMX Info:
 **DeliveryOptimization/DOMinRAMAllowedToPeer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1516,17 +1182,17 @@ ADMX Info:
 
 
 > [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions.
 
 
-Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required to use Peer Caching. For example, if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB.
+Specifies the minimum RAM size in GB required to use Peer Caching. For example, if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB.
 
 The default value is 4 GB.
 
 
 
 ADMX Info:  
--   GP English name: *Minimum RAM capacity (inclusive) required to enable use of Peer Caching (in GB)*
+-   GP Friendly name: *Minimum RAM capacity (inclusive) required to enable use of Peer Caching (in GB)*
 -   GP name: *MinRAMAllowedToPeer*
 -   GP element: *MinRAMAllowedToPeer*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -1541,32 +1207,15 @@ ADMX Info:
 **DeliveryOptimization/DOModifyCacheDrive**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1582,17 +1231,17 @@ ADMX Info:
 
 
 > [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
 
 
-Added in Windows 10, version 1607. Specifies the drive that Delivery Optimization should use for its cache. The drive location can be specified using environment variables, drive letter or using a full path.
+Specifies the drive that Delivery Optimization should use for its cache. The drive location can be specified using environment variables, drive letter or using a full path.
 
 By default, %SystemDrive% is used to store the cache.
 
 
 
 ADMX Info:  
--   GP English name: *Modify Cache Drive*
+-   GP Friendly name: *Modify Cache Drive*
 -   GP name: *ModifyCacheDrive*
 -   GP element: *ModifyCacheDrive*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -1607,32 +1256,15 @@ ADMX Info:
 **DeliveryOptimization/DOMonthlyUploadDataCap**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1648,10 +1280,10 @@ ADMX Info:
 
 
 > [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions.
 
 
-Added in Windows 10, version 1607. Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month.
+Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month.
 
 The value 0 (zero) means "unlimited"; No monthly upload limit is applied if 0 is set.
 
@@ -1660,7 +1292,7 @@ The default value is 20.
 
 
 ADMX Info:  
--   GP English name: *Monthly Upload Data Cap (in GB)*
+-   GP Friendly name: *Monthly Upload Data Cap (in GB)*
 -   GP name: *MonthlyUploadDataCap*
 -   GP element: *MonthlyUploadDataCap*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -1675,32 +1307,15 @@ ADMX Info:
 **DeliveryOptimization/DOPercentageMaxBackgroundBandwidth**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1715,14 +1330,14 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads.
+Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads.
 
-Note that downloads from LAN peers will not be throttled even when this policy is set.
+Downloads from LAN peers won't be throttled even when this policy is set.
 
 
 
 ADMX Info:  
--   GP English name: *Maximum Background Download Bandwidth (percentage)*
+-   GP Friendly name: *Maximum Background Download Bandwidth (percentage)*
 -   GP name: *PercentageMaxBackgroundBandwidth*
 -   GP element: *PercentageMaxBackgroundBandwidth*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -1750,32 +1365,15 @@ This policy is deprecated. Use [DOPercentageMaxForegroundBandwidth](#deliveryopt
 **DeliveryOptimization/DOPercentageMaxForegroundBandwidth**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1790,14 +1388,14 @@ This policy is deprecated. Use [DOPercentageMaxForegroundBandwidth](#deliveryopt
 
 
 
-Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads.
+Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads.
 
-Note that downloads from LAN peers will not be throttled even when this policy is set.
+Downloads from LAN peers won't be throttled even when this policy is set.
 
 
 
 ADMX Info:  
--   GP English name: *Maximum Foreground Download Bandwidth (percentage)*
+-   GP Friendly name: *Maximum Foreground Download Bandwidth (percentage)*
 -   GP name: *PercentageMaxForegroundBandwidth*
 -   GP element: *PercentageMaxForegroundBandwidth*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -1812,32 +1410,15 @@ ADMX Info:
 **DeliveryOptimization/DORestrictPeerSelectionBy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1852,7 +1433,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1803. Set this policy to restrict peer selection via selected option. 
+Set this policy to restrict peer selection via selected option. 
 Options available are: 1=Subnet mask (more options will be added in a future release).
 
 Option 1 (Subnet mask) applies to both Download Mode LAN (1) and Group (2).
@@ -1860,7 +1441,7 @@ Option 1 (Subnet mask) applies to both Download Mode LAN (1) and Group (2).
 
 
 ADMX Info:  
--   GP English name: *Select a method to restrict Peer Selection*
+-   GP Friendly name: *Select a method to restrict Peer Selection*
 -   GP name: *RestrictPeerSelectionBy*
 -   GP element: *RestrictPeerSelectionBy*
 -   GP path: *Windows Components/Delivery Optimization*
@@ -1881,32 +1462,15 @@ The following list shows the supported values:
 **DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1921,26 +1485,21 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
+Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set Business Hours to Limit Background Download Bandwidth*
+-   GP Friendly name: *Set Business Hours to Limit Background Download Bandwidth*
 -   GP name: *SetHoursToLimitBackgroundDownloadBandwidth*
 -   GP path: *Windows Components/Delivery Optimization*
 -   GP ADMX file name: *DeliveryOptimization.admx*
 
 
 
-This policy allows an IT Admin to define the following:
+This policy allows an IT Admin to define the following details:
 
 -  Business hours range (for example 06:00 to 18:00)
 -  % of throttle for background traffic during business hours
@@ -1955,32 +1514,15 @@ This policy allows an IT Admin to define the following:
 **DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1995,26 +1537,21 @@ This policy allows an IT Admin to define the following:
 
 
 
-Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
+Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Set Business Hours to Limit Foreground Download Bandwidth*
+-   GP Friendly name: *Set Business Hours to Limit Foreground Download Bandwidth*
 -   GP name: *SetHoursToLimitForegroundDownloadBandwidth*
 -   GP path: *Windows Components/Delivery Optimization*
 -   GP ADMX file name: *DeliveryOptimization.admx*
 
 
 
-This policy allows an IT Admin to define the following:
+This policy allows an IT Admin to define the following details:
 
 -  Business hours range (for example 06:00 to 18:00)
 -  % of throttle for foreground traffic during business hours
@@ -2024,16 +1561,6 @@ This policy allows an IT Admin to define the following:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index dfbed26745..aa850f28a4 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -14,7 +14,12 @@ manager: dansimp
 
 # Policy CSP - Desktop
 
-
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -34,32 +39,15 @@ manager: dansimp
 **Desktop/PreventUserRedirectionOfProfileFolders**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -81,16 +69,11 @@ By default, a user can change the location of their individual profile folders l
 If you enable this setting, users are unable to type a new location in the Target box.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prohibit User from manually redirecting Profile Folders*
+-   GP Friendly name: *Prohibit User from manually redirecting Profile Folders*
 -   GP name: *DisablePersonalDirChange*
 -   GP path: *Desktop*
 -   GP ADMX file name: *desktop.admx*
@@ -99,16 +82,7 @@ ADMX Info:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index 64e37f5868..9a718888b1 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -42,32 +42,15 @@ manager: dansimp
 **DeviceGuard/ConfigureSystemGuardLaunch**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -95,7 +78,7 @@ For more information about System Guard, see [Introducing Windows Defender Syste
 
 
 ADMX Info:  
--   GP English name: *Turn On Virtualization Based Security*
+-   GP Friendly name: *Turn On Virtualization Based Security*
 -   GP name: *VirtualizationBasedSecurity*
 -   GP element: *SystemGuardDrop*
 -   GP path: *System/Device Guard*
@@ -119,32 +102,15 @@ ADMX Info:
 **DeviceGuard/EnableVirtualizationBasedSecurity**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -159,12 +125,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer.
+Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer.
 
 
 
 ADMX Info:  
--   GP English name: *Turn On Virtualization Based Security*
+-   GP Friendly name: *Turn On Virtualization Based Security*
 -   GP name: *VirtualizationBasedSecurity*
 -   GP path: *System/Device Guard*
 -   GP ADMX file name: *DeviceGuard.admx*
@@ -185,32 +151,15 @@ The following list shows the supported values:
 **DeviceGuard/LsaCfgFlags**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -225,12 +174,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer.
+This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer.
 
 
 
 ADMX Info:  
--   GP English name: *Turn On Virtualization Based Security*
+-   GP Friendly name: *Turn On Virtualization Based Security*
 -   GP name: *VirtualizationBasedSecurity*
 -   GP element: *CredentialIsolationDrop*
 -   GP path: *System/Device Guard*
@@ -253,32 +202,14 @@ The following list shows the supported values:
 **DeviceGuard/RequirePlatformSecurityFeatures**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -293,12 +224,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer.
+Specifies the platform security level at the next reboot. Value type is integer.
 
 
 
 ADMX Info:  
--   GP English name: *Turn On Virtualization Based Security*
+-   GP Friendly name: *Turn On Virtualization Based Security*
 -   GP name: *VirtualizationBasedSecurity*
 -   GP element: *RequirePlatformSecurityFeaturesDrop*
 -   GP path: *System/Device Guard*
@@ -315,15 +246,6 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
index 35190895c9..7a2f5f914a 100644
--- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
+++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -40,32 +40,15 @@ manager: dansimp
 **DeviceHealthMonitoring/AllowDeviceHealthMonitoring**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -80,14 +63,14 @@ manager: dansimp
 
 
 
-DeviceHealthMonitoring is an opt-in health monitoring connection between the device and Microsoft. You should enable this policy only if your organization is using a Microsoft device monitoring service which requires it.
+DeviceHealthMonitoring is an opt-in health monitoring connection between the device and Microsoft. You should enable this policy only if your organization is using a Microsoft device monitoring service that requires it.
 
 
 
 The following list shows the supported values:  
 
-- 1 — The DeviceHealthMonitoring connection is enabled.
-- 0 (default) — The DeviceHealthMonitoring connection is disabled.
+- 1—The DeviceHealthMonitoring connection is enabled.
+- 0 (default)—The DeviceHealthMonitoring connection is disabled.
 
 
 
@@ -104,32 +87,15 @@ The following list shows the supported values:
 **DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -146,7 +112,7 @@ The following list shows the supported values:
 
 This policy is applicable only if the [AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring) policy has been set to 1 (Enabled) on the device. 
 This policy modifies which health events are sent to Microsoft on the DeviceHealthMonitoring connection.
-IT Pros do not need to set this policy. Instead, Microsoft Intune is expected to dynamically manage this value in coordination with the Microsoft device health monitoring service.
+IT Pros don't need to set this policy. Instead, Microsoft Intune is expected to dynamically manage this value in coordination with the Microsoft device health monitoring service.
 
 
 
@@ -167,32 +133,15 @@ IT Pros do not need to set this policy. Instead, Microsoft Intune is expected to
 **DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -209,7 +158,7 @@ IT Pros do not need to set this policy. Instead, Microsoft Intune is expected to
 
 This policy is applicable only if the [AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring) policy has been set to 1 (Enabled) on the device. 
 The value of this policy constrains the DeviceHealthMonitoring connection to certain destinations in order to support regional and sovereign cloud scenarios.
-In most cases, an IT Pro does not need to define this policy. Instead, it is expected that this value is dynamically managed by Microsoft Intune to align with the region or cloud to which the device's tenant is already linked. Only configure this policy manually if explicitly instructed to do so by a Microsoft device monitoring service.
+In most cases, an IT Pro doesn't need to define this policy. Instead, it's expected that this value is dynamically managed by Microsoft Intune to align with the region or cloud to which the device's tenant is already linked. Only configure this policy manually if explicitly instructed to do so by a Microsoft device monitoring service.
 
 
 
@@ -225,16 +174,7 @@ In most cases, an IT Pro does not need to define this policy. Instead, it is exp
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 62ce04adc6..0cc81579bc 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -8,12 +8,19 @@ ms.date: 09/27/2019
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ---
 
 # Policy CSP - DeviceInstallation
 
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
                  
 
@@ -54,35 +61,18 @@ ms.localizationpriority: medium
 
                  
 
 
-## DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
+### DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -106,30 +96,25 @@ When this policy setting is enabled together with the "Apply layered order of ev
 - Prevent installation of devices that match these device IDs
 - Prevent installation of devices that match any of these device instance IDs
 
-If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
+If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
 > [!NOTE]
-> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It is recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible.
+> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It's recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible.
 
 Alternatively, if this policy setting is enabled together with the "Prevent installation of devices not described by other policy settings" policy setting, Windows is allowed to install or update driver packages whose device setup class GUIDs appear in the list you create, unless another policy setting specifically prevents installation (for example, the "Prevent installation of devices that match these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, the "Prevent installation of devices that match any of these device instance IDs" policy setting, or the "Prevent installation of removable devices" policy setting).
 
 If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
 
-If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
+If you disable or don't configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
 
 Peripherals can be specified by their [hardware identity](/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow installation of devices that match any of these device IDs*
+-   GP Friendly name: *Allow installation of devices that match any of these device IDs*
 -   GP name: *DeviceInstall_IDs_Allow*
 -   GP path: *System/Device Installation/Device Installation Restrictions*
 -   GP ADMX file name: *deviceinstallation.admx*
@@ -161,7 +146,7 @@ To enable this policy, use the following SyncML. This example allows Windows to
 
 ```
 
-To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following is listed near the end of the log:
+To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following details are listed near the end of the log:
 
 ```txt
 >>>  [Device Installation Restrictions Policy Check]
@@ -178,35 +163,18 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
 
                  
 
 
-## DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs
+### DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -216,7 +184,7 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
 
 > [!div class = "checklist"]
 > * Device
-Added in Windows 10, version 1903. Also available in Windows 10, version 1809.
+
 
                  
 
 
@@ -229,31 +197,26 @@ This policy setting allows you to specify a list of Plug and Play device instanc
 When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:
 - Prevent installation of devices that match any of these device instance IDs
  
-If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
+If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
 
 > [!NOTE]
-> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It is recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible.
+> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It's recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible.
 
 Alternatively, if this policy setting is enabled together with the "Prevent installation of devices not described by other policy settings" policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting specifically prevents that installation (for example, the "Prevent installation of devices that match any of these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, the "Prevent installation of devices that match any of these device instance IDs" policy setting, or the "Prevent installation of removable devices" policy setting).
 
 If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
 
-If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
+If you disable or don't configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
 
 
 Peripherals can be specified by their [device instance ID](/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow installation of devices that match any of these device instance IDs*
+-   GP Friendly name: *Allow installation of devices that match any of these device instance IDs*
 -   GP name: *DeviceInstall_Instance_IDs_Allow*
 -   GP path: *System/Device Installation/Device Installation Restrictions*
 -   GP ADMX file name: *deviceinstallation.admx*
@@ -283,7 +246,7 @@ To enable this policy, use the following SyncML.
     
 
 ```
-To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following is listed near the end of the log:
+To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following details are listed near the end of the log:
 ``` txt
 >>>  [Device Installation Restrictions Policy Check]
 >>>  Section start 2018/11/15 12:26:41.659
@@ -299,35 +262,18 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
 
                  
 
 
-## DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
+### DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -353,30 +299,25 @@ When this policy setting is enabled together with the "Apply layered order of ev
 - Prevent installation of devices that match these device IDs
 - Prevent installation of devices that match any of these device instance IDs
 
-If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
+If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
 
 > [!NOTE]
-> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It is recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible.
+> The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It's recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible.
 
 Alternatively, if this policy setting is enabled together with the "Prevent installation of devices not described by other policy settings" policy setting, Windows is allowed to install or update driver packages whose device setup class GUIDs appear in the list you create, unless another policy setting specifically prevents installation (for example, the "Prevent installation of devices that match these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, the "Prevent installation of devices that match any of these device instance IDs" policy setting, or the "Prevent installation of removable devices" policy setting).
 
 If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
 
-If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
+If you disable or don't configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
 
 Peripherals can be specified by their [hardware identity](/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Allow installation of devices using drivers that match these device setup classes*
+-   GP Friendly name: *Allow installation of devices using drivers that match these device setup classes*
 -   GP name: *DeviceInstall_Classes_Allow*
 -   GP path: *System/Device Installation/Device Installation Restrictions*
 -   GP ADMX file name: *deviceinstallation.admx*
@@ -414,7 +355,7 @@ Enclose the class GUID within curly brackets {}. To configure multiple classes,
 
 ```
 
-To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following is listed near the end of the log:
+To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following details are listed near the end of the log:
 
 
 ```txt
@@ -432,35 +373,18 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
 
                  
 
 
-## DeviceInstallation/EnableInstallationPolicyLayering
+### DeviceInstallation/EnableInstallationPolicyLayering
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -497,19 +421,14 @@ Device instance IDs > Device IDs > Device setup class > Removable devices
 > [!NOTE]
 > This policy setting provides more granular control than the "Prevent installation of devices not described by other policy settings" policy setting. If these conflicting policy settings are enabled at the same time, the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting will be enabled and the other policy setting will be ignored.
 
-If you disable or do not configure this policy setting, the default evaluation is used. By default, all "Prevent installation..." policy settings have precedence over any other policy setting that allows Windows to install a device.
+If you disable or don't configure this policy setting, the default evaluation is used. By default, all "Prevent installation..." policy settings have precedence over any other policy setting that allows Windows to install a device.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria*
+-   GP Friendly name: *Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria*
 -   GP name: *DeviceInstall_Allow_Deny_Layered*
 -   GP path: *System/Device Installation/Device Installation Restrictions*
 -   GP ADMX file name: *deviceinstallation.admx*
@@ -538,7 +457,7 @@ ADMX Info:
 
 ```
 
-To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following is listed near the end of the log:
+To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following details are listed near the end of the log:
 
 
 ```txt
@@ -549,7 +468,7 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
 ```
 You can also change the evaluation order of device installation policy settings by using a custom profile in Intune.
 
-:::image type="content" source="images/edit-row.png" alt-text="This is a edit row image":::
+:::image type="content" source="images/edit-row.png" alt-text="This image is an edit row image.":::
 
 
 
@@ -559,35 +478,18 @@ You can also change the evaluation order of device installation policy settings
 
                  
 
 
-## DeviceInstallation/PreventDeviceMetadataFromNetwork
+### DeviceInstallation/PreventDeviceMetadataFromNetwork
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -604,21 +506,16 @@ You can also change the evaluation order of device installation policy settings
 
 This policy setting allows you to prevent Windows from retrieving device metadata from the Internet.
 
-If you enable this policy setting, Windows does not retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation Settings dialog box (Control Panel > System and Security > System > Advanced System Settings > Hardware tab).
+If you enable this policy setting, Windows doesn't retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation Settings dialog box (Control Panel > System and Security > System > Advanced System Settings > Hardware tab).
 
-If you disable or do not configure this policy setting, the setting in the Device Installation Settings dialog box controls whether Windows retrieves device metadata from the Internet.
+If you disable or don't configure this policy setting, the setting in the Device Installation Settings dialog box controls whether Windows retrieves device metadata from the Internet.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent device metadata retrieval from the Internet*
+-   GP Friendly name: *Prevent device metadata retrieval from the Internet*
 -   GP name: *DeviceMetadata_PreventDeviceMetadataFromNetwork*
 -   GP path: *System/Device Installation*
 -   GP ADMX file name: *DeviceSetup.admx*
@@ -638,35 +535,18 @@ ADMX Info:
 
                  
 
 
-## DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
+### DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -681,26 +561,21 @@ ADMX Info:
 
 
 
-This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.
+This policy setting allows you to prevent the installation of devices that aren't  described by any other policy setting.
 
 > [!NOTE]
-> This policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting to provide more granular control. It is recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting instead of this policy setting.
+> This policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting to provide more granular control. It's recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting instead of this policy setting.
 
-If you enable this policy setting, Windows is prevented from installing or updating the driver package for any device that is not described by either the "Allow installation of devices that match any of these device IDs", the "Allow installation of devices for these device classes", or the "Allow installation of devices that match any of these device instance IDs" policy setting.
+If you enable this policy setting, Windows is prevented from installing or updating the driver package for any device that isn't described by either the "Allow installation of devices that match any of these device IDs", the "Allow installation of devices for these device classes", or the "Allow installation of devices that match any of these device instance IDs" policy setting.
 
-If you disable or do not configure this policy setting, Windows is allowed to install or update the driver package for any device that is not described by the "Prevent installation of devices that match any of these device IDs", "Prevent installation of devices for these device classes" policy setting, "Prevent installation of devices that match any of these device instance IDs", or "Prevent installation of removable devices" policy setting.
+If you disable or don't configure this policy setting, Windows is allowed to install or update the driver package for any device that isn't described by the "Prevent installation of devices that match any of these device IDs", "Prevent installation of devices for these device classes" policy setting, "Prevent installation of devices that match any of these device instance IDs", or "Prevent installation of removable devices" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent installation of devices not described by other policy settings*
+-   GP Friendly name: *Prevent installation of devices not described by other policy settings*
 -   GP name: *DeviceInstall_Unspecified_Deny*
 -   GP path: *System/Device Installation/Device Installation Restrictions*
 -   GP ADMX file name: *deviceinstallation.admx*
@@ -710,7 +585,7 @@ ADMX Info:
 
 
 
-To enable this policy, use the following SyncML. This example prevents Windows from installing devices that are not specifically described by any other policy setting. 
+To enable this policy, use the following SyncML. This example prevents Windows from installing devices that aren't described by any other policy setting. 
 
 
 ```xml
@@ -732,7 +607,7 @@ To enable this policy, use the following SyncML. This example prevents Windows f
 
 ```
 
-To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following is listed near the end of the log:
+To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following details are listed near the end of the log:
 
 ```txt
 >>>  [Device Installation Restrictions Policy Check]
@@ -743,7 +618,7 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
 
 You can also block installation by using a custom profile in Intune. 
 
-![Custom profile prevent devices](images/custom-profile-prevent-other-devices.png)
+![Custom profile prevent devices.](images/custom-profile-prevent-other-devices.png)
 
 
 
@@ -753,35 +628,18 @@ You can also block installation by using a custom profile in Intune.
 
                  
 
 
-## DeviceInstallation/PreventInstallationOfMatchingDeviceIDs
+### DeviceInstallation/PreventInstallationOfMatchingDeviceIDs
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -803,21 +661,16 @@ This policy setting allows you to specify a list of Plug and Play hardware IDs a
 
 If you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
 
-If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.
+If you disable or don't configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.
 
 Peripherals can be specified by their [hardware identity](/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent installation of devices that match any of these device IDs*
+-   GP Friendly name: *Prevent installation of devices that match any of these device IDs*
 -   GP name: *DeviceInstall_IDs_Deny*
 -   GP path: *System/Device Installation/Device Installation Restrictions*
 -   GP ADMX file name: *deviceinstallation.admx*
@@ -850,7 +703,7 @@ To enable this policy, use the following SyncML. This example prevents Windows f
 
 ```
 
-To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following is listed near the end of the log:
+To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following details are listed near the end of the log:
 
 ```txt
 >>>  [Device Installation Restrictions Policy Check]
@@ -863,7 +716,7 @@ You can also block installation and usage of prohibited peripherals by using a c
 
 For example, this custom profile blocks installation and usage of USB devices with hardware IDs "USB\Composite" and "USB\Class_FF", and applies to USB devices with matching hardware IDs that are already installed.
 
-![Custom profile prevent device ids](images/custom-profile-prevent-device-ids.png)
+![Custom profile prevent device ids.](images/custom-profile-prevent-device-ids.png)
 
 
 
@@ -873,35 +726,18 @@ For example, this custom profile blocks installation and usage of USB devices wi
 
                  
 
 
-## DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs
+### DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -916,25 +752,20 @@ For example, this custom profile blocks installation and usage of USB devices wi
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, version 1809. This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
+This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
 
 If you enable this policy setting, Windows is prevented from installing a device whose device instance ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
 
-If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.
+If you disable or don't configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.
 
 Peripherals can be specified by their [device instance ID](/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent installation of devices that match any of these device instance IDs*
+-   GP Friendly name: *Prevent installation of devices that match any of these device instance IDs*
 -   GP name: *DeviceInstall_Instance_IDs_Deny*
 -   GP path: *System/Device Installation/Device Installation Restrictions*
 -   GP ADMX file name: *deviceinstallation.admx*
@@ -964,7 +795,7 @@ To enable this policy, use the following SyncML. This example prevents Windows f
     
 
 ```
-To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following is listed near the end of the log:  
+To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following details are listed near the end of the log:  
 
 ``` txt
 >>>  [Device Installation Restrictions Policy Check]
@@ -977,7 +808,7 @@ You can also block installation and usage of prohibited peripherals by using a c
 
 For example, this custom profile prevents installation of devices with matching device instance IDs.
 
-![Custom profile](images/custom-profile-prevent-device-instance-ids.png)
+![Custom profile.](images/custom-profile-prevent-device-instance-ids.png)
 
 To prevent installation of devices with matching device instance IDs by using custom profile in Intune:
 1. Locate the device instance ID.
@@ -988,7 +819,7 @@ Replace
 with  
 ```USBSTOR\DISK&VEN_SAMSUNG&PROD_FLASH_DRIVE&REV_1100\0376319020002347&0```
     > [!Note]
-    > Do not use spaces in the value.
+    > don't use spaces in the value.
 3. Replace the device instance IDs with `&` into the sample SyncML. Add the SyncML into the Intune custom device configuration profile.
 
 
@@ -1000,35 +831,18 @@ with
 
                  
 
 
-## DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses
+### DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1050,21 +864,16 @@ This policy setting allows you to specify a list of device setup class globally
 
 If you enable this policy setting, Windows is prevented from installing or updating driver packages whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
 
-If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.
+If you disable or don't configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.
 
 Peripherals can be specified by their [hardware identity](/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Prevent installation of devices using drivers that match these device setup classes*
+-   GP Friendly name: *Prevent installation of devices using drivers that match these device setup classes*
 -   GP name: *DeviceInstall_Classes_Deny*
 -   GP path: *System/Device Installation/Device Installation Restrictions*
 -   GP ADMX file name: *deviceinstallation.admx*
@@ -1102,7 +911,7 @@ Enclose the class GUID within curly brackets {}. To configure multiple classes,
 
 ```
 
-To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following is listed near the end of the log:
+To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following details are listed near the end of the log:
 
 ```txt
 >>>  [Device Installation Restrictions Policy Check]
@@ -1117,15 +926,6 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 7ab4c6bf71..750efe50ed 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -28,6 +28,9 @@ manager: dansimp
   
                  
     DeviceLock/AllowSimpleDevicePassword
   
                  
+  
                  
+    DeviceLock/AllowScreenTimeoutWhileLockedUserConfig
+  
                  
   
                  
     DeviceLock/AlphanumericDevicePasswordRequired
   
                  
@@ -73,32 +76,15 @@ manager: dansimp
 **DeviceLock/AllowIdleReturnWithoutPassword**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecross mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|No|No|
+|Education|No|No|
+
 
 
 
                  
@@ -114,7 +100,7 @@ manager: dansimp
 
 
 > [!NOTE]
-> Currently, this policy is supported only in HoloLens 2, Hololens (1st gen) Commercial Suite, and HoloLens (1st gen) Development Edition.
+> Currently, this policy is supported only in HoloLens 2, HoloLens (1st gen) Commercial Suite, and HoloLens (1st gen) Development Edition.
 
 Specifies whether the user must input a PIN or password when the device resumes from an idle state.
 
@@ -137,32 +123,15 @@ The following list shows the supported values:
 **DeviceLock/AllowSimpleDevicePassword**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -180,11 +149,51 @@ The following list shows the supported values:
 Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords.
 
 > [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
 
 
+For more information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)).
+
+
+
+The following list shows the supported values:
+
+-   0 (default) – Blocked
+-   1 – Allowed
+
+
+
+
+
                  
+
+
+**DeviceLock/AllowScreenTimeoutWhileLockedUserConfig**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
 
-For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)).
 
 
 
@@ -202,32 +211,15 @@ The following list shows the supported values:
 **DeviceLock/AlphanumericDevicePasswordRequired**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -245,14 +237,14 @@ The following list shows the supported values:
 Determines the type of PIN required. This policy only applies if the **DeviceLock/DevicePasswordEnabled** policy is set to 0 (required).
 
 > [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
 >
-> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education).
+> Always use the Replace command instead of Add for this policy in Windows for desktop editions (Home, Pro, Enterprise, and Education).
 
 
 
 > [!NOTE]
-> If **AlphanumericDevicePasswordRequired** is set to 1 or 2, then MinDevicePasswordLength = 0 and MinDevicePasswordComplexCharacters = 1.
+> If **AlphanumericDevicePasswordRequired** is set to 1 or 2, then MinDevicePasswordLength = 0 and MinDevicePasswordComplexCharacters = 1.
 >
 > If **AlphanumericDevicePasswordRequired** is set to 0, then MinDevicePasswordLength = 4 and MinDevicePasswordComplexCharacters = 2.
 
@@ -273,32 +265,15 @@ The following list shows the supported values:
 **DeviceLock/DevicePasswordEnabled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -316,9 +291,9 @@ The following list shows the supported values:
 Specifies whether device lock is enabled.
 
 > [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
 >
-> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions.
+> Always use the Replace command instead of Add for this policy in Windows for desktop editions.
  
 
 
@@ -345,12 +320,12 @@ Specifies whether device lock is enabled.
 > -   MinDevicePasswordComplexCharacters
 
 > [!Important]
-> **DevicePasswordEnabled** should not be set to Enabled (0) when WMI is used to set the EAS DeviceLock policies given that it is Enabled by default in Policy CSP for back compat with Windows 8.x. If **DevicePasswordEnabled** is set to Enabled(0) then Policy CSP will return an error stating that **DevicePasswordEnabled** already exists. Windows 8.x did not support DevicePassword policy. When disabling **DevicePasswordEnabled** (1) then this should be the only policy set from the DeviceLock group of policies listed below:
+> **DevicePasswordEnabled** should not be set to Enabled (0) when WMI is used to set the EAS DeviceLock policies given that it is Enabled by default in Policy CSP for back compat with Windows 8.x. If **DevicePasswordEnabled** is set to Enabled(0) then Policy CSP will return an error stating that **DevicePasswordEnabled** already exists. Windows 8.x did not support DevicePassword policy. When disabling **DevicePasswordEnabled** (1) then this should be the only policy set from the DeviceLock group of policies listed below:
 > - **DevicePasswordEnabled** is the parent policy of the following:
 >   - AllowSimpleDevicePassword
 >   - MinDevicePasswordLength
 >   - AlphanumericDevicePasswordRequired
->   - MinDevicePasswordComplexCharacters 
+>   - MinDevicePasswordComplexCharacters 
 >   - DevicePasswordExpiration
 >   - DevicePasswordHistory
 >   - MaxDevicePasswordFailedAttempts
@@ -372,32 +347,15 @@ The following list shows the supported values:
 **DeviceLock/DevicePasswordExpiration**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -415,20 +373,20 @@ The following list shows the supported values:
 Specifies when the password expires (in days).
 
 > [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
 
 
 
-If all policy values = 0 then 0; otherwise, Min policy value is the most secure value.
+If all policy values = 0, then 0; otherwise, Min policy value is the most secure value.
 
-For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)).
+For more information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)).
 
 
 
 The following list shows the supported values:
 
 -   An integer X where 0 <= X <= 730.
--   0 (default) - Passwords do not expire.
+-   0 (default) - Passwords don't expire.
 
 
 
@@ -439,32 +397,15 @@ The following list shows the supported values:
 **DeviceLock/DevicePasswordHistory**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -482,13 +423,13 @@ The following list shows the supported values:
 Specifies how many passwords can be stored in the history that can’t be used.
 
 > [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
 
-The value includes the user's current password. This means that with a setting of 1 the user cannot reuse their current password when choosing a new password, while a setting of 5 means that a user cannot set their new password to their current password or any of their previous four passwords.
+The value includes the user's current password. This value denotes that with a setting of 1, the user can't reuse their current password when choosing a new password, while a setting of 5 means that a user can't set their new password to their current password or any of their previous four passwords.
 
 Max policy value is the most restricted.
 
-For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)).
+For more information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)).
 
 
 
@@ -506,32 +447,15 @@ The following list shows the supported values:
 **DeviceLock/EnforceLockScreenAndLogonImage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -546,10 +470,10 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image.
+Specifies the default lock screen and sign-in image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and sign-in screens. Users won't be able to change this image.
 
 > [!NOTE]
-> This policy is only enforced in Windows 10 Enterprise and Education editions and not supported in Windows 10 Home and Pro.
+> This policy is only enforced in Windows 10 Enterprise and Education editions and not supported in Windows 10 Home and Pro.
 
 
 Value type is a string, which is the full image filepath and filename.
@@ -563,32 +487,15 @@ Value type is a string, which is the full image filepath and filename.
 **DeviceLock/MaxDevicePasswordFailedAttempts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -606,26 +513,23 @@ Value type is a string, which is the full image filepath and filename.
 The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality.
 
 > [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
 
 
-This policy has different behaviors on the mobile device and desktop.
+On a client device, when the user reaches the value set by this policy, it isn't wiped. Instead, the desktop is put on BitLocker recovery mode, which makes the data inaccessible but recoverable. If BitLocker isn't enabled, then the policy can't be enforced.
 
--   On a mobile device, when the user reaches the value set by this policy, then the device is wiped.
--   On a desktop, when the user reaches the value set by this policy, it is not wiped. Instead, the desktop is put on BitLocker recovery mode, which makes the data inaccessible but recoverable. If BitLocker is not enabled, then the policy cannot be enforced.
-
-    Prior to reaching the failed attempts limit, the user is sent to the lock screen and warned that more failed attempts will lock their computer. When the user reaches the limit, the device automatically reboots and shows the BitLocker recovery page. This page prompts the user for the BitLocker recovery key.
+  Prior to reaching the failed attempts limit, the user is sent to the lock screen and warned that more failed attempts will lock their computer. When the user reaches the limit, the device automatically reboots and shows the BitLocker recovery page. This page prompts the user for the BitLocker recovery key.
 
 
 Most secure value is 0 if all policy values = 0; otherwise, Min policy value is the most secure value.
 
-For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)).
+For more information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)).
 
 
 
 The following list shows the supported values:
 
--   An integer X where 4 <= X <= 16 for desktop and 0 <= X <= 999 for mobile devices.
+-   An integer X where 4 <= X <= 16 for client devices.
 -   0 (default) - The device is never wiped after an incorrect PIN or password is entered.
 
 
@@ -637,32 +541,15 @@ The following list shows the supported values:
 **DeviceLock/MaxInactivityTimeDeviceLock**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -679,22 +566,21 @@ The following list shows the supported values:
 
 Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app.
 
-* On Mobile, the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy.
-* On HoloLens, this timeout is controlled by the device's system sleep timeout, regardless of the value set by this policy.
+On HoloLens, this timeout is controlled by the device's system sleep timeout, regardless of the value set by this policy.
 
 > [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
 
 
 
-For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)).
+For more information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)).
 
 
 
 The following list shows the supported values:
 
 -   An integer X where 0 <= X <= 999.
--   0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined."
+-   0 (default) - No timeout is defined.
 
 
 
@@ -705,32 +591,15 @@ The following list shows the supported values:
 **DeviceLock/MinDevicePasswordComplexCharacters**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -748,56 +617,24 @@ The following list shows the supported values:
 The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password.
 
 > [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
 >
-> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions.
+> Always use the Replace command instead of Add for this policy in Windows for desktop editions.
 
-PIN enforces the following behavior for desktop and mobile devices:
+PIN enforces the following behavior for client devices:
 
 -   1 - Digits only
 -   2 - Digits and lowercase letters are required
 -   3 - Digits, lowercase letters, and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts. 
--   4 - Digits, lowercase letters, uppercase letters, and special characters are required. Not supported in desktop.
+-   4 - Digits, lowercase letters, uppercase letters, and special characters are required. Not supported in desktop or HoloLens.
 
 The default value is 1. The following list shows the supported values and actual enforced values:
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  





                  Account TypeSupported ValuesActual Enforced Values
                  Mobile
                  1,2,3,4
                  Same as the value set
                  Desktop Local Accounts
                   1,2,3
                  3
                  Desktop Microsoft Accounts
                  1,2
                  		<p2
                  Desktop Domain Accounts
                  Not supported
                  		Not supported
                  
+|Account Type|Supported Values|Actual Enforced Values|
+|--- |--- |--- |
+|Local Accounts|1,2,3|3|
+|Microsoft Accounts|1,2|<p2|
+|Domain Accounts|Not supported|Not supported|
 
 
 Enforced values for Local and Microsoft Accounts:
@@ -814,9 +651,9 @@ Enforced values for Local and Microsoft Accounts:
         -   Base 10 digits (0 through 9)
         -   Special characters (!, $, \#, %, etc.)
 
-The enforcement of policies for Microsoft accounts happen on the server, and the server requires a password length of 8 and a complexity of 2. A complexity value of 3 or 4 is unsupported and setting this value on the server makes Microsoft accounts non-compliant.
+The enforcement of policies for Microsoft accounts happens on the server, and the server requires a password length of 8 and a complexity of 2. A complexity value of 3 or 4 is unsupported and setting this value on the server makes Microsoft accounts non-compliant.
 
-For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca).
+For more information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca).
 
 
 
@@ -827,32 +664,15 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
 **DeviceLock/MinDevicePasswordLength**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -870,23 +690,23 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
 Specifies the minimum number or characters required in the PIN or password.
 
 > [!NOTE]
-> This policy must be wrapped in an Atomic command.
+> This policy must be wrapped in an Atomic command.
 >
-> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions.
+> Always use the Replace command instead of Add for this policy in Windows for desktop editions.
 
 
 
 Max policy value is the most restricted.
 
-For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca).
+For more information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca).
 
 
 
 The following list shows the supported values:
 
--   An integer X where 4 <= X <= 16 for mobile devices and desktop. However, local accounts will always enforce a minimum password length of 6.
+-   An integer X where 4 <= X <= 16 for client devices. However, local accounts will always enforce a minimum password length of 6.
 -   Not enforced.
--   The default value is 4 for mobile devices and desktop devices.
+-   The default value is 4 for client devices.
 
 
 
@@ -920,32 +740,15 @@ The following example shows how to set the minimum password length to 4 characte
 **DeviceLock/MinimumPasswordAge**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark3
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -964,12 +767,12 @@ This security setting determines the period of time (in days) that a password mu
 
 The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998.
 
-Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default.
+Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting doesn't follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user doesn't have to choose a new password. For this reason, Enforce password history is set to 1 by default.
 
 
 
 GP Info:  
--   GP English name: *Minimum password age*
+-   GP Friendly name: *Minimum password age*
 -   GP path: *Windows Settings/Security Settings/Account Policies/Password Policy*
 
 
@@ -981,32 +784,15 @@ GP Info:
 **DeviceLock/PreventEnablingLockScreenCamera**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1025,7 +811,7 @@ Disables the lock screen camera toggle switch in PC Settings and prevents a came
 
 By default, users can enable invocation of an available camera on the lock screen.
 
-If you enable this setting, users will no longer be able to enable or disable lock screen camera access in PC Settings, and the camera cannot be invoked on the lock screen.
+If you enable this setting, users will no longer be able to enable or disable lock screen camera access in PC Settings, and the camera can't be invoked on the lock screen.
 
 
 > [!TIP]
@@ -1037,7 +823,7 @@ If you enable this setting, users will no longer be able to enable or disable lo
 
 
 ADMX Info:  
--   GP English name: *Prevent enabling lock screen camera*
+-   GP Friendly name: *Prevent enabling lock screen camera*
 -   GP name: *CPL_Personalization_NoLockScreenCamera*
 -   GP path: *Control Panel/Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -1051,32 +837,15 @@ ADMX Info:
 **DeviceLock/PreventLockScreenSlideShow**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1107,7 +876,7 @@ If you enable this setting, users will no longer be able to modify slide show se
 
 
 ADMX Info:  
--   GP English name: *Prevent enabling lock screen slide show*
+-   GP Friendly name: *Prevent enabling lock screen slide show*
 -   GP name: *CPL_Personalization_NoLockScreenSlideshow*
 -   GP path: *Control Panel/Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
@@ -1117,15 +886,6 @@ ADMX Info:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
-
\ No newline at end of file
+
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index 82dbb630ae..f3f60dd44f 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -46,32 +46,15 @@ manager: dansimp
 **Display/DisablePerProcessDpiForApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -91,7 +74,7 @@ This policy allows you to disable Per-Process System DPI for a semicolon-separat
 
 
 ADMX Info:  
--   GP English name: *Configure Per-Process System DPI settings*
+-   GP Friendly name: *Configure Per-Process System DPI settings*
 -   GP name: *DisplayPerProcessSystemDpiSettings*
 -   GP element: *DisplayDisablePerProcessSystemDpiSettings*
 -   GP path: *System/Display*
@@ -106,32 +89,15 @@ ADMX Info:
 **Display/EnablePerProcessDpi**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -147,24 +113,24 @@ ADMX Info:
 
 
 
-Per Process System DPI is an application compatibility feature for desktop applications that do not render properly after a display-scale factor (DPI) change. When the display scale factor of the primary display changes (which can happen when you connect or disconnect a display that has a different display scale factor (DPI), connect remotely from a device with a different display scale factor, or manually change the display scale factor), many desktop applications can display blurry. Desktop applications that have not been updated to display properly in this scenario will be blurry until you log out and back in to Windows. 
+Per Process System DPI is an application compatibility feature for desktop applications that don't render properly after a display-scale factor (DPI) change. When the display scale factor of the primary display changes (which can happen when you connect or disconnect a display that has a different display scale factor (DPI), connect remotely from a device with a different display scale factor, or manually change the display scale factor), many desktop applications can display blurry. Desktop applications that haven't been updated to display properly in this scenario will be blurry until you sign out and back in to Windows. 
 
-When you enable this policy some blurry applications will be crisp after they are restarted, without requiring the user to log out and back in to Windows. 
+When you enable this policy some blurry applications will be crisp after they're restarted, without requiring the user to sign out and back in to Windows. 
 
-Be aware of the following:
+Be aware of the following points:
 
-Per Process System DPI will only improve the rendering of desktop applications that are positioned on the primary display (or any other display that has the same scale factor as that of the primary display). Some desktop applications can still be blurry on secondary displays that have different display scale factors. 
+Per Process System DPI will only improve the rendering of desktop applications that are positioned on the primary display (or any other display having the same scale factor as that of the primary display). Some desktop applications can still be blurry on secondary displays that have different display scale factors. 
 
-Per Process System DPI will not work for all applications as some older desktop applications will always be blurry on high DPI displays. 
+Per Process System DPI won't work for all applications as some older desktop applications will always be blurry on high DPI displays. 
 
 In some cases, you may see some unexpected behavior in some desktop applications that have Per-Process System DPI applied. If that happens, Per Process System DPI should be disabled.
 
-Enabling this setting lets you specify the system-wide default for desktop applications as well as per-application overrides. If you disable or do not configure this setting, Per Process System DPI will not apply to any processes on the system.
+Enabling this setting lets you specify the system-wide default for desktop applications and per-application overrides. If you disable or don't configure this setting, Per Process System DPI won't apply to any processes on the system.
 
 
 
 ADMX Info:  
--   GP English name: *Configure Per-Process System DPI settings*
+-   GP Friendly name: *Configure Per-Process System DPI settings*
 -   GP name: *DisplayPerProcessSystemDpiSettings*
 -   GP element: *DisplayGlobalPerProcessSystemDpiSettings*
 -   GP path: *System/Display*
@@ -186,32 +152,15 @@ The following list shows the supported values:
 **Display/EnablePerProcessDpiForApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -231,7 +180,7 @@ This policy allows you to enable Per-Process System DPI for a semicolon-separate
 
 
 ADMX Info:  
--   GP English name: *Configure Per-Process System DPI settings*
+-   GP Friendly name: *Configure Per-Process System DPI settings*
 -   GP name: *DisplayPerProcessSystemDpiSettings*
 -   GP element: *DisplayEnablePerProcessSystemDpiSettings*
 -   GP path: *System/Display*
@@ -246,32 +195,15 @@ ADMX Info:
 **Display/TurnOffGdiDPIScalingForApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -286,20 +218,20 @@ ADMX Info:
 
 
 
-GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware.
+GDI DPI Scaling enables applications that aren't DPI aware to become per monitor DPI aware.
 
 This policy setting lets you specify legacy applications that have GDI DPI Scaling turned off.
 
-If you enable this policy setting, GDI DPI Scaling is turned off for all applications in the list, even if they are enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest.
+If you enable this policy setting, GDI DPI Scaling is turned off for all applications in the list, even if they're enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest.
 
-If you disable or do not configure this policy setting, GDI DPI Scaling might still be turned on for legacy applications.
+If you disable or don't configure this policy setting, GDI DPI Scaling might still be turned on for legacy applications.
 
 If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.
 
 
 
 ADMX Info:  
--   GP English name: *Turn off GdiDPIScaling for applications*
+-   GP Friendly name: *Turn off GdiDPIScaling for applications*
 -   GP name: *DisplayTurnOffGdiDPIScaling*
 -   GP element: *DisplayTurnOffGdiDPIScalingPrompt*
 -   GP path: *System/Display*
@@ -307,12 +239,12 @@ ADMX Info:
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following tasks:
 
-1.   Configure the setting for an app which has GDI DPI scaling enabled via MDM or any other supported mechanisms.
+1.   Configure the setting for an app, which has GDI DPI scaling enabled via MDM or any other supported mechanisms.
 2.   Run the app and observe blurry text.
 
-
+Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address.
 
 
 
                  
@@ -321,32 +253,15 @@ To validate on Desktop, do the following:
 **Display/TurnOnGdiDPIScalingForApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -361,20 +276,20 @@ To validate on Desktop, do the following:
 
 
 
-GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware.
+GDI DPI Scaling enables applications that aren't DPI aware to become per monitor DPI aware.
 
 This policy setting lets you specify legacy applications that have GDI DPI Scaling turned on.
 
 If you enable this policy setting, GDI DPI Scaling is turned on for all legacy applications in the list.
 
-If you disable or do not configure this policy setting, GDI DPI Scaling will not be enabled for an application except when an application is enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest.
+If you disable or don't configure this policy setting, GDI DPI Scaling won't be enabled for an application except when an application is enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest.
 
 If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.
 
 
 
 ADMX Info:  
--   GP English name: *Turn on GdiDPIScaling for applications*
+-   GP Friendly name: *Turn on GdiDPIScaling for applications*
 -   GP name: *DisplayTurnOnGdiDPIScaling*
 -   GP element: *DisplayTurnOnGdiDPIScalingPrompt*
 -   GP path: *System/Display*
@@ -382,25 +297,16 @@ ADMX Info:
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following tasks:
 
-1.   Configure the setting for an app which uses GDI.
+1.   Configure the setting for an app, which uses GDI.
 2.   Run the app and observe crisp text.
 
 
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md
index 24279ffb4d..1258127e5e 100644
--- a/windows/client-management/mdm/policy-csp-dmaguard.md
+++ b/windows/client-management/mdm/policy-csp-dmaguard.md
@@ -1,11 +1,11 @@
 ---
 title: Policy CSP - DmaGuard
-description: Learn how to use the Policy CSP - DmaGuard setting to provide additional security against external DMA capable devices.
+description: Learn how to use the Policy CSP - DmaGuard setting to provide more security against external DMA capable devices.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -33,32 +33,15 @@ manager: dansimp
 **DmaGuard/DeviceEnumerationPolicy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -73,11 +56,11 @@ manager: dansimp
 
 
 
-This policy is intended to provide additional security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices incompatible with [DMA Remapping](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers)/device memory isolation and sandboxing. 
+This policy is intended to provide more security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices incompatible with [DMA Remapping](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers)/device memory isolation and sandboxing. 
 
-Device memory sandboxing allows the OS to leverage the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access, by the peripheral. In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it.
+Device memory sandboxing allows the OS to use the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access, by the peripheral. In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it.
 
-This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that cannot be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, please check the Kernel DMA Protection field in the Summary page of MSINFO32.exe.
+This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that can't be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, check the Kernel DMA Protection field in the Summary page of MSINFO32.exe.
 
 > [!NOTE]
 > This policy does not apply to 1394/Firewire, PCMCIA, CardBus, or ExpressCard devices.
@@ -93,7 +76,7 @@ Supported values:
 
 
 ADMX Info:  
--   GP English name: *Enumeration policy for external devices incompatible with Kernel DMA Protection*
+-   GP Friendly name: *Enumeration policy for external devices incompatible with Kernel DMA Protection*
 -   GP name: *DmaGuardEnumerationPolicy*
 -   GP path: *System/Kernel DMA Protection*
 -   GP ADMX file name: *dmaguard.admx*
@@ -111,15 +94,6 @@ ADMX Info:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-eap.md b/windows/client-management/mdm/policy-csp-eap.md
new file mode 100644
index 0000000000..4a50535a07
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-eap.md
@@ -0,0 +1,83 @@
+---
+title: Policy CSP - EAP
+description: Learn how to use the Policy CSP - Education setting to control graphing functionality in the Windows Calculator app. 
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.localizationpriority: medium
+ms.date: 09/27/2019
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - EAP
+
+
+
                  
+
+
+## EAP policies  
+
+
                  
+  
                  
+    EAP/AllowTLS1_3
+  
                  
+
                  
+
+
+
                  
+
+
+**EAP/AllowTLS1_3**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting is added in Windows 10, version 21H1. Allow or disallow use of TLS 1.3 during EAP client authentication.
+
+
+
+ADMX Info:  
+-   GP Friendly name: *AllowTLS1_3*
+-   GP name: *AllowTLS1_3*
+-   GP path: *Windows Components/EAP*
+-   GP ADMX file name: *EAP.admx*
+
+
+
+The following list shows the supported values:  
+- 0 – Use of TLS version 1.3 is not allowed for authentication.
+
+- 1 (default) – Use of TLS version 1.3 is allowed for authentication.
+
+
+
+
+
                  
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index 18cce493eb..f846573eda 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -1,11 +1,11 @@
 ---
 title: Policy CSP - Education
-description: Learn how to use the Policy CSP - Education setting to control graphing functionality in the Windows Calculator app. 
+description: Learn how to use the Policy CSP - Education setting to control the graphing functionality in the Windows Calculator app. 
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -42,32 +42,15 @@ manager: dansimp
 **Education/AllowGraphingCalculator**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark8
                  Procheck mark8
                  Businesscheck mark8
                  Enterprisecheck mark8
                  Educationcheck mark8
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -82,11 +65,11 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 2004. This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality will not be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, you will be able to access graphing functionality.
+This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality won't be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, you'll be able to access graphing functionality.
 
 
 ADMX Info:  
--   GP English name: *Allow Graphing Calculator*
+-   GP Friendly name: *Allow Graphing Calculator*
 -   GP name: *AllowGraphingCalculator*
 -   GP path: *Windows Components/Calculator*
 -   GP ADMX file name: *Programs.admx*
@@ -105,32 +88,15 @@ The following list shows the supported values:
 **Education/DefaultPrinterName**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -145,7 +111,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1709. This policy allows IT Admins to set the user's default printer. 
+This policy allows IT Admins to set the user's default printer. 
 
 The policy value is expected to be the name (network host name) of an installed printer.
 
@@ -158,32 +124,15 @@ The policy value is expected to be the name (network host name) of an installed
 **Education/PreventAddingNewPrinters**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -198,12 +147,12 @@ The policy value is expected to be the name (network host name) of an installed
 
 
 
-Added in Windows 10, version 1709. Allows IT Admins to prevent user installation of additional printers from the printers settings.
+Allows IT Admins to prevent user installation of more printers from the printers settings.
 
 
 
 ADMX Info:  
--   GP English name: *Prevent addition of printers*
+-   GP Friendly name: *Prevent addition of printers*
 -   GP name: *NoAddPrinter*
 -   GP path: *Control Panel/Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -224,32 +173,15 @@ The following list shows the supported values:
 **Education/PrinterNames**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -264,7 +196,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1709. Allows IT Admins to automatically provision printers based on their names (network host names).
+Allows IT Admins to automatically provision printers based on their names (network host names).
 
 The policy value is expected to be a `````` separated list of printer names.  The OS will attempt to search and install the matching printer driver for each listed printer.
 
@@ -272,16 +204,7 @@ The policy value is expected to be a `````` separated list of printer na
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index af07ab44cf..fb0a5f37eb 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -49,32 +49,14 @@ manager: dansimp
 **EnterpriseCloudPrint/CloudPrintOAuthAuthority**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -89,7 +71,7 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1703. Specifies the authentication endpoint for acquiring OAuth tokens.  This policy must target ./User, otherwise it fails.
+Specifies the authentication endpoint for acquiring OAuth tokens.  This policy must target ./User, otherwise it fails.
 
 The datatype is a string.
 
@@ -104,32 +86,14 @@ The default value is an empty string. Otherwise, the value should contain the UR
 **EnterpriseCloudPrint/CloudPrintOAuthClientId**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -144,7 +108,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
 
 
 
-Added in Windows 10, version 1703. Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails.
+Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails.
 
 The datatype is a string.
 
@@ -159,32 +123,14 @@ The default value is an empty string. Otherwise, the value should contain a GUID
 **EnterpriseCloudPrint/CloudPrintResourceId**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -199,7 +145,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID
 
 
 
-Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails.
+Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails.
 
 The datatype is a string. 
 
@@ -214,32 +160,14 @@ The default value is an empty string. Otherwise, the value should contain a URL.
 **EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -254,7 +182,7 @@ The default value is an empty string. Otherwise, the value should contain a URL.
 
 
 
-Added in Windows 10, version 1703. Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails.
+Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails.
 
 The datatype is a string.
 
@@ -269,32 +197,14 @@ The default value is an empty string. Otherwise, the value should contain the UR
 **EnterpriseCloudPrint/DiscoveryMaxPrinterLimit**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -309,7 +219,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
 
 
 
-Added in Windows 10, version 1703. Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails.
+Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails.
 
 The datatype is an integer. 
 
@@ -322,32 +232,14 @@ The datatype is an integer.
 **EnterpriseCloudPrint/MopriaDiscoveryResourceId**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -362,7 +254,7 @@ The datatype is an integer.
 
 
 
-Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails.
+Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails.
 
 The datatype is a string.
 
@@ -372,16 +264,6 @@ The default value is an empty string. Otherwise, the value should contain a URL.
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index b4f27cc7c0..37d4c94e64 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -14,7 +14,12 @@ manager: dansimp
 
 # Policy CSP - ErrorReporting
 
-
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -46,32 +51,14 @@ manager: dansimp
 **ErrorReporting/CustomizeConsentSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -88,31 +75,25 @@ manager: dansimp
 
 This policy setting determines the consent behavior of Windows Error Reporting for specific event types.
 
-If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4.
+If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those even types for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4.
 
 - 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type.
 
 - 1 (Always ask before sending data): Windows prompts the user for consent to send reports.
 
-- 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft.
+- 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any extra data requested by Microsoft.
 
-- 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high probability) does not contain personally identifiable data, and prompts the user for consent to send any additional data requested by Microsoft.
+- 3 (Send parameters and safe extra data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and data which Windows has determined (within a high probability) doesn't contain personally identifiable data, and prompts the user for consent to send any extra data requested by Microsoft.
 
 - 4 (Send all data): Any data requested by Microsoft is sent automatically.
 
-If you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting.
+If you disable or don't configure this policy setting, then the default consent settings that are applied are those settings specified by the user in Control Panel, or in the Configure Default Consent policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Customize consent settings*
+-   GP Friendly name: *Customize consent settings*
 -   GP name: *WerConsentCustomize_2*
 -   GP path: *Windows Components/Windows Error Reporting/Consent*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -126,32 +107,14 @@ ADMX Info:
 **ErrorReporting/DisableWindowsErrorReporting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -166,23 +129,17 @@ ADMX Info:
 
 
 
-This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.
+This policy setting turns off Windows Error Reporting, so that reports aren't collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.
 
-If you enable this policy setting, Windows Error Reporting does not send any problem information to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel.
+If you enable this policy setting, Windows Error Reporting doesn't send any problem information to Microsoft. Additionally, solution information isn't available in Security and Maintenance in Control Panel.
 
-If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied.
+If you disable or don't configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disable Windows Error Reporting*
+-   GP Friendly name: *Disable Windows Error Reporting*
 -   GP name: *WerDisable_2*
 -   GP path: *Windows Components/Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -196,32 +153,14 @@ ADMX Info:
 **ErrorReporting/DisplayErrorNotification**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -240,23 +179,17 @@ This policy setting controls whether users are shown an error dialog box that le
 
 If you enable this policy setting, users are notified in a dialog box that an error has occurred, and can display more details about the error. If the Configure Error Reporting policy setting is also enabled, the user can also report the error.
 
-If you disable this policy setting, users are not notified that errors have occurred. If the Configure Error Reporting policy setting is also enabled, errors are reported, but users receive no notification. Disabling this policy setting is useful for servers that do not have interactive users.
+If you disable this policy setting, users aren't notified that errors have occurred. If the Configure Error Reporting policy setting is also enabled, errors are reported, but users receive no notification. Disabling this policy setting is useful for servers that don't have interactive users.
 
-If you do not configure this policy setting, users can change this setting in Control Panel, which is set to enable notification by default on computers that are running Windows XP Personal Edition and Windows XP Professional Edition, and disable notification by default on computers that are running Windows Server.
+If you don't configure this policy setting, users can change this setting in Control Panel, which is set to enable notification by default on computers that are running Windows XP Personal Edition and Windows XP Professional Edition, and disable notification by default on computers that are running Windows Server.
 
 See also the Configure Error Reporting policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Display Error Notification*
+-   GP Friendly name: *Display Error Notification*
 -   GP name: *PCH_ShowUI*
 -   GP path: *Windows Components/Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -270,32 +203,14 @@ ADMX Info:
 **ErrorReporting/DoNotSendAdditionalData**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -310,23 +225,17 @@ ADMX Info:
 
 
 
-This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.
+This policy setting controls whether extra data in support of error reports can be sent to Microsoft automatically.
 
-If you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user.
+If you enable this policy setting, any extra data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user.
 
-If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.
+If you disable or don't configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not send additional data*
+-   GP Friendly name: *Do not send additional data*
 -   GP name: *WerNoSecondLevelData_2*
 -   GP path: *Windows Components/Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -340,32 +249,14 @@ ADMX Info:
 **ErrorReporting/PreventCriticalErrorDisplay**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -382,21 +273,15 @@ ADMX Info:
 
 This policy setting prevents the display of the user interface for critical errors.
 
-If you enable this policy setting, Windows Error Reporting does not display any GUI-based error messages or dialog boxes for critical errors.
+If you enable this policy setting, Windows Error Reporting doesn't display any GUI-based error messages or dialog boxes for critical errors.
 
-If you disable or do not configure this policy setting, Windows Error Reporting displays the user interface for critical errors.
+If you disable or don't configure this policy setting, Windows Error Reporting displays the user interface for critical errors.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent display of the user interface for critical errors*
+-   GP Friendly name: *Prevent display of the user interface for critical errors*
 -   GP name: *WerDoNotShowUI*
 -   GP path: *Windows Components/Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
@@ -405,16 +290,6 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index d86bd44edc..ced6ab68a9 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -1,11 +1,11 @@
 ---
 title: Policy CSP - EventLogService
-description: Learn how to use the Policy CSP - EventLogService settting to control Event Log behavior when the log file reaches its maximum size.
+description: Learn how to use the Policy CSP - EventLogService setting to control Event Log behavior when the log file reaches its maximum size.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -43,32 +43,14 @@ manager: dansimp
 **EventLogService/ControlEventLogBehavior**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -85,23 +67,17 @@ manager: dansimp
 
 This policy setting controls Event Log behavior when the log file reaches its maximum size.
 
-If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.
+If you enable this policy setting and a log file reaches its maximum size, new events aren't written to the log and are lost.
 
-If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
+If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
 
 Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Control Event Log behavior when the log file reaches its maximum size*
+-   GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size*
 -   GP name: *Channel_Log_Retention_1*
 -   GP path: *Windows Components/Event Log Service/Application*
 -   GP ADMX file name: *eventlog.admx*
@@ -115,32 +91,14 @@ ADMX Info:
 **EventLogService/SpecifyMaximumFileSizeApplicationLog**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -157,21 +115,15 @@ ADMX Info:
 
 This policy setting specifies the maximum size of the log file in kilobytes.
 
-If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
+If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2,147,483,647 kilobytes) in kilobyte increments.
 
-If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
+If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify the maximum log file size (KB)*
+-   GP Friendly name: *Specify the maximum log file size (KB)*
 -   GP name: *Channel_LogMaxSize_1*
 -   GP path: *Windows Components/Event Log Service/Application*
 -   GP ADMX file name: *eventlog.admx*
@@ -185,32 +137,14 @@ ADMX Info:
 **EventLogService/SpecifyMaximumFileSizeSecurityLog**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -227,21 +161,15 @@ ADMX Info:
 
 This policy setting specifies the maximum size of the log file in kilobytes.
 
-If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
+If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2,147,483,647 kilobytes) in kilobyte increments.
 
-If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
+If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify the maximum log file size (KB)*
+-   GP Friendly name: *Specify the maximum log file size (KB)*
 -   GP name: *Channel_LogMaxSize_2*
 -   GP path: *Windows Components/Event Log Service/Security*
 -   GP ADMX file name: *eventlog.admx*
@@ -255,32 +183,14 @@ ADMX Info:
 **EventLogService/SpecifyMaximumFileSizeSystemLog**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -297,21 +207,15 @@ ADMX Info:
 
 This policy setting specifies the maximum size of the log file in kilobytes.
 
-If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
+If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2,147,483,647 kilobytes) in kilobyte increments.
 
-If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
+If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify the maximum log file size (KB)*
+-   GP Friendly name: *Specify the maximum log file size (KB)*
 -   GP name: *Channel_LogMaxSize_4*
 -   GP path: *Windows Components/Event Log Service/System*
 -   GP ADMX file name: *eventlog.admx*
@@ -320,16 +224,6 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 819bc7b7e0..b115b5df8c 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1,11 +1,11 @@
 ---
 title: Policy CSP - Experience
-description: Learn how to use the Policy CSP - Experience setting to allow history of clipboard items to be stored in memory.
+description: Learn how to use the Policy CSP - Experience setting to allow history of clipboard items to be stored in memory.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 11/02/2020
 ms.reviewer: 
@@ -37,15 +37,18 @@ manager: dansimp
   
                  
     Experience/AllowManualMDMUnenrollment
   
                  
-  
                  
-    Experience/AllowNewsAndInterestsOnTheTaskbar
-  
                  
   
                  
     Experience/AllowSaveAsOfOfficeFiles
   
                  
+  
                  
+    Experience/AllowScreenCapture
+  
                  
   
                  
     Experience/AllowSharingOfOfficeFiles
   
                  
+  
                  
+    Experience/AllowSIMErrorDialogPromptWhenNoSIM
+  
                  
   
                  
     Experience/AllowSyncMySettings
   
                  
@@ -73,6 +76,9 @@ manager: dansimp
   
                  
     Experience/AllowWindowsTips
   
                  
+  
                  
+    Experience/ConfigureChatIcon
+  
                  
   
                  
     Experience/ConfigureWindowsSpotlightOnLockScreen
   
                  
@@ -100,32 +106,14 @@ manager: dansimp
 **Experience/AllowClipboardHistory**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -149,7 +137,7 @@ Value type is integer. Supported values:
 
 
 ADMX Info:  
--   GP English name: *Allow Clipboard History*
+-   GP Friendly name: *Allow Clipboard History*
 -   GP name: *AllowClipboardHistory*
 -   GP path: *System/OS Policies*
 -   GP ADMX file name: *OSPolicy.admx*
@@ -167,7 +155,7 @@ ADMX Info:
 1. Configure Experiences/AllowClipboardHistory to 0.
 1. Open Notepad (or any editor app), select a text, and copy it to the clipboard.
 1. Press Win+V to open the clipboard history UI.
-1. You should not see any clipboard item including current item you copied.
+1. You shouldn't see any clipboard item including current item you copied.
 1. The setting under Settings App->System->Clipboard should be grayed out with policy warning.
 
 
@@ -179,32 +167,14 @@ ADMX Info:
 **Experience/AllowCortana**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -226,7 +196,7 @@ Most restricted value is 0.
 
 
 ADMX Info:  
--   GP English name: *Allow Cortana*
+-   GP Friendly name: *Allow Cortana*
 -   GP name: *AllowCortana*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -247,32 +217,14 @@ The following list shows the supported values:
 **Experience/AllowDeviceDiscovery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -289,7 +241,7 @@ The following list shows the supported values:
 
 Allows users to turn on/off device discovery UX.
 
-When set to 0, the projection pane is disabled. The Win+P and Win+K shortcut keys will not work on.
+When set to 0, the projection pane is disabled. The Win+P and Win+K shortcut keys won't work on.
 
 Most restricted value is 0.
 
@@ -309,32 +261,14 @@ The following list shows the supported values:
 **Experience/AllowFindMyDevice**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscross mark
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -349,16 +283,16 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. This policy turns on Find My Device.
+This policy turns on Find My Device.
 
 When Find My Device is on, the device and its location are registered in the cloud so that the device can be located when the user initiates a Find command from account.microsoft.com. In Windows 10, version 1709 devices that are compatible with active digitizers, enabling Find My Device will also allow the user to view the last location of use of their active digitizer on their device; this location is stored locally on the user's device after each use of their active digitizer.
 
-When Find My Device is off, the device and its location are not registered and the Find My Device feature will not work. In Windows 10, version 1709 the user will not be able to view the location of the last use of their active digitizer on their device.
+When Find My Device is off, the device and its location aren't registered and the Find My Device feature won't work. In Windows 10, version 1709 the user won't be able to view the location of the last use of their active digitizer on their device.
 
 
 
 ADMX Info:  
--   GP English name: *Turn On/Off Find My Device*
+-   GP Friendly name: *Turn On/Off Find My Device*
 -   GP name: *FindMy_AllowFindMyDeviceConfig*
 -   GP path: *Windows Components/Find My Device*
 -   GP ADMX file name: *FindMy.admx*
@@ -379,32 +313,14 @@ The following list shows the supported values:
 **Experience/AllowManualMDMUnenrollment**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -419,10 +335,10 @@ The following list shows the supported values:
 
 
 
-Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g., auto-enrolled), then disabling the MDM unenrollment has no effect.
+Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (for example, auto-enrolled), then disabling the MDM unenrollment has no effect.
 
 > [!NOTE]
-> The MDM server can always remotely delete the account.
+> The MDM server can always remotely delete the account.
 
 
 Most restricted value is 0.
@@ -439,37 +355,31 @@ The following list shows the supported values:
 
 
                  
 
+
+Experience/AllowSaveAsOfOfficeFiles
+
+
                  
+
+
+This policy is deprecated.
+
+
+
+
+
                  
 
 
-**Experience/AllowNewsAndInterestsOnTheTaskbar**  
+**Experience/AllowScreenCapture**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -478,37 +388,21 @@ The following list shows the supported values:
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
 > [!div class = "checklist"]
-> * Machine
+> * Device
 
 
                  
 
 
 
-Specifies whether to allow "News and interests" on the Taskbar.
+
 
 
 
-The values for this policy are 1 and 0. This policy defaults to 1.
-
-- 1 - Default - News and interests feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
-
-- 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
+Describe what values are supported in by this policy and meaning of each value is default value.
 
 
 
 
-
                  
-
-**Experience/AllowSaveAsOfOfficeFiles**  
-
-
                  
-
-
-This policy is deprecated.
-
-
-
-
 
                  
 
 
@@ -520,38 +414,54 @@ This policy is deprecated.
 
 
 
+
+**Experience/AllowSIMErrorDialogPromptWhenNoSIM**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+
+
+Describes what values are supported in by this policy and meaning of each value is default value.
+
+
+
+
 
                  
 
 
 **Experience/AllowSyncMySettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -572,7 +482,7 @@ Allows or disallows all Windows sync settings on the device. For information abo
 
 The following list shows the supported values:
 
--   0 – Sync settings are not allowed.
+-   0 – Sync settings aren't allowed.
 -   1 (default) – Sync settings allowed.
 
 
@@ -584,32 +494,14 @@ The following list shows the supported values:
 **Experience/AllowTailoredExperiencesWithDiagnosticData**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscross mark
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -624,22 +516,20 @@ The following list shows the supported values:
 
 
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
 
-Added in Windows 10, version 1703. This policy allows you to prevent Windows from using diagnostic data to provide customized experiences to the user. If you enable this policy setting, Windows will not use diagnostic data from this device to customize content shown on the lock screen, Windows tips, Microsoft consumer features, or other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant. If you disable or do not configure this policy setting, Microsoft will use diagnostic data to provide personalized recommendations, tips, and offers to tailor Windows for the user's needs and make it work better for them.
+This policy allows you to prevent Windows from using diagnostic data to provide customized experiences to the user. If you enable this policy setting, Windows won't use diagnostic data from this device to customize content shown on the lock screen, Windows tips, Microsoft consumer features, or other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant. If you disable or don't configure this policy setting, Microsoft will use diagnostic data to provide personalized recommendations, tips, and offers to tailor Windows for the user's needs and make it work better for them.
 
 Diagnostic data can include browser, app and feature usage, depending on the "Diagnostic and usage data" setting value.
 
 > [!NOTE]
-> This setting does not control Cortana cutomized experiences because there are separate policies to configure it.
+> This setting doesn't control Cortana cutomized experiences because there are separate policies to configure it.
 
 Most restricted value is 0.
 
 
 
 ADMX Info:  
--   GP English name: *Do not use diagnostic data for tailored experiences*
+-   GP Friendly name: *Do not use diagnostic data for tailored experiences*
 -   GP name: *DisableTailoredExperiencesWithDiagnosticData*
 -   GP path: *Windows Components/Cloud Content*
 -   GP ADMX file name: *CloudContent.admx*
@@ -660,32 +550,14 @@ The following list shows the supported values:
 **Experience/AllowThirdPartySuggestionsInWindowsSpotlight**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -701,7 +573,7 @@ The following list shows the supported values:
 
 
 > [!NOTE]
-> This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
+> This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
 
 
 Specifies whether to allow app and content suggestions from third-party software publishers in Windows spotlight features like lock screen spotlight, suggested apps in the Start menu, and Windows tips. Users may still see suggestions for Microsoft features, apps, and services.
@@ -709,7 +581,7 @@ Specifies whether to allow app and content suggestions from third-party software
 
 
 ADMX Info:  
--   GP English name: *Do not suggest third-party content in Windows spotlight*
+-   GP Friendly name: *Do not suggest third-party content in Windows spotlight*
 -   GP name: *DisableThirdPartySuggestions*
 -   GP path: *Windows Components/Cloud Content*
 -   GP ADMX file name: *CloudContent.admx*
@@ -730,32 +602,14 @@ The following list shows the supported values:
 **Experience/AllowWindowsConsumerFeatures**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -771,8 +625,7 @@ The following list shows the supported values:
 
 
 > [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-> Prior to Windows 10, version 1803, this policy had User scope.
+> Prior to Windows 10, version 1803, this policy had User scope.
 
 
 This policy allows IT admins to turn on experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles.
@@ -782,7 +635,7 @@ Most restricted value is 0.
 
 
 ADMX Info:  
--   GP English name: *Turn off Microsoft consumer experiences*
+-   GP Friendly name: *Turn off Microsoft consumer experiences*
 -   GP name: *DisableWindowsConsumerFeatures*
 -   GP path: *Windows Components/Cloud Content*
 -   GP ADMX file name: *CloudContent.admx*
@@ -803,32 +656,14 @@ The following list shows the supported values:
 **Experience/AllowWindowsSpotlight**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -844,17 +679,17 @@ The following list shows the supported values:
 
 
 > [!NOTE]
-> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
+> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
 
 
-Specifies whether to turn off all Windows spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimize network traffic from target devices. If you disable or do not configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings.
+Specifies whether to turn off all Windows spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimize network traffic from target devices. If you disable or don't configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings.
 
 Most restricted value is 0.
 
 
 
 ADMX Info:  
--   GP English name: *Turn off all Windows spotlight features*
+-   GP Friendly name: *Turn off all Windows spotlight features*
 -   GP name: *DisableWindowsSpotlightFeatures*
 -   GP path: *Windows Components/Cloud Content*
 -   GP ADMX file name: *CloudContent.admx*
@@ -875,32 +710,14 @@ The following list shows the supported values:
 **Experience/AllowWindowsSpotlightOnActionCenter**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -915,17 +732,15 @@ The following list shows the supported values:
 
 
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
 
-Added in Windows 10, version 1703. This policy allows administrators to prevent Windows spotlight notifications from being displayed in the Action Center. If you enable this policy, Windows spotlight notifications will no longer be displayed in the Action Center. If you disable or do not configure this policy, Microsoft may display notifications in the Action Center that will suggest apps or features to help users be more productive on Windows.
+This policy allows administrators to prevent Windows spotlight notifications from being displayed in the Action Center. If you enable this policy, Windows spotlight notifications will no longer be displayed in the Action Center. If you disable or don't configure this policy, Microsoft may display notifications in the Action Center that will suggest apps or features to help users be more productive on Windows.
 
 Most restricted value is 0.
 
 
 
 ADMX Info:  
--   GP English name: *Turn off Windows Spotlight on Action Center*
+-   GP Friendly name: *Turn off Windows Spotlight on Action Center*
 -   GP name: *DisableWindowsSpotlightOnActionCenter*
 -   GP path: *Windows Components/Cloud Content*
 -   GP ADMX file name: *CloudContent.admx*
@@ -946,32 +761,14 @@ The following list shows the supported values:
 **Experience/AllowWindowsSpotlightOnSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -986,7 +783,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. This policy allows IT admins to turn off Suggestions in Settings app. These suggestions from Microsoft may show after each OS clean install, upgrade or an on-going basis to help users discover apps/features on Windows or across devices, to make their experience productive.
+This policy allows IT admins to turn off Suggestions in Settings app. These suggestions from Microsoft may show after each OS clean install, upgrade or an on-going basis to help users discover apps/features on Windows or across devices, to make their experience productive.
 
 -  User setting is under Settings -> Privacy -> General -> Show me suggested content in Settings app.
 -  User Setting is changeable on a per user basis.
@@ -995,7 +792,7 @@ Added in Windows 10, version 1803. This policy allows IT admins to turn off Sugg
 
 
 ADMX Info:  
--   GP English name: *Turn off Windows Spotlight on Settings*
+-   GP Friendly name: *Turn off Windows Spotlight on Settings*
 -   GP name: *DisableWindowsSpotlightOnSettings*
 -   GP path: *Windows Components/Cloud Content*
 -   GP ADMX file name: *CloudContent.admx*
@@ -1016,32 +813,14 @@ The following list shows the supported values:
 **Experience/AllowWindowsSpotlightWindowsWelcomeExperience**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1056,18 +835,16 @@ The following list shows the supported values:
 
 
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
 
-Added in Windows 10, version 1703. This policy setting lets you turn off the Windows spotlight Windows welcome experience feature.
-The Windows welcome experience feature introduces onboard users to Windows; for example, launching Microsoft Edge with a webpage that highlights new features. If you enable this policy, the Windows welcome experience will no longer be displayed when there are updates and changes to Windows and its apps. If you disable or do not configure this policy, the Windows welcome experience will be launched to inform onboard users about what's new, changed, and suggested.
+This policy setting lets you turn off the Windows spotlight Windows welcome experience feature.
+The Windows welcome experience feature introduces onboard users to Windows; for example, launching Microsoft Edge with a webpage that highlights new features. If you enable this policy, the Windows welcome experience will no longer be displayed when there are updates and changes to Windows and its apps. If you disable or don't configure this policy, the Windows welcome experience will be launched to inform onboard users about what's new, changed, and suggested.
 
 Most restricted value is 0.
 
 
 
 ADMX Info:  
--   GP English name: *Turn off the Windows Welcome Experience*
+-   GP Friendly name: *Turn off the Windows Welcome Experience*
 -   GP name: *DisableWindowsSpotlightWindowsWelcomeExperience*
 -   GP path: *Windows Components/Cloud Content*
 -   GP ADMX file name: *CloudContent.admx*
@@ -1088,32 +865,14 @@ The following list shows the supported values:
 **Experience/AllowWindowsTips**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1133,7 +892,7 @@ Enables or disables Windows Tips / soft landing.
 
 
 ADMX Info:  
--   GP English name: *Do not show Windows tips*
+-   GP Friendly name: *Do not show Windows tips*
 -   GP name: *DisableSoftLanding*
 -   GP path: *Windows Components/Cloud Content*
 -   GP ADMX file name: *CloudContent.admx*
@@ -1150,36 +909,61 @@ The following list shows the supported values:
 
 
                  
 
+
+**Experience/ConfigureChatIcon**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|Yes|
+|Pro|No|Yes|
+|Business|No|No|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
                  
+
+
+This policy setting allows you to configure the Chat icon on the taskbar.
+
+
+
+The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not enabled.
+
+-   0 - Not Configured: The Chat icon will be configured according to the defaults for your Windows edition.
+-   1 - Show: The Chat icon will be displayed on the taskbar by default. Users can show or hide it in Settings.
+-   2 - Hide: The Chat icon will be hidden by default. Users can show or hide it in Settings.
+-   3 - Disabled: The Chat icon won't be displayed, and users can't show or hide it in Settings.
+
+> [!NOTE]
+> Option 1 (Show) and Option 2 (Hide) only work on the first sign-in attempt. Option 3 (Disabled) works on all attempts.
+
+
+
+
+
                  
+
 
 **Experience/ConfigureWindowsSpotlightOnLockScreen**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1195,15 +979,15 @@ The following list shows the supported values:
 
 
 > [!NOTE]
-> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
+> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
 
 
-Allows IT admins to specify whether spotlight should be used on the user's lock screen. If your organization does not have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1.
+Allows IT admins to specify whether spotlight should be used on the user's lock screen. If your organization doesn't have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1.
 
 
 
 ADMX Info:  
--   GP English name: *Configure Windows spotlight on lock screen*
+-   GP Friendly name: *Configure Windows spotlight on lock screen*
 -   GP name: *ConfigureWindowsSpotlight*
 -   GP path: *Windows Components/Cloud Content*
 -   GP ADMX file name: *CloudContent.admx*
@@ -1223,32 +1007,14 @@ The following list shows the supported values:
 **Experience/DisableCloudOptimizedContent**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark9
                  Procheck mark9
                  Businesscheck mark9
                  Enterprisecheck mark9
                  Educationcheck mark9
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1267,12 +1033,12 @@ This policy setting lets you turn off cloud optimized content in all Windows exp
 
 If you enable this policy setting, Windows experiences that use the cloud optimized content client component will present the default fallback content.
 
-If you disable or do not configure this policy setting, Windows experiences will be able to use cloud optimized content.
+If you disable or don't configure this policy setting, Windows experiences will be able to use cloud optimized content.
 
 
 
 ADMX Info:  
--   GP English name: *Turn off cloud optimized content*
+-   GP Friendly name: *Turn off cloud optimized content*
 -   GP name: *DisableCloudOptimizedContent*
 -   GP path: *Windows Components/Cloud Content*
 -   GP ADMX file name: *CloudContent.admx*
@@ -1293,32 +1059,14 @@ The following list shows the supported values:
 **Experience/DoNotShowFeedbackNotifications**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1335,14 +1083,14 @@ The following list shows the supported values:
 
 Prevents devices from showing feedback questions from Microsoft.
 
-If you enable this policy setting, users will no longer see feedback notifications through the Feedback hub app. If you disable or do not configure this policy setting, users may see notifications through the Feedback hub app asking users for feedback.
+If you enable this policy setting, users will no longer see feedback notifications through the Feedback hub app. If you disable or don't configure this policy setting, users may see notifications through the Feedback hub app asking users for feedback.
 
-If you disable or do not configure this policy setting, users can control how often they receive feedback questions.
+If you disable or don't configure this policy setting, users can control how often they receive feedback questions.
 
 
 
 ADMX Info:  
--   GP English name: *Do not show feedback notifications*
+-   GP Friendly name: *Do not show feedback notifications*
 -   GP name: *DoNotShowFeedbackNotifications*
 -   GP path: *Data Collection and Preview Builds*
 -   GP ADMX file name: *FeedbackNotifications.admx*
@@ -1351,7 +1099,7 @@ ADMX Info:
 
 The following list shows the supported values:
 
--   0 (default) – Feedback notifications are not disabled. The actual state of feedback notifications on the device will then depend on what GP has configured or what the user has configured locally.
+-   0 (default) – Feedback notifications aren't disabled. The actual state of feedback notifications on the device will then depend on what GP has configured or what the user has configured locally.
 -   1 – Feedback notifications are disabled.
 
 
@@ -1363,32 +1111,14 @@ The following list shows the supported values:
 **Experience/DoNotSyncBrowserSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1411,7 +1141,7 @@ Related policy:
 
 
 ADMX Info:  
--   GP English name: *Do not sync browser settings*
+-   GP Friendly name: *Do not sync browser settings*
 -   GP name: *DisableWebBrowserSettingSync*
 -   GP path: *Windows Components/Sync your settings*
 -   GP ADMX file name: *SettingSync.admx*
@@ -1421,7 +1151,7 @@ ADMX Info:
 Supported values:
 
 -  0 (default) - Allowed/turned on. The "browser" group synchronizes automatically between users' devices and lets users make changes.
--  2 - Prevented/turned off. The "browser" group does not use the _Sync your Settings_ option.
+-  2 - Prevented/turned off. The "browser" group doesn't use the _Sync your Settings_ option.
 
 
 _**Sync the browser settings automatically**_
@@ -1451,38 +1181,18 @@ _**Turn syncing off by default but don’t disable**_
 
 
 
-
                  
-
 
 **Experience/PreventUsersFromTurningOnBrowserSyncing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1506,7 +1216,7 @@ Related policy:
 
 
 ADMX Info:  
--   GP English name: *Prevent users from turning on browser syncing*
+-   GP Friendly name: *Prevent users from turning on browser syncing*
 -   GP name: *PreventUsersFromTurningOnBrowserSyncing*
 -   GP path: *Windows Components/Sync your settings*
 -   GP ADMX file name: *SettingSync.admx*
@@ -1552,32 +1262,15 @@ Validation procedure:
 **Experience/ShowLockOnUserTile**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -1598,12 +1291,12 @@ If you enable this policy setting, the lock option is shown in the User Tile men
 
 If you disable this policy setting, the lock option is never shown in the User Tile menu.
 
-If you do not configure this policy setting, the lock option is shown in the User Tile menu. Users can choose if they want to show the lock in the user tile menu from the Power Options control panel.
+If you don't configure this policy setting, the lock option is shown in the User Tile menu. Users can choose if they want to show the lock in the user tile menu from the Power Options control panel.
 
 
 
 ADMX Info:  
--   GP English name: *Show lock in the user tile menu*
+-   GP Friendly name: *Show lock in the user tile menu*
 -   GP name: *ShowLockOption*
 -   GP path: *File Explorer*
 -   GP ADMX file name: *WindowsExplorer.admx*
@@ -1611,7 +1304,7 @@ ADMX Info:
 
 
 Supported values:  
-- false - The lock option is not displayed in the User Tile menu.
+- false - The lock option isn't displayed in the User Tile menu.
 - true (default) - The lock option is displayed in the User Tile menu.
 
 
@@ -1624,16 +1317,5 @@ Supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-- 9 - Available in Windows 10, version 20H2.
 
 
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index 80e9be3716..549a130038 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -34,32 +34,14 @@ manager: dansimp
 **ExploitGuard/ExploitProtectionSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark3
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -81,7 +63,7 @@ The system settings require a reboot; the application settings do not require a
 
 
 ADMX Info:  
--   GP English name: *Use a common set of exploit protection settings*
+-   GP Friendly name: *Use a common set of exploit protection settings*
 -   GP name: *ExploitProtection_Name*
 -   GP element: *ExploitProtection_Name*
 -   GP path: *Windows Components/Windows Defender Exploit Guard/Exploit Protection*
@@ -118,15 +100,5 @@ Here is an example:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md
new file mode 100644
index 0000000000..b6ae2e95c6
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-feeds.md
@@ -0,0 +1,79 @@
+---
+title: Policy CSP - Feeds
+description: Use the Policy CSP - Feeds setting policy specifies whether news and interests is allowed on the device.
+ms.author: v-nsatapathy
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.localizationpriority: medium
+ms.date: 09/17/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - Feeds
+
+
+
                  
+
+
+## Feeds policies  
+
+
                  
+  
                  
+    Feeds/FeedsEnabled
+  
                  
+
                  
+
+
+
                  
+
+
+**Feeds/FeedsEnabled**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+
                  
+
+
+
+This policy setting specifies whether news and interests is allowed on the device.
+
+The values for this policy are 1 and 0. This policy defaults to 1.
+
+- 1 - Default - News and interests feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
+
+- 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Enable news and interests on the taskbar*
+-   GP name: *FeedsEnabled*
+-   GP path: *Windows Components\News and interests*
+-   GP ADMX file name: *Feeds.admx*
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index 58b2bf5175..3599a3ce1a 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -14,6 +14,12 @@ manager: dansimp
 
 # Policy CSP - FileExplorer
 
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 
                  
@@ -37,32 +43,14 @@ manager: dansimp
 **FileExplorer/TurnOffDataExecutionPreventionForExplorer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -80,16 +68,10 @@ manager: dansimp
 Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off Data Execution Prevention for Explorer*
+-   GP Friendly name: *Turn off Data Execution Prevention for Explorer*
 -   GP name: *NoDataExecutionPrevention*
 -   GP path: *File Explorer*
 -   GP ADMX file name: *Explorer.admx*
@@ -103,32 +85,14 @@ ADMX Info:
 **FileExplorer/TurnOffHeapTerminationOnCorruption**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -145,17 +109,9 @@ ADMX Info:
 
 Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later.
 
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
 
 ADMX Info:  
--   GP English name: *Turn off heap termination on corruption*
+-   GP Friendly name: *Turn off heap termination on corruption*
 -   GP name: *NoHeapTerminationOnCorruption*
 -   GP path: *File Explorer*
 -   GP ADMX file name: *Explorer.admx*
@@ -164,16 +120,5 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
index f62143e2a6..8f26e60ff4 100644
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -34,32 +34,14 @@ manager: dansimp
 **Games/AllowAdvancedGamingServices**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -87,16 +69,6 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md
index dea9168e36..c2b205ad92 100644
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -34,32 +34,14 @@ manager: dansimp
 **Handwriting/PanelDefaultModeDocked**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscross mark
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,18 +56,18 @@ manager: dansimp
 
 
 
-Added in Windows 10. version 1709. This policy allows an enterprise to configure the default mode for the handwriting panel.
+This policy allows an enterprise to configure the default mode for the handwriting panel.
 
-The handwriting panel has 2 modes - floats near the text box, or docked to the bottom of the screen. The default configuration to is floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen.
+The handwriting panel has two modes - floats near the text box, or docked to the bottom of the screen. The default configuration is the one floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen.
 
-In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and does not require any user interaction.
+In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and doesn't require any user interaction.
 
-The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way.
+The docked mode is especially useful in Kiosk mode where you don't expect the end-user to drag the flying-in panel out of the way.
 
 
 
 ADMX Info:  
--   GP English name: *Handwriting Panel Default Mode Docked*
+-   GP Friendly name: *Handwriting Panel Default Mode Docked*
 -   GP name: *PanelDefaultModeDocked*
 -   GP path: *Windows Components/Handwriting*
 -   GP ADMX file name: *Handwriting.admx*
@@ -101,16 +83,5 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md
new file mode 100644
index 0000000000..9ce283864c
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-humanpresence.md
@@ -0,0 +1,190 @@
+---
+title: Policy CSP - HumanPresence
+description: Use the Policy CSP - HumanPresence setting allows wake on approach and lock on leave that can be managed from MDM.
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.localizationpriority: medium
+ms.date: 09/27/2019
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - HumanPresence
+
+
+
+
                  
+
+
+## HumanPresence policies  
+
+
                  
+  
                  
+    HumanPresence/ForceInstantLock
+  
                  
+  
                  
+    HumanPresence/ForceInstantWake
+  
                  
+  
                  
+    HumanPresence/ForceLockTimeout
+  
                  
+
                  
+
+
+
                  
+
+
+**HumanPresence/ForceInstantLock**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy specifies whether the device can lock when a human presence sensor detects a human.
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Implements wake on approach and lock on leave that can be managed from MDM*
+-   GP name: *ForceInstantLock*
+-   GP path: *Windows Components/HumanPresence*
+-   GP ADMX file name: *HumanPresence.admx*
+
+
+
+The following list shows the supported values:
+
+- 2 = ForcedOff
+- 1 = ForcedOn
+- 0 = DefaultToUserChoice
+- Defaults to 0.
+
+
+
+
                  
+
+
+**HumanPresence/ForceInstantWake**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy specifies whether the device can lock when a human presence sensor detects a human.
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Implements wake on approach and lock on leave that can be managed from MDM*
+-   GP name: *ForceInstantWake*
+-   GP path: *Windows Components/HumanPresence*
+-   GP ADMX file name: *HumanPresence.admx*
+
+
+
+The following list shows the supported values:
+
+- 2 = ForcedOff
+- 1 = ForcedOn
+- 0 = DefaultToUserChoice
+- Defaults to 0.
+
+
+
+
                  
+
+
+**HumanPresence/ForceLockTimeout**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy specifies at what distance the sensor wakes up when it sees a human in seconds.
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Implements wake on approach and lock on leave that can be managed from MDM*
+-   GP name: *ForceLockTimeout*
+-   GP path: *Windows Components/HumanPresence*
+-   GP ADMX file name: *HumanPresence.admx*
+
+
+
+Integer value that specifies whether the device can lock when a human presence sensor detects a human.
+
+The following list shows the supported values:
+
+- 120 = 120 seconds
+- 30 = 30 seconds
+- 10 = 10 seconds
+- 0 = DefaultToUserChoice
+- Defaults to 0
+
+
+
+
                  
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index 5760215ef8..a4b2b54bee 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -212,6 +212,9 @@ manager: dansimp
   
                  
     InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains
   
                  
+  
                  
+    InternetExplorer/EnableExtendedIEModeHotkeys
+  
                  
   
                  
     InternetExplorer/IncludeAllLocalSites
   
                  
@@ -799,6 +802,12 @@ manager: dansimp
   
                  
 
                  
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -806,32 +815,14 @@ manager: dansimp
 **InternetExplorer/AddSearchProvider**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -854,16 +845,10 @@ If you enable this policy setting, the user can add and remove search providers,
 If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Add a specific list of search providers to the user's list of search providers*
+-   GP Friendly name: *Add a specific list of search providers to the user's list of search providers*
 -   GP name: *AddSearchProvider*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -877,32 +862,14 @@ ADMX Info:
 **InternetExplorer/AllowActiveXFiltering**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -925,16 +892,10 @@ If you enable this policy setting, ActiveX Filtering is enabled by default for t
 If you disable or do not configure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on ActiveX Filtering*
+-   GP Friendly name: *Turn on ActiveX Filtering*
 -   GP name: *TurnOnActiveXFiltering*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -948,32 +909,14 @@ ADMX Info:
 **InternetExplorer/AllowAddOnList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1002,16 +945,10 @@ Value - A number indicating whether Internet Explorer should deny or allow the a
 If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Add-on List*
+-   GP Friendly name: *Add-on List*
 -   GP name: *AddonManagement_AddOnList*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
 -   GP ADMX file name: *inetres.admx*
@@ -1025,32 +962,14 @@ ADMX Info:
 **InternetExplorer/AllowAutoComplete**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1074,16 +993,10 @@ If you disable this setting the user cannot change "User name and passwords on f
 If you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on the auto-complete feature for user names and passwords on forms*
+-   GP Friendly name: *Turn on the auto-complete feature for user names and passwords on forms*
 -   GP name: *RestrictFormSuggestPW*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -1097,32 +1010,14 @@ ADMX Info:
 **InternetExplorer/AllowCertificateAddressMismatchWarning**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1145,16 +1040,10 @@ If you enable this policy setting, the certificate address mismatch warning alwa
 If you disable or do not configure this policy setting, the user can choose whether the certificate address mismatch warning appears (by using the Advanced page in the Internet Control panel).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on certificate address mismatch warning*
+-   GP Friendly name: *Turn on certificate address mismatch warning*
 -   GP name: *IZ_PolicyWarnCertMismatch*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
@@ -1168,32 +1057,14 @@ ADMX Info:
 **InternetExplorer/AllowDeletingBrowsingHistoryOnExit**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1220,16 +1091,10 @@ If you do not configure this policy setting, it can be configured on the General
 If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting has no effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow deleting browsing history on exit*
+-   GP Friendly name: *Allow deleting browsing history on exit*
 -   GP name: *DBHDisableDeleteOnExit*
 -   GP path: *Windows Components/Internet Explorer/Delete Browsing History*
 -   GP ADMX file name: *inetres.admx*
@@ -1243,32 +1108,14 @@ ADMX Info:
 **InternetExplorer/AllowEnhancedProtectedMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1293,16 +1140,10 @@ If you disable this policy setting, Enhanced Protected Mode will be turned off.
 If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on Enhanced Protected Mode*
+-   GP Friendly name: *Turn on Enhanced Protected Mode*
 -   GP name: *Advanced_EnableEnhancedProtectedMode*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
@@ -1316,32 +1157,14 @@ ADMX Info:
 **InternetExplorer/AllowEnhancedSuggestionsInAddressBar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1366,16 +1189,10 @@ If you disable this policy setting, users do not receive enhanced suggestions wh
 If you do not configure this policy setting, users can change the Suggestions setting on the Settings charm.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar*
+-   GP Friendly name: *Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar*
 -   GP name: *AllowServicePoweredQSA*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -1400,32 +1217,14 @@ Supported values:
 **InternetExplorer/AllowEnterpriseModeFromToolsMenu**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1448,16 +1247,10 @@ If you turn this setting on, users can see and use the Enterprise Mode option fr
 If you disable or don't configure this policy setting, the menu option won't appear and users won't be able to run websites in Enterprise Mode.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Let users turn on and use Enterprise Mode from the Tools menu*
+-   GP Friendly name: *Let users turn on and use Enterprise Mode from the Tools menu*
 -   GP name: *EnterpriseModeEnable*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -1471,32 +1264,14 @@ ADMX Info:
 **InternetExplorer/AllowEnterpriseModeSiteList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1519,16 +1294,10 @@ If you enable this policy setting, Internet Explorer downloads the website list
 If you disable or don't configure this policy setting, Internet Explorer opens all websites using Standards mode.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Use the Enterprise Mode IE website list*
+-   GP Friendly name: *Use the Enterprise Mode IE website list*
 -   GP name: *EnterpriseModeSiteList*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -1542,32 +1311,14 @@ ADMX Info:
 **InternetExplorer/AllowFallbackToSSL3**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1591,16 +1342,10 @@ This policy does not affect which security protocols are enabled.
 If you disable this policy, system defaults will be used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow fallback to SSL 3.0 (Internet Explorer)*
+-   GP Friendly name: *Allow fallback to SSL 3.0 (Internet Explorer)*
 -   GP name: *Advanced_EnableSSL3Fallback*
 -   GP path: *Windows Components/Internet Explorer/Security Features*
 -   GP ADMX file name: *inetres.admx*
@@ -1614,32 +1359,14 @@ ADMX Info:
 **InternetExplorer/AllowInternetExplorer7PolicyList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1662,16 +1389,10 @@ If you enable this policy setting, the user can add and remove sites from the li
 If you disable or do not configure this policy setting, the user can add and remove sites from the list.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Use Policy List of Internet Explorer 7 sites*
+-   GP Friendly name: *Use Policy List of Internet Explorer 7 sites*
 -   GP name: *CompatView_UsePolicyList*
 -   GP path: *Windows Components/Internet Explorer/Compatibility View*
 -   GP ADMX file name: *inetres.admx*
@@ -1685,32 +1406,14 @@ ADMX Info:
 **InternetExplorer/AllowInternetExplorerStandardsMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1735,16 +1438,10 @@ If you disable this policy setting, Internet Explorer uses an Internet Explorer
 If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This option matches the default behavior of Internet Explorer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on Internet Explorer Standards Mode for local intranet*
+-   GP Friendly name: *Turn on Internet Explorer Standards Mode for local intranet*
 -   GP name: *CompatView_IntranetSites*
 -   GP path: *Windows Components/Internet Explorer/Compatibility View*
 -   GP ADMX file name: *inetres.admx*
@@ -1758,32 +1455,14 @@ ADMX Info:
 **InternetExplorer/AllowInternetZoneTemplate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1812,16 +1491,10 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
 Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Internet Zone Template*
+-   GP Friendly name: *Internet Zone Template*
 -   GP name: *IZ_PolicyInternetZoneTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
@@ -1835,32 +1508,14 @@ ADMX Info:
 **InternetExplorer/AllowIntranetZoneTemplate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1889,16 +1544,10 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
 Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Intranet Zone Template*
+-   GP Friendly name: *Intranet Zone Template*
 -   GP name: *IZ_PolicyIntranetZoneTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
@@ -1912,32 +1561,14 @@ ADMX Info:
 **InternetExplorer/AllowLocalMachineZoneTemplate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1966,16 +1597,10 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
 Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Local Machine Zone Template*
+-   GP Friendly name: *Local Machine Zone Template*
 -   GP name: *IZ_PolicyLocalMachineZoneTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
@@ -1989,32 +1614,14 @@ ADMX Info:
 **InternetExplorer/AllowLockedDownInternetZoneTemplate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2043,16 +1650,10 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
 Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Locked-Down Internet Zone Template*
+-   GP Friendly name: *Locked-Down Internet Zone Template*
 -   GP name: *IZ_PolicyInternetZoneLockdownTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
@@ -2066,32 +1667,14 @@ ADMX Info:
 **InternetExplorer/AllowLockedDownIntranetZoneTemplate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2120,16 +1703,10 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
 Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Locked-Down Intranet Zone Template*
+-   GP Friendly name: *Locked-Down Intranet Zone Template*
 -   GP name: *IZ_PolicyIntranetZoneLockdownTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
@@ -2143,32 +1720,14 @@ ADMX Info:
 **InternetExplorer/AllowLockedDownLocalMachineZoneTemplate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2197,16 +1756,10 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
 Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Locked-Down Local Machine Zone Template*
+-   GP Friendly name: *Locked-Down Local Machine Zone Template*
 -   GP name: *IZ_PolicyLocalMachineZoneLockdownTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
@@ -2220,32 +1773,14 @@ ADMX Info:
 **InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2274,16 +1809,10 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
 Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Locked-Down Restricted Sites Zone Template*
+-   GP Friendly name: *Locked-Down Restricted Sites Zone Template*
 -   GP name: *IZ_PolicyRestrictedSitesZoneLockdownTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
@@ -2297,32 +1826,14 @@ ADMX Info:
 **InternetExplorer/AllowOneWordEntry**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2345,16 +1856,10 @@ If you enable this policy setting, Internet Explorer goes directly to an intrane
 If you disable or do not configure this policy setting, Internet Explorer does not go directly to an intranet site for a one-word entry in the Address bar.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Go to an intranet site for a one-word entry in the Address bar*
+-   GP Friendly name: *Go to an intranet site for a one-word entry in the Address bar*
 -   GP name: *UseIntranetSiteForOneWordEntry*
 -   GP path: *Windows Components/Internet Explorer/Internet Settings/Advanced settings/Browsing*
 -   GP ADMX file name: *inetres.admx*
@@ -2368,32 +1873,14 @@ ADMX Info:
 **InternetExplorer/AllowSaveTargetAsInIEMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark7
                  Businesscheck mark7
                  Enterprisecheck mark7
                  Educationcheck mark7
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2417,16 +1904,10 @@ This policy setting allows the administrator to enable "Save Target As" context
 For more information, see [https://go.microsoft.com/fwlink/?linkid=2102115](/deployedge/edge-ie-mode-faq)
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow "Save Target As" in Internet Explorer mode*
+-   GP Friendly name: *Allow "Save Target As" in Internet Explorer mode*
 -   GP name: *AllowSaveTargetAsInIEMode*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -2450,32 +1931,14 @@ ADMX Info:
 **InternetExplorer/AllowSiteToZoneAssignmentList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2493,11 +1956,11 @@ ADMX Info:
 
 This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.
 
-Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)
+Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Medium template), Intranet zone (Medium-Low template), Internet zone (Medium-high template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)
 
 If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site.  For each entry that you add to the list, enter the following information:
 
-Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter  as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.
+Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter `` as the valuename, other protocols are not affected. If you enter just `www.contoso.com,` then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for `www.contoso.com` and `www.contoso.com/mail` would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.
 
 Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.
 
@@ -2509,16 +1972,10 @@ If you disable or do not configure this policy, users may choose their own site-
 The list is a set of pairs of strings. Each string is separated by F000. Each pair of strings is stored as a registry name and value. The registry name is the site and the value is an index. The index has to be sequential. See an example below.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Site to Zone Assignment List*
+-   GP Friendly name: *Site to Zone Assignment List*
 -   GP name: *IZ_Zonemaps*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
@@ -2545,8 +2002,8 @@ ADMX Info:
 ```
 
 Value and index pairs in the SyncML example:  
-- http://adfs.contoso.org 1
-- https://microsoft.com 2
+- `https://adfs.contoso.org 1`
+- `https://microsoft.com 2`
 
 
 
@@ -2557,32 +2014,14 @@ Value and index pairs in the SyncML example:
 **InternetExplorer/AllowSoftwareWhenSignatureIsInvalid**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2607,16 +2046,10 @@ If you disable this policy setting, users cannot run or install files with an in
 If you do not configure this policy, users can choose to run or install files with an invalid signature.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow software to run or install even if the signature is invalid*
+-   GP Friendly name: *Allow software to run or install even if the signature is invalid*
 -   GP name: *Advanced_InvalidSignatureBlock*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
@@ -2630,32 +2063,14 @@ ADMX Info:
 **InternetExplorer/AllowSuggestedSites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2680,16 +2095,10 @@ If you disable this policy setting, the entry points and functionality associate
 If you do not configure this policy setting, the user can turn on and turn off the Suggested Sites feature.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on Suggested Sites*
+-   GP Friendly name: *Turn on Suggested Sites*
 -   GP name: *EnableSuggestedSites*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -2703,32 +2112,14 @@ ADMX Info:
 **InternetExplorer/AllowTrustedSitesZoneTemplate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2757,16 +2148,10 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
 Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Trusted Sites Zone Template*
+-   GP Friendly name: *Trusted Sites Zone Template*
 -   GP name: *IZ_PolicyTrustedSitesZoneTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
@@ -2780,32 +2165,14 @@ ADMX Info:
 **InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2834,16 +2201,10 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
 Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Locked-Down Trusted Sites Zone Template*
+-   GP Friendly name: *Locked-Down Trusted Sites Zone Template*
 -   GP name: *IZ_PolicyTrustedSitesZoneLockdownTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
@@ -2857,32 +2218,14 @@ ADMX Info:
 **InternetExplorer/AllowsRestrictedSitesZoneTemplate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2911,16 +2254,10 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate
 Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Restricted Sites Zone Template*
+-   GP Friendly name: *Restricted Sites Zone Template*
 -   GP name: *IZ_PolicyRestrictedSitesZoneTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
@@ -2934,32 +2271,14 @@ ADMX Info:
 **InternetExplorer/CheckServerCertificateRevocation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2984,16 +2303,10 @@ If you disable this policy setting, Internet Explorer will not check server cert
 If you do not configure this policy setting, Internet Explorer will not check server certificates to see if they have been revoked.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Check for server certificate revocation*
+-   GP Friendly name: *Check for server certificate revocation*
 -   GP name: *Advanced_CertificateRevocation*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
@@ -3007,32 +2320,14 @@ ADMX Info:
 **InternetExplorer/CheckSignaturesOnDownloadedPrograms**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3057,16 +2352,10 @@ If you disable this policy setting, Internet Explorer will not check the digital
 If you do not configure this policy, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Check for signatures on downloaded programs*
+-   GP Friendly name: *Check for signatures on downloaded programs*
 -   GP name: *Advanced_DownloadSignatures*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
@@ -3079,32 +2368,14 @@ ADMX Info:
 **InternetExplorer/ConfigureEdgeRedirectChannel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark7
                  Businesscheck mark7
                  Enterprisecheck mark7
                  Educationcheck mark7
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3147,16 +2418,10 @@ If the Windows Update for the next version of Microsoft Edge* or Microsoft Edge
 > For more information about the Windows update for the next version of Microsoft Edge including how to disable it, see [https://go.microsoft.com/fwlink/?linkid=2102115](/deployedge/edge-ie-mode-faq). This update applies only to Windows 10 version 1709 and higher.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure which channel of Microsoft Edge to use for opening redirected sites*
+-   GP Friendly name: *Configure which channel of Microsoft Edge to use for opening redirected sites*
 -   GP name: *NeedEdgeBrowser*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -3372,32 +2637,14 @@ ADMX Info:
 **InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3424,16 +2671,10 @@ If you disable this policy setting, Internet Explorer will not require consisten
 If you do not configure this policy setting, Internet Explorer requires consistent MIME data for all received files.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Internet Explorer Processes*
+-   GP Friendly name: *Internet Explorer Processes*
 -   GP name: *IESF_PolicyExplorerProcesses_5*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Consistent Mime Handling*
 -   GP ADMX file name: *inetres.admx*
@@ -3447,32 +2688,14 @@ ADMX Info:
 **InternetExplorer/DisableActiveXVersionListAutoDownload**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3495,16 +2718,10 @@ This setting determines whether IE automatically downloads updated versions of M
 If you disable or do not configure this setting, IE continues to download updated versions of VersionList.XML.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off automatic download of the ActiveX VersionList*
+-   GP Friendly name: *Turn off automatic download of the ActiveX VersionList*
 -   GP name: *VersionListAutomaticDownloadDisable*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
 -   GP ADMX file name: *inetres.admx*
@@ -3529,32 +2746,14 @@ Supported values:
 **InternetExplorer/DisableAdobeFlash**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3579,16 +2778,10 @@ If you disable, or do not configure this policy setting, Flash is turned on for
 Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings, even if this policy setting is disabled, or not configured. However, if Adobe Flash is disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings and not through this policy setting, all applications that use Internet Explorer technology to instantiate Flash object can still do so. For more information, see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects*
+-   GP Friendly name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects*
 -   GP name: *DisableFlashInIE*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
 -   GP ADMX file name: *inetres.admx*
@@ -3602,32 +2795,14 @@ ADMX Info:
 **InternetExplorer/DisableBypassOfSmartScreenWarnings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3650,16 +2825,10 @@ If you enable this policy setting, Windows Defender SmartScreen warnings block t
 If you disable or do not configure this policy setting, the user can bypass Windows Defender SmartScreen warnings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent bypassing SmartScreen Filter warnings*
+-   GP Friendly name: *Prevent bypassing SmartScreen Filter warnings*
 -   GP name: *DisableSafetyFilterOverride*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -3673,32 +2842,14 @@ ADMX Info:
 **InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3721,16 +2872,10 @@ If you enable this policy setting, Windows Defender SmartScreen warnings block t
 If you disable or do not configure this policy setting, the user can bypass Windows Defender SmartScreen warnings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet*
+-   GP Friendly name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet*
 -   GP name: *DisableSafetyFilterOverrideForAppRepUnknown*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -3744,32 +2889,14 @@ ADMX Info:
 **InternetExplorer/DisableCompatView**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3792,16 +2919,10 @@ If you enable this policy setting, the user cannot use the Compatibility View bu
 If you disable or do not configure this policy setting, the user can use the Compatibility View button and manage the Compatibility View sites list.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off Compatibility View*
+-   GP Friendly name: *Turn off Compatibility View*
 -   GP name: *CompatView_DisableList*
 -   GP path: *Windows Components/Internet Explorer/Compatibility View*
 -   GP ADMX file name: *inetres.admx*
@@ -3826,32 +2947,14 @@ Supported values:
 **InternetExplorer/DisableConfiguringHistory**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3874,16 +2977,10 @@ If you enable this policy setting, a user cannot set the number of days that Int
 If you disable or do not configure this policy setting, a user can set the number of days that Internet Explorer tracks views of pages in the History list. Users can delete browsing history.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disable "Configuring History"*
+-   GP Friendly name: *Disable "Configuring History"*
 -   GP name: *RestrictHistory*
 -   GP path: *Windows Components/Internet Explorer/Delete Browsing History*
 -   GP ADMX file name: *inetres.admx*
@@ -3897,32 +2994,14 @@ ADMX Info:
 **InternetExplorer/DisableCrashDetection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3945,16 +3024,10 @@ If you enable this policy setting, a crash in Internet Explorer will exhibit beh
 If you disable or do not configure this policy setting, the crash detection feature for add-on management will be functional.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off Crash Detection*
+-   GP Friendly name: *Turn off Crash Detection*
 -   GP name: *AddonManagement_RestrictCrashDetection*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -3968,32 +3041,14 @@ ADMX Info:
 **InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4018,16 +3073,10 @@ If you disable this policy setting, the user must participate in the CEIP, and t
 If you do not configure this policy setting, the user can choose to participate in the CEIP.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent participation in the Customer Experience Improvement Program*
+-   GP Friendly name: *Prevent participation in the Customer Experience Improvement Program*
 -   GP name: *SQM_DisableCEIP*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -4041,32 +3090,14 @@ ADMX Info:
 **InternetExplorer/DisableDeletingUserVisitedWebsites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4093,16 +3124,10 @@ If you do not configure this policy setting, the user can choose whether to dele
 If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent deleting websites that the user has visited*
+-   GP Friendly name: *Prevent deleting websites that the user has visited*
 -   GP name: *DBHDisableDeleteHistory*
 -   GP path: *Windows Components/Internet Explorer/Delete Browsing History*
 -   GP ADMX file name: *inetres.admx*
@@ -4116,32 +3141,14 @@ ADMX Info:
 **InternetExplorer/DisableEnclosureDownloading**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4164,16 +3171,10 @@ If you enable this policy setting, the user cannot set the Feed Sync Engine to d
 If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent downloading of enclosures*
+-   GP Friendly name: *Prevent downloading of enclosures*
 -   GP name: *Disable_Downloading_of_Enclosures*
 -   GP path: *Windows Components/RSS Feeds*
 -   GP ADMX file name: *inetres.admx*
@@ -4187,32 +3188,14 @@ ADMX Info:
 **InternetExplorer/DisableEncryptionSupport**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4237,16 +3220,10 @@ If you disable or do not configure this policy setting, the user can select whic
 Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off encryption support*
+-   GP Friendly name: *Turn off encryption support*
 -   GP name: *Advanced_SetWinInetProtocols*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
@@ -4260,32 +3237,14 @@ ADMX Info:
 **InternetExplorer/DisableFeedsBackgroundSync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4308,16 +3267,10 @@ If you enable this policy setting, the ability to synchronize feeds and Web Slic
 If you disable or do not configure this policy setting, the user can synchronize feeds and Web Slices in the background.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off background synchronization for feeds and Web Slices*
+-   GP Friendly name: *Turn off background synchronization for feeds and Web Slices*
 -   GP name: *Disable_Background_Syncing*
 -   GP path: *Windows Components/RSS Feeds*
 -   GP ADMX file name: *inetres.admx*
@@ -4342,32 +3295,14 @@ Supported values:
 **InternetExplorer/DisableFirstRunWizard**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4394,16 +3329,10 @@ Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not avail
 If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent running First Run wizard*
+-   GP Friendly name: *Prevent running First Run wizard*
 -   GP name: *NoFirstRunCustomise*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -4417,32 +3346,14 @@ ADMX Info:
 **InternetExplorer/DisableFlipAheadFeature**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4469,16 +3380,10 @@ If you disable this policy setting, flip ahead with page prediction is turned on
 If you don't configure this setting, users can turn this behavior on or off, using the Settings charm.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off the flip ahead with page prediction feature*
+-   GP Friendly name: *Turn off the flip ahead with page prediction feature*
 -   GP name: *Advanced_DisableFlipAhead*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
@@ -4492,32 +3397,14 @@ ADMX Info:
 **InternetExplorer/DisableGeolocation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4542,16 +3429,10 @@ If you disable this policy setting, browser geolocation support is turned on.
 If you do not configure this policy setting, browser geolocation support can be turned on or off in Internet Options on the Privacy tab.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off browser geolocation*
+-   GP Friendly name: *Turn off browser geolocation*
 -   GP name: *GeolocationDisable*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -4576,32 +3457,14 @@ Supported values:
 **InternetExplorer/DisableHomePageChange**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4623,16 +3486,10 @@ If you enable this policy setting, a user cannot set a custom default home page.
 If you disable or do not configure this policy setting, the Home page box is enabled and users can choose their own home page.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disable changing home page settings*
+-   GP Friendly name: *Disable changing home page settings*
 -   GP name: *RestrictHomePage*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -4644,32 +3501,14 @@ ADMX Info:
 **InternetExplorer/DisableInternetExplorerApp**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark7
                  Businesscheck mark7
                  Enterprisecheck mark7
                  Educationcheck mark7
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4699,16 +3538,10 @@ If you disable, or do not configure this policy, all sites are opened using the
 > Microsoft Edge Stable Channel must be installed for this policy to take effect.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disable Internet Explorer 11 as a standalone browser*
+-   GP Friendly name: *Disable Internet Explorer 11 as a standalone browser*
 -   GP name: *DisableInternetExplorerApp*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -4740,32 +3573,14 @@ ADMX Info:
 **InternetExplorer/DisableIgnoringCertificateErrors**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4788,16 +3603,10 @@ If you enable this policy setting, the user cannot continue browsing.
 If you disable or do not configure this policy setting, the user can choose to ignore certificate errors and continue browsing.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent ignoring certificate errors*
+-   GP Friendly name: *Prevent ignoring certificate errors*
 -   GP name: *NoCertError*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel*
 -   GP ADMX file name: *inetres.admx*
@@ -4811,32 +3620,14 @@ ADMX Info:
 **InternetExplorer/DisableInPrivateBrowsing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4863,16 +3654,10 @@ If you disable this policy setting, InPrivate Browsing is available for use.
 If you do not configure this policy setting, InPrivate Browsing can be turned on or off through the registry.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off InPrivate Browsing*
+-   GP Friendly name: *Turn off InPrivate Browsing*
 -   GP name: *DisableInPrivateBrowsing*
 -   GP path: *Windows Components/Internet Explorer/Privacy*
 -   GP ADMX file name: *inetres.admx*
@@ -4886,32 +3671,14 @@ ADMX Info:
 **InternetExplorer/DisableProcessesInEnhancedProtectedMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4938,16 +3705,10 @@ If you disable this policy setting, Internet Explorer 11 will use 32-bit tab pro
 If you don't configure this policy setting, users can turn this feature on or off using Internet Explorer settings. This feature is turned off by default.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows*
+-   GP Friendly name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows*
 -   GP name: *Advanced_EnableEnhancedProtectedMode64Bit*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
@@ -4961,32 +3722,14 @@ ADMX Info:
 **InternetExplorer/DisableProxyChange**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5009,16 +3752,10 @@ If you enable this policy setting, the user will not be able to configure proxy
 If you disable or do not configure this policy setting, the user can configure proxy settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent changing proxy settings*
+-   GP Friendly name: *Prevent changing proxy settings*
 -   GP name: *RestrictProxy*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -5032,32 +3769,14 @@ ADMX Info:
 **InternetExplorer/DisableSearchProviderChange**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5080,16 +3799,10 @@ If you enable this policy setting, the user cannot change the default search pro
 If you disable or do not configure this policy setting, the user can change the default search provider.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent changing the default search provider*
+-   GP Friendly name: *Prevent changing the default search provider*
 -   GP name: *NoSearchProvider*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -5103,32 +3816,14 @@ ADMX Info:
 **InternetExplorer/DisableSecondaryHomePageChange**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5153,16 +3848,10 @@ If you disable or do not configure this policy setting, the user can add seconda
 Note: If the “Disable Changing Home Page Settings” policy is enabled, the user cannot add secondary home pages.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disable changing secondary home page settings*
+-   GP Friendly name: *Disable changing secondary home page settings*
 -   GP name: *SecondaryHomePages*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -5176,32 +3865,14 @@ ADMX Info:
 **InternetExplorer/DisableSecuritySettingsCheck**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5224,16 +3895,10 @@ If you enable this policy setting, the feature is turned off.
 If you disable or do not configure this policy setting, the feature is turned on.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off the Security Settings Check feature*
+-   GP Friendly name: *Turn off the Security Settings Check feature*
 -   GP name: *Disable_Security_Settings_Check*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -5247,32 +3912,14 @@ ADMX Info:
 **InternetExplorer/DisableUpdateCheck**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5296,16 +3943,10 @@ If you disable this policy or do not configure it, Internet Explorer checks ever
 This policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified about new versions of the browser.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disable Periodic Check for Internet Explorer software updates*
+-   GP Friendly name: *Disable Periodic Check for Internet Explorer software updates*
 -   GP name: *NoUpdateCheck*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -5319,32 +3960,14 @@ ADMX Info:
 **InternetExplorer/DisableWebAddressAutoComplete**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5369,16 +3992,10 @@ If you disable this policy setting, users are suggested matches when entering We
 If you do not configure this policy setting, users can choose to turn the auto-complete setting for web-addresses on or off.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off the auto-complete feature for web addresses*
+-   GP Friendly name: *Turn off the auto-complete feature for web addresses*
 -   GP name: *RestrictWebAddressSuggest*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -5403,32 +4020,14 @@ Supported values:
 **InternetExplorer/DoNotAllowActiveXControlsInProtectedMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5455,16 +4054,10 @@ If you enable this policy setting, Internet Explorer will not give the user the
 If you disable or do not configure this policy setting, Internet Explorer notifies users and provides an option to run websites with incompatible ActiveX controls in regular Protected Mode. This is the default behavior.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled*
+-   GP Friendly name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled*
 -   GP name: *Advanced_DisableEPMCompat*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
@@ -5478,32 +4071,14 @@ ADMX Info:
 **InternetExplorer/DoNotAllowUsersToAddSites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5531,16 +4106,10 @@ Note:  The "Disable the Security page" policy (located in \User Configuration\Ad
 Also, see the "Security zones: Use only machine settings" policy.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Security Zones: Do not allow users to add/delete sites*
+-   GP Friendly name: *Security Zones: Do not allow users to add/delete sites*
 -   GP name: *Security_zones_map_edit*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -5554,32 +4123,14 @@ ADMX Info:
 **InternetExplorer/DoNotAllowUsersToChangePolicies**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5607,16 +4158,10 @@ Note: The "Disable the Security page" policy (located in \User Configuration\Adm
 Also, see the "Security zones: Use only machine settings" policy.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Security Zones: Do not allow users to change policies*
+-   GP Friendly name: *Security Zones: Do not allow users to change policies*
 -   GP name: *Security_options_edit*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -5630,32 +4175,14 @@ ADMX Info:
 **InternetExplorer/DoNotBlockOutdatedActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5680,16 +4207,10 @@ If you disable or don't configure this policy setting, Internet Explorer continu
 For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer*
+-   GP Friendly name: *Turn off blocking of outdated ActiveX controls for Internet Explorer*
 -   GP name: *VerMgmtDisable*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
 -   GP ADMX file name: *inetres.admx*
@@ -5703,32 +4224,14 @@ ADMX Info:
 **InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5757,16 +4260,10 @@ If you disable or don't configure this policy setting, the list is deleted and I
 For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains*
+-   GP Friendly name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains*
 -   GP name: *VerMgmtDomainAllowlist*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
 -   GP ADMX file name: *inetres.admx*
@@ -5776,36 +4273,70 @@ ADMX Info:
 
 
                  
 
+
+**InternetExplorer/EnableExtendedIEModeHotkeys**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+
                  
+
+
+
+This policy setting lets admins enable extended Microsoft Edge Internet Explorer mode hotkeys, such as "Ctrl+S" to have "Save as" functionality.
+
+- If you enable this policy, extended hotkey functionality is enabled in Internet Explorer mode and work the same as Internet Explorer.
+
+- If you disable, or don't configure this policy, extended hotkeys will not work in Internet Explorer mode.
+
+
+
+The following list shows the supported values:
+
+-   0 (default) - Disabled.
+-   1 - Enabled.
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allows enterprises to provide their users with a single-browser experience*
+-   GP name: *EnableExtendedIEModeHotkeys*
+-   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
+-   GP ADMX file name: *inetres.admx*
+
+
+
+
+
                  
 
 **InternetExplorer/IncludeAllLocalSites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5830,16 +4361,10 @@ If you disable this policy setting, local sites which are not explicitly mapped
 If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Intranet Sites: Include all local (intranet) sites not listed in other zones*
+-   GP Friendly name: *Intranet Sites: Include all local (intranet) sites not listed in other zones*
 -   GP name: *IZ_IncludeUnspecifiedLocalSites*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
@@ -5853,32 +4378,14 @@ ADMX Info:
 **InternetExplorer/IncludeAllNetworkPaths**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5903,16 +4410,10 @@ If you disable this policy setting, network paths are not necessarily mapped int
 If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Intranet Sites: Include all network paths (UNCs)*
+-   GP Friendly name: *Intranet Sites: Include all network paths (UNCs)*
 -   GP name: *IZ_UNCAsIntranet*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
@@ -5926,32 +4427,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowAccessToDataSources**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5976,16 +4459,10 @@ If you disable this policy setting, users cannot load a page in the zone that us
 If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Access data sources across domains*
+-   GP Friendly name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -5999,32 +4476,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6049,16 +4508,10 @@ If you disable this policy setting, ActiveX control installations will be blocke
 If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for ActiveX controls*
+-   GP Friendly name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -6072,32 +4525,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6120,16 +4555,10 @@ If you enable this setting, users will receive a file download dialog for automa
 If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for file downloads*
+-   GP Friendly name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -6143,32 +4572,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowCopyPasteViaScript**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6195,16 +4606,10 @@ If you disable this policy setting, a script cannot perform a clipboard operatio
 If you do not configure this policy setting, a script can perform a clipboard operation.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow cut, copy or paste operations from the clipboard via script*
+-   GP Friendly name: *Allow cut, copy or paste operations from the clipboard via script*
 -   GP name: *IZ_PolicyAllowPasteViaScript_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -6218,32 +4623,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6268,16 +4655,10 @@ If you disable this policy setting, users are prevented from dragging files or c
 If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow drag and drop or copy and paste files*
+-   GP Friendly name: *Allow drag and drop or copy and paste files*
 -   GP name: *IZ_PolicyDropOrPasteFiles_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -6291,32 +4672,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowFontDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6341,16 +4704,10 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
 If you do not configure this policy setting, HTML fonts can be downloaded automatically.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow font downloads*
+-   GP Friendly name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -6364,32 +4721,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowLessPrivilegedSites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6414,16 +4753,10 @@ If you disable this policy setting, the possibly harmful navigations are prevent
 If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -6437,32 +4770,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6487,16 +4802,10 @@ If you disable this policy setting, XAML files are not loaded inside Internet Ex
 If you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow loading of XAML files*
+-   GP Friendly name: *Allow loading of XAML files*
 -   GP name: *IZ_Policy_XAML_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -6510,32 +4819,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6560,16 +4851,10 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
 If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -6583,32 +4868,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6631,16 +4898,10 @@ If you enable this policy setting, the user is prompted before ActiveX controls
 If you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow only approved domains to use ActiveX controls without prompt*
+-   GP Friendly name: *Allow only approved domains to use ActiveX controls without prompt*
 -   GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -6654,32 +4915,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6702,16 +4945,10 @@ If you enable this policy setting, the TDC ActiveX control will not run from web
 If you disable this policy setting, the TDC Active X control will run from all sites in this zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow only approved domains to use the TDC ActiveX control*
+-   GP Friendly name: *Allow only approved domains to use the TDC ActiveX control*
 -   GP name: *IZ_PolicyAllowTDCControl_Both_Internet*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -6725,32 +4962,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowScriptInitiatedWindows**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6775,16 +4994,10 @@ If you disable this policy setting, the possible harmful actions contained in sc
 If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow script-initiated windows without size or position constraints*
+-   GP Friendly name: *Allow script-initiated windows without size or position constraints*
 -   GP name: *IZ_PolicyWindowsRestrictionsURLaction_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -6798,32 +5011,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6848,16 +5043,10 @@ If you disable this policy setting, script access to the WebBrowser control is n
 If you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow scripting of Internet Explorer WebBrowser controls*
+-   GP Friendly name: *Allow scripting of Internet Explorer WebBrowser controls*
 -   GP name: *IZ_Policy_WebBrowserControl_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -6871,32 +5060,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowScriptlets**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6921,16 +5092,10 @@ If you disable this policy setting, the user cannot run scriptlets.
 If you do not configure this policy setting, the user can enable or disable scriptlets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow scriptlets*
+-   GP Friendly name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -6944,32 +5109,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowSmartScreenIE**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -6996,16 +5143,10 @@ If you do not configure this policy setting, the user can choose whether Windows
 Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on SmartScreen Filter scan*
+-   GP Friendly name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -7019,32 +5160,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7067,16 +5190,10 @@ If you enable this policy setting, script is allowed to update the status bar.
 If you disable or do not configure this policy setting, script is not allowed to update the status bar.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow updates to status bar via script*
+-   GP Friendly name: *Allow updates to status bar via script*
 -   GP name: *IZ_Policy_ScriptStatusBar_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -7090,32 +5207,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowUserDataPersistence**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7140,16 +5239,10 @@ If you disable this policy setting, users cannot preserve information in the bro
 If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Userdata persistence*
+-   GP Friendly name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -7163,32 +5256,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7215,16 +5290,10 @@ If you selected Disable in the drop-down box, VBScript is prevented from running
 If you do not configure or disable this policy setting, VBScript is prevented from running.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow VBScript to run in Internet Explorer*
+-   GP Friendly name: *Allow VBScript to run in Internet Explorer*
 -   GP name: *IZ_PolicyAllowVBScript_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -7238,32 +5307,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7288,16 +5339,10 @@ If you disable this policy setting, Internet Explorer always checks with your an
 If you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Don't run antimalware programs against ActiveX controls*
+-   GP Friendly name: *Don't run antimalware programs against ActiveX controls*
 -   GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -7311,32 +5356,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneDownloadSignedActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7361,16 +5388,10 @@ If you disable the policy setting, signed controls cannot be downloaded.
 If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted.  Code signed by trusted publishers is silently downloaded.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Download signed ActiveX controls*
+-   GP Friendly name: *Download signed ActiveX controls*
 -   GP name: *IZ_PolicyDownloadSignedActiveX_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -7384,32 +5405,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneDownloadUnsignedActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7434,16 +5437,10 @@ If you disable this policy setting, users cannot run unsigned controls.
 If you do not configure this policy setting, users cannot run unsigned controls.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Download unsigned ActiveX controls*
+-   GP Friendly name: *Download unsigned ActiveX controls*
 -   GP name: *IZ_PolicyDownloadUnsignedActiveX_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -7457,32 +5454,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7505,16 +5484,10 @@ If you enable this policy setting, the XSS Filter is turned on for sites in this
 If you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on Cross-Site Scripting Filter*
+-   GP Friendly name: *Turn on Cross-Site Scripting Filter*
 -   GP name: *IZ_PolicyTurnOnXSSFilter_Both_Internet*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -7528,32 +5501,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7580,16 +5535,10 @@ In Internet Explorer 10, if you disable this policy setting or do not configure
 In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enable dragging of content from different domains across windows*
+-   GP Friendly name: *Enable dragging of content from different domains across windows*
 -   GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -7603,32 +5552,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7655,16 +5586,10 @@ In Internet Explorer 10, if you disable this policy setting or do not configure
 In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enable dragging of content from different domains within a window*
+-   GP Friendly name: *Enable dragging of content from different domains within a window*
 -   GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -7678,32 +5603,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneEnableMIMESniffing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7728,16 +5635,10 @@ If you disable this policy setting, the actions that may be harmful cannot run;
 If you do not configure this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enable MIME Sniffing*
+-   GP Friendly name: *Enable MIME Sniffing*
 -   GP name: *IZ_PolicyMimeSniffingURLaction_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -7751,32 +5652,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneEnableProtectedMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7801,16 +5684,10 @@ If you disable this policy setting, Protected Mode is turned off. The user canno
 If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on Protected Mode*
+-   GP Friendly name: *Turn on Protected Mode*
 -   GP name: *IZ_Policy_TurnOnProtectedMode_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -7824,32 +5701,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7874,16 +5733,10 @@ If you disable this policy setting, path information is removed when the user is
 If you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Include local path when user is uploading files to a server*
+-   GP Friendly name: *Include local path when user is uploading files to a server*
 -   GP name: *IZ_Policy_LocalPathForUpload_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -7897,32 +5750,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneInitializeAndScriptActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -7949,16 +5784,10 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
 If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Initialize and script ActiveX controls not marked as safe*
+-   GP Friendly name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -7972,32 +5801,13 @@ ADMX Info:
 **InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Business
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|||
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8013,32 +5823,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneJavaPermissions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8069,16 +5861,10 @@ If you disable this policy setting, Java applets cannot run.
 If you do not configure this policy setting, the permission is set to High Safety.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Java permissions*
+-   GP Friendly name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -8092,32 +5878,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8142,16 +5910,10 @@ If you disable this policy setting, users are prevented from running application
 If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Launching applications and files in an IFRAME*
+-   GP Friendly name: *Launching applications and files in an IFRAME*
 -   GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -8165,32 +5927,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneLogonOptions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8223,16 +5967,10 @@ If you disable this policy setting, logon is set to Automatic logon only in Intr
 If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Logon options*
+-   GP Friendly name: *Logon options*
 -   GP name: *IZ_PolicyLogon_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -8246,32 +5984,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneNavigateWindowsAndFrames**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8296,16 +6016,10 @@ If you disable this policy setting, users cannot open windows and frames to acce
 If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Navigate windows and frames across different domains*
+-   GP Friendly name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -8319,32 +6033,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8369,16 +6065,10 @@ If you disable this policy setting, Internet Explorer will not execute signed ma
 If you do not configure this policy setting, Internet Explorer will execute signed managed components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Run .NET Framework-reliant components signed with Authenticode*
+-   GP Friendly name: *Run .NET Framework-reliant components signed with Authenticode*
 -   GP name: *IZ_PolicySignedFrameworkComponentsURLaction_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -8392,32 +6082,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8442,16 +6114,10 @@ If you disable this policy setting, these files do not open.
 If you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Show security warning for potentially unsafe files*
+-   GP Friendly name: *Show security warning for potentially unsafe files*
 -   GP name: *IZ_Policy_UnsafeFiles_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -8465,32 +6131,14 @@ ADMX Info:
 **InternetExplorer/InternetZoneUsePopupBlocker**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8515,16 +6163,10 @@ If you disable this policy setting, pop-up windows are not prevented from appear
 If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Use Pop-up Blocker*
+-   GP Friendly name: *Use Pop-up Blocker*
 -   GP name: *IZ_PolicyBlockPopupWindows_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -8538,32 +6180,14 @@ ADMX Info:
 **InternetExplorer/IntranetZoneAllowAccessToDataSources**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8588,16 +6212,10 @@ If you disable this policy setting, users cannot load a page in the zone that us
 If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Access data sources across domains*
+-   GP Friendly name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -8611,32 +6229,14 @@ ADMX Info:
 **InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8661,16 +6261,10 @@ If you disable this policy setting, ActiveX control installations will be blocke
 If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for ActiveX controls*
+-   GP Friendly name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -8684,32 +6278,14 @@ ADMX Info:
 **InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8732,16 +6308,10 @@ If you enable this setting, users will receive a file download dialog for automa
 If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for file downloads*
+-   GP Friendly name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -8755,32 +6325,14 @@ ADMX Info:
 **InternetExplorer/IntranetZoneAllowFontDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8805,16 +6357,10 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
 If you do not configure this policy setting, HTML fonts can be downloaded automatically.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow font downloads*
+-   GP Friendly name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -8828,32 +6374,14 @@ ADMX Info:
 **InternetExplorer/IntranetZoneAllowLessPrivilegedSites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8878,16 +6406,10 @@ If you disable this policy setting, the possibly harmful navigations are prevent
 If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -8901,32 +6423,14 @@ ADMX Info:
 **InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -8951,16 +6455,10 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
 If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -8974,32 +6472,14 @@ ADMX Info:
 **InternetExplorer/IntranetZoneAllowScriptlets**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9024,16 +6504,10 @@ If you disable this policy setting, the user cannot run scriptlets.
 If you do not configure this policy setting, the user can enable or disable scriptlets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow scriptlets*
+-   GP Friendly name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -9047,32 +6521,14 @@ ADMX Info:
 **InternetExplorer/IntranetZoneAllowSmartScreenIE**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9099,16 +6555,10 @@ If you do not configure this policy setting, the user can choose whether Windows
 Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on SmartScreen Filter scan*
+-   GP Friendly name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -9122,32 +6572,14 @@ ADMX Info:
 **InternetExplorer/IntranetZoneAllowUserDataPersistence**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9172,16 +6604,10 @@ If you disable this policy setting, users cannot preserve information in the bro
 If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Userdata persistence*
+-   GP Friendly name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -9195,32 +6621,14 @@ ADMX Info:
 **InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9245,16 +6653,10 @@ If you disable this policy setting, Internet Explorer always checks with your an
 If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Don't run antimalware programs against ActiveX controls*
+-   GP Friendly name: *Don't run antimalware programs against ActiveX controls*
 -   GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -9268,32 +6670,14 @@ ADMX Info:
 **InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9320,16 +6704,10 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
 If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Initialize and script ActiveX controls not marked as safe*
+-   GP Friendly name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -9343,32 +6721,14 @@ ADMX Info:
 **InternetExplorer/IntranetZoneJavaPermissions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9399,16 +6759,10 @@ If you disable this policy setting, Java applets cannot run.
 If you do not configure this policy setting, the permission is set to Medium Safety.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Java permissions*
+-   GP Friendly name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -9422,32 +6776,14 @@ ADMX Info:
 **InternetExplorer/IntranetZoneNavigateWindowsAndFrames**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9472,16 +6808,10 @@ If you disable this policy setting, users cannot open windows and frames to acce
 If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Navigate windows and frames across different domains*
+-   GP Friendly name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -9495,32 +6825,14 @@ ADMX Info:
 **InternetExplorer/KeepIntranetSitesInInternetExplorer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark7
                  Businesscheck mark7
                  Enterprisecheck mark7
                  Educationcheck mark7
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9553,16 +6865,10 @@ Related policies:
 For more information on how to use this policy together with other related policies to create the optimal configuration for your organization, see [https://go.microsoft.com/fwlink/?linkid=2094210.](/DeployEdge/edge-ie-mode-policies#configure-internet-explorer-integration)
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Keep all Intranet Sites in Internet Explorer*
+-   GP Friendly name: *Keep all Intranet Sites in Internet Explorer*
 -   GP name: *KeepIntranetSitesInInternetExplorer*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -9594,32 +6900,14 @@ ADMX Info:
 **InternetExplorer/LocalMachineZoneAllowAccessToDataSources**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9644,16 +6932,10 @@ If you disable this policy setting, users cannot load a page in the zone that us
 If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Access data sources across domains*
+-   GP Friendly name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -9667,32 +6949,14 @@ ADMX Info:
 **InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9717,16 +6981,10 @@ If you disable this policy setting, ActiveX control installations will be blocke
 If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for ActiveX controls*
+-   GP Friendly name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -9740,32 +6998,14 @@ ADMX Info:
 **InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9788,16 +7028,10 @@ If you enable this setting, users will receive a file download dialog for automa
 If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for file downloads*
+-   GP Friendly name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -9811,32 +7045,14 @@ ADMX Info:
 **InternetExplorer/LocalMachineZoneAllowFontDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9861,16 +7077,10 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
 If you do not configure this policy setting, HTML fonts can be downloaded automatically.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow font downloads*
+-   GP Friendly name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -9884,32 +7094,14 @@ ADMX Info:
 **InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -9934,16 +7126,10 @@ If you disable this policy setting, the possibly harmful navigations are prevent
 If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -9957,32 +7143,14 @@ ADMX Info:
 **InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -10007,16 +7175,10 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
 If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -10030,32 +7192,14 @@ ADMX Info:
 **InternetExplorer/LocalMachineZoneAllowScriptlets**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -10080,16 +7224,10 @@ If you disable this policy setting, the user cannot run scriptlets.
 If you do not configure this policy setting, the user can enable or disable scriptlets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow scriptlets*
+-   GP Friendly name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -10103,32 +7241,14 @@ ADMX Info:
 **InternetExplorer/LocalMachineZoneAllowSmartScreenIE**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -10155,16 +7275,10 @@ If you do not configure this policy setting, the user can choose whether Windows
 Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on SmartScreen Filter scan*
+-   GP Friendly name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -10178,32 +7292,14 @@ ADMX Info:
 **InternetExplorer/LocalMachineZoneAllowUserDataPersistence**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -10228,16 +7324,10 @@ If you disable this policy setting, users cannot preserve information in the bro
 If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Userdata persistence*
+-   GP Friendly name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -10251,32 +7341,14 @@ ADMX Info:
 **InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -10301,16 +7373,10 @@ If you disable this policy setting, Internet Explorer always checks with your an
 If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Don't run antimalware programs against ActiveX controls*
+-   GP Friendly name: *Don't run antimalware programs against ActiveX controls*
 -   GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -10324,32 +7390,14 @@ ADMX Info:
 **InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -10376,16 +7424,10 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
 If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Initialize and script ActiveX controls not marked as safe*
+-   GP Friendly name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -10399,32 +7441,14 @@ ADMX Info:
 **InternetExplorer/LocalMachineZoneJavaPermissions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -10455,16 +7479,10 @@ If you disable this policy setting, Java applets cannot run.
 If you do not configure this policy setting, the permission is set to Medium Safety.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Java permissions*
+-   GP Friendly name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -10478,32 +7496,14 @@ ADMX Info:
 **InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -10528,16 +7528,10 @@ If you disable this policy setting, users cannot open windows and frames to acce
 If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Navigate windows and frames across different domains*
+-   GP Friendly name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -10551,32 +7545,14 @@ ADMX Info:
 **InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -10601,16 +7577,10 @@ If you disable this policy setting, users cannot load a page in the zone that us
 If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Access data sources across domains*
+-   GP Friendly name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -10624,32 +7594,14 @@ ADMX Info:
 **InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -10674,16 +7626,10 @@ If you disable this policy setting, ActiveX control installations will be blocke
 If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for ActiveX controls*
+-   GP Friendly name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -10697,32 +7643,14 @@ ADMX Info:
 **InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -10745,16 +7673,10 @@ If you enable this setting, users will receive a file download dialog for automa
 If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for file downloads*
+-   GP Friendly name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -10768,32 +7690,14 @@ ADMX Info:
 **InternetExplorer/LockedDownInternetZoneAllowFontDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -10818,16 +7722,10 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
 If you do not configure this policy setting, HTML fonts can be downloaded automatically.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow font downloads*
+-   GP Friendly name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -10841,32 +7739,14 @@ ADMX Info:
 **InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -10891,16 +7771,10 @@ If you disable this policy setting, the possibly harmful navigations are prevent
 If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -10914,32 +7788,14 @@ ADMX Info:
 **InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -10964,16 +7820,10 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
 If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -10987,32 +7837,14 @@ ADMX Info:
 **InternetExplorer/LockedDownInternetZoneAllowScriptlets**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -11037,16 +7869,10 @@ If you disable this policy setting, the user cannot run scriptlets.
 If you do not configure this policy setting, the user can enable or disable scriptlets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow scriptlets*
+-   GP Friendly name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -11060,32 +7886,14 @@ ADMX Info:
 **InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -11112,16 +7920,10 @@ If you do not configure this policy setting, the user can choose whether Windows
 Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on SmartScreen Filter scan*
+-   GP Friendly name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -11135,32 +7937,14 @@ ADMX Info:
 **InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -11185,16 +7969,10 @@ If you disable this policy setting, users cannot preserve information in the bro
 If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Userdata persistence*
+-   GP Friendly name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -11208,32 +7986,14 @@ ADMX Info:
 **InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -11260,16 +8020,10 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
 If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Initialize and script ActiveX controls not marked as safe*
+-   GP Friendly name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -11283,32 +8037,14 @@ ADMX Info:
 **InternetExplorer/LockedDownInternetZoneJavaPermissions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -11339,16 +8075,10 @@ If you disable this policy setting, Java applets cannot run.
 If you do not configure this policy setting, Java applets are disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Java permissions*
+-   GP Friendly name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -11362,32 +8092,14 @@ ADMX Info:
 **InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -11412,16 +8124,10 @@ If you disable this policy setting, users cannot open windows and frames to acce
 If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Navigate windows and frames across different domains*
+-   GP Friendly name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -11435,32 +8141,14 @@ ADMX Info:
 **InternetExplorer/LockedDownIntranetJavaPermissions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -11491,16 +8179,10 @@ If you disable this policy setting, Java applets cannot run.
 If you do not configure this policy setting, Java applets are disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Java permissions*
+-   GP Friendly name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -11514,32 +8196,14 @@ ADMX Info:
 **InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -11564,16 +8228,10 @@ If you disable this policy setting, users cannot load a page in the zone that us
 If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Access data sources across domains*
+-   GP Friendly name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -11587,32 +8245,14 @@ ADMX Info:
 **InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -11637,16 +8277,10 @@ If you disable this policy setting, ActiveX control installations will be blocke
 If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for ActiveX controls*
+-   GP Friendly name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -11660,32 +8294,14 @@ ADMX Info:
 **InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -11708,16 +8324,10 @@ If you enable this setting, users will receive a file download dialog for automa
 If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for file downloads*
+-   GP Friendly name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -11731,32 +8341,14 @@ ADMX Info:
 **InternetExplorer/LockedDownIntranetZoneAllowFontDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -11781,16 +8373,10 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
 If you do not configure this policy setting, HTML fonts can be downloaded automatically.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow font downloads*
+-   GP Friendly name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -11804,32 +8390,14 @@ ADMX Info:
 **InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -11854,16 +8422,10 @@ If you disable this policy setting, the possibly harmful navigations are prevent
 If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -11877,32 +8439,14 @@ ADMX Info:
 **InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -11927,16 +8471,10 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
 If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -11950,32 +8488,14 @@ ADMX Info:
 **InternetExplorer/LockedDownIntranetZoneAllowScriptlets**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -12000,16 +8520,10 @@ If you disable this policy setting, the user cannot run scriptlets.
 If you do not configure this policy setting, the user can enable or disable scriptlets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow scriptlets*
+-   GP Friendly name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -12023,32 +8537,14 @@ ADMX Info:
 **InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -12075,16 +8571,10 @@ If you do not configure this policy setting, the user can choose whether Windows
 Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on SmartScreen Filter scan*
+-   GP Friendly name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -12098,32 +8588,14 @@ ADMX Info:
 **InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -12148,16 +8620,10 @@ If you disable this policy setting, users cannot preserve information in the bro
 If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Userdata persistence*
+-   GP Friendly name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -12171,32 +8637,14 @@ ADMX Info:
 **InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -12223,16 +8671,10 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
 If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Initialize and script ActiveX controls not marked as safe*
+-   GP Friendly name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -12246,32 +8688,14 @@ ADMX Info:
 **InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -12296,16 +8720,10 @@ If you disable this policy setting, users cannot open windows and frames to acce
 If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Navigate windows and frames across different domains*
+-   GP Friendly name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -12319,32 +8737,14 @@ ADMX Info:
 **InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -12369,16 +8769,10 @@ If you disable this policy setting, users cannot load a page in the zone that us
 If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Access data sources across domains*
+-   GP Friendly name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -12392,32 +8786,14 @@ ADMX Info:
 **InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -12442,16 +8818,10 @@ If you disable this policy setting, ActiveX control installations will be blocke
 If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for ActiveX controls*
+-   GP Friendly name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -12465,32 +8835,14 @@ ADMX Info:
 **InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -12513,16 +8865,10 @@ If you enable this setting, users will receive a file download dialog for automa
 If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for file downloads*
+-   GP Friendly name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -12536,32 +8882,14 @@ ADMX Info:
 **InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -12586,16 +8914,10 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
 If you do not configure this policy setting, HTML fonts can be downloaded automatically.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow font downloads*
+-   GP Friendly name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -12609,32 +8931,14 @@ ADMX Info:
 **InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -12659,16 +8963,10 @@ If you disable this policy setting, the possibly harmful navigations are prevent
 If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -12682,32 +8980,14 @@ ADMX Info:
 **InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -12732,16 +9012,10 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
 If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -12755,32 +9029,14 @@ ADMX Info:
 **InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -12805,16 +9061,10 @@ If you disable this policy setting, the user cannot run scriptlets.
 If you do not configure this policy setting, the user can enable or disable scriptlets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow scriptlets*
+-   GP Friendly name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -12828,32 +9078,14 @@ ADMX Info:
 **InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -12880,16 +9112,10 @@ If you do not configure this policy setting, the user can choose whether Windows
 Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on SmartScreen Filter scan*
+-   GP Friendly name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -12903,32 +9129,14 @@ ADMX Info:
 **InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -12953,16 +9161,10 @@ If you disable this policy setting, users cannot preserve information in the bro
 If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Userdata persistence*
+-   GP Friendly name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -12976,32 +9178,14 @@ ADMX Info:
 **InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -13028,16 +9212,10 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
 If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Initialize and script ActiveX controls not marked as safe*
+-   GP Friendly name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -13051,32 +9229,14 @@ ADMX Info:
 **InternetExplorer/LockedDownLocalMachineZoneJavaPermissions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -13107,16 +9267,10 @@ If you disable this policy setting, Java applets cannot run.
 If you do not configure this policy setting, Java applets are disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Java permissions*
+-   GP Friendly name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -13130,32 +9284,14 @@ ADMX Info:
 **InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -13180,16 +9316,10 @@ If you disable this policy setting, users cannot open windows and frames to acce
 If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Navigate windows and frames across different domains*
+-   GP Friendly name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -13203,32 +9333,14 @@ ADMX Info:
 **InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -13253,16 +9365,10 @@ If you disable this policy setting, users cannot load a page in the zone that us
 If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Access data sources across domains*
+-   GP Friendly name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -13276,32 +9382,14 @@ ADMX Info:
 **InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -13326,16 +9414,10 @@ If you disable this policy setting, ActiveX control installations will be blocke
 If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for ActiveX controls*
+-   GP Friendly name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -13349,32 +9431,14 @@ ADMX Info:
 **InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -13397,16 +9461,10 @@ If you enable this setting, users will receive a file download dialog for automa
 If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for file downloads*
+-   GP Friendly name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -13420,32 +9478,14 @@ ADMX Info:
 **InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -13470,16 +9510,10 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
 If you do not configure this policy setting, users are queried whether to allow HTML fonts to download.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow font downloads*
+-   GP Friendly name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -13493,32 +9527,14 @@ ADMX Info:
 **InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -13543,16 +9559,10 @@ If you disable this policy setting, the possibly harmful navigations are prevent
 If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -13566,32 +9576,14 @@ ADMX Info:
 **InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -13616,16 +9608,10 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
 If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -13639,32 +9625,14 @@ ADMX Info:
 **InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -13689,16 +9657,10 @@ If you disable this policy setting, the user cannot run scriptlets.
 If you do not configure this policy setting, the user can enable or disable scriptlets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow scriptlets*
+-   GP Friendly name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -13712,32 +9674,14 @@ ADMX Info:
 **InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -13764,16 +9708,10 @@ If you do not configure this policy setting, the user can choose whether Windows
 Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on SmartScreen Filter scan*
+-   GP Friendly name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -13787,32 +9725,14 @@ ADMX Info:
 **InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -13837,16 +9757,10 @@ If you disable this policy setting, users cannot preserve information in the bro
 If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Userdata persistence*
+-   GP Friendly name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -13860,32 +9774,14 @@ ADMX Info:
 **InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -13912,16 +9808,10 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
 If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Initialize and script ActiveX controls not marked as safe*
+-   GP Friendly name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -13935,32 +9825,14 @@ ADMX Info:
 **InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -13991,16 +9863,10 @@ If you disable this policy setting, Java applets cannot run.
 If you do not configure this policy setting, Java applets are disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Java permissions*
+-   GP Friendly name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -14014,32 +9880,14 @@ ADMX Info:
 **InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -14064,16 +9912,10 @@ If you disable this policy setting, users cannot open other windows and frames f
 If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Navigate windows and frames across different domains*
+-   GP Friendly name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -14087,32 +9929,14 @@ ADMX Info:
 **InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -14137,16 +9961,10 @@ If you disable this policy setting, users cannot load a page in the zone that us
 If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Access data sources across domains*
+-   GP Friendly name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -14160,32 +9978,14 @@ ADMX Info:
 **InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -14210,16 +10010,10 @@ If you disable this policy setting, ActiveX control installations will be blocke
 If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for ActiveX controls*
+-   GP Friendly name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -14233,32 +10027,14 @@ ADMX Info:
 **InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -14281,16 +10057,10 @@ If you enable this setting, users will receive a file download dialog for automa
 If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for file downloads*
+-   GP Friendly name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -14304,32 +10074,14 @@ ADMX Info:
 **InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -14354,16 +10106,10 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
 If you do not configure this policy setting, HTML fonts can be downloaded automatically.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow font downloads*
+-   GP Friendly name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -14377,32 +10123,14 @@ ADMX Info:
 **InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -14427,16 +10155,10 @@ If you disable this policy setting, the possibly harmful navigations are prevent
 If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -14450,32 +10172,14 @@ ADMX Info:
 **InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -14500,16 +10204,10 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
 If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -14523,32 +10221,14 @@ ADMX Info:
 **InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -14573,16 +10253,10 @@ If you disable this policy setting, the user cannot run scriptlets.
 If you do not configure this policy setting, the user can enable or disable scriptlets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow scriptlets*
+-   GP Friendly name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -14596,32 +10270,14 @@ ADMX Info:
 **InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -14648,16 +10304,10 @@ If you do not configure this policy setting, the user can choose whether Windows
 Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on SmartScreen Filter scan*
+-   GP Friendly name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -14671,32 +10321,14 @@ ADMX Info:
 **InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -14721,16 +10353,10 @@ If you disable this policy setting, users cannot preserve information in the bro
 If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Userdata persistence*
+-   GP Friendly name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -14744,32 +10370,14 @@ ADMX Info:
 **InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -14796,16 +10404,10 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
 If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Initialize and script ActiveX controls not marked as safe*
+-   GP Friendly name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -14819,32 +10421,14 @@ ADMX Info:
 **InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -14875,16 +10459,10 @@ If you disable this policy setting, Java applets cannot run.
 If you do not configure this policy setting, Java applets are disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Java permissions*
+-   GP Friendly name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -14898,32 +10476,14 @@ ADMX Info:
 **InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -14948,16 +10508,10 @@ If you disable this policy setting, users cannot open windows and frames to acce
 If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Navigate windows and frames across different domains*
+-   GP Friendly name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -14971,32 +10525,14 @@ ADMX Info:
 **InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -15021,16 +10557,10 @@ If you disable this policy setting, applications can use the MK protocol API. Re
 If you do not configure this policy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Internet Explorer Processes*
+-   GP Friendly name: *Internet Explorer Processes*
 -   GP name: *IESF_PolicyExplorerProcesses_3*
 -   GP path: *Windows Components/Internet Explorer/Security Features/MK Protocol Security Restriction*
 -   GP ADMX file name: *inetres.admx*
@@ -15044,32 +10574,14 @@ ADMX Info:
 **InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -15094,16 +10606,10 @@ If you disable this policy setting, Internet Explorer processes will allow a MIM
 If you do not configure this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Internet Explorer Processes*
+-   GP Friendly name: *Internet Explorer Processes*
 -   GP name: *IESF_PolicyExplorerProcesses_6*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Mime Sniffing Safety Feature*
 -   GP ADMX file name: *inetres.admx*
@@ -15117,32 +10623,14 @@ ADMX Info:
 **InternetExplorer/NewTabDefaultPage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -15165,16 +10653,10 @@ If you enable this policy setting, you can choose which page to display when the
 If you disable or do not configure this policy setting, users can select their preference for this behavior.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify default behavior for a new tab*
+-   GP Friendly name: *Specify default behavior for a new tab*
 -   GP name: *NewTabAction*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -15202,32 +10684,14 @@ Supported values:
 **InternetExplorer/NotificationBarInternetExplorerProcesses**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -15252,16 +10716,10 @@ If you disable this policy setting, the Notification bar will not be displayed f
 If you do not configure this policy setting, the Notification bar will be displayed for Internet Explorer Processes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Internet Explorer Processes*
+-   GP Friendly name: *Internet Explorer Processes*
 -   GP name: *IESF_PolicyExplorerProcesses_10*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Notification bar*
 -   GP ADMX file name: *inetres.admx*
@@ -15275,32 +10733,14 @@ ADMX Info:
 **InternetExplorer/PreventManagingSmartScreenFilter**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -15323,16 +10763,10 @@ If you enable this policy setting, the user is not prompted to turn on Windows D
 If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on Windows Defender SmartScreen during the first-run experience.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent managing SmartScreen Filter*
+-   GP Friendly name: *Prevent managing SmartScreen Filter*
 -   GP name: *Disable_Managing_Safety_Filter_IE9*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -15346,32 +10780,14 @@ ADMX Info:
 **InternetExplorer/PreventPerUserInstallationOfActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -15394,16 +10810,10 @@ If you enable this policy setting, ActiveX controls cannot be installed on a per
 If you disable or do not configure this policy setting, ActiveX controls can be installed on a per-user basis.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Prevent per-user installation of ActiveX controls*
+-   GP Friendly name: *Prevent per-user installation of ActiveX controls*
 -   GP name: *DisablePerUserActiveXInstall*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -15417,32 +10827,14 @@ ADMX Info:
 **InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -15467,16 +10859,10 @@ If you disable this policy setting, no zone receives such protection for Interne
 If you do not configure this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Internet Explorer Processes*
+-   GP Friendly name: *Internet Explorer Processes*
 -   GP name: *IESF_PolicyExplorerProcesses_9*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Protection From Zone Elevation*
 -   GP ADMX file name: *inetres.admx*
@@ -15490,32 +10876,14 @@ ADMX Info:
 **InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -15540,16 +10908,10 @@ If you disable or don't configure this policy setting, users will see the "Run t
 For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer*
+-   GP Friendly name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer*
 -   GP name: *VerMgmtDisableRunThisTime*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
 -   GP ADMX file name: *inetres.admx*
@@ -15563,32 +10925,14 @@ ADMX Info:
 **InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -15613,16 +10957,10 @@ If you disable this policy setting, prompting for ActiveX control installations
 If you do not configure this policy setting, the user's preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Internet Explorer Processes*
+-   GP Friendly name: *Internet Explorer Processes*
 -   GP name: *IESF_PolicyExplorerProcesses_11*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Restrict ActiveX Install*
 -   GP ADMX file name: *inetres.admx*
@@ -15636,32 +10974,14 @@ ADMX Info:
 **InternetExplorer/RestrictFileDownloadInternetExplorerProcesses**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -15686,16 +11006,10 @@ If you disable this policy setting, prompting will occur for file downloads that
 If you do not configure this policy setting, the user's preference determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Internet Explorer Processes*
+-   GP Friendly name: *Internet Explorer Processes*
 -   GP name: *IESF_PolicyExplorerProcesses_12*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Restrict File Download*
 -   GP ADMX file name: *inetres.admx*
@@ -15709,32 +11023,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -15759,16 +11055,10 @@ If you disable this policy setting, users cannot load a page in the zone that us
 If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Access data sources across domains*
+-   GP Friendly name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -15782,32 +11072,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowActiveScripting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -15832,16 +11104,10 @@ If you disable this policy setting, script code on pages in the zone is prevente
 If you do not configure this policy setting, script code on pages in the zone is prevented from running.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow active scripting*
+-   GP Friendly name: *Allow active scripting*
 -   GP name: *IZ_PolicyActiveScripting_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -15855,32 +11121,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -15905,16 +11153,10 @@ If you disable this policy setting, ActiveX control installations will be blocke
 If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for ActiveX controls*
+-   GP Friendly name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -15928,32 +11170,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -15976,16 +11200,10 @@ If you enable this setting, users will receive a file download dialog for automa
 If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for file downloads*
+-   GP Friendly name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -15999,32 +11217,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -16049,16 +11249,10 @@ If you disable this policy setting, binary and script behaviors are not availabl
 If you do not configure this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow binary and script behaviors*
+-   GP Friendly name: *Allow binary and script behaviors*
 -   GP name: *IZ_PolicyBinaryBehaviors_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -16072,32 +11266,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -16124,16 +11300,10 @@ If you disable this policy setting, a script cannot perform a clipboard operatio
 If you do not configure this policy setting, a script cannot perform a clipboard operation.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow cut, copy or paste operations from the clipboard via script*
+-   GP Friendly name: *Allow cut, copy or paste operations from the clipboard via script*
 -   GP name: *IZ_PolicyAllowPasteViaScript_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -16147,32 +11317,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -16197,16 +11349,10 @@ If you disable this policy setting, users are prevented from dragging files or c
 If you do not configure this policy setting, users are queried to choose whether to drag or copy files from this zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow drag and drop or copy and paste files*
+-   GP Friendly name: *Allow drag and drop or copy and paste files*
 -   GP name: *IZ_PolicyDropOrPasteFiles_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -16220,32 +11366,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowFileDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -16270,16 +11398,10 @@ If you disable this policy setting, files are prevented from being downloaded fr
 If you do not configure this policy setting, files are prevented from being downloaded from the zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow file downloads*
+-   GP Friendly name: *Allow file downloads*
 -   GP name: *IZ_PolicyFileDownload_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -16293,32 +11415,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowFontDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -16343,16 +11447,10 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
 If you do not configure this policy setting, users are queried whether to allow HTML fonts to download.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow font downloads*
+-   GP Friendly name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -16366,32 +11464,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -16416,16 +11496,10 @@ If you disable this policy setting, the possibly harmful navigations are prevent
 If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -16439,32 +11513,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -16489,16 +11545,10 @@ If you disable this policy setting, XAML files are not loaded inside Internet Ex
 If you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow loading of XAML files*
+-   GP Friendly name: *Allow loading of XAML files*
 -   GP name: *IZ_Policy_XAML_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -16512,32 +11562,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -16562,16 +11594,10 @@ If you disable this policy setting, a user's browser that loads a page containin
 If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow META REFRESH*
+-   GP Friendly name: *Allow META REFRESH*
 -   GP name: *IZ_PolicyAllowMETAREFRESH_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -16585,32 +11611,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -16635,16 +11643,10 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
 If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -16658,32 +11660,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -16706,16 +11690,10 @@ If you enable this policy setting, the user is prompted before ActiveX controls
 If you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow only approved domains to use ActiveX controls without prompt*
+-   GP Friendly name: *Allow only approved domains to use ActiveX controls without prompt*
 -   GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -16729,32 +11707,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -16777,16 +11737,10 @@ If you enable this policy setting, the TDC ActiveX control will not run from web
 If you disable this policy setting, the TDC Active X control will run from all sites in this zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow only approved domains to use the TDC ActiveX control*
+-   GP Friendly name: *Allow only approved domains to use the TDC ActiveX control*
 -   GP name: *IZ_PolicyAllowTDCControl_Both_Restricted*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -16800,32 +11754,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -16850,16 +11786,10 @@ If you disable this policy setting, the possible harmful actions contained in sc
 If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow script-initiated windows without size or position constraints*
+-   GP Friendly name: *Allow script-initiated windows without size or position constraints*
 -   GP name: *IZ_PolicyWindowsRestrictionsURLaction_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -16873,32 +11803,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -16923,16 +11835,10 @@ If you disable this policy setting, script access to the WebBrowser control is n
 If you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow scripting of Internet Explorer WebBrowser controls*
+-   GP Friendly name: *Allow scripting of Internet Explorer WebBrowser controls*
 -   GP name: *IZ_Policy_WebBrowserControl_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -16946,32 +11852,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowScriptlets**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -16996,16 +11884,10 @@ If you disable this policy setting, the user cannot run scriptlets.
 If you do not configure this policy setting, the user can enable or disable scriptlets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow scriptlets*
+-   GP Friendly name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -17019,32 +11901,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -17071,16 +11935,10 @@ If you do not configure this policy setting, the user can choose whether Windows
 Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on SmartScreen Filter scan*
+-   GP Friendly name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -17094,32 +11952,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -17142,16 +11982,10 @@ If you enable this policy setting, script is allowed to update the status bar.
 If you disable or do not configure this policy setting, script is not allowed to update the status bar.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow updates to status bar via script*
+-   GP Friendly name: *Allow updates to status bar via script*
 -   GP name: *IZ_Policy_ScriptStatusBar_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -17165,32 +11999,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -17215,16 +12031,10 @@ If you disable this policy setting, users cannot preserve information in the bro
 If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Userdata persistence*
+-   GP Friendly name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -17238,32 +12048,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -17290,16 +12082,10 @@ If you selected Disable in the drop-down box, VBScript is prevented from running
 If you do not configure or disable this policy setting, VBScript is prevented from running.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow VBScript to run in Internet Explorer*
+-   GP Friendly name: *Allow VBScript to run in Internet Explorer*
 -   GP name: *IZ_PolicyAllowVBScript_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -17313,32 +12099,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -17363,16 +12131,10 @@ If you disable this policy setting, Internet Explorer always checks with your an
 If you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Don't run antimalware programs against ActiveX controls*
+-   GP Friendly name: *Don't run antimalware programs against ActiveX controls*
 -   GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -17386,32 +12148,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -17436,16 +12180,10 @@ If you disable the policy setting, signed controls cannot be downloaded.
 If you do not configure this policy setting, signed controls cannot be downloaded.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Download signed ActiveX controls*
+-   GP Friendly name: *Download signed ActiveX controls*
 -   GP name: *IZ_PolicyDownloadSignedActiveX_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -17459,32 +12197,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -17509,16 +12229,10 @@ If you disable this policy setting, users cannot run unsigned controls.
 If you do not configure this policy setting, users cannot run unsigned controls.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Download unsigned ActiveX controls*
+-   GP Friendly name: *Download unsigned ActiveX controls*
 -   GP name: *IZ_PolicyDownloadUnsignedActiveX_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -17532,32 +12246,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -17580,16 +12276,10 @@ If you enable this policy setting, the XSS Filter is turned on for sites in this
 If you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on Cross-Site Scripting Filter*
+-   GP Friendly name: *Turn on Cross-Site Scripting Filter*
 -   GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -17603,32 +12293,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -17655,16 +12327,10 @@ In Internet Explorer 10, if you disable this policy setting or do not configure
 In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enable dragging of content from different domains across windows*
+-   GP Friendly name: *Enable dragging of content from different domains across windows*
 -   GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -17678,32 +12344,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -17730,16 +12378,10 @@ In Internet Explorer 10, if you disable this policy setting or do not configure
 In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enable dragging of content from different domains within a window*
+-   GP Friendly name: *Enable dragging of content from different domains within a window*
 -   GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -17753,32 +12395,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneEnableMIMESniffing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -17803,16 +12427,10 @@ If you disable this policy setting, the actions that may be harmful cannot run;
 If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enable MIME Sniffing*
+-   GP Friendly name: *Enable MIME Sniffing*
 -   GP name: *IZ_PolicyMimeSniffingURLaction_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -17826,32 +12444,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -17876,16 +12476,10 @@ If you disable this policy setting, path information is removed when the user is
 If you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Include local path when user is uploading files to a server*
+-   GP Friendly name: *Include local path when user is uploading files to a server*
 -   GP name: *IZ_Policy_LocalPathForUpload_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -17899,32 +12493,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -17951,16 +12527,10 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
 If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Initialize and script ActiveX controls not marked as safe*
+-   GP Friendly name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -17974,32 +12544,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneJavaPermissions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -18030,16 +12582,10 @@ If you disable this policy setting, Java applets cannot run.
 If you do not configure this policy setting, Java applets are disabled.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Java permissions*
+-   GP Friendly name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -18053,32 +12599,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -18103,16 +12631,10 @@ If you disable this policy setting, users are prevented from running application
 If you do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Launching applications and files in an IFRAME*
+-   GP Friendly name: *Launching applications and files in an IFRAME*
 -   GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -18126,32 +12648,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneLogonOptions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -18184,16 +12688,10 @@ If you disable this policy setting, logon is set to Automatic logon only in Intr
 If you do not configure this policy setting, logon is set to Prompt for username and password.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Logon options*
+-   GP Friendly name: *Logon options*
 -   GP name: *IZ_PolicyLogon_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -18207,32 +12705,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -18257,16 +12737,10 @@ If you disable this policy setting, users cannot open other windows and frames f
 If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Navigate windows and frames across different domains*
+-   GP Friendly name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -18280,32 +12754,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -18332,16 +12788,10 @@ If you disable this policy setting, controls and plug-ins are prevented from run
 If you do not configure this policy setting, controls and plug-ins are prevented from running.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Run ActiveX controls and plugins*
+-   GP Friendly name: *Run ActiveX controls and plugins*
 -   GP name: *IZ_PolicyRunActiveXControls_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -18355,32 +12805,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -18405,16 +12837,10 @@ If you disable this policy setting, Internet Explorer will not execute signed ma
 If you do not configure this policy setting, Internet Explorer will not execute signed managed components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Run .NET Framework-reliant components signed with Authenticode*
+-   GP Friendly name: *Run .NET Framework-reliant components signed with Authenticode*
 -   GP name: *IZ_PolicySignedFrameworkComponentsURLaction_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -18428,32 +12854,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -18480,16 +12888,10 @@ If you disable this policy setting, script interaction is prevented from occurri
 If you do not configure this policy setting, script interaction is prevented from occurring.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Script ActiveX controls marked safe for scripting*
+-   GP Friendly name: *Script ActiveX controls marked safe for scripting*
 -   GP name: *IZ_PolicyScriptActiveXMarkedSafe_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -18503,32 +12905,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -18555,16 +12939,10 @@ If you disable this policy setting, scripts are prevented from accessing applets
 If you do not configure this policy setting, scripts are prevented from accessing applets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Scripting of Java applets*
+-   GP Friendly name: *Scripting of Java applets*
 -   GP name: *IZ_PolicyScriptingOfJavaApplets_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -18578,32 +12956,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -18628,16 +12988,10 @@ If you disable this policy setting, these files do not open.
 If you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Show security warning for potentially unsafe files*
+-   GP Friendly name: *Show security warning for potentially unsafe files*
 -   GP name: *IZ_Policy_UnsafeFiles_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -18651,32 +13005,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -18701,16 +13037,10 @@ If you disable this policy setting, Protected Mode is turned off. The user canno
 If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on Protected Mode*
+-   GP Friendly name: *Turn on Protected Mode*
 -   GP name: *IZ_Policy_TurnOnProtectedMode_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -18724,32 +13054,14 @@ ADMX Info:
 **InternetExplorer/RestrictedSitesZoneUsePopupBlocker**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -18774,16 +13086,10 @@ If you disable this policy setting, pop-up windows are not prevented from appear
 If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Use Pop-up Blocker*
+-   GP Friendly name: *Use Pop-up Blocker*
 -   GP name: *IZ_PolicyBlockPopupWindows_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -18797,32 +13103,14 @@ ADMX Info:
 **InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -18847,16 +13135,10 @@ If you disable this policy setting, scripts can continue to create popup windows
 If you do not configure this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Internet Explorer Processes*
+-   GP Friendly name: *Internet Explorer Processes*
 -   GP name: *IESF_PolicyExplorerProcesses_8*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Scripted Window Security Restrictions*
 -   GP ADMX file name: *inetres.admx*
@@ -18870,32 +13152,14 @@ ADMX Info:
 **InternetExplorer/SearchProviderList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -18918,16 +13182,10 @@ If you enable this policy setting, the user cannot configure the list of search
 If you disable or do not configure this policy setting, the user can configure his or her list of search providers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Restrict search providers to a specific list*
+-   GP Friendly name: *Restrict search providers to a specific list*
 -   GP name: *SpecificSearchProvider*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -18941,32 +13199,14 @@ ADMX Info:
 **InternetExplorer/SecurityZonesUseOnlyMachineSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -18992,16 +13232,10 @@ This policy is intended to ensure that security zone settings apply uniformly to
 Also, see the "Security zones: Do not allow users to change policies" policy.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Security Zones: Use only machine settings*
+-   GP Friendly name: *Security Zones: Use only machine settings*
 -   GP name: *Security_HKLM_only*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -19015,32 +13249,14 @@ ADMX Info:
 **InternetExplorer/SendSitesNotInEnterpriseSiteListToEdge**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark7
                  Businesscheck mark7
                  Enterprisecheck mark7
                  Educationcheck mark7
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -19066,16 +13282,10 @@ If you disable, or not configure this setting, then it opens all sites based on
 > If you have also enabled the [InternetExplorer/SendIntranetTraffictoInternetExplorer](#internetexplorer-policies) policy setting, then all intranet sites will continue to open in Internet Explorer 11.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Send all sites not included in the Enterprise Mode Site List to Microsoft Edge*
+-   GP Friendly name: *Send all sites not included in the Enterprise Mode Site List to Microsoft Edge*
 -   GP name: *RestrictInternetExplorer*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -19109,32 +13319,14 @@ ADMX Info:
 **InternetExplorer/SpecifyUseOfActiveXInstallerService**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -19157,16 +13349,10 @@ If you enable this policy setting, ActiveX controls are installed only if the Ac
 If you disable or do not configure this policy setting, ActiveX controls, including per-user controls, are installed through the standard installation process.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify use of ActiveX Installer Service for installation of ActiveX controls*
+-   GP Friendly name: *Specify use of ActiveX Installer Service for installation of ActiveX controls*
 -   GP name: *OnlyUseAXISForActiveXInstall*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
@@ -19180,32 +13366,14 @@ ADMX Info:
 **InternetExplorer/TrustedSitesZoneAllowAccessToDataSources**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -19230,16 +13398,10 @@ If you disable this policy setting, users cannot load a page in the zone that us
 If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Access data sources across domains*
+-   GP Friendly name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -19253,32 +13415,14 @@ ADMX Info:
 **InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -19303,16 +13447,10 @@ If you disable this policy setting, ActiveX control installations will be blocke
 If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for ActiveX controls*
+-   GP Friendly name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -19326,32 +13464,14 @@ ADMX Info:
 **InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -19374,16 +13494,10 @@ If you enable this setting, users will receive a file download dialog for automa
 If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Automatic prompting for file downloads*
+-   GP Friendly name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -19397,32 +13511,14 @@ ADMX Info:
 **InternetExplorer/TrustedSitesZoneAllowFontDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -19447,16 +13543,10 @@ If you disable this policy setting, HTML fonts are prevented from downloading.
 If you do not configure this policy setting, HTML fonts can be downloaded automatically.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow font downloads*
+-   GP Friendly name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -19470,32 +13560,14 @@ ADMX Info:
 **InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -19520,16 +13592,10 @@ If you disable this policy setting, the possibly harmful navigations are prevent
 If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -19543,32 +13609,14 @@ ADMX Info:
 **InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -19593,16 +13641,10 @@ If you disable this policy setting, Internet Explorer will not execute unsigned
 If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -19616,32 +13658,14 @@ ADMX Info:
 **InternetExplorer/TrustedSitesZoneAllowScriptlets**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -19666,16 +13690,10 @@ If you disable this policy setting, the user cannot run scriptlets.
 If you do not configure this policy setting, the user can enable or disable scriptlets.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow scriptlets*
+-   GP Friendly name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -19689,32 +13707,14 @@ ADMX Info:
 **InternetExplorer/TrustedSitesZoneAllowSmartScreenIE**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -19741,16 +13741,10 @@ If you do not configure this policy setting, the user can choose whether Windows
 Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on SmartScreen Filter scan*
+-   GP Friendly name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -19764,32 +13758,14 @@ ADMX Info:
 **InternetExplorer/TrustedSitesZoneAllowUserDataPersistence**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -19814,16 +13790,10 @@ If you disable this policy setting, users cannot preserve information in the bro
 If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Userdata persistence*
+-   GP Friendly name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -19837,32 +13807,14 @@ ADMX Info:
 **InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -19887,16 +13839,10 @@ If you disable this policy setting, Internet Explorer always checks with your an
 If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Don't run antimalware programs against ActiveX controls*
+-   GP Friendly name: *Don't run antimalware programs against ActiveX controls*
 -   GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -19910,32 +13856,14 @@ ADMX Info:
 **InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -19962,16 +13890,10 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar
 If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Initialize and script ActiveX controls not marked as safe*
+-   GP Friendly name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -19985,32 +13907,14 @@ ADMX Info:
 **InternetExplorer/TrustedSitesZoneJavaPermissions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -20041,16 +13945,10 @@ If you disable this policy setting, Java applets cannot run.
 If you do not configure this policy setting, the permission is set to Low Safety.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Java permissions*
+-   GP Friendly name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -20064,32 +13962,14 @@ ADMX Info:
 **InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -20114,16 +13994,10 @@ If you disable this policy setting, users cannot open windows and frames to acce
 If you do not configure this policy setting, users can open windows and frames from other domains and access applications from other domains.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Navigate windows and frames across different domains*
+-   GP Friendly name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
@@ -20132,15 +14006,4 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
-
\ No newline at end of file
+
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index b5331fa661..f8ed8cecde 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -24,9 +24,15 @@ manager: dansimp
   
                  
     Kerberos/AllowForestSearchOrder
   
                  
+  
                  
+    Kerberos/CloudKerberosTicketRetrievalEnabled
+  
                  
   
                  
     Kerberos/KerberosClientSupportsClaimsCompoundArmor
   
                  
+  
                  
+    Kerberos/PKInitHashAlgorithmConfiguration
+  
                  
   
                  
     Kerberos/RequireKerberosArmoring
   
                  
@@ -41,6 +47,13 @@ manager: dansimp
   
                  
 
                  
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
                  
 
@@ -48,32 +61,14 @@ manager: dansimp
 **Kerberos/AllowForestSearchOrder**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -90,21 +85,15 @@ manager: dansimp
 
 This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).
 
-If you enable this policy setting, the Kerberos client searches the forests in this list, if it is unable to resolve a two-part SPN. If a match is found, the Kerberos client requests a referral ticket to the appropriate domain.
+If you enable this policy setting, the Kerberos client searches the forests in this list, if it's unable to resolve a two-part SPN. If a match is found, the Kerberos client requests a referral ticket to the appropriate domain.
 
-If you disable or do not configure this policy setting, the Kerberos client does not search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name is not found, NTLM authentication might be used.
+If you disable or don't configure this policy setting, the Kerberos client doesn't search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name isn't found, NTLM authentication might be used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Use forest search order*
+-   GP Friendly name: *Use forest search order*
 -   GP name: *ForestSearch*
 -   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -114,36 +103,70 @@ ADMX Info:
 
 
                  
 
+
+**Kerberos/CloudKerberosTicketRetrievalEnabled**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy allows retrieving the cloud Kerberos ticket during the sign in.
+
+- If you disable (0) or don't configure this policy setting, the cloud Kerberos ticket isn't retrieved during the sign in.
+
+- If you enable (1) this policy, the cloud Kerberos ticket is retrieved during the sign in.
+
+
+
+Valid values:  
+0 (default) - Disabled. 
+1 - Enabled. 
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow retrieving the cloud Kerberos ticket during the logon*
+-   GP name: *CloudKerberosTicketRetrievalEnabled*
+-   GP path: *System/Kerberos*
+-   GP ADMX file name: *Kerberos.admx*
+
+
+
+
+
                  
+
 
 **Kerberos/KerberosClientSupportsClaimsCompoundArmor**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -159,21 +182,15 @@ ADMX Info:
 
 
 This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features. 
-If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains which support claims and compound authentication for Dynamic Access Control and Kerberos armoring.
+If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains that support claims and compound authentication for Dynamic Access Control and Kerberos armoring.
 
-If you disable or do not configure this policy setting, the client devices will not request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve claims for clients using Kerberos protocol transition.
+If you disable or don't configure this policy setting, the client devices won't request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device won't be able to retrieve claims for clients using Kerberos protocol transition.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Kerberos client support for claims, compound authentication and Kerberos armoring*
+-   GP Friendly name: *Kerberos client support for claims, compound authentication and Kerberos armoring*
 -   GP name: *EnableCbacAndArmor*
 -   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -183,36 +200,72 @@ ADMX Info:
 
 
                  
 
+
+**Kerberos/PKInitHashAlgorithmConfiguration**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+This policy setting controls hash or checksum algorithms used by the Kerberos client when performing certificate authentication.
+
+If you enable this policy, you'll be able to configure one of four states for each algorithm:
+
+* **Default**: This state sets the algorithm to the recommended state.
+* **Supported**: This state enables usage of the algorithm. Enabling algorithms that have been disabled by default may reduce your security.
+* **Audited**: This state enables usage of the algorithm and reports an event (ID 205) every time it's used. This state is intended to verify that the algorithm isn't being used and can be safely disabled.
+* **Not Supported**: This state disables usage of the algorithm. This state is intended for algorithms that are deemed to be insecure.
+
+If you disable or don't configure this policy, each algorithm will assume the **Default** state.
+
+More information about the hash and checksum algorithms supported by the Windows Kerberos client and their default states can be found https://go.microsoft.com/fwlink/?linkid=2169037.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Introducing agility to PKINIT in Kerberos protocol*
+-   GP name: *PKInitHashAlgorithmConfiguration*
+-   GP path: *System/Kerberos*
+-   GP ADMX file name: *Kerberos.admx*
+
+
+
+
+
                  
+
 
 **Kerberos/RequireKerberosArmoring**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -229,25 +282,20 @@ ADMX Info:
 
 This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating with a domain controller.
 
-Warning: When a domain does not support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled.
+Warning: When a domain doesn't support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled.
 
 If you enable this policy setting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (TGS) message exchanges with the domain controllers. 
 
-Note: The Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must also be enabled to support Kerberos armoring. 
+> [!NOTE]
+> The Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must also be enabled to support Kerberos armoring. 
 
-If you disable or do not configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain.
+If you disable or don't configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Fail authentication requests when Kerberos armoring is not available*
+-   GP Friendly name: *Fail authentication requests when Kerberos armoring is not available*
 -   GP name: *ClientRequireFast*
 -   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -261,32 +309,14 @@ ADMX Info:
 **Kerberos/RequireStrictKDCValidation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -303,21 +333,15 @@ ADMX Info:
 
 This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon.  
 
-If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer is not joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate.
+If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer isn't joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate.
 
-If you disable or do not configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions which can be issued to any server.
+If you disable or don't configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions that can be issued to any server.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Require strict KDC validation*
+-   GP Friendly name: *Require strict KDC validation*
 -   GP name: *ValidateKDC*
 -   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -331,32 +355,14 @@ ADMX Info:
 **Kerberos/SetMaximumContextTokenSize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -371,27 +377,22 @@ ADMX Info:
 
 
 
-This policy setting allows you to set the value returned to applications which request the maximum size of the SSPI context token buffer size.
+This policy setting allows you to set the value returned to applications that request the maximum size of the SSPI context token buffer size.
 
 The size of the context token buffer determines the maximum size of SSPI context tokens an application expects and allocates. Depending upon authentication request processing and group memberships, the buffer might be smaller than the actual size of the SSPI context token. 
 
 If you enable this policy setting, the Kerberos client or server uses the configured value, or the locally allowed maximum value, whichever is smaller.
 
-If you disable or do not configure this policy setting, the Kerberos client or server uses the locally configured value or the default value. 
+If you disable or don't configure this policy setting, the Kerberos client or server uses the locally configured value or the default value. 
 
-Note: This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes.
+> [!NOTE]
+> This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it's not advised to set this value more than 48,000 bytes.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set maximum Kerberos SSPI context token buffer size*
+-   GP Friendly name: *Set maximum Kerberos SSPI context token buffer size*
 -   GP name: *MaxTokenSize*
 -   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -405,32 +406,14 @@ ADMX Info:
 **Kerberos/UPNNameHints**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -445,9 +428,9 @@ ADMX Info:
 
 
 
-Adds a list of domains that an Azure Active Directory joined device can attempt to contact when it cannot resolve a UPN to a principal.
+Adds a list of domains that an Azure Active Directory joined device can attempt to contact when it can't resolve a UPN to a principal.
 
-Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This can cause failures when such a device needs to resolve an Azure Active Directory UPN into an Active Directory Principal. You can use this policy to avoid those failures.
+Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This limitation can cause failures when such a device needs to resolve an Azure Active Directory UPN into an Active Directory Principal. You can use this policy to avoid those failures.
 
 
 
@@ -462,16 +445,5 @@ Devices joined to Azure Active Directory in a hybrid environment need to interac
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index b7c4328ba0..ec353dc9aa 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -55,32 +55,14 @@ These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Mic
 **KioskBrowser/BlockedUrlExceptions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -95,7 +77,7 @@ These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Mic
 
 
 
-Added in Windows 10, version 1803. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
+List of exceptions to the blocked website URLs (with wildcard support). This policy is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
 
 > [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -109,32 +91,14 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL
 **KioskBrowser/BlockedUrls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -149,7 +113,7 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL
 
 
 
-Added in Windows 10, version 1803. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to.
+List of blocked website URLs (with wildcard support). This policy is used to configure blocked URLs kiosk browsers can't navigate to.
 
 > [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -163,32 +127,14 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s
 **KioskBrowser/DefaultURL**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -203,7 +149,7 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s
 
 
 
-Added in Windows 10, version 1803. Configures the default URL kiosk browsers to navigate on launch and restart.
+Configures the default URL kiosk browsers to navigate on launch and restart.
 
 > [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -217,32 +163,14 @@ Added in Windows 10, version 1803. Configures the default URL kiosk browsers to
 **KioskBrowser/EnableEndSessionButton**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -257,7 +185,7 @@ Added in Windows 10, version 1803. Configures the default URL kiosk browsers to
 
 
 
-Shows the Kiosk Browser's end session button. When the policy is enabled, the Kiosk Browser app shows a button to reset the browser. When the user clicks on the button, the app will prompt the user for confirmation to end the session. When the user confirms, the Kiosk browser will clear all browsing data (cache, cookies, etc.) and navigate back to the default URL.
+Shows the Kiosk Browser's end session button. When the policy is enabled, the Kiosk Browser app shows a button to reset the browser. When the user selects the button, the app will prompt the user for confirmation to end the session. When the user confirms, the Kiosk browser will clear all browsing data (cache, cookies, etc.) and navigate back to the default URL.
 
 
 
@@ -268,32 +196,14 @@ Shows the Kiosk Browser's end session button. When the policy is enabled, the Ki
 **KioskBrowser/EnableHomeButton**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -308,7 +218,7 @@ Shows the Kiosk Browser's end session button. When the policy is enabled, the Ki
 
 
 
-Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
+Enable/disable kiosk browser's home button.
 
 > [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -322,32 +232,14 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
 **KioskBrowser/EnableNavigationButtons**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -362,7 +254,7 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
 
 
 
-Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation buttons (forward/back).
+Enable/disable kiosk browser's navigation buttons (forward/back).
 
 > [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -376,32 +268,14 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation but
 **KioskBrowser/RestartOnIdleTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -416,9 +290,9 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation but
 
 
 
-Added in Windows 10, version 1803. Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.  
+Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.  
 
-The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser.
+The value is an int 1-1440 that specifies the number of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty, which means there's no idle timeout within the kiosk browser.
 
 > [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -427,15 +301,4 @@ The value is an int 1-1440 that specifies the amount of minutes the session is i
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
index bb03f10884..abd1293e59 100644
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@@ -1,11 +1,11 @@
 ---
 title: Policy CSP - LanmanWorkstation
-description: Use the Policy CSP - LanmanWorkstation setting to determine if the SMB client will allow insecure guest logons to an SMB server.
+description: Use the Policy CSP - LanmanWorkstation setting to determine if the SMB client will allow insecure guest sign ins to an SMB server.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -34,32 +34,14 @@ manager: dansimp
 **LanmanWorkstation/EnableInsecureGuestLogons**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,18 +56,18 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1803. This policy setting determines if the SMB client will allow insecure guest logons to an SMB server.
+This policy setting determines if the SMB client will allow insecure guest sign ins to an SMB server.
 
-If you enable this policy setting or if you do not configure this policy setting, the SMB client will allow insecure guest logons.
+If you enable this policy setting or if you don't configure this policy setting, the SMB client will allow insecure guest sign ins.
 
-If you disable this policy setting, the SMB client will reject insecure guest logons.
+If you disable this policy setting, the SMB client will reject insecure guest sign ins.
 
-Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and do not use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access.
+Insecure guest sign ins are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest sign ins are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and don't use insecure guest sign ins by default. Since insecure guest sign ins are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest sign ins are vulnerable to various man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest sign in is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest sign ins and configuring file servers to require authenticated access.
 
 
 
 ADMX Info:  
--   GP English name: *Enable insecure guest logons*
+-   GP Friendly name: *Enable insecure guest logons*
 -   GP name: *Pol_EnableInsecureGuestLogons*
 -   GP path: *Network/Lanman Workstation*
 -   GP ADMX file name: *LanmanWorkstation.admx*
@@ -98,16 +80,5 @@ This setting supports a range of values between 0 and 1.
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index bfef6090cc..430b7af709 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -37,32 +37,14 @@ manager: dansimp
 **Licensing/AllowWindowsEntitlementReactivation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -77,12 +59,12 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1607. Enables or Disable Windows license reactivation on managed devices.
+Enables or Disable Windows license reactivation on managed devices.
 
 
 
 ADMX Info:  
--   GP English name: *Control Device Reactivation for Retail devices*
+-   GP Friendly name: *Control Device Reactivation for Retail devices*
 -   GP name: *AllowWindowsEntitlementReactivation*
 -   GP path: *Windows Components/Software Protection Platform*
 -   GP ADMX file name: *AVSValidationGP.admx*
@@ -103,32 +85,14 @@ The following list shows the supported values:
 **Licensing/DisallowKMSClientOnlineAVSValidation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -143,12 +107,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state.
+Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state.
 
 
 
 ADMX Info:  
--   GP English name: *Turn off KMS Client Online AVS Validation*
+-   GP Friendly name: *Turn off KMS Client Online AVS Validation*
 -   GP name: *NoAcquireGT*
 -   GP path: *Windows Components/Software Protection Platform*
 -   GP ADMX file name: *AVSValidationGP.admx*
@@ -164,16 +128,6 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 0d4580ee4b..affd8a51ea 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1,20 +1,19 @@
 ---
 title: Policy CSP - LocalPoliciesSecurityOptions
-description: These settings prevents users from adding new Microsoft accounts on a specific computer using LocalPoliciesSecurityOptions.
+description: These settings prevent users from adding new Microsoft accounts on a specific computer using LocalPoliciesSecurityOptions.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
-ms.date: 05/02/2021
+ms.date: 12/16/2021
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - LocalPoliciesSecurityOptions
 
-
 
                  
 
 
@@ -24,6 +23,11 @@ manager: dansimp
   
                  
     LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
   
                  
+  
                  
+    LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
+  
                    
                  
+    LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus
+  
                  
   
                  
     LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
   
                  
@@ -69,6 +73,9 @@ manager: dansimp
   
                  
     LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
   
                  
+  
                  
+    LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways
+  
                  
   
                  
     LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
   
                  
@@ -161,42 +168,23 @@ manager: dansimp
   
                  
 
                  
 
-
 
                  
 
 > [!NOTE]
-> To find data formats (and other policy-related details), see [Policy DDF file](./policy-ddf-file.md). 
+> To find data formats (and other policy-related details), see [Policy DDF file](./policy-ddf-file.md).
 
 
 **LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -213,18 +201,18 @@ manager: dansimp
 
 This policy setting prevents users from adding new Microsoft accounts on this computer.
 
-If you select the "Users cannot add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
+If you select the "Users cannot add Microsoft accounts" option, users won't be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This option is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
 
-If you select the "Users cannot add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
+If you select the "Users cannot add or log on with Microsoft accounts" option, existing Microsoft account users won't be able to sign in to Windows. Selecting this option might make it impossible for an existing administrator on this computer to sign in and manage the system.
 
-If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows.
+If you disable or don't configure this policy (recommended), users will be able to use Microsoft accounts with Windows.
 
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 
 GP Info:  
--   GP English name: *Accounts: Block Microsoft accounts*
+-   GP Friendly name: *Accounts: Block Microsoft accounts*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -232,7 +220,7 @@ GP Info:
 The following list shows the supported values:
 
 -   0 - disabled (users will be able to use Microsoft accounts with Windows).
--   1 - enabled (users cannot add Microsoft accounts).
+-   1 - enabled (users can't add Microsoft accounts).
 
 
 
@@ -240,35 +228,112 @@ The following list shows the supported values:
 
                  
 
 
+**LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This setting allows the administrator to enable the local Administrator account.
+
+Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+
+
+GP Info:  
+-   GP Friendly name: *Accounts: Enable Administrator Account Status*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+
+
+The following list shows the supported values:
+
+-   0 - disabled (local Administrator account is disabled).
+-   1 - enabled (local Administrator account is enabled).
+
+
+
+
+
                  
+
+**LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This setting allows the administrator to enable the guest Administrator account.
+
+Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+
+
+GP Info:  
+-   GP Friendly name: *Accounts: Enable Guest Account Status*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+
+
+The following list shows the supported values:
+
+-   0 - disabled (local Administrator account is disabled).
+-   1 - enabled (local Administrator account is enabled).
+
+
+
+
+
                  
+
+
 **LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -285,31 +350,30 @@ The following list shows the supported values:
 
 Accounts: Limit local account use of blank passwords to console logon only
 
-This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard.
+This security setting determines whether local accounts that aren't password protected can be used to sign in from locations other than the physical computer console. If enabled, local accounts that aren't password protected will only be able to sign in at the computer's keyboard.
 
 Default: Enabled.
 
-Warning:
+> [!WARNING]
+> Computers that aren't in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can sign in by using a user account that doesn't have a password. This is especially important for portable computers.
+If you apply this security policy to the Everyone group, no one will be able to sign in through Remote Desktop Services.
 
-Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that does not have a password. This is especially important for portable computers.
-If you apply this security policy to the Everyone group, no one will be able to log on through Remote Desktop Services.
-
-This setting does not affect logons that use domain accounts.
-It is possible for applications that use remote interactive logons to bypass this setting.
+This setting doesn't affect sign ins that use domain accounts.
+It's possible for applications that use remote interactive sign ins to bypass this setting.
 
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 
 GP Info:  
--   GP English name: *Accounts: Limit local account use of blank passwords to console logon only*
+-   GP Friendly name: *Accounts: Limit local account use of blank passwords to console logon only*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
 
 Valid values:  
-- 0 -  disabled - local accounts that are not password protected can be used to log on from locations other than the physical computer console
-- 1 -  enabled - local accounts that are not password protected will only be able to log on at the computer's keyboard
+- 0 -  disabled - local accounts that aren't password protected can be used to sign in from locations other than the physical computer console
+- 1 -  enabled - local accounts that aren't password protected will only be able to sign in at the computer's keyboard
 
 
 
@@ -320,32 +384,14 @@ Valid values:
 **LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -371,7 +417,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *Accounts: Rename administrator account*
+-   GP Friendly name: *Accounts: Rename administrator account*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -383,32 +429,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -434,7 +462,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *Accounts: Rename guest account*
+-   GP Friendly name: *Accounts: Rename guest account*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -446,32 +474,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -486,19 +496,18 @@ GP Info:
 
 
 
-Devices: Allow undock without having to log on. 
+Devices: Allow undock without having to sign in. 
 
-This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer.
+This security setting determines whether a portable computer can be undocked without having to sign in. If this policy is enabled, sign in isn't required and an external hardware eject button can be used to undock the computer. If disabled, a user must sign in and have the Remove computer from docking station privilege to undock the computer.
 Default: Enabled.
 
-Caution:
-
-Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.
+> [!CAUTION]
+> Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.
 
 
 
 GP Info:  
--   GP English name: *Devices: Allow undock without having to log on*
+-   GP Friendly name: *Devices: Allow undock without having to log on*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -510,32 +519,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -557,12 +548,12 @@ This security setting determines who is allowed to format and eject removable NT
 - Administrators
 - Administrators and Interactive Users
 
-Default: This policy is not defined and only Administrators have this ability.
+Default: This policy isn't defined, and only Administrators have this ability.
 
 
 
 GP Info:  
--   GP English name: *Devices: Allowed to format and eject removable media*
+-   GP Friendly name: *Devices: Allowed to format and eject removable media*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -574,32 +565,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -621,14 +594,13 @@ For a computer to print to a shared printer, the driver for that shared printer
 Default on servers: Enabled.
 Default on workstations: Disabled
 
-Note
-
-This setting does not affect the ability to add a local printer. This setting does not affect Administrators.
+>[!NOTE]
+>This setting doesn't affect the ability to add a local printer. This setting doesn't affect Administrators.
 
 
 
 GP Info:  
--   GP English name: *Devices: Prevent users from installing printer drivers*
+-   GP Friendly name: *Devices: Prevent users from installing printer drivers*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -640,32 +612,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -686,12 +640,12 @@ This security setting determines whether a CD-ROM is accessible to both local an
 
 If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media. If this policy is enabled and no one is logged on interactively, the CD-ROM can be accessed over the network.
 
-Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user.
+Default: This policy isn't defined and CD-ROM access isn't restricted to the locally logged-on user.
 
 
 
 GP Info:  
--   GP English name: *Devices: Restrict CD-ROM access to locally logged-on user only*
+-   GP Friendly name: *Devices: Restrict CD-ROM access to locally logged-on user only*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -703,32 +657,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -743,7 +679,7 @@ GP Info:
 
 
 
-Interactive Logon:Display user information when the session is locked  
+Interactive Logon: Display user information when the session is locked  
 
 
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
@@ -751,7 +687,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *Interactive logon: Display user information when the session is locked*
+-   GP Friendly name: *Interactive logon: Display user information when the session is locked*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -759,7 +695,7 @@ GP Info:
 Valid values:
 - 1 - User display name, domain and user names
 - 2 - User display name only
-- 3 - Do not display user information
+- 3 - Don't display user information
 
 
 
@@ -770,32 +706,14 @@ Valid values:
 **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -813,7 +731,7 @@ Valid values:
 Interactive logon: Don't display last signed-in
 
 This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC.
-If this policy is enabled, the username will not be shown.
+If this policy is enabled, the username won't be shown.
 
 If this policy is disabled, the username will be shown.
 
@@ -824,14 +742,14 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *Interactive logon: Don't display last signed-in*
+-   GP Friendly name: *Interactive logon: Don't display last signed-in*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
 
 Valid values:  
 - 0 - disabled (username will be shown)
-- 1 - enabled (username will not be shown)
+- 1 - enabled (username won't be shown)
 
 
 
@@ -842,32 +760,14 @@ Valid values:
 **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -886,7 +786,7 @@ Interactive logon: Don't display username at sign-in
 
 This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown.
 
-If this policy is enabled, the username will not be shown.
+If this policy is enabled, the username won't be shown.
 
 If this policy is disabled, the username will be shown.
 
@@ -897,14 +797,14 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *Interactive logon: Don't display username at sign-in*
+-   GP Friendly name: *Interactive logon: Don't display username at sign-in*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
 
 Valid values:  
 - 0 - disabled (username will be shown)
-- 1 - enabled (username will not be shown)
+- 1 - enabled (username won't be shown)
 
 
 
@@ -915,32 +815,14 @@ Valid values:
 **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -955,11 +837,11 @@ Valid values:
 
 
 
-Interactive logon: Do not require CTRL+ALT+DEL
+Interactive logon: Don't require CTRL+ALT+DEL
 
-This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on.
+This security setting determines whether pressing CTRL+ALT+DEL is required before a user can sign in.
 
-If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords.
+If this policy is enabled on a computer, a user isn't required to press CTRL+ALT+DEL to sign in. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users sign in ensures that users are communicating through a trusted path when entering their passwords.
 
 If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows.
 
@@ -971,14 +853,14 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *Interactive logon: Do not require CTRL+ALT+DEL*
+-   GP Friendly name: *Interactive logon: Do not require CTRL+ALT+DEL*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
 
 Valid values:  
 - 0 - disabled
-- 1 - enabled (a user is not required to press CTRL+ALT+DEL to log on)
+- 1 - enabled (a user isn't required to press CTRL+ALT+DEL to sign in)
 
 
 
@@ -989,32 +871,14 @@ Valid values:
 **LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1031,7 +895,7 @@ Valid values:
 
 Interactive logon: Machine inactivity limit.
 
-Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.
+Windows notices inactivity of a sign-in session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.
 
 Default: not enforced.
 
@@ -1040,12 +904,12 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *Interactive logon: Machine inactivity limit*
+-   GP Friendly name: *Interactive logon: Machine inactivity limit*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
 
-Valid values: From 0 to 599940, where the value is the amount of inactivity time (in seconds) after which the session will be locked. If it is set to zero (0), the setting is disabled.
+Valid values: From 0 to 599940, where the value is the amount of inactivity time (in seconds) after which the session will be locked. If it's set to zero (0), the setting is disabled.
 
 
 
@@ -1056,32 +920,14 @@ Valid values: From 0 to 599940, where the value is the amount of inactivity time
 **LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1096,9 +942,9 @@ Valid values: From 0 to 599940, where the value is the amount of inactivity time
 
 
 
-Interactive logon: Message text for users attempting to log on
+Interactive logon: Message text for users attempting to sign in
 
-This security setting specifies a text message that is displayed to users when they log on.
+This security setting specifies a text message that is displayed to users when they sign in.
 
 This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited.
 
@@ -1109,7 +955,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *Interactive logon: Message text for users attempting to log on*
+-   GP Friendly name: *Interactive logon: Message text for users attempting to log on*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -1121,32 +967,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1161,9 +989,9 @@ GP Info:
 
 
 
-Interactive logon: Message title for users attempting to log on
+Interactive logon: Message title for users attempting to sign in
 
-This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on.
+This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to sign in.
 
 Default: No message.
 
@@ -1172,7 +1000,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *Interactive logon: Message title for users attempting to log on*
+-   GP Friendly name: *Interactive logon: Message title for users attempting to log on*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -1184,32 +1012,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1237,21 +1047,74 @@ The options are:
 
 If you click Lock Workstation in the Properties dialog box for this policy, the workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session.
 
-If you click Force Logoff in the Properties dialog box for this policy, the user is automatically logged off when the smart card is removed.
+If you click Force Logoff in the Properties dialog box for this policy, the user is automatically signed off when the smart card is removed.
 
-If you click Disconnect if a Remote Desktop Services session, removal of the smart card disconnects the session without logging the user off. This allows the user to insert the smart card and resume the session later, or at another smart card reader-equipped computer, without having to log on again. If the session is local, this policy functions identically to Lock Workstation.
+If you click Disconnect if a Remote Desktop Services session, removal of the smart card disconnects the session without logging off the user. This policy allows the user to insert the smart card and resume the session later, or at another smart card reader-equipped computer, without having to sign in again. If the session is local, this policy functions identically to Lock Workstation.
 
 > [!NOTE]
 > Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
 
-Default: This policy is not defined, which means that the system treats it as No action.
+Default: This policy isn't defined, which means that the system treats it as No action.
 
 On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started.
 
 
 
 GP Info:  
--   GP English name: *Interactive logon: Smart card removal behavior*
+-   GP Friendly name: *Interactive logon: Smart card removal behavior*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+
+
+
                  
+
+
+**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+Microsoft network client: Digitally sign communications (always)
+
+This security setting determines whether packet signing is required by the SMB client component.  The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.  
+
+If this setting is enabled, the Microsoft network client won't communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server. 
+ 
+Default: Disabled.   
+
+> [!Note] 
+> All Windows operating systems support both a client-side SMB component and a server-side SMB component.Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. 
+> - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. 
+> - Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. 
+>
+> SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
+
+
+
+GP Info:  
+-   GP Friendly name: *Microsoft network client: Digitally sign communications (always)*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -1263,32 +1126,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1313,21 +1158,21 @@ If this setting is enabled, the Microsoft network client will ask the server to
 
 Default: Enabled.
 
-Notes
-
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
+> [!Note]
+> All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+> - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+> - Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+> If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
+>
+> SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
+> For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 
 
 
 GP Info:  
--   GP English name: *Microsoft network client: Digitally sign communications (if server agrees)*
+-   GP Friendly name: *Microsoft network client: Digitally sign communications (if server agrees)*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -1339,32 +1184,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1381,7 +1208,7 @@ GP Info:
 
 Microsoft network client: Send unencrypted password to connect to third-party SMB servers
 
-If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication.
+If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that don't support password encryption during authentication.
 
 Sending unencrypted passwords is a security risk.
 
@@ -1390,7 +1217,7 @@ Default: Disabled.
 
 
 GP Info:  
--   GP English name: *Microsoft network client: Send unencrypted password to third-party SMB servers*
+-   GP Friendly name: *Microsoft network client: Send unencrypted password to third-party SMB servers*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -1402,32 +1229,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1454,12 +1263,12 @@ Administrators can use this policy to control when a computer suspends an inacti
 
 For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999, which is 208 days; in effect, this value disables the policy.
 
-Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations.
+Default: This policy isn't defined, which means that the system treats it as 15 minutes for servers and undefined for workstations.
 
 
 
 GP Info:  
--   GP English name: *Microsoft network server: Amount of idle time required before suspending session*
+-   GP Friendly name: *Microsoft network server: Amount of idle time required before suspending session*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -1480,32 +1289,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1526,37 +1317,25 @@ This security setting determines whether packet signing is required by the SMB s
 
 The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB client is permitted.
 
-If this setting is enabled, the Microsoft network server will not communicate with a Microsoft network client unless that client agrees to perform SMB packet signing. If this setting is disabled, SMB packet signing is negotiated between the client and server.
+If this setting is enabled, the Microsoft network server won't communicate with a Microsoft network client unless that client agrees to perform SMB packet signing. If this setting is disabled, SMB packet signing is negotiated between the client and server.
 
-Default:
+Default: Disabled for member servers. Enabled for domain controllers.
 
-Disabled for member servers.
-Enabled for domain controllers.
-
-Notes
-
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
-If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled.
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
-
-Important
-
-For this policy to take effect on computers running Windows 2000, server-side packet signing must also be enabled. To enable server-side SMB packet signing, set the following policy:
-Microsoft network server: Digitally sign communications (if server agrees)
-
-For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the Windows 2000 server:
-HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
+> [!NOTE]
+> All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+> - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+> - Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+>
+> Similarly, if client-side SMB signing is required, that client won't be able to establish a session with servers that don't have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
+> If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled.
+> SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 
 
 
 GP Info:  
--   GP English name: *Microsoft network server: Digitally sign communications (always)*
+-   GP Friendly name: *Microsoft network server: Digitally sign communications (always)*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -1568,32 +1347,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1618,25 +1379,21 @@ If this setting is enabled, the Microsoft network server will negotiate SMB pack
 
 Default: Enabled on domain controllers only.
 
-Important
-
-For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the server running Windows 2000: HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
-
-Notes
-
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. For Windows 2000 and above, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
+> [!NOTE]
+> All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+> - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+> - Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+> If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
+>
+> SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
+For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 
 
 
 GP Info:  
--   GP English name: *Microsoft network server: Digitally sign communications (if client agrees)*
+-   GP Friendly name: *Microsoft network server: Digitally sign communications (if client agrees)*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -1648,32 +1405,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1688,28 +1427,27 @@ GP Info:
 
 
 
-Network access: Do not allow anonymous enumeration of SAM accounts
+Network access: Don't allow anonymous enumeration of SAM accounts
 
-This security setting determines what additional permissions will be granted for anonymous connections to the computer.
+This security setting determines what other permissions will be granted for anonymous connections to the computer.
 
-Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust.
+Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This feature is convenient, for example, when an administrator wants to grant access to users in a trusted domain that doesn't maintain a reciprocal trust.
 
-This security option allows additional restrictions to be placed on anonymous connections as follows:
+This security option allows more restrictions to be placed on anonymous connections as follows:
 
-Enabled: Do not allow enumeration of SAM accounts. This option replaces Everyone with Authenticated Users in the security permissions for resources.
-Disabled: No additional restrictions. Rely on default permissions.
+Enabled: Don't allow enumeration of SAM accounts. This option replaces Everyone with Authenticated Users in the security permissions for resources.
+Disabled: No extra restrictions. Rely on default permissions.
 
 Default on workstations: Enabled.
-Default on server:Enabled.
+Default on server: Enabled.
 
-Important
-
-This policy has no impact on domain controllers.
+> [!IMPORTANT]
+> This policy has no impact on domain controllers.
 
 
 
 GP Info:  
--   GP English name: *Network access: Do not allow anonymous enumeration of SAM accounts*
+-   GP Friendly name: *Network access: Do not allow anonymous enumeration of SAM accounts*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -1721,32 +1459,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1761,18 +1481,18 @@ GP Info:
 
 
 
-Network access: Do not allow anonymous enumeration of SAM accounts and shares
+Network access: Don't allow anonymous enumeration of SAM accounts and shares
 
 This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed.
 
-Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy.
+Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This feature is convenient, for example, when an administrator wants to grant access to users in a trusted domain that doesn't maintain a reciprocal trust. If you don't want to allow anonymous enumeration of SAM accounts and shares, then enable this policy.
 
 Default: Disabled.
 
 
 
 GP Info:  
--   GP English name: *Network access: Do not allow anonymous enumeration of SAM accounts and shares*
+-   GP Friendly name: *Network access: Do not allow anonymous enumeration of SAM accounts and shares*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -1784,32 +1504,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1835,7 +1537,7 @@ Default: Enabled.
 
 
 GP Info:  
--   GP English name: *Network access: Restrict anonymous access to Named Pipes and Shares*
+-   GP Friendly name: *Network access: Restrict anonymous access to Named Pipes and Shares*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -1847,32 +1549,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1898,7 +1582,7 @@ This policy is supported on at least Windows Server 2016.
 
 
 GP Info:  
--   GP English name: *Network access: Restrict clients allowed to make remote calls to SAM*
+-   GP Friendly name: *Network access: Restrict clients allowed to make remote calls to SAM*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -1910,32 +1594,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1959,7 +1625,7 @@ When a service connects with the device identity, signing and encryption are sup
 
 
 GP Info:  
--   GP English name: *Network security: Allow Local System to use computer identity for NTLM*
+-   GP Friendly name: *Network security: Allow Local System to use computer identity for NTLM*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -1977,32 +1643,14 @@ Valid values:
 **LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2019,7 +1667,7 @@ Valid values:
 
 Network security: Allow PKU2U authentication requests to this computer to use online identities.
 
-This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine.
+This policy will be turned off by default on domain joined machines. This disablement would prevent online identities from authenticating to the domain joined machine.
 
 
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
@@ -2027,7 +1675,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *Network security: Allow PKU2U authentication requests to this computer to use online identities.*
+-   GP Friendly name: *Network security: Allow PKU2U authentication requests to this computer to use online identities.*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -2045,32 +1693,14 @@ Valid values:
 **LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2085,23 +1715,18 @@ Valid values:
 
 
 
-Network security: Do not store LAN Manager hash value on next password change
+Network security: Don't store LAN Manager hash value on next password change
 
-This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked.
+This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database, the passwords can be compromised if the security database is attacked.
 
 
 Default on Windows Vista and above: Enabled
 Default on Windows XP: Disabled.
 
-Important
-
-Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authentication to previous versions of Windows, such as Microsoft Windows NT 4.0.
-This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98.
-
 
 
 GP Info:  
--   GP English name: *Network security: Do not store LAN Manager hash value on next password change*
+-   GP Friendly name: *Network security: Do not store LAN Manager hash value on next password change*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -2113,32 +1738,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2169,13 +1776,9 @@ Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and
 
 Send NTLMv2 response only\refuse LM and NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication).
 
-Important
-
-This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Server 2003 family to communicate with computers running Windows NT 4.0 and earlier over the network. For example, at the time of this writing, computers running Windows NT 4.0 SP4 and earlier did not support NTLMv2. Computers running Windows 95 and Windows 98 did not support NTLM.
-
 Default:
 
-Windows 2000 and windows XP: send LM and NTLM responses
+windows XP: send LM and NTLM responses
 
 Windows Server 2003: Send NTLM response only
 
@@ -2184,7 +1787,7 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send
 
 
 GP Info:  
--   GP English name: *Network security: LAN Manager authentication level*
+-   GP Friendly name: *Network security: LAN Manager authentication level*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -2196,32 +1799,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2240,19 +1825,19 @@ Network security: Minimum session security for NTLM SSP based (including secure
 
 This security setting allows a client device to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
 
-- Require NTLMv2 session security: The connection will fail if message integrity is not negotiated.
-- Require 128-bit encryption: The connection will fail if strong encryption (128-bit) is not negotiated.
+- Require NTLMv2 session security: The connection will fail if message integrity isn't negotiated.
+- Require 128-bit encryption: The connection will fail if strong encryption (128-bit) isn't negotiated.
 
 Default:
 
-Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
+Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements.
 
 Windows 7 and Windows Server 2008 R2: Require 128-bit encryption.
 
 
 
 GP Info:  
--   GP English name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) clients*
+-   GP Friendly name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) clients*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -2264,32 +1849,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2308,19 +1875,19 @@ Network security: Minimum session security for NTLM SSP based (including secure
 
 This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
 
-Require NTLMv2 session security: The connection will fail if message integrity is not negotiated.
-Require 128-bit encryption. The connection will fail if strong encryption (128-bit) is not negotiated.
+Require NTLMv2 session security: The connection will fail if message integrity isn't negotiated.
+Require 128-bit encryption. The connection will fail if strong encryption (128-bit) isn't negotiated.
 
 Default:
 
-Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
+Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements.
 
 Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
 
 
 
 GP Info:  
--   GP English name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) servers*
+-   GP Friendly name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) servers*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -2332,32 +1899,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2378,14 +1927,14 @@ This policy setting allows you to create an exception list of remote servers to
 
 If you configure this policy setting, you can define a list of remote servers to which clients are allowed to use NTLM authentication.
 
-If you do not configure this policy setting, no exceptions will be applied.
+If you don't configure this policy setting, no exceptions will be applied.
 
-The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats . A single asterisk (*) can be used anywhere in the string as a wildcard character.
+The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats. A single asterisk (*) can be used anywhere in the string as a wildcard character.
 
 
 
 GP Info:  
--   GP English name: *Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication*
+-   GP Friendly name: *Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -2406,32 +1955,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2450,7 +1981,7 @@ Network security: Restrict NTLM: Audit Incoming NTLM Traffic
 
 This policy setting allows you to audit incoming NTLM traffic.
 
-If you select "Disable", or do not configure this policy setting, the server will not log events for incoming NTLM traffic.
+If you select "Disable", or don't configure this policy setting, the server won't log events for incoming NTLM traffic.
 
 If you select "Enable auditing for domain accounts", the server will log events for NTLM pass-through authentication requests that would be blocked when the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy setting is set to the "Deny all domain accounts" option.
 
@@ -2464,7 +1995,7 @@ This policy is supported on at least Windows 7 or Windows Server 2008 R2.
 
 
 GP Info:  
--   GP English name: *Network security: Restrict NTLM: Audit Incoming NTLM Traffic*
+-   GP Friendly name: *Network security: Restrict NTLM: Audit Incoming NTLM Traffic*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -2485,32 +2016,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2529,9 +2042,9 @@ Network security: Restrict NTLM: Incoming NTLM traffic
 
 This policy setting allows you to deny or allow incoming NTLM traffic.
 
-If you select "Allow all" or do not configure this policy setting, the server will allow all NTLM authentication requests.
+If you select "Allow all" or don't configure this policy setting, the server will allow all NTLM authentication requests.
 
-If you select "Deny all domain accounts," the server will deny NTLM authentication requests for domain logon and display an NTLM blocked error, but allow local account logon.
+If you select "Deny all domain accounts," the server will deny NTLM authentication requests for domain sign in and display an NTLM blocked error, but allow local account sign in.
 
 If you select "Deny all accounts," the server will deny NTLM authentication requests from incoming traffic and display an NTLM blocked error.
 
@@ -2543,7 +2056,7 @@ This policy is supported on at least Windows 7 or Windows Server 2008 R2.
 
 
 GP Info:  
--   GP English name: *Network security: Restrict NTLM: Incoming NTLM traffic*
+-   GP Friendly name: *Network security: Restrict NTLM: Incoming NTLM traffic*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -2564,32 +2077,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2608,11 +2103,11 @@ Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
 
 This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server.
 
-If you select "Allow all" or do not configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication.
+If you select "Allow all" or don't configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication.
 
-If you select "Audit all," the client computer logs an event for each NTLM authentication request to a remote server. This allows you to identify those servers receiving NTLM authentication requests from the client computer.
+If you select "Audit all," the client computer logs an event for each NTLM authentication request to a remote server. This logging allows you to identify those servers receiving NTLM authentication requests from the client computer.
 
-If you select "Deny all," the client computer cannot authenticate identities to a remote server by using NTLM authentication. You can use the "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication" policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication.
+If you select "Deny all," the client computer can't authenticate identities to a remote server by using NTLM authentication. You can use the "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication" policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication.
 
 This policy is supported on at least Windows 7 or Windows Server 2008 R2.
 
@@ -2622,7 +2117,7 @@ This policy is supported on at least Windows 7 or Windows Server 2008 R2.
 
 
 GP Info:  
--   GP English name: *Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers*
+-   GP Friendly name: *Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -2643,32 +2138,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2683,13 +2160,13 @@ GP Info:
 
 
 
-Shutdown: Allow system to be shut down without having to log on
+Shutdown: Allow system to be shut down without having to sign in
 
-This security setting determines whether a computer can be shut down without having to log on to Windows.
+This security setting determines whether a computer can be shut down without having to sign in to Windows.
 
 When this policy is enabled, the Shut Down command is available on the Windows logon screen.
 
-When this policy is disabled, the option to shut down the computer does not appear on the Windows logon screen. In this case, users must be able to log on to the computer successfully and have the Shut down the system user right before they can perform a system shutdown.
+When this policy is disabled, the option to shut down the computer doesn't appear on the Windows logon screen. In this case, users must be able to sign in to the computer successfully and have the Shut down the system user right before they can perform a system shutdown.
 
 Default on workstations: Enabled.
 Default on servers: Disabled.
@@ -2699,14 +2176,14 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *Shutdown: Allow system to be shut down without having to log on*
+-   GP Friendly name: *Shutdown: Allow system to be shut down without having to log on*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
 
 Valid values:  
 - 0 - disabled
-- 1 - enabled (allow system to be shut down without having to log on)
+- 1 - enabled (allow system to be shut down without having to sign in)
 
 
 
@@ -2717,32 +2194,14 @@ Valid values:
 **LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2761,7 +2220,7 @@ Shutdown: Clear virtual memory pagefile
 
 This security setting determines whether the virtual memory pagefile is cleared when the system is shut down.
 
-Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and it is well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile is not available to an unauthorized user who manages to directly access the pagefile.
+Virtual memory support uses a system pagefile to swap pages of memory to disk when they aren't used. On a running system, this pagefile is opened exclusively by the operating system, and it's well protected. However, systems that are configured to allow booting to other operating systems might have to ensure that the system pagefile is wiped clean when this system shuts down. This cleaning ensures that sensitive information from process memory that might go into the pagefile isn't available to an unauthorized user who manages to directly access the pagefile.
 
 When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled.
 
@@ -2770,7 +2229,7 @@ Default: Disabled.
 
 
 GP Info:  
--   GP English name: *Shutdown: Clear virtual memory pagefile*
+-   GP Friendly name: *Shutdown: Clear virtual memory pagefile*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -2782,32 +2241,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2826,7 +2267,7 @@ User Account Control: Allow UIAccess applications to prompt for elevation withou
 
 This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.
 
-Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop.
+Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you don't disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop.
 
 Disabled: (Default)  
 
@@ -2837,7 +2278,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop*
+-   GP Friendly name: *User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -2855,32 +2296,15 @@ Valid values:
 **LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -2902,8 +2326,9 @@ This policy setting controls the behavior of the elevation prompt for administra
 The options are:
 
 - 0 - Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials.
-      > [!NOTE]
-      > Use this option only in the most constrained environments.
+
+  > [!NOTE]
+  > Use this option only in the most constrained environments.
 
 - 1 - Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
 
@@ -2920,7 +2345,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode*
+-   GP Friendly name: *User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -2932,32 +2357,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2980,7 +2387,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *User Account Control: Behavior of the elevation prompt for standard users*
+-   GP Friendly name: *User Account Control: Behavior of the elevation prompt for standard users*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -3000,32 +2407,14 @@ The following list shows the supported values:
 **LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3048,12 +2437,12 @@ The options are:
 
 Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
 
-Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.
+Disabled: Application installation packages aren't detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.
 
 
 
 GP Info:  
--   GP English name: *User Account Control: Detect application installations and prompt for elevation*
+-   GP Friendly name: *User Account Control: Detect application installations and prompt for elevation*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -3065,32 +2454,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3110,15 +2481,15 @@ User Account Control: Only elevate executable files that are signed and validate
 This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers.
 
 The options are:
-- 0 - Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run.
-- 1 - Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run.
+- 0 - Disabled: (Default) Doesn't enforce PKI certification path validation before a given executable file is permitted to run.
+- 1 - Enabled: Enforces the PKI certification path validation for a given executable file before it's permitted to run.
 
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 
 GP Info:  
--   GP English name: *User Account Control: Only elevate executables that are signed and validated*
+-   GP Friendly name: *User Account Control: Only elevate executables that are signed and validated*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -3130,32 +2501,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3172,7 +2525,7 @@ GP Info:
 
 User Account Control: Only elevate UIAccess applications that are installed in secure locations
 
-This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following:
+This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following locations:
 
 - .\Program Files\, including subfolders
 - .\Windows\system32\
@@ -3182,7 +2535,7 @@ This policy setting controls whether applications that request to run with a Use
 > Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting.
 
 The options are:  
-- 0 - Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system.
+- 0 - Disabled: An application runs with UIAccess integrity even if it doesn't reside in a secure location in the file system.
 - 1 - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
 
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
@@ -3190,7 +2543,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *User Account Control: Only elevate UIAccess applications that are installed in secure locations*
+-   GP Friendly name: *User Account Control: Only elevate UIAccess applications that are installed in secure locations*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -3202,32 +2555,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3248,8 +2583,10 @@ This policy setting controls the behavior of all User Account Control (UAC) poli
 
 The options are:
 - 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled.
-      > [!NOTE]
-      > If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+
+  > [!NOTE]
+  > If this policy setting is disabled, Windows Security notifies you that the overall security of the operating system has been reduced.
+
 - 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. 
 
 
@@ -3258,7 +2595,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *User Account Control: Run all administrators in Admin Approval Mode*
+-   GP Friendly name: *User Account Control: Run all administrators in Admin Approval Mode*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -3270,32 +2607,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3323,7 +2642,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *User Account Control: Switch to the secure desktop when prompting for elevation*
+-   GP Friendly name: *User Account Control: Switch to the secure desktop when prompting for elevation*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -3335,32 +2654,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3388,7 +2689,7 @@ The options are:
 
 
 GP Info:  
--   GP English name: *User Account Control: Admin Approval Mode for the Built-in Administrator account*
+-   GP Friendly name: *User Account Control: Admin Approval Mode for the Built-in Administrator account*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -3400,32 +2701,14 @@ GP Info:
 **LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3449,7 +2732,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 GP Info:  
--   GP English name: *User Account Control: Virtualize file and registry write failures to per-user locations*
+-   GP Friendly name: *User Account Control: Virtualize file and registry write failures to per-user locations*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
 
@@ -3463,15 +2746,5 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md
index 5f21ba8658..fb1249a953 100644
--- a/windows/client-management/mdm/policy-csp-localusersandgroups.md
+++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 10/14/2020
 ms.reviewer: 
@@ -32,32 +32,15 @@ manager: dansimp
 **LocalUsersAndGroups/Configure**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark9
                  Businesscheck mark9
                  Enterprisecheck mark9
                  Educationcheck mark9
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                  
@@ -72,7 +55,7 @@ manager: dansimp
 
 
 
-Available in Windows 10, version 20H2. This policy setting allows IT admins to add, remove, or replace members of local groups on a managed device.
+This policy setting allows IT admins to add, remove, or replace members of local groups on a managed device.
 
 > [!NOTE]
 > The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or AAD groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove.
@@ -254,67 +237,64 @@ To troubleshoot Name/SID lookup APIs:
 
 ```xml
 
-                          
-                            
-                              
-                            
-                          
-                          
-                            
-                                
-                                    
-                                      
-                                        Group Configuration Action
-                                      
-                                      
-                                        
-                                      
-                                    
-                                    
-                                      
-                                        Group Member to Add
-                                      
-                                      
-                                        
-                                      
-                                    
-                                    
-                                      
-                                        Group Member to Remove
-                                      
-                                      
-                                        
-                                      
-                                    
-                                    
-                                      
-                                        Group property to configure
-                                      
-                                      
-                                        
-                                        
-                                      
-                                    
-                                  
-                              
-                            
-                          
-                          
-                            
-                              
-                                
-                                  
-                              Local Group Configuration
-                            
-                                
-                              
-                            
-                          
-                      
+  
+    
+      
+    
+  
+  
+    
+        
+            
+              
+                Group Configuration Action
+              
+              
+                
+              
+            
+            
+              
+                Group Member to Add
+              
+              
+                
+              
+            
+            
+              
+                Group Member to Remove
+              
+              
+                
+              
+            
+            
+              
+                Group property to configure
+              
+              
+                
+                
+              
+            
+          
+      
+    
+  
+  
+    
+      
+        
+          
+      Local Group Configuration
+    
+        
+      
+    
+  
+
 ```
 
-Footnotes:
-
-Available in Windows 10, version 20H2
 
 
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index bc065532ed..90a9dc1bf5 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -15,7 +15,6 @@ manager: dansimp
 # Policy CSP - LockDown
 
 
-
 
                  
 
 
@@ -34,32 +33,14 @@ manager: dansimp
 **LockDown/AllowEdgeSwipe**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,14 +55,14 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1607. Allows the user to invoke any system user interface by swiping in from any screen edge using touch.
+Allows the user to invoke any system user interface by swiping in from any screen edge using touch.
 
 The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled.
 
 
 
 ADMX Info:  
--   GP English name: *Allow edge swipe*
+-   GP Friendly name: *Allow edge swipe*
 -   GP name: *AllowEdgeSwipe*
 -   GP path: *Windows Components/Edge UI*
 -   GP ADMX file name: *EdgeUI.admx*
@@ -97,16 +78,5 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index 34c246f134..c2cb4d83fd 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -37,32 +37,14 @@ manager: dansimp
 **Maps/AllowOfflineMapsDownloadOverMeteredConnection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -77,7 +59,7 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1607. Allows the download and update of map data over metered connections.
+Allows the download and update of map data over metered connections.
 
 After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**.
 
@@ -98,32 +80,14 @@ The following list shows the supported values:
 **Maps/EnableOfflineMapsAutoUpdate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -138,14 +102,14 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. Disables the automatic download and update of map data.
+Disables the automatic download and update of map data.
 
 After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**.
 
 
 
 ADMX Info:  
--   GP English name: *Turn off Automatic Download and Update of Map Data*
+-   GP Friendly name: *Turn off Automatic Download and Update of Map Data*
 -   GP name: *TurnOffAutoUpdate*
 -   GP path: *Windows Components/Maps*
 -   GP ADMX file name: *WinMaps.admx*
@@ -162,16 +126,5 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-memorydump.md b/windows/client-management/mdm/policy-csp-memorydump.md
new file mode 100644
index 0000000000..eea0f98401
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-memorydump.md
@@ -0,0 +1,117 @@
+---
+title: Policy CSP - MemoryDump
+description: Use the Policy CSP
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.localizationpriority: medium
+ms.date: 09/27/2019
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - MemoryDump
+
+
+
+
                  
+
+
+## MemoryDump policies  
+
+
                  
+  
                  
+    MemoryDump/AllowCrashDump
+  
                  
+  
                  
+    MemoryDump/AllowLiveDump
+  
                  
+
                  
+
+
+
                  
+
+
+**MemoryDump/AllowCrashDump**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting decides if crash dump collection on the machine is allowed or not.
+
+
+
+The following list shows the supported values:
+
+- 0 - Disable crash dump collection.
+- 1 (default) - Allow crash dump collection.
+
+
+
+
+
                  
+
+
+**MemoryDump/AllowLiveDump**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting decides if crash dump collection on the machine is allowed or not.
+
+
+
+
+The following list shows the supported values:
+
+- 0 - Disable crash dump collection.
+- 1 (default) - Allow crash dump collection.
+
+
+
+
                  
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
index 43fe8e0e47..7c01fe7a99 100644
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -1,11 +1,11 @@
 ---
 title: Policy CSP - Messaging
-description: Enable, and disable, text message back up and restore as well as Messaging Everywhere by using the Policy CSP for messaging.
+description: Enable, and disable, text message backup and restore as well as Messaging Everywhere by using the Policy CSP for messaging.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -34,32 +34,14 @@ manager: dansimp
 **Messaging/AllowMessageSync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscross mark
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,12 +56,12 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1607. Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control.
+Enables text message backup and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control.
 
 
 
 ADMX Info:  
--   GP English name: *Allow Message Service Cloud Sync*
+-   GP Friendly name: *Allow Message Service Cloud Sync*
 -   GP name: *AllowMessageSync*
 -   GP path: *Windows Components/Messaging*
 -   GP ADMX file name: *messaging.admx*
@@ -88,7 +70,7 @@ ADMX Info:
 
 The following list shows the supported values:
 
--   0 - message sync is not allowed and cannot be changed by the user.
+-   0 - message sync isn't allowed and can't be changed by the user.
 -   1 - message sync is allowed. The user can change this setting.
 
 
@@ -96,16 +78,5 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 9b9c05d03d..02d6f53ac3 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -6,16 +6,12 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
-ms.date: 10/06/2020
+author: dansimp
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Policy CSP - MixedReality
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
 
 
                  
 
@@ -26,45 +22,91 @@ manager: dansimp
   
                  
     MixedReality/AADGroupMembershipCacheValidityInDays
   
                  
+  
                  
+    MixedReality/AutoLogonUser
+  
                  
   
                  
     MixedReality/BrightnessButtonDisabled
   
                  
+  
                  
+    MixedReality/ConfigureMovingPlatform
+  
                  
   
                  
     MixedReality/FallbackDiagnostics
   
                  
+  
                  
+    MixedReality/HeadTrackingMode
+  
                  
   
                  
     MixedReality/MicrophoneDisabled
   
                  
+  
                  
+    MixedReality/VisitorAutoLogon
+  
                  
   
                  
     MixedReality/VolumeButtonDisabled
   
                  
 
                  
 
-
 
                  
 
 
 **MixedReality/AADGroupMembershipCacheValidityInDays**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  HoloLens (1st gen) Development Editioncross mark
                  HoloLens (1st gen) Commercial Suitecross mark
                  HoloLens 2check mark9
                  
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+Steps to use this policy correctly:
+
+1. Create a device configuration profile for kiosk targeting Azure AD groups and assign it to HoloLens device(s).
+1. Create a custom OMA URI-based device configuration that sets this policy value to chosen number of days (> 0) and assign it to HoloLens devices.
+    1. The URI value should be entered in OMA-URI text box as ./Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays
+    1. The value can be between min / max allowed.
+1. Enroll HoloLens devices and verify both configurations get applied to the device.
+1. Let Azure AD user 1 sign-in when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created.
+1. Now Azure AD user 1 can take HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days.
+1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point is that any Azure AD user must sign-in to device using Internet at least once. Then we can determine that they're a member of Azure AD group to which Kiosk configuration is targeted.
+
+> [!NOTE]
+> Until step 4 is performed for a Azure AD user will experience failure behavior mentioned similar to “disconnected” environments.
+
+
+
                  
+
+
+**MixedReality/AutoLogonUser**  
+
+
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+
+This new AutoLogonUser policy controls whether a user will be automatically signed in. Some customers want to set up devices that are tied to an identity but don't want any sign-in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly  distribute HoloLens devices and enable their end users to speed up sign in.
+
+When the policy is set to a non-empty value, it specifies the email address of the auto log-on user. The specified user must sign in to the device at least once to enable autologon.
+
+The OMA-URI of new policy `./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoLogonUser`
+
+
+String value
+
+- User with the same email address will have autologon enabled.
+
+On a device where this policy is configured, the user specified in the policy will need to sign in at least once. Subsequent reboots of the device after the first sign in will have the specified user automatically signed in. Only a single autologon user is supported. Once enabled, the automatically signed-in user won't be able to sign out manually. To sign in as a different user, the policy must first be disabled.
+
+> [!NOTE]
+>
+> - Some events such as major OS updates may require the specified user to logon to the device again to resume auto-logon behavior.
+> - Auto-logon is only supported for MSA and AAD users.
 
 
 
                  
@@ -79,7 +121,7 @@ manager: dansimp
 
 
 
-This policy setting controls for how many days Azure AD group membership cache is allowed to be used for Assigned Access configurations targeting Azure AD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
+This policy setting controls for how many days Azure AD group membership cache is allowed to be used for Assigned Access configurations targeting Azure AD groups for signed in user. Once this policy setting is set, only then cache is used, otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
 
 
 
@@ -87,6 +129,8 @@ This policy setting controls for how many days Azure AD group membership cache i
 
 
 
+- Integer value
+
 Supported values are 0-60. The default value is 0 (day) and maximum value is 60 (days).
 
 
@@ -97,24 +141,12 @@ Supported values are 0-60. The default value is 0 (day) and maximum value is 60
 **MixedReality/BrightnessButtonDisabled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  HoloLens (1st gen) Development Editioncross mark
                  HoloLens (1st gen) Commercial Suitecross mark
                  HoloLens 2check mark9
                  
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
 
 
 
                  
@@ -129,7 +161,7 @@ Supported values are 0-60. The default value is 0 (day) and maximum value is 60
 
 
 
-This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes.
+This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on HoloLens and not the functionality of the button when it's used with other buttons as combination for other purposes.
 
 
 
@@ -137,6 +169,8 @@ This policy setting controls if pressing the brightness button changes the brigh
 
 
 
+- Boolean value
+
 The following list shows the supported values:
 
 - 0 - False (Default)
@@ -146,28 +180,58 @@ The following list shows the supported values:
 
 
                  
 
+
+**MixedReality/ConfigureMovingPlatform**  
+
+
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy controls the behavior of moving platform feature on Hololens 2, that is, whether it's turned off / on or it can be toggled by a user. It should only be used by customers who intend to use Hololens 2 in moving environments with low dynamic motion. For background information, see [HoloLens 2 Moving Platform Mode | Microsoft Docs](/hololens/hololens2-moving-platform#:~:text=Why%20Moving%20Platform%20Mode%20is%20Necessary%20HoloLens%20needs%2csimilar%20pieces%20of%20information%20from%20two%20separate%20sources:).
+
+
+
+
+
+
+
+- Integer value
+
+- 0 (Default) - Last set user's preference. Initial state is OFF and after that user's preference is persisted across reboots and is used to initialize the system.
+- 1 Force off - Moving platform is disabled and can't be changed by user.
+- 2 Force on - Moving platform is enabled and can't be changed by user.
+
+
+
+
                  
+
 
 **MixedReality/FallbackDiagnostics**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  HoloLens (1st gen) Development Editioncross mark
                  HoloLens (1st gen) Commercial Suitecross mark
                  HoloLens 2check mark9
                  
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
 
 
 
                  
@@ -190,6 +254,8 @@ This policy setting controls when and if diagnostic logs can be collected using
 
 
 
+- Integer value
+
 The following list shows the supported values:
 
 - 0 - Disabled
@@ -200,28 +266,59 @@ The following list shows the supported values:
 
 
                  
 
+
+**MixedReality/HeadTrackingMode**  
+
+
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy configures behavior of HUP to determine, which algorithm to use for head tracking. It requires a reboot for the policy to take effect.
+
+
+
+
+
+
+
+- Boolean value
+
+The following list shows the supported values:
+
+- 0 - Feature – Default feature based / SLAM-based tracker (Default)
+- 1 - Constellation – LR constellation based tracker
+
+
+
+
                  
+
 
 **MixedReality/MicrophoneDisabled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  HoloLens (1st gen) Development Editioncross mark
                  HoloLens (1st gen) Commercial Suitecross mark
                  HoloLens 2check mark9
                  
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
 
 
 
                  
@@ -244,6 +341,8 @@ This policy setting controls whether microphone on HoloLens 2 is disabled or not
 
 
 
+- Boolean value
+
 The following list shows the supported values:
 
 - 0 - False (Default)
@@ -257,24 +356,12 @@ The following list shows the supported values:
 **MixedReality/VolumeButtonDisabled**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  HoloLens (1st gen) Development Editioncross mark
                  HoloLens (1st gen) Commercial Suitecross mark
                  HoloLens 2check mark9
                  
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
 
 
 
                  
@@ -289,7 +376,7 @@ The following list shows the supported values:
 
 
 
-This policy setting controls if pressing the volume button changes the volume or not. It only impacts volume on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes.
+This policy setting controls if pressing the volume button changes the volume or not. It only impacts volume on HoloLens and not the functionality of the button when it's used with other buttons as combination for other purposes.
 
 
 
@@ -297,6 +384,8 @@ This policy setting controls if pressing the volume button changes the volume or
 
 
 
+- Boolean value
+
 The following list shows the supported values:
 
 - 0 - False (Default)
@@ -306,9 +395,47 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
+
+**MixedReality/VisitorAutoLogon**  
 
-- 9 - Available in Windows 10, version 20H2.
+
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy controls whether a visitor user will be automatically logged in. Visitor users can only be created and logged in if an Assigned Access profile has been created targeting visitor users. A visitor user will only be automatically logged in if no other user has logged in on the device before.
+
+
+
+
+
+
+
+- Boolean value
+
+The following list shows the supported values:
+
+- 0 Disabled (Default)
+- 1 Enabled
+
+
+
+
                  
 
 
-
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index d464f4c063..812c96e877 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -42,6 +42,12 @@ manager: dansimp
   
                  
 
                  
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -49,32 +55,14 @@ manager: dansimp
 **MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -91,12 +79,6 @@ manager: dansimp
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
@@ -112,32 +94,14 @@ ADMX Info:
 **MSSecurityGuide/ConfigureSMBV1ClientDriver**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -154,12 +118,7 @@ ADMX Info:
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
@@ -175,32 +134,14 @@ ADMX Info:
 **MSSecurityGuide/ConfigureSMBV1Server**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -217,12 +158,7 @@ ADMX Info:
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
@@ -238,32 +174,14 @@ ADMX Info:
 **MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -280,12 +198,7 @@ ADMX Info:
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
@@ -301,32 +214,14 @@ ADMX Info:
 **MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -343,12 +238,6 @@ ADMX Info:
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
@@ -364,32 +253,14 @@ ADMX Info:
 **MSSecurityGuide/WDigestAuthentication**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -406,12 +277,6 @@ ADMX Info:
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
@@ -422,16 +287,6 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md
index d4a5030052..6f71a563e4 100644
--- a/windows/client-management/mdm/policy-csp-msslegacy.md
+++ b/windows/client-management/mdm/policy-csp-msslegacy.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -15,7 +15,6 @@ manager: dansimp
 # Policy CSP - MSSLegacy
 
 
-
 
                  
 
 
@@ -36,6 +35,12 @@ manager: dansimp
   
                  
 
                  
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -43,32 +48,14 @@ manager: dansimp
 **MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -85,12 +72,6 @@ manager: dansimp
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
@@ -106,32 +87,14 @@ ADMX Info:
 **MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -148,12 +111,7 @@ ADMX Info:
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
@@ -169,32 +127,14 @@ ADMX Info:
 **MSSLegacy/IPSourceRoutingProtectionLevel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -211,12 +151,6 @@ ADMX Info:
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
@@ -232,32 +166,14 @@ ADMX Info:
 **MSSLegacy/IPv6SourceRoutingProtectionLevel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -274,12 +190,6 @@ ADMX Info:
 
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
@@ -290,16 +200,7 @@ ADMX Info:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md
index fd1e3372e8..1bd998b15e 100644
--- a/windows/client-management/mdm/policy-csp-multitasking.md
+++ b/windows/client-management/mdm/policy-csp-multitasking.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 10/30/2020
 ms.reviewer: 
@@ -14,9 +14,6 @@ manager: dansimp
 
 # Policy CSP - Multitasking
 
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
 
                  
 
 
@@ -35,32 +32,14 @@ manager: dansimp
 **Multitasking/BrowserAltTabBlowout**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark9
                  Businesscheck mark9
                  Enterprisecheck mark9
                  Educationcheck mark9
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -81,9 +60,9 @@ manager: dansimp
 
 This policy controls the inclusion of Edge tabs into Alt+Tab.
 
-Enabling this policy restricts the number of Edge tabs that are allowed to appear in the Alt+Tab switcher. Alt+Tab can be configured to show all open Edge tabs, only the 5 most recent tabs, only the 3 most recent tabs, or no tabs. Setting the policy to no tabs configures the Alt+Tab switcher to show app windows only, which is the classic Alt+Tab behavior. 
+Enabling this policy restricts the number of Edge tabs that are allowed to appear in the Alt+Tab switcher. Alt+Tab can be configured to show all open Edge tabs, only the five most recent tabs, only the three most recent tabs, or no tabs. Setting the policy to no tabs configures the Alt+Tab switcher to show app windows only, which is the classic Alt+Tab behavior. 
 
-This policy only applies to the Alt+Tab switcher. When the policy is not enabled, the feature respects the user's setting in the Settings app.
+This policy only applies to the Alt+Tab switcher. When the policy isn't enabled, the feature respects the user's setting in the Settings app.
 
 
 > [!TIP]
@@ -95,7 +74,7 @@ This policy only applies to the Alt+Tab switcher. When the policy is not enabled
 
 
 ADMX Info:  
--   GP English name: *Configure the inclusion of Edge tabs into Alt-Tab*
+-   GP Friendly name: *Configure the inclusion of Edge tabs into Alt-Tab*
 -   GP name: *BrowserAltTabBlowout*
 -   GP path: *Windows Components/Multitasking*
 -   GP ADMX file name: *Multitasking.admx*
@@ -106,8 +85,8 @@ ADMX Info:
 The following list shows the supported values:
 
 - 1 - Open windows and all tabs in Edge.
-- 2 - Open windows and 5 most recent tabs in Edge.
-- 3 - Open windows and 3 most recent tabs in Edge.
+- 2 - Open windows and five most recent tabs in Edge.
+- 3 - Open windows and three most recent tabs in Edge.
 - 4 - Open windows only.
 
 
@@ -115,17 +94,5 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-- 9 - Available in Windows 10, version 20H2.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index e438503509..9dbb409924 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -55,32 +55,14 @@ manager: dansimp
 **NetworkIsolation/EnterpriseCloudResources**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -100,7 +82,7 @@ Contains a list of Enterprise resource domains hosted in the cloud that need to
 
 
 ADMX Info:  
--   GP English name: *Enterprise resource domains hosted in the cloud*
+-   GP Friendly name: *Enterprise resource domains hosted in the cloud*
 -   GP name: *WF_NetIsolation_EnterpriseCloudResources*
 -   GP element: *WF_NetIsolation_EnterpriseCloudResourcesBox*
 -   GP path: *Network/Network Isolation*
@@ -115,32 +97,14 @@ ADMX Info:
 **NetworkIsolation/EnterpriseIPRange**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -155,12 +119,12 @@ ADMX Info:
 
 
 
-Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges.
+Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. These ranges are a comma-separated list of IPv4 and IPv6 ranges.
 
 
 
 ADMX Info:  
--   GP English name: *Private network ranges for  apps*
+-   GP Friendly name: *Private network ranges for  apps*
 -   GP name: *WF_NetIsolation_PrivateSubnet*
 -   GP element: *WF_NetIsolation_PrivateSubnetBox*
 -   GP path: *Network/Network Isolation*
@@ -188,32 +152,14 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 **NetworkIsolation/EnterpriseIPRangesAreAuthoritative**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -233,7 +179,7 @@ Integer value that tells the client to accept the configured list and not to use
 
 
 ADMX Info:  
--   GP English name: *Subnet definitions are authoritative*
+-   GP Friendly name: *Subnet definitions are authoritative*
 -   GP name: *WF_NetIsolation_Authoritative_Subnet*
 -   GP path: *Network/Network Isolation*
 -   GP ADMX file name: *NetworkIsolation.admx*
@@ -247,32 +193,14 @@ ADMX Info:
 **NetworkIsolation/EnterpriseInternalProxyServers**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -287,12 +215,12 @@ ADMX Info:
 
 
 
-This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies.
+This list is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They're considered to be enterprise network locations. The proxies are only used in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies.
 
 
 
 ADMX Info:  
--   GP English name: *Intranet proxy servers for  apps*
+-   GP Friendly name: *Intranet proxy servers for  apps*
 -   GP name: *WF_NetIsolation_Intranet_Proxies*
 -   GP element: *WF_NetIsolation_Intranet_ProxiesBox*
 -   GP path: *Network/Network Isolation*
@@ -307,32 +235,14 @@ ADMX Info:
 **NetworkIsolation/EnterpriseNetworkDomainNames**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -347,7 +257,7 @@ ADMX Info:
 
 
 
-This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com".
+This list is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. These locations will be considered a safe destination for enterprise data to be shared to. This list is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com".
 
 > [!NOTE]
 > The client requires domain name to be canonical, otherwise the setting will be rejected by the client.
@@ -368,32 +278,14 @@ Here are the steps to create canonical domain names:
 **NetworkIsolation/EnterpriseProxyServers**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -408,12 +300,12 @@ Here are the steps to create canonical domain names:
 
 
 
-This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59".
+This list is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59".
 
 
 
 ADMX Info:  
--   GP English name: *Internet proxy servers for apps*
+-   GP Friendly name: *Internet proxy servers for apps*
 -   GP name: *WF_NetIsolation_Domain_Proxies*
 -   GP element: *WF_NetIsolation_Domain_ProxiesBox*
 -   GP path: *Network/Network Isolation*
@@ -428,32 +320,14 @@ ADMX Info:
 **NetworkIsolation/EnterpriseProxyServersAreAuthoritative**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -473,7 +347,7 @@ Integer value that tells the client to accept the configured list of proxies and
 
 
 ADMX Info:  
--   GP English name: *Proxy definitions are authoritative*
+-   GP Friendly name: *Proxy definitions are authoritative*
 -   GP name: *WF_NetIsolation_Authoritative_Proxies*
 -   GP path: *Network/Network Isolation*
 -   GP ADMX file name: *NetworkIsolation.admx*
@@ -487,32 +361,14 @@ ADMX Info:
 **NetworkIsolation/NeutralResources**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -527,12 +383,12 @@ ADMX Info:
 
 
 
-List of domain names that can used for work or personal resource.
+List of domain names that can be used for work or personal resource.
 
 
 
 ADMX Info:  
--   GP English name: *Domains categorized as both work and personal*
+-   GP Friendly name: *Domains categorized as both work and personal*
 -   GP name: *WF_NetIsolation_NeutralResources*
 -   GP element: *WF_NetIsolation_NeutralResourcesBox*
 -   GP path: *Network/Network Isolation*
@@ -542,15 +398,5 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
new file mode 100644
index 0000000000..1e7e152515
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -0,0 +1,109 @@
+---
+title: Policy CSP - NetworkListManager
+description: Policy CSP - NetworkListManager is a setting creates a new MDM policy. This setting allows admins to configure a list of URIs of HTTPS endpoints that are considered secure.
+ms.author: v-nsatapathy
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.localizationpriority: medium
+ms.date: 12/16/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - NetworkListManager
+
+
+
                  
+
+
+## NetworkListManager policies 
+
+
                  
+  
                  
+    NetworkListManager/AllowedTlsAuthenticationEndpoints
+  
                  
+  
                  
+    NetworkListManager/ConfiguredTLSAuthenticationNetworkName
+  
                  
+
                  
+
+
+
                  
+
+
+**NetworkListManager/AllowedTlsAuthenticationEndpoints**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+
                  
+
+
+
+This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.  
+
+When entering a list of TLS endpoints in Microsoft Endpoint Manager, you must follow this format, even in the UI:  
+
+``
+
+- The HTTPS endpoint must not have any more authentication checks, such as login or multi-factor authentication.
+
+- The HTTPS endpoint must be an internal address not accessible from outside the corporate network.
+
+- The client must trust the server certificate. So the CA certificate that the HTTPS server certificate chains to must be present in the client machine's root certificate store.
+
+- A certificate shouldn't be a public certificate.
+
+
+
                  
+
+
+**NetworkListManager/ConfiguredTLSAuthenticationNetworkName**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+
                  
+
+
+
+This policy setting provides the string that is to be used to name a network. That network is authenticated against one of the endpoints that are listed in NetworkListManager/AllowedTlsAuthenticationEndpoints policy. If this setting is used for Trusted Network Detection in an _Always On_ VPN profile, it must be the DNS suffix that is configured in the TrustedNetworkDetection attribute.
+
+
                  
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-newsandinterests.md b/windows/client-management/mdm/policy-csp-newsandinterests.md
new file mode 100644
index 0000000000..cb70df917f
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-newsandinterests.md
@@ -0,0 +1,86 @@
+---
+title: Policy CSP - NewsAndInterests
+description: Learn how Policy CSP - NewsandInterests contains a list of news and interests.
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.localizationpriority: medium
+ms.date: 09/27/2019
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - NewsAndInterests
+
+
+
+
                  
+
+
+## NewsAndInterests policies  
+
+
                  
+  
                  
+    NewsAndInterests/AllowNewsAndInterests
+  
                  
+
+
+
+
                  
+
+
+**NewsAndInterests/AllowNewsAndInterests**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+
+This policy specifies whether to allow the entire widgets experience, including the content on taskbar.
+ 
+
+
+
+
+The following are the supported values:
+
+- 1 - Default - Allowed
+- 0 - Not allowed.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Specifies whether to allow the entire widgets experience, including the content on taskbar*.
+-   GP name: *AllowNewsAndInterests*
+-   GP path: *Network/NewsandInterests*
+-   GP ADMX file name: *NewsandInterests.admx*
+
+
+
+
+
                  
+
+
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index 34f3bd6b74..20823757ce 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -31,6 +31,9 @@ manager: dansimp
   
                  
     Notifications/DisallowTileNotification
   
                  
+  
                  
+    Notifications/WnsEndpoint
+  
                  
 
                  
 
 
@@ -40,32 +43,14 @@ manager: dansimp
 **Notifications/DisallowCloudNotification**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -80,13 +65,13 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1803. This policy setting blocks applications from using the network to send tile, badge, toast, and raw notifications. Specifically, this policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications from being able to use [periodic (polling) notifications](/windows/uwp/design/shell/tiles-and-notifications/periodic-notification-overview).
+This policy setting blocks application from using the network to send tile, badge, toast, and raw notifications. Specifically, this policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications from being able to use [periodic (polling) notifications](/windows/uwp/design/shell/tiles-and-notifications/periodic-notification-overview).
 
-If you enable this policy setting, applications and system features will not be able receive notifications from the network from WNS or via notification polling APIs.
+If you enable this policy setting, applications and system features won't be able to receive notifications from the network from WNS or via notification polling APIs.
 
 If you enable this policy setting, notifications can still be raised by applications running on the machine via local API calls from within the application.
 
-If you disable or do not configure this policy setting, the client computer will connect to WNS at user login and applications will be allowed to use periodic (polling) notifications.
+If you disable or don't configure this policy setting, the client computer will connect to WNS at user sign in and applications will be allowed to use periodic (polling) notifications.
 
 No reboots or service restarts are required for this policy setting to take effect.
 
@@ -96,7 +81,7 @@ No reboots or service restarts are required for this policy setting to take effe
 
 
 ADMX Info:  
--   GP English name: *Turn off notifications network usage*
+-   GP Friendly name: *Turn off notifications network usage*
 -   GP name: *NoCloudNotification*
 -   GP path: *Start Menu and Taskbar/Notifications*
 -   GP ADMX file name: *WPN.admx*
@@ -121,32 +106,14 @@ Validation:
 **Notifications/DisallowNotificationMirroring**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -161,16 +128,16 @@ Validation:
 
 
 
-Added in Windows 10, version 1607. Boolean value that turns off notification mirroring.
+Boolean value that turns off notification mirroring.
 
-For each user logged into the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device will not get mirrored to other devices of the same logged in user. If you disable or do not configure this policy (set value to 0) the notifications received by this user on this device will be mirrored to other devices of the same logged in user. This feature can be turned off by apps that do not want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page.
+For each user signed in to the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device won't get mirrored to other devices of the same signed-in user. If you disable or don't configure this policy (set value to 0), the notifications received by this user on this device will be mirrored to other devices of the same signed-in user. This feature can be turned off by apps that don't want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page.
 
 No reboot or service restart is required for this policy to take effect.
 
 
 
 ADMX Info:  
--   GP English name: *Turn off notification mirroring*
+-   GP Friendly name: *Turn off notification mirroring*
 -   GP name: *NoNotificationMirroring*
 -   GP path: *Start Menu and Taskbar/Notifications*
 -   GP ADMX file name: *WPN.admx*
@@ -191,32 +158,14 @@ The following list shows the supported values:
 **Notifications/DisallowTileNotification**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -231,18 +180,18 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. This policy setting turns off tile notifications.
+This policy setting turns off tile notifications.
 
-If you enable this policy setting, applications and system features will not be able to update their tiles and tile badges in the Start screen.
+If you enable this policy setting, applications and system features won't be able to update their tiles and tile badges in the Start screen.
 
-If you disable or do not configure this policy setting, tile and badge notifications are enabled and can be turned off by the administrator or user.
+If you disable or don't configure this policy setting, tile and badge notifications are enabled and can be turned off by the administrator or user.
 
 No reboots or service restarts are required for this policy setting to take effect.
 
 
 
 ADMX Info:  
--   GP English name: *Turn off tile notifications*
+-   GP Friendly name: *Turn off tile notifications*
 -   GP name: *NoTileNotification*
 -   GP path: *Start Menu and Taskbar/Notifications*
 -   GP ADMX file name: *WPN.admx*
@@ -262,15 +211,77 @@ Validation:
 
 
                  
 
-Footnotes:
+
+**Notifications/WnsEndpoint**  
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
+
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
                  EditionWindows 10Windows 11
                  HomeNoNo
                  ProYesYes
                  BusinessYesYes
                  EnterpriseYesYes
                  EducationYesYes
                  
 
-
\ No newline at end of file
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+
                  
+
+
+
+This policy setting determines which Windows Notification Service endpoint will be used to connect for Windows Push Notifications. 
+
+If you disable or don't configure this setting, the push notifications will connect to the default endpoint of client.wns.windows.com.
+
+Note: Ensure the proper WNS FQDNs, VIPs, IPs and Ports are also allowlisted from your firewall settings.
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Required for Airgap servers that may have a unique FQDN that is different from the public endpoint*
+-   GP name: *WnsEndpoint*
+-   GP path: *Start Menu and Taskbar/Notifications*
+-   GP ADMX file name: *WPN.admx*
+
+
+
+If the policy isn't specified, we'll default our connection to client.wns.windows.com.
+
+
+
+
                  
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index e710db1e1b..30eb1c679f 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -14,14 +14,16 @@ manager: dansimp
 
 # Policy CSP - Power
 
-
-
 
                  
 
 
+
 ## Power policies  
 
 
                  
+  
                  
+    Power/AllowHibernate
+  
                  
   
                  
     Power/AllowStandbyStatesWhenSleepingOnBattery
   
                  
@@ -90,37 +92,50 @@ manager: dansimp
   
                  
 
                  
 
+> [!TIP]
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
                  
 
 
-**Power/AllowStandbyStatesWhenSleepingOnBattery**  
+**Power/AllowHibernate**  
 
 
 
-    
-    
+    
+    
+    
-    
+    
+    
-    
+    
+    
-    
+    
+    
-    
+    
+    
-    
+    
+    
                  
 
                  Windows EditionSupported?EditionWindows 10Windows 11
 
                  
 
                  
     Homecross markNoNo
 
                  
 
                  
     Procheck markNoYes
 
                  
 
                  
     Businesscheck markNoYes
 
                  
 
                  
     Enterprisecheck markNoYes
 
                  
 
                  
     Educationcheck markNoYes
 
                  
 
                  
 
@@ -137,23 +152,58 @@ manager: dansimp
 
 
 
-This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.
-
-If you enable or do not configure this policy setting, Windows uses standby states to put the computer in a sleep state.
-
-If you disable this policy setting, standby states (S1-S3) are not allowed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow standby states (S1-S3) when sleeping (on battery)*
+-   GP Friendly name: *Decides if hibernate on the machine is allowed or not*
+-   GP name: *AllowHibernate*
+-   GP path: *System/Power Management/Sleep Settings*
+-   GP ADMX file name: *power.admx*
+
+
+
+
+
                  
+
+
+**Power/AllowStandbyStatesWhenSleepingOnBattery**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.
+
+If you enable or don't configure this policy setting, Windows uses standby states to put the computer in a sleep state.
+
+If you disable this policy setting, standby states (S1-S3) aren't allowed.
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow standby states (S1-S3) when sleeping (on battery)*
 -   GP name: *AllowStandbyStatesDC_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
@@ -167,32 +217,14 @@ ADMX Info:
 **Power/AllowStandbyWhenSleepingPluggedIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -209,21 +241,15 @@ ADMX Info:
 
 This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.
 
-If you enable or do not configure this policy setting, Windows uses standby states to put the computer in a sleep state.
+If you enable or don't configure this policy setting, Windows uses standby states to put the computer in a sleep state.
 
-If you disable this policy setting, standby states (S1-S3) are not allowed.
+If you disable this policy setting, standby states (S1-S3) aren't allowed.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow standby states (S1-S3) when sleeping (plugged in)*
+-   GP Friendly name: *Allow standby states (S1-S3) when sleeping (plugged in)*
 -   GP name: *AllowStandbyStatesAC_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
@@ -237,32 +263,16 @@ ADMX Info:
 **Power/DisplayOffTimeoutOnBattery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+Added to HoloLens 2 in [Windows Holographic, version 20H2](/hololens/hololens-release-notes-2004#new-power-policies-for-hololens-2).
 
 
 
                  
@@ -277,25 +287,19 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display.
+This policy setting allows you to specify the period of inactivity before Windows turns off the display.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
 
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
 
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off the display (on battery)*
+-   GP Friendly name: *Turn off the display (on battery)*
 -   GP name: *VideoPowerDownTimeOutDC_2*
 -   GP path: *System/Power Management/Video and Display Settings*
 -   GP ADMX file name: *power.admx*
@@ -309,32 +313,14 @@ ADMX Info:
 **Power/DisplayOffTimeoutPluggedIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -349,25 +335,19 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display.
+This policy setting allows you to specify the period of inactivity before Windows turns off the display.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
 
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
 
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the display from turning off.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off the display (plugged in)*
+-   GP Friendly name: *Turn off the display (plugged in)*
 -   GP name: *VideoPowerDownTimeOutAC_2*
 -   GP path: *System/Power Management/Video and Display Settings*
 -   GP ADMX file name: *power.admx*
@@ -381,32 +361,14 @@ ADMX Info:
 **Power/EnergySaverBatteryThresholdOnBattery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -422,16 +384,16 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1903. This policy setting allows you to specify battery charge level at which Energy Saver is turned on.
+This policy setting allows you to specify battery charge level at which Energy Saver is turned on.
 
 If you enable this policy setting, you must specify a percentage value that indicates the battery charge level. Energy Saver is automatically turned on at (and below) the specified battery charge level.
 
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
 
 
 
 ADMX Info:  
--   GP English name: *Energy Saver Battery Threshold (on battery)*
+-   GP Friendly name: *Energy Saver Battery Threshold (on battery)*
 -   GP name: *EsBattThresholdDC*
 -   GP element: *EnterEsBattThreshold*
 -   GP path: *System/Power Management/Energy Saver Settings*
@@ -455,32 +417,14 @@ Supported values: 0-100. The default is 70.
 **Power/EnergySaverBatteryThresholdPluggedIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -495,16 +439,16 @@ Supported values: 0-100. The default is 70.
 
 
 
-Added in Windows 10, version 1903. This policy setting allows you to specify battery charge level at which Energy Saver is turned on.
+This policy setting allows you to specify battery charge level at which Energy Saver is turned on.
 
 If you enable this policy setting, you must provide a percentage value that indicates the battery charge level. Energy Saver is automatically turned on at (and below) the specified battery charge level.
 
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
 
 
 
 ADMX Info:  
--   GP English name: *Energy Saver Battery Threshold (plugged in)*
+-   GP Friendly name: *Energy Saver Battery Threshold (plugged in)*
 -   GP name: *EsBattThresholdAC*
 -   GP element: *EnterEsBattThreshold*
 -   GP path: *System/Power Management/Energy Saver Settings*
@@ -528,32 +472,14 @@ Supported values: 0-100. The default is 70.
 **Power/HibernateTimeoutOnBattery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -568,25 +494,19 @@ Supported values: 0-100. The default is 70.
 
 
 
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
+This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
 
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
 
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify the system hibernate timeout (on battery)*
+-   GP Friendly name: *Specify the system hibernate timeout (on battery)*
 -   GP name: *DCHibernateTimeOut_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
@@ -600,32 +520,14 @@ ADMX Info:
 **Power/HibernateTimeoutPluggedIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -640,25 +542,20 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
+This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
 
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
 
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
 ADMX Info:  
--   GP English name: *Specify the system hibernate timeout (plugged in)*
+-   GP Friendly name: *Specify the system hibernate timeout (plugged in)*
 -   GP name: *ACHibernateTimeOut_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
@@ -672,32 +569,14 @@ ADMX Info:
 **Power/RequirePasswordWhenComputerWakesOnBattery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -714,21 +593,15 @@ ADMX Info:
 
 This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.
 
-If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep.
+If you enable or don't configure this policy setting, the user is prompted for a password when the system resumes from sleep.
 
-If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.
+If you disable this policy setting, the user isn't prompted for a password when the system resumes from sleep.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Require a password when a computer wakes (on battery)*
+-   GP Friendly name: *Require a password when a computer wakes (on battery)*
 -   GP name: *DCPromptForPasswordOnResume_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
@@ -742,32 +615,14 @@ ADMX Info:
 **Power/RequirePasswordWhenComputerWakesPluggedIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -784,21 +639,15 @@ ADMX Info:
 
 This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.
 
-If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep.
+If you enable or don't configure this policy setting, the user is prompted for a password when the system resumes from sleep.
 
-If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.
+If you disable this policy setting, the user isn't prompted for a password when the system resumes from sleep.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Require a password when a computer wakes (plugged in)*
+-   GP Friendly name: *Require a password when a computer wakes (plugged in)*
 -   GP name: *ACPromptForPasswordOnResume_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
@@ -812,32 +661,14 @@ ADMX Info:
 **Power/SelectLidCloseActionOnBattery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -852,16 +683,16 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.
+This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.
 
 If you enable this policy setting, you must select the desired action.
 
-If you disable this policy setting or do not configure it, users can see and change this setting.
+If you disable this policy setting or don't configure it, users can see and change this setting.
 
 
 
 ADMX Info:  
--   GP English name: *Select the lid switch action (on battery)*
+-   GP Friendly name: *Select the lid switch action (on battery)*
 -   GP name: *DCSystemLidAction_2*
 -   GP element: *SelectDCSystemLidAction*
 -   GP path: *System/Power Management/Button Settings*
@@ -891,32 +722,14 @@ The following are the supported lid close switch actions (on battery):
 **Power/SelectLidCloseActionPluggedIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -931,16 +744,16 @@ The following are the supported lid close switch actions (on battery):
 
 
 
-Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.
+This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.
 
 If you enable this policy setting, you must select the desired action.
 
-If you disable this policy setting or do not configure it, users can see and change this setting.
+If you disable this policy setting or don't configure it, users can see and change this setting.
 
 
 
 ADMX Info:  
--   GP English name: *Select the lid switch action (plugged in)*
+-   GP Friendly name: *Select the lid switch action (plugged in)*
 -   GP name: *ACSystemLidAction_2*
 -   GP element: *SelectACSystemLidAction*
 -   GP path: *System/Power Management/Button Settings*
@@ -970,32 +783,14 @@ The following are the supported lid close switch actions (plugged in):
 **Power/SelectPowerButtonActionOnBattery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1010,16 +805,16 @@ The following are the supported lid close switch actions (plugged in):
 
 
 
-Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Power button. 
+This policy setting specifies the action that Windows takes when a user presses the Power button. 
 
 If you enable this policy setting, you must select the desired action.
 
-If you disable this policy setting or do not configure it, users can see and change this setting.
+If you disable this policy setting or don't configure it, users can see and change this setting.
 
 
 
 ADMX Info:  
--   GP English name: *Select the Power button action (on battery)*
+-   GP Friendly name: *Select the Power button action (on battery)*
 -   GP name: *DCPowerButtonAction_2*
 -   GP element: *SelectDCPowerButtonAction*
 -   GP path: *System/Power Management/Button Settings*
@@ -1049,32 +844,14 @@ The following are the supported Power button actions (on battery):
 **Power/SelectPowerButtonActionPluggedIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1089,16 +866,16 @@ The following are the supported Power button actions (on battery):
 
 
 
-Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Power button. 
+This policy setting specifies the action that Windows takes when a user presses the Power button. 
 
 If you enable this policy setting, you must select the desired action.
 
-If you disable this policy setting or do not configure it, users can see and change this setting.
+If you disable this policy setting or don't configure it, users can see and change this setting.
 
 
 
 ADMX Info:  
--   GP English name: *Select the Power button action (plugged in)*
+-   GP Friendly name: *Select the Power button action (plugged in)*
 -   GP name: *ACPowerButtonAction_2*
 -   GP element: *SelectACPowerButtonAction*
 -   GP path: *System/Power Management/Button Settings*
@@ -1128,32 +905,14 @@ The following are the supported Power button actions (plugged in):
 **Power/SelectSleepButtonActionOnBattery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1168,16 +927,16 @@ The following are the supported Power button actions (plugged in):
 
 
 
-Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Sleep button.
+This policy setting specifies the action that Windows takes when a user presses the Sleep button.
 
 If you enable this policy setting, you must select the desired action.
 
-If you disable this policy setting or do not configure it, users can see and change this setting.
+If you disable this policy setting or don't configure it, users can see and change this setting.
 
 
 
 ADMX Info:  
--   GP English name: *Select the Sleep button action (on battery)*
+-   GP Friendly name: *Select the Sleep button action (on battery)*
 -   GP name: *DCSleepButtonAction_2*
 -   GP element: *SelectDCSleepButtonAction*
 -   GP path: *System/Power Management/Button Settings*
@@ -1207,32 +966,14 @@ The following are the supported Sleep button actions (on battery):
 **Power/SelectSleepButtonActionPluggedIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1247,16 +988,16 @@ The following are the supported Sleep button actions (on battery):
 
 
 
-Added in Windows 10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Sleep button.
+This policy setting specifies the action that Windows takes when a user presses the Sleep button.
 
 If you enable this policy setting, you must select the desired action.
 
-If you disable this policy setting or do not configure it, users can see and change this setting.
+If you disable this policy setting or don't configure it, users can see and change this setting.
 
 
 
 ADMX Info:  
--   GP English name: *Select the Sleep button action (plugged in)*
+-   GP Friendly name: *Select the Sleep button action (plugged in)*
 -   GP name: *ACSleepButtonAction_2*
 -   GP element: *SelectACSleepButtonAction*
 -   GP path: *System/Power Management/Button Settings*
@@ -1286,32 +1027,14 @@ The following are the supported Sleep button actions (plugged in):
 **Power/StandbyTimeoutOnBattery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1326,25 +1049,19 @@ The following are the supported Sleep button actions (plugged in):
 
 
 
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
+This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
 
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
 
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify the system sleep timeout (on battery)*
+-   GP Friendly name: *Specify the system sleep timeout (on battery)*
 -   GP name: *DCStandbyTimeOut_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
@@ -1358,32 +1075,14 @@ ADMX Info:
 **Power/StandbyTimeoutPluggedIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1398,25 +1097,19 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
+This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
 
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
 
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify the system sleep timeout (plugged in)*
+-   GP Friendly name: *Specify the system sleep timeout (plugged in)*
 -   GP name: *ACStandbyTimeOut_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
@@ -1430,32 +1123,14 @@ ADMX Info:
 **Power/TurnOffHybridSleepOnBattery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1470,16 +1145,16 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1903. This policy setting allows you to turn off hybrid sleep.
+This policy setting allows you to turn off hybrid sleep.
 
-If you set this policy setting to 0, a hiberfile is not generated when the system transitions to sleep (Stand By).
+If you set this policy setting to 0, a hiberfile isn't generated when the system transitions to sleep (Stand By).
 
-If you set this policy setting to 1 or do not configure this policy setting, users control this setting.
+If you set this policy setting to 1 or don't configure this policy setting, users control this setting.
 
 
 
 ADMX Info:  
--   GP English name: *Turn off hybrid sleep (on battery)*
+-   GP Friendly name: *Turn off hybrid sleep (on battery)*
 -   GP name: *DCStandbyWithHiberfileEnable_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
@@ -1506,32 +1181,14 @@ The following are the supported values for Hybrid sleep (on battery):
 **Power/TurnOffHybridSleepPluggedIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1546,16 +1203,16 @@ The following are the supported values for Hybrid sleep (on battery):
 
 
 
-Added in Windows 10, version 1903. This policy setting allows you to turn off hybrid sleep.
+This policy setting allows you to turn off hybrid sleep.
 
-If you set this policy setting to 0, a hiberfile is not generated when the system transitions to sleep (Stand By).
+If you set this policy setting to 0, a hiberfile isn't generated when the system transitions to sleep (Stand By).
 
-If you set this policy setting to 1 or do not configure this policy setting, users control this setting.
+If you set this policy setting to 1 or don't configure this policy setting, users control this setting.
 
 
 
 ADMX Info:  
--   GP English name: *Turn off hybrid sleep (plugged in)*
+-   GP Friendly name: *Turn off hybrid sleep (plugged in)*
 -   GP name: *ACStandbyWithHiberfileEnable_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
@@ -1582,32 +1239,14 @@ The following are the supported values for Hybrid sleep (plugged in):
 **Power/UnattendedSleepTimeoutOnBattery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1622,18 +1261,18 @@ The following are the supported values for Hybrid sleep (plugged in):
 
 
 
-Added in Windows 10, version 1903. This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.
+This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user isn't present at the computer.
 
-If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep.
+If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows doesn't automatically transition to sleep.
 
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
 
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 
 
 
 ADMX Info:  
--   GP English name: *Specify the unattended sleep timeout (on battery)*
+-   GP Friendly name: *Specify the unattended sleep timeout (on battery)*
 -   GP name: *UnattendedSleepTimeOutDC*
 -   GP element: *EnterUnattendedSleepTimeOut*
 -   GP path: *System/Power Management/Sleep Settings*
@@ -1658,32 +1297,14 @@ Default value for unattended sleep timeout (on battery):
 **Power/UnattendedSleepTimeoutPluggedIn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1698,18 +1319,18 @@ Default value for unattended sleep timeout (on battery):
 
 
 
-Added in Windows 10, version 1903. This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.
+This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user isn't present at the computer.
 
-If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep.
+If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows doesn't automatically transition to sleep.
 
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
 
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 
 
 
 ADMX Info:  
--   GP English name: *Specify the unattended sleep timeout (plugged in)*
+-   GP Friendly name: *Specify the unattended sleep timeout (plugged in)*
 -   GP name: *UnattendedSleepTimeOutAC*
 -   GP element: *EnterUnattendedSleepTimeOut*
 -   GP path: *System/Power Management/Sleep Settings*
@@ -1729,17 +1350,6 @@ Default value for unattended sleep timeout (plugged in):
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-- 9 - Available in Windows 10, version 20H2.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index e93f27025d..48b7f7722b 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -22,6 +22,18 @@ manager: dansimp
 ## Printers policies  
 
 
                  
+  
                  
+    Printers/ApprovedUsbPrintDevices
+  
                  
+  
                  
+    Printers/ApprovedUsbPrintDevicesUser
+  
                  
+  
                  
+    Printers/EnableDeviceControl
+  
                  
+  
                  
+    Printers/EnableDeviceControlUser
+  
                  
   
                  
     Printers/PointAndPrintRestrictions
   
                  
@@ -33,6 +45,302 @@ manager: dansimp
   
 
                  
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
                  
+
+
+**Printers/ApprovedUsbPrintDevices**  
+
+
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
                  EditionWindows 10Windows 11
                  HomeNoNo
                  ProYesYes
                  BusinessYesYes
                  EnterpriseYesYes
                  EducationYesYes
                  
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy implements the print portion of the Device Control requirements. 
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.  
+This policy will contain the comma-separated list of approved USB Vid&Pid combinations that the print spooler will allow to print when Device Control is enabled.
+The format of this setting is `/[,/]`
+
+Parent deliverable: 26209274 - Device Control: Printer
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Support for new Device Control Print feature*
+-   GP name: *ApprovedUsbPrintDevices*
+-   GP path: *Printers*
+-   GP ADMX file name: *Printing.admx*
+
+
+
+
+
+
                  
+
+
+**Printers/ApprovedUsbPrintDevicesUser**  
+
+
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
                  EditionWindows 10Windows 11
                  HomeNoNo
                  ProYesYes
                  BusinessYesYes
                  EnterpriseYesYes
                  EducationYesYes
                  
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy implements the print portion of the Device Control requirements. 
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.  
+This policy will contain the comma separated list of approved USB Vid&Pid combinations that the print spooler will allow to print when Device Control is enabled.
+The format of this setting is `/[,/]`
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Support for new Device Control Print feature*
+-   GP name: *ApprovedUsbPrintDevicesUser*
+-   GP path: *Printers*
+-   GP ADMX file name: *Printing.admx*
+
+
+
+
                  
+
+
+**Printers/EnableDeviceControl**  
+
+
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
                  EditionWindows 10Windows 11
                  HomeNoNo
                  ProYesYes
                  BusinessYesYes
                  EnterpriseYesYes
                  EducationYesYes
                  
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy implements the print portion of the Device Control requirements. 
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.  
+This policy will control whether the print spooler will attempt to restrict printing as part of Device Control.
+
+The default value of the policy will be Unconfigured.
+
+If the policy value is either Unconfigured or Disabled, the print spooler won't restrict printing.
+
+If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list. 
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Support for new Device Control Print feature*
+-   GP name: *EnableDeviceControl*
+-   GP path: *Printers*
+-   GP ADMX file name: *Printing.admx*
+
+
+
+
+
                  
+
+
+
+**Printers/EnableDeviceControlUser**  
+
+
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
                  EditionWindows 10Windows 11
                  HomeNoNo
                  ProYesYes
                  BusinessYesYes
                  EnterpriseYesYes
                  EducationYesYes
                  
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy implements the print portion of the Device Control requirements. 
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.  
+This policy will control whether the print spooler will attempt to restrict printing as part of Device Control.
+
+The default value of the policy will be Unconfigured.
+
+If the policy value is either Unconfigured or Disabled, the print spooler won't restrict printing.
+
+If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list. 
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Support for new Device Control Print feature*
+-   GP name: *EnableDeviceControlUser*
+-   GP path: *Printers*
+-   GP ADMX file name: *Printing.admx*
+
+
+
 
 
                  
 
@@ -40,32 +348,14 @@ manager: dansimp
 **Printers/PointAndPrintRestrictions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -83,41 +373,47 @@ manager: dansimp
 This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
 
 If you enable this policy setting:
--Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.
--You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
 
-If you do not configure this policy setting:
--Windows Vista client computers can point and print to any server.
--Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
--Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
--Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
+- Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver isn't available on the client, no connection will be made.
+
+- You can configure Windows Vista clients so that security warnings and elevated command prompts don't appear when users Point and Print, or when printer connection drivers need to be updated.
+
+If you don't configure this policy setting:
+
+- Windows Vista client computers can point and print to any server.
+
+- Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
+
+- Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
+
+- Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
 
 If you disable this policy setting:
--Windows Vista client computers can create a printer connection to any server using Point and Print.
--Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
--Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
--Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
--The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
+
+- Windows Vista client computers can create a printer connection to any server using Point and Print.
+
+- Windows Vista computers won't show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
+
+- Windows Vista computers won't show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
+
+- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
+
+- The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Point and Print Restrictions*
+-   GP Friendly name: *Point and Print Restrictions*
 -   GP name: *PointAndPrint_Restrictions_Win7*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
 
 
 
-Example
-```
+Example:
+
+```xml
 Name: Point and Print Enable Oma-URI: ./Device/Vendor/MSFT/Policy/Config/Printers/PointAndPrintRestrictions
 Data type: String Value: 
 
@@ -135,32 +431,14 @@ Data type: String Value: 
 **Printers/PointAndPrintRestrictions_User**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -178,33 +456,37 @@ Data type: String Value: 
 This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
 
 If you enable this policy setting:
--Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.
--You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
 
-If you do not configure this policy setting:
--Windows Vista client computers can point and print to any server.
--Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
--Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
--Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
+- Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver isn't available on the client, no connection will be made.
+
+- You can configure Windows Vista clients so that security warnings and elevated command prompts don't appear when users Point and Print, or when printer connection drivers need to be updated.
+
+If you don't configure this policy setting:
+
+- Windows Vista client computers can point and print to any server.
+
+- Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
+
+- Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
+
+- Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
 
 If you disable this policy setting:
--Windows Vista client computers can create a printer connection to any server using Point and Print.
--Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
--Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
--Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
--The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
+
+- Windows Vista client computers can create a printer connection to any server using Point and Print.
+
+- Windows Vista computers won't show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
+
+- Windows Vista computers won't show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
+
+- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
+
+- The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
 
 ADMX Info:  
--   GP English name: *Point and Print Restrictions*
+-   GP Friendly name: *Point and Print Restrictions*
 -   GP name: *PointAndPrint_Restrictions*
 -   GP path: *Control Panel/Printers*
 -   GP ADMX file name: *Printing.admx*
@@ -218,32 +500,14 @@ ADMX Info:
 **Printers/PublishPrinters**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -260,23 +524,17 @@ ADMX Info:
 
 Determines whether the computer's shared printers can be published in Active Directory.
 
-If you enable this setting or do not configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory.
+If you enable this setting or don't configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory.
 
-If you disable this setting, this computer's shared printers cannot be published in Active Directory, and the "List in directory" option is not available.
+If you disable this setting, this computer's shared printers can't be published in Active Directory, and the "List in directory" option isn't available.
 
-Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory".
+Note: This setting takes priority over the setting "Automatically publish new printers in the Active Directory".
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow printers to be published*
+-   GP Friendly name: *Allow printers to be published*
 -   GP name: *PublishPrinters*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing2.admx*
@@ -285,16 +543,5 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index ca873b0393..0bcba72d88 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -301,32 +301,14 @@ manager: dansimp
 **Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark3
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -365,32 +347,14 @@ The following list shows the supported values:
 **Privacy/AllowCrossDeviceClipboard**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -405,14 +369,14 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1809. Specifies whether clipboard items roam across devices. When this is allowed, an item copied to the clipboard is uploaded to the cloud so that other devices can access. Also, when this is allowed, a new clipboard item on the cloud is downloaded to a device so that user can paste on the device.
+Specifies whether clipboard items roam across devices. When this is allowed, an item copied to the clipboard is uploaded to the cloud so that other devices can access. Also, when this is allowed, a new clipboard item on the cloud is downloaded to a device so that user can paste on the device.
 
 Most restricted value is 0.
 
 
 
 ADMX Info:  
--   GP English name: *Allow Clipboard synchronization across devices*
+-   GP Friendly name: *Allow Clipboard synchronization across devices*
 -   GP name: *AllowCrossDeviceClipboard*
 -   GP path: *System/OS Policies*
 -   GP ADMX file name: *OSPolicy.admx*
@@ -433,32 +397,14 @@ The following list shows the supported values:
 **Privacy/AllowInputPersonalization**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -480,7 +426,7 @@ Most restricted value is 0.
 
 
 ADMX Info:  
--   GP English name: *Allow input personalization*
+-   GP Friendly name: *Allow input personalization*
 -   GP name: *AllowInputPersonalization*
 -   GP path: *Control Panel/Regional and Language Options*
 -   GP ADMX file name: *Globalization.admx*
@@ -501,32 +447,14 @@ The following list shows the supported values:
 **Privacy/DisableAdvertisingId**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -541,14 +469,14 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. Enables or disables the Advertising ID.
+Enables or disables the Advertising ID.
 
 Most restricted value is 0.
 
 
 
 ADMX Info:  
--   GP English name: *Turn off the advertising ID*
+-   GP Friendly name: *Turn off the advertising ID*
 -   GP name: *DisableAdvertisingId*
 -   GP path: *System/User Profiles*
 -   GP ADMX file name: *UserProfiles.admx*
@@ -570,32 +498,14 @@ The following list shows the supported values:
 **Privacy/DisablePrivacyExperience**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -622,7 +532,7 @@ In some enterprise managed environments, the privacy settings may be set by poli
 
 
 ADMX Info:  
--   GP English name: *Don't launch privacy settings experience on user logon*
+-   GP Friendly name: *Don't launch privacy settings experience on user logon*
 -   GP name: *DisablePrivacyExperience*
 -   GP path: *Windows Components/OOBE*
 -   GP ADMX file name: *OOBE.admx*
@@ -645,32 +555,14 @@ ADMX Info:
 **Privacy/EnableActivityFeed**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark3
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -685,12 +577,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. Allows IT Admins to allow Apps/OS to publish to the activity feed.
+Allows IT Admins to allow Apps/OS to publish to the activity feed.
 
 
 
 ADMX Info:  
--   GP English name: *Enables Activity Feed*
+-   GP Friendly name: *Enables Activity Feed*
 -   GP name: *EnableActivityFeed*
 -   GP path: *System/OS Policies*
 -   GP ADMX file name: *OSPolicy.admx*
@@ -711,32 +603,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessAccountInfo**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -751,7 +625,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. Specifies whether Windows apps can access account information.
+Specifies whether Windows apps can access account information.
 
 
 Most restricted value is 2.
@@ -759,7 +633,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access account information*
+-   GP Friendly name: *Let Windows apps access account information*
 -   GP name: *LetAppsAccessAccountInfo*
 -   GP element: *LetAppsAccessAccountInfo_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -782,32 +656,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -822,12 +678,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access account information*
+-   GP Friendly name: *Let Windows apps access account information*
 -   GP name: *LetAppsAccessAccountInfo*
 -   GP element: *LetAppsAccessAccountInfo_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -842,32 +698,14 @@ ADMX Info:
 **Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -882,12 +720,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access account information*
+-   GP Friendly name: *Let Windows apps access account information*
 -   GP name: *LetAppsAccessAccountInfo*
 -   GP element: *LetAppsAccessAccountInfo_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -902,32 +740,14 @@ ADMX Info:
 **Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -942,12 +762,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access account information*
+-   GP Friendly name: *Let Windows apps access account information*
 -   GP name: *LetAppsAccessAccountInfo*
 -   GP element: *LetAppsAccessAccountInfo_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -962,32 +782,14 @@ ADMX Info:
 **Privacy/LetAppsAccessBackgroundSpatialPerception**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecross mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|No|No|
+|Education|No|No|
 
 
 
                  
@@ -1001,8 +803,7 @@ ADMX Info:
 
                  
 
 
-
-Added in Windows 10, version 1903. 
+ 
 > [!NOTE]
 > Currently, this policy is supported only in HoloLens 2.
 
@@ -1013,7 +814,7 @@ Value type is integer.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access background spatial perception*
+-   GP Friendly name: *Let Windows apps access background spatial perception*
 -   GP name: *LetAppsAccessBackgroundSpatialPerception*
 -   GP element: *LetAppsAccessBackgroundSpatialPerception_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -1036,32 +837,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecross mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|No|No|
+|Education|No|No|
 
 
 
                  
@@ -1076,7 +859,6 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1903. 
 > [!NOTE]
 > Currently, this policy is supported only in HoloLens 2.
 
@@ -1087,7 +869,7 @@ Value type is chr.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access background spatial perception*
+-   GP Friendly name: *Let Windows apps access background spatial perception*
 -   GP name: *LetAppsAccessBackgroundSpatialPerception*
 -   GP element: *LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -1105,32 +887,14 @@ ADMX Info:
 **Privacy/LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecross mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|No|No|
+|Education|No|No|
 
 
 
                  
@@ -1145,7 +909,6 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1903. 
 > [!NOTE]
 > Currently, this policy is supported only in HoloLens 2.
 
@@ -1156,7 +919,7 @@ Value type is chr.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access background spatial perception*
+-   GP Friendly name: *Let Windows apps access background spatial perception*
 -   GP name: *LetAppsAccessBackgroundSpatialPerception*
 -   GP element: *LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -1174,32 +937,14 @@ ADMX Info:
 **Privacy/LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscross mark
                  Enterprisecross mark
                  Educationcross mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|No|No|
+|Education|No|No|
 
 
 
                  
@@ -1213,8 +958,7 @@ ADMX Info:
 
                  
 
 
-
-Added in Windows 10, version 1903. 
+ 
 > [!NOTE]
 > Currently, this policy is supported only in HoloLens 2.
 
@@ -1226,7 +970,7 @@ Value type is chr.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access background spatial perception*
+-   GP Friendly name: *Let Windows apps access background spatial perception*
 -   GP name: *LetAppsAccessBackgroundSpatialPerception*
 -   GP element: *LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -1244,32 +988,14 @@ ADMX Info:
 **Privacy/LetAppsAccessCalendar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1284,7 +1010,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Specifies whether Windows apps can access the calendar.
+Specifies whether Windows apps can access the calendar.
 
 
 Most restricted value is 2.
@@ -1292,7 +1018,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access the calendar*
+-   GP Friendly name: *Let Windows apps access the calendar*
 -   GP name: *LetAppsAccessCalendar*
 -   GP element: *LetAppsAccessCalendar_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -1315,32 +1041,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessCalendar_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1355,12 +1063,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access the calendar*
+-   GP Friendly name: *Let Windows apps access the calendar*
 -   GP name: *LetAppsAccessCalendar*
 -   GP element: *LetAppsAccessCalendar_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -1375,32 +1083,14 @@ ADMX Info:
 **Privacy/LetAppsAccessCalendar_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1415,12 +1105,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access the calendar*
+-   GP Friendly name: *Let Windows apps access the calendar*
 -   GP name: *LetAppsAccessCalendar*
 -   GP element: *LetAppsAccessCalendar_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -1435,32 +1125,14 @@ ADMX Info:
 **Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1475,12 +1147,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access the calendar*
+-   GP Friendly name: *Let Windows apps access the calendar*
 -   GP name: *LetAppsAccessCalendar*
 -   GP element: *LetAppsAccessCalendar_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -1495,32 +1167,14 @@ ADMX Info:
 **Privacy/LetAppsAccessCallHistory**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1535,7 +1189,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Specifies whether Windows apps can access call history.
+Specifies whether Windows apps can access call history.
 
 
 Most restricted value is 2.
@@ -1543,7 +1197,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access call history*
+-   GP Friendly name: *Let Windows apps access call history*
 -   GP name: *LetAppsAccessCallHistory*
 -   GP element: *LetAppsAccessCallHistory_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -1566,32 +1220,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1606,12 +1242,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access call history*
+-   GP Friendly name: *Let Windows apps access call history*
 -   GP name: *LetAppsAccessCallHistory*
 -   GP element: *LetAppsAccessCallHistory_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -1626,32 +1262,14 @@ ADMX Info:
 **Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1666,12 +1284,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access call history*
+-   GP Friendly name: *Let Windows apps access call history*
 -   GP name: *LetAppsAccessCallHistory*
 -   GP element: *LetAppsAccessCallHistory_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -1686,32 +1304,14 @@ ADMX Info:
 **Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1726,12 +1326,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
+List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access call history*
+-   GP Friendly name: *Let Windows apps access call history*
 -   GP name: *LetAppsAccessCallHistory*
 -   GP element: *LetAppsAccessCallHistory_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -1746,32 +1346,14 @@ ADMX Info:
 **Privacy/LetAppsAccessCamera**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1786,7 +1368,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Specifies whether Windows apps can access the camera.
+Specifies whether Windows apps can access the camera.
 
 
 Most restricted value is 2.
@@ -1794,7 +1376,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access the camera*
+-   GP Friendly name: *Let Windows apps access the camera*
 -   GP name: *LetAppsAccessCamera*
 -   GP element: *LetAppsAccessCamera_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -1817,32 +1399,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessCamera_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1857,12 +1421,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access the camera*
+-   GP Friendly name: *Let Windows apps access the camera*
 -   GP name: *LetAppsAccessCamera*
 -   GP element: *LetAppsAccessCamera_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -1877,32 +1441,14 @@ ADMX Info:
 **Privacy/LetAppsAccessCamera_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1917,12 +1463,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access the camera*
+-   GP Friendly name: *Let Windows apps access the camera*
 -   GP name: *LetAppsAccessCamera*
 -   GP element: *LetAppsAccessCamera_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -1937,32 +1483,14 @@ ADMX Info:
 **Privacy/LetAppsAccessCamera_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1977,12 +1505,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access the camera*
+-   GP Friendly name: *Let Windows apps access the camera*
 -   GP name: *LetAppsAccessCamera*
 -   GP element: *LetAppsAccessCamera_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -1997,32 +1525,14 @@ ADMX Info:
 **Privacy/LetAppsAccessContacts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2037,7 +1547,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Specifies whether Windows apps can access contacts.
+Specifies whether Windows apps can access contacts.
 
 
 Most restricted value is 2.
@@ -2045,7 +1555,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access contacts*
+-   GP Friendly name: *Let Windows apps access contacts*
 -   GP name: *LetAppsAccessContacts*
 -   GP element: *LetAppsAccessContacts_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -2068,32 +1578,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessContacts_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2108,12 +1600,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access contacts*
+-   GP Friendly name: *Let Windows apps access contacts*
 -   GP name: *LetAppsAccessContacts*
 -   GP element: *LetAppsAccessContacts_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -2128,32 +1620,14 @@ ADMX Info:
 **Privacy/LetAppsAccessContacts_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2168,12 +1642,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access contacts*
+-   GP Friendly name: *Let Windows apps access contacts*
 -   GP name: *LetAppsAccessContacts*
 -   GP element: *LetAppsAccessContacts_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -2188,32 +1662,14 @@ ADMX Info:
 **Privacy/LetAppsAccessContacts_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2228,12 +1684,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access contacts*
+-   GP Friendly name: *Let Windows apps access contacts*
 -   GP name: *LetAppsAccessContacts*
 -   GP element: *LetAppsAccessContacts_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -2248,32 +1704,14 @@ ADMX Info:
 **Privacy/LetAppsAccessEmail**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2288,7 +1726,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Specifies whether Windows apps can access email.
+Specifies whether Windows apps can access email.
 
 
 Most restricted value is 2.
@@ -2296,7 +1734,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access email*
+-   GP Friendly name: *Let Windows apps access email*
 -   GP name: *LetAppsAccessEmail*
 -   GP element: *LetAppsAccessEmail_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -2319,32 +1757,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessEmail_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2359,12 +1779,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access email*
+-   GP Friendly name: *Let Windows apps access email*
 -   GP name: *LetAppsAccessEmail*
 -   GP element: *LetAppsAccessEmail_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -2379,32 +1799,14 @@ ADMX Info:
 **Privacy/LetAppsAccessEmail_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2419,12 +1821,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access email*
+-   GP Friendly name: *Let Windows apps access email*
 -   GP name: *LetAppsAccessEmail*
 -   GP element: *LetAppsAccessEmail_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -2439,32 +1841,14 @@ ADMX Info:
 **Privacy/LetAppsAccessEmail_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2479,12 +1863,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access email*
+-   GP Friendly name: *Let Windows apps access email*
 -   GP name: *LetAppsAccessEmail*
 -   GP element: *LetAppsAccessEmail_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -2499,32 +1883,14 @@ ADMX Info:
 **Privacy/LetAppsAccessGazeInput**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2550,32 +1916,14 @@ This policy setting specifies whether Windows apps can access the eye tracker.
 **Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2601,32 +1949,14 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed
 **Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2652,32 +1982,14 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed
 **Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2703,32 +2015,14 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use
 **Privacy/LetAppsAccessLocation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2743,7 +2037,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use
 
 
 
-Added in Windows 10, version 1607. Specifies whether Windows apps can access location.
+Specifies whether Windows apps can access location.
 
 
 Most restricted value is 2.
@@ -2751,7 +2045,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access location*
+-   GP Friendly name: *Let Windows apps access location*
 -   GP name: *LetAppsAccessLocation*
 -   GP element: *LetAppsAccessLocation_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -2774,32 +2068,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessLocation_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2814,12 +2090,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access location*
+-   GP Friendly name: *Let Windows apps access location*
 -   GP name: *LetAppsAccessLocation*
 -   GP element: *LetAppsAccessLocation_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -2834,32 +2110,14 @@ ADMX Info:
 **Privacy/LetAppsAccessLocation_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2874,12 +2132,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access location*
+-   GP Friendly name: *Let Windows apps access location*
 -   GP name: *LetAppsAccessLocation*
 -   GP element: *LetAppsAccessLocation_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -2894,32 +2152,14 @@ ADMX Info:
 **Privacy/LetAppsAccessLocation_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2934,12 +2174,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access location*
+-   GP Friendly name: *Let Windows apps access location*
 -   GP name: *LetAppsAccessLocation*
 -   GP element: *LetAppsAccessLocation_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -2954,32 +2194,14 @@ ADMX Info:
 **Privacy/LetAppsAccessMessaging**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2994,7 +2216,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Specifies whether Windows apps can read or send messages (text or MMS).
+Specifies whether Windows apps can read or send messages (text or MMS).
 
 
 Most restricted value is 2.
@@ -3002,7 +2224,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access messaging*
+-   GP Friendly name: *Let Windows apps access messaging*
 -   GP name: *LetAppsAccessMessaging*
 -   GP element: *LetAppsAccessMessaging_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -3025,32 +2247,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessMessaging_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3065,12 +2269,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access messaging*
+-   GP Friendly name: *Let Windows apps access messaging*
 -   GP name: *LetAppsAccessMessaging*
 -   GP element: *LetAppsAccessMessaging_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -3085,32 +2289,14 @@ ADMX Info:
 **Privacy/LetAppsAccessMessaging_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3125,12 +2311,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access messaging*
+-   GP Friendly name: *Let Windows apps access messaging*
 -   GP name: *LetAppsAccessMessaging*
 -   GP element: *LetAppsAccessMessaging_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -3145,32 +2331,14 @@ ADMX Info:
 **Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3185,12 +2353,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access messaging*
+-   GP Friendly name: *Let Windows apps access messaging*
 -   GP name: *LetAppsAccessMessaging*
 -   GP element: *LetAppsAccessMessaging_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -3205,32 +2373,14 @@ ADMX Info:
 **Privacy/LetAppsAccessMicrophone**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3245,7 +2395,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Specifies whether Windows apps can access the microphone.
+Specifies whether Windows apps can access the microphone.
 
 
 Most restricted value is 2.
@@ -3253,7 +2403,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access the microphone*
+-   GP Friendly name: *Let Windows apps access the microphone*
 -   GP name: *LetAppsAccessMicrophone*
 -   GP element: *LetAppsAccessMicrophone_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -3276,32 +2426,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3316,12 +2448,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access the microphone*
+-   GP Friendly name: *Let Windows apps access the microphone*
 -   GP name: *LetAppsAccessMicrophone*
 -   GP element: *LetAppsAccessMicrophone_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -3336,32 +2468,14 @@ ADMX Info:
 **Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3376,12 +2490,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access the microphone*
+-   GP Friendly name: *Let Windows apps access the microphone*
 -   GP name: *LetAppsAccessMicrophone*
 -   GP element: *LetAppsAccessMicrophone_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -3396,32 +2510,14 @@ ADMX Info:
 **Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3436,12 +2532,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access the microphone*
+-   GP Friendly name: *Let Windows apps access the microphone*
 -   GP name: *LetAppsAccessMicrophone*
 -   GP element: *LetAppsAccessMicrophone_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -3456,32 +2552,14 @@ ADMX Info:
 **Privacy/LetAppsAccessMotion**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3496,7 +2574,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Specifies whether Windows apps can access motion data.
+Specifies whether Windows apps can access motion data.
 
 
 Most restricted value is 2.
@@ -3504,7 +2582,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access motion*
+-   GP Friendly name: *Let Windows apps access motion*
 -   GP name: *LetAppsAccessMotion*
 -   GP element: *LetAppsAccessMotion_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -3527,32 +2605,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessMotion_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3567,12 +2627,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access motion*
+-   GP Friendly name: *Let Windows apps access motion*
 -   GP name: *LetAppsAccessMotion*
 -   GP element: *LetAppsAccessMotion_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -3587,32 +2647,14 @@ ADMX Info:
 **Privacy/LetAppsAccessMotion_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3627,12 +2669,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access motion*
+-   GP Friendly name: *Let Windows apps access motion*
 -   GP name: *LetAppsAccessMotion*
 -   GP element: *LetAppsAccessMotion_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -3647,32 +2689,14 @@ ADMX Info:
 **Privacy/LetAppsAccessMotion_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3687,12 +2711,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access motion*
+-   GP Friendly name: *Let Windows apps access motion*
 -   GP name: *LetAppsAccessMotion*
 -   GP element: *LetAppsAccessMotion_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -3707,32 +2731,14 @@ ADMX Info:
 **Privacy/LetAppsAccessNotifications**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3747,7 +2753,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Specifies whether Windows apps can access notifications.
+Specifies whether Windows apps can access notifications.
 
 
 Most restricted value is 2.
@@ -3755,7 +2761,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access notifications*
+-   GP Friendly name: *Let Windows apps access notifications*
 -   GP name: *LetAppsAccessNotifications*
 -   GP element: *LetAppsAccessNotifications_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -3778,32 +2784,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessNotifications_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3818,12 +2806,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access notifications*
+-   GP Friendly name: *Let Windows apps access notifications*
 -   GP name: *LetAppsAccessNotifications*
 -   GP element: *LetAppsAccessNotifications_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -3838,32 +2826,14 @@ ADMX Info:
 **Privacy/LetAppsAccessNotifications_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3878,12 +2848,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access notifications*
+-   GP Friendly name: *Let Windows apps access notifications*
 -   GP name: *LetAppsAccessNotifications*
 -   GP element: *LetAppsAccessNotifications_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -3898,32 +2868,14 @@ ADMX Info:
 **Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3938,12 +2890,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access notifications*
+-   GP Friendly name: *Let Windows apps access notifications*
 -   GP name: *LetAppsAccessNotifications*
 -   GP element: *LetAppsAccessNotifications_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -3958,32 +2910,14 @@ ADMX Info:
 **Privacy/LetAppsAccessPhone**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3998,7 +2932,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Specifies whether Windows apps can make phone calls.
+Specifies whether Windows apps can make phone calls.
 
 
 Most restricted value is 2.
@@ -4006,7 +2940,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps make phone calls*
+-   GP Friendly name: *Let Windows apps make phone calls*
 -   GP name: *LetAppsAccessPhone*
 -   GP element: *LetAppsAccessPhone_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -4029,32 +2963,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessPhone_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4069,12 +2985,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps make phone calls*
+-   GP Friendly name: *Let Windows apps make phone calls*
 -   GP name: *LetAppsAccessPhone*
 -   GP element: *LetAppsAccessPhone_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -4089,32 +3005,14 @@ ADMX Info:
 **Privacy/LetAppsAccessPhone_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4129,12 +3027,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps make phone calls*
+-   GP Friendly name: *Let Windows apps make phone calls*
 -   GP name: *LetAppsAccessPhone*
 -   GP element: *LetAppsAccessPhone_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -4149,32 +3047,14 @@ ADMX Info:
 **Privacy/LetAppsAccessPhone_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4189,12 +3069,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps make phone calls*
+-   GP Friendly name: *Let Windows apps make phone calls*
 -   GP name: *LetAppsAccessPhone*
 -   GP element: *LetAppsAccessPhone_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -4209,32 +3089,14 @@ ADMX Info:
 **Privacy/LetAppsAccessRadios**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4249,7 +3111,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Specifies whether Windows apps have access to control radios.
+Specifies whether Windows apps have access to control radios.
 
 
 Most restricted value is 2.
@@ -4257,7 +3119,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps control radios*
+-   GP Friendly name: *Let Windows apps control radios*
 -   GP name: *LetAppsAccessRadios*
 -   GP element: *LetAppsAccessRadios_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -4280,32 +3142,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessRadios_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4320,12 +3164,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps control radios*
+-   GP Friendly name: *Let Windows apps control radios*
 -   GP name: *LetAppsAccessRadios*
 -   GP element: *LetAppsAccessRadios_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -4340,32 +3184,14 @@ ADMX Info:
 **Privacy/LetAppsAccessRadios_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4380,12 +3206,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps control radios*
+-   GP Friendly name: *Let Windows apps control radios*
 -   GP name: *LetAppsAccessRadios*
 -   GP element: *LetAppsAccessRadios_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -4400,32 +3226,14 @@ ADMX Info:
 **Privacy/LetAppsAccessRadios_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4440,12 +3248,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps control radios*
+-   GP Friendly name: *Let Windows apps control radios*
 -   GP name: *LetAppsAccessRadios*
 -   GP element: *LetAppsAccessRadios_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -4460,32 +3268,14 @@ ADMX Info:
 **Privacy/LetAppsAccessTasks**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark2
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4500,12 +3290,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks.
+Specifies whether Windows apps can access tasks.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access Tasks*
+-   GP Friendly name: *Let Windows apps access Tasks*
 -   GP name: *LetAppsAccessTasks*
 -   GP element: *LetAppsAccessTasks_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -4520,32 +3310,14 @@ ADMX Info:
 **Privacy/LetAppsAccessTasks_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark2
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4560,12 +3332,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access Tasks*
+-   GP Friendly name: *Let Windows apps access Tasks*
 -   GP name: *LetAppsAccessTasks*
 -   GP element: *LetAppsAccessTasks_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -4580,32 +3352,14 @@ ADMX Info:
 **Privacy/LetAppsAccessTasks_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark2
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4620,12 +3374,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access Tasks*
+-   GP Friendly name: *Let Windows apps access Tasks*
 -   GP name: *LetAppsAccessTasks*
 -   GP element: *LetAppsAccessTasks_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -4640,32 +3394,14 @@ ADMX Info:
 **Privacy/LetAppsAccessTasks_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark2
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4680,12 +3416,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access Tasks*
+-   GP Friendly name: *Let Windows apps access Tasks*
 -   GP name: *LetAppsAccessTasks*
 -   GP element: *LetAppsAccessTasks_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -4700,32 +3436,14 @@ ADMX Info:
 **Privacy/LetAppsAccessTrustedDevices**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4740,7 +3458,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Specifies whether Windows apps can access trusted devices.
+Specifies whether Windows apps can access trusted devices.
 
 
 Most restricted value is 2.
@@ -4748,7 +3466,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access trusted devices*
+-   GP Friendly name: *Let Windows apps access trusted devices*
 -   GP name: *LetAppsAccessTrustedDevices*
 -   GP element: *LetAppsAccessTrustedDevices_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -4771,32 +3489,14 @@ The following list shows the supported values:
 **Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4811,12 +3511,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access trusted devices*
+-   GP Friendly name: *Let Windows apps access trusted devices*
 -   GP name: *LetAppsAccessTrustedDevices*
 -   GP element: *LetAppsAccessTrustedDevices_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -4831,32 +3531,14 @@ ADMX Info:
 **Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4871,12 +3553,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access trusted devices*
+-   GP Friendly name: *Let Windows apps access trusted devices*
 -   GP name: *LetAppsAccessTrustedDevices*
 -   GP element: *LetAppsAccessTrustedDevices_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -4891,32 +3573,14 @@ ADMX Info:
 **Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4931,12 +3595,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access trusted devices*
+-   GP Friendly name: *Let Windows apps access trusted devices*
 -   GP name: *LetAppsAccessTrustedDevices*
 -   GP element: *LetAppsAccessTrustedDevices_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -4951,32 +3615,14 @@ ADMX Info:
 **Privacy/LetAppsActivateWithVoice**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark6
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -4996,7 +3642,7 @@ Specifies if Windows apps can be activated by voice.
 
 
 ADMX Info:  
--   GP English name: *Allow voice activation*
+-   GP Friendly name: *Allow voice activation*
 -   GP name: *LetAppsActivateWithVoice*
 -   GP element: *LetAppsActivateWithVoice_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -5019,32 +3665,14 @@ The following list shows the supported values:
 **Privacy/LetAppsActivateWithVoiceAboveLock**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark6
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5064,7 +3692,7 @@ Specifies if Windows apps can be activated by voice while the screen is locked.
 
 
 ADMX Info:  
--   GP English name: *Allow voice activation above locked screen*
+-   GP Friendly name: *Allow voice activation above locked screen*
 -   GP name: *LetAppsActivateWithVoiceAboveLock*
 -   GP element: *LetAppsActivateWithVoiceAboveLock_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -5087,32 +3715,14 @@ The following list shows the supported values:
 **Privacy/LetAppsGetDiagnosticInfo**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark2
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5127,7 +3737,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. Force allow, force deny or give user control of apps that can get diagnostic information about other running apps.
+Force allow, force deny or give user control of apps that can get diagnostic information about other running apps.
 
 
 Most restricted value is 2.
@@ -5135,7 +3745,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access diagnostic information about other apps*
+-   GP Friendly name: *Let Windows apps access diagnostic information about other apps*
 -   GP name: *LetAppsGetDiagnosticInfo*
 -   GP element: *LetAppsGetDiagnosticInfo_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -5158,32 +3768,14 @@ The following list shows the supported values:
 **Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark2
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5198,12 +3790,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access diagnostic information about other apps*
+-   GP Friendly name: *Let Windows apps access diagnostic information about other apps*
 -   GP name: *LetAppsGetDiagnosticInfo*
 -   GP element: *LetAppsGetDiagnosticInfo_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -5218,32 +3810,14 @@ ADMX Info:
 **Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark2
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5258,12 +3832,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access diagnostic information about other apps*
+-   GP Friendly name: *Let Windows apps access diagnostic information about other apps*
 -   GP name: *LetAppsGetDiagnosticInfo*
 -   GP element: *LetAppsGetDiagnosticInfo_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -5278,32 +3852,14 @@ ADMX Info:
 **Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark2
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5318,12 +3874,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps access diagnostic information about other apps*
+-   GP Friendly name: *Let Windows apps access diagnostic information about other apps*
 -   GP name: *LetAppsGetDiagnosticInfo*
 -   GP element: *LetAppsGetDiagnosticInfo_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -5338,32 +3894,14 @@ ADMX Info:
 **Privacy/LetAppsRunInBackground**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark2
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5378,7 +3916,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. Specifies whether Windows apps can run in the background.
+Specifies whether Windows apps can run in the background.
 
 
 Most restricted value is 2.
@@ -5388,7 +3926,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps run in the background*
+-   GP Friendly name: *Let Windows apps run in the background*
 -   GP name: *LetAppsRunInBackground*
 -   GP element: *LetAppsRunInBackground_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -5411,32 +3949,14 @@ The following list shows the supported values:
 **Privacy/LetAppsRunInBackground_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark2
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5451,12 +3971,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps run in the background*
+-   GP Friendly name: *Let Windows apps run in the background*
 -   GP name: *LetAppsRunInBackground*
 -   GP element: *LetAppsRunInBackground_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -5471,32 +3991,14 @@ ADMX Info:
 **Privacy/LetAppsRunInBackground_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark2
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5511,12 +4013,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps run in the background*
+-   GP Friendly name: *Let Windows apps run in the background*
 -   GP name: *LetAppsRunInBackground*
 -   GP element: *LetAppsRunInBackground_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -5531,32 +4033,14 @@ ADMX Info:
 **Privacy/LetAppsRunInBackground_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark2
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5571,12 +4055,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps run in the background*
+-   GP Friendly name: *Let Windows apps run in the background*
 -   GP name: *LetAppsRunInBackground*
 -   GP element: *LetAppsRunInBackground_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -5591,32 +4075,14 @@ ADMX Info:
 **Privacy/LetAppsSyncWithDevices**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5631,7 +4097,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Specifies whether Windows apps can sync with devices.
+Specifies whether Windows apps can sync with devices.
 
 
 Most restricted value is 2.
@@ -5639,7 +4105,7 @@ Most restricted value is 2.
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps communicate with unpaired devices*
+-   GP Friendly name: *Let Windows apps communicate with unpaired devices*
 -   GP name: *LetAppsSyncWithDevices*
 -   GP element: *LetAppsSyncWithDevices_Enum*
 -   GP path: *Windows Components/App Privacy*
@@ -5662,32 +4128,14 @@ The following list shows the supported values:
 **Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5702,12 +4150,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps communicate with unpaired devices*
+-   GP Friendly name: *Let Windows apps communicate with unpaired devices*
 -   GP name: *LetAppsSyncWithDevices*
 -   GP element: *LetAppsSyncWithDevices_ForceAllowTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -5722,32 +4170,14 @@ ADMX Info:
 **Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5762,12 +4192,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps communicate with unpaired devices*
+-   GP Friendly name: *Let Windows apps communicate with unpaired devices*
 -   GP name: *LetAppsSyncWithDevices*
 -   GP element: *LetAppsSyncWithDevices_ForceDenyTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -5782,32 +4212,14 @@ ADMX Info:
 **Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark1
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5822,12 +4234,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
 
 
 
 ADMX Info:  
--   GP English name: *Let Windows apps communicate with unpaired devices*
+-   GP Friendly name: *Let Windows apps communicate with unpaired devices*
 -   GP name: *LetAppsSyncWithDevices*
 -   GP element: *LetAppsSyncWithDevices_UserInControlOfTheseApps_List*
 -   GP path: *Windows Components/App Privacy*
@@ -5842,32 +4254,14 @@ ADMX Info:
 **Privacy/PublishUserActivities**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark3
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5882,12 +4276,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. Allows It Admins to enable publishing of user activities to the activity feed.
+Allows It Admins to enable publishing of user activities to the activity feed.
 
 
 
 ADMX Info:  
--   GP English name: *Allow publishing of User Activities*
+-   GP Friendly name: *Allow publishing of User Activities*
 -   GP name: *PublishUserActivities*
 -   GP path: *System/OS Policies*
 -   GP ADMX file name: *OSPolicy.admx*
@@ -5908,32 +4302,14 @@ The following list shows the supported values:
 **Privacy/UploadUserActivities**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark5
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -5953,7 +4329,7 @@ Allows ActivityFeed to upload published 'User Activities'.
 
 
 ADMX Info:  
--   GP English name: *Allow upload of User Activities*
+-   GP Friendly name: *Allow upload of User Activities*
 -   GP name: *UploadUserActivities*
 -   GP path: *System/OS Policies*
 -   GP ADMX file name: *OSPolicy.admx*
@@ -5962,16 +4338,5 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index 340bef38c2..64c53af12c 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -14,8 +14,6 @@ manager: dansimp
 
 # Policy CSP - RemoteAssistance
 
-
-
 
                  
 
 
@@ -36,6 +34,12 @@ manager: dansimp
   
 
                  
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -43,32 +47,14 @@ manager: dansimp
 **RemoteAssistance/CustomizeWarningMessages**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -85,27 +71,21 @@ manager: dansimp
 
 This policy setting lets you customize warning messages.
 
-The "Display warning message before sharing control" policy setting allows you to specify a custom message to display before a user shares control of his or her computer.
+The "Display warning message before sharing control" policy setting allows you to specify a custom message to display before users share control of their computers.
 
-The "Display warning message before connecting" policy setting allows you to specify a custom message to display before a user allows a connection to his or her computer.
+The "Display warning message before connecting" policy setting allows you to specify a custom message to display before users allow a connection to their computers.
 
 If you enable this policy setting, the warning message you specify overrides the default message that is seen by the novice.
 
 If you disable this policy setting, the user sees the default warning message.
 
-If you do not configure this policy setting, the user sees the default warning message.
+If you don't configure this policy setting, the user sees the default warning message.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Customize warning messages*
+-   GP Friendly name: *Customize warning messages*
 -   GP name: *RA_Options*
 -   GP path: *System/Remote Assistance*
 -   GP ADMX file name: *remoteassistance.admx*
@@ -119,32 +99,14 @@ ADMX Info:
 **RemoteAssistance/SessionLogging**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -163,21 +125,15 @@ This policy setting allows you to turn logging on or off. Log files are located
 
 If you enable this policy setting, log files are generated.
 
-If you disable this policy setting, log files are not generated.
+If you disable this policy setting, log files aren't generated.
 
-If you do not configure this setting, application-based settings are used.
+If you don't configure this setting, application-based settings are used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn on session logging*
+-   GP Friendly name: *Turn on session logging*
 -   GP name: *RA_Logging*
 -   GP path: *System/Remote Assistance*
 -   GP ADMX file name: *remoteassistance.admx*
@@ -191,32 +147,14 @@ ADMX Info:
 **RemoteAssistance/SolicitedRemoteAssistance**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -233,31 +171,25 @@ ADMX Info:
 
 This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer.
 
-If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure additional Remote Assistance settings.
+If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure more Remote Assistance settings.
 
-If you disable this policy setting, users on this computer cannot use email or file transfer to ask someone for help. Also, users cannot use instant messaging programs to allow connections to this computer.
+If you disable this policy setting, users on this computer can't use email or file transfer to ask someone for help. Also, users can't use instant messaging programs to allow connections to this computer.
 
-If you do not configure this policy setting, users can turn on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings.
+If you don't configure this policy setting, users can turn on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings.
 
 If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer."
 
 The "Maximum ticket time" policy setting sets a limit on the amount of time that a Remote Assistance invitation created by using email or file transfer can remain open.
 
-The "Select the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting is not available in Windows Vista since SMAPI is the only method supported.
+The "Select the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting isn't available in Windows Vista since SMAPI is the only method supported.
 
-If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance communications.
+If you enable this policy setting, you should also enable appropriate firewall exceptions to allow Remote Assistance communications.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure Solicited Remote Assistance*
+-   GP Friendly name: *Configure Solicited Remote Assistance*
 -   GP name: *RA_Solicit*
 -   GP path: *System/Remote Assistance*
 -   GP ADMX file name: *remoteassistance.admx*
@@ -271,32 +203,14 @@ ADMX Info:
 **RemoteAssistance/UnsolicitedRemoteAssistance**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -315,9 +229,9 @@ This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote
 
 If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
 
-If you disable this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
+If you disable this policy setting, users on this computer can't get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
 
-If you do not configure this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
+If you don't configure this policy setting, users on this computer can't get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
 
 If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer." When you configure this policy setting, you also specify the list of users or user groups that are allowed to offer remote assistance.
 
@@ -327,7 +241,7 @@ To configure the list of helpers, click "Show." In the window that opens, you ca
 
 `\`
 
-If you enable this policy setting, you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running.
+If you enable this policy setting, you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you're running.
 
 Windows Vista and later
 
@@ -351,16 +265,10 @@ Port 135:TCP
 Allow Remote Desktop Exception
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure Offer Remote Assistance*
+-   GP Friendly name: *Configure Offer Remote Assistance*
 -   GP name: *RA_Unsolicit*
 -   GP path: *System/Remote Assistance*
 -   GP ADMX file name: *remoteassistance.admx*
@@ -369,16 +277,4 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
-
diff --git a/windows/client-management/mdm/policy-csp-remotedesktop.md b/windows/client-management/mdm/policy-csp-remotedesktop.md
new file mode 100644
index 0000000000..7d2559655b
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-remotedesktop.md
@@ -0,0 +1,113 @@
+---
+title: Policy CSP - RemoteDesktop
+description: Learn how the Policy CSP - RemoteDesktop setting allows you to specify a custom message to display.
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.localizationpriority: medium
+ms.date: 09/27/2019
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - RemoteDesktop
+
+
                  
+
+
+## RemoteDesktop policies  
+> [!Warning]
+> Some information relates to prerelease products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
                  
+  
                  
+    RemoteDesktop/AutoSubscription
+  
                  
+  
                  
+    RemoteDesktop/LoadAadCredKeyFromProfile
+  
                  
+
                  
+
+
                  
+
+
+**RemoteDesktop/AutoSubscription**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+
+This policy allows administrators to enable automatic subscription for the Microsoft Remote Desktop client. If you define this policy, the specified URL is used by the client to silently subscribe the logged on user and retrieve the remote resources assigned to them. To automatically subscribe to Azure Virtual Desktop in the Azure Public cloud, set the URL to `https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery`.
+
+
+
+
+
+
                  
+
+
+**RemoteDesktop/LoadAadCredKeyFromProfile**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy allows the user to load the DPAPI cred key from their user profile and decrypt any previously encrypted DPAPI data in the user profile or encrypt any new DPAPI data. This policy is needed when using FSLogix user profiles from Azure AD-joined VMs.
+
+
+
+
+The following list shows the supported values:
+
+- 0 (default) - Disabled. 
+- 1 - Enabled. 
+
+
+
+
+
+
                  
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index a33ad83d33..6519b2d40c 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -42,6 +42,12 @@ manager: dansimp
   
 
                  
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -49,32 +55,14 @@ manager: dansimp
 **RemoteDesktopServices/AllowUsersToConnectRemotely**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -93,25 +81,19 @@ This policy setting allows you to configure remote access to computers by using
 
 If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services.
 
-If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections.
+If you disable this policy setting, users can't connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but won't accept any new incoming connections.
 
-If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections are not allowed. 
+If you don't configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections aren't allowed. 
 
 Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication. 
 
 You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow users to connect remotely by using Remote Desktop Services*
+-   GP Friendly name: *Allow users to connect remotely by using Remote Desktop Services*
 -   GP name: *TS_DISABLE_CONNECTIONS*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections*
 -   GP ADMX file name: *terminalserver.admx*
@@ -125,32 +107,14 @@ ADMX Info:
 **RemoteDesktopServices/ClientConnectionEncryptionLevel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -165,33 +129,27 @@ ADMX Info:
 
 
 
-Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption.
+Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you're using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) isn't recommended. This policy doesn't apply to SSL encryption.
 
 If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption methods are available:
 
-* High: The High setting encrypts data sent from the client to the server and from the server to the client by using strong 128-bit encryption. Use this encryption level in environments that contain only 128-bit clients (for example, clients that run Remote Desktop Connection). Clients that do not support this encryption level cannot connect to RD Session Host servers.
+* High: The High setting encrypts data sent from the client to the server and from the server to the client by using strong 128-bit encryption. Use this encryption level in environments that contain only 128-bit clients (for example, clients that run Remote Desktop Connection). Clients that don't support this encryption level can't connect to RD Session Host servers.
 
-* Client Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supported by the client. Use this encryption level in environments that include clients that do not support 128-bit encryption.
+* Client Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supported by the client. Use this encryption level in environments that include clients that don't support 128-bit encryption.
 
 * Low: The Low setting encrypts only data sent from the client to the server by using 56-bit encryption.
 
-If you disable or do not configure this setting, the encryption level to be used for remote connections to RD Session Host servers is not enforced through Group Policy.
+If you disable or don't configure this setting, the encryption level to be used for remote connections to RD Session Host servers isn't enforced through Group Policy.
 
 Important
 
 FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Set client connection encryption level*
+-   GP Friendly name: *Set client connection encryption level*
 -   GP name: *TS_ENCRYPTION_POLICY*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
 -   GP ADMX file name: *terminalserver.admx*
@@ -205,32 +163,14 @@ ADMX Info:
 **RemoteDesktopServices/DoNotAllowDriveRedirection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -249,23 +189,17 @@ This policy setting specifies whether to prevent the mapping of client drives in
 
 By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format `` on ``. You can use this policy setting to override this behavior.
 
-If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows Server 2019 and Windows 10.
+If you enable this policy setting, client drive redirection isn't allowed in Remote Desktop Services sessions, and Clipboard file copy redirection isn't allowed on computers running Windows Server 2019 and Windows 10.
 
 If you disable this policy setting, client drive redirection is always allowed. In addition, Clipboard file copy redirection is always allowed if Clipboard redirection is allowed.
 
-If you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level.
+If you don't configure this policy setting, client drive redirection and Clipboard file copy redirection aren't specified at the Group Policy level.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not allow drive redirection*
+-   GP Friendly name: *Do not allow drive redirection*
 -   GP name: *TS_CLIENT_DRIVE_M*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection*
 -   GP ADMX file name: *terminalserver.admx*
@@ -279,32 +213,14 @@ ADMX Info:
 **RemoteDesktopServices/DoNotAllowPasswordSaving**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -321,21 +237,15 @@ ADMX Info:
 
 Controls whether passwords can be saved on this computer from Remote Desktop Connection.
 
-If you enable this setting the password saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted.
+If you enable this setting, the password-saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves their settings, any password that previously existed in the RDP file will be deleted.
 
 If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not allow passwords to be saved*
+-   GP Friendly name: *Do not allow passwords to be saved*
 -   GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_2*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Connection Client*
 -   GP ADMX file name: *terminalserver.admx*
@@ -349,32 +259,14 @@ ADMX Info:
 **RemoteDesktopServices/PromptForPasswordUponConnection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -393,25 +285,19 @@ This policy setting specifies whether Remote Desktop Services always prompts the
 
 You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client.
 
-By default, Remote Desktop Services allows users to automatically log on by entering a password in the Remote Desktop Connection client.
+By default, Remote Desktop Services allows users to automatically sign in by entering a password in the Remote Desktop Connection client.
 
-If you enable this policy setting, users cannot automatically log on to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They are prompted for a password to log on.
+If you enable this policy setting, users can't automatically sign in to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They're prompted for a password to sign in.
 
-If you disable this policy setting, users can always log on to Remote Desktop Services automatically by supplying their passwords in the Remote Desktop Connection client.
+If you disable this policy setting, users can always sign in to Remote Desktop Services automatically by supplying their passwords in the Remote Desktop Connection client.
 
-If you do not configure this policy setting, automatic logon is not specified at the Group Policy level.
+If you don't configure this policy setting, automatic logon isn't specified at the Group Policy level.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Always prompt for password upon connection*
+-   GP Friendly name: *Always prompt for password upon connection*
 -   GP name: *TS_PASSWORD*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
 -   GP ADMX file name: *terminalserver.admx*
@@ -425,32 +311,14 @@ ADMX Info:
 **RemoteDesktopServices/RequireSecureRPCCommunication**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -469,25 +337,19 @@ Specifies whether a Remote Desktop Session Host server requires secure RPC commu
 
 You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.
 
-If the status is set to Enabled, Remote Desktop Services accepts requests from RPC clients that support secure requests, and does not allow unsecured communication with untrusted clients.
+If the status is set to Enabled, Remote Desktop Services accepts requests from RPC clients that support secure requests, and doesn't allow unsecured communication with untrusted clients.
 
-If the status is set to Disabled, Remote Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that do not respond to the request.
+If the status is set to Disabled, Remote Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that don't respond to the request.
 
 If the status is set to Not Configured, unsecured communication is allowed.
 
 Note: The RPC interface is used for administering and configuring Remote Desktop Services.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Require secure RPC communication*
+-   GP Friendly name: *Require secure RPC communication*
 -   GP name: *TS_RPC_ENCRYPTION*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
 -   GP ADMX file name: *terminalserver.admx*
@@ -496,16 +358,5 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index fae950baec..a0059027d9 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -69,6 +69,12 @@ manager: dansimp
   
 
                  
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -76,32 +82,14 @@ manager: dansimp
 **RemoteManagement/AllowBasicAuthentication_Client**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -120,19 +108,13 @@ This policy setting allows you to manage whether the Windows Remote Management (
 
 If you enable this policy setting, the WinRM client uses Basic authentication. If WinRM is configured to use HTTP transport, the user name and password are sent over the network as clear text.
 
-If you disable or do not configure this policy setting, the WinRM client does not use Basic authentication.
+If you disable or don't configure this policy setting, the WinRM client doesn't use Basic authentication.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow Basic authentication*
+-   GP Friendly name: *Allow Basic authentication*
 -   GP name: *AllowBasic_2*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -146,32 +128,14 @@ ADMX Info:
 **RemoteManagement/AllowBasicAuthentication_Service**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -190,19 +154,13 @@ This policy setting allows you to manage whether the Windows Remote Management (
 
 If you enable this policy setting, the WinRM service accepts Basic authentication from a remote client.
 
-If you disable or do not configure this policy setting, the WinRM service does not accept Basic authentication from a remote client.
+If you disable or don't configure this policy setting, the WinRM service doesn't accept Basic authentication from a remote client.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow Basic authentication*
+-   GP Friendly name: *Allow Basic authentication*
 -   GP name: *AllowBasic_1*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -216,32 +174,14 @@ ADMX Info:
 **RemoteManagement/AllowCredSSPAuthenticationClient**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -260,19 +200,13 @@ This policy setting allows you to manage whether the Windows Remote Management (
 
 If you enable this policy setting, the WinRM client uses CredSSP authentication.
 
-If you disable or do not configure this policy setting, the WinRM client does not use CredSSP authentication.
+If you disable or don't configure this policy setting, the WinRM client doesn't use CredSSP authentication.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow CredSSP authentication*
+-   GP Friendly name: *Allow CredSSP authentication*
 -   GP name: *AllowCredSSP_2*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -286,32 +220,14 @@ ADMX Info:
 **RemoteManagement/AllowCredSSPAuthenticationService**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -330,19 +246,13 @@ This policy setting allows you to manage whether the Windows Remote Management (
 
 If you enable this policy setting, the WinRM service accepts CredSSP authentication from a remote client.
 
-If you disable or do not configure this policy setting, the WinRM service does not accept CredSSP authentication from a remote client.
+If you disable or don't configure this policy setting, the WinRM service doesn't accept CredSSP authentication from a remote client.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow CredSSP authentication*
+-   GP Friendly name: *Allow CredSSP authentication*
 -   GP name: *AllowCredSSP_1*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -356,32 +266,14 @@ ADMX Info:
 **RemoteManagement/AllowRemoteServerManagement**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -402,11 +294,11 @@ If you enable this policy setting, the WinRM service automatically listens on th
 
 To allow WinRM service to receive requests over the network, configure the Windows Firewall policy setting with exceptions for Port 5985 (default port for HTTP).
 
-If you disable or do not configure this policy setting, the WinRM service will not respond to requests from a remote computer, regardless of whether or not any WinRM listeners are configured.
+If you disable or don't configure this policy setting, the WinRM service won't respond to requests from a remote computer, regardless of whether or not any WinRM listeners are configured.
 
 The service listens on the addresses specified by the IPv4 and IPv6 filters. The IPv4 filter specifies one or more ranges of IPv4 addresses, and the IPv6 filter specifies one or more ranges of IPv6addresses. If specified, the service enumerates the available IP addresses on the computer and uses only addresses that fall within one of the filter ranges.
 
-You should use an asterisk (\*) to indicate that the service listens on all available IP addresses on the computer. When \* is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses.
+You should use an asterisk (\*) to indicate that the service listens on all available IP addresses on the computer. When \* is used, other ranges in the filter are ignored. If the filter is left blank, the service doesn't listen on any addresses.
 
 For example, if you want the service to listen only on IPv4 addresses, leave the IPv6 filter empty.
 
@@ -416,16 +308,10 @@ Example IPv4 filters:\n2.0.0.1-2.0.0.20, 24.0.0.1-24.0.0.22
 Example IPv6 filters:\n3FFE:FFFF:7654:FEDA:1245:BA98:0000:0000-3FFE:FFFF:7654:FEDA:1245:BA98:3210:4562
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow remote server management through WinRM*
+-   GP Friendly name: *Allow remote server management through WinRM*
 -   GP name: *AllowAutoConfig*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -439,32 +325,14 @@ ADMX Info:
 **RemoteManagement/AllowUnencryptedTraffic_Client**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -483,19 +351,13 @@ This policy setting allows you to manage whether the Windows Remote Management (
 
 If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network.
 
-If you disable or do not configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
+If you disable or don't configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow unencrypted traffic*
+-   GP Friendly name: *Allow unencrypted traffic*
 -   GP name: *AllowUnencrypted_2*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -509,32 +371,14 @@ ADMX Info:
 **RemoteManagement/AllowUnencryptedTraffic_Service**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -553,19 +397,13 @@ This policy setting allows you to manage whether the Windows Remote Management (
 
 If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network.
 
-If you disable or do not configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
+If you disable or don't configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow unencrypted traffic*
+-   GP Friendly name: *Allow unencrypted traffic*
 -   GP name: *AllowUnencrypted_1*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -579,32 +417,14 @@ ADMX Info:
 **RemoteManagement/DisallowDigestAuthentication**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -621,21 +441,15 @@ ADMX Info:
 
 This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication.
 
-If you enable this policy setting, the WinRM client does not use Digest authentication.
+If you enable this policy setting, the WinRM client doesn't use Digest authentication.
 
-If you disable or do not configure this policy setting, the WinRM client uses Digest authentication.
+If you disable or don't configure this policy setting, the WinRM client uses Digest authentication.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disallow Digest authentication*
+-   GP Friendly name: *Disallow Digest authentication*
 -   GP name: *DisallowDigest*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -649,32 +463,14 @@ ADMX Info:
 **RemoteManagement/DisallowNegotiateAuthenticationClient**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -691,21 +487,15 @@ ADMX Info:
 
 This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentication.
 
-If you enable this policy setting, the WinRM client does not use Negotiate authentication.
+If you enable this policy setting, the WinRM client doesn't use Negotiate authentication.
 
-If you disable or do not configure this policy setting, the WinRM client uses Negotiate authentication.
+If you disable or don't configure this policy setting, the WinRM client uses Negotiate authentication.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disallow Negotiate authentication*
+-   GP Friendly name: *Disallow Negotiate authentication*
 -   GP name: *DisallowNegotiate_2*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -719,32 +509,14 @@ ADMX Info:
 **RemoteManagement/DisallowNegotiateAuthenticationService**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -761,21 +533,15 @@ ADMX Info:
 
 This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Negotiate authentication from a remote client.
 
-If you enable this policy setting, the WinRM service does not accept Negotiate authentication from a remote client.
+If you enable this policy setting, the WinRM service doesn't accept Negotiate authentication from a remote client.
 
-If you disable or do not configure this policy setting, the WinRM service accepts Negotiate authentication from a remote client.
+If you disable or don't configure this policy setting, the WinRM service accepts Negotiate authentication from a remote client.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disallow Negotiate authentication*
+-   GP Friendly name: *Disallow Negotiate authentication*
 -   GP name: *DisallowNegotiate_1*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -789,32 +555,14 @@ ADMX Info:
 **RemoteManagement/DisallowStoringOfRunAsCredentials**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -829,25 +577,19 @@ ADMX Info:
 
 
 
-This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins.
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) service won't allow RunAs credentials to be stored for any plug-ins.
 
-If you enable this policy setting, the WinRM service will not allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins.  If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on this computer.
+If you enable this policy setting, the WinRM service won't allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins.  If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on this computer.
 
-If you disable or do not configure this policy setting, the WinRM service will allow the RunAsUser and RunAsPassword configuration values to be set for plug-ins and the RunAsPassword value will be stored securely.
+If you disable or don't configure this policy setting, the WinRM service will allow the RunAsUser and RunAsPassword configuration values to be set for plug-ins and the RunAsPassword value will be stored securely.
 
-If you enable and then disable this policy setting,any values that were previously configured for RunAsPassword will need to be reset.
+If you enable and then disable this policy setting, any values that were previously configured for RunAsPassword will need to be reset.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Disallow WinRM from storing RunAs credentials*
+-   GP Friendly name: *Disallow WinRM from storing RunAs credentials*
 -   GP name: *DisableRunAs*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -861,32 +603,14 @@ ADMX Info:
 **RemoteManagement/SpecifyChannelBindingTokenHardeningLevel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -901,29 +625,23 @@ ADMX Info:
 
 
 
-This policy setting allows you to set the hardening level of the Windows Remote Management (WinRM) service with regard to channel binding tokens.
+This policy setting allows you to set the hardening level of the Windows Remote Management (WinRM) service regarding channel binding tokens.
 
 If you enable this policy setting, the WinRM service uses the level specified in HardeningLevel to determine whether or not to accept a received request, based on a supplied channel binding token.
 
-If you disable or do not configure this policy setting, you can configure the hardening level locally on each computer.
+If you disable or don't configure this policy setting, you can configure the hardening level locally on each computer.
 
 If HardeningLevel is set to Strict, any request not containing a valid channel binding token is rejected.
 
-If HardeningLevel is set to Relaxed (default value), any request containing an invalid channel binding token is rejected. However, a request that does not contain a channel binding token is accepted (though it is not protected from credential-forwarding attacks).
+If HardeningLevel is set to Relaxed (default value), any request containing an invalid channel binding token is rejected. However, a request that doesn't contain a channel binding token is accepted (though it isn't protected from credential-forwarding attacks).
 
-If HardeningLevel is set to None, all requests are accepted (though they are not protected from credential-forwarding attacks).
+If HardeningLevel is set to None, all requests are accepted (though they aren't protected from credential-forwarding attacks).
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify channel binding token hardening level*
+-   GP Friendly name: *Specify channel binding token hardening level*
 -   GP name: *CBTHardeningLevel_1*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -937,32 +655,14 @@ ADMX Info:
 **RemoteManagement/TrustedHosts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -979,21 +679,15 @@ ADMX Info:
 
 This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity.
 
-If you enable this policy setting, the WinRM client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity. The WinRM client uses this list when neither HTTPS nor Kerberos are used to authenticate the identity of the host.
+If you enable this policy setting, the WinRM client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity. The WinRM client uses this list when HTTPS or Kerberos is used to authenticate the identity of the host.
 
-If you disable or do not configure this policy setting and the WinRM client needs to use the list of trusted hosts, you must configure the list of trusted hosts locally on each computer.
+If you disable or don't configure this policy setting and the WinRM client needs to use the list of trusted hosts, you must configure the list of trusted hosts locally on each computer.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Trusted Hosts*
+-   GP Friendly name: *Trusted Hosts*
 -   GP name: *TrustedHosts*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -1007,32 +701,14 @@ ADMX Info:
 **RemoteManagement/TurnOnCompatibilityHTTPListener**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1051,23 +727,17 @@ This policy setting turns on or turns off an HTTP listener created for backward
 
 If you enable this policy setting, the HTTP listener always appears.
 
-If you disable or do not configure this policy setting, the HTTP listener never appears.
+If you disable or don't configure this policy setting, the HTTP listener never appears.
 
 When certain port 80 listeners are migrated to WinRM 2.0, the listener port number changes to 5985.
 
 A listener might be automatically created on port 80 to ensure backward compatibility.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn On Compatibility HTTP Listener*
+-   GP Friendly name: *Turn On Compatibility HTTP Listener*
 -   GP name: *HttpCompatibilityListener*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -1081,32 +751,14 @@ ADMX Info:
 **RemoteManagement/TurnOnCompatibilityHTTPSListener**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1125,23 +777,17 @@ This policy setting turns on or turns off an HTTPS listener created for backward
 
 If you enable this policy setting, the HTTPS listener always appears.
 
-If you disable or do not configure this policy setting, the HTTPS listener never appears.
+If you disable or don't configure this policy setting, the HTTPS listener never appears.
 
 When certain port 443 listeners are migrated to WinRM 2.0, the listener port number changes to 5986.
 
 A listener might be automatically created on port 443 to ensure backward compatibility.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn On Compatibility HTTPS Listener*
+-   GP Friendly name: *Turn On Compatibility HTTPS Listener*
 -   GP name: *HttpsCompatibilityListener*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -1150,16 +796,5 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index 493027a454..c2235cdbb4 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -1,11 +1,11 @@
 ---
 title: Policy CSP - RemoteProcedureCall
-description: The Policy CSP - RemoteProcedureCall setting controls whether RPC clients authenticate when the call they are making contains authentication information.
+description: The Policy CSP - RemoteProcedureCall setting controls whether RPC clients authenticate when the call they're making contains authentication information.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -15,7 +15,6 @@ manager: dansimp
 # Policy CSP - RemoteProcedureCall
 
 
-
 
                  
 
 
@@ -30,6 +29,12 @@ manager: dansimp
   
 
                  
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -37,32 +42,14 @@ manager: dansimp
 **RemoteProcedureCall/RPCEndpointMapperClientAuthentication**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -77,27 +64,21 @@ manager: dansimp
 
 
 
-This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information.   The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. 
+This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they're making contains authentication information.   The Endpoint Mapper Service on computers running Windows NT4 (all service packs) can't process authentication information supplied in this manner. 
 
-If you disable this policy setting, RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Endpoint Mapper Service on Windows NT4 Server.
+If you disable this policy setting, RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Endpoint Mapper Service on Windows NT4 Server.
 
-If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information.  Clients making such calls will not be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
+If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information.  Clients making such calls won't be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
 
-If you do not configure this policy setting, it remains disabled.  RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
+If you don't configure this policy setting, it remains disabled.  RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
 
-Note: This policy will not be applied until the system is rebooted.
+Note: This policy won't be applied until the system is rebooted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enable RPC Endpoint Mapper Client Authentication*
+-   GP Friendly name: *Enable RPC Endpoint Mapper Client Authentication*
 -   GP name: *RpcEnableAuthEpResolution*
 -   GP path: *System/Remote Procedure Call*
 -   GP ADMX file name: *rpc.admx*
@@ -111,32 +92,14 @@ ADMX Info:
 **RemoteProcedureCall/RestrictUnauthenticatedRPCClients**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -153,33 +116,28 @@ ADMX Info:
 
 This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.
 
-This policy setting impacts all RPC applications.  In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself.  Reverting a change to this policy setting can require manual intervention on each affected machine.  This policy setting should never be applied to a domain controller.
+This policy setting impacts all RPC applications.  In a domain environment, this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself.  Reverting a change to this policy setting can require manual intervention on each affected machine.  This policy setting should never be applied to a domain controller.
 
 If you disable this policy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions that support this policy setting. 
 
-If you do not configure this policy setting, it remains disabled.  The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting. 
+If you don't configure this policy setting, it remains disabled.  The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting. 
 
-If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have specifically requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy setting.
+If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy setting.
 
---  "None" allows all RPC clients to connect to RPC Servers running on the machine on which the policy setting is applied.
+- "None" allows all RPC clients to connect to RPC Servers running on the machine on which the policy setting is applied.
 
---  "Authenticated" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. Exemptions are granted to interfaces that have requested them.
+- "Authenticated" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. Exemptions are granted to interfaces that have requested them.
 
---  "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied.  No exceptions are allowed.
+- "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied.  No exceptions are allowed.
 
-Note: This policy setting will not be applied until the system is rebooted.
+> [!NOTE]
+> This policy setting won't be applied until the system is rebooted.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Restrict Unauthenticated RPC clients*
+-   GP Friendly name: *Restrict Unauthenticated RPC clients*
 -   GP name: *RpcRestrictRemoteClients*
 -   GP path: *System/Remote Procedure Call*
 -   GP ADMX file name: *rpc.admx*
@@ -188,16 +146,5 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index ac6201611a..25abffed2e 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -15,7 +15,6 @@ manager: dansimp
 # Policy CSP - RemoteShell
 
 
-
 
                  
 
 
@@ -45,6 +44,12 @@ manager: dansimp
   
 
                  
 
+> [!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
                  
 
@@ -52,32 +57,14 @@ manager: dansimp
 **RemoteShell/AllowRemoteShellAccess**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -99,16 +86,10 @@ If you enable or do not configure this policy setting, new remote shell connecti
 If you set this policy to ‘disabled’, new remote shell connections are rejected by the server.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Allow Remote Shell Access*
+-   GP Friendly name: *Allow Remote Shell Access*
 -   GP name: *AllowRemoteShellAccess*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
@@ -122,32 +103,14 @@ ADMX Info:
 **RemoteShell/MaxConcurrentUsers**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -171,16 +134,10 @@ If you enable this policy setting, the new shell connections are rejected if the
 If you disable or do not configure this policy setting, the default number is five users.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *MaxConcurrentUsers*
+-   GP Friendly name: *MaxConcurrentUsers*
 -   GP name: *MaxConcurrentUsers*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
@@ -194,32 +151,14 @@ ADMX Info:
 **RemoteShell/SpecifyIdleTimeout**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -243,16 +182,10 @@ If you enable this policy setting, the server will wait for the specified amount
 If you do not configure or disable this policy setting, the default value of 900000 or 15 min will be used.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify idle Timeout*
+-   GP Friendly name: *Specify idle Timeout*
 -   GP name: *IdleTimeout*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
@@ -266,32 +199,14 @@ ADMX Info:
 **RemoteShell/SpecifyMaxMemory**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -315,16 +230,10 @@ If you enable this policy setting, the remote operation is terminated when a new
 If you disable or do not configure this policy setting, the value 150 is used by default.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify maximum amount of memory in MB per Shell*
+-   GP Friendly name: *Specify maximum amount of memory in MB per Shell*
 -   GP name: *MaxMemoryPerShellMB*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
@@ -338,32 +247,14 @@ ADMX Info:
 **RemoteShell/SpecifyMaxProcesses**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -385,16 +276,10 @@ If you enable this policy setting, you can specify any number from 0 to 0x7FFFFF
 If you disable or do not configure this policy setting,  the limit is five processes per shell.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify maximum number of processes per Shell*
+-   GP Friendly name: *Specify maximum number of processes per Shell*
 -   GP name: *MaxProcessesPerShell*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
@@ -408,32 +293,14 @@ ADMX Info:
 **RemoteShell/SpecifyMaxRemoteShells**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -457,16 +324,10 @@ If you enable this policy setting, the user cannot open new remote shells if the
 If you disable or do not configure this policy setting, by default the limit is set to two remote shells per user.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify maximum number of remote shells per user*
+-   GP Friendly name: *Specify maximum number of remote shells per user*
 -   GP name: *MaxShellsPerUser*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
@@ -480,32 +341,14 @@ ADMX Info:
 **RemoteShell/SpecifyShellTimeout**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -523,16 +366,10 @@ ADMX Info:
 This policy setting is deprecated and has no effect when set to any state: Enabled, Disabled, or Not Configured.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Specify Shell Timeout*
+-   GP Friendly name: *Specify Shell Timeout*
 -   GP name: *ShellTimeOut*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
@@ -541,16 +378,5 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md
index 6e60b430b9..4c77b145dc 100644
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 04/07/2020
 ms.reviewer: 
@@ -15,7 +15,7 @@ manager: dansimp
 # Policy CSP - RestrictedGroups
 
 > [!IMPORTANT]
-> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results. 
+> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results.
 
 
 
                  
@@ -36,32 +36,14 @@ manager: dansimp
 **RestrictedGroups/ConfigureGroupMembership**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -132,7 +114,8 @@ Starting in Windows 10, version 1809, you can use this schema for retrieval and
 
 
 Here's an example:
-```
+
+```xml
 
     
         
@@ -144,13 +127,18 @@ Here's an example:
     
 
 ```
+
 where:
+
 - `` contains the local group SID or group name to configure. If a SID is specified here, the policy uses the [LookupAccountName](/windows/win32/api/winbase/nf-winbase-lookupaccountnamea) API to get the local group name. For best results, use names for ``.
+
 - `` contains the members to add to the group in ``. A member can be specified as a name or as a SID. For best results, use a SID for ``. The member SID can be a user account or a group in AD, Azure AD, or on the local machine. If a name is specified here, the policy will try to get the corresponding SID using the [LookupAccountSID](/windows/win32/api/winbase/nf-winbase-lookupaccountsida) API. Name can be used for a user account or a group in AD or on the local machine. Membership is configured using the [NetLocalGroupSetMembers](/windows/win32/api/lmaccess/nf-lmaccess-netlocalgroupsetmembers) API.
+
 - In this example, `Group1` and `Group2` are local groups on the device being configured, and `Group3` is a domain group.
 
 > [!NOTE]
 > Currently, the RestrictedGroups/ConfigureGroupMembership policy does not have a MemberOf functionality. However, you can add a domain group as a member to a local group by using the member portion, as shown in the previous example.
+
 
 
 
@@ -171,15 +159,4 @@ The following table describes how this policy setting behaves in different Windo
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
-
\ No newline at end of file
+
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index b3290f82dc..b56f078278 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 02/12/2021
 ms.reviewer: 
@@ -15,7 +15,6 @@ manager: dansimp
 # Policy CSP - Search
 
 
-
 
                  
 
 
@@ -25,6 +24,9 @@ manager: dansimp
   
                  
     Search/AllowCloudSearch
   
                  
+  
                  
+    Search/AllowCortanaInAAD
+  
                  
   
                  
     Search/AllowFindMyFiles
   
                  
@@ -34,6 +36,9 @@ manager: dansimp
   
                  
     Search/AllowSearchToUseLocation
   
                  
+  
                  
+    Search/AllowSearchHighlights
+  
                  
   
                  
     Search/AllowStoringImagesFromVisionSearch
   
                  
@@ -70,32 +75,14 @@ manager: dansimp
 **Search/AllowCloudSearch**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -110,12 +97,12 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1709. Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources.
+Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources.
 
 
 
 ADMX Info:  
--   GP English name: *Allow Cloud Search*
+-   GP Friendly name: *Allow Cloud Search*
 -   GP name: *AllowCloudSearch*
 -   GP element: *AllowCloudSearch_Dropdown*
 -   GP path: *Windows Components/Search*
@@ -134,76 +121,17 @@ The following list shows the supported values:
 
                  
 
 
+**Search/AllowCortanaInAAD**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
 
-
-
                  
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
                  
-
-
-**Search/AllowFindMyFiles**  
-
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -218,12 +146,60 @@ The following list shows the supported values:
 
 
 
-Controls if the user can configure search to Find My Files mode, which searches files in secondary hard drives and also outside of the user profile. Find My Files does not allow users to search files or locations to which they do not have access.
+This policy allows the cortana opt-in page during windows setup out of the box experience.
 
 
 
 ADMX Info:  
--   GP English name: *Allow Find My Files*
+-   GP Friendly name: *Allow Cloud Search*
+-   GP name: *AllowCortanaInAAD*
+-   GP element: *AllowCloudSearch_Dropdown*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+
+
+
+This value is a simple boolean value, default false, that can be set by MDM policy to allow the Cortana Page in OOBE when logged in with an AAD account.
+
+
+
+
+
+
                  
+
+
+**Search/AllowFindMyFiles**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+Controls if the user can configure search to Find My Files mode, which searches files in secondary hard drives and also outside of the user profile. Find My Files doesn't allow users to search files or locations to which they don't have access.
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow Find My Files*
 -   GP name: *AllowFindMyFiles*
 -   GP path: *Computer Configuration/Administrative Templates/Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -250,32 +226,14 @@ The following list shows the supported values:
 **Search/AllowIndexingEncryptedStoresOrItems**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -294,14 +252,14 @@ Allows or disallows the indexing of items. This switch is for the Windows Search
 
 When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes things like file path and date modified.
 
-When the policy is disabled, the WIP protected items are not indexed and do not show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps if there are a lot of WIP protected media files on the device.
+When the policy is disabled, the WIP protected items aren't indexed and don't show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps if there are many WIP-protected media files on the device.
 
 Most restricted value is 0.
 
 
 
 ADMX Info:  
--   GP English name: *Allow indexing of encrypted files*
+-   GP Friendly name: *Allow indexing of encrypted files*
 -   GP name: *AllowIndexingEncryptedStoresOrItems*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -322,32 +280,14 @@ The following list shows the supported values:
 **Search/AllowSearchToUseLocation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -362,14 +302,14 @@ The following list shows the supported values:
 
 
 
-Specifies whether search can leverage location information.
+Specifies whether search can use location information.
 
 Most restricted value is 0.
 
 
 
 ADMX Info:  
--   GP English name: *Allow search and Cortana to use location*
+-   GP Friendly name: *Allow search and Cortana to use location*
 -   GP name: *AllowSearchToUseLocation*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -386,6 +326,63 @@ The following list shows the supported values:
 
 
                  
 
+
+**Search/AllowSearchHighlights**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy controls whether search highlights are shown in the search box or in search home.
+
+- If you enable this policy setting, then this setting turns on search highlights in the search box or in the search home.
+- If you disable this policy setting, then this setting turns off search highlights in the search box or in the search home. 
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Allow search and highlights*
+-   GP name: *AllowSearchHighlights*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+
+
+The following list shows the supported values in Windows 10:
+- Not Configured/ Enabled (default) – Enabling or not configuring this setting turns on search    highlights in the taskbar search box and in search home.
+
+- Disabled – Disabling this setting turns off search highlights in the taskbar search box and in search home.
+
+The following list shows the supported values in Windows 11:
+- Not Configured/ Enabled (default) – Enabling or not configuring this setting turns on search highlights in the start menu search box and in search home.
+
+- Disabled – Disabling this setting turns off search highlights in the start menu search box and in search home.
+
+
+
+
+
                  
+
 
 **Search/AllowStoringImagesFromVisionSearch**  
 
@@ -401,32 +398,14 @@ This policy has been deprecated.
 **Search/AllowUsingDiacritics**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -449,7 +428,7 @@ Most restricted value is 0.
 
 
 ADMX Info:  
--   GP English name: *Allow use of diacritics*
+-   GP Friendly name: *Allow use of diacritics*
 -   GP name: *AllowUsingDiacritics*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -470,32 +449,14 @@ The following list shows the supported values:
 **Search/AllowWindowsIndexer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -521,32 +482,14 @@ Allow Windows indexer. Value type is integer.
 **Search/AlwaysUseAutoLangDetection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -569,7 +512,7 @@ Most restricted value is 0.
 
 
 ADMX Info:  
--   GP English name: *Always use automatic language detection when indexing content and properties*
+-   GP Friendly name: *Always use automatic language detection when indexing content and properties*
 -   GP name: *AlwaysUseAutoLangDetection*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -590,32 +533,14 @@ The following list shows the supported values:
 **Search/DisableBackoff**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -635,7 +560,7 @@ If enabled, the search indexer backoff feature will be disabled. Indexing will c
 
 
 ADMX Info:  
--   GP English name: *Disable indexer backoff*
+-   GP Friendly name: *Disable indexer backoff*
 -   GP name: *DisableBackoff*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -656,32 +581,14 @@ The following list shows the supported values:
 **Search/DisableRemovableDriveIndexing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -698,14 +605,14 @@ The following list shows the supported values:
 
 This policy setting configures whether or not locations on removable drives can be added to libraries.
 
-If you enable this policy setting, locations on removable drives cannot be added to libraries. In addition, locations on removable drives cannot be indexed.
+If you enable this policy setting, locations on removable drives can't be added to libraries. In addition, locations on removable drives can't be indexed.
 
-If you disable or do not configure this policy setting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed.
+If you disable or don't configure this policy setting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed.
 
 
 
 ADMX Info:  
--   GP English name: *Do not allow locations on removable drives to be added to libraries*
+-   GP Friendly name: *Do not allow locations on removable drives to be added to libraries*
 -   GP name: *DisableRemovableDriveIndexing*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -726,32 +633,14 @@ The following list shows the supported values:
 **Search/DoNotUseWebResults**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -766,17 +655,18 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. Don't search the web or display web results in Search.
+Don't search the web or display web results in Search, or show search highlights in the search box or in search home.
 
-This policy setting allows you to control whether or not Search can perform queries on the web, and if the web results are displayed in Search.
-If you enable this policy setting, queries won't be performed on the web and web results won't be displayed when a user performs a query in Search.
+This policy setting allows you to control whether or not Search can perform queries on the web, if web results are displayed in Search, and if search highlights are shown in the search box and in search home.
 
-If you disable this policy setting, queries will be performed on the web and web results will be displayed when a user performs a query in Search.
+- If you enable this policy setting, queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
+
+- If you disable this policy setting, queries will be performed on the web, web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
 
 
 
 ADMX Info:  
--   GP English name: *Don't search the web or display web results in Search*
+-   GP Friendly name: *Don't search the web or display web results in Search*
 -   GP name: *DoNotUseWebResults*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -785,8 +675,8 @@ ADMX Info:
 
 The following list shows the supported values:
 
-- 0 - Not allowed. Queries won't be performed on the web and web results won't be displayed when a user performs a query in Search.
-- 1 (default) - Allowed. Queries will be performed on the web and web results will be displayed when a user performs a query in Search.
+- 0 - Not allowed. Queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
+- 1 (default) - Allowed. Queries will be performed on the web, web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
 
 
 
@@ -797,32 +687,14 @@ The following list shows the supported values:
 **Search/PreventIndexingLowDiskSpaceMB**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -839,14 +711,14 @@ The following list shows the supported values:
 
 Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1.
 
-Enable this policy if computers in your environment have extremely limited hard drive space.
+Enable this policy if computers in your environment have limited hard drive space.
 
 When this policy is disabled or not configured, Windows Desktop Search automatically manages your index size.
 
 
 
 ADMX Info:  
--   GP English name: *Stop indexing in the event of limited hard drive space*
+-   GP Friendly name: *Stop indexing in the event of limited hard drive space*
 -   GP name: *StopIndexingOnLimitedHardDriveSpace*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -867,32 +739,14 @@ The following list shows the supported values:
 **Search/PreventRemoteQueries**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -907,12 +761,12 @@ The following list shows the supported values:
 
 
 
-If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index..
+If enabled, clients will be unable to query this computer's index remotely. Thus, when they're browsing network shares that are stored on this computer, they won't search them using the index. If disabled, client search requests will use this computer's index..
 
 
 
 ADMX Info:  
--   GP English name: *Prevent clients from querying the index remotely*
+-   GP Friendly name: *Prevent clients from querying the index remotely*
 -   GP name: *PreventRemoteQueries*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -929,16 +783,6 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index 13eb6fdc71..dcf870fbf8 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -60,32 +60,14 @@ manager: dansimp
 **Security/AllowAddProvisioningPackage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -117,46 +99,10 @@ The following list shows the supported values:
 
 **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**  
 
-
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Business
                  Enterprisecheck mark
                  Educationcheck mark
                  
-
-
-
                  
-
 
 > [!NOTE]
-> This policy has been deprecated in Windows 10, version 1607
-
-
                  
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
+> 
+> - This policy is deprecated in Windows 10, version 1607.
 
 Specifies whether to allow automatic [device encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) during OOBE when the device is Azure AD joined.
 
@@ -176,32 +122,14 @@ The following list shows the supported values:
 **Security/AllowRemoveProvisioningPackage**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -234,32 +162,14 @@ The following list shows the supported values:
 **Security/ClearTPMIfNotReady**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Home
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|||
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -274,15 +184,13 @@ The following list shows the supported values:
 
 
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
 
-Added in Windows 10, version 1709. Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
+Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
 
 
 
 ADMX Info:  
--   GP English name: *Configure the system to clear the TPM if it is not in a ready state.*
+-   GP Friendly name: *Configure the system to clear the TPM if it is not in a ready state.*
 -   GP name: *ClearTPMIfNotReady_Name*
 -   GP path: *System/Trusted Platform Module Services*
 -   GP ADMX file name: *TPM.admx*
@@ -291,7 +199,7 @@ ADMX Info:
 
 The following list shows the supported values:
 
--   0 (default) – Will not force recovery from a non-ready TPM state.
+-   0 (default) – Won't force recovery from a non-ready TPM state.
 -   1 – Will prompt to clear the TPM if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear.
 
 
@@ -303,32 +211,14 @@ The following list shows the supported values:
 **Security/ConfigureWindowsPasswords**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -343,7 +233,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. Configures the use of passwords for Windows features.
+Configures the use of passwords for Windows features.
 
 > [!Note]
 > This policy is only supported in Windows 10 S.
@@ -365,32 +255,14 @@ The following list shows the supported values:
 **Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -405,11 +277,8 @@ The following list shows the supported values:
 
 
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
 
-
-Added in Windows 10, version 1607 to replace the deprecated policy **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**.
+Added in Windows 10, version 1607 to replace the deprecated policy **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**.
 
 Specifies whether to allow automatic [device encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) during OOBE when the device is Azure AD joined.
 
@@ -429,32 +298,14 @@ The following list shows the supported values:
 **Security/RecoveryEnvironmentAuthentication**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -470,12 +321,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1809. This policy controls the Admin Authentication requirement in RecoveryEnvironment.
+This policy controls the Admin Authentication requirement in RecoveryEnvironment.
 
 Supported values:  
 -  0 - Default: Keep using default(current) behavior
 -  1 - RequireAuthentication: Admin Authentication is always required for components in RecoveryEnvironment
--  2 - NoRequireAuthentication: Admin Authentication is not required for components in RecoveryEnvironment
+-  2 - NoRequireAuthentication: Admin Authentication isn't required for components in RecoveryEnvironment
 
 
 
@@ -493,10 +344,10 @@ The process of starting Push Button Reset (PBR) in WinRE:
 1. Open a cmd as Administrator, run command "reagentc /boottore" and restart the OS to boot to WinRE.
 1. OS should boot to the blue screen of WinRE UI, go through TroubleShoot -> Reset this PC, it should show two options: "Keep my files" and "Remove everything".
 
-If the MDM policy is set to "Default" (0) or does not exist, the admin authentication flow should work as default behavior:  
+If the MDM policy is set to "Default" (0) or doesn't exist, the admin authentication flow should work as default behavior:  
 
 1. Start PBR in WinRE, choose "Keep my files", it should pop up admin authentication.
-1. Click "<-" (right arrow) button and choose "Remove everything", it should not pop up admin authentication and just go to PBR options.
+1. Click "<-" (right arrow) button and choose "Remove everything", it shouldn't pop up admin authentication and just go to PBR options.
 
 If the MDM policy is set to "RequireAuthentication" (1)
 
@@ -505,9 +356,9 @@ If the MDM policy is set to "RequireAuthentication" (1)
 
 If the MDM policy is set to "NoRequireAuthentication" (2)
 
-1. Start PBR in WinRE, choose "Keep my files", it should not pop up admin authentication.
+1. Start PBR in WinRE, choose "Keep my files", it shouldn't pop up admin authentication.
 1. Go through PBR options and click "cancel" at final confirmation page, wait unit the UI is back.
-1. Click "TroubleShoot" -> "Reset this PC" again, choose "Remove everything", it should not pop up admin authentication neither.
+1. Click "TroubleShoot" -> "Reset this PC" again, choose "Remove everything", it shouldn't pop up admin authentication neither.
 
 
 
@@ -518,32 +369,14 @@ If the MDM policy is set to "NoRequireAuthentication" (2)
 **Security/RequireDeviceEncryption**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -570,7 +403,7 @@ Most restricted value is 1.
 
 The following list shows the supported values:
 
--   0 (default) – Encryption is not required.
+-   0 (default) – Encryption isn't required.
 -   1 – Encryption is required.
 
 
@@ -582,32 +415,14 @@ The following list shows the supported values:
 **Security/RequireProvisioningPackageSignature**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -640,32 +455,14 @@ The following list shows the supported values:
 **Security/RequireRetrieveHealthCertificateOnBoot**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -689,8 +486,8 @@ Setting this policy to 1 (Required):
 -   Improves the performance of the device by enabling the device to fetch and cache data to reduce the latency during Device Health Verification.
 
 > [!NOTE]
-> We recommend that this policy is set to Required after MDM enrollment.
- 
+> We recommend that this policy is set to Required after MDM enrollment.
+ 
 
 Most restricted value is 1.
 
@@ -705,15 +502,5 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
-
\ No newline at end of file
+
diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
index 8f43acb2ab..118dd3a3a7 100644
--- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
+++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
@@ -32,32 +32,14 @@ ms.date: 09/27/2019
 **ServiceControlManager/SvchostProcessMitigation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procross mark
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -76,7 +58,7 @@ This policy setting enables process mitigation options on svchost.exe processes.
 
 If you enable this policy setting, built-in system services hosted in svchost.exe processes will have stricter security policies enabled on them.
 
-This includes a policy requiring all binaries loaded in these processes to be signed by Microsoft, as well as a policy disallowing dynamically-generated code.  
+These stricter security policies include a policy requiring all binaries loaded in these processes to be signed by Microsoft, and a policy disallowing dynamically generated code.  
 
 > [!IMPORTANT]
 > Enabling this policy could cause compatibility issues with third-party software that uses svchost.exe processes (for example, third-party antivirus software).
@@ -93,7 +75,7 @@ If you disable or do not configure this policy setting, the stricter security se
 
 
 ADMX Info:  
--   GP English name: *Enable svchost.exe mitigation options*
+-   GP Friendly name: *Enable svchost.exe mitigation options*
 -   GP name: *SvchostProcessMitigationEnable*
 -   GP path: *System/Service Control Manager Settings/Security Settings*
 -   GP ADMX file name: *ServiceControlManager.admx*
@@ -101,8 +83,8 @@ ADMX Info:
 
 
 Supported values:  
-- disabled - Do not add ACG/CIG enforcement and other process mitigation/code integrity policies to SVCHOST processes.
-- enabled - Add ACG/CIG enforcement and other process mitigation/code integrity policies to SVCHOST processes.
+- Disabled - Do not add ACG/CIG enforcement and other process mitigation/code integrity policies to SVCHOST processes.
+- Enabled - Add ACG/CIG enforcement and other process mitigation/code integrity policies to SVCHOST processes.
 
 
 
@@ -113,15 +95,4 @@ Supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 1e16989ede..1b0e0f8bc4 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -14,8 +14,6 @@ manager: dansimp
 
 # Policy CSP - Settings
 
-
-
 
                  
 
 
@@ -31,6 +29,9 @@ manager: dansimp
   
                  
     Settings/AllowDateTime
   
                  
+  
                  
+    Settings/AllowEditDeviceName
+  
                  
   
                  
     Settings/AllowLanguage
   
                  
@@ -70,32 +71,14 @@ manager: dansimp
 **Settings/AllowAutoPlay**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -110,14 +93,11 @@ manager: dansimp
 
 
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
 
 Allows the user to change Auto Play settings.
 
 > [!NOTE]
-> Setting this policy to 0 (Not allowed) does not affect the autoplay dialog box that appears when a device is connected.
+> Setting this policy to 0 (Not allowed) does not affect the autoplay dialog box that appears when a device is connected.
 
 
 
@@ -135,32 +115,14 @@ The following list shows the supported values:
 **Settings/AllowDataSense**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -177,6 +139,9 @@ The following list shows the supported values:
 
 Allows the user to change Data Sense settings.
 
+> [!NOTE]
+> The **AllowDataSense** policy is not supported on Windows 10, version 2004 and later.
+
 
 
 The following list shows the supported values:
@@ -193,32 +158,14 @@ The following list shows the supported values:
 **Settings/AllowDateTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -248,33 +195,39 @@ The following list shows the supported values:
 
                  
 
 
-**Settings/AllowLanguage**  
+**Settings/AllowEditDeviceName**  
 
 
 
-    
-    
+    
+    
+    
-    
+    
+    
-    
+    
+    
-    
+    
+    
-    
+    
+    
-    
+    
+    
                  
 
                  Windows EditionSupported?EditionWindows 10Windows 11
 
                  
 
                  
     Homecross markNoNo
 
                  
 
                  
     Procheck markYesYes
 
                  
 
                  
     Businesscheck markYesYes
 
                  
 
                  
     Enterprisecheck markYesYes
 
                  
 
                  
     Educationcheck markYesYes
 
                  
 
                  
 
@@ -291,9 +244,44 @@ The following list shows the supported values:
 
 
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+This policy disables edit device name option on Settings.
 
+
+
+
+Describes what values are supported in by this policy and meaning of each value, default value.
+
+
+
+
+
                  
+
+
+**Settings/AllowLanguage**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
 
 Allows the user to change the language settings.
 
@@ -313,32 +301,14 @@ The following list shows the supported values:
 **Settings/AllowOnlineTips**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -355,12 +325,12 @@ The following list shows the supported values:
 
 Enables or disables the retrieval of online tips and help for the Settings app.
 
-If disabled, Settings will not contact Microsoft content services to retrieve tips and help content.
+If disabled, Settings won't contact Microsoft content services to retrieve tips and help content.
 
 
 
 ADMX Info:  
--   GP English name: *Allow Online Tips*
+-   GP Friendly name: *Allow Online Tips*
 -   GP name: *AllowOnlineTips*
 -   GP element: *CheckBox_AllowOnlineTips*
 -   GP path: *Control Panel*
@@ -375,32 +345,14 @@ ADMX Info:
 **Settings/AllowPowerSleep**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -415,9 +367,6 @@ ADMX Info:
 
 
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
 
 Allows the user to change power and sleep settings.
 
@@ -437,32 +386,14 @@ The following list shows the supported values:
 **Settings/AllowRegion**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -477,9 +408,6 @@ The following list shows the supported values:
 
 
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
 
 Allows the user to change the region settings.
 
@@ -499,32 +427,14 @@ The following list shows the supported values:
 **Settings/AllowSignInOptions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -539,11 +449,8 @@ The following list shows the supported values:
 
 
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
 
-
-Allows the user to change sign-in options.
+Allows the user to change sign in options.
 
 
 
@@ -561,32 +468,14 @@ The following list shows the supported values:
 **Settings/AllowVPN**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -619,32 +508,14 @@ The following list shows the supported values:
 **Settings/AllowWorkplace**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -659,9 +530,6 @@ The following list shows the supported values:
 
 
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
 
 Allows user to change workplace settings.
 
@@ -681,32 +549,14 @@ The following list shows the supported values:
 **Settings/AllowYourAccount**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -739,32 +589,14 @@ The following list shows the supported values:
 **Settings/ConfigureTaskbarCalendar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -779,12 +611,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703.  Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout.  In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale.  Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale.
+Allows IT Admins to configure the default setting for showing more calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. Other supported calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale.  Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale.
 
 
 
 ADMX Info:  
--   GP English name: *Show additional calendar*
+-   GP Friendly name: *Show additional calendar*
 -   GP name: *ConfigureTaskbarCalendar*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *Taskbar.admx*
@@ -794,7 +626,7 @@ ADMX Info:
 The following list shows the supported values:
 
 -   0 (default) – User will be allowed to configure the setting.
--   1  – Don't show additional calendars.
+-   1  – Don't show more calendars.
 -   2  - Simplified Chinese (Lunar).
 -   3  - Traditional Chinese (Lunar).
 
@@ -807,32 +639,14 @@ The following list shows the supported values:
 **Settings/PageVisibilityList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -848,36 +662,46 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703.  Allows IT Admins to either  prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified.  The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth".  Multiple page identifiers are separated by semicolons.
+Allows IT Admins to either:
 
-The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively:
+- Prevent specific pages in the System Settings app from being visible or accessible
 
-showonly:about;bluetooth
+  OR
 
-If the policy is not specified, the behavior will be that no pages are affected. If the policy string is formatted incorrectly, it will be ignored entirely (i.e. treated as not set) to prevent the machine from becoming unserviceable if data corruption occurs. Note that if a page is already hidden for another reason, then it will remain hidden even if it is in a "showonly:" list.
+- To do so for all pages except the pages you enter
+
+The mode will be specified by the policy string beginning with either the string `showonly:` or `hide:`. Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix.
+
+For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth".  Multiple page identifiers are separated by semicolons. For more information on the URI reference scheme used for the various pages of the System Settings app, see [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference).
+
+The following example shows a policy that allows access only to the **about** and **bluetooth** pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively:
+
+`showonly:about;bluetooth`
+
+If the policy isn't specified, then the behavior is that no pages are affected. If the policy string is formatted incorrectly, then it's ignored (that is, treated as not set). It's ignored to prevent the machine from becoming unserviceable if data corruption occurs. If a page is already hidden for another reason, then it stays hidden, even if the page is in a `showonly:` list.
 
 The format of the PageVisibilityList value is as follows:
 
 - The value is a unicode string up to 10,000 characters long, which will be used without case sensitivity.
-- There are two variants: one that shows only the given pages and one which hides the given pages.
-- The first variant starts with the string "showonly:" and the second with the string "hide:".
+- There are two variants: one that shows only the given pages and one that hides the given pages.
+- The first variant starts with the string `showonly:` and the second with the string "hide:".
 - Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace.
-- Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:network-wifi" would be just "network-wifi".
+- Each page identifier is the `ms-settings:xyz` URI for the page, minus the `ms-settings:` prefix. So the identifier for the page with the `ms-settings:network-wifi` URI would be `network-wifi`.
 
 The default value for this setting is an empty string, which is interpreted as show everything.
 
-Example 1, specifies that only the wifi and bluetooth pages should be shown (they have URIs ms-settings:network-wifi and ms-settings:bluetooth). All other pages (and the categories they're in) will be hidden:
+**Example 1**: Only the wifi and bluetooth pages should be shown. They have URIs `ms-settings:network-wifi` and `ms-settings:bluetooth`. All other pages (and the categories they're in) will be hidden:
 
-showonly:network-wifi;bluetooth
+`showonly:network-wifi;bluetooth`
 
-Example 2, specifies that the wifi page should not be shown:
+**Example 2**: The wifi page shouldn't be shown:
 
-hide:network-wifi
+`hide:network-wifi`
 
 
 
 ADMX Info:  
--   GP English name: *Settings Page Visibility*
+-   GP Friendly name: *Settings Page Visibility*
 -   GP name: *SettingsPageVisibility*
 -   GP element: *SettingsPageVisibilityBox*
 -   GP path: *Control Panel*
@@ -885,7 +709,7 @@ ADMX Info:
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, use the following steps:
 
 1.   Open System Settings and verify that the About page is visible and accessible.
 2.   Configure the policy with the following string: "hide:about".
@@ -895,15 +719,5 @@ To validate on Desktop, do the following:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index 2cdf136faf..5da64f872e 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -15,7 +15,6 @@ manager: dansimp
 # Policy CSP - SmartScreen
 
 
-
 
                  
 
 
@@ -40,32 +39,14 @@ manager: dansimp
 **SmartScreen/EnableAppInstallControl**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -80,7 +61,7 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
+Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
 
 > [!Note]
 > This policy will block installation only while the device is online. To block offline installation too, **SmartScreen/PreventOverrideForFilesInShell** and **SmartScreen/EnableSmartScreenInShell** policies should also be enabled.
                  This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.
@@ -88,7 +69,7 @@ Added in Windows 10, version 1703. Allows IT Admins to control whether users ar
 
 
 ADMX Info:  
--   GP English name: *Configure App Install Control*
+-   GP Friendly name: *Configure App Install Control*
 -   GP name: *ConfigureAppInstallControl*
 -   GP path: *Windows Components/Windows Defender SmartScreen/Explorer*
 -   GP ADMX file name: *SmartScreen.admx*
@@ -109,32 +90,14 @@ The following list shows the supported values:
 **SmartScreen/EnableSmartScreenInShell**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -149,12 +112,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. Allows IT Admins to configure SmartScreen for Windows.
+Allows IT Admins to configure SmartScreen for Windows.
 
 
 
 ADMX Info:  
--   GP English name: *Configure Windows Defender SmartScreen*
+-   GP Friendly name: *Configure Windows Defender SmartScreen*
 -   GP name: *ShellConfigureSmartScreen*
 -   GP path: *Windows Components/Windows Defender SmartScreen/Explorer*
 -   GP ADMX file name: *SmartScreen.admx*
@@ -175,32 +138,14 @@ The following list shows the supported values:
 **SmartScreen/PreventOverrideForFilesInShell**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -215,12 +160,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. Allows IT Admins to control whether users can ignore SmartScreen warnings and run malicious files.
+Allows IT Admins to control whether users can ignore SmartScreen warnings and run malicious files.
 
 
 
 ADMX Info:  
--   GP English name: *Configure Windows Defender SmartScreen*
+-   GP Friendly name: *Configure Windows Defender SmartScreen*
 -   GP name: *ShellConfigureSmartScreen*
 -   GP element: *ShellConfigureSmartScreen_Dropdown*
 -   GP path: *Windows Components/Windows Defender SmartScreen/Explorer*
@@ -237,16 +182,4 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
-
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index 39cd9db038..fe81410adf 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -15,7 +15,6 @@ manager: dansimp
 # Policy CSP - Speech
 
 
-
 
                  
 
 
@@ -34,32 +33,14 @@ manager: dansimp
 **Speech/AllowSpeechModelUpdate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,12 +55,12 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1607. Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS).
+Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS).
 
 
 
 ADMX Info:  
--   GP English name: *Allow Automatic Update of Speech Data*
+-   GP Friendly name: *Allow Automatic Update of Speech Data*
 -   GP name: *AllowSpeechModelUpdate*
 -   GP path: *Windows Components/Speech*
 -   GP ADMX file name: *Speech.admx*
@@ -95,16 +76,6 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 1519ff7e40..f760f05bc0 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -51,6 +51,9 @@ manager: dansimp
   
                  
     Start/AllowPinnedFolderVideos
   
                  
+  
                  
+    Start/ConfigureStartPins
+  
                  
   
                  
     Start/DisableContextMenus
   
                  
@@ -108,6 +111,9 @@ manager: dansimp
   
                  
     Start/NoPinningToTaskbar
   
                  
+  
                  
+    Start/ShowOrHideMostUsedApps
+  
                  
   
                  
     Start/StartLayout
   
                  
@@ -120,32 +126,14 @@ manager: dansimp
 **Start/AllowPinnedFolderDocuments**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -160,7 +148,7 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1703. This policy controls the visibility of the Documents shortcut on the Start menu.
+This policy controls the visibility of the Documents shortcut on the Start menu.
 
 
 
@@ -168,7 +156,7 @@ The following list shows the supported values:
 
 -   0 – The shortcut is hidden and disables the setting in the Settings app.
 -   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+-   65535 (default) - there's no enforced configuration and the setting can be changed by the user.
 
 
 
@@ -179,32 +167,14 @@ The following list shows the supported values:
 **Start/AllowPinnedFolderDownloads**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -219,7 +189,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. This policy controls the visibility of the Downloads shortcut on the Start menu.
+This policy controls the visibility of the Downloads shortcut on the Start menu.
 
 
 
@@ -227,7 +197,7 @@ The following list shows the supported values:
 
 -   0 – The shortcut is hidden and disables the setting in the Settings app.
 -   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+-   65535 (default) - there's no enforced configuration and the setting can be changed by the user.
 
 
 
@@ -238,32 +208,14 @@ The following list shows the supported values:
 **Start/AllowPinnedFolderFileExplorer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -278,7 +230,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. This policy controls the visibility of the File Explorer shortcut on the Start menu.
+This policy controls the visibility of the File Explorer shortcut on the Start menu.
 
 
 
@@ -286,7 +238,7 @@ The following list shows the supported values:
 
 -   0 – The shortcut is hidden and disables the setting in the Settings app.
 -   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+-   65535 (default) - there's no enforced configuration and the setting can be changed by the user.
 
 
 
@@ -297,32 +249,14 @@ The following list shows the supported values:
 **Start/AllowPinnedFolderHomeGroup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -337,7 +271,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. This policy controls the visibility of the HomeGroup shortcut on the Start menu.
+This policy controls the visibility of the HomeGroup shortcut on the Start menu.
 
 
 
@@ -345,7 +279,7 @@ The following list shows the supported values:
 
 -   0 – The shortcut is hidden and disables the setting in the Settings app.
 -   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+-   65535 (default) - there's no enforced configuration and the setting can be changed by the user.
 
 
 
@@ -356,32 +290,14 @@ The following list shows the supported values:
 **Start/AllowPinnedFolderMusic**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -396,7 +312,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. This policy controls the visibility of the Music shortcut on the Start menu.
+This policy controls the visibility of the Music shortcut on the Start menu.
 
 
 
@@ -404,7 +320,7 @@ The following list shows the supported values:
 
 -   0 – The shortcut is hidden and disables the setting in the Settings app.
 -   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+-   65535 (default) - there's no enforced configuration and the setting can be changed by the user.
 
 
 
@@ -415,32 +331,14 @@ The following list shows the supported values:
 **Start/AllowPinnedFolderNetwork**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -455,7 +353,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. This policy controls the visibility of the Network shortcut on the Start menu.
+This policy controls the visibility of the Network shortcut on the Start menu.
 
 
 
@@ -463,7 +361,7 @@ The following list shows the supported values:
 
 -   0 – The shortcut is hidden and disables the setting in the Settings app.
 -   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+-   65535 (default) - there's no enforced configuration and the setting can be changed by the user.
 
 
 
@@ -474,32 +372,14 @@ The following list shows the supported values:
 **Start/AllowPinnedFolderPersonalFolder**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -514,7 +394,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. This policy controls the visibility of the PersonalFolder shortcut on the Start menu.
+This policy controls the visibility of the PersonalFolder shortcut on the Start menu.
 
 
 
@@ -522,7 +402,7 @@ The following list shows the supported values:
 
 -   0 – The shortcut is hidden and disables the setting in the Settings app.
 -   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+-   65535 (default) - there's no enforced configuration and the setting can be changed by the user.
 
 
 
@@ -533,32 +413,14 @@ The following list shows the supported values:
 **Start/AllowPinnedFolderPictures**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -573,7 +435,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. This policy controls the visibility of the Pictures shortcut on the Start menu.
+This policy controls the visibility of the Pictures shortcut on the Start menu.
 
 
 
@@ -581,7 +443,7 @@ The following list shows the supported values:
 
 -   0 – The shortcut is hidden and disables the setting in the Settings app.
 -   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+-   65535 (default) - there's no enforced configuration and the setting can be changed by the user.
 
 
 
@@ -592,32 +454,14 @@ The following list shows the supported values:
 **Start/AllowPinnedFolderSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -632,7 +476,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. This policy controls the visibility of the Settings shortcut on the Start menu.
+This policy controls the visibility of the Settings shortcut on the Start menu.
 
 
 
@@ -640,7 +484,7 @@ The following list shows the supported values:
 
 -   0 – The shortcut is hidden and disables the setting in the Settings app.
 -   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+-   65535 (default) - there's no enforced configuration and the setting can be changed by the user.
 
 
 
@@ -651,32 +495,14 @@ The following list shows the supported values:
 **Start/AllowPinnedFolderVideos**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -691,7 +517,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. This policy controls the visibility of the Videos shortcut on the Start menu.
+This policy controls the visibility of the Videos shortcut on the Start menu.
 
 
 
@@ -699,7 +525,7 @@ The following list shows the supported values:
 
 -   0 – The shortcut is hidden and disables the setting in the Settings app.
 -   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+-   65535 (default) - there's no enforced configuration and the setting can be changed by the user.
 
 
 
@@ -707,33 +533,33 @@ The following list shows the supported values:
 
                  
 
 
-**Start/DisableContextMenus**  
+**Start/ConfigureStartPins**  
 
 
 
-    
-    
+    
+    
-    
+    
-    
+    
-    
+    
-    
+    
-    
+    
                  
 
                  Windows EditionSupported?EditionWindows 11
 
                  
 
                  
     Homecross markNo
 
                  
 
                  
     Procheck mark4Yes
 
                  
 
                  
     Businesscheck mark4Yes
 
                  
 
                  
     Enterprisecheck mark4Yes
 
                  
 
                  
     Educationcheck mark4Yes
 
                  
 
                  
 
@@ -743,6 +569,49 @@ The following list shows the supported values:
 
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
                  
+
+
+
+This policy will allow admins to push a new list of pinned apps to override the default/current list of pinned apps in the Windows 11 start menu experience.
+
+It contains details on how to configure the start menu on Windows 11, see [/windows-hardware/customize/desktop/customize-the-windows-11-start-menu](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu)
+
+
+
+
+
+This string policy will take a JSON file (expected name LayoutModification.json), which enumerates the items to pin and their relative order.
+
+
+
+
+
                  
+
+
+
+**Start/DisableContextMenus**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
 > [!div class = "checklist"]
 > * User
 > * Device
@@ -756,7 +625,7 @@ Enabling this policy prevents context menus from being invoked in the Start Menu
 
 
 ADMX Info:  
--   GP English name: *Disable context menus in the Start Menu*
+-   GP Friendly name: *Disable context menus in the Start Menu*
 -   GP name: *DisableContextMenusInStart*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -765,7 +634,7 @@ ADMX Info:
 
 The following list shows the supported values:
 
--   0 (default) – False (Do not disable).
+-   0 (default) – False (don't disable).
 -   1 - True (disable).
 
 
@@ -783,32 +652,14 @@ The following list shows the supported values:
 **Start/ForceStartSize**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -817,26 +668,24 @@ The following list shows the supported values:
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
 > [!div class = "checklist"]
+> * User
 > * Device
 
 
                  
 
 
 
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
 
 Forces the start screen size.
 
 
-If there is policy configuration conflict, the latest configuration request is applied to the device.
+If there's policy configuration conflict, the latest configuration request is applied to the device.
 
 
 
 The following list shows the supported values:
 
--   0 (default) – Do not force size of Start.
+-   0 (default) – Don't force size of Start.
 -   1 – Force non-fullscreen size of Start.
 -   2 - Force a fullscreen size of Start.
 
@@ -849,32 +698,14 @@ The following list shows the supported values:
 **Start/HideAppList**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -883,6 +714,7 @@ The following list shows the supported values:
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
 > [!div class = "checklist"]
+> * User
 > * Device
 
 
                  
@@ -890,7 +722,7 @@ The following list shows the supported values:
 
 
 > [!NOTE]
-> This policy requires reboot to take effect.
+> This policy requires reboot to take effect.
 
 Allows IT Admins to configure Start by collapsing or removing the all apps list.
 
@@ -898,12 +730,12 @@ Allows IT Admins to configure Start by collapsing or removing the all apps list.
 > There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709. 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 -   1 - Enable policy and restart explorer.exe
--   2a - If set to '1': Verify that the all apps list is collapsed, and that the Settings toggle is not grayed out.
+-   2a - If set to '1': Verify that the all apps list is collapsed, and that the Settings toggle isn't grayed out.
 -   2b - If set to '2': Verify that the all apps list is collapsed, and that the Settings toggle is grayed out.
--   2c - If set to '3': Verify that there is no way of opening the all apps list from Start, and that the Settings toggle is grayed out.
+-   2c - If set to '3': Verify that there's no way of opening the all apps list from Start, and that the Settings toggle is grayed out.
 
 
 
@@ -923,32 +755,14 @@ The following list shows the supported values:
 **Start/HideChangeAccountSettings**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -963,21 +777,21 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile.
+Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile.
 
 
 
 The following list shows the supported values:
 
--   0 (default) – False (do not hide).
+-   0 (default) – False (don't hide).
 -   1 - True (hide).
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Enable policy.
-2.   Open Start, click on the user tile, and verify that "Change account settings" is not available.
+2.   Open Start, click on the user tile, and verify that "Change account settings" isn't available.
 
 
 
@@ -988,32 +802,14 @@ To validate on Desktop, do the following:
 **Start/HideFrequentlyUsedApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1030,27 +826,27 @@ To validate on Desktop, do the following:
 
 
 > [!NOTE]
-> This policy requires reboot to take effect.
+> This policy requires reboot to take effect.
 
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding most used apps.
+Allows IT Admins to configure Start by hiding most used apps.
 
 
 
 The following list shows the supported values:
 
--   0 (default) – False (do not hide).
+-   0 (default) – False (don't hide).
 -   1 - True (hide).
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Enable "Show most used apps" in the Settings app.
 2.   Use some apps to get them into the most used group in Start.
 3.   Enable policy.
 4.   Restart explorer.exe
 5.   Check that  "Show most used apps" Settings toggle is grayed out.
-6.   Check that most used apps do not appear in Start.
+6.   Check that most used apps don't appear in Start.
 
 
 
@@ -1061,32 +857,14 @@ To validate on Desktop, do the following:
 **Start/HideHibernate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1101,25 +879,25 @@ To validate on Desktop, do the following:
 
 
 
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button.
+Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button.
 
 
 > [!NOTE]
-> This policy can only be verified on laptops as "Hibernate" does not appear on regular PC's.
+> This policy can only be verified on laptops as "Hibernate" doesn't appear on regular PC's.
 
 
 
 The following list shows the supported values:
 
--   0 (default) – False (do not hide).
+-   0 (default) – False (don't hide).
 -   1 - True (hide).
 
 
 
-To validate on Laptop, do the following:
+To validate on Laptop, do the following steps:
 
 1.   Enable policy.
-2.   Open Start, click on the Power button, and verify "Hibernate" is not available.
+2.   Open Start, click on the Power button, and verify "Hibernate" isn't available.
 
 
 
@@ -1130,32 +908,14 @@ To validate on Laptop, do the following:
 **Start/HideLock**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1170,21 +930,21 @@ To validate on Laptop, do the following:
 
 
 
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile.
+Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile.
 
 
 
 The following list shows the supported values:
 
--   0 (default) – False (do not hide).
+-   0 (default) – False (don't hide).
 -   1 - True (hide).
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Enable policy.
-2.   Open Start, click on the user tile, and verify "Lock" is not available.
+2.   Open Start, click on the user tile, and verify "Lock" isn't available.
 
 
 
@@ -1195,32 +955,14 @@ To validate on Desktop, do the following:
 **Start/HidePeopleBar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1235,14 +977,14 @@ To validate on Desktop, do the following:
 
 
 
-Added in Windows 10, version 1709. Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.
+Enabling this policy removes the people icon from the taskbar and the corresponding settings toggle. It also prevents users from pinning people to the taskbar.
 
 Value type is integer.
 
 
 
 ADMX Info:  
--   GP English name: *Remove the People Bar from the taskbar*
+-   GP Friendly name: *Remove the People Bar from the taskbar*
 -   GP name: *HidePeopleBar*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1251,7 +993,7 @@ ADMX Info:
 
 The following list shows the supported values:
 
--   0 (default) – False (do not hide).
+-   0 (default) – False (don't hide).
 -   1 - True (hide).
 
 
@@ -1263,32 +1005,14 @@ The following list shows the supported values:
 **Start/HidePowerButton**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1304,23 +1028,23 @@ The following list shows the supported values:
 
 
 > [!NOTE]
-> This policy requires reboot to take effect.
+> This policy requires reboot to take effect.
 
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the Power button from appearing.
+Allows IT Admins to configure Start by hiding the Power button from appearing.
 
 
 
 The following list shows the supported values:
 
--   0 (default) – False (do not hide).
+-   0 (default) – False (don't hide).
 -   1 - True (hide).
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Enable policy.
-2.   Open Start, and verify the power button is not available.
+2.   Open Start, and verify the power button isn't available.
 
 
 
@@ -1331,32 +1055,14 @@ To validate on Desktop, do the following:
 **Start/HideRecentJumplists**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1372,20 +1078,20 @@ To validate on Desktop, do the following:
 
 
 > [!NOTE]
-> This policy requires reboot to take effect.
+> This policy requires reboot to take effect.
 
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently opened items in the jump lists from appearing.
+Allows IT Admins to configure Start by hiding recently opened items in the jump lists from appearing.
 
 
 
 The following list shows the supported values:
 
--   0 (default) – False (do not hide).
+-   0 (default) – False (don't hide).
 -   1 - True (hide).
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Enable "Show recently opened items in Jump Lists on Start of the taskbar" in Settings.
 2.   Pin Photos to the taskbar, and open some images in the photos app.
@@ -1395,7 +1101,7 @@ To validate on Desktop, do the following:
 6.   Restart explorer.exe
 7.   Check that Settings toggle is grayed out.
 8.   Repeat Step 2.
-9.   Right Click pinned photos app and verify that there is no jump list of recent items.
+9.   Right Click pinned photos app and verify that there's no jump list of recent items.
 
 
 
@@ -1406,32 +1112,14 @@ To validate on Desktop, do the following:
 **Start/HideRecentlyAddedApps**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1440,6 +1128,7 @@ To validate on Desktop, do the following:
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
 > [!div class = "checklist"]
+> * User
 > * Device
 
 
                  
@@ -1447,14 +1136,14 @@ To validate on Desktop, do the following:
 
 
 > [!NOTE]
-> This policy requires reboot to take effect.
+> This policy requires reboot to take effect.
 
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently added apps.
+Allows IT Admins to configure Start by hiding recently added apps.
 
 
 
 ADMX Info:  
--   GP English name: *Remove "Recently added" list from Start Menu*
+-   GP Friendly name: *Remove "Recently added" list from Start Menu*
 -   GP name: *HideRecentlyAddedApps*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -1463,19 +1152,19 @@ ADMX Info:
 
 The following list shows the supported values:
 
--   0 (default) – False (do not hide).
+-   0 (default) – False (don't hide).
 -   1 - True (hide).
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Enable "Show recently added apps" in the Settings app.
 2.   Check if there are recently added apps in Start (if not, install some).
 3.   Enable policy.
 4.   Restart explorer.exe
 5.   Check that "Show recently added apps" Settings toggle is grayed out.
-6.   Check that recently added apps do not appear in Start.
+6.   Check that recently added apps don't appear in Start.
 
 
 
@@ -1486,32 +1175,14 @@ To validate on Desktop, do the following:
 **Start/HideRestart**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1526,21 +1197,21 @@ To validate on Desktop, do the following:
 
 
 
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button.
+Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button.
 
 
 
 The following list shows the supported values:
 
--   0 (default) – False (do not hide).
+-   0 (default) – False (don't hide).
 -   1 - True (hide).
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Enable policy.
-2.   Open Start, click on the Power button, and verify "Restart" and "Update and restart" are not available.
+2.   Open Start, click on the Power button, and verify "Restart" and "Update and restart" aren't available.
 
 
 
@@ -1551,32 +1222,14 @@ To validate on Desktop, do the following:
 **Start/HideShutDown**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1591,21 +1244,21 @@ To validate on Desktop, do the following:
 
 
 
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button.
+Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button.
 
 
 
 The following list shows the supported values:
 
--   0 (default) – False (do not hide).
+-   0 (default) – False (don't hide).
 -   1 - True (hide).
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Enable policy.
-2.   Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" are not available.
+2.   Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" aren't available.
 
 
 
@@ -1616,32 +1269,14 @@ To validate on Desktop, do the following:
 **Start/HideSignOut**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1656,21 +1291,21 @@ To validate on Desktop, do the following:
 
 
 
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile.
+Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile.
 
 
 
 The following list shows the supported values:
 
--   0 (default) – False (do not hide).
+-   0 (default) – False (don't hide).
 -   1 - True (hide).
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Enable policy.
-2.   Open Start, click on the user tile, and verify "Sign out" is not available.
+2.   Open Start, click on the user tile, and verify "Sign out" isn't available.
 
 
 
@@ -1681,32 +1316,14 @@ To validate on Desktop, do the following:
 **Start/HideSleep**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1721,21 +1338,21 @@ To validate on Desktop, do the following:
 
 
 
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button.
+Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button.
 
 
 
 The following list shows the supported values:
 
--   0 (default) – False (do not hide).
+-   0 (default) – False (don't hide).
 -   1 - True (hide).
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Enable policy.
-2.   Open Start, click on the Power button, and verify that "Sleep" is not available.
+2.   Open Start, click on the Power button, and verify that "Sleep" isn't available.
 
 
 
@@ -1746,32 +1363,14 @@ To validate on Desktop, do the following:
 **Start/HideSwitchAccount**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1786,21 +1385,21 @@ To validate on Desktop, do the following:
 
 
 
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile.
+Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile.
 
 
 
 The following list shows the supported values:
 
--   0 (default) – False (do not hide).
+-   0 (default) – False (don't hide).
 -   1 - True (hide).
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Enable policy.
-2.   Open Start, click on the user tile, and verify that "Switch account" is not available.
+2.   Open Start, click on the user tile, and verify that "Switch account" isn't available.
 
 
 
@@ -1811,32 +1410,14 @@ To validate on Desktop, do the following:
 **Start/HideUserTile**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1852,24 +1433,24 @@ To validate on Desktop, do the following:
 
 
 > [!NOTE]
-> This policy requires reboot to take effect.
+> This policy requires reboot to take effect.
 
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the user tile.
+Allows IT Admins to configure Start by hiding the user tile.
 
 
 
 The following list shows the supported values:
 
--   0 (default) – False (do not hide).
+-   0 (default) – False (don't hide).
 -   1 - True (hide).
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Enable policy.
-2.   Log off.
-3.   Log in, and verify that the user tile is gone from Start.
+2.   Sign out.
+3.   Sign in, and verify that the user tile is gone from Start.
 
 
 
@@ -1880,32 +1461,14 @@ To validate on Desktop, do the following:
 **Start/ImportEdgeAssets**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1921,9 +1484,9 @@ To validate on Desktop, do the following:
 
 
 > [!NOTE]
-> This policy requires reboot to take effect.
+> This policy requires reboot to take effect.
 
-Here is additional SKU support information:
+Here's more SKU support information:
 
 |Release |SKU Supported  |
 |---------|---------|
@@ -1931,16 +1494,16 @@ Here is additional SKU support information:
 |Windows 10, version 1703 and later |Enterprise, Education, Business |
 |Windows 10, version 1709 and later |Enterprise, Education, Business, Pro, ProEducation, S, ProWorkstation |
 
-Added in Windows 10, version 1703. This policy imports Edge assets (e.g. .png/.jpg files) for secondary tiles into its local app data path which allows the StartLayout policy to pin Edge secondary tiles as weblink that tie to the image asset files.
+This policy imports Edge assets (for example, .png/.jpg files) for secondary tiles into its local app data path, which allows the StartLayout policy to pin Edge secondary tiles as weblink that ties to the image asset files.
 
 > [!IMPORTANT]
-> Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy whenever there are Edge secondary tiles to be pinned from StartLayout policy.
+> Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy whenever there are Edge secondary tiles to be pinned from StartLayout policy.
 
 The value set for this policy is an XML string containing Edge assets.  For an example XML string, see [Add image for secondary Microsoft Edge tiles](/windows/configuration/start-secondary-tiles).
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Set policy with an XML for Edge assets.
 2.   Set StartLayout policy to anything so that it would trigger the Edge assets import.
@@ -1956,32 +1519,14 @@ To validate on Desktop, do the following:
 **Start/NoPinningToTaskbar**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1996,7 +1541,7 @@ To validate on Desktop, do the following:
 
 
 
-Added in Windows 10, version 1703. Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar.
+Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar.
 
 
 
@@ -2007,49 +1552,100 @@ The following list shows the supported values:
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Enable policy.
 2.   Right click on a program pinned to taskbar.
-3.   Verify that "Unpin from taskbar" menu does not show.
+3.   Verify that "Unpin from taskbar" menu doesn't show.
 4.   Open Start and right click on one of the app list icons.
-5.   Verify that More->Pin to taskbar menu does not show.
+5.   Verify that More->Pin to taskbar menu doesn't show.
 
 
 
 
 
                  
 
+
+
+**Start/ShowOrHideMostUsedApps**  
+
+
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+
                  EditionWindows 10Windows 11
                  HomeNoNo
                  ProYesYes
                  BusinessYesYes
                  EnterpriseYesYes
                  EducationYesYes
                  
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
                  
+
+
+
+
+
+
+The following list shows the supported values:
+
+- 1 - Force showing of Most Used Apps in Start Menu, user can't change in Settings
+- 0 - Force hiding of Most Used Apps in Start Menu, user can't change in Settings
+- Not set - User can use Settings to hide or show Most Used Apps in Start Menu
+
+On clean install, the user setting defaults to "hide".
+
+
+
+
+
+
                  
+
 
 **Start/StartLayout**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
 
 
 
                  
@@ -2066,9 +1662,9 @@ To validate on Desktop, do the following:
 
 
 > [!IMPORTANT]
-> Added in Windows 10 version 1703: In addition to being able to set this node on a per user-basis, it can now also be set on a per-device basis. For more information, see [Policy scope](./policy-configuration-service-provider.md#policy-scope)  
+> In addition to being able to set this node on a per user-basis, it can now also be set on a per-device basis. For more information, see [Policy scope](./policy-configuration-service-provider.md#policy-scope)  
 
-Here is additional SKU support information:
+Here's more SKU support information:
 
 |Release |SKU Supported  |
 |---------|---------|
@@ -2078,12 +1674,12 @@ Here is additional SKU support information:
 
 Allows you to override the default Start layout and prevents the user from changing it. If both user and device policies are set, the user policy will be used. Apps pinned to the taskbar can also be changed with this policy
 
-For further details on how to customize the Start layout, please see [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](/windows/configuration/configure-windows-10-taskbar).
+For more information on how to customize the Start layout, see [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](/windows/configuration/configure-windows-10-taskbar).
 
 
 
 ADMX Info:  
--   GP English name: *Start Layout*
+-   GP Friendly name: *Start Layout*
 -   GP name: *LockedStartLayout*
 -   GP path: *Start Menu and Taskbar*
 -   GP ADMX file name: *StartMenu.admx*
@@ -2092,15 +1688,4 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
-
\ No newline at end of file
+
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index e55afed42c..383f6aedfb 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -5,9 +5,9 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
-ms.date: 09/27/2019
+ms.date: 03/25/2022
 ms.reviewer: 
 manager: dansimp
 ---
@@ -15,7 +15,6 @@ manager: dansimp
 # Policy CSP - Storage
 
 
-
 
                  
 
 
@@ -49,6 +48,21 @@ manager: dansimp
   
                  
     Storage/RemovableDiskDenyWriteAccess
   
                  
+  
                  
+    Storage/WPDDevicesDenyReadAccessPerDevice
+  
                  
+  
                  
+    Storage/WPDDevicesDenyReadAccessPerUser
+  
                  
+  
                  
+    Storage/WPDDevicesDenyWriteAccessPerDevice
+  
                  
+  
                  
+    Storage/WPDDevicesDenyWriteAccessPerUser
+  
                  
+  
                  
+    StorageHealthMonitor/DisableStorageHealthMonitor
+  
                  
 
                  
 
 
@@ -58,32 +72,14 @@ manager: dansimp
 **Storage/AllowDiskHealthModelUpdates**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -98,14 +94,14 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1709.  Allows disk health model updates.
+Allows disk health model updates.
 
 Value type is integer.
 
 
 
 ADMX Info:  
--   GP English name: *Allow downloading updates to the Disk Failure Prediction Model*
+-   GP Friendly name: *Allow downloading updates to the Disk Failure Prediction Model*
 -   GP name: *SH_AllowDiskHealthModelUpdates*
 -   GP path: *System/Storage Health*
 -   GP ADMX file name: *StorageHealth.admx*
@@ -114,7 +110,7 @@ ADMX Info:
 
 The following list shows the supported values:
 
--   0 - Do not allow
+-   0 - Don't allow
 -   1 (default) - Allow
 
 
@@ -126,32 +122,16 @@ The following list shows the supported values:
 **Storage/AllowStorageSenseGlobal**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Home
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|||
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+Note: Versions prior to version 1903 don't support group policy.
 
 
 
                  
@@ -168,15 +148,15 @@ The following list shows the supported values:
 
 Storage Sense can automatically clean some of the user’s files to free up disk space. By default, Storage Sense is automatically turned on when the machine runs into low disk space and is set to run whenever the machine runs into storage pressure. This cadence can be changed in Storage settings or set with the Storage/ConfigStorageSenseGlobalCadence group policy.
 
-If you enable this policy setting without setting a cadence, Storage Sense is turned on for the machine with the default cadence of "during low free disk space." Users cannot disable Storage Sense, but they can adjust the cadence (unless you also configure the Storage/ConfigStorageSenseGlobalCadence group policy).
+If you enable this policy setting without setting a cadence, Storage Sense is turned on for the machine with the default cadence of "during low free disk space." Users can't disable Storage Sense, but they can adjust the cadence (unless you also configure the Storage/ConfigStorageSenseGlobalCadence group policy).
 
-If you disable this policy setting, the machine will turn off Storage Sense. Users cannot enable Storage Sense.
+If you disable this policy setting, the machine will turn off Storage Sense. Users can't enable Storage Sense.
 
-If you do not configure this policy setting, Storage Sense is turned off by default until the user runs into low disk space or the user enables it manually. Users can configure this setting in Storage settings.
+If you don't configure this policy setting, Storage Sense is turned off by default until the user runs into low disk space or the user enables it manually. Users can configure this setting in Storage settings.
 
 
 ADMX Info:  
--   GP English name: *Allow Storage Sense*
+-   GP Friendly name: *Allow Storage Sense*
 -   GP name: *SS_AllowStorageSenseGlobal*
 -   GP path: *System/Storage Sense*
 -   GP ADMX file name: *StorageSense.admx*
@@ -199,32 +179,16 @@ ADMX Info:
 **Storage/AllowStorageSenseTemporaryFilesCleanup**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Home
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|||
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+Note: Versions prior to version 1903 don't support group policy.
 
 
 
                  
@@ -239,20 +203,20 @@ ADMX Info:
 
 
 
-When Storage Sense runs, it can delete the user’s temporary files that are not in use.
+When Storage Sense runs, it can delete the user’s temporary files that aren't in use.
 
-If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
+If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy doesn't have any effect.
 
-If you enable this policy setting, Storage Sense will delete the user’s temporary files that are not in use. Users cannot disable this setting in Storage settings.
+If you enable this policy setting, Storage Sense will delete the user’s temporary files that aren't in use. Users can't disable this setting in Storage settings.
 
-If you disable this policy setting, Storage Sense will not delete the user’s temporary files. Users cannot enable this setting in Storage settings.
+If you disable this policy setting, Storage Sense won't delete the user’s temporary files. Users can't enable this setting in Storage settings.
 
-If you do not configure this policy setting, Storage Sense will delete the user’s temporary files by default. Users can configure this setting in Storage settings.
+If you don't configure this policy setting, Storage Sense will delete the user’s temporary files by default. Users can configure this setting in Storage settings.
 
 
 
 ADMX Info:  
--   GP English name: *Allow Storage Sense Temporary Files cleanup*
+-   GP Friendly name: *Allow Storage Sense Temporary Files cleanup*
 -   GP name: *SS_AllowStorageSenseTemporaryFilesCleanup*
 -   GP path: *System/Storage Sense*
 -   GP ADMX file name: *StorageSense.admx*
@@ -275,32 +239,16 @@ ADMX Info:
 **Storage/ConfigStorageSenseCloudContentDehydrationThreshold**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Home
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|||
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+Note: Versions prior to version 1903 don't support group policy.
 
 
 
                  
@@ -315,20 +263,20 @@ ADMX Info:
 
 
 
-When Storage Sense runs, it can dehydrate cloud-backed content that hasn’t been opened in a certain amount of days.
+When Storage Sense runs, it can dehydrate cloud-backed content that hasn’t been opened in a certain number of days.
 
-If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
+If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy doesn't have any effect.
 
 If you enable this policy setting, you must provide the minimum number of days a cloud-backed file can remain unopened before Storage Sense dehydrates it. Supported values are: 0–365.
 
-If you set this value to zero, Storage Sense will not dehydrate any cloud-backed content. The default value is 0, which never dehydrates cloud-backed content.
+If you set this value to zero, Storage Sense won't dehydrate any cloud-backed content. The default value is 0, which never dehydrates cloud-backed content.
 
-If you disable or do not configure this policy setting, then Storage Sense will not dehydrate any cloud-backed content by default. Users can configure this setting in Storage settings.
+If you disable or don't configure this policy setting, then Storage Sense won't dehydrate any cloud-backed content by default. Users can configure this setting in Storage settings.
 
 
 
 ADMX Info:  
--   GP English name: *Configure Storage Sense Cloud Content dehydration threshold*
+-   GP Friendly name: *Configure Storage Sense Cloud Content dehydration threshold*
 -   GP name: *SS_ConfigStorageSenseCloudContentDehydrationThreshold*
 -   GP path: *System/Storage Sense*
 -   GP ADMX file name: *StorageSense.admx*
@@ -351,32 +299,16 @@ ADMX Info:
 **Storage/ConfigStorageSenseDownloadsCleanupThreshold**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Home
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|||
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+Note: Versions prior to version 1903 don't support group policy.
 
 
 
                  
@@ -393,18 +325,18 @@ ADMX Info:
 
 When Storage Sense runs, it can delete files in the user’s Downloads folder if they haven’t been opened for more than a certain number of days.
 
-If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
+If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy doesn't have any effect.
 
 If you enable this policy setting, you must provide the minimum number of days a file can remain unopened before Storage Sense deletes it from the Downloads folder. Supported values are: 0-365.
 
-If you set this value to zero, Storage Sense will not delete files in the user’s Downloads folder. The default is 0, or never deleting files in the Downloads folder.
+If you set this value to zero, Storage Sense won't delete files in the user’s Downloads folder. The default is 0, or never deleting files in the Downloads folder.
 
-If you disable or do not configure this policy setting, then Storage Sense will not delete files in the user’s Downloads folder by default. Users can configure this setting in Storage settings.
+If you disable or don't configure this policy setting, then Storage Sense won't delete files in the user’s Downloads folder by default. Users can configure this setting in Storage settings.
 
 
 
 ADMX Info:  
--   GP English name: *Configure Storage Storage Downloads cleanup threshold*
+-   GP Friendly name: *Configure Storage Storage Downloads cleanup threshold*
 -   GP name: *SS_ConfigStorageSenseDownloadsCleanupThreshold*
 -   GP path: *System/Storage Sense*
 -   GP ADMX file name: *StorageSense.admx*
@@ -427,32 +359,16 @@ ADMX Info:
 **Storage/ConfigStorageSenseGlobalCadence**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Home
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|||
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+Note: Versions prior to version 1903 don't support group policy.
 
 
 
                  
@@ -468,7 +384,7 @@ ADMX Info:
 
 
 Storage Sense can automatically clean some of the user’s files to free up disk space.
-If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
+If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy doesn't have any effect.
 
 If you enable this policy setting, you must provide the desired Storage Sense cadence.
 
@@ -481,12 +397,12 @@ The following are supported options:
 
 The default is 0 (during low free disk space).
 
-If you do not configure this policy setting, then the Storage Sense cadence is set to “during low free disk space” by default. Users can configure this setting in Storage settings.
+If you don't configure this policy setting, then the Storage Sense cadence is set to “during low free disk space” by default. Users can configure this setting in Storage settings.
 
 
 
 ADMX Info:  
--   GP English name: *Configure Storage Sense cadence*
+-   GP Friendly name: *Configure Storage Sense cadence*
 -   GP name: *SS_ConfigStorageSenseGlobalCadence*
 -   GP path: *System/Storage Sense*
 -   GP ADMX file name: *StorageSense.admx*
@@ -509,32 +425,16 @@ ADMX Info:
 **Storage/ConfigStorageSenseRecycleBinCleanupThreshold**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Home
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|||
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+Note: Versions prior to version 1903 don't support group policy.
 
 
 
                  
@@ -549,20 +449,20 @@ ADMX Info:
 
 
 
-When Storage Sense runs, it can delete files in the user’s Recycle Bin if they have been there for over a certain amount of days.
+When Storage Sense runs, it can delete files in the user’s Recycle Bin if they've been there for over a certain number of days.
 
-If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
+If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy doesn't have any effect.
 
 If you enable this policy setting, you must provide the minimum age threshold (in days) of a file in the Recycle Bin before Storage Sense will delete it. Supported values are: 0–365.
 
-If you set this value to zero, Storage Sense will not delete files in the user’s Recycle Bin. The default is 30 days.
+If you set this value to zero, Storage Sense won't delete files in the user’s Recycle Bin. The default is 30 days.
 
-If you disable or do not configure this policy setting, Storage Sense will delete files in the user’s Recycle Bin that have been there for over 30 days by default. Users can configure this setting in Storage settings.
+If you disable or don't configure this policy setting, Storage Sense will delete files in the user’s Recycle Bin which have been there for over 30 days by default. Users can configure this setting in Storage settings.
 
 
 
 ADMX Info:  
--   GP English name: *Configure Storage Sense Recycle Bin cleanup threshold*
+-   GP Friendly name: *Configure Storage Sense Recycle Bin cleanup threshold*
 -   GP name: *SS_ConfigStorageSenseRecycleBinCleanupThreshold*
 -   GP path: *System/Storage Sense*
 -   GP ADMX file name: *StorageSense.admx*
@@ -585,32 +485,14 @@ ADMX Info:
 **Storage/EnhancedStorageDevices**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -627,9 +509,9 @@ ADMX Info:
 
 This policy setting configures whether or not Windows will activate an Enhanced Storage device.
 
-If you enable this policy setting, Windows will not activate unactivated Enhanced Storage devices.
+If you enable this policy setting, Windows won't activate unactivated Enhanced Storage devices.
 
-If you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage devices.
+If you disable or don't configure this policy setting, Windows will activate unactivated Enhanced Storage devices.
 
 
 > [!TIP]
@@ -641,7 +523,7 @@ If you disable or do not configure this policy setting, Windows will activate un
 
 
 ADMX Info:  
--   GP English name: *Do not allow Windows to activate Enhanced Storage devices*
+-   GP Friendly name: *Do not allow Windows to activate Enhanced Storage devices*
 -   GP name: *TCGSecurityActivationDisabled*
 -   GP path: *System/Enhanced Storage Access*
 -   GP ADMX file name: *enhancedstorage.admx*
@@ -655,32 +537,14 @@ ADMX Info:
 **Storage/RemovableDiskDenyWriteAccess**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -695,7 +559,7 @@ ADMX Info:
 
 
 
-If you enable this policy setting, write access is denied to this removable storage class. If you disable or do not configure this policy setting, write access is allowed to this removable storage class. 
+If you enable this policy setting, write access is denied to this removable storage class. If you disable or don't configure this policy setting, write access is allowed to this removable storage class. 
 
 > [!Note]
 > To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives."
@@ -707,7 +571,7 @@ Supported values:
 
 
 ADMX Info:  
--   GP English name: *Removable Disks: Deny write access*
+-   GP Friendly name: *Removable Disks: Deny write access*
 -   GP name: *RemovableDisks_DenyWrite_Access_2*
 -   GP element: *RemovableDisks_DenyWrite_Access_2*
 -   GP path: *System/Removable Storage Access*
@@ -729,15 +593,299 @@ See [Use custom settings for Windows 10 devices in Intune](/intune/custom-settin
 
 
                  
 
-Footnotes:
+
+**Storage/WPDDevicesDenyReadAccessPerDevice**  
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
+
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
+- Mass Storage Class (MSC) over USB
+
+To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
+
+If enabled, this policy will block end-user from Read access on any Windows Portal devices, for example, mobile/iOS/Android.
+
+>[!NOTE]
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, for example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+
+Supported values for this policy are:
+- Not configured
+- Enabled
+- Disabled
+
+
+
+ADMX Info:  
+-   GP Friendly name: *WPD Devices: Deny read access*
+-   GP name: *WPDDevices_DenyRead_Access_2*
+-   GP path: *System/Removable Storage Access*
+-   GP ADMX file name: *RemovableStorage.admx*
+
+
+
+
+
+
+
+
+
+
                  
+
+
+**Storage/WPDDevicesDenyReadAccessPerUser**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
+
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
+- Mass Storage Class (MSC) over USB
+
+To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
+
+If enabled, this policy will block end-user from Read access on any Windows Portal devices, for example, mobile/iOS/Android.
+
+>[!NOTE]
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+
+Supported values for this policy are:  
+- Not configured
+- Enabled
+- Disabled
+
+
+
+ADMX Info:  
+-   GP Friendly name: *WPD Devices: Deny read access*
+-   GP name: *WPDDevices_DenyRead_Access_1*
+-   GP path: *System/Removable Storage Access*
+-   GP ADMX file name: *RemovableStorage.admx*
+
+
+
+
+
+
+
+
+
+
                  
+
+
+**Storage/WPDDevicesDenyWriteAccessPerDevice**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
+
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
+- Mass Storage Class (MSC) over USB
+
+To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
+
+If enabled, this policy will block end-user from Write access on any Windows Portal devices, for example, mobile/iOS/Android.
+
+>[!NOTE]
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+
+Supported values for this policy are:  
+- Not configured
+- Enabled
+- Disabled
+
+
+
+ADMX Info:  
+-   GP Friendly name: *WPD Devices: Deny write access*
+-   GP name: *WPDDevices_DenyWrite_Access_2*
+-   GP path: *System/Removable Storage Access*
+-   GP ADMX file name: *RemovableStorage.admx*
+
+
+
+
+
+
+
+
+
+
                  
+
+
+**Storage/WPDDevicesDenyWriteAccessPerUser**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
                  
+
+
+
+This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
+
+- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
+- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
+- Mass Storage Class (MSC) over USB
+
+To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
+
+If enabled, this policy will block end-user from Write access on any Windows Portal devices, for example, mobile/iOS/Android.
+
+>[!NOTE]
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+
+Supported values for this policy are:  
+- Not configured
+- Enabled
+- Disabled
+
+
+
+ADMX Info:  
+-   GP Friendly name: *WPD Devices: Deny write access*
+-   GP name: *WPDDevices_DenyWrite_Access_1*
+-   GP path: *System/Removable Storage Access*
+-   GP ADMX file name: *RemovableStorage.admx*
+
+
+
+
+
+
+
+
+
+
                  
 
 
+
+**StorageHealthMonitor/DisableStorageHealthMonitor**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+Note: Versions prior to 21H2 will not support this policy
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+Allows disable of Storage Health Monitor.
+
+Value type is integer.
+
+
+
+
+The following list shows the supported values:
+
+-   0 - Storage Health Monitor is Enabled
+-   1 - Storage Health Monitor is Disabled
+
+
+
+
+
                  
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 4d1e1393b7..a2830db2e2 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -5,9 +5,9 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
-ms.date: 10/14/2020
+ms.date: 08/26/2021
 ms.reviewer: 
 manager: dansimp
 ---
@@ -28,6 +28,9 @@ manager: dansimp
   
                  
     System/AllowCommercialDataPipeline
   
                  
+  
                  
+    System/AllowDesktopAnalyticsProcessing 
+  
                  
   
                  
     System/AllowDeviceNameInDiagnosticData
   
                  
@@ -43,6 +46,9 @@ manager: dansimp
   
                  
     System/AllowLocation
   
                  
+  
                  
+    System/AllowMicrosoftManagedDesktopProcessing
+  
                  
   
                  
     System/AllowStorageCard
   
                  
@@ -50,11 +56,14 @@ manager: dansimp
     System/AllowTelemetry
   
   
                  
-    System/AllowUpdateComplianceProcessing
+    System/AllowUpdateComplianceProcessing
   
                  
   
                  
     System/AllowUserToResetPhone
   
                  
+ 
                  
+    System/AllowWUfBCloudProcessing
+  
                  
   
                  
     System/BootStartDriverInitialization
   
                  
@@ -85,6 +94,12 @@ manager: dansimp
   
                  
     System/FeedbackHubAlwaysSaveDiagnosticsLocally
   
                  
+  
                  
+    System/LimitDiagnosticLogCollection
+  
                  
+  
                  
+    System/LimitDumpCollection
+  
                  
   
                  
     System/LimitEnhancedDiagnosticDataWindowsAnalytics
   
                  
@@ -103,32 +118,13 @@ manager: dansimp
 **System/AllowBuildPreview**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -148,12 +144,12 @@ manager: dansimp
 
 This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. These controls are located under "Get Insider builds," and enable users to make their devices available for downloading and installing Windows preview software.
 
-If you enable or do not configure this policy setting, users can download and install Windows preview software on their devices. If you disable this policy setting, the item "Get Insider builds" will be unavailable.
+If you enable or don't configure this policy setting, users can download and install Windows preview software on their devices. If you disable this policy setting, the item "Get Insider builds" will be unavailable.
 
 
 
 ADMX Info:  
--   GP English name: *Toggle user control over Insider builds*
+-   GP Friendly name: *Toggle user control over Insider builds*
 -   GP name: *AllowBuildPreview*
 -   GP path: *Data Collection and Preview Builds*
 -   GP ADMX file name: *AllowBuildPreview.admx*
@@ -175,32 +171,13 @@ The following list shows the supported values:
 **System/AllowCommercialDataPipeline**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -215,18 +192,25 @@ The following list shows the supported values:
 
 
 
-This policy setting opts the device into the Windows enterprise data pipeline. 
+This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
 
-If you enable this setting, data collected from the device will be opted into the Windows enterprise data pipeline.
+To enable this behavior, you must complete two steps:
 
-If you disable or don't configure this setting, all data from the device will be collected and processed in accordance with our policies for the Windows standard data pipeline.
+ 1. Enable this policy setting
+ 2. Join an Azure Active Directory account to the device
 
-Configuring this setting does not change the telemetry collection level or the ability of the user to change the level. This setting only applies to the Windows operating system and apps included with Windows, not third-party apps or services running on Windows 10.
+Windows diagnostic data is collected when the Allow Telemetry policy setting is set to 1 – **Required (Basic)** or above.
+
+If you disable or don't configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft’s [privacy statement](https://go.microsoft.com/fwlink/?LinkId=521839) unless you have enabled policies like Allow Update Compliance Processing or Allow Desktop Analytics Processing.
+
+Configuring this setting doesn't change the Windows diagnostic data collection level set for the device or the operation of optional analytics processor services like Desktop Analytics and Update Compliance.
+
+See the documentation at [ConfigureWDD](https://aka.ms/ConfigureWDD) for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
 
 
 
 ADMX Info:  
--   GP English name: *Allow commercial data pipeline*
+-   GP Friendly name: *Allow commercial data pipeline*
 -   GP name: *AllowCommercialDataPipeline*
 -   GP element: *AllowCommercialDataPipeline*
 -   GP path: *Data Collection and Preview Builds*
@@ -250,36 +234,47 @@ The following list shows the supported values:
 
 
                  
 
+
+**System/AllowDesktopAnalyticsProcessing**  
+
+
+
+
+This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID policy settings, enables organizations to configure the device so that Microsoft is the processor for Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
+
+To enable this behavior, you must complete three steps:
+
+ 1. Enable this policy setting
+ 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above
+ 3. Set the Configure the Commercial ID setting for your Desktop Analytics workspace
+
+This setting has no effect on devices unless they're properly enrolled in Desktop Analytics.
+
+When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+
+If you disable or don't configure this policy setting, devices won't appear in Desktop Analytics.
+
+The following list shows the supported values:
+
+-   0 (default) – Disabled.
+-   2 – Allowed.
+
+
+
+
+
                  
+
 
 **System/AllowDeviceNameInDiagnosticData**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -294,12 +289,12 @@ The following list shows the supported values:
 
 
 
-This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data.  If you disable or do not configure this policy setting, then device name will not be sent to Microsoft as part of Windows diagnostic data.
+This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data.  If you disable or don't configure this policy setting, then device name won't be sent to Microsoft as part of Windows diagnostic data.
 
 
 
 ADMX Info:  
--   GP English name: *Allow device name to be sent in Windows diagnostic data*
+-   GP Friendly name: *Allow device name to be sent in Windows diagnostic data*
 -   GP name: *AllowDeviceNameInDiagnosticData*
 -   GP element: *AllowDeviceNameInDiagnosticData*
 -   GP path: *Data Collection and Preview Builds*
@@ -327,32 +322,13 @@ The following list shows the supported values:
 **System/AllowEmbeddedMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -387,32 +363,13 @@ The following list shows the supported values:
 **System/AllowExperimentation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -428,7 +385,7 @@ The following list shows the supported values:
 
 
 > [!NOTE]
-> This policy is not supported in Windows 10, version 1607.
+> This policy isn't supported in Windows 10, version 1607.
 
 This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior.
 
@@ -452,32 +409,13 @@ The following list shows the supported values:
 **System/AllowFontProviders**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -492,11 +430,11 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally installed fonts.
+Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows doesn't connect to an online font provider and only enumerates locally installed fonts.
 
-This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled).
+This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value isn't set by default, so the default behavior is true (enabled).
 
-This setting is used by lower-level components for text display and fond handling and has not direct effect on web browsers, which may download web fonts used in web content.
+This setting is used by lower-level components for text display and fond handling and hasn't direct effect on web browsers, which may download web fonts used in web content.
 
 > [!NOTE]
 > Reboot is required after setting the policy; alternatively you can stop and restart the FontCache service.
@@ -504,7 +442,7 @@ This setting is used by lower-level components for text display and fond handlin
 
 
 ADMX Info:  
--   GP English name: *Enable Font Providers*
+-   GP Friendly name: *Enable Font Providers*
 -   GP name: *EnableFontProviders*
 -   GP path: *Network/Fonts*
 -   GP ADMX file name: *GroupPolicy.admx*
@@ -520,7 +458,7 @@ The following list shows the supported values:
 
 To verify if System/AllowFontProviders is set to true:  
 
--  After a client machine is rebooted, check whether there is any network traffic from client machine to fs.microsoft.com.
+-  After a client machine is rebooted, check whether there's any network traffic from client machine to fs.microsoft.com.
 
 
 
@@ -531,32 +469,13 @@ To verify if System/AllowFontProviders is set to true:
 **System/AllowLocation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -585,7 +504,7 @@ For example, an app's original Location setting is Off. The administrator then s
 
 
 ADMX Info:  
--   GP English name: *Turn off location*
+-   GP Friendly name: *Turn off location*
 -   GP name: *DisableLocation_2*
 -   GP path: *Windows Components/Location and Sensors*
 -   GP ADMX file name: *Sensors.admx*
@@ -594,44 +513,46 @@ ADMX Info:
 
 The following list shows the supported values:
 
--   0 – Force Location Off. All Location Privacy settings are toggled off and grayed out. Users cannot change the settings, and no apps are allowed access to the Location service, including Cortana and Search.
+-   0 – Force Location Off. All Location Privacy settings are toggled off and grayed out. Users can't change the settings, and no apps are allowed access to the Location service, including Cortana and Search.
 -   1 (default) – Location service is allowed. The user has control and can change Location Privacy settings on or off.
--   2 – Force Location On. All Location Privacy settings are toggled on and grayed out. Users cannot change the settings and all consent permissions will be automatically suppressed.
+-   2 – Force Location On. All Location Privacy settings are toggled on and grayed out. Users can't change the settings and all consent permissions will be automatically suppressed.
 
 
 
 
                  
 
+
+**System/AllowMicrosoftManagedDesktopProcessing**
+
+
+
+
+This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data.
+
+For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data](/microsoft-365/managed-desktop/service-description/privacy-personal-data).
+
+This setting has no effect on devices unless they're properly enrolled in Microsoft Managed Desktop.
+
+When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+
+If you disable this policy setting, devices may not appear in Microsoft Managed Desktop.
+
+>[!IMPORTANT]
+> You should not disable or make changes to this policy as that will severely impact the ability of Microsoft Managed Desktop to manage the devices.
+
+
                  
+
 
 **System/AllowStorageCard**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -654,7 +575,7 @@ Most restricted value is 0.
 
 The following list shows the supported values:
 
--   0 – SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card. 
+-   0 – SD card use isn't allowed and USB drives are disabled. This setting doesn't prevent programmatic access to the storage card. 
 -   1 (default) – Allow a storage card.
 
 
@@ -666,32 +587,13 @@ The following list shows the supported values:
 **System/AllowTelemetry**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -709,81 +611,38 @@ The following list shows the supported values:
 
 Allows the device to send diagnostic and usage telemetry data, such as Watson. 
 
-For more information about diagnostic data, including what is and what is not collected by Windows, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
+For more information about diagnostic data, including what is and what isn't collected by Windows, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
 
 The following list shows the supported values for Windows 8.1:  
 -   0 - Not allowed.
 -   1 – Allowed, except for Secondary Data Requests.
 -   2 (default) – Allowed.
 
-
 
 In Windows 10, you can configure this policy setting to decide what level of diagnostic data to send to Microsoft.
 
 The following list shows the supported values for Windows 10 version 1809 and older, choose the value that is applicable to your OS version (older OS values are displayed in the brackets):
--   0 – **Off (Security)** This turns Windows diagnostic data off.  
-    **Note**: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), HoloLens 2, and Windows Server 2016 (and later versions). Using this setting on other devices editions of Windows is equivalent to setting the value of 1.
--   1 – **Required (Basic)** Sends basic device info, including quality-related data, app compatibility, and other similar data to keep the device secure and up-to-date.
--   2 – (**Enhanced**) Sends the same data as a value of 1, plus additional insights, including how Windows apps are used, how they perform, and advanced reliability data, such as limited crash dumps.  
-    **Note**:  **Enhanced** is no longer an option for Windows Holographic, version 21H1.
--   3 – **Optional (Full)** Sends the same data as a value of 2, plus additional data necessary to identify and fix problems with devices such as enhanced error logs.
+
+- 0 – **Off (Security)** This value turns Windows diagnostic data off.
+
+    > [!NOTE]
+    > This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), HoloLens 2, and Windows Server 2016 (and later versions). Using this setting on other devices editions of Windows is equivalent to setting the value of 1.
+
+- 1 – **Required (Basic)** Sends basic device info, including quality-related data, app compatibility, and other similar data to keep the device secure and up-to-date.
+
+- 2 – (**Enhanced**) Sends the same data as a value of 1, plus extra insights, including how Windows apps are used, how they perform, and advanced reliability data, such as limited crash dumps.
+
+    > [!NOTE]
+    > **Enhanced** is no longer an option for Windows Holographic, version 21H1.
+
+- 3 – **Optional (Full)** Sends the same data as a value of 2, plus extra data necessary to identify and fix problems with devices such as enhanced error logs.
 
 Most restrictive value is 0.
 
-
-
 
 
 ADMX Info:  
--   GP English name: *Allow Telemetry*
+-   GP Friendly name: *Allow Telemetry*
 -   GP name: *AllowTelemetry*
 -   GP element: *AllowTelemetry*
 -   GP path: *Data Collection and Preview Builds*
@@ -795,35 +654,16 @@ ADMX Info:
 
                  
 
 
-**System/AllowUpdateComplianceProcessing**  
+**System/AllowUpdateComplianceProcessing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -838,16 +678,23 @@ ADMX Info:
 
 
 
-Allows IT admins to enable diagnostic data from this device to be processed by Update Compliance.  
 
-If you enable this setting, it enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service.
+This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID policy settings, enables organizations to configure the device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
 
-If you disable or do not configure this policy setting, diagnostic data from this device will not be processed by Update Compliance.
+To enable this behavior, you must complete three steps:
+
+ 1. Enable this policy setting
+ 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above
+ 3. Set the Configure the Commercial ID setting for your Update Compliance workspace
+
+When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+
+If you disable or don't configure this policy setting, devices won't appear in Update Compliance.
 
 
 
 ADMX Info:  
--   GP English name: *Allow Update Compliance Processing*
+-   GP Friendly name: *Allow Update Compliance Processing*
 -   GP name: *AllowUpdateComplianceProcessing*
 -   GP element: *AllowUpdateComplianceProcessing*
 -   GP path: *Data Collection and Preview Builds*
@@ -869,32 +716,13 @@ The following list shows the supported values:
 **System/AllowUserToResetPhone**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -925,36 +753,48 @@ The following list shows the supported values:
 
 
                  
 
+
+**System/AllowWUfBCloudProcessing**
+
+
                  
+
+
+
+
+This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
+
+To enable this behavior, you must complete three steps:
+
+ 1. Enable this policy setting
+ 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above
+ 3. Join an Azure Active Directory account to the device
+
+When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+
+If you disable or don't configure this policy setting, devices enrolled to the Windows Update for Business deployment service won't be able to take advantage of some deployment service features.
+
+
                  
+
+
+
+The following list shows the supported values:
+
+-   0 - Disabled.
+-   8 - Enabled.
+
+
+
 
 **System/BootStartDriverInitialization**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -970,16 +810,16 @@ The following list shows the supported values:
 
 
 This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. The Early Launch Antimalware boot-start driver can return the following classifications for each boot-start driver:
--  Good: The driver has been signed and has not been tampered with.
--  Bad: The driver has been identified as malware. It is recommended that you do not allow known bad drivers to be initialized.
--  Bad, but required for boot: The driver has been identified as malware, but the computer cannot successfully boot without loading this driver.
--  Unknown: This driver has not been attested to by your malware detection application and has not been classified by the Early Launch Antimalware boot-start driver.
+-  Good: The driver has been signed and hasn't been tampered with.
+-  Bad: The driver has been identified as malware. It's recommended that you don't allow known bad drivers to be initialized.
+-  Bad, but required for boot: The driver has been identified as malware, but the computer can't successfully boot without loading this driver.
+-  Unknown: This driver hasn't been attested to by your malware detection application and hasn't been classified by the Early Launch Antimalware boot-start driver.
 
-If you enable this policy setting you will be able to choose which boot-start drivers to initialize the next time the computer is started.
+If you enable this policy setting, you'll be able to choose which boot-start drivers to initialize the next time the computer is started.
 
-If you disable or do not configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped.
+If you disable or don't configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped.
 
-If your malware detection application does not include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized.
+If your malware detection application doesn't include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized.
 
 
 > [!TIP]
@@ -991,7 +831,7 @@ If your malware detection application does not include an Early Launch Antimalwa
 
 
 ADMX Info:  
--   GP English name: *Boot-Start Driver Initialization Policy*
+-   GP Friendly name: *Boot-Start Driver Initialization Policy*
 -   GP name: *POL_DriverLoadPolicy_Name*
 -   GP path: *System/Early Launch Antimalware*
 -   GP ADMX file name: *earlylauncham.admx*
@@ -1005,32 +845,13 @@ ADMX Info:
 **System/ConfigureMicrosoft365UploadEndpoint**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1055,7 +876,7 @@ Value type is string.
 
 
 ADMX Info:  
--   GP English name: *Configure Microsoft 365 Update Readiness upload endpoint*
+-   GP Friendly name: *Configure Microsoft 365 Update Readiness upload endpoint*
 -   GP name: *ConfigureMicrosoft365UploadEndpoint*
 -   GP element: *ConfigureMicrosoft365UploadEndpoint*
 -   GP path: *Data Collection and Preview Builds*
@@ -1079,32 +900,13 @@ ADMX Info:
 **System/ConfigureTelemetryOptInChangeNotification**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1119,14 +921,14 @@ ADMX Info:
 
 
 
-This policy setting determines whether a device shows notifications about telemetry levels to people on first logon or when changes occur in Settings. 
+This policy setting determines whether a device shows notifications about telemetry levels to people on first sign in or when changes occur in Settings. 
 If you set this policy setting to "Disable telemetry change notifications", telemetry level notifications stop appearing.
-If you set this policy setting to "Enable telemetry change notifications" or don't configure this policy setting, telemetry notifications appear at first logon and when changes occur in Settings.
+If you set this policy setting to "Enable telemetry change notifications" or don't configure this policy setting, telemetry notifications appear at first sign in and when changes occur in Settings.
 
 
 
 ADMX Info:  
--   GP English name: *Configure telemetry opt-in change notifications.*
+-   GP Friendly name: *Configure telemetry opt-in change notifications.*
 -   GP name: *ConfigureTelemetryOptInChangeNotification*
 -   GP element: *ConfigureTelemetryOptInChangeNotification*
 -   GP path: *Data Collection and Preview Builds*
@@ -1146,32 +948,13 @@ The following list shows the supported values:
 **System/ConfigureTelemetryOptInSettingsUx**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1198,7 +981,7 @@ If you set this policy setting to "Enable Telemetry opt-in Settings" or don't co
 
 
 ADMX Info:  
--   GP English name: *Configure telemetry opt-in setting user interface.*
+-   GP Friendly name: *Configure telemetry opt-in setting user interface.*
 -   GP name: *ConfigureTelemetryOptInSettingsUx*
 -   GP element: *ConfigureTelemetryOptInSettingsUx*
 -   GP path: *Data Collection and Preview Builds*
@@ -1218,32 +1001,13 @@ The following list shows the supported values:
 **System/DisableDeviceDelete**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1265,7 +1029,7 @@ If you disable or don't configure this policy setting, the Delete diagnostic dat
 
 
 ADMX Info:  
--   GP English name: *Disable deleting diagnostic data*
+-   GP Friendly name: *Disable deleting diagnostic data*
 -   GP name: *DisableDeviceDelete*
 -   GP element: *DisableDeviceDelete*
 -   GP path: *Data Collection and Preview Builds*
@@ -1289,32 +1053,13 @@ ADMX Info:
 **System/DisableDiagnosticDataViewer**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1330,13 +1075,13 @@ ADMX Info:
 
 
 This policy setting controls whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page.
-If you enable this policy setting, the Diagnostic Data Viewer will not be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device.  
+If you enable this policy setting, the Diagnostic Data Viewer won't be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device.  
 If you disable or don't configure this policy setting, the Diagnostic Data Viewer will be enabled in Settings page.
 
 
 
 ADMX Info:  
--   GP English name: *Disable diagnostic data viewer.*
+-   GP Friendly name: *Disable diagnostic data viewer.*
 -   GP name: *DisableDiagnosticDataViewer*
 -   GP element: *DisableDiagnosticDataViewer*
 -   GP path: *Data Collection and Preview Builds*
@@ -1360,32 +1105,13 @@ ADMX Info:
 **System/DisableEnterpriseAuthProxy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1400,12 +1126,12 @@ ADMX Info:
 
 
 
-This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
+This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or don't configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
 
 
 
 ADMX Info:  
--   GP English name: *Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service*
+-   GP Friendly name: *Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service*
 -   GP name: *DisableEnterpriseAuthProxy*
 -   GP element: *DisableEnterpriseAuthProxy*
 -   GP path: *Data Collection and Preview Builds*
@@ -1420,32 +1146,13 @@ ADMX Info:
 **System/DisableOneDriveFileSync**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1460,20 +1167,20 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting:
+Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting:
 
-* Users cannot access OneDrive from the OneDrive app or file picker.
-* Microsoft Store apps cannot access OneDrive using the WinRT API.
-* OneDrive does not appear in the navigation pane in File Explorer.
-* OneDrive files are not kept in sync with the cloud.
-* Users cannot automatically upload photos and videos from the camera roll folder. 
+* Users can't access OneDrive from the OneDrive app or file picker.
+* Microsoft Store apps can't access OneDrive using the WinRT API.
+* OneDrive doesn't appear in the navigation pane in File Explorer.
+* OneDrive files aren't kept in sync with the cloud.
+* Users can't automatically upload photos and videos from the camera roll folder. 
 
-If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
+If you disable or don't configure this policy setting, apps and features can work with OneDrive file storage.
 
 
 
 ADMX Info:  
--   GP English name: *Prevent the usage of OneDrive for file storage*
+-   GP Friendly name: *Prevent the usage of OneDrive for file storage*
 -   GP name: *PreventOnedriveFileSync*
 -   GP path: *Windows Components/OneDrive*
 -   GP ADMX file name: *SkyDrive.admx*
@@ -1487,11 +1194,11 @@ The following list shows the supported values:
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Enable policy.
 2.   Restart machine.
-3.   Verify that OneDrive.exe is not running in Task Manager.
+3.   Verify that OneDrive.exe isn't running in Task Manager.
 
 
 
@@ -1502,32 +1209,13 @@ To validate on Desktop, do the following:
 **System/DisableSystemRestore**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1546,11 +1234,11 @@ Allows you to disable System Restore.
 
 This policy setting allows you to turn off System Restore.
 
-System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume.
+System Restore enables users, in case of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume.
 
-If you enable this policy setting, System Restore is turned off, and the System Restore Wizard cannot be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.
+If you enable this policy setting, System Restore is turned off, and the System Restore Wizard can't be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.
 
-If you disable or do not configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection.
+If you disable or don't configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection.
 
 Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available.
 
@@ -1564,7 +1252,7 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu
 
 
 ADMX Info:  
--   GP English name: *Turn off System Restore*
+-   GP Friendly name: *Turn off System Restore*
 -   GP name: *SR_DisableSR*
 -   GP path: *System/System Restore*
 -   GP ADMX file name: *systemrestore.admx*
@@ -1578,32 +1266,13 @@ ADMX Info:
 **System/FeedbackHubAlwaysSaveDiagnosticsLocally**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark4
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1618,50 +1287,130 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1803. When filing feedback in the Feedback Hub, diagnostic logs are collected for certain types of feedback. We now offer the option for users to save it locally, in addition to sending it to Microsoft. This policy will allow enterprises to mandate that all diagnostics are saved locally for use in internal investigations.
+When feedback in the Feedback Hub is being filed, diagnostic logs are collected for certain types of feedback. We now offer the option for users to save it locally, in addition to sending it to Microsoft. This policy will allow enterprises to mandate that all diagnostics are saved locally for use in internal investigations.
 
 
 
 The following list shows the supported values:  
 
-- 0 (default) - False. The Feedback Hub will not always save a local copy of diagnostics that may be created when a feedback is submitted. The user will have the option to do so.
-- 1 - True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted.
+- 0 (default) - False. The Feedback Hub won't always save a local copy of diagnostics that may be created when feedback is submitted. The user will have the option to do so.
+- 1 - True. The Feedback Hub should always save a local copy of diagnostics that may be created when feedback is submitted.
 
 
 
 
 
                  
 
+
+**System/LimitDiagnosticLogCollection**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem.  It's sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for more data collection.  
+
+If you disable or don't configure this policy setting, we may occasionally collect advanced diagnostic data if the user has opted to send optional diagnostic data.
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Limit Diagnostic Log Collection*
+-   GP name: *LimitDiagnosticLogCollection*
+-   GP path: *Data Collection and Preview Builds*
+-   GP ADMX file name: *DataCollection.admx*
+
+
+
+The following list shows the supported values:
+
+-   0 – Disabled
+-   1 – Enabled
+   
+
+
+
+
                  
+
+
+**System/LimitDumpCollection**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem.  These dumps aren't sent unless we have permission to collect optional diagnostic data.
+
+With this policy setting being enabled, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only. 
+
+If you disable or don't configure this policy setting, we may occasionally collect full or heap dumps if the user has opted to send optional diagnostic data.
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Limit Dump Collection*
+-   GP name: *LimitDumpCollection*
+-   GP path: *Data Collection and Preview Builds*
+-   GP ADMX file name: *DataCollection.admx*
+
+
+
+The following list shows the supported values:
+
+-   0 – Disabled
+-   1 – Enabled
+
+
+
+
                  
+
 
 **System/LimitEnhancedDiagnosticDataWindowsAnalytics**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1676,27 +1425,32 @@ The following list shows the supported values:
 
 
 
-This policy setting, in combination with the System/AllowTelemetry 
- policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. 
+This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. 
  
 To enable this behavior, you must complete two steps:
 
--   Enable this policy setting
--   Set the **AllowTelemetry** level:
-    - For Windows 10 version 1809 and older: set **AllowTelemetry** to Enhanced. (**Note**: **Enhanced** is no longer an option for Windows Holographic, version 21H1)
+ 1. Enable this policy setting.
+
+ 2. Set the **AllowTelemetry** level:
+
+    - For Windows 10 version 1809 and older: set **AllowTelemetry** to Enhanced. 
+
+      > [!NOTE]
+      > **Enhanced** is no longer an option for Windows Holographic, version 21H1.
+
     - For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full)
 
  
-When you configure these policy settings, a basic level of  diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics.
+When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented here: Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics.
  
-Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send Required (Basic) or Optional (Full) diagnostic data to Microsoft.
+Enabling enhanced diagnostic data in the Allow Telemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus enhanced level telemetry data. This setting has no effect on computers configured to send Required (Basic) or Optional (Full) diagnostic data to Microsoft.
    
-If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.
+If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.
 
 
 
 ADMX Info:  
--   GP English name: *Limit Enhanced diagnostic data to the minimum required by Windows Analytics*
+-   GP Friendly name: *Limit Enhanced diagnostic data to the minimum required by Windows Analytics*
 -   GP name: *LimitEnhancedDiagnosticDataWindowsAnalytics*
 -   GP element: *LimitEnhancedDiagnosticDataWindowsAnalytics*
 -   GP path: *Data Collection and Preview Builds*
@@ -1711,32 +1465,13 @@ ADMX Info:
 **System/TelemetryProxy**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1751,14 +1486,14 @@ ADMX Info:
 
 
 
-Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *<server>:<port>*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data will not be transmitted and will remain on the local device.
+Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *<server>:<port>*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there's no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data won't be transmitted and will remain on the local device.
 
-If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration.
+If you disable or don't configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration.
 
 
 
 ADMX Info:  
--   GP English name: *Configure Connected User Experiences and Telemetry*
+-   GP Friendly name: *Configure Connected User Experiences and Telemetry*
 -   GP name: *TelemetryProxy*
 -   GP element: *TelemetryProxyName*
 -   GP path: *Data Collection and Preview Builds*
@@ -1773,32 +1508,13 @@ ADMX Info:
 **System/TurnOffFileHistory**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1815,14 +1531,14 @@ ADMX Info:
 
 This policy setting allows you to turn off File History.
 
-If you enable this policy setting, File History cannot be activated to create regular, automatic backups.
+If you enable this policy setting, File History can't be activated to create regular, automatic backups.
 
-If you disable or do not configure this policy setting, File History can be activated to create regular, automatic backups.
+If you disable or don't configure this policy setting, File History can be activated to create regular, automatic backups.
 
 
 
 ADMX Info:  
--   GP English name: *Turn off File History*
+-   GP Friendly name: *Turn off File History*
 -   GP name: *DisableFileHistory*
 -   GP path: *Windows Components/File History*
 -   GP ADMX file name: *FileHistory.admx*
@@ -1843,17 +1559,4 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-- 9 - Available in Windows 10, version 20H2.
-- 10 - Available in Windows 10, version 21H1.
-
 
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index a7f98a6c0c..c979583ff0 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -49,32 +49,14 @@ manager: dansimp
 **SystemServices/ConfigureHomeGroupListenerServiceStartupMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -89,12 +71,12 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
 
 
 
 GP Info:  
--   GP English name: *HomeGroup Listener*
+-   GP Friendly name: *HomeGroup Listener*
 -   GP path: *Windows Settings/Security Settings/System Services*
 
 
@@ -106,32 +88,14 @@ GP Info:
 **SystemServices/ConfigureHomeGroupProviderServiceStartupMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -146,12 +110,12 @@ GP Info:
 
 
 
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
 
 
 
 GP Info:  
--   GP English name: *HomeGroup Provider*
+-   GP Friendly name: *HomeGroup Provider*
 -   GP path: *Windows Settings/Security Settings/System Services*
 
 
@@ -163,32 +127,14 @@ GP Info:
 **SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -203,12 +149,12 @@ GP Info:
 
 
 
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
 
 
 
 GP Info:  
--   GP English name: *Xbox Accessory Management Service*
+-   GP Friendly name: *Xbox Accessory Management Service*
 -   GP path: *Windows Settings/Security Settings/System Services*
 
 
@@ -220,32 +166,14 @@ GP Info:
 **SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -260,12 +188,12 @@ GP Info:
 
 
 
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
 
 
 
 GP Info:  
--   GP English name: *Xbox Live Auth Manager*
+-   GP Friendly name: *Xbox Live Auth Manager*
 -   GP path: *Windows Settings/Security Settings/System Services*
 
 
@@ -277,32 +205,14 @@ GP Info:
 **SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -317,12 +227,12 @@ GP Info:
 
 
 
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
 
 
 
 GP Info:  
--   GP English name: *Xbox Live Game Save*
+-   GP Friendly name: *Xbox Live Game Save*
 -   GP path: *Windows Settings/Security Settings/System Services*
 
 
@@ -334,32 +244,14 @@ GP Info:
 **SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -374,28 +266,18 @@ GP Info:
 
 
 
-Added in Windows 10, version 1803. This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
+This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
 
 
 
 GP Info:  
--   GP English name: *Xbox Live Networking Service*
+-   GP Friendly name: *Xbox Live Networking Service*
 -   GP path: *Windows Settings/Security Settings/System Services*
 
 
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md
index ce84398393..1cae440c6c 100644
--- a/windows/client-management/mdm/policy-csp-taskmanager.md
+++ b/windows/client-management/mdm/policy-csp-taskmanager.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -33,32 +33,14 @@ manager: dansimp
 **TaskManager/AllowEndTask**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscross mark
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -95,16 +77,6 @@ When the policy is set to 0 - users CANNOT execute 'End task' on processes in Ta
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index ab6ec4d46c..983bd29762 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -34,32 +34,14 @@ manager: dansimp
 **TaskScheduler/EnableXboxGameSaveTask**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,21 +56,11 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1803. This setting determines whether the specific task is enabled (1) or disabled (0). Default: Disabled.
+This setting determines whether the specific task is enabled (1) or disabled (0). Default: Disabled.
 
 
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 99360d692b..f65160e893 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -5,9 +5,9 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
-ms.date: 09/27/2019
+ms.date: 03/03/2022
 ms.reviewer: 
 manager: dansimp
 ---
@@ -58,6 +58,9 @@ manager: dansimp
   
                  
     TextInput/AllowLinguisticDataCollection
   
                  
+  
                  
+    TextInput/AllowTextInputSuggestionUpdate
+  
                  
   
                  
     TextInput/ConfigureJapaneseIMEVersion
   
                  
@@ -123,7 +126,7 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1803.  Placeholder only. Do not use in production environment.
+Placeholder only. Do not use in production environment.
 
 
 
@@ -134,32 +137,14 @@ Added in Windows 10, version 1803.  Placeholder only. Do not use in production e
 **TextInput/AllowIMELogging**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -198,32 +183,14 @@ The following list shows the supported values:
 **TextInput/AllowIMENetworkAccess**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -260,32 +227,14 @@ The following list shows the supported values:
 **TextInput/AllowInputPanel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -324,32 +273,14 @@ The following list shows the supported values:
 **TextInput/AllowJapaneseIMESurrogatePairCharacters**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -389,32 +320,14 @@ The following list shows the supported values:
 **TextInput/AllowJapaneseIVSCharacters**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -453,32 +366,14 @@ The following list shows the supported values:
 **TextInput/AllowJapaneseNonPublishingStandardGlyph**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -517,32 +412,14 @@ The following list shows the supported values:
 **TextInput/AllowJapaneseUserDictionary**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -581,32 +458,14 @@ The following list shows the supported values:
 **TextInput/AllowKeyboardTextSuggestions**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -624,7 +483,7 @@ The following list shows the supported values:
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
 
-Added in Windows 10, version 1703. Specifies whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. When this policy is set to disabled, text prediction is disabled. 
+Specifies whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. When this policy is set to disabled, text prediction is disabled. 
 
 Most restricted value is 0.
 
@@ -665,32 +524,14 @@ This policy has been deprecated.
 **TextInput/AllowLanguageFeaturesUninstall**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -716,7 +557,7 @@ Most restricted value is 0.
 
 
 ADMX Info:  
--   GP English name: *Allow Uninstallation of Language Features*
+-   GP Friendly name: *Allow Uninstallation of Language Features*
 -   GP name: *AllowLanguageFeaturesUninstall*
 -   GP path: *Windows Components/Text Input*
 -   GP ADMX file name: *TextInput.admx*
@@ -737,32 +578,14 @@ The following list shows the supported values:
 **TextInput/AllowLinguisticDataCollection**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -782,7 +605,7 @@ This policy setting controls the ability to send inking and typing data to Micro
 
 
 ADMX Info:  
--   GP English name: *Improve inking and typing recognition*
+-   GP Friendly name: *Improve inking and typing recognition*
 -   GP name: *AllowLinguisticDataCollection*
 -   GP path: *Windows Components/Text Input*
 -   GP ADMX file name: *TextInput.admx*
@@ -796,36 +619,63 @@ This setting supports a range of values between 0 and 1.
 
 
                  
 
+
+**TextInput/AllowTextInputSuggestionUpdate**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+Allows the user to turn on or off the automatic downloading of newer versions of the Expressive Input UI.
+When downloading is not allowed the Expressive Input panel will always display the initial UI included with the base Windows image.
+
+Most restricted value is 0.
+
+Default: Enabled
+
+
+
+The following list shows the supported values:
+
+- 1 (Enabled) - The newer UX is downloaded from Microsoft service.
+- 0 (Disabled) - The UX remains unchanged with what the operating system installs.
+
+
+
+
+
                  
+
 
 **TextInput/ConfigureJapaneseIMEVersion**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark8
                  Businesscheck mark8
                  Enterprisecheck mark8
                  Educationcheck mark8
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -844,7 +694,7 @@ This setting supports a range of values between 0 and 1.
 > - The policy is only enforced in Windows 10 for desktop.  
 > - This policy requires reboot to take effect.
 
-Added in Windows 10, version 2004. Allows IT admins to configure Microsoft Japanese IME version in the desktop.
+Allows IT admins to configure Microsoft Japanese IME version in the desktop.
 
 
 
@@ -863,32 +713,14 @@ The following list shows the supported values:
 **TextInput/ConfigureSimplifiedChineseIMEVersion**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark8
                  Businesscheck mark8
                  Enterprisecheck mark8
                  Educationcheck mark8
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -907,7 +739,7 @@ The following list shows the supported values:
 > - This policy is enforced only in Windows 10 for desktop.  
 > - This policy requires reboot to take effect.
 
-Added in Windows 10, version 2004. Allows IT admins to configure Microsoft Simplified Chinese IME version in the desktop.
+Allows IT admins to configure Microsoft Simplified Chinese IME version in the desktop.
 
 
 
@@ -926,32 +758,14 @@ The following list shows the supported values:
 **TextInput/ConfigureTraditionalChineseIMEVersion**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark8
                  Businesscheck mark8
                  Enterprisecheck mark8
                  Educationcheck mark8
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -969,8 +783,7 @@ The following list shows the supported values:
 > [!NOTE]
 > - This policy is enforced only in Windows 10 for desktop.  
 > - This policy requires reboot to take effect.
-
-Added in Windows 10, version 2004. Allows IT admins to configure Microsoft Traditional Chinese IME version in the desktop.
+Allows IT admins to configure Microsoft Traditional Chinese IME version in the desktop.
 
 
 
@@ -989,32 +802,14 @@ The following list shows the supported values:
 **TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1029,7 +824,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. This policy allows the IT admin to enable the touch keyboard to automatically show up when the device is in the desktop mode. 
+This policy allows the IT admin to enable the touch keyboard to automatically show up when the device is in the desktop mode. 
 
 The touch keyboard is enabled in both the tablet and desktop mode. In the tablet mode, when you touch a textbox, the touch keyboard automatically shows up. 
 But in the desktop mode, by default, the touch keyboard does not automatically show up when you touch a textbox. The user must click the system tray to enable the touch keyboard. 
@@ -1053,32 +848,14 @@ The following list shows the supported values:
 **TextInput/ExcludeJapaneseIMEExceptJIS0208**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1115,32 +892,14 @@ The following list shows the supported values:
 **TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1177,32 +936,14 @@ The following list shows the supported values:
 **TextInput/ExcludeJapaneseIMEExceptShiftJIS**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1239,32 +980,14 @@ The following list shows the supported values:
 **TextInput/ForceTouchKeyboardDockedState**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1279,7 +1002,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. Specifies the touch keyboard is always docked. When this policy is set to enabled, the touch keyboard is always docked.
+Specifies the touch keyboard is always docked. When this policy is set to enabled, the touch keyboard is always docked.
 
 
 
@@ -1298,32 +1021,14 @@ The following list shows the supported values:
 **TextInput/TouchKeyboardDictationButtonAvailability**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1338,7 +1043,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. Specifies whether the dictation input button is enabled or disabled for the touch keyboard. When this policy is set to disabled, the dictation input button on touch keyboard is disabled.
+Specifies whether the dictation input button is enabled or disabled for the touch keyboard. When this policy is set to disabled, the dictation input button on touch keyboard is disabled.
 
 
 
@@ -1357,32 +1062,14 @@ The following list shows the supported values:
 **TextInput/TouchKeyboardEmojiButtonAvailability**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1397,15 +1084,15 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. Specifies whether the emoji button is enabled or disabled for the touch keyboard. When this policy is set to disabled, the emoji button on touch keyboard is disabled.
+Specifies whether the emoji, GIF (only in Windows 11), and kaomoji (only in Windows 11) buttons are available or unavailable for the touch keyboard. When this policy is set to disabled, the buttons are hidden and unavailable.
 
 
 
 The following list shows the supported values:
 
--   0 (default) - The OS determines when it's most appropriate to be available.
--   1 - Emoji button on keyboard is always available.
--   2 - Emoji button on keyboard is always disabled.
+- 0 (default) - The OS determines when buttons are most appropriate to be available.
+- 1 - Emoji, GIF, and Kaomoji buttons on the touch keyboard are always available.
+- 2 - Emoji, GIF, and Kaomoji buttons on the touch keyboard are always unavailable.
 
 
 
@@ -1416,32 +1103,14 @@ The following list shows the supported values:
 **TextInput/TouchKeyboardFullModeAvailability**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1456,7 +1125,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. Specifies whether the full keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the full keyboard mode for touch keyboard is disabled.
+Specifies whether the full keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the full keyboard mode for touch keyboard is disabled.
 
 
 
@@ -1475,32 +1144,14 @@ The following list shows the supported values:
 **TextInput/TouchKeyboardHandwritingModeAvailability**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1515,7 +1166,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. Specifies whether the handwriting input panel is enabled or disabled. When this policy is set to disabled, the handwriting input panel is disabled.
+Specifies whether the handwriting input panel is enabled or disabled. When this policy is set to disabled, the handwriting input panel is disabled.
 
 
 
@@ -1534,32 +1185,14 @@ The following list shows the supported values:
 **TextInput/TouchKeyboardNarrowModeAvailability**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1574,7 +1207,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. Specifies whether the narrow keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the narrow keyboard mode for touch keyboard is disabled.
+Specifies whether the narrow keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the narrow keyboard mode for touch keyboard is disabled.
 
 
 
@@ -1593,32 +1226,14 @@ The following list shows the supported values:
 **TextInput/TouchKeyboardSplitModeAvailability**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1633,7 +1248,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. Specifies whether the split keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the split keyboard mode for touch keyboard is disabled.
+Specifies whether the split keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the split keyboard mode for touch keyboard is disabled.
 
 
 
@@ -1652,32 +1267,14 @@ The following list shows the supported values:
 **TextInput/TouchKeyboardWideModeAvailability**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1692,7 +1289,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. Specifies whether the wide keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the wide keyboard mode for touch keyboard is disabled.
+Specifies whether the wide keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the wide keyboard mode for touch keyboard is disabled.
 
 
 
@@ -1706,16 +1303,5 @@ The following list shows the supported values:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index 8ef9349148..09a8420d64 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -5,9 +5,9 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
-ms.date: 09/27/2019
+ms.date: 09/28/2021
 ms.reviewer: 
 manager: dansimp
 ---
@@ -22,44 +22,35 @@ manager: dansimp
 ## TimeLanguageSettings policies  
 
 
                  
+  
                  
+    TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks
+  
                  
   
                  
     TimeLanguageSettings/ConfigureTimeZone
   
                  
+  
                  
+    TimeLanguageSettings/MachineUILanguageOverwrite
+  
                  
+  
                  
+    TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall
+  
                  
 
                  
 
 
 
                  
 
 
-**TimeLanguageSettings/ConfigureTimeZone**  
+**TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -74,7 +65,64 @@ manager: dansimp
 
 
 
-Specifies the time zone to be applied to the device. This is the standard Windows name for the target time zone.
+This policy setting controls whether the maintenance task will run to clean up language packs installed on a machine but aren't used by any users on that machine.
+
+If you enable this policy setting (value 1), language packs that are installed as part of the system image will remain installed even if they aren't used by any user on that system.
+
+If you disable (value 0) or don't configure this policy setting, language packs that are installed as part of the system image but aren't used by any user on that system will be removed as part of a scheduled cleanup task.
+
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Block cleanup of unused language packs*
+-   GP name: *BlockCleanupOfUnusedPreinstalledLangPacks*
+-   GP path: *Computer Configuration/Administrative Templates/Control Panel/Regional and Language Options*
+-   GP ADMX file name: *Globalization.admx*
+
+
+
+
+
+
+
+
+
+
+
                  
+
+
+**TimeLanguageSettings/ConfigureTimeZone**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+Specifies the time zone to be applied to the device. This policy name is the standard Windows name for the target time zone.
+
+> [!TIP]
+> To get the list of available time zones, run `Get-TimeZone -ListAvailable` in PowerShell.
 
 
 
@@ -89,16 +137,103 @@ Specifies the time zone to be applied to the device. This is the standard Window
 
 
                  
 
-Footnotes:
+
+**TimeLanguageSettings/MachineUILanguageOverwrite**  
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting controls which UI language is used for computers with more than one UI language installed.
+
+If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language. If the specified language isn't installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the local administrator.
+
+If you disable or don't configure this policy setting, there's no restriction of a specific language used for the Windows menus and dialogs.
+
+
+
+
+
+
+ADMX Info:  
+-   GP Friendly name: *Force selected system UI language to overwrite the user UI language*
+-   GP name: *MachineUILanguageOverwrite*
+-   GP path: *Computer Configuration/Administrative Templates/Control Panel/Regional and Language Options*
+-   GP ADMX file name: *Globalization.admx*
+
+
+
+
+
+
+
+
+
+
+
                  
+
+
+**TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting restricts standard users from installing language features on demand. This policy doesn't restrict the Windows language, if you want to restrict the Windows language use the following policy: “Restricts the UI languages Windows should use for the selected user.”  
+
+If you enable this policy setting, the installation of language features is prevented for standard users.  
+
+If you disable or don't configure this policy setting, there's no language feature installation restriction for the standard users.
+
+
+
+
+
+
+
+
+
+
+
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md
index c7862d0866..b19352d765 100644
--- a/windows/client-management/mdm/policy-csp-troubleshooting.md
+++ b/windows/client-management/mdm/policy-csp-troubleshooting.md
@@ -32,32 +32,14 @@ ms.date: 09/27/2019
 **Troubleshooting/AllowRecommendations**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -77,56 +59,32 @@ This policy setting allows IT admins to configure how to apply recommended troub
 
 
 ADMX Info:  
--   GP English name: *Troubleshooting: Allow users to access recommended troubleshooting for known problems*
+-   GP Friendly name: *Troubleshooting: Allow users to access recommended troubleshooting for known problems*
 -   GP name: *TroubleshootingAllowRecommendations*
 -   GP path: *Troubleshooting and Diagnostics/Microsoft Support Diagnostic Tool*
 -   GP ADMX file name: *MSDT.admx*
 
 
 
-This is a numeric policy setting with merge algorithm (lowest value is the most secure) that uses the most restrictive settings for complex manageability scenarios.
+This setting is a numeric policy setting with merge algorithm (lowest value is the most secure) that uses the most restrictive settings for complex manageability scenarios.
 
 Supported values:  
--   0 (default) - Turn this feature off.
--   1 - Turn this feature off but still apply critical troubleshooting.
+-   0 (default) - Turn off this feature.
+-   1 - Turn off this feature but still apply critical troubleshooting.
 -   2 - Notify users when recommended troubleshooting is available, then allow the user to run or ignore it.
 -   3 - Run recommended troubleshooting automatically and notify the user after it ran successfully.
 -   4 - Run recommended troubleshooting automatically without notifying the user.
 -   5 - Allow the user to choose their own recommended troubleshooting settings.
 
-By default, this policy is not configured and the SKU based defaults are used for managed devices. Current policy values for SKU's are as follows:
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                  SKUUnmanaged DefaultManaged Default
                  HomePrompt (OOBE)Off
                  ProPrompt (OOBE)Off
                  EducationOn (auto)Off
                  EnterpriseOffOff
                  GovernmentOffOff
                  
+By default, this policy isn't configured and the SKU based defaults are used for managed devices. Current policy values for SKUs are as follows:
+
+|SKU|Unmanaged Default|Managed Default|
+|--- |--- |--- |
+|Home|Prompt (OOBE)|Off|
+|Pro|Prompt (OOBE)|Off|
+|Education|On (auto)|Off|
+|Enterprise|Off|Off|
+|Government|Off|Off|
 
 
 
@@ -138,16 +96,5 @@ By default, this policy is not configured and the SKU based defaults are used fo
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 94f7b317fd..36c96ffa8d 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -5,11 +5,12 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
-ms.date: 11/03/2020
+ms.date: 03/18/2022
 ms.reviewer: 
 manager: dansimp
+ms.collection: highpri
 ---
 
 # Policy CSP - Update
@@ -72,6 +73,9 @@ manager: dansimp
   
                  
     Update/ConfigureDeadlineGracePeriod
   
                  
+  
                  
+    Update/ConfigureDeadlineGracePeriodForFeatureUpdates
+  
                  
   
                  
     Update/ConfigureDeadlineNoAutoReboot
   
                  
@@ -99,6 +103,9 @@ manager: dansimp
   
                  
     Update/DisableWUfBSafeguards
   
                  
+  
                  
+    Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection
+  
                  
   
                  
     Update/EngagedRestartDeadline
   
                  
@@ -195,9 +202,24 @@ manager: dansimp
   
                  
     Update/SetEDURestart
   
                  
+  
                  
+    Update/SetPolicyDrivenUpdateSourceForDriver
+  
                  
+  
                  
+    Update/SetPolicyDrivenUpdateSourceForFeature
+  
                  
+  
                  
+    Update/SetPolicyDrivenUpdateSourceForOther
+  
                  
+  
                  
+    Update/SetPolicyDrivenUpdateSourceForQuality
+  
                  
   
                  
     Update/SetProxyBehaviorForUpdateDetection
   
                  
+  
                   
+    Update/ProductVersion 
+  
                  
   
                   
     Update/TargetReleaseVersion 
   
                  
@@ -219,32 +241,14 @@ manager: dansimp
 **Update/ActiveHoursEnd**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -259,7 +263,7 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time.
+Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots aren't scheduled. This value sets the end time. there's a 12-hour maximum from start time.
 
 > [!NOTE]
 > The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured.  See **Update/ActiveHoursMaxRange** below for more information.
@@ -271,11 +275,11 @@ The default is 17 (5 PM).
 
 
 ADMX Info:  
--   GP English name: *Turn off auto-restart for updates during active hours*
--   GP name: *ActiveHours*
--   GP element: *ActiveHoursEndTime*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Turn off auto-restart for updates during active hours*
+- GP name: *ActiveHours*
+- GP element: *ActiveHoursEndTime*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -286,32 +290,14 @@ ADMX Info:
 **Update/ActiveHoursMaxRange**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -326,7 +312,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.
+Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.
 
 Supported values are 8-18.
 
@@ -335,11 +321,11 @@ The default value is 18 (hours).
 
 
 ADMX Info:  
--   GP English name: *Specify active hours range for auto-restarts*
--   GP name: *ActiveHoursMaxRange*
--   GP element: *ActiveHoursMaxRange*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify active hours range for auto-restarts*
+- GP name: *ActiveHoursMaxRange*
+- GP element: *ActiveHoursMaxRange*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -350,32 +336,14 @@ ADMX Info:
 **Update/ActiveHoursStart**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -390,7 +358,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time.
+Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots aren't scheduled. This value sets the start time. There's a 12-hour maximum from end time.
 
 > [!NOTE]
 > The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured.  See **Update/ActiveHoursMaxRange** above for more information.
@@ -402,11 +370,11 @@ The default value is 8 (8 AM).
 
 
 ADMX Info:  
--   GP English name: *Turn off auto-restart for updates during active hours*
--   GP name: *ActiveHours*
--   GP element: *ActiveHoursStartTime*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Turn off auto-restart for updates during active hours*
+- GP name: *ActiveHours*
+- GP element: *ActiveHoursStartTime*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -417,32 +385,14 @@ ADMX Info:
 **Update/AllowAutoUpdate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -461,31 +411,31 @@ Enables the IT admin to manage automatic update behavior to scan, download, and
 
 Supported operations are Get and Replace.
 
-If the policy is not configured, end-users get the default behavior (Auto install and restart).
+If the policy isn't configured, end-users get the default behavior (Auto install and restart).
 
 
 
 ADMX Info:  
--   GP English name: *Configure Automatic Updates*
--   GP name: *AutoUpdateCfg*
--   GP element: *AutoUpdateMode*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *AutoUpdateMode*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
--   0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
--   1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shutdown properly on restart.
--   2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shutdown properly on restart.
--   3 – Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart.
--   4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only.
--   5 – Turn off automatic updates.
+- 0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end users to manage data usage. With these option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
+- 1 - Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end user is prompted to schedule the restart time. The end user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end user to control the start time reduces the risk of accidental data loss caused by applications that don't shut down properly on restart. For more information, see [Automatic maintenance](/windows/win32/taskschd/task-maintenence).
+- 2 (default) - Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. Automatic restarting when a device isn't being used is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that doesn't shut down properly on restart. For more information, see [Automatic maintenance](/windows/win32/taskschd/task-maintenence).
+- 3 – Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart.
+- 4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. This setting option also sets the end-user control panel to read-only.
+- 5 – Turn off automatic updates.
 
 
 > [!IMPORTANT]
-> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
+> This option should be used only for systems under regulatory compliance, as you won't get security updates as well.
 
 
 
@@ -497,32 +447,14 @@ The following list shows the supported values:
 **Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -537,19 +469,19 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1709. Option to download updates automatically over metered connections (off by default). Value type is integer.
+Option to download updates automatically over metered connections (off by default). Value type is integer.
 
-A significant number of devices primarily use cellular data and do not have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates.
+A significant number of devices primarily use cellular data and don't have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates.
 
 This policy is accessible through the Update setting in the user interface or Group Policy.
 
 
 
 ADMX Info:  
--   GP English name: *Allow updates to be downloaded automatically over metered connections*
--   GP name: *AllowAutoWindowsUpdateDownloadOverMeteredNetwork*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Allow updates to be downloaded automatically over metered connections*
+- GP name: *AllowAutoWindowsUpdateDownloadOverMeteredNetwork*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -567,32 +499,14 @@ The following list shows the supported values:
 **Update/AllowMUUpdateService**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -607,23 +521,31 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
+Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
 
 
 
 ADMX Info:  
--   GP English name: *Configure Automatic Updates*
--   GP name: *AutoUpdateCfg*
--   GP element: *AllowMUUpdateServiceId*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *AllowMUUpdateServiceId*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
--   0 – Not allowed or not configured.
--   1 – Allowed. Accepts updates received through Microsoft Update.
+- 0 – Not configured.
+- 1 – Allowed. Accepts updates received through Microsoft Update.
+
+> [!NOTE]
+> Setting this policy back to **0** or **Not configured** doesn't revert the configuration to receive updates from Microsoft Update automatically. In order to revert the configuration, you can run the PowerShell commands that are listed below to remove the Microsoft Update service:.
+
+```
+$MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager"
+$MUSM.RemoveService("7971f918-a847-4430-9279-4a52d1efe18d")
+```
 
 
 
@@ -634,32 +556,14 @@ The following list shows the supported values:
 **Update/AllowNonMicrosoftSignedUpdate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -674,18 +578,18 @@ The following list shows the supported values:
 
 
 
-Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution.
+Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for third-party software and patch distribution.
 
 Supported operations are Get and Replace.
 
-This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
+This policy is specific to desktop and local publishing via WSUS for third-party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
 
 
 
 The following list shows the supported values:
 
--   0 – Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft.
--   1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer.
+- 0 – Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft.
+- 1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they're signed by a certificate found in the "Trusted Publishers" certificate store of the local computer.
 
 
 
@@ -696,32 +600,14 @@ The following list shows the supported values:
 **Update/AllowUpdateService**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -748,17 +634,17 @@ Enabling this policy will disable that functionality, and may cause connection t
 
 
 ADMX Info:  
--   GP English name: *Specify intranet Microsoft update service location*
--   GP name: *CorpWuURL*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify intranet Microsoft update service location*
+- GP name: *CorpWuURL*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
--   0 – Update service is not allowed.
--   1 (default) – Update service is allowed.
+- 0 – Update service isn't allowed.
+- 1 (default) – Update service is allowed.
 
 
 
@@ -769,32 +655,14 @@ The following list shows the supported values:
 **Update/AutoRestartDeadlinePeriodInDays**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -813,28 +681,28 @@ For Quality Updates, this policy specifies the deadline in days before automatic
 
 The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.
 
-Value type is integer. Default is 7 days. 
+Value type is integer. Default is seven days. 
 
 Supported values range: 2-30.
 
-Note that the PC must restart for certain updates to take effect.
+The PC must restart for certain updates to take effect.
 
 If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled.
 
-If you disable or do not configure this policy, the PC will restart according to the default schedule.
+If you disable or don't configure this policy, the PC will restart according to the default schedule.
 
 If any of the following two policies are enabled, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations.
+1. No autorestart with signed-in users for scheduled automatic updates installations.
 2. Always automatically restart at scheduled time.
 
 
 
 ADMX Info:  
--   GP English name: *Specify deadline before auto-restart for update installation*
--   GP name: *AutoRestartDeadline*
--   GP element: *AutoRestartDeadline*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify deadline before auto-restart for update installation*
+- GP name: *AutoRestartDeadline*
+- GP element: *AutoRestartDeadline*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -845,32 +713,14 @@ ADMX Info:
 **Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -893,24 +743,24 @@ Value type is integer. Default is 7 days.
 
 Supported values range: 2-30.
 
-Note that the PC must restart for certain updates to take effect.
+The PC must restart for certain updates to take effect.
 
 If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled.
 
-If you disable or do not configure this policy, the PC will restart according to the default schedule.
+If you disable or don't configure this policy, the PC will restart according to the default schedule.
 
 If any of the following two policies are enabled, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations.
+1. No autorestart with logged on users for scheduled automatic updates installations.
 2. Always automatically restart at scheduled time.
 
 
 
 ADMX Info:  
--   GP English name: *Specify deadline before auto-restart for update installation*
--   GP name: *AutoRestartDeadline*
--   GP element: *AutoRestartDeadlineForFeatureUpdates*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify deadline before auto-restart for update installation*
+- GP name: *AutoRestartDeadline*
+- GP element: *AutoRestartDeadlineForFeatureUpdates*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -921,32 +771,14 @@ ADMX Info:
 **Update/AutoRestartNotificationSchedule**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -961,18 +793,18 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications.
+Allows the IT Admin to specify the period for autorestart reminder notifications.
 
 The default value is 15 (minutes).
 
 
 
 ADMX Info:  
--   GP English name: *Configure auto-restart reminder notifications for updates*
--   GP name: *AutoRestartNotificationConfig*
--   GP element: *AutoRestartNotificationSchd*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Configure auto-restart reminder notifications for updates*
+- GP name: *AutoRestartNotificationConfig*
+- GP element: *AutoRestartNotificationSchd*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -987,32 +819,14 @@ Supported values are 15, 30, 60, 120, and 240 (minutes).
 **Update/AutoRestartRequiredNotificationDismissal**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1027,23 +841,23 @@ Supported values are 15, 30, 60, 120, and 240 (minutes).
 
 
 
-Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed.
+Allows the IT Admin to specify the method by which the autorestart required notification is dismissed.
 
 
 
 ADMX Info:  
--   GP English name: *Configure auto-restart required notification for updates*
--   GP name: *AutoRestartRequiredNotificationDismissal*
--   GP element: *AutoRestartRequiredNotificationDismissal*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Configure auto-restart required notification for updates*
+- GP name: *AutoRestartRequiredNotificationDismissal*
+- GP element: *AutoRestartRequiredNotificationDismissal*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
--   1 (default) – Auto Dismissal.
--   2 – User Dismissal.
+- 1 (default) – Auto Dismissal.
+- 2 – User Dismissal.
 
 
 
@@ -1054,32 +868,14 @@ The following list shows the supported values:
 **Update/AutomaticMaintenanceWakeUp**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1099,22 +895,22 @@ This policy setting allows you to configure if Automatic Maintenance should make
 > [!Note]
 > If the OS power wake policy is explicitly disabled, then this setting has no effect.
 
-If you enable this policy setting, Automatic Maintenance attempts to set OS wake policy and make a wake request for the daily scheduled time, if required.
+If you enable this policy setting, Automatic Maintenance attempts to set OS wake policy and make a wake request for the daily scheduled time, if necessary.
 
-If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel applies.
+If you disable or don't configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel applies.
 
 
 ADMX Info:  
--   GP English name: *Automatic Maintenance WakeUp Policy*
--   GP name: *WakeUpPolicy*
--   GP path: *Windows Components/Maintenance Scheduler*
--   GP ADMX file name: *msched.admx*
+- GP Friendly name: *Automatic Maintenance WakeUp Policy*
+- GP name: *WakeUpPolicy*
+- GP path: *Windows Components/Maintenance Scheduler*
+- GP ADMX file name: *msched.admx*
 
 
 
 Supported values:  
--   0  - Disable
--   1  - Enable (Default)
+- 0  - Disable
+- 1  - Enable (Default)
 
 
 
@@ -1130,32 +926,14 @@ Supported values:
 **Update/BranchReadinessLevel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1170,16 +948,16 @@ Supported values:
 
 
 
-Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. As of 1903, the branch readiness levels of Semi-Annual Channel (Targeted) and Semi-Annual Channel have been combined into one Semi-Annual Channel set with a value of 16. For devices on 1903 and later releases, the value of 32 is not a supported value.
+Allows the IT admin to set which branch a device receives their updates from. As of 1903, the branch readiness levels of General Availability Channel (Targeted) and General Availability Channel have been combined into one General Availability Channel set with a value of 16. For devices on 1903 and later releases, the value of 32 isn't a supported value.
 
 
 
 ADMX Info:  
--   GP English name: *Select when Preview Builds and Feature Updates are received*
--   GP name: *DeferFeatureUpdates*
--   GP element: *BranchReadinessLevelId*
--   GP path: *Windows Components/Windows Update/Windows Update for Business*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Select when Preview Builds and Feature Updates are received*
+- GP name: *DeferFeatureUpdates*
+- GP element: *BranchReadinessLevelId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -1188,8 +966,8 @@ The following list shows the supported values:
 -  2  {0x2}  - Windows Insider build - Fast (added in Windows 10, version 1709)
 -  4  {0x4}  - Windows Insider build - Slow (added in Windows 10, version 1709)
 -  8  {0x8}  - Release Windows Insider build (added in Windows 10, version 1709)
--  16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted). 
--  32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903, for all releases 1903 and after the Semi-annual Channel and Semi-annual Channel (Targeted) into a single Semi-annual Channel with a value of 16)
+-  16 {0x10} - (default) General Availability Channel (Targeted). Device gets all applicable feature updates from General Availability Channel (Targeted). 
+-  32 {0x20} - General Availability Channel. Device gets feature updates from General Availability Channel. (*Only applicable to releases prior to 1903, for all releases 1903 and after the General Availability Channel and General Availability Channel (Targeted) into a single General Availability Channel with a value of 16)
 
 
 
@@ -1200,32 +978,14 @@ The following list shows the supported values:
 **Update/ConfigureDeadlineForFeatureUpdates**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1240,20 +1000,19 @@ The following list shows the supported values:
 
 
 
-
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809, 1803, and 1709. Allows IT admins to specify the number of days a user has before feature updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule.
+Allows admins to specify the number of days before feature updates are installed on the device automatically. Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours, according to [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot). After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule.
 
 
 ADMX Info:  
--   GP English name: *Specify deadlines for automatic updates and restarts*
--   GP name: *ConfigureDeadlineForFeatureUpdates*
--   GP element: *ConfigureDeadlineForFeatureUpdates*
--   GP path: *Administrative Templates\Windows Components\WindowsUpdate*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify deadlines for automatic updates and restarts*
+- GP name: *ConfigureDeadlineForFeatureUpdates*
+- GP element: *ConfigureDeadlineForFeatureUpdates*
+- GP path: *Administrative Templates\Windows Components\WindowsUpdate*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
-Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required feature update.
+Supports a numeric value from 0-30 (2-30 in Windows 10, versions 1803 and 1709), which indicates the number of days a device will wait until performing an aggressive installation of a required feature update. When set to 0, the update will download and install immediately upon offering, but might not finish within the day due to device availability and network connectivity.
 
 Default value is 7.
 
@@ -1271,32 +1030,14 @@ Default value is 7.
 **Update/ConfigureDeadlineForQualityUpdates**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1311,20 +1052,19 @@ Default value is 7.
 
 
 
-
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809, 1803, and 1709. Allows IT admins to specify the number of days a user has before quality updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule.
+Allows admins to specify the number of days before quality updates are installed on a device automatically. Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours, according to [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot). After deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule.
 
 
 ADMX Info:  
--   GP English name: *Specify deadlines for automatic updates and restarts*
--   GP name: *ConfigureDeadlineForQualityUpdates*
--   GP element: *ConfigureDeadlineForQualityUpdates*
--   GP path: *Administrative Templates\Windows Components\WindowsUpdate*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify deadlines for automatic updates and restarts*
+- GP name: *ConfigureDeadlineForQualityUpdates*
+- GP element: *ConfigureDeadlineForQualityUpdates*
+- GP path: *Administrative Templates\Windows Components\WindowsUpdate*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
-Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required quality update.
+Supports a numeric value from 0-30 (2-30 in Windows 10, versions 1803 and 1709), which indicates the number of days a device will wait until performing an aggressive installation of a required feature update. When set to 0, the update will download and install immediately upon offering, but might not finish within the day due to device availability and network connectivity.
 
 Default value is 7.
 
@@ -1342,32 +1082,67 @@ Default value is 7.
 **Update/ConfigureDeadlineGracePeriod**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+When used with [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates),allows the admin to specify a minimum number of days until restarts occur automatically for quality updates. Setting the grace period might extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) is configured but this policy isn't, then the default value of 2 will be used.
+
+
+
+ADMX Info:  
+- GP Friendly name: *Specify deadlines for automatic updates and restarts*
+- GP name: *ConfigureDeadlineGracePeriod*
+- GP element: *ConfigureDeadlineGracePeriod*
+- GP path: *Administrative Templates\Windows Components\WindowsUpdate*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically after installing a required quality update.
+
+Default value is 2.
+
+
+
+
+
+
+
+
+
+
                  
+
+
+**Update/ConfigureDeadlineGracePeriodForFeatureUpdates**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1383,20 +1158,20 @@ Default value is 7.
 
 
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809, 1803, and 1709. Allows the IT admin (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)) to specify a minimum number of days until restarts occur automatically. Setting the grace period may extend the effective deadline set by the deadline policies.
+When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates), allows the admin to specify a minimum number of days until restarts occur automatically for feature updates. Setting the grace period may extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) is configured but this policy isn't, then the value from  [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) will be used; if that policy is also not configured, then the default value of 2 will be used.
 
 
 
 ADMX Info:  
--   GP English name: *Specify deadlines for automatic updates and restarts*
--   GP name: *ConfigureDeadlineGracePeriod*
--   GP element: *ConfigureDeadlineGracePeriod*
--   GP path: *Administrative Templates\Windows Components\WindowsUpdate*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify deadlines for automatic updates and restarts*
+- GP name: *ConfigureDeadlineGracePeriodForFeatureUpdates*
+- GP element: *ConfigureDeadlineGracePeriodForFeatureUpdates*
+- GP path: *Administrative Templates\Windows Components\WindowsUpdate*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
-Supports a numeric value from 0 - 7, which indicates the minimum number of days a device will wait until performing an aggressive installation of a required update once deadline has been reached.
+Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically after installing a required feature update.
 
 Default value is 2.
 
@@ -1414,32 +1189,14 @@ Default value is 2.
 **Update/ConfigureDeadlineNoAutoReboot**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1454,24 +1211,25 @@ Default value is 2.
 
 
 
+When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates), devices will delay automatically restarting until both the deadline and grace period have expired, even if applicable updates are already installed and pending a restart.
 
-Added in Windows 10, version 1903. Also available in Windows 10, versions 1809, 1803, and 1709. If enabled (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)), devices will not automatically restart outside of active hours until the deadline is reached, even if applicable updates are already installed and pending a restart.
+When disabled, if the device has installed updates and is outside of active hours, it might attempt an automatic restart before the deadline.
 
-When disabled, if the device has installed the required updates and is outside of active hours, it may attempt an automatic restart before the deadline.
+
 
 ADMX Info:  
--   GP English name: *Specify deadlines for automatic updates and restarts*
--   GP name: *ConfigureDeadlineNoAutoReboot*
--   GP element: *ConfigureDeadlineNoAutoReboot*
--   GP path: *Administrative Templates\Windows Components\WindowsUpdate*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify deadlines for automatic updates and restarts*
+- GP name: *ConfigureDeadlineNoAutoReboot*
+- GP element: *ConfigureDeadlineNoAutoReboot*
+- GP path: *Administrative Templates\Windows Components\WindowsUpdate*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 Supported values:  
--   1 - Enabled
--   0 (default) - Disabled
+- 1 - Enabled
+- 0 (default) - Disabled
 
 
 
@@ -1487,32 +1245,14 @@ Supported values:
 **Update/ConfigureFeatureUpdateUninstallPeriod**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark4
                  Businesscheck mark4
                  Enterprisecheck mark4
                  Educationcheck mark4
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1527,7 +1267,7 @@ Supported values:
 
 
 
-Added in Windows 10, version 1803. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
+Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
 
 
 
@@ -1538,32 +1278,14 @@ Added in Windows 10, version 1803. Enable IT admin to configure feature update u
 **Update/DeferFeatureUpdatesPeriodInDays**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1578,9 +1300,8 @@ Added in Windows 10, version 1803. Enable IT admin to configure feature update u
 
 
 
-Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
 
-Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days.
+Defers Feature Updates for the specified number of days.
 
 Supported values are 0-365 days.
 
@@ -1590,11 +1311,11 @@ Supported values are 0-365 days.
 
 
 ADMX Info:  
--   GP English name: *Select when Preview Builds and Feature Updates are received*
--   GP name: *DeferFeatureUpdates*
--   GP element: *DeferFeatureUpdatesPeriodId*
--   GP path: *Windows Components/Windows Update/Windows Update for Business*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Select when Preview Builds and Feature Updates are received*
+- GP name: *DeferFeatureUpdates*
+- GP element: *DeferFeatureUpdatesPeriodId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -1605,32 +1326,14 @@ ADMX Info:
 **Update/DeferQualityUpdatesPeriodInDays**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1645,18 +1348,18 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days.
+Defers Quality Updates for the specified number of days.
 
 Supported values are 0-30.
 
 
 
 ADMX Info:  
--   GP English name: *Select when Quality Updates are received*
--   GP name: *DeferQualityUpdates*
--   GP element: *DeferQualityUpdatesPeriodId*
--   GP path: *Windows Components/Windows Update/Windows Update for Business*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Select when Quality Updates are received*
+- GP name: *DeferQualityUpdates*
+- GP element: *DeferQualityUpdatesPeriodId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -1667,32 +1370,14 @@ ADMX Info:
 **Update/DeferUpdatePeriod**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1711,7 +1396,7 @@ ADMX Info:
 > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices.
 
 
-Allows IT Admins to specify update delays for up to 4 weeks.
+Allows IT Admins to specify update delays for up to four weeks.
 
 Supported values are 0-4, which refers to the number of weeks to defer updates.
 
@@ -1720,14 +1405,14 @@ If the "Specify intranet Microsoft update service location" policy is enabled, t
 If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
 
 OS upgrade:
-- Maximum deferral: 8 months
-- Deferral increment: 1 month
+- Maximum deferral: Eight months
+- Deferral increment: One month
 - Update type/notes:
   - Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5
 
 Update:
-- Maximum deferral: 1 month
-- Deferral increment: 1 week
+- Maximum deferral: One month
+- Deferral increment: One week
 - Update type/notes: If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic:
   
   - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
@@ -1739,71 +1424,20 @@ Update:
   - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
   - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
 
-Other/cannot defer:
+Other/can't defer:
 
 - Maximum deferral: No deferral
 - Deferral increment: No deferral
 - Update type/notes:
-  Any update category not specifically enumerated above falls into this category.
+  Any update category not enumerated above falls into this category.
       - Definition Update - E0789628-CE08-4437-BE74-2495B842F43B
 
-
-
 
 
 ADMX Info:  
--   GP name: *DeferUpgrade*
--   GP element: *DeferUpdatePeriodId*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP name: *DeferUpgrade*
+- GP element: *DeferUpdatePeriodId*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -1814,32 +1448,14 @@ ADMX Info:
 **Update/DeferUpgradePeriod**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1855,12 +1471,10 @@ ADMX Info:
 
 
 > [!NOTE]
-> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
->
 > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices.
 
 
-Allows IT Admins to specify additional upgrade delays for up to 8 months.
+Allows IT Admins to specify other upgrade delays for up to eight months.
 
 Supported values are 0-8, which refers to the number of months to defer upgrades.
 
@@ -1871,9 +1485,9 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th
 
 
 ADMX Info:  
--   GP name: *DeferUpgrade*
--   GP element: *DeferUpgradePeriodId*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP name: *DeferUpgrade*
+- GP element: *DeferUpgradePeriodId*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -1884,32 +1498,14 @@ ADMX Info:
 **Update/DetectionFrequency**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1924,16 +1520,16 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours with a random variant of 0 - 4 hours. Default is 22 hours. This policy should only be enabled when Update/UpdateServiceUrl is configured to point the device at a WSUS server rather than Microsoft Update. 
+Specifies the scan frequency from every 1 - 22 hours with a random variant of 0 - 4 hours. Default is 22 hours. This policy should be enabled only when Update/UpdateServiceUrl is configured to point the device at a WSUS server rather than Microsoft Update. 
 
 
 
 ADMX Info:  
--   GP English name: *Automatic Updates detection frequency*
--   GP name: *DetectionFrequency_Title*
--   GP element: *DetectionFrequency_Hour2*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Automatic Updates detection frequency*
+- GP name: *DetectionFrequency_Title*
+- GP element: *DetectionFrequency_Hour2*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -1944,32 +1540,14 @@ ADMX Info:
 **Update/DisableDualScan**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -1984,28 +1562,28 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709, but was added to 1607 and 1703 service releases. Do not allow update deferral policies to cause scans against Windows Update. If this policy is not enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update.  With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like.
+Don't allow update deferral policies to cause scans against Windows Update. If this policy isn't enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update.  With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like.
 
 For more information about dual scan, see [Demystifying "Dual Scan"](/archive/blogs/wsus/demystifying-dual-scan) and [Improving Dual Scan on 1607](/archive/blogs/wsus/improving-dual-scan-on-1607).
 
-This is the same as the Group Policy in Windows Components > Window Update "Do not allow update deferral policies to cause scans against Windows Update."
+This setting is the same as the Group Policy in **Windows Components** > **Windows Update**: "Do not allow update deferral policies to cause scans against Windows Update."
 
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 
 ADMX Info:  
--   GP English name: *Do not allow update deferral policies to cause scans against Windows Update*
--   GP name: *DisableDualScan*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Do not allow update deferral policies to cause scans against Windows Update*
+- GP name: *DisableDualScan*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
-- 0 - allow scan against Windows Update
-- 1 - do not allow update deferral policies to cause scans against Windows Update
+- 0 - Allow scan against Windows Update
+- 1 - Don't allow update deferral policies to cause scans against Windows Update
 
 
 
@@ -2016,32 +1594,14 @@ The following list shows the supported values:
 **Update/DisableWUfBSafeguards**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2069,22 +1629,72 @@ IT admins can, if necessary, opt devices out of safeguard protections using this
 >
 > The disable safeguards policy will revert to “Not Configured” on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsoft’s default protection from known issues for each new feature update. 
 >
-> Disabling safeguards does not guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade as you are bypassing the protection given by Microsoft pertaining to known issues.
+> Disabling safeguards doesn't guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade as you're bypassing the protection given by Microsoft pertaining to known issues.
 
 
 
 ADMX Info:  
--   GP English name: *Disable safeguards for Feature Updates*
--   GP name: *DisableWUfBSafeguards*
--   GP path: *Windows Components/Windows Update/Windows Update for Business*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Disable safeguards for Feature Updates*
+- GP name: *DisableWUfBSafeguards*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
 - 0 (default) - Safeguards are enabled and devices may be blocked for upgrades until the safeguard is cleared.
-- 1 - Safeguards are not enabled and upgrades will be deployed without blocking on safeguards.
+- 1 - Safeguards aren't enabled and upgrades will be deployed without blocking on safeguards.
+
+
+
+
+
                  
+
+
+**Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+To ensure the highest levels of security, we recommended using WSUS TLS certificate pinning on all devices. 
+
+By default, certificate pinning for Windows Update client isn't enforced. 
+
+
+
+ADMX Info:  
+- GP Friendly name: *Allow user proxy to be used as a fallback if detection using system proxy fails*
+- GP name: *Allow user proxy to be used as a fallback if detection using system proxy fails*
+- GP path: *Windows Update\SpecifyintranetMicrosoftupdateserviceLocation*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 (default) - Enforce certificate pinning
+- 1 - Don't enforce certificate pinning
 
 
 
@@ -2095,32 +1705,14 @@ The following list shows the supported values:
 **Update/EngagedRestartDeadline**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2135,34 +1727,34 @@ The following list shows the supported values:
 
 
 
-For Quality Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
+For Quality Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Autorestart to Engaged restart (pending user schedule) to be executed automatically, within the specified period.
 
 The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.
 
 > [!NOTE]
-> If Update/EngagedDeadline is the only policy set (Update/EngagedRestartTransitionSchedule and Update/EngagedRestartSnoozeSchedule are not set), the behavior goes from reboot required -> engaged behavior -> forced reboot after deadline is reached with a 3-day snooze period.
+> If Update/EngagedDeadline is the only policy set (Update/EngagedRestartTransitionSchedule and Update/EngagedRestartSnoozeSchedule aren't set), the behavior goes from reboot required -> engaged behavior -> forced reboot after deadline is reached with a 3-day snooze period.
 
 Value type is integer. Default is 14.
 
 Supported value range: 2 - 30.
 
-If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e.g. pending user scheduling).
+If no deadline is specified or deadline is set to 0, the restart won't be automatically executed and will remain Engaged restart (for example, pending user scheduling).
 
-If you disable or do not configure this policy, the default behaviors will be used.
+If you disable or don't configure this policy, the default behaviors will be used.
 
 If any of the following policies are configured, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations
+1. No autorestart with logged on users for scheduled automatic updates installations
 2. Always automatically restart at scheduled time
-3. Specify deadline before auto-restart for update installation
+3. Specify deadline before autorestart for update installation
 
 
 
 ADMX Info:  
--   GP English name: *Specify Engaged restart transition and notification schedule for updates*
--   GP name: *EngagedRestartTransitionSchedule*
--   GP element: *EngagedRestartDeadline*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
+- GP name: *EngagedRestartTransitionSchedule*
+- GP element: *EngagedRestartDeadline*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -2173,32 +1765,14 @@ ADMX Info:
 **Update/EngagedRestartDeadlineForFeatureUpdates**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2213,29 +1787,29 @@ ADMX Info:
 
 
 
-For Feature Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
+For Feature Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be executed automatically, within the specified period.
 
 Value type is integer. Default is 14.
 
-Supported value range: 2 - 30.
+Supported value range: 2-30.
 
-If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e.g. pending user scheduling).
+If no deadline is specified or deadline is set to 0, the restart won't be automatically executed and will remain Engaged restart (for example, pending user scheduling).
 
-If you disable or do not configure this policy, the default behaviors will be used.
+If you disable or don't configure this policy, the default behaviors will be used.
 
 If any of the following policies are configured, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations
+1. No autorestart with logged on users for scheduled automatic updates installations
 2. Always automatically restart at scheduled time
-3. Specify deadline before auto-restart for update installation
+3. Specify deadline before autorestart for update installation
 
 
 
 ADMX Info:  
--   GP English name: *Specify Engaged restart transition and notification schedule for updates*
--   GP name: *EngagedRestartTransitionSchedule*
--   GP element: *EngagedRestartDeadlineForFeatureUpdates*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
+- GP name: *EngagedRestartTransitionSchedule*
+- GP element: *EngagedRestartDeadlineForFeatureUpdates*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -2246,32 +1820,14 @@ ADMX Info:
 **Update/EngagedRestartSnoozeSchedule**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2286,27 +1842,27 @@ ADMX Info:
 
 
 
-For Quality Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
+For Quality Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1-3 days.
 
-Value type is integer. Default is 3 days.
+Value type is integer. Default is three days.
 
-Supported value range: 1 - 3.
+Supported value range: 1-3.
 
-If you disable or do not configure this policy, the default behaviors will be used.
+If you disable or don't configure this policy, the default behaviors will be used.
 
 If any of the following policies are configured, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations
+1. No autorestart with logged on users for scheduled automatic updates installations
 2. Always automatically restart at scheduled time
-3. Specify deadline before auto-restart for update installation
+3. Specify deadline before autorestart for update installation
 
 
 
 ADMX Info:  
--   GP English name: *Specify Engaged restart transition and notification schedule for updates*
--   GP name: *EngagedRestartTransitionSchedule*
--   GP element: *EngagedRestartSnoozeSchedule*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
+- GP name: *EngagedRestartTransitionSchedule*
+- GP element: *EngagedRestartSnoozeSchedule*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -2317,32 +1873,14 @@ ADMX Info:
 **Update/EngagedRestartSnoozeScheduleForFeatureUpdates**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2357,27 +1895,27 @@ ADMX Info:
 
 
 
-For Feature Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
+For Feature Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1-3 days.
 
-Value type is integer. Default is 3 days.
+Value type is integer. Default is three days.
 
-Supported value range: 1 - 3.
+Supported value range: 1-3.
 
-If you disable or do not configure this policy, the default behaviors will be used.
+If you disable or don't configure this policy, the default behaviors will be used.
 
 If any of the following policies are configured, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations
+1. No autorestart with logged on users for scheduled automatic updates installations
 2. Always automatically restart at scheduled time
-3. Specify deadline before auto-restart for update installation
+3. Specify deadline before autorestart for update installation
 
 
 
 ADMX Info:  
--   GP English name: *Specify Engaged restart transition and notification schedule for updates*
--   GP name: *EngagedRestartTransitionSchedule*
--   GP element: *EngagedRestartSnoozeScheduleForFeatureUpdates*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
+- GP name: *EngagedRestartTransitionSchedule*
+- GP element: *EngagedRestartSnoozeScheduleForFeatureUpdates*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -2388,32 +1926,14 @@ ADMX Info:
 **Update/EngagedRestartTransitionSchedule**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2434,21 +1954,21 @@ Value type is integer. Default value is 7 days.
 
 Supported value range: 2 - 30. 
 
-If you disable or do not configure this policy, the default behaviors will be used.
+If you disable or don't configure this policy, the default behaviors will be used.
 
 If any of the following policies are configured, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations
+1. No autorestart with logged on users for scheduled automatic updates installations
 2. Always automatically restart at scheduled time
-3. Specify deadline before auto-restart for update installation
+3. Specify deadline before autorestart for update installation
 
 
 
 ADMX Info:  
--   GP English name: *Specify Engaged restart transition and notification schedule for updates*
--   GP name: *EngagedRestartTransitionSchedule*
--   GP element: *EngagedRestartTransitionSchedule*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
+- GP name: *EngagedRestartTransitionSchedule*
+- GP element: *EngagedRestartTransitionSchedule*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -2459,32 +1979,14 @@ ADMX Info:
 **Update/EngagedRestartTransitionScheduleForFeatureUpdates**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark5
                  Businesscheck mark5
                  Enterprisecheck mark5
                  Educationcheck mark5
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2501,25 +2003,25 @@ ADMX Info:
 
 For Feature Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
 
-Value type is integer. Default value is 7 days.
+Value type is integer. Default value is seven days.
 
-Supported value range: 2 - 30.
+Supported value range: 2-30.
 
-If you disable or do not configure this policy, the default behaviors will be used.
+If you disable or don't configure this policy, the default behaviors will be used.
 
 If any of the following policies are configured, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations
+1. No autorestart with logged on users for scheduled automatic updates installations
 2. Always automatically restart at scheduled time
-3. Specify deadline before auto-restart for update installation
+3. Specify deadline before autorestart for update installation
 
 
 
 ADMX Info:  
--   GP English name: *Specify Engaged restart transition and notification schedule for updates*
--   GP name: *EngagedRestartTransitionSchedule*
--   GP element: *EngagedRestartTransitionScheduleForFeatureUpdates*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
+- GP name: *EngagedRestartTransitionSchedule*
+- GP element: *EngagedRestartTransitionScheduleForFeatureUpdates*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -2530,32 +2032,14 @@ ADMX Info:
 **Update/ExcludeWUDriversInQualityUpdate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2570,25 +2054,23 @@ ADMX Info:
 
 
 
-> [!NOTE]
-> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
 
-Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates.
+Allows IT Admins to exclude Windows Update (WU) drivers during updates.
 
 
 
 ADMX Info:  
--   GP English name: *Do not include drivers with Windows Updates*
--   GP name: *ExcludeWUDriversInQualityUpdate*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Do not include drivers with Windows Updates*
+- GP name: *ExcludeWUDriversInQualityUpdate*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
--   0 (default) – Allow Windows Update drivers.
--   1 – Exclude Windows Update drivers.
+- 0 (default) – Allow Windows Update drivers.
+- 1 – Exclude Windows Update drivers.
 
 
 
@@ -2599,32 +2081,14 @@ The following list shows the supported values:
 **Update/FillEmptyContentUrls**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2639,26 +2103,26 @@ The following list shows the supported values:
 
 
 
-Added in the April service release of Windows 10, version 1607. Allows Windows Update Agent to determine the download URL when it is missing from the metadata.  This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL).
+Allows Windows Update Agent to determine the download URL when it's missing from the metadata.  This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL).
 
 > [!NOTE]
-> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache.  This setting is used when the intranet update service does not provide download URLs in the update metadata for files which are available on the alternate download server.
+> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache.  This setting is used when the intranet update service doesn't provide download URLs in the update metadata for files which are available on the alternate download server.
 
 
 
 ADMX Info:  
--   GP English name: *Specify intranet Microsoft update service location*
--   GP name: *CorpWuURL*
--   GP element: *CorpWUFillEmptyContentUrls*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify intranet Microsoft update service location*
+- GP name: *CorpWuURL*
+- GP element: *CorpWUFillEmptyContentUrls*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
--   0 (default) – Disabled.
--   1 – Enabled.
+- 0 (default) – Disabled.
+- 1 – Enabled.
 
 
 
@@ -2669,32 +2133,14 @@ The following list shows the supported values:
 **Update/IgnoreMOAppDownloadLimit**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2709,7 +2155,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. 
+Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. 
 
 > [!WARNING]
 > Setting this policy might cause devices to incur costs from MO operators.
@@ -2718,15 +2164,15 @@ Added in Windows 10, version 1703. Specifies whether to ignore the MO download
 
 The following list shows the supported values:
 
--   0 (default) – Do not ignore MO download limit for apps and their updates.
--   1 – Ignore MO download limit (allow unlimited downloading) for apps and their updates.
+- 0 (default) – Don't ignore MO download limit for apps and their updates.
+- 1 – Ignore MO download limit (allow unlimited downloading) for apps and their updates.
 
 
 
 To validate this policy:
 
 1.  Enable the policy and ensure the device is on a cellular network.
-2.  Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell: 
+2.  Run the scheduled task on your device to check for app updates in the background. For example, on a device, run the following commands in TShell: 
     ```TShell
        exec-device schtasks.exe -arguments '/run /tn "\Microsoft\Windows\WindowsUpdate\Automatic App Update" /I'
     ```
@@ -2740,32 +2186,14 @@ To validate this policy:
 **Update/IgnoreMOUpdateDownloadLimit**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2780,7 +2208,7 @@ To validate this policy:
 
 
 
-Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. 
+Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. 
 
 > [!WARNING]
 > Setting this policy might cause devices to incur costs from MO operators.
@@ -2789,15 +2217,15 @@ Added in Windows 10, version 1703. Specifies whether to ignore the MO download
 
 The following list shows the supported values:
 
--   0 (default) – Do not ignore MO download limit for OS updates.
--   1 – Ignore MO download limit (allow unlimited downloading) for OS updates.
+- 0 (default) – Don't ignore MO download limit for OS updates.
+- 1 – Ignore MO download limit (allow unlimited downloading) for OS updates.
 
 
 
 To validate this policy:
 
 1.  Enable the policy and ensure the device is on a cellular network.
-2.  Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell: 
+2.  Run the scheduled task on your device to check for app updates in the background. For example, on a device, run the following commands in TShell: 
     ```TShell
        exec-device schtasks.exe -arguments '/run /tn "\Microsoft\Windows\WindowsUpdate\Automatic App Update" /I'
     ```
@@ -2811,32 +2239,14 @@ To validate this policy:
 **Update/ManagePreviewBuilds**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2851,24 +2261,24 @@ To validate this policy:
 
 
 
-Added in Windows 10, version 1709. Used to manage Windows 10 Insider Preview builds. Value type is integer.
+Used to manage Windows 10 Insider Preview builds. Value type is integer.
 
 
 
 ADMX Info:  
--   GP English name: *Manage preview builds*
--   GP name: *ManagePreviewBuilds*
--   GP element: *ManagePreviewBuildsId*
--   GP path: *Windows Components/Windows Update/Windows Update for Business*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Manage preview builds*
+- GP name: *ManagePreviewBuilds*
+- GP element: *ManagePreviewBuildsId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
--   0 - Disable Preview builds
--   1 - Disable Preview builds once the next release is public
--   2 - Enable Preview builds
+- 0 - Disable Preview builds
+- 1 - Disable Preview builds once the next release is public
+- 2 - Enable Preview builds
 
 
 
@@ -2879,32 +2289,14 @@ The following list shows the supported values:
 **Update/PauseDeferrals**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2923,7 +2315,7 @@ The following list shows the supported values:
 > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices.
 
 
-Allows IT Admins to pause updates and upgrades for up to 5 weeks. Paused deferrals will be reset after 5 weeks.
+Allows IT Admins to pause updates and upgrades for up to five weeks. Paused deferrals will be reset after five weeks.
 
 
 If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
@@ -2933,16 +2325,16 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th
 
 
 ADMX Info:  
--   GP name: *DeferUpgrade*
--   GP element: *PauseDeferralsId*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP name: *DeferUpgrade*
+- GP element: *PauseDeferralsId*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
--   0 (default) – Deferrals are not paused.
--   1 – Deferrals are paused.
+- 0 (default) – Deferrals aren't paused.
+- 1 – Deferrals are paused.
 
 
 
@@ -2953,32 +2345,14 @@ The following list shows the supported values:
 **Update/PauseFeatureUpdates**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -2993,26 +2367,24 @@ The following list shows the supported values:
 
 
 
-Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
 
-
-Added in Windows 10, version 1607. Allows IT Admins to pause feature updates for up to 35 days. We recomment that you use the *Update/PauseFeatureUpdatesStartTime* policy if you are running Windows 10, version 1703 or later.
+Allows IT Admins to pause feature updates for up to 35 days. We recomment that you use the *Update/PauseFeatureUpdatesStartTime* policy if you're running Windows 10, version 1703 or later.
 
 
 
 ADMX Info:  
--   GP English name: *Select when Preview Builds and Feature Updates are received*
--   GP name: *DeferFeatureUpdates*
--   GP element: *PauseFeatureUpdatesId*
--   GP path: *Windows Components/Windows Update/Windows Update for Business*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Select when Preview Builds and Feature Updates are received*
+- GP name: *DeferFeatureUpdates*
+- GP element: *PauseFeatureUpdatesId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
--   0 (default) – Feature Updates are not paused.
--   1 – Feature Updates are paused for 35 days or until value set to back to 0, whichever is sooner.
+- 0 (default) – Feature Updates aren't paused.
+- 1 – Feature Updates are paused for 35 days or until value set to back to 0, whichever is sooner.
 
 
 
@@ -3023,32 +2395,14 @@ The following list shows the supported values:
 **Update/PauseFeatureUpdatesStartTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3063,18 +2417,18 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Feature Updates. When this policy is configured, Feature Updates will be paused for 35 days from the specified start date. 
+Specifies the date and time when the IT admin wants to start pausing the Feature Updates. When this policy is configured, Feature Updates will be paused for 35 days from the specified start date. 
 
 Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace.
 
 
 
 ADMX Info:  
--   GP English name: *Select when Preview Builds and Feature Updates are received*
--   GP name: *DeferFeatureUpdates*
--   GP element: *PauseFeatureUpdatesStartId*
--   GP path: *Windows Components/Windows Update/Windows Update for Business*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Select when Preview Builds and Feature Updates are received*
+- GP name: *DeferFeatureUpdates*
+- GP element: *PauseFeatureUpdatesStartId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -3085,32 +2439,14 @@ ADMX Info:
 **Update/PauseQualityUpdates**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3125,23 +2461,23 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1607. Allows IT Admins to pause quality updates. For those running Windows 10, version 1703 or later, we recommend that you use *Update/PauseQualityUpdatesStartTime* instead.
+Allows IT Admins to pause quality updates. For those running Windows 10, version 1703 or later, we recommend that you use *Update/PauseQualityUpdatesStartTime* instead.
 
 
 
 ADMX Info:  
--   GP English name: *Select when Quality Updates are received*
--   GP name: *DeferQualityUpdates*
--   GP element: *PauseQualityUpdatesId*
--   GP path: *Windows Components/Windows Update/Windows Update for Business*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Select when Quality Updates are received*
+- GP name: *DeferQualityUpdates*
+- GP element: *PauseQualityUpdatesId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
--   0 (default) – Quality Updates are not paused.
--   1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner.
+- 0 (default) – Quality Updates aren't paused.
+- 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner.
 
 
 
@@ -3152,32 +2488,14 @@ The following list shows the supported values:
 **Update/PauseQualityUpdatesStartTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3192,18 +2510,18 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Quality Updates. When this policy is configured, Quality Updates will be paused for 35 days from the specified start date. 
+Specifies the date and time when the IT admin wants to start pausing the Quality Updates. When this policy is configured, Quality Updates will be paused for 35 days from the specified start date. 
 
 Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace.
 
 
 
 ADMX Info:  
--   GP English name: *Select when Quality Updates are received*
--   GP name: *DeferQualityUpdates*
--   GP element: *PauseQualityUpdatesStartId*
--   GP path: *Windows Components/Windows Update/Windows Update for Business*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Select when Quality Updates are received*
+- GP name: *DeferQualityUpdates*
+- GP element: *PauseQualityUpdatesStartId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -3221,36 +2539,76 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
 
 
                  
 
+
+**Update/ProductVersion**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+Available in Windows 10, version 2004 and later. Enables IT administrators to specify which product they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy to target a new product. 
+
+If no product is specified, the device will continue receiving newer versions of the Windows product it's currently on. For details about different Windows 10 versions, see [release information](/windows/release-health/release-information).
+
+
+
+ADMX Info:  
+- GP Friendly name: *Select the target Feature Update version*
+- GP name: *TargetReleaseVersion*
+- GP element: *ProductVersion*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+Value type is a string containing a Windows product, for example, “Windows 11” or “11” or “Windows 10”.
+
+
+
+
+
+
+
+
+By using this Windows Update for Business policy to upgrade devices to a new product (for example, Windows 11) you're agreeing that when applying this operating system to a device, either:
+
+1. The applicable Windows license was purchased through volume licensing, or
+
+2. That you're authorized to bind your organization and are accepting on its behalf the relevant Microsoft Software License Terms to be found here: (https://www.microsoft.com/Useterms).
+
+
                  
+
 
 **Update/RequireDeferUpgrade**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
 
 
 
                  
@@ -3269,21 +2627,21 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
 > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices.
 
 
-Allows the IT admin to set a device to Semi-Annual Channel train.
+Allows the IT admin to set a device to General Availability Channel train.
 
 
 
 ADMX Info:  
--   GP name: *DeferUpgrade*
--   GP element: *DeferUpgradePeriodId*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP name: *DeferUpgrade*
+- GP element: *DeferUpgradePeriodId*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
--   0 (default) – User gets upgrades from Semi-Annual Channel (Targeted).
--   1 – User gets upgrades from Semi-Annual Channel.
+- 0 (default) – User gets upgrades from General Availability Channel (Targeted).
+- 1 – User gets upgrades from General Availability Channel.
 
 
 
@@ -3294,32 +2652,14 @@ The following list shows the supported values:
 **Update/RequireUpdateApproval**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|No|
+|Business|Yes|No|
+|Enterprise|Yes|No|
+|Education|Yes|No|
 
 
 
                  
@@ -3335,10 +2675,10 @@ The following list shows the supported values:
 
 
 > [!NOTE]
-> This policy is *only* recommended for managing mobile devices. If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. 
+> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. 
 
 
-Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved.
+Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end user. EULAs are approved once an update is approved.
 
 Supported operations are Get and Replace.
 
@@ -3346,8 +2686,8 @@ Supported operations are Get and Replace.
 
 The following list shows the supported values:
 
--   0 – Not configured. The device installs all applicable updates.
--   1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment.
+- 0 – Not configured. The device installs all applicable updates.
+- 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment.
 
 
 
@@ -3358,32 +2698,14 @@ The following list shows the supported values:
 **Update/ScheduleImminentRestartWarning**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3398,18 +2720,18 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications.
+Allows the IT Admin to specify the period for autorestart imminent warning notifications.
 
 The default value is 15 (minutes).
 
 
 
 ADMX Info:  
--   GP English name: *Configure auto-restart warning notifications schedule for updates*
--   GP name: *RestartWarnRemind*
--   GP element: *RestartWarn*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Configure auto-restart warning notifications schedule for updates*
+- GP name: *RestartWarnRemind*
+- GP element: *RestartWarn*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -3424,32 +2746,14 @@ Supported values are 15, 30, or 60 (minutes).
 **Update/ScheduleRestartWarning**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3468,18 +2772,18 @@ Supported values are 15, 30, or 60 (minutes).
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
 
 
-Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart warning reminder notifications.
+Allows the IT Admin to specify the period for autorestart warning reminder notifications.
 
 The default value is 4 (hours).
 
 
 
 ADMX Info:  
--   GP English name: *Configure auto-restart warning notifications schedule for updates*
--   GP name: *RestartWarnRemind*
--   GP element: *RestartWarnRemind*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Configure auto-restart warning notifications schedule for updates*
+- GP name: *RestartWarnRemind*
+- GP element: *RestartWarnRemind*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -3494,32 +2798,14 @@ Supported values are 2, 4, 8, 12, or 24 (hours).
 **Update/ScheduledInstallDay**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3536,31 +2822,31 @@ Supported values are 2, 4, 8, 12, or 24 (hours).
 
 Enables the IT admin to schedule the day of the update installation.
 
-The data type is a integer.
+The data type is an integer.
 
 Supported operations are Add, Delete, Get, and Replace.
 
 
 
 ADMX Info:  
--   GP English name: *Configure Automatic Updates*
--   GP name: *AutoUpdateCfg*
--   GP element: *AutoUpdateSchDay*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *AutoUpdateSchDay*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
--   0 (default) – Every day
--   1 – Sunday
--   2 – Monday
--   3 – Tuesday
--   4 – Wednesday
--   5 – Thursday
--   6 – Friday
--   7 – Saturday
+- 0 (default) – Every day
+- 1 – Sunday
+- 2 – Monday
+- 3 – Tuesday
+- 4 – Wednesday
+- 5 – Thursday
+- 6 – Friday
+- 7 – Saturday
 
 
 
@@ -3571,32 +2857,14 @@ The following list shows the supported values:
 **Update/ScheduledInstallEveryWeek**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -3611,7 +2879,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values:
+Enables the IT admin to schedule the update installation on every week. Value type is integer. Supported values:
 
                    
 
                  • 0 - no update in the schedule
                    • 
 
                  • 1 - update is scheduled every week
                    • 
@@ -3620,11 +2888,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
 
 
 ADMX Info:  
--   GP English name: *Configure Automatic Updates*
--   GP name: *AutoUpdateCfg*
--   GP element: *AutoUpdateSchEveryWeek*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *AutoUpdateSchEveryWeek*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -3635,32 +2903,14 @@ ADMX Info:
 **Update/ScheduledInstallFirstWeek**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                    Windows EditionSupported?
                    Homecross mark
                    Procheck mark3
                    Businesscheck mark3
                    Enterprisecheck mark3
                    Educationcheck mark3
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -3675,7 +2925,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values:
+Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values:
 
                      
 
                    • 0 - no update in the schedule
                      • 
 
                    • 1 - update is scheduled every first week of the month
                      • 
@@ -3684,11 +2934,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
 
 
 ADMX Info:  
--   GP English name: *Configure Automatic Updates*
--   GP name: *AutoUpdateCfg*
--   GP element: *AutoUpdateSchFirstWeek*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *AutoUpdateSchFirstWeek*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -3699,32 +2949,14 @@ ADMX Info:
 **Update/ScheduledInstallFourthWeek**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                      Windows EditionSupported?
                      Homecross mark
                      Procheck mark3
                      Businesscheck mark3
                      Enterprisecheck mark3
                      Educationcheck mark3
                      
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                      
@@ -3739,7 +2971,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values:
+Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values:
 
                        
 
                      • 0 - no update in the schedule
                        • 
 
                      • 1 - update is scheduled every fourth week of the month
                        • 
@@ -3748,11 +2980,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
 
 
 ADMX Info:  
--   GP English name: *Configure Automatic Updates*
--   GP name: *AutoUpdateCfg*
--   GP element: *ScheduledInstallFourthWeek*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *ScheduledInstallFourthWeek*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -3763,32 +2995,14 @@ ADMX Info:
 **Update/ScheduledInstallSecondWeek**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                        Windows EditionSupported?
                        Homecross mark
                        Procheck mark3
                        Businesscheck mark3
                        Enterprisecheck mark3
                        Educationcheck mark3
                        
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                        
@@ -3803,7 +3017,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values:
+Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values:
 
                          
 
                        • 0 - no update in the schedule
                          • 
 
                        • 1 - update is scheduled every second week of the month
                          • 
@@ -3812,11 +3026,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
 
 
 ADMX Info:  
--   GP English name: *Configure Automatic Updates*
--   GP name: *AutoUpdateCfg*
--   GP element: *ScheduledInstallSecondWeek*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *ScheduledInstallSecondWeek*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -3827,32 +3041,14 @@ ADMX Info:
 **Update/ScheduledInstallThirdWeek**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                          Windows EditionSupported?
                          Homecross mark
                          Procheck mark3
                          Businesscheck mark3
                          Enterprisecheck mark3
                          Educationcheck mark3
                          
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                          
@@ -3867,7 +3063,7 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values:
+Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values:
 
                            
 
                          • 0 - no update in the schedule
                            • 
 
                          • 1 - update is scheduled every third week of the month
                            • 
@@ -3876,11 +3072,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
 
 
 ADMX Info:  
--   GP English name: *Configure Automatic Updates*
--   GP name: *AutoUpdateCfg*
--   GP element: *ScheduledInstallThirdWeek*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *ScheduledInstallThirdWeek*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -3891,32 +3087,14 @@ ADMX Info:
 **Update/ScheduledInstallTime**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark
                            Businesscheck mark
                            Enterprisecheck mark
                            Educationcheck mark
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -3937,7 +3115,7 @@ ADMX Info:
 
 Enables the IT admin to schedule the time of the update installation.
 
-The data type is a integer.
+The data type is an integer.
 
 Supported operations are Add, Delete, Get, and Replace.
 
@@ -3948,11 +3126,11 @@ The default value is 3.
 
 
 ADMX Info:  
--   GP English name: *Configure Automatic Updates*
--   GP name: *AutoUpdateCfg*
--   GP element: *AutoUpdateSchTime*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *AutoUpdateSchTime*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -3963,32 +3141,14 @@ ADMX Info:
 **Update/SetAutoRestartNotificationDisable**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark2
                            Businesscheck mark2
                            Enterprisecheck mark2
                            Educationcheck mark2
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -4003,23 +3163,23 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. Allows the IT Admin to disable auto-restart notifications for update installations.
+Allows the IT Admin to disable autorestart notifications for update installations.
 
 
 
 ADMX Info:  
--   GP English name: *Turn off auto-restart notifications for update installations*
--   GP name: *AutoRestartNotificationDisable*
--   GP element: *AutoRestartNotificationSchd*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Turn off auto-restart notifications for update installations*
+- GP name: *AutoRestartNotificationDisable*
+- GP element: *AutoRestartNotificationSchd*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
--   0 (default) – Enabled
--   1 – Disabled
+- 0 (default) – Enabled
+- 1 – Disabled
 
 
 
@@ -4030,32 +3190,14 @@ The following list shows the supported values:
 **Update/SetDisablePauseUXAccess**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark5
                            Businesscheck mark5
                            Enterprisecheck mark5
                            Educationcheck mark5
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -4070,15 +3212,15 @@ The following list shows the supported values:
 
 
 
-This policy allows the IT admin to disable the "Pause Updates" feature. When this policy is enabled, the user cannot access the "Pause updates" feature.
+This policy allows the IT admin to disable the "Pause Updates" feature. When this policy is enabled, the user can't access the "Pause updates" feature.
 
 Value type is integer. Default is 0. Supported values 0, 1.
 
 
 
 ADMX Info:  
--   GP name: *SetDisablePauseUXAccess*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP name: *SetDisablePauseUXAccess*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -4089,32 +3231,14 @@ ADMX Info:
 **Update/SetDisableUXWUAccess**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark5
                            Businesscheck mark5
                            Enterprisecheck mark5
                            Educationcheck mark5
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -4129,15 +3253,15 @@ ADMX Info:
 
 
 
-This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user cannot access the Windows Update scan, download, and install features.
+This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user can't access the Windows Update scan, download, and install features.
 
 Value type is integer. Default is 0. Supported values 0, 1.
 
 
 
 ADMX Info:  
--   GP name: *SetDisableUXWUAccess*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP name: *SetDisableUXWUAccess*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -4148,32 +3272,14 @@ ADMX Info:
 **Update/SetEDURestart**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark2
                            Businesscheck mark2
                            Enterprisecheck mark2
                            Educationcheck mark2
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -4188,17 +3294,17 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime.
+For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime.
 
 When you set this policy along with Update/ActiveHoursStart, Update/ActiveHoursEnd, and ShareCartPC, it will defer all the update processes (scan, download, install, and reboot) to a time after Active Hours. After a buffer period after ActiveHoursEnd, the device will wake up several times to complete the processes. All processes are blocked before ActiveHoursStart.
 
 
 
 ADMX Info:  
--   GP English name: *Update Power Policy for Cart Restarts*
--   GP name: *SetEDURestart*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Update Power Policy for Cart Restarts*
+- GP name: *SetEDURestart*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -4212,37 +3318,18 @@ The following list shows the supported values:
 
 
                            
 
-
 
-**Update/SetProxyBehaviorForUpdateDetection**  
+**Update/SetPolicyDrivenUpdateSourceForDriver**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -4257,18 +3344,242 @@ The following list shows the supported values:
 
 
 
-Available in Windows 10, version 1607 and later. By default, HTTP WSUS servers scan only if system proxy is configured. This policy setting allows you to configure user proxy as a fallback for detecting updates while using an HTTP based intranet server despite the vulnerabilities it presents.
+Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. 
 
-This policy setting does not impact those customers who have, per Microsoft recommendation, secured their WSUS server with TLS/SSL protocol, thereby using HTTPS based intranet servers to keep systems secure. That said, if a proxy is required, we recommend configuring a system proxy to ensure the highest level of security.
+If you configure this policy, also configure the scan source policies for other update types:
+- SetPolicyDrivenUpdateSourceForFeature
+- SetPolicyDrivenUpdateSourceForQuality
+- SetPolicyDrivenUpdateSourceForOther
+
+>[!NOTE]
+>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. 
 
 
 
 ADMX Info:  
--   GP English name: *Select the proxy behavior for Windows Update client for detecting updates with non-TLS (HTTP) based service*
--   GP name: *Select the proxy behavior*
--   GP element: *Select the proxy behavior*
--   GP path: *Windows Components/Windows Update/Specify intranet Microsoft update service location*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify source service for specific classes of Windows Updates*
+- GP name: *SetPolicyDrivenUpdateSourceForDriver*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0: (Default) Detect, download, and deploy Driver from Windows Update 
+- 1: Enabled, Detect, download, and deploy Driver from Windows Server Update Server (WSUS) 
+
+
+
+
+
                            
+
+
+**Update/SetPolicyDrivenUpdateSourceForFeature**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                            
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                            
+
+
+
+Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. 
+
+If you configure this policy, also configure the scan source policies for other update types:
+- SetPolicyDrivenUpdateSourceForQuality
+- SetPolicyDrivenUpdateSourceForDriver
+- SetPolicyDrivenUpdateSourceForOther
+
+>[!NOTE]
+>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. 
+
+
+
+ADMX Info:  
+- GP Friendly name: *Specify source service for specific classes of Windows Updates*
+- GP name: *SetPolicyDrivenUpdateSourceForFeature*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0: (Default) Detect, download, and deploy Feature from Windows Update 
+- 1: Enabled, Detect, download, and deploy Feature from Windows Server Update Server (WSUS) 
+
+
+
+
+
                            
+
+
+**Update/SetPolicyDrivenUpdateSourceForOther**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                            
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                            
+
+
+
+Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. 
+
+If you configure this policy, also configure the scan source policies for other update types:
+- SetPolicyDrivenUpdateSourceForFeature
+- SetPolicyDrivenUpdateSourceForQuality
+- SetPolicyDrivenUpdateSourceForDriver
+
+>[!NOTE]
+>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. 
+
+
+
+ADMX Info:  
+- GP Friendly name: *Specify source service for specific classes of Windows Updates*
+- GP name: *SetPolicyDrivenUpdateSourceForOther*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0: (Default) Detect, download, and deploy Other from Windows Update 
+- 1: Enabled, Detect, download, and deploy Other from Windows Server Update Server (WSUS) 
+
+
+
+
+
                            
+
+
+**Update/SetPolicyDrivenUpdateSourceForQuality**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                            
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                            
+
+
+
+Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. 
+
+If you configure this policy, also configure the scan source policies for other update types:
+- SetPolicyDrivenUpdateSourceForFeature
+- SetPolicyDrivenUpdateSourceForDriver
+- SetPolicyDrivenUpdateSourceForOther
+
+>[!NOTE]
+>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. 
+
+
+
+ADMX Info:  
+- GP Friendly name: *Specify source service for specific classes of Windows Updates*
+- GP name: *SetPolicyDrivenUpdateSourceForQuality*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0: (Default) Detect, download, and deploy Quality from Windows Update 
+- 1: Enabled, Detect, download, and deploy Quality from Windows Server Update Server (WSUS) 
+
+
+
+
+
                            
+
+
+**Update/SetProxyBehaviorForUpdateDetection**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                            
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                            
+
+
+
+Available in Windows 10, version 1607 and later. By default, HTTP WSUS servers scan only if system proxy is configured. This policy setting allows you to configure user proxy as a fallback for detecting updates while using an HTTP-based intranet server despite the vulnerabilities it presents.
+
+This policy setting doesn't impact those customers who have, per Microsoft recommendation, secured their WSUS server with TLS/SSL protocol, thereby using HTTPS-based intranet servers to keep systems secure. That said, if a proxy is required, we recommend configuring a system proxy to ensure the highest level of security.
+
+
+
+ADMX Info:  
+- GP Friendly name: *Select the proxy behavior for Windows Update client for detecting updates with non-TLS (HTTP) based service*
+- GP name: *Select the proxy behavior*
+- GP element: *Select the proxy behavior*
+- GP path: *Windows Components/Windows Update/Specify intranet Microsoft update service location*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -4288,32 +3599,14 @@ The following list shows the supported values:
 **Update/TargetReleaseVersion**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark4
                            Businesscheck mark4
                            Enterprisecheck mark4
                            Educationcheck mark4
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -4332,11 +3625,11 @@ Available in Windows 10, version 1803 and later. Enables IT administrators to sp
 
 
 ADMX Info:  
--   GP English name: *Select the target Feature Update version*
--   GP name: *TargetReleaseVersion*
--   GP element: *TargetReleaseVersionId*
--   GP path: *Windows Components/Windows Update/Windows Update for Business*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Select the target Feature Update version*
+- GP name: *TargetReleaseVersion*
+- GP element: *TargetReleaseVersionInfo*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -4356,32 +3649,14 @@ Value type is a string containing Windows 10 version number. For example, 1809,
 **Update/UpdateNotificationLevel**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark5
                            Businesscheck mark5
                            Enterprisecheck mark5
                            Educationcheck mark5
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -4410,10 +3685,10 @@ Options:
 
 
 ADMX Info:  
--   GP English name: *Display options for update notifications*
--   GP name: *UpdateNotificationLevel*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Display options for update notifications*
+- GP name: *UpdateNotificationLevel*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
@@ -4433,32 +3708,14 @@ ADMX Info:
 **Update/UpdateServiceUrl**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark
                            Businesscheck mark
                            Enterprisecheck mark
                            Educationcheck mark
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -4474,27 +3731,27 @@ ADMX Info:
 
 
 > [!IMPORTANT]
-> Starting in Windows 10, version 1703 this policy is not supported in IoT Mobile.
+> Starting in Windows 10, version 1703 this policy isn't supported in IoT Mobile.
 
-Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
+Allows the device to check for updates from a WSUS server instead of Microsoft Update. This setting is useful for on-premises MDMs that need to update devices that can't connect to the Internet.
 
 Supported operations are Get and Replace.
 
 
 
 ADMX Info:  
--   GP English name: *Specify intranet Microsoft update service location*
--   GP name: *CorpWuURL*
--   GP element: *CorpWUURL_Name*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify intranet Microsoft update service location*
+- GP name: *CorpWuURL*
+- GP element: *CorpWUURL_Name*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 The following list shows the supported values:
 
--   Not configured. The device checks for updates from Microsoft Update.
--   Set to a URL, such as `http://abcd-srv:8530`. The device checks for updates from the WSUS server at the specified URL.
+- Not configured. The device checks for updates from Microsoft Update.
+- Set to a URL, such as `http://abcd-srv:8530`. The device checks for updates from the WSUS server at the specified URL.
 
 
 
@@ -4525,32 +3782,14 @@ Example
 **Update/UpdateServiceUrlAlternate**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -4565,41 +3804,30 @@ Example
 
 
 
-Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
+Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
 
 This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
 
 To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server.  An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
 
-Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
+Value type is string and the default value is an empty string, "". If the setting isn't configured, and if Automatic Updates isn't disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
 
 > [!NOTE]
 > If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect.  
-> If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates.  
-> This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
+> If the "Alternate Download Server" Group Policy isn't set, it will use the WSUS server by default to download updates.  
+> This policy isn't supported on Windows RT. Setting this policy won't have any effect on Windows RT PCs.
 
 
 
 ADMX Info:  
--   GP English name: *Specify intranet Microsoft update service location*
--   GP name: *CorpWuURL*
--   GP element: *CorpWUContentHost_Name*
--   GP path: *Windows Components/Windows Update*
--   GP ADMX file name: *WindowsUpdate.admx*
+- GP Friendly name: *Specify intranet Microsoft update service location*
+- GP name: *CorpWuURL*
+- GP element: *CorpWUContentHost_Name*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
 
 
 
 
                            
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
-
\ No newline at end of file
+
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index 4a44915184..3d13322718 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -5,9 +5,9 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
-ms.date: 09/27/2019
+ms.date: 11/24/2021
 ms.reviewer: 
 manager: dansimp
 ---
@@ -15,14 +15,13 @@ manager: dansimp
 # Policy CSP - UserRights
 
 
-
 
                            
 
 User rights are assigned for user accounts or groups. The name of the policy defines the user right in question, and the values are always users or groups. Values can be represented as SIDs or strings. For reference, see [Well-Known SID Structures](/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab).
 
-Even though strings are supported for well-known accounts and groups, it is better to use SIDs, because strings are localized for different languages. Some user rights allow things like AccessFromNetwork, while others disallow things, like DenyAccessFromNetwork.
+Even though strings are supported for well-known accounts and groups, it's better to use SIDs, because strings are localized for different languages. Some user rights allow things like AccessFromNetwork, while others disallow things, like DenyAccessFromNetwork.
 
-Here is an example for setting the user right BackupFilesAndDirectories for Administrators and Authenticated Users groups.
+Here's an example for setting the user right BackupFilesAndDirectories for Administrators and Authenticated Users groups.
 
 ```xml
 
@@ -198,32 +197,14 @@ For example, the following syntax grants user rights to a specific user or group
 **UserRights/AccessCredentialManagerAsTrustedCaller**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -238,12 +219,12 @@ For example, the following syntax grants user rights to a specific user or group
 
 
 
-This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities.
+This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it's only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities.
 
 
 
 GP Info:
--   GP English name: *Access Credential Manager as a trusted caller*
+-   GP Friendly name: *Access Credential Manager as a trusted caller*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -255,32 +236,14 @@ GP Info:
 **UserRights/AccessFromNetwork**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -295,14 +258,14 @@ GP Info:
 
 
 
-This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right.
+This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services isn't affected by this user right.
 > [!NOTE]
 > Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
 
 
 
 GP Info:
--   GP English name: *Access this computer from the network*
+-   GP Friendly name: *Access this computer from the network*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -314,32 +277,14 @@ GP Info:
 **UserRights/ActAsPartOfTheOperatingSystem**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -361,7 +306,7 @@ This user right allows a process to impersonate any user without authentication.
 
 
 GP Info:
--   GP English name: *Act as part of the operating system*
+-   GP Friendly name: *Act as part of the operating system*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -373,32 +318,14 @@ GP Info:
 **UserRights/AllowLocalLogOn**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -413,14 +340,14 @@ GP Info:
 
 
 
-This user right determines which users can log on to the computer.
+This user right determines which users can sign in to the computer.
 > [!NOTE]
 > Modifying this setting might affect compatibility with clients, services, and applications. For compatibility information about this setting, see [Allow log on locally](https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website.
 
 
 
 GP Info:
--   GP English name: *Allow log on locally*
+-   GP Friendly name: *Allow log on locally*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -432,32 +359,14 @@ GP Info:
 **UserRights/BackupFilesAndDirectories**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -479,7 +388,7 @@ This user right determines which users can bypass file, directory, registry, and
 
 
 GP Info:
--   GP English name: *Back up files and directories*
+-   GP Friendly name: *Back up files and directories*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -491,32 +400,14 @@ GP Info:
 **UserRights/ChangeSystemTime**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -532,11 +423,19 @@ GP Info:
 
 
 This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred.
+> [!CAUTION]
+> Configuring user rights replaces existing users or groups previously assigned those user rights. The system requires that Local Service account (SID S-1-5-19) always has the ChangeSystemTime right. Therefore, Local Service must always be specified in addition to any other accounts being configured in this policy.
+> 
+> Not including the Local Service account will result in failure with the following error:
+> 
+> | Error code  | Symbolic name | Error description | Header |
+> |----------|----------|----------|----------|
+> |  0x80070032 (Hex)|ERROR_NOT_SUPPORTED|The request isn't supported.|  winerror.h  |
 
 
 
 GP Info:
--   GP English name: *Change the system time*
+-   GP Friendly name: *Change the system time*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -548,32 +447,14 @@ GP Info:
 **UserRights/CreateGlobalObjects**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -588,14 +469,14 @@ GP Info:
 
 
 
-This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption.
+This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they don't have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption.
 > [!CAUTION]
 > Assigning this user right can be a security risk. Assign this user right to trusted users only.
 
 
 
 GP Info:
--   GP English name: *Create global objects*
+-   GP Friendly name: *Create global objects*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -607,32 +488,14 @@ GP Info:
 **UserRights/CreatePageFile**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -647,12 +510,12 @@ GP Info:
 
 
 
-This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users.
+This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually doesn't need to be assigned to any users.
 
 
 
 GP Info:
--   GP English name: *Create a pagefile*
+-   GP Friendly name: *Create a pagefile*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -664,32 +527,14 @@ GP Info:
 **UserRights/CreatePermanentSharedObjects**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -704,12 +549,12 @@ GP Info:
 
 
 
-This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it.
+This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it's not necessary to specifically assign it.
 
 
 
 GP Info:
--   GP English name: *Create permanent shared objects*
+-   GP Friendly name: *Create permanent shared objects*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -721,32 +566,14 @@ GP Info:
 **UserRights/CreateSymbolicLinks**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -761,7 +588,7 @@ GP Info:
 
 
 
-This user right determines if the user can create a symbolic link from the computer he is logged on to.
+This user right determines if the user can create a symbolic link from the computer they're signed in to.
 > [!CAUTION]
 > This privilege should be given to trusted users only. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them.
 > [!NOTE]
@@ -770,7 +597,7 @@ This user right determines if the user can create a symbolic link from the compu
 
 
 GP Info:
--   GP English name: *Create symbolic links*
+-   GP Friendly name: *Create symbolic links*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -782,32 +609,14 @@ GP Info:
 **UserRights/CreateToken**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -822,14 +631,14 @@ GP Info:
 
 
 
-This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System.
+This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it's necessary, don't assign this user right to a user, group, or process other than Local System.
 > [!CAUTION]
-> Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.
+> Assigning this user right can be a security risk. Don't assign this user right to any user, group, or process that you don't want to take over the system.
 
 
 
 GP Info:
--   GP English name: *Create a token object*
+-   GP Friendly name: *Create a token object*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -841,32 +650,14 @@ GP Info:
 **UserRights/DebugPrograms**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -881,14 +672,14 @@ GP Info:
 
 
 
-This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components.
+This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications don't need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components.
 > [!CAUTION]
 > Assigning this user right can be a security risk. Assign this user right to trusted users only.
 
 
 
 GP Info:
--   GP English name: *Debug programs*
+-   GP Friendly name: *Debug programs*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -900,32 +691,14 @@ GP Info:
 **UserRights/DenyAccessFromNetwork**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -945,7 +718,7 @@ This user right determines which users are prevented from accessing a computer o
 
 
 GP Info:
--   GP English name: *Deny access to this computer from the network*
+-   GP Friendly name: *Deny access to this computer from the network*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -957,32 +730,14 @@ GP Info:
 **UserRights/DenyLocalLogOn**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -997,14 +752,15 @@ GP Info:
 
 
 
-This security setting determines which service accounts are prevented from registering a process as a service.
+This security setting determines which users are prevented from logging on to the computer. This policy setting supersedes the **Allow log on locally** policy setting if an account is subject to both policies.
+
 > [!NOTE]
-> This security setting does not apply to the System, Local Service, or Network Service accounts.
+> If you apply this security policy to the **Everyone** group, no one will be able to log on locally.
 
 
 
 GP Info:
--   GP English name: *Deny log on Locally*
+-   GP Friendly name: *Deny log on Locally*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -1016,32 +772,14 @@ GP Info:
 **UserRights/DenyRemoteDesktopServicesLogOn**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1061,7 +799,7 @@ This user right determines which users and groups are prohibited from logging on
 
 
 GP Info:
--   GP English name: *Deny log on through Remote Desktop Services*
+-   GP Friendly name: *Deny log on through Remote Desktop Services*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -1073,32 +811,14 @@ GP Info:
 **UserRights/EnableDelegation**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1113,14 +833,14 @@ GP Info:
 
 
 
-This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set.
+This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account doesn't have the Account can't be delegated account control flag set.
 > [!CAUTION]
 > Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources.
 
 
 
 GP Info:
--   GP English name: *Enable computer and user accounts to be trusted for delegation*
+-   GP Friendly name: *Enable computer and user accounts to be trusted for delegation*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -1132,32 +852,14 @@ GP Info:
 **UserRights/GenerateSecurityAudits**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1177,7 +879,7 @@ This user right determines which accounts can be used by a process to add entrie
 
 
 GP Info:
--   GP English name: *Generate security audits*
+-   GP Friendly name: *Generate security audits*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -1189,32 +891,14 @@ GP Info:
 **UserRights/ImpersonateClient**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1235,16 +919,16 @@ Assigning this user right to a user allows programs running on behalf of that us
 > [!NOTE]
 > By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. 
 1) The access token that is being impersonated is for this user.
-2) The user, in this logon session, created the access token by logging on to the network with explicit credentials.
+2) The user, in this sign-in session, created the access token by signing in to the network with explicit credentials.
 3) The requested level is less than Impersonate, such as Anonymous or Identify.
-Because of these factors, users do not usually need this user right.
+Because of these factors, users don't usually need this user right.
 > [!WARNING]
 > If you enable this setting, programs that previously had the Impersonate privilege might lose it, and they might not run.
 
 
 
 GP Info:
--   GP English name: *Impersonate a client after authentication*
+-   GP Friendly name: *Impersonate a client after authentication*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -1256,32 +940,14 @@ GP Info:
 **UserRights/IncreaseSchedulingPriority**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1301,11 +967,11 @@ This user right determines which accounts can use a process with Write Property
 
 
 GP Info:
--   GP English name: *Increase scheduling priority*
+-   GP Friendly name: *Increase scheduling priority*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 > [!WARNING]
-> If you remove **Window Manager\Window Manager Group** from the **Increase scheduling priority** user right, certain applications and computers do not function correctly. In particular, the INK workspace does not function correctly on unified memory architecture (UMA) laptop and desktop computers that run Windows 10, version 1903 (or later) and that use the Intel GFX driver.
+> If you remove **Window Manager\Window Manager Group** from the **Increase scheduling priority** user right, certain applications and computers don't function correctly. In particular, the INK workspace doesn't function correctly on unified memory architecture (UMA) laptop and desktop computers that run Windows 10, version 1903 (or later) and that use the Intel GFX driver.
 >
 > On affected computers, the display blinks when users draw on INK workspaces such as those that are used by Microsoft Edge, Microsoft PowerPoint, or Microsoft OneNote. The blinking occurs because the inking-related processes repeatedly try to use the Real-Time priority, but are denied permission.
 
@@ -1318,32 +984,14 @@ GP Info:
 **UserRights/LoadUnloadDeviceDrivers**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1358,14 +1006,14 @@ GP Info:
 
 
 
-This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users.
+This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right doesn't apply to Plug and Play device drivers. It's recommended that you don't assign this privilege to other users.
 > [!CAUTION]
-> Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.
+> Assigning this user right can be a security risk. Don't assign this user right to any user, group, or process that you don't want to take over the system.
 
 
 
 GP Info:
--   GP English name: *Load and unload device drivers*
+-   GP Friendly name: *Load and unload device drivers*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -1377,32 +1025,14 @@ GP Info:
 **UserRights/LockMemory**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1422,7 +1052,7 @@ This user right determines which accounts can use a process to keep data in phys
 
 
 GP Info:
--   GP English name: *Lock pages in memory*
+-   GP Friendly name: *Lock pages in memory*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -1434,32 +1064,14 @@ GP Info:
 **UserRights/ManageAuditingAndSecurityLog**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1474,12 +1086,12 @@ GP Info:
 
 
 
-This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege also can view and clear the security log.
+This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting doesn't allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege also can view and clear the security log.
 
 
 
 GP Info:
--   GP English name: *Manage auditing and security log*
+-   GP Friendly name: *Manage auditing and security log*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -1491,32 +1103,14 @@ GP Info:
 **UserRights/ManageVolume**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1536,7 +1130,7 @@ This user right determines which users and groups can run maintenance tasks on a
 
 
 GP Info:
--   GP English name: *Perform volume maintenance tasks*
+-   GP Friendly name: *Perform volume maintenance tasks*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -1548,32 +1142,14 @@ GP Info:
 **UserRights/ModifyFirmwareEnvironment**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1590,12 +1166,12 @@ GP Info:
 
 This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should be modified only by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.
 > [!NOTE]
-> This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties.
+> This security setting doesn't affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties.
 
 
 
 GP Info:
--   GP English name: *Modify firmware environment values*
+-   GP Friendly name: *Modify firmware environment values*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -1607,32 +1183,14 @@ GP Info:
 **UserRights/ModifyObjectLabel**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1652,7 +1210,7 @@ This user right determines which user accounts can modify the integrity label of
 
 
 GP Info:
--   GP English name: *Modify an object label*
+-   GP Friendly name: *Modify an object label*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -1664,32 +1222,14 @@ GP Info:
 **UserRights/ProfileSingleProcess**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1709,7 +1249,7 @@ This user right determines which users can use performance monitoring tools to m
 
 
 GP Info:
--   GP English name: *Profile single process*
+-   GP Friendly name: *Profile single process*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -1721,32 +1261,14 @@ GP Info:
 **UserRights/RemoteShutdown**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1766,7 +1288,7 @@ This user right determines which users are allowed to shut down a computer from
 
 
 GP Info:
--   GP English name: *Force shutdown from a remote system*
+-   GP Friendly name: *Force shutdown from a remote system*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -1778,32 +1300,14 @@ GP Info:
 **UserRights/RestoreFilesAndDirectories**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1825,7 +1329,7 @@ This user right determines which users can bypass file, directory, registry, and
 
 
 GP Info:
--   GP English name: *Restore files and directories*
+-   GP Friendly name: *Restore files and directories*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
@@ -1837,32 +1341,14 @@ GP Info:
 **UserRights/TakeOwnership**
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1884,21 +1370,11 @@ This user right determines which users can take ownership of any securable objec
 
 
 GP Info:
--   GP English name: *Take ownership of files or other objects*
+-   GP Friendly name: *Take ownership of files or other objects*
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 
 
 
 
                            
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
new file mode 100644
index 0000000000..2ca5d714a9
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
@@ -0,0 +1,133 @@
+---
+title: Policy CSP - VirtualizationBasedTechnology
+description: Learn to use the Policy CSP - VirtualizationBasedTechnology setting to control the state of Hypervisor-protected Code Integrity (HVCI) on devices.
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: alekyaj
+ms.localizationpriority: medium
+ms.date: 11/25/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - VirtualizationBasedTechnology
+
+
                            
+
+
+## VirtualizationBasedTechnology policies
+
+
                            
+  
                            
+    VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity
+  
                            
+  
                            
+    VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable
+  
                            
+
                            
+
+
+
                            
+
+
+**VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                            
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                            
+
+
+
+Allows the IT admin to control the state of Hypervisor-protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs).
+
+>[!NOTE]
+>After the policy is pushed, a system reboot will be required to change the state of HVCI.
+
+
+
+The following are the supported values:
+
+- 0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock
+- 1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock
+- 2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock
+
+
+
+
+
+
+
+
+
+
                            
+
+
+**VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                            
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                            
+
+
+
+Allows the IT admin to control the state of Hypervisor-protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs).
+
+>[!NOTE]
+>After the policy is pushed, a system reboot will be required to change the state of HVCI.
+
+
+
+
+The following are the supported values:
+
+- 0: (Disabled) Do not require UEFI Memory Attributes Table
+- 1: (Enabled) Require UEFI Memory Attributes Table
+
+
+
+
+
+
+
+
+
+
                            
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index db63da7a5a..0f2a4df17d 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -15,7 +15,6 @@ manager: dansimp
 # Policy CSP - Wifi
 
 
-
 
                            
 
 
@@ -65,32 +64,14 @@ This policy has been deprecated.
 **Wifi/AllowAutoConnectToWiFiSenseHotspots**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark
                            Businesscheck mark
                            Enterprisecheck mark
                            Educationcheck mark
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -112,7 +93,7 @@ Most restricted value is 0.
 
 
 ADMX Info:  
--   GP English name: *Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services*
+-   GP Friendly name: *Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services*
 -   GP name: *WiFiSense*
 -   GP path: *Network/WLAN Service/WLAN Settings*
 -   GP ADMX file name: *wlansvc.admx*
@@ -133,32 +114,14 @@ The following list shows the supported values:
 **Wifi/AllowInternetSharing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark
                            Businesscheck mark
                            Enterprisecheck mark
                            Educationcheck mark
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -180,7 +143,7 @@ Most restricted value is 0.
 
 
 ADMX Info:  
--   GP English name: *Prohibit use of Internet Connection Sharing on your DNS domain network*
+-   GP Friendly name: *Prohibit use of Internet Connection Sharing on your DNS domain network*
 -   GP name: *NC_ShowSharedAccessUI*
 -   GP path: *Network/Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
@@ -201,32 +164,14 @@ The following list shows the supported values:
 **Wifi/AllowManualWiFiConfiguration**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -264,32 +209,14 @@ The following list shows the supported values:
 **Wifi/AllowWiFi**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -324,32 +251,14 @@ The following list shows the supported values:
 **Wifi/AllowWiFiDirect**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark2
                            Businesscheck mark2
                            Enterprisecheck mark2
                            Educationcheck mark2
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -364,7 +273,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. Allow WiFi Direct connection..
+Allow WiFi Direct connection..
 
 
 
@@ -382,32 +291,14 @@ The following list shows the supported values:
 **Wifi/WLANScanMode**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark
                            Businesscheck mark
                            Enterprisecheck mark
                            Educationcheck mark
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -434,16 +325,6 @@ Supported operations are Add, Delete, Get, and Replace.
 
 
                            
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md
new file mode 100644
index 0000000000..1dc3fde74d
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md
@@ -0,0 +1,74 @@
+---
+title: Policy CSP - WindowsAutoPilot
+description: Learn to use the Policy CSP - WindowsAutoPilot setting to enable or disable Autopilot Agility feature.
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: alekyaj
+ms.localizationpriority: medium
+ms.date: 11/25/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - WindowsAutoPilot
+
+
+
+
                            
+
+
+## WindowsAutoPilot policies  
+
+
                            
+  
                            
+    WindowsAutoPilot/EnableAgilityPostEnrollment
+  
                            
+
                            
+
+
+
                            
+
+
+**WindowsAutoPilot/EnableAgilityPostEnrollment**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                            
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                            
+
+
+
+This policy enables Windows Autopilot to be kept up-to-date during the out-of-box experience after MDM enrollment.
+
+
+
+
+
+
+
+
+
+
+
+
+
                            
+
+
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index 4f89b78bcf..dd72a9ae8b 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -1,11 +1,11 @@
 ---
 title: Policy CSP - WindowsConnectionManager
-description: The Policy CSP - WindowsConnectionManager setting prevents computers from connecting to a domain based network and a non-domain based network simultaneously.
+description: The Policy CSP - WindowsConnectionManager setting prevents computers from connecting to a domain-based network and a non-domain-based network simultaneously.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -34,32 +34,14 @@ manager: dansimp
 **WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark
                            Businesscheck mark
                            Enterprisecheck mark
                            Educationcheck mark
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -74,19 +56,19 @@ manager: dansimp
 
 
 
-This policy setting prevents computers from connecting to both a domain based network and a non-domain based network at the same time.
+This policy setting prevents computers from connecting to both a domain-based network and a non-domain-based network at the same time.
 
 If this policy setting is enabled, the computer responds to automatic and manual network connection attempts based on the following circumstances:
 
 Automatic connection attempts
-- When the computer is already connected to a domain based network, all automatic connection attempts to non-domain networks are blocked.
-- When the computer is already connected to a non-domain based network, automatic connection attempts to domain based networks are blocked.
+- When the computer is already connected to a domain-based network, all automatic connection attempts to non-domain networks are blocked.
+- When the computer is already connected to a non-domain-based network, automatic connection attempts to domain-based networks are blocked.
 
 Manual connection attempts
-- When the computer is already connected to either a non-domain based network or a domain based network over media other than Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing network connection is disconnected and the manual connection is allowed.
-- When the computer is already connected to either a non-domain based network or a domain based network over Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing Ethernet connection is maintained and the manual connection attempt is blocked.
+- When the computer is already connected to either a non-domain-based network or a domain-based network over media other than Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, the existing network connection is disconnected and the manual connection is allowed.
+- When the computer is already connected to either a non-domain-based network or a domain-based network over Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, the existing Ethernet connection is maintained and the manual connection attempt is blocked.
 
-If this policy setting is not configured or is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks.
+If this policy setting isn't configured or is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks.
 
 
 > [!TIP]
@@ -98,7 +80,7 @@ If this policy setting is not configured or is disabled, computers are allowed t
 
 
 ADMX Info:  
--   GP English name: *Prohibit connection to non-domain networks when connected to domain authenticated network*
+-   GP Friendly name: *Prohibit connection to non-domain networks when connected to domain authenticated network*
 -   GP name: *WCM_BlockNonDomain*
 -   GP path: *Network/Windows Connection Manager*
 -   GP ADMX file name: *WCM.admx*
@@ -107,16 +89,6 @@ ADMX Info:
 
 
                            
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index a4cd3536f0..f7a519d956 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -96,32 +96,14 @@ manager: dansimp
 **WindowsDefenderSecurityCenter/CompanyName**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark3
                            Procheck mark3
                            Businesscheck mark3
                            Enterprisecheck mark3
                            Educationcheck mark3
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -136,14 +118,14 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1709. The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display the contact options.
+The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display the contact options.
 
 Value type is string. Supported operations are Add, Get, Replace and Delete.
 
 
 
 ADMX Info:  
--   GP English name: *Specify contact company name*
+-   GP Friendly name: *Specify contact company name*
 -   GP name: *EnterpriseCustomization_CompanyName*
 -   GP element: *Presentation_EnterpriseCustomization_CompanyName*
 -   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
@@ -158,32 +140,14 @@ ADMX Info:
 **WindowsDefenderSecurityCenter/DisableAccountProtectionUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark4
                            Procheck mark4
                            Businesscheck mark4
                            Enterprisecheck mark4
                            Educationcheck mark4
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -198,12 +162,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, next major release. Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
 
 
 
 ADMX Info:  
--   GP English name: *Hide the Account protection area*
+-   GP Friendly name: *Hide the Account protection area*
 -   GP name: *AccountProtection_UILockdown*
 -   GP path: *Windows Components/Windows Defender Security Center/Account protection*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -213,7 +177,7 @@ ADMX Info:
 Valid values:
 
 - 0 - (Disable) The users can see the display of the Account protection area in Windows Defender Security Center.
-- 1 - (Enable) The users cannot see the display of the Account protection area in Windows Defender Security Center.
+- 1 - (Enable) The users can't see the display of the Account protection area in Windows Defender Security Center.
 
 
 
@@ -224,32 +188,14 @@ Valid values:
 **WindowsDefenderSecurityCenter/DisableAppBrowserUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark3
                            Procheck mark3
                            Businesscheck mark3
                            Enterprisecheck mark3
                            Educationcheck mark3
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -264,14 +210,14 @@ Valid values:
 
 
 
-Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
 
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 
 
 ADMX Info:  
--   GP English name: *Hide the App and browser protection area*
+-   GP Friendly name: *Hide the App and browser protection area*
 -   GP name: *AppBrowserProtection_UILockdown*
 -   GP path: *Windows Components/Windows Defender Security Center/App and browser protection*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -281,7 +227,7 @@ ADMX Info:
 The following list shows the supported values:
 
 - 0 - (Disable) The users can see the display of the app and browser protection area in Windows Defender Security Center.
-- 1 - (Enable) The users cannot see the display of the app and browser protection area in Windows Defender Security Center.
+- 1 - (Enable) The users can't see the display of the app and browser protection area in Windows Defender Security Center.
 
 
 
@@ -292,32 +238,14 @@ The following list shows the supported values:
 **WindowsDefenderSecurityCenter/DisableClearTpmButton**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark5
                            Procheck mark5
                            Businesscheck mark5
                            Enterprisecheck mark5
                            Educationcheck mark5
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -351,7 +279,7 @@ Supported values:
 
 
 ADMX Info:  
--   GP English name: *Disable the Clear TPM button*
+-   GP Friendly name: *Disable the Clear TPM button*
 -   GP name: *DeviceSecurity_DisableClearTpmButton*
 -   GP path: *Windows Components/Windows Security/Device security*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -374,32 +302,14 @@ ADMX Info:
 **WindowsDefenderSecurityCenter/DisableDeviceSecurityUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark4
                            Procheck mark4
                            Businesscheck mark4
                            Enterprisecheck mark4
                            Educationcheck mark4
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -414,12 +324,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, next major release. Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
 
 
 
 ADMX Info:  
--   GP English name: *Hide the Device security area*
+-   GP Friendly name: *Hide the Device security area*
 -   GP name: *DeviceSecurity_UILockdown*
 -   GP path: *Windows Components/Windows Defender Security Center/Device security*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -429,7 +339,7 @@ ADMX Info:
 Valid values:
 
 - 0 - (Disable) The users can see the display of the Device security area in Windows Defender Security Center.
-- 1 - (Enable) The users cannot see the display of the Device security area in Windows Defender Security Center.
+- 1 - (Enable) The users can't see the display of the Device security area in Windows Defender Security Center.
 
 
 
@@ -440,32 +350,14 @@ Valid values:
 **WindowsDefenderSecurityCenter/DisableEnhancedNotifications**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark3
                            Procheck mark3
                            Businesscheck mark3
                            Enterprisecheck mark3
                            Educationcheck mark3
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -480,17 +372,17 @@ Valid values:
 
 
 
-Added in Windows 10, version 1709. Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users.
+Use this policy if you want Windows Defender Security Center to only display notifications that are considered critical. If you disable or don't configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users.
 
 > [!NOTE]
-> If Suppress notification is enabled then users will not see critical or non-critical messages.
+> If Suppress notification is enabled then users won't see critical or non-critical messages.
 
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 
 
 ADMX Info:  
--   GP English name: *Hide non-critical notifications*
+-   GP Friendly name: *Hide non-critical notifications*
 -   GP name: *Notifications_DisableEnhancedNotifications*
 -   GP path: *Windows Components/Windows Defender Security Center/Notifications*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -499,8 +391,8 @@ ADMX Info:
 
 The following list shows the supported values:
 
-- 0 - (Disable) Windows Defender Security Center will display critical and non-critical notifications to users..
-- 1 - (Enable) Windows Defender Security Center only display notifications which are considered critical on clients.
+- 0 - (Disable) Windows Defender Security Center will display critical and non-critical notifications to users.
+- 1 - (Enable) Windows Defender Security Center only display notifications that are considered critical on clients.
 
 
 
@@ -511,32 +403,14 @@ The following list shows the supported values:
 **WindowsDefenderSecurityCenter/DisableFamilyUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark3
                            Procheck mark3
                            Businesscheck mark3
                            Enterprisecheck mark3
                            Educationcheck mark3
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -551,14 +425,14 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
 
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 
 
 ADMX Info:  
--   GP English name: *Hide the Family options area*
+-   GP Friendly name: *Hide the Family options area*
 -   GP name: *FamilyOptions_UILockdown*
 -   GP path: *Windows Components/Windows Defender Security Center/Family options*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -568,7 +442,7 @@ ADMX Info:
 The following list shows the supported values:
 
 - 0 - (Disable) The users can see the display of the family options area in Windows Defender Security Center.
-- 1 - (Enable) The users cannot see the display of the family options area in Windows Defender Security Center.
+- 1 - (Enable) The users can't see the display of the family options area in Windows Defender Security Center.
 
 
 
@@ -579,32 +453,14 @@ The following list shows the supported values:
 **WindowsDefenderSecurityCenter/DisableHealthUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark3
                            Procheck mark3
                            Businesscheck mark3
                            Enterprisecheck mark3
                            Educationcheck mark3
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -619,14 +475,14 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
 
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 
 
 ADMX Info:  
--   GP English name: *Hide the Device performance and health area*
+-   GP Friendly name: *Hide the Device performance and health area*
 -   GP name: *DevicePerformanceHealth_UILockdown*
 -   GP path: *Windows Components/Windows Defender Security Center/Device performance and health*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -636,7 +492,7 @@ ADMX Info:
 The following list shows the supported values:
 
 - 0 - (Disable) The users can see the display of the device performance and health area in Windows Defender Security Center.
-- 1 - (Enable) The users cannot see the display of the device performance and health area in Windows Defender Security Center.
+- 1 - (Enable) The users can't see the display of the device performance and health area in Windows Defender Security Center.
 
 
 
@@ -647,32 +503,14 @@ The following list shows the supported values:
 **WindowsDefenderSecurityCenter/DisableNetworkUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark3
                            Procheck mark3
                            Businesscheck mark3
                            Enterprisecheck mark3
                            Educationcheck mark3
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -687,14 +525,14 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
 
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 
 
 ADMX Info:  
--   GP English name: *Hide the Firewall and network protection area*
+-   GP Friendly name: *Hide the Firewall and network protection area*
 -   GP name: *FirewallNetworkProtection_UILockdown*
 -   GP path: *Windows Components/Windows Defender Security Center/Firewall and network protection*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -704,7 +542,7 @@ ADMX Info:
 The following list shows the supported values:
 
 - 0 - (Disable) The users can see the display of the firewall and network protection area in Windows Defender Security Center.
-- 1 - (Enable) The users cannot see the display of the firewall and network protection area in Windows Defender Security Center.
+- 1 - (Enable) The users can't see the display of the firewall and network protection area in Windows Defender Security Center.
 
 
 
@@ -715,32 +553,14 @@ The following list shows the supported values:
 **WindowsDefenderSecurityCenter/DisableNotifications**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark3
                            Procheck mark3
                            Businesscheck mark3
                            Enterprisecheck mark3
                            Educationcheck mark3
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -755,14 +575,14 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or do not configure this setting, Windows Defender Security Center notifications will display on devices.
+Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or don't configure this setting, Windows Defender Security Center notifications will display on devices.
 
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 
 
 ADMX Info:  
--   GP English name: *Hide all notifications*
+-   GP Friendly name: *Hide all notifications*
 -   GP name: *Notifications_DisableNotifications*
 -   GP path: *Windows Components/Windows Defender Security Center/Notifications*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -772,7 +592,7 @@ ADMX Info:
 The following list shows the supported values:
 
 - 0 - (Disable) The users can see the display of Windows Defender Security Center notifications.
-- 1 - (Enable) The users cannot see the display of Windows Defender Security Center notifications.
+- 1 - (Enable) The users can't see the display of Windows Defender Security Center notifications.
 
 
 
@@ -783,32 +603,14 @@ The following list shows the supported values:
 **WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark5
                            Procheck mark5
                            Businesscheck mark5
                            Enterprisecheck mark5
                            Educationcheck mark5
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -826,7 +628,7 @@ The following list shows the supported values:
 Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected.
 
 Enabled:
-Users will not be shown a recommendation to update their TPM Firmware.
+Users won't be shown a recommendation to update their TPM Firmware.
 
 Disabled:
 Users will see a recommendation to update their TPM Firmware if Windows Security detects the system contains a TPM with vulnerable firmware.        
@@ -842,7 +644,7 @@ Supported values:
 
 
 ADMX Info:  
--   GP English name: *Hide the TPM Firmware Update recommendation.*
+-   GP Friendly name: *Hide the TPM Firmware Update recommendation.*
 -   GP name: *DeviceSecurity_DisableTpmFirmwareUpdateWarning*
 -   GP path: *Windows Components/Windows Security/Device security*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -865,32 +667,14 @@ ADMX Info:
 **WindowsDefenderSecurityCenter/DisableVirusUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark3
                            Procheck mark3
                            Businesscheck mark3
                            Enterprisecheck mark3
                            Educationcheck mark3
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -905,14 +689,14 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
 
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 
 
 ADMX Info:  
--   GP English name: *Hide the Virus and threat protection area*
+-   GP Friendly name: *Hide the Virus and threat protection area*
 -   GP name: *VirusThreatProtection_UILockdown*
 -   GP path: *Windows Components/Windows Defender Security Center/Virus and threat protection*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -922,7 +706,7 @@ ADMX Info:
 The following list shows the supported values:
 
 - 0 - (Disable) The users can see the display of the virus and threat protection area in Windows Defender Security Center.
-- 1 - (Enable) The users cannot see the display of the virus and threat protection area in Windows Defender Security Center.
+- 1 - (Enable) The users can't see the display of the virus and threat protection area in Windows Defender Security Center.
 
 
 
@@ -933,32 +717,14 @@ The following list shows the supported values:
 **WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark3
                            Procheck mark3
                            Businesscheck mark3
                            Enterprisecheck mark3
                            Educationcheck mark3
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -973,14 +739,14 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1709. Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or do not configure this setting, local users can make changes in the exploit protection settings area.
+Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or don't configure this setting, local users can make changes in the exploit protection settings area.
 
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 
 
 ADMX Info:  
--   GP English name: *Prevent users from modifying settings*
+-   GP Friendly name: *Prevent users from modifying settings*
 -   GP name: *AppBrowserProtection_DisallowExploitProtectionOverride*
 -   GP path: *Windows Components/Windows Defender Security Center/App and browser protection*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -990,7 +756,7 @@ ADMX Info:
 The following list shows the supported values:
 
 - 0 - (Disable) Local users are allowed to make changes in the exploit protection settings area.
-- 1 - (Enable) Local users cannot make changes in the exploit protection settings area.
+- 1 - (Enable) Local users can't make changes in the exploit protection settings area.
 
 
 
@@ -1001,32 +767,14 @@ The following list shows the supported values:
 **WindowsDefenderSecurityCenter/Email**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark3
                            Procheck mark3
                            Businesscheck mark3
                            Enterprisecheck mark3
                            Educationcheck mark3
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1041,14 +789,14 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1709. The email address that is displayed to users.  The default mail application is used to initiate email actions. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
+The email address that is displayed to users.  The default mail application is used to initiate email actions. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options.
 
 Value type is string. Supported operations are Add, Get, Replace and Delete.
 
 
 
 ADMX Info:  
--   GP English name: *Specify contact email address or Email ID*
+-   GP Friendly name: *Specify contact email address or Email ID*
 -   GP name: *EnterpriseCustomization_Email*
 -   GP element: *Presentation_EnterpriseCustomization_Email*
 -   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
@@ -1063,32 +811,14 @@ ADMX Info:
 **WindowsDefenderSecurityCenter/EnableCustomizedToasts**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark3
                            Procheck mark3
                            Businesscheck mark3
                            Enterprisecheck mark3
                            Educationcheck mark3
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1103,14 +833,14 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. Enable this policy to display your company name and contact options in the notifications. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text.
+Enable this policy to display your company name and contact options in the notifications. If you disable or don't configure this setting, or don't provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text.
 
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 
 ADMX Info:  
--   GP English name: *Configure customized notifications*
+-   GP Friendly name: *Configure customized notifications*
 -   GP name: *EnterpriseCustomization_EnableCustomizedToasts*
 -   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -1131,32 +861,14 @@ The following list shows the supported values:
 **WindowsDefenderSecurityCenter/EnableInAppCustomization**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark3
                            Procheck mark3
                            Businesscheck mark3
                            Enterprisecheck mark3
                            Educationcheck mark3
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1171,14 +883,14 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1709. Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will not display the contact card fly out notification.
+Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or don't configure this setting, or don't provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center won't display the contact card fly out notification.
 
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 
 
 ADMX Info:  
--   GP English name: *Configure customized contact information*
+-   GP Friendly name: *Configure customized contact information*
 -   GP name: *EnterpriseCustomization_EnableInAppCustomization*
 -   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -1187,7 +899,7 @@ ADMX Info:
 
 The following list shows the supported values:
 
-- 0 - (Disable) Do not display the company name and contact options in the card fly out notification.
+- 0 - (Disable) Don't display the company name and contact options in the card fly out notification.
 - 1 - (Enable) Display the company name and contact options in the card fly out notification.
 
 
@@ -1199,32 +911,14 @@ The following list shows the supported values:
 **WindowsDefenderSecurityCenter/HideRansomwareDataRecovery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark4
                            Procheck mark4
                            Businesscheck mark4
                            Enterprisecheck mark4
                            Educationcheck mark4
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1239,12 +933,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1803. Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center.
+Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center.
 
 
 
 ADMX Info:  
--   GP English name: *Hide the Ransomware data recovery area*
+-   GP Friendly name: *Hide the Ransomware data recovery area*
 -   GP name: *VirusThreatProtection_HideRansomwareRecovery*
 -   GP path: *Windows Components/Windows Defender Security Center/Virus and threat protection*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -1265,32 +959,14 @@ Valid values:
 **WindowsDefenderSecurityCenter/HideSecureBoot**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark4
                            Procheck mark4
                            Businesscheck mark4
                            Enterprisecheck mark4
                            Educationcheck mark4
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1305,12 +981,12 @@ Valid values:
 
 
 
-Added in Windows 10, version 1803. Use this policy to hide the Secure boot area in the Windows Defender Security Center.
+Use this policy to hide the Secure boot area in the Windows Defender Security Center.
 
 
 
 ADMX Info:  
--   GP English name: *Hide the Secure boot area*
+-   GP Friendly name: *Hide the Secure boot area*
 -   GP name: *DeviceSecurity_HideSecureBoot*
 -   GP path: *Windows Components/Windows Defender Security Center/Device security*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -1331,32 +1007,14 @@ Valid values:
 **WindowsDefenderSecurityCenter/HideTPMTroubleshooting**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark4
                            Procheck mark4
                            Businesscheck mark4
                            Enterprisecheck mark4
                            Educationcheck mark4
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1371,12 +1029,12 @@ Valid values:
 
 
 
-Added in Windows 10, version 1803. Use this policy to hide the Security processor (TPM) troubleshooting area in the Windows Defender Security Center.
+Use this policy to hide the Security processor (TPM) troubleshooting area in the Windows Defender Security Center.
 
 
 
 ADMX Info:  
--   GP English name: *Hide the Security processor (TPM) troubleshooter page*
+-   GP Friendly name: *Hide the Security processor (TPM) troubleshooter page*
 -   GP name: *DeviceSecurity_HideTPMTroubleshooting*
 -   GP path: *Windows Components/Windows Defender Security Center/Device security*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -1397,32 +1055,14 @@ Valid values:
 **WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark5
                            Procheck mark5
                            Businesscheck mark5
                            Enterprisecheck mark5
                            Educationcheck mark5
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1458,7 +1098,7 @@ Supported values:
 
 
 ADMX Info:  
--   GP English name: *Hide Windows Security Systray*
+-   GP Friendly name: *Hide Windows Security Systray*
 -   GP name: *Systray_HideSystray*
 -   GP path: *Windows Components/Windows Security/Systray*
 -   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
@@ -1481,32 +1121,14 @@ ADMX Info:
 **WindowsDefenderSecurityCenter/Phone**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark3
                            Procheck mark3
                            Businesscheck mark3
                            Enterprisecheck mark3
                            Educationcheck mark3
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1521,14 +1143,14 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. The phone number or Skype ID that is displayed to users.  Skype is used to initiate the call. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
+The phone number or Skype ID that is displayed to users.  Skype is used to initiate the call. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options.
 
 Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 
 
 ADMX Info:  
--   GP English name: *Specify contact phone number or Skype ID*
+-   GP Friendly name: *Specify contact phone number or Skype ID*
 -   GP name: *EnterpriseCustomization_Phone*
 -   GP element: *Presentation_EnterpriseCustomization_Phone*
 -   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
@@ -1543,32 +1165,14 @@ ADMX Info:
 **WindowsDefenderSecurityCenter/URL**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecheck mark3
                            Procheck mark3
                            Businesscheck mark3
                            Enterprisecheck mark3
                            Educationcheck mark3
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -1583,14 +1187,14 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1709. The help portal URL this is displayed to users. The default browser is used to initiate this action. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device will not display contact options.
+The help portal URL that is displayed to users. The default browser is used to initiate this action. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device won't display contact options.
 
-Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete.
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 
 
 ADMX Info:  
--   GP English name: *Specify contact website*
+-   GP Friendly name: *Specify contact website*
 -   GP name: *EnterpriseCustomization_URL*
 -   GP element: *Presentation_EnterpriseCustomization_URL*
 -   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
@@ -1600,16 +1204,4 @@ ADMX Info:
 
 
                            
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
-
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index e60269d795..6daf010d04 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -15,7 +15,6 @@ manager: dansimp
 # Policy CSP - WindowsInkWorkspace
 
 
-
 
                            
 
 
@@ -37,32 +36,14 @@ manager: dansimp
 **WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -77,12 +58,12 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1607. Show recommended app suggestions in the ink workspace.
+Show recommended app suggestions in the ink workspace.
 
 
 
 ADMX Info:  
--   GP English name: *Allow suggested apps in Windows Ink Workspace*
+-   GP Friendly name: *Allow suggested apps in Windows Ink Workspace*
 -   GP name: *AllowSuggestedAppsInWindowsInkWorkspace*
 -   GP path: *Windows Components/Windows Ink Workspace*
 -   GP ADMX file name: *WindowsInkWorkspace.admx*
@@ -103,32 +84,14 @@ The following list shows the supported values:
 **WindowsInkWorkspace/AllowWindowsInkWorkspace**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                            Windows EditionSupported?
                            Homecross mark
                            Procheck mark1
                            Businesscheck mark1
                            Enterprisecheck mark1
                            Educationcheck mark1
                            
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                            
@@ -143,12 +106,12 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. Specifies whether to allow the user to access the ink workspace.
+Specifies whether to allow the user to access the ink workspace.
 
 
 
 ADMX Info:  
--   GP English name: *Allow Windows Ink Workspace*
+-   GP Friendly name: *Allow Windows Ink Workspace*
 -   GP name: *AllowWindowsInkWorkspace*
 -   GP element: *AllowWindowsInkWorkspaceDropdown*
 -   GP path: *Windows Components/Windows Ink Workspace*
@@ -166,16 +129,5 @@ Value type is int. The following list shows the supported values:
 
 
                            
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index c7ccb54106..4998d7eaf9 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -45,6 +45,13 @@ manager: dansimp
   
 
                  
 
+> [!TIP]
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 
                  
 
@@ -52,32 +59,14 @@ manager: dansimp
 **WindowsLogon/AllowAutomaticRestartSignOn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark6
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -94,27 +83,21 @@ manager: dansimp
 
 This policy setting controls whether a device automatically signs in and locks the last interactive user after the system restarts or after a shutdown and cold boot.
 
-This occurs only if the last interactive user did not sign out before the restart or shutdown.​
+This scenario occurs only if the last interactive user didn't sign out before the restart or shutdown.​
 
 If the device is joined to Active Directory or Azure Active Directory, this policy applies only to Windows Update restarts. Otherwise, this policy applies to both Windows Update restarts and user-initiated restarts and shutdowns.​
 
-If you do not configure this policy setting, it is enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.​
+If you don't configure this policy setting, it's enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.​
 
 After enabling this policy, you can configure its settings through the [ConfigAutomaticRestartSignOn](#windowslogon-configautomaticrestartsignon) policy, which configures the mode of automatically signing in and locking the last interactive user after a restart or cold boot​.
 
-If you disable this policy setting, the device does not configure automatic sign in. The user’s lock screen apps are not restarted after the system restarts.
+If you disable this policy setting, the device doesn't configure automatic sign in. The user’s lock screen apps aren't restarted after the system restarts.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Sign-in and lock last interactive user automatically after a restart*
+-   GP Friendly name: *Sign-in and lock last interactive user automatically after a restart*
 -   GP name: *AutomaticRestartSignOn*
 -   GP path: *Windows Components/Windows Logon Options*
 -   GP ADMX file name: *WinLogon.admx*
@@ -137,32 +120,14 @@ ADMX Info:
 **WindowsLogon/ConfigAutomaticRestartSignOn**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecheck mark6
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -177,29 +142,23 @@ ADMX Info:
 
 
 
-This policy setting controls the configuration under which an automatic restart, sign on, and lock occurs after a restart or cold boot. If you chose “Disabled” in the [AllowAutomaticRestartSignOn](#windowslogon-allowautomaticrestartsignon) policy, then automatic sign on does not occur and this policy need not be configured.
+This policy setting controls the configuration under which an automatic restart, sign in, and lock occurs after a restart or cold boot. If you chose “Disabled” in the [AllowAutomaticRestartSignOn](#windowslogon-allowautomaticrestartsignon) policy, then automatic sign in doesn't occur and this policy need not be configured.
 
 If you enable this policy setting, you can choose one of the following two options:
 
-- Enabled if BitLocker is on and not suspended: Specifies that automatic sign on and lock occurs only if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device’s hard drive at this time if BitLocker is not on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components.  
+- Enabled if BitLocker is on and not suspended: Specifies that automatic sign in and lock occurs only if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device’s hard drive at this time if BitLocker isn't on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components.  
 BitLocker is suspended during updates if:
-    - The device does not have TPM 2.0 and PCR7
-    - The device does not use a TPM-only protector
-- Always Enabled: Specifies that automatic sign on happens even if BitLocker is off or suspended during reboot or shutdown. When BitLocker is not enabled, personal data is accessible on the hard drive. Automatic restart and sign on should only be run under this condition if you are confident that the configured device is in a secure physical location.
+    - The device doesn't have TPM 2.0 and PCR7
+    - The device doesn't use a TPM-only protector
+- Always Enabled: Specifies that automatic sign in happens even if BitLocker is off or suspended during reboot or shutdown. When BitLocker isn't enabled, personal data is accessible on the hard drive. Automatic restart and sign in should only be run under this condition if you're confident that the configured device is in a secure physical location.
 
-If you disable or do not configure this setting, automatic sign on defaults to the “Enabled if BitLocker is on and not suspended” behavior.
+If you disable or don't configure this setting, automatic sign in defaults to the “Enabled if BitLocker is on and not suspended” behavior.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot*
+-   GP Friendly name: *Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot*
 -   GP name: *ConfigAutomaticRestartSignOn*
 -   GP path: *Windows Components/Windows Logon Options*
 -   GP ADMX file name: *WinLogon.admx*
@@ -222,32 +181,14 @@ ADMX Info:
 **WindowsLogon/DisableLockScreenAppNotifications**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -266,19 +207,13 @@ This policy setting allows you to prevent app notifications from appearing on th
 
 If you enable this policy setting, no app notifications are displayed on the lock screen.
 
-If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen.
+If you disable or don't configure this policy setting, users can choose which apps display notifications on the lock screen.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Turn off app notifications on the lock screen*
+-   GP Friendly name: *Turn off app notifications on the lock screen*
 -   GP name: *DisableLockScreenAppNotifications*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *logon.admx*
@@ -292,32 +227,14 @@ ADMX Info:
 **WindowsLogon/DontDisplayNetworkSelectionUI**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -332,13 +249,13 @@ ADMX Info:
 
 
 
-This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen.
+This policy setting allows you to control whether anyone can interact with available networks UI on the sign-in screen.
 
-If you enable this policy setting, the PC's network connectivity state cannot be changed without signing into Windows.
+If you enable this policy setting, the PC's network connectivity state can't be changed without signing into Windows.
 
 If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows.
 
-Here is an example to enable this policy:
+Here's an example to enable this policy:
 
 ```xml
 
@@ -364,16 +281,10 @@ Here is an example to enable this policy:
 ```
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Do not display network selection UI*
+-   GP Friendly name: *Do not display network selection UI*
 -   GP name: *DontDisplayNetworkSelectionUI*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *logon.admx*
@@ -387,32 +298,14 @@ ADMX Info:
 **WindowsLogon/EnableFirstLogonAnimation**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark6
                  Businesscheck mark6
                  Enterprisecheck mark6
                  Educationcheck mark6
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -427,21 +320,21 @@ ADMX Info:
 
 
 
-This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time. This applies to both the first user of the computer who completes the initial setup and users who are added to the computer later. It also controls if Microsoft account users are offered the opt-in prompt for services during their first sign-in.
+This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time. This view applies to both the first user of the computer who completes the initial setup and users who are added to the computer later. It also controls if Microsoft account users are offered the opt-in prompt for services during their first sign-in.
 
 If you enable this policy setting, Microsoft account users see the opt-in prompt for services, and users with other accounts see the sign-in animation.
 
-If you disable this policy setting, users do not see the animation and Microsoft account users do not see the opt-in prompt for services.
+If you disable this policy setting, users don't see the animation and Microsoft account users don't see the opt-in prompt for services.
 
-If you do not configure this policy setting, the user who completes the initial Windows setup see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting is not configured, users new to this computer do not see the animation.
+If you don't configure this policy setting, the user who completes the initial Windows setup see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting isn't configured, users new to this computer don't see the animation.
 
 > [!NOTE]
-> The first sign-in animation is not displayed on Server, so this policy has no effect.
+> The first sign-in animation isn't displayed on Server, so this policy has no effect.
 
 
 
 ADMX Info:  
--   GP English name: *Show first sign-in animation*
+-   GP Friendly name: *Show first sign-in animation*
 -   GP name: *EnableFirstLogonAnimation*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -466,32 +359,14 @@ Supported values:
 **WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -510,19 +385,13 @@ This policy setting allows local users to be enumerated on domain-joined compute
 
 If you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers.
 
-If you disable or do not configure this policy setting, the Logon UI will not enumerate local users on domain-joined computers.
+If you disable or don't configure this policy setting, the Logon UI won't enumerate local users on domain-joined computers.
 
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ADMX Info:  
--   GP English name: *Enumerate local users on domain-joined computers*
+-   GP Friendly name: *Enumerate local users on domain-joined computers*
 -   GP name: *EnumerateLocalUsers*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *logon.admx*
@@ -536,32 +405,14 @@ ADMX Info:
 **WindowsLogon/HideFastUserSwitching**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -576,12 +427,12 @@ ADMX Info:
 
 
 
-Added in Windows 10, version 1703. This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations.
+This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or don't configure this policy setting, the Switch account button is accessible to the user in the three locations.
 
 
 
 ADMX Info:  
--   GP English name: *Hide entry points for Fast User Switching*
+-   GP Friendly name: *Hide entry points for Fast User Switching*
 -   GP name: *HideFastUserSwitching*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -595,7 +446,7 @@ The following list shows the supported values:
 
 
 
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 
 1.   Enable policy.
 2.   Verify that the Switch account button in Start is hidden.
@@ -604,16 +455,5 @@ To validate on Desktop, do the following:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index b60def1361..13e24a3f5d 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -34,32 +34,14 @@ manager: dansimp
 **WindowsPowerShell/TurnOnPowerShellScriptBlockLogging**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscheck mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -95,7 +77,7 @@ Note: This policy setting exists under both Computer Configuration and User Conf
 
 
 ADMX Info:  
--   GP English name: *Turn on PowerShell Script Block Logging*
+-   GP Friendly name: *Turn on PowerShell Script Block Logging*
 -   GP name: *EnableScriptBlockLogging*
 -   GP path: *Windows Components/Windows PowerShell*
 -   GP ADMX file name: *PowerShellExecutionPolicy.admx*
@@ -104,16 +86,6 @@ ADMX Info:
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md
index 77c69597e9..02edfd6f6e 100644
--- a/windows/client-management/mdm/policy-csp-windowssandbox.md
+++ b/windows/client-management/mdm/policy-csp-windowssandbox.md
@@ -5,16 +5,13 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 10/14/2020
 ---
 
 # Policy CSP - WindowsSandbox
 
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
 
 
                  
 
@@ -51,32 +48,14 @@ ms.date: 10/14/2020
 Available in the latest Windows 10 insider preview build.
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -96,9 +75,9 @@ This policy setting allows the IT admin to enable or disable audio input to the
 > [!NOTE]
 > There may be security implications of exposing host audio input to the container.
 
-If this policy is not configured, end-users get the default behavior (audio input enabled). 
+If this policy isn't configured, end-users get the default behavior (audio input enabled). 
 
-If audio input is disabled, a user will not be able to enable audio input from their own configuration file. 
+If audio input is disabled, a user won't be able to enable audio input from their own configuration file. 
 
 If audio input is enabled, a user will be able to disable audio input from their own configuration file to make the device more secure.
 
@@ -109,7 +88,7 @@ If audio input is enabled, a user will be able to disable audio input from their
 
 ADMX Info:
 
-- GP English Name: *Allow audio input in Windows Sandbox*
+- GP Friendly name: *Allow audio input in Windows Sandbox*
 - GP name: *AllowAudioInput*
 - GP path: *Windows Components/Windows Sandbox* 
 - GP ADMX file name: *WindowsSandbox.admx*
@@ -139,32 +118,14 @@ The following are the supported values:
 Available in the latest Windows 10 insider preview build.
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -181,9 +142,9 @@ Available in the latest Windows 10 insider preview build.
 
 This policy setting allows the IT admin to enable or disable sharing of the host clipboard with the sandbox.
 
-If this policy is not configured, end-users get the default behavior (clipboard redirection enabled. 
+If this policy isn't configured, end-users get the default behavior (clipboard redirection enabled. 
 
-If clipboard sharing is disabled, a user will not be able to enable clipboard sharing from their own configuration file. 
+If clipboard sharing is disabled, a user won't be able to enable clipboard sharing from their own configuration file. 
 
 If clipboard sharing is enabled, a user will be able to disable clipboard sharing from their own configuration file to make the device more secure.
 
@@ -194,7 +155,7 @@ If clipboard sharing is enabled, a user will be able to disable clipboard sharin
 
 ADMX Info:
 
-- GP English Name: *Allow clipboard sharing with Windows Sandbox*
+- GP Friendly name: *Allow clipboard sharing with Windows Sandbox*
 - GP name: *AllowClipboardRedirection*
 - GP path: *Windows Components/Windows Sandbox*
 - GP ADMX file name: *WindowsSandbox.admx*
@@ -224,32 +185,14 @@ The following are the supported values:
 Available in the latest Windows 10 insider preview build.
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -266,9 +209,9 @@ Available in the latest Windows 10 insider preview build.
 
 This policy setting allows the IT admin to enable or disable networking in Windows Sandbox. Disabling network access can decrease the attack surface exposed by the Sandbox. Enabling networking can expose untrusted applications to the internal network.
 
-If this policy is not configured, end-users get the default behavior (networking enabled).
+If this policy isn't configured, end-users get the default behavior (networking enabled).
 
-If networking is disabled, a user will not be able to enable networking from their own configuration file.
+If networking is disabled, a user won't be able to enable networking from their own configuration file.
 
 If networking is enabled, a user will be able to disable networking from their own configuration file to make the device more secure.
 
@@ -279,7 +222,7 @@ If networking is enabled, a user will be able to disable networking from their o
 
 ADMX Info:
 
-- GP English Name: *Allow networking in Windows Sandbox*
+- GP Friendly name: *Allow networking in Windows Sandbox*
 - GP name: *AllowNetworking*
 - GP path: *Windows Components/Windows Sandbox*
 - GP ADMX file name: *WindowsSandbox.admx*
@@ -307,32 +250,14 @@ The following are the supported values:
 Available in the latest Windows 10 insider preview build.
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -349,9 +274,9 @@ Available in the latest Windows 10 insider preview build.
 
 This policy setting allows the IT admin to enable or disable printer sharing from the host into the Sandbox. 
 
-If this policy is not configured, end-users get the default behavior (printer sharing disabled). 
+If this policy isn't configured, end-users get the default behavior (printer sharing disabled). 
 
-If printer sharing is disabled, a user will not be able to enable printer sharing from their own configuration file. 
+If printer sharing is disabled, a user won't be able to enable printer sharing from their own configuration file. 
 
 If printer sharing is enabled, a user will be able to disable printer sharing from their own configuration file to make the device more secure.
 
@@ -362,7 +287,7 @@ If printer sharing is enabled, a user will be able to disable printer sharing fr
 
 ADMX Info:
 
-- GP English Name: *Allow printer sharing with Windows Sandbox*
+- GP Friendly name: *Allow printer sharing with Windows Sandbox*
 - GP name: *AllowPrinterRedirection*
 - GP path: *Windows Components/Windows Sandbox* 
 - GP ADMX file name: *WindowsSandbox.admx*
@@ -391,32 +316,14 @@ The following are the supported values:
 Available in the latest Windows 10 insider preview build.
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -436,9 +343,9 @@ This policy setting allows the IT admin to enable or disable virtualized GPU for
 > [!NOTE]
 > Enabling virtualized GPU can potentially increase the attack surface of Windows Sandbox. 
 
-If this policy is not configured, end-users get the default behavior (vGPU is disabled). 
+If this policy isn't configured, end-users get the default behavior (vGPU is disabled). 
 
-If vGPU is disabled, a user will not be able to enable vGPU support from their own configuration file. 
+If vGPU is disabled, a user won't be able to enable vGPU support from their own configuration file. 
 
 If vGPU is enabled, a user will be able to disable vGPU support from their own configuration file to make the device more secure.
 
@@ -449,7 +356,7 @@ If vGPU is enabled, a user will be able to disable vGPU support from their own c
 
 ADMX Info:
 
-- GP English Name: *Allow vGPU sharing for Windows Sandbox*
+- GP Friendly name: *Allow vGPU sharing for Windows Sandbox*
 - GP name: *AllowVGPU*
 - GP path: *Windows Components/Windows Sandbox*
 - GP ADMX file name: *WindowsSandbox.admx*
@@ -478,32 +385,14 @@ The following are the supported values:
 Available in the latest Windows 10 insider preview build.
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark
                  Businesscross mark
                  Enterprisecheck mark
                  Educationcheck mark
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -523,9 +412,9 @@ This policy setting allows the IT admin to enable or disable video input to the
 > [!NOTE]
 > There may be security implications of exposing host video input to the container.
 
-If this policy is not configured, users get the default behavior (video input disabled). 
+If this policy isn't configured, users get the default behavior (video input disabled). 
 
-If video input is disabled, users will not be able to enable video input from their own configuration file. 
+If video input is disabled, users won't be able to enable video input from their own configuration file. 
 
 If video input is enabled, users will be able to disable video input from their own configuration file to make the device more secure.
 
@@ -535,7 +424,7 @@ If video input is enabled, users will be able to disable video input from their
 
 
 ADMX Info: 
-- GP English Name: *Allow video input in Windows Sandbox*
+- GP Friendly name: *Allow video input in Windows Sandbox*
 - GP name: *AllowVideoInput*
 - GP path: *Windows Components/Windows Sandbox*
 - GP ADMX file name: *WindowsSandbox.admx*
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index 58e9f7e4b9..ac5e6d69fd 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/27/2019
 ms.reviewer: 
@@ -26,6 +26,9 @@ manager: dansimp
   
                  
     WirelessDisplay/AllowMdnsDiscovery
   
                  
+  
                  
+    WirelessDisplay/AllowMovementDetectionOnInfrastructure
+  
                  
   
                  
     WirelessDisplay/AllowProjectionFromPC
   
                  
@@ -53,32 +56,14 @@ manager: dansimp
 **WirelessDisplay/AllowMdnsAdvertisement**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -93,13 +78,13 @@ manager: dansimp
 
 
 
-Added in Windows 10, version 1709. This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS advertisement.
+This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS advertisement.
 
 
 
 The following list shows the supported values:
 
-- 0 - Do not allow
+- 0 - Don't allow
 - 1 - Allow
 
 
@@ -111,32 +96,14 @@ The following list shows the supported values:
 **WirelessDisplay/AllowMdnsDiscovery**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark3
                  Businesscheck mark3
                  Enterprisecheck mark3
                  Educationcheck mark3
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -151,13 +118,13 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1709. This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS discovery.
+This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS discovery.
 
 
 
 The following list shows the supported values:
 
--   0 - Do not allow
+-   0 - Don't allow
 -   1 - Allow
 
 
@@ -165,36 +132,65 @@ The following list shows the supported values:
 
 
                  
 
+
+**WirelessDisplay/AllowMovementDetectionOnInfrastructure**  
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
                  
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
                  
+
+
+
+This policy setting allows you to disable the infrastructure movement detection feature.
+
+If you set it to 0, your PC may stay connected and continue to project if you walk away from a Wireless Display receiver to which you're projecting over infrastructure.
+
+If you set it to 1, your PC will detect that you've moved and will automatically disconnect your infrastructure Wireless Display session.
+
+The default value is 1.
+
+
+
+
+The following list shows the supported values:
+
+- 0 - Don't allow
+- 1 (Default) - Allow
+
+
+
+
+
                  
+
 
 **WirelessDisplay/AllowProjectionFromPC**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -209,13 +205,13 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC.
+This policy allows you to turn off projection from a PC.
 
 
 
 The following list shows the supported values:
 
--   0 - your PC cannot discover or project to other devices.
+-   0 - your PC can't discover or project to other devices.
 -   1 - your PC can discover and project to other devices
 
 
@@ -227,32 +223,14 @@ The following list shows the supported values:
 **WirelessDisplay/AllowProjectionFromPCOverInfrastructure**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -267,13 +245,13 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC over infrastructure.
+This policy allows you to turn off projection from a PC over infrastructure.
 
 
 
 The following list shows the supported values:
 
--   0 - your PC cannot discover or project to other infrastructure devices, although it is possible to discover and project over WiFi Direct.
+-   0 - your PC can't discover or project to other infrastructure devices, although it's possible to discover and project over WiFi Direct.
 -   1 - your PC can discover and project to other devices over infrastructure.
 
 
@@ -285,32 +263,14 @@ The following list shows the supported values:
 **WirelessDisplay/AllowProjectionToPC**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -325,16 +285,16 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. Allow or disallow turning off the projection to a PC.
+Allow or disallow turning off the projection to a PC.
 
-If you set it to 0 (zero), your PC is not discoverable and you cannot project to it. If you set it to 1, your PC is discoverable and you can project to it above the lock screen. The user has an option to turn it always on or always off except for manual launch. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**.
+If you set it to 0 (zero), your PC isn't discoverable and you can't project to it. If you set it to 1, your PC is discoverable and you can project to it above the lock screen. The user has an option to turn it always on or always off except for manual launch. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**.
 
 Value type is integer.
 
 
 
 ADMX Info:  
--   GP English name: *Don't allow this PC to be projected to*
+-   GP Friendly name: *Don't allow this PC to be projected to*
 -   GP name: *AllowProjectionToPC*
 -   GP path: *Windows Components/Connect*
 -   GP ADMX file name: *WirelessDisplay.admx*
@@ -343,7 +303,7 @@ ADMX Info:
 
 The following list shows the supported values:
 
--   0 - projection to PC is not allowed. Always off and the user cannot enable it.
+-   0 - projection to PC isn't allowed. Always off and the user can't enable it.
 -   1 (default) - projection to PC is allowed. Enabled only above the lock screen.
 
 
@@ -355,32 +315,14 @@ The following list shows the supported values:
 **WirelessDisplay/AllowProjectionToPCOverInfrastructure**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -395,13 +337,13 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. This policy setting allows you to turn off projection to a PC over infrastructure.
+This policy setting allows you to turn off projection to a PC over infrastructure.
 
 
 
 The following list shows the supported values:
 
--   0 - your PC is not discoverable and other devices cannot project to it over infrastructure, although it is possible to project to it over WiFi Direct.
+-   0 - your PC isn't discoverable and other devices can't project to it over infrastructure, although it's possible to project to it over WiFi Direct.
 -   1 - your PC is discoverable and other devices can project to it over infrastructure.
 
 
@@ -413,32 +355,14 @@ The following list shows the supported values:
 **WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark2
                  Businesscheck mark2
                  Enterprisecheck mark2
                  Educationcheck mark2
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -453,7 +377,7 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1703. Setting this policy controls whether or not the wireless display can send input—keyboard, mouse, pen, and touch input if the display supports it—back to the source device.
+Setting this policy controls whether or not the wireless display can send input—keyboard, mouse, pen, and touch input if the display supports it—back to the source device.
 
 
 
@@ -471,32 +395,14 @@ The following list shows the supported values:
 **WirelessDisplay/RequirePinForPairing**  
 
 
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
                  Windows EditionSupported?
                  Homecross mark
                  Procheck mark1
                  Businesscheck mark1
                  Enterprisecheck mark1
                  Educationcheck mark1
                  
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                  
@@ -511,16 +417,16 @@ The following list shows the supported values:
 
 
 
-Added in Windows 10, version 1607. Allow or disallow requirement for a PIN for pairing.
+Allow or disallow requirement for a PIN for pairing.
 
-If you turn this on, the pairing ceremony for new devices will always require a PIN. If you turn this off or do not configure it, a PIN is not required for pairing. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**.
+If you turn on this policy, the pairing ceremony for new devices will always require a PIN. If you turn off this policy or don't configure it, a PIN isn't required for pairing. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**.
 
 Value type is integer.
 
 
 
 ADMX Info:  
--   GP English name: *Require pin for pairing*
+-   GP Friendly name: *Require pin for pairing*
 -   GP name: *RequirePinForPairing*
 -   GP path: *Windows Components/Connect*
 -   GP ADMX file name: *WirelessDisplay.admx*
@@ -529,23 +435,12 @@ ADMX Info:
 
 The following list shows the supported values:
 
--   0 (default) - PIN is not required.
+-   0 (default) - PIN isn't required.
 -   1 - PIN is required.
 
 
 
 
                  
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-
 
 
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index dde8b3089c..4294786148 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 10/28/2020
 ---
diff --git a/windows/client-management/mdm/policymanager-csp.md b/windows/client-management/mdm/policymanager-csp.md
index 656e292b4e..ecef629054 100644
--- a/windows/client-management/mdm/policymanager-csp.md
+++ b/windows/client-management/mdm/policymanager-csp.md
@@ -8,20 +8,22 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/28/2017
 ---
 
 # PolicyManager CSP
 
-
 PolicyManager CSP is deprecated. Use [Policy CSP](policy-configuration-service-provider.md) instead.
 
+
 
+## Related articles
 
+[Policy CSP](policy-configuration-service-provider.md)
 
-
-
-
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md
index aad96d1dbf..6e19fc3072 100644
--- a/windows/client-management/mdm/provisioning-csp.md
+++ b/windows/client-management/mdm/provisioning-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md
index 2a474b9321..33a8847c7f 100644
--- a/windows/client-management/mdm/proxy-csp.md
+++ b/windows/client-management/mdm/proxy-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -22,9 +22,9 @@ The PROXY configuration service provider is used to configure proxy connections.
 
 This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
 
-For the PROXY CSP, you cannot use the Replace command unless the node already exists.
+For the PROXY CSP, you can't use the Replace command unless the node already exists.
 
-The following shows the PROXY configuration service provider management object in tree format as used by OMA DM. The OMA Client Provisioning protocol is not supported by this configuration service provider.
+The following example shows the PROXY configuration service provider management object in tree format as used by OMA DM. The OMA Client Provisioning protocol isn't supported by this configuration service provider.
 
 ```
 ./Vendor/MSFT/Proxy
@@ -62,9 +62,9 @@ Root node for the proxy connection.
 ***ProxyName***
 Defines the name of a proxy connection.
 
-It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two proxy connections, use "PROXY0" and "PROXY1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), but no spaces may appear in the name (use %20 instead).
+It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two proxy connections, use "PROXY0" and "PROXY1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), but no spaces may appear in the name (use %20 instead).
 
-The addition, update, and deletion of this sub-tree of nodes have to be specified in a single atomic transaction.
+The addition, update, and deletion of this subtree of nodes have to be specified in a single atomic transaction.
 
 ***ProxyName*/PROXYID**
 Specifies the unique identifier of the proxy connection.
@@ -93,7 +93,7 @@ Node for port information.
 ***ProxyName*/Ports/_PortName_**
 Defines the name of a port.
 
-It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two ports, use "PORT0" and "PORT1" as the element names.
+It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two ports, use "PORT0" and "PORT1" as the element names.
 
 ***ProxyName*/Ports/*PortName*/PortNbr**
 Specifies the port number to be associated with the parent port.
@@ -104,7 +104,7 @@ Node for services information.
 ***ProxyName*/Ports/Services/_ServiceName_**
 Defines the name of a service.
 
-It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two services, use "SERVICE0" and "SERVICE1" as the element names.
+It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two services, use "SERVICE0" and "SERVICE1" as the element names.
 
 ***ProxyName*/Ports/Services/*ServiceName*/ServiceName**
 Specifies the protocol to be associated with the parent port.
@@ -117,7 +117,7 @@ Node for connection reference information
 ***ProxyName*/ConRefs/_ConRefName_**
 Defines the name of a connection reference.
 
-It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two connection references, use "CONREF0" and "CONREF1" as the element names.
+It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two connection references, use "CONREF0" and "CONREF1" as the element names.
 
 ***ProxyName*/ConRefs/*ConRefName*/ConRef**
 Specifies one single connectivity object associated with the proxy connection.
diff --git a/windows/client-management/mdm/push-notification-windows-mdm.md b/windows/client-management/mdm/push-notification-windows-mdm.md
index a0a34ee244..43c7d7baf5 100644
--- a/windows/client-management/mdm/push-notification-windows-mdm.md
+++ b/windows/client-management/mdm/push-notification-windows-mdm.md
@@ -11,75 +11,75 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/22/2017
 ---
 
 
 # Push notification support for device management
 
-The [DMClient CSP](dmclient-csp.md) supports the ability to configure push-initiated device management sessions. Using the [Windows Notification Services (WNS)](/previous-versions/windows/apps/hh913756(v=win.10)), a management server can request a device to establish a management session with the server through a push notification. A device is configured to support push by the management server by providing the device with a PFN for an application. Once the device is configured, it registers a persistent connection with the WNS cloud (Battery Sense and Data Sense conditions permitting).
+The [DMClient CSP](dmclient-csp.md) supports the ability to configure push-initiated device management sessions. Using the [Windows Notification Services (WNS)](/previous-versions/windows/apps/hh913756(v=win.10)), a management server can request a device to establish a management session with the server through a push notification. A device is provided with a PFN for an application. This provision results in the device getting configured, to support a push to it by the management server. Once the device is configured, it registers a persistent connection with the WNS cloud (Battery Sense and Data Sense conditions permitting).
 
-To initiate a device management session, the management server must first authenticate with WNS using its SID and client secret. Once authenticated, the server receives a token that it can use to initiate a raw push notification for any ChannelURI. When the management server wants to initiate a device management session with a device, it can utilize its token and the device ChannelURI and begin communicating with the device.
+To initiate a device management session, the management server must first authenticate with WNS using its SID and client secret. Once authenticated, the server receives a token to initiate a raw push notification for any ChannelURI. When the management server wants to initiate a management session with a device, it can utilize the token and the device ChannelURI, and begin communicating with the device.
 
 For more information about how to get push credentials (SID and client secret) and PFN to use in WNS, see [Get WNS credentials and PFN for MDM push notification](#get-wns-credentials-and-pfn-for-mdm-push-notification).
 
 Because a device may not always be connected to the internet, WNS supports caching notifications for delivery to the device once it reconnects. To ensure your notification is cached for delivery, set the X-WNS-Cache-Policy header to Cache. Additionally, if the server wants to send a time-bound raw push notification, the server can use the X-WNS-TTL header that will provide WNS with a time-to-live binding so that the notification will expire after the time has passed. For more information, see [Raw notification overview (Windows Runtime apps)](/previous-versions/windows/apps/jj676791(v=win.10)).
 
-Note the following restrictions related to push notifications and WNS:
+The following restrictions are related to push notifications and WNS:
 
--   Push for device management uses raw push notifications. This means that these raw push notifications do not support or utilize push notification payloads.
--   Receipt of push notifications are sensitive to the Battery Saver and Data Sense settings on the device. For example, if the battery drops below certain thresholds, the persistent connection of the device with WNS will be terminated. Additionally, if the user is utilizing Data Sense and has exceeded their monthly allotment of data, the persistent connection of the device with WNS will also be terminated.
--   A ChannelURI provided to the management server by the device is only valid for 30 days. The device automatically renews the ChannelURI after 15 days and triggers a management session on successful renewal of the ChannelURI. It is strongly recommended that, during every management session, the management server queries the ChannelURI value to ensure that it has received the latest value. This will ensure that the management server will not attempt to use a ChannelURI that has expired.
--   Push is not a replacement for having a polling schedule.
+-   Push for device management uses raw push notifications. This restriction means that these raw push notifications don't support or utilize push notification payloads.
+-   Receipt of push notifications is sensitive to the Battery Saver and Data Sense settings on the device. For example, if the battery drops below certain thresholds, the persistent connection of the device with WNS will be terminated. Additionally, if the user is utilizing Data Sense and has exceeded their monthly allotment of data, the persistent connection of the device with WNS will also be terminated.
+-   A ChannelURI provided to the management server by the device is only valid for 30 days. The device automatically renews the ChannelURI after 15 days and triggers a management session on successful renewal of the ChannelURI. It's strongly recommended that, during every management session, the management server queries the ChannelURI value to ensure that it has received the latest value. This will ensure that the management server won't attempt to use a ChannelURI that has expired.
+-   Push isn't a replacement for having a polling schedule.
 -   WNS reserves the right to block push notifications to your PFN if improper use of notifications is detected. Any devices being managed using this PFN will cease to have push initiated device management support.
 -   On Windows 10, version 1511 as well as Windows 8 and 8.1, MDM Push may fail to renew the WNS Push channel automatically causing it to expire. It can also potentially hang when setting the PFN for the channel.
 
-    To workaround this issue, when a 410 is returned by the WNS server when attempting to send a Push notification to the device the PFN should be set during the next sync session. To prevent the push channel from expiring on older builds, servers can reset the PFN before the channel expires (~30 days). If they’re already running Windows 10, there should be an update available that they can install that should fix the issue.
+    To work around this issue, when a 410 is returned by the WNS server when attempting to send a Push notification to the device the PFN should be set during the next sync session. To prevent the push channel from expiring on older builds, servers can reset the PFN before the channel expires (~30 days). If they’re already running Windows 10, there should be an update available that they can install that should fix the issue.
 
 -   On Windows 10, version 1511, we use the following retry logic for the DMClient:
-    -   If ExpiryTime is greater than 15 days a schedule is set for when 15 days are left.
-    -   If ExpiryTime is between now and 15 days a schedule set for 4 +/- 1 hours from now.
-    -   If ExpiryTime has passed a schedule is set for 1 day +/- 4 hours from now.
+    -   If ExpiryTime is greater than 15 days, a schedule is set for when 15 days are left.
+    -   If ExpiryTime is between now and 15 days, a schedule set for 4 +/- 1 hours from now.
+    -   If ExpiryTime has passed, a schedule is set for 1 day +/- 4 hours from now.
 
 
--   On Windows 10, version 1607, we check for network connectivity before retrying. We do not check for internet connectivity. If network connectivity is not available we will skip the retry and set schedule for 4+/-1 hours to try again.
+-   On Windows 10, version 1607, we check for network connectivity before retrying. We don't check for internet connectivity. If network connectivity isn't available, we'll skip the retry and set schedule for 4+/-1 hours to try again.
 
 
 ## Get WNS credentials and PFN for MDM push notification
 
-To get a PFN and WNS credentials, you must create an Microsoft Store app.
+To get a PFN and WNS credentials, you must create a Microsoft Store app.
 
 1.  Go to the Windows [Dashboard](https://dev.windows.com/en-US/dashboard) and sign in with your developer account.
 
-    ![mdm push notification1](images/push-notification1.png)
+    ![mdm push notification1.](images/push-notification1.png)
 2.  Create a new app.
 
-    ![mdm push notification2](images/push-notification2.png)
+    ![mdm push notification2.](images/push-notification2.png)
 3.  Reserve an app name.
 
-    ![mdm push notification3](images/push-notification3.png)
+    ![mdm push notification3.](images/push-notification3.png)
 4.  Click **Services**.
 
-    ![mdm push notification4](images/push-notification4.png)
+    ![mdm push notification4.](images/push-notification4.png)
 5.  Click **Push notifications**.
 
-    ![mdm push notification5](images/push-notification5.png)
+    ![mdm push notification5.](images/push-notification5.png)
 6.  Click **Live Services site**. A new window opens for the **Application Registration Portal** page.
 
-    ![mdm push notification6](images/push-notification6.png)
-7.  In the **Application Registration Portal** page, you will see the properties for the app that you created, such as:
-    -   Application Id
+    ![mdm push notification6.](images/push-notification6.png)
+7.  In the **Application Registration Portal** page, you'll see the properties for the app that you created, such as:
+    -   Application ID
     -   Application Secrets
     -   Microsoft Store Package SID, Application Identity, and Publisher.
 
-    ![mdm push notification7](images/push-notification7.png)
+    ![mdm push notification7.](images/push-notification7.png)
 8.  Click **Save**.
 9.  Close the **Application Registration Portal** window and go back to the Windows Dev Center Dashboard.
 10. Select your app from the list on the left.
 11. From the left nav, expand **App management** and then click **App identity**.
 
-    ![mdm push notification10](images/push-notification10.png)
-12. In the **App identity** page, you will see the **Package Family Name (PFN)** of your app.
+    ![mdm push notification10.](images/push-notification10.png)
+12. In the **App identity** page, you'll see the **Package Family Name (PFN)** of your app.
 
  
diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md
index 48baff3fe8..cc8752d76b 100644
--- a/windows/client-management/mdm/pxlogical-csp.md
+++ b/windows/client-management/mdm/pxlogical-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -17,32 +17,74 @@ ms.date: 06/26/2017
 
 The PXLOGICAL configuration service provider is used to add, remove, or modify WAP logical and physical proxies by using WAP or the standard Windows techniques.
 
-> **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
+> [!NOTE]
+> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
 
- 
 
-The following diagram shows the PXLOGICAL configuration service provider management object in tree format as used by OMA Client Provisioning for initial bootstrapping of the device. The OMA DM protocol is not supported by this configuration service provider.
+The following example shows the PXLOGICAL configuration service provider management object in tree format as used by OMA Client Provisioning for initial bootstrapping of the device. The OMA DM protocol isn't supported by this configuration service provider.
 
-![pxlogical csp (cp) (initial bootstrapping)](images/provisioning-csp-pxlogical-cp.png)
+```console
+PXLOGICAL
+----DOMAIN
+----NAME
+----PORT
+-------PORTNBR
+-------SERVICE
+----PUSHENABLED
+----PROXY-ID
+----TRUST
+----PXPHYSICAL
+-------DOMAIN
+-------PHYSICAL-PROXY-ID
+-------PORT
+---------PORTNBR
+---------SERVICE
+-------PUSHENABLED
+-------PXADDR
+-------PXADDRTYPE
+-------TO-NAPID
+```
 
-The following diagram shows the PXLOGICAL configuration service provider management object in tree format as used by OMA Client Provisioning for updating the bootstrapping of the device. The OMA DM protocol is not supported by this configuration service provider.
 
-![pxlogical csp (cp) (update bootstrapping)](images/provisioning-csp-pxlogical-cp-2.png)
+The following example shows the PXLOGICAL configuration service provider management object in tree format as used by OMA Client Provisioning for updating the bootstrapping of the device. The OMA DM protocol isn't supported by this configuration service provider.
+
+```console
+PXLOGICAL
+--PROXY-ID
+----DOMAIN
+----NAME
+----PORT
+-------PORTNBR
+-------SERVICE
+----PUSHENABLED
+----TRUST
+----PXPHYSICAL
+-------PHYSICAL-PROXY-ID
+----------DOMAIN
+----------PORT
+-------------PORTNBR
+-------------SERVICE
+----------PUSHENABLED
+----------PXADDR
+----------PXADDRTYPE
+----------TO-NAPID
+```
+
 
 **PXPHYSICAL**  
 Defines a group of logical proxy settings.
 
-The element's mwid attribute is a Microsoft provisioning XML attribute, and is optional when adding a NAP or a proxy. It is required when updating and deleting existing NAPs and proxies and must have its value set to 1.
+The element's mwid attribute is a Microsoft provisioning XML attribute, and is optional when adding a NAP or a proxy. It's required when updating and deleting existing NAPs and proxies and must have its value set to 1.
 
 **DOMAIN**  
 Specifies the domain associated with the proxy (for example, "\*.com").
 
-A Windows device supports only one proxy that does not have a DOMAIN parameter, or has an empty DOMAIN value. That is, the device only supports one default proxy. All other proxy configurations must have a DOMAIN parameter with a non-empty value. A query of this parameter returns a semicolon delimited string of all domains associated with the proxy.
+A Windows device supports only one proxy that doesn't have a DOMAIN parameter, or has an empty DOMAIN value. That is, the device only supports one default proxy. All other proxy configurations must have a DOMAIN parameter with a non-empty value. A query of this parameter returns a semicolon-delimited string of all domains associated with the proxy.
 
 **NAME**  
 Specifies the name of the logical proxy.
 
-When a list of proxies is displayed to the user they are displayed together in a single line, so the length of this value should be short for readability.
+When a list of proxies is displayed to the user they're displayed together in a single line, so the length of this value should be short for readability.
 
 **PORT**  
 Defines the bindings between a port number and one or more protocols or services.
@@ -52,7 +94,7 @@ This configuration service provider can accept a maximum of two ports per physic
 **PORTNBR**  
 Specifies the port number associated with some services on this proxy.
 
-If the PORTNBR is 80 or 443, or the PORT characteristic is missing, it is treated as an HTTP proxy.
+If the PORTNBR is 80 or 443, or the PORT characteristic is missing, it's treated as an HTTP proxy.
 
 **SERVICE**  
 Specifies the service associated with the port number.
@@ -62,7 +104,7 @@ Windows supports accepting WAP push connectionless sessions over a Short Message
 **PUSHENABLED**  
 Specifies whether or not push operations are enabled.
 
-If this element is used in PXLOGICAL, it applies to all of the PXPHYSICAL elements embedded in the PXLOGICAL element. A value of "0" indicates that the proxy does not support push operations. A value of "1" indicates that the proxy supports push operations.
+If this element is used in PXLOGICAL, it applies to all of the PXPHYSICAL elements embedded in the PXLOGICAL element. A value of "0" indicates that the proxy doesn't support push operations. A value of "1" indicates that the proxy supports push operations.
 
 **PROXY-ID**  
 Used during initial bootstrapping. Specifies the unique identifier of the logical proxy.
@@ -78,12 +120,12 @@ Specifies whether or not the physical proxies in this logical proxy are privileg
 **PXPHYSICAL**  
 Defines a group of physical proxy settings associated with the parent logical proxy.
 
-The element's mwid attribute is a Microsoft provisioning XML attribute, and is optional when adding a NAP or a proxy. It is required when updating and deleting existing NAPs and proxies and must have its value set to 1.
+The element's mwid attribute is a Microsoft provisioning XML attribute, and is optional when adding a NAP or a proxy. It's required when updating and deleting existing NAPs and proxies and must have its value set to 1.
 
 **PHYSICAL-PROXY-ID**  
 Used during initial bootstrapping. Specifies the identifier of the physical proxy.
 
-When a list of proxies is displayed to the user they are displayed together in a single line, so the length of this value should be short for readability.
+When a list of proxies is displayed to the user they're displayed together in a single line, so the length of this value should be short for readability.
 
 ***PHYSICAL-PROXY-ID***  
 Used during bootstrapping updates. Specifies the identifier of the physical proxy.
@@ -108,38 +150,14 @@ If **TO-NAPID** is used, the NAP whose **NAPID** is referred to by **TO-NAPID**
 
 The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
 
-These features are available only for the device technique. In addition, the parameter-query and characteristic-query features are not supported for all PXPHYSICAL proxy parameters for all PXADDR types. All parameters can be queried when the PXPHYSICAL proxy PXADDRType is IPv4. For example, if a mobile operator queries the TO-NAPID parameter of a PXPHYSICAL proxy and the PXADDR Type is E164, a noparm is returned.
+These features are available only for the device technique. In addition, the parameter-query and characteristic-query features aren't supported for all PXPHYSICAL proxy parameters for all PXADDR types. All parameters can be queried when the PXPHYSICAL proxy PXADDRType is IPv4. For example, if a mobile operator queries the TO-NAPID parameter of a PXPHYSICAL proxy and the PXADDR Type is E164, a noparm is returned.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  FeatureAvailable
                  parm-query
                  Yes
                  noparm
                  Yes
                  nocharacteristic
                  Yes
                  characteristic-query
                  Yes
                  
+|Feature|Available|
+|--- |--- |
+|parm-query|Yes|
+|noparm|Yes|
+|nocharacteristic|Yes|
+|characteristic-query|Yes|
 
  
 
@@ -148,12 +166,3 @@ These features are available only for the device technique. In addition, the par
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
 
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md
index cda7004487..95d4d915de 100644
--- a/windows/client-management/mdm/reboot-csp.md
+++ b/windows/client-management/mdm/reboot-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -27,38 +27,38 @@ Reboot
 --------DailyRecurrent
 ```
 **./Vendor/MSFT/Reboot**  
-
                  The root node for the Reboot configuration service provider.
                  
+
                  The root node for the Reboot configuration service provider.
                  
 
-
                  The supported operation is Get.
                  
+
                  The supported operation is Get.
                  
 
 **RebootNow**  
-
                  This node executes a reboot of the device. RebootNow triggers a reboot within 5 minutes to allow the user to wrap up any active work.
                  
+
                  This node executes a reboot of the device. RebootNow triggers a reboot within 5 minutes to allow the user to wrap up any active work.
                  
 
 > [!NOTE]
 > If this node is set to execute during a sync session, the device will reboot at the end of the sync session.
 
-
                  The supported operations are Execute and Get.
                  
+
                  The supported operations are Execute and Get.
                  
 
 **Schedule**  
-
                  The supported operation is Get.
                  
+
                  The supported operation is Get.
                  
 
 **Schedule/Single**  
-
                  This node will execute a reboot at a scheduled date and time. The date and time value is **ISO 8601**, and both the date and time are required.  
                  
+
                  This node will execute a reboot at a scheduled date and time. The date and time value is **ISO 8601**, and both the date and time are required.  
                  
 Example to configure: 2018-10-25T18:00:00
                  
 
 Setting a null (empty) date will delete the existing schedule. In accordance with the ISO 8601 format, the date and time representation needs to be 0000-00-00T00:00:00.
 
-
                  The supported operations are Get, Add, Replace, and Delete.
                  
+
                  The supported operations are Get, Add, Replace, and Delete.
                  
 
-
                  The supported data type is "String".
                  
+
                  The supported data type is "String".
                  
 
 **Schedule/DailyRecurrent**  
-
                  This node will execute a reboot each day at a scheduled time starting at the configured starting time and date. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. The CSP will return the date time in the following format: 2018-06-29T10:00:00+01:00.  
                  
+
                  This node will execute a reboot each day at a scheduled time starting at the configured starting time and date. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. The CSP will return the date time in the following format: 2018-06-29T10:00:00+01:00.  
                  
 Example to configure: 2018-10-25T18:00:00
                  
 
-
                  The supported operations are Get, Add, Replace, and Delete.
                  
+
                  The supported operations are Get, Add, Replace, and Delete.
                  
 
-
                  The supported data type is "String".
                  
+
                  The supported data type is "String".
                  
 
 ## Related topics
 
diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md
index 1cf001cffb..aa6d711c71 100644
--- a/windows/client-management/mdm/reboot-ddf-file.md
+++ b/windows/client-management/mdm/reboot-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md
index 3beb6993e3..89bfa7164d 100644
--- a/windows/client-management/mdm/reclaim-seat-from-user.md
+++ b/windows/client-management/mdm/reclaim-seat-from-user.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 05/05/2020
 ---
 
@@ -18,120 +18,31 @@ The **Reclaim seat from user** operation returns reclaimed seats for a user in t
 
 ## Request
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  MethodRequest URI
                  DELETE
                  https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}
                  
+|Method|Request URI|
+|--- |--- |
+|DELETE|`https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}`|
 
 
 ### URI parameters
 
 The following parameters may be specified in the request URI.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  ParameterTypeDescription
                  productId
                  string
                  Required. Product identifier for an application that is used by the Store for Business.
                  skuId
                  string
                  Required. Product identifier that specifies a specific SKU of an application.
                  username
                  string
                  Requires UserPrincipalName (UPN). User name of the target user account.
                  
+|Parameter|Type|Description|
+|--- |--- |--- |
+|productId|string|Required. Product identifier for an application that is used by the Store for Business.|
+|skuId|string|Required. Product identifier that specifies a specific SKU of an application.|
+|username|string|Requires UserPrincipalName (UPN). User name of the target user account.|
 
- 
 ## Response
 
 ### Response body
 
-The response body contain [SeatDetails](data-structures-windows-store-for-business.md#seatdetails).
+The response body contains [SeatDetails](data-structures-windows-store-for-business.md#seatdetails).
 
-
-------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  






                  Error codeDescriptionRetryData fieldDetails
                  400
                  Invalid parameters
                  No
                  Parameter name
                  
-
                  Reason: Invalid parameter
                  
-
                  Details: String
                  Invalid can include productId, skuId or userName
                  404
                  Not found
                  Item type: Inventory, User, Seat
                  
-
                  Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName
                  ItemType: Inventory, User, Seat
                  
-
                  Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName
                  409
                  Conflict
                  Reason: Not online
                  
+|Error code|Description|Retry|Data field|Details|
+|--- |--- |--- |--- |--- |
+|400|Invalid parameters|No|Parameter name
                  Reason: Invalid parameter
                  Details: String|Invalid can include productId, skuId or userName|
+|404|Not found||Item type: Inventory, User, Seat
                  Values: ProductId/SkuId, UserName,
                  ProductId/SkuId/UserName|ItemType: Inventory, User, Seat
                  Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName|
+|409|Conflict||Reason: Not online||
 
  
-
- 
-
-
-
-
-
diff --git a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
index be9c8a5339..0d32ea3135 100644
--- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
+++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -23,15 +23,15 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent
 
 1.  Sign in to the Microsoft 365 admin center at  using your organization's account.
 
-    ![register azuread](images/azure-ad-add-tenant10.png)
+    ![screen to register azure-ad](images/azure-ad-add-tenant10.png)
 
 2.  On the **Home** page, click on the Admin tools icon.
 
-    ![register azuread](images/azure-ad-add-tenant11.png)
+    ![screen for registering azure-ad](images/azure-ad-add-tenant11.png)
 
-3.  On the **Admin center** page, under Admin Centers on the left, click **Azure Active Directory**. This will take you to the Azure Active Directory portal.
+3.  On the **Admin center** page, under Admin Centers on the left, click **Azure Active Directory**. You're taken to the Azure Active Directory portal.
 
-    ![Azure-AD-updated](https://user-images.githubusercontent.com/41186174/71594506-e4845300-2b40-11ea-9a08-c21c824e12a4.png)
+    ![Azure-AD-updated.](https://user-images.githubusercontent.com/41186174/71594506-e4845300-2b40-11ea-9a08-c21c824e12a4.png)
 
 
 
diff --git a/windows/client-management/mdm/registry-csp.md b/windows/client-management/mdm/registry-csp.md
deleted file mode 100644
index 4978cc70e0..0000000000
--- a/windows/client-management/mdm/registry-csp.md
+++ /dev/null
@@ -1,159 +0,0 @@
----
-title: Registry CSP
-description: In this article, learn how to use the Registry configuration service provider (CSP) to update registry settings.
-ms.assetid: 2307e3fd-7b61-4f00-94e1-a639571f2c9d
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# Registry CSP
-
-
-The Registry configuration service provider is used to update registry settings. However, if there is configuration service provider that is specific to the settings that need to be updated, use the specific configuration service provider.
-
-> [!NOTE]
-> The Registry CSP is only supported in Windows 10 Mobile for OEM configuration. Do not use this CSP for enterprise remote management.
-For Windows 10 Mobile only, this configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_OEM capabilities to be accessed from a network configuration application.
-
- 
-
-For the Registry CSP, you cannot use the Replace command unless the node already exists.
-
-The Registry configuration service provider can be managed over both the OMA Client Provisioning and the OMA DM protocol. When using OMA DM to add a registry key, a child registry value must also be added in the XML code.
-
-For OMA Client Provisioning, the follows notes apply:
-
--   Querying the registry at the top level is not allowed. All parameters must be queried individually. The underlying data store of the Registry is typed. Be sure to use the **datatype** attribute of the *<parm>* tag.
-
--   This documentation describes the default characteristics. Additional characteristics may be added.
-
--   Because the **Registry** configuration service provider uses the backslash (\\) character as a separator between key names, backslashes which occur in the name of a registry key must be escaped. Backslashes can be escaped by using two sequential backslashes (\\\\).
-
-The default security role maps to each subnode unless specific permission is granted to the subnode. The security role for subnodes is implementation specific, and can be changed by OEMs and mobile operators.
-
-## Microsoft Custom Elements
-
-The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  ElementsAvailable
                  parm-query
                  Yes
                  noparm
                  Yes
                  nocharacteristic
                  Yes
                  characteristic-query
                  Yes
                  
-
                  Recursive query: Yes
                  
-
                  Top level query: No
                  
-
- 
-Use these elements to build standard OMA Client Provisioning configuration XML. For information about specific elements, see MSPROV DTD elements.
-
-
-## Supported Data Types
-
-The following table shows the data types this configuration service provider supports.
-
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  XML Data TypeNative Registry TypeXML Format
                  integer
                  REG_DWORD
                  Integer. A query of this parameter returns an integer type.
                  boolean
                  REG_DWORD
                  Integer value of 1 or 0. A query of this parameter returns an integer type.
                  float
                  REG_SZ
                  Float. A query of this parameter returns a string type.
                  string
                  REG_SZ
                  String. A query of this parameter returns a string type.
                  multiplestring
                  REG_MULTI_SZ
                  Multiple strings are separated by &#xF000; and ended with two &#xF000; - A query of this parameter returns a multistring type.
                  binary
                  REG_BINARY
                  Base64 encoded. A query of this parameter returns a binary type.
                  time
                  FILETIME in REG_BINARY
                  The time format conforms to the ISO8601 standard, with the date portion optional. If the date portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.
                  date
                  FILETIME in REG_BINARY
                  The date format conforms to the ISO8601 standard, with the time portion optional. If the time portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.
                  
-
- 
-
-It is not possible to access registry keys nested under the current path by using the Registry configuration service provider. Instead, the values of the subkey must be accessed separately by using a new characteristic.
-
-## Related topics
-
-
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/registry-ddf-file.md b/windows/client-management/mdm/registry-ddf-file.md
deleted file mode 100644
index 6b6bc9c191..0000000000
--- a/windows/client-management/mdm/registry-ddf-file.md
+++ /dev/null
@@ -1,130 +0,0 @@
----
-title: Registry DDF file
-description: Learn about the OMA DM device description framework (DDF) for the Registry configuration service provider (CSP).
-ms.assetid: 29b5cc07-f349-4567-8a77-387d816a9d15
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# Registry DDF file
-
-
-This topic shows the OMA DM device description framework (DDF) for the **Registry** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-
-```xml
-
-    1.2
-    
-        Registry
-        ./Vendor/MSFT
-        
-            
-                
-            
-            
-                
-            
-            
-                
-            
-            
-                
-            
-            The root node of registry
-        
-        
-            HKCR
-            
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                HK_CLASSES_ROOT portion of device registry.
-            
-        
-        
-            HKCU
-            
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                HK_CURRENT_USER portion of device registry.
-             
-        
-        
-            HKLM
-            
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                HK_LOCAL_MACHINE portion of device registry.
-            
-        
-        
-            HKU
-            
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                HK_USERS portion of device registry.
-            
-        
-    
-
-```
-
-## Related topics
-
-
-[Registry configuration service provider](registry-csp.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/remotefind-csp.md b/windows/client-management/mdm/remotefind-csp.md
index 0dc50af800..51ce1f0fd5 100644
--- a/windows/client-management/mdm/remotefind-csp.md
+++ b/windows/client-management/mdm/remotefind-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -17,7 +17,7 @@ ms.date: 06/26/2017
 
 The RemoteFind configuration service provider retrieves the location information for a particular device.
 
-The following shows the RemoteFind configuration service provider management object in tree format as used by OMA Client Provisioning.
+The following example shows the RemoteFind configuration service provider management object in tree format as used by OMA Client Provisioning.
 ```
 ./Vendor/MSFT
 RemoteFind
@@ -35,26 +35,26 @@ RemoteFind
 **DesiredAccuracy**  
 Optional. The node accepts the requested radius value in meters. Valid values for accuracy are any value between 1 and 1000 meters.
 
-The default value is 50. Replacing this value only replaces it for the current session. The value is not retained.
+The default value is 50. Replacing this value only replaces it for the current session. The value isn't retained.
 
-Supported operations are Replace and Get. The Add command is not supported.
+Supported operations are Replace and Get. The Add command isn't supported.
 
 **Timeout**  
 Optional. Value is DWORD in seconds.
 
-The default value is 7, and the range is 0 to 1800 seconds. Replacing this value only replaces it for the current session. The value is not retained.
+The default value is 7, and the range is 0 to 1800 seconds. Replacing this value only replaces it for the current session. The value isn't retained.
 
-Supported operations are Replace and Get. The Add command is not supported.
+Supported operations are Replace and Get. The Add command isn't supported.
 
 **MaximumAge**  
 Optional. The value represents the desired time window in minutes that the server will accept a successful location retrieval. The node enables the server to set the requested age value in 100 nanoseconds. Valid values for accuracy include any integer value between 0 and 1440 minutes.
 
-The default value is 60. Replacing this value only replaces it for the current session. The value is not retained.
+The default value is 60. Replacing this value only replaces it for the current session. The value isn't retained.
 
-Supported operations are Replace and Get. The Add command is not supported.
+Supported operations are Replace and Get. The Add command isn't supported.
 
 **Location**  
-Required. Nodes under this path must be queried atomically in order to succeed. This is to prevent servers from querying incomplete sets of data.
+Required. Nodes under this path must be queried atomically in order to succeed. This condition is to prevent servers from querying incomplete sets of data.
 
 **Latitude**  
 Required. Provides the latitude of the last successful remote find.
diff --git a/windows/client-management/mdm/remotefind-ddf-file.md b/windows/client-management/mdm/remotefind-ddf-file.md
index 211fd88e78..e6b61e9477 100644
--- a/windows/client-management/mdm/remotefind-ddf-file.md
+++ b/windows/client-management/mdm/remotefind-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/remotelock-csp.md b/windows/client-management/mdm/remotelock-csp.md
deleted file mode 100644
index dde2e01cd2..0000000000
--- a/windows/client-management/mdm/remotelock-csp.md
+++ /dev/null
@@ -1,158 +0,0 @@
----
-title: RemoteLock CSP
-description: Learn how RemoteLock CSP supports the ability to lock a device that has a PIN set on the device or reset the PIN on a device that may or may not have a PIN set.
-ms.assetid: c7889331-5aa3-4efe-9a7e-20d3f433659b
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# RemoteLock CSP
-
-
-The RemoteLock CSP supports the ability to lock a device that has a PIN set on the device or reset the PIN on a device that may or may not have a PIN set.
-
-> [!Note]
-> The RemoteLock CSP is only supported in Windows 10 Mobile.
-
-**./Vendor/MSFT/RemoteLock**
-
                  Defines the root node for the RemoteLock configuration service provider.
                  
-
-**Lock**
-Required. The setting accepts requests to lock the device screen. The device screen will lock immediately if a PIN has been set. If no PIN is set, the lock request is ignored and the OMA DM (405) Forbidden error is returned over the management channel. All OMA DM errors are listed [here](https://go.microsoft.com/fwlink/p/?LinkId=522607) in the protocol specification. The supported operations are Get and Exec.
-
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  StatusDescriptionMeaning [Standard]
                  (200) OK
                  The device was successfully locked.
                  The command and the associated Alert action are completed successfully.
                  (405)
                  The device could not be locked because there is no PIN currently set on the device.
                  The requested command is not allowed on the target.
                  (500) Command failed
                  The device was not locked for some unknown reason.
                  Non-specific errors were created by the recipient while attempting to complete the command.
                  
-
- 
-
-**LockAndResetPIN**
-This setting can be used to lock and reset the PIN on the device. It is used in conjunction with the NewPINValue node. After the **Exec** operation is called successfully on this node, the previous PIN will no longer work and cannot be recovered. The supported operation is Exec.
-
-This node will return the following status. All OMA DM errors are listed [here](https://go.microsoft.com/fwlink/p/?LinkId=522607) in the protocol specification.
-
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  StatusDescriptionMeaning
                  (200) OK
                  The device has been locked with a new password which has been reset.
                  The command and the associated Alert action are completed successfully.
                  (500) Command failed
                  N/A
                  Non-specific errors were created by the recipient while attempting to complete the command.
                  
-
-**LockAndRecoverPIN**
-Added in Windows 10, version 1703. This setting performs a similar function to the LockAndResetPIN node. With LockAndResetPIN any Windows Hello keys associated with the PIN gets deleted, but with LockAndRecoverPIN those keys are saved. After the Exec operation is called successfully on this setting, the new PIN can be retrieved from the NewPINValue setting. The previous PIN will no longer work.
-
-Executing this node requires a ticket from the Microsoft credential reset service. Additionally, the execution of this setting is only supported when the [EnablePinRecovery](./passportforwork-csp.md#tenantid-policies-enablepinrecovery) policy is set on the client.
-
-
-**NewPINValue**
-This setting contains the PIN after Exec has been called on /RemoteLock/LockAndResetPIN or /RemoteLock/LockAndRecoverPin. If LockAndResetPIN or LockAndResetPIN has never been called, the value will be null. If Get is called on this node after a successful Exec call on /RemoteLock/LockAndResetPIN or /RemoteLock/LockAndRecoverPin, then the new PIN will be provided. If another Get command is called on this node, the value will be null. If you need to reset the PIN again, then another LockAndResetPIN Exec can be communicated to the device to generate a new PIN. The PIN value will conform to the minimum PIN complexity requirements of the merged policies that are set on the device. If no PIN policy has been set on the device, the generated PIN will conform to the default policy of the device.
-
-The data type returned is a string.
-
-The supported operation is Get.
-
-A Get operation on this node must follow an Exec operation on the /RemoteLock/LockAndResetPIN or /RemoteLock/LockAndRecoverPin node in the proper order and in the same SyncML message. The Sequence tag can be used to guarantee the order in which commands are processed.
-
-## Examples
-
-
-Initiate a remote lock of the device.
-
-```xml
-
-   1
-   
-      
-         ./Vendor/MSFT/RemoteLock/Lock 
-      
-   
-
-```
-
-Initiate a remote lock and PIN reset of the device. To successfully retrieve the new device-generated PIN, the commands must be executed together and in the proper sequence as shown below.
-
-```xml
-
-    1
-    
-        2
-        
-            
-                ./Vendor/MSFT/RemoteLock/LockAndResetPIN 
-            
-        
-    
-    
-       3
-       
-            
-                ./Vendor/MSFT/RemoteLock/NewPINValue 
-            
-        
-    
-
-```
-
-
-## Related topics
-
-
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
diff --git a/windows/client-management/mdm/remotelock-ddf-file.md b/windows/client-management/mdm/remotelock-ddf-file.md
deleted file mode 100644
index d740994fc1..0000000000
--- a/windows/client-management/mdm/remotelock-ddf-file.md
+++ /dev/null
@@ -1,153 +0,0 @@
----
-title: RemoteLock DDF file
-description: Learn about the OMA DM device description framework (DDF) for the RemoteLock configuration service provider (CSP).
-ms.assetid: A301AE26-1BF1-4328-99AB-1ABBA4960797
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 12/05/2017
----
-
-# RemoteLock DDF file
-
-
-This topic shows the OMA DM device description framework (DDF) for the **RemoteLock** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-
-The XML below is the current version for this CSP.
-
-```xml
-
-
-]>
-
-  1.2
-  
-    RemoteLock
-    ./Vendor/MSFT
-    
-      
-        
-      
-      
-        
-      
-      
-        
-      
-      
-        
-      
-      
-        
-      
-    
-    
-      Lock
-      
-        
-          
-          
-        
-        
-          
-        
-        
-          
-        
-        
-          
-        
-        
-          text/plain
-        
-      
-    
-    
-      LockAndResetPIN
-      
-        
-          
-          
-        
-        
-          
-        
-        
-          
-        
-        
-          
-        
-        
-          text/plain
-        
-      
-    
-    
-      LockAndRecoverPIN
-      
-        
-          
-          
-        
-        
-          
-        
-        
-          
-        
-        
-          
-        
-        
-          text/plain
-        
-      
-    
-    
-      NewPINValue
-      
-        
-          
-        
-        
-          
-        
-        
-          
-        
-        
-          
-        
-        
-          text/plain
-        
-      
-    
-  
-
-```
-
-## Related topics
-
-
-[RemoteLock configuration service provider](remotelock-csp.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md
index 8125620d66..548923b5fe 100644
--- a/windows/client-management/mdm/remotering-csp.md
+++ b/windows/client-management/mdm/remotering-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
diff --git a/windows/client-management/mdm/remotering-ddf-file.md b/windows/client-management/mdm/remotering-ddf-file.md
index 6ce26f1758..763d8b6a90 100644
--- a/windows/client-management/mdm/remotering-ddf-file.md
+++ b/windows/client-management/mdm/remotering-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md
index 67772b648f..1ff78fcccf 100644
--- a/windows/client-management/mdm/remotewipe-csp.md
+++ b/windows/client-management/mdm/remotewipe-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/13/2018
 ---
 
@@ -17,7 +17,7 @@ ms.date: 08/13/2018
 
 The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely wipe a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely wiped after being lost or stolen.
 
-The following shows the RemoteWipe configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning. Enterprise IT Professionals can update these settings by using the Exchange Server.
+The following example shows the RemoteWipe configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning. Enterprise IT Professionals can update these settings by using the Exchange Server.
 ```
 ./Vendor/MSFT
 RemoteWipe
@@ -60,7 +60,7 @@ Added in Windows 10, version 1709.  Exec on this node will perform a remote rese
 Added in Windows 10, version 1809. Node for the Autopilot Reset operation.
 
 **AutomaticRedeployment/doAutomaticRedeployment**  
-Added in Windows 10, version 1809. Exec on this node triggers Autopilot Reset operation. This works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Azure AD and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard.
+Added in Windows 10, version 1809. Exec on this node triggers Autopilot Reset operation. This node works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Azure AD and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard.
 
 **AutomaticRedeployment/LastError**  
 Added in Windows 10, version 1809. Error value, if any, associated with Autopilot Reset operation (typically an HRESULT).
diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md
index 36a83bee33..b423d893d9 100644
--- a/windows/client-management/mdm/remotewipe-ddf-file.md
+++ b/windows/client-management/mdm/remotewipe-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/13/2018
 ---
 
diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md
index c8bc78834a..3167a33adc 100644
--- a/windows/client-management/mdm/reporting-csp.md
+++ b/windows/client-management/mdm/reporting-csp.md
@@ -8,17 +8,18 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
 # Reporting CSP
 
 
-The Reporting configuration service provider is used to retrieve Windows Information Protection (formerly known as Enterprise Data Protection) and security auditing logs. This CSP was added in Windows 10, version 1511.
+The Reporting configuration service provider is used to retrieve Windows Information Protection (formerly known as Enterprise Data Protection) and security auditing logs. This CSP was added in Windows 10, version 1511.
 
 The following DDF format shows the Reporting configuration service provider in tree format.
-```
+
+```console
 ./Vendor/MSFT
 Reporting
 ----EnterpriseDataProtection
@@ -33,23 +34,27 @@ Reporting
 ------------StartTime
 ------------Type
 ```
+
 **Reporting**  
 Root node.
 
 **Reporting/EnterpriseDataProtection**  
 Interior node for retrieving the Windows Information Protection (formerly known as Enterprise Data Protection) logs.
 
+
 
 **RetrieveByTimeRange**  
-Returns the logs that exist within the StartTime and StopTime. The StartTime and StopTime are expressed in ISO 8601 format. If the StartTime and StopTime are not specified, then the values are interpreted as either first existing or last existing time.
+Returns the logs that exist within the StartTime and StopTime. The StartTime and StopTime are expressed in ISO 8601 format. If the StartTime and StopTime aren't specified, then the values are interpreted as either first existing or last existing time.
 
 Here are the other possible scenarios:
 
--   If the StartTime and StopTime are not specified, then it returns all existing logs.
--   If the StopTime is specified, but the StartTime is not specified, then all logs that exist before the StopTime are returned.
--   If the StartTime is specified, but the StopTime is not specified, then all that logs that exist from the StartTime are returned.
+-   If the StartTime and StopTime aren't specified, then it returns all existing logs.
+-   If the StopTime is specified, but the StartTime isn't specified, then all logs that exist before the StopTime are returned.
+-   If the StartTime is specified, but the StopTime isn't specified, then all that logs that exist from the StartTime are returned.
 
 **RetrieveByCount**  
 Interior node for retrieving a specified number of logs from the StartTime. The StartTime is expressed in ISO 8601 format. You can set the number of logs required by setting LogCount and StartTime. It returns the specified number of logs or less, if the total number of logs is less than LogCount.
@@ -59,7 +64,7 @@ Contains the reporting logs.
 
 Value type is XML.
 
-Supported operations is Get.
+Supported operation is Get.
 
 **StartTime**  
 Specifies the starting time for retrieving logs.
@@ -76,7 +81,7 @@ Value type is string. Use ISO 8601 format.
 Supported operations are Get and Replace.
 
 **Type**  
-Added in Windows 10, version 1703. Specifies the type of logs to retrieve. You can use this to retrieve the WIP learning logs.
+Added in Windows 10, version 1703. Specifies the type of logs to retrieve. You can use this policy to retrieve the WIP learning logs.
 
 Value type is integer.
 
@@ -89,7 +94,7 @@ Value type is int.
 
 Supported operations are Get and Replace.
 
-## Examples
+## Example
 
 Retrieve all available Windows Information Protection (formerly known as Enterprise Data Protection) logs starting from the specified StartTime.
 
@@ -114,6 +119,8 @@ Retrieve all available Windows Information Protection (formerly known as Enterpr
                   
 ```
 
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/reporting-ddf-file.md b/windows/client-management/mdm/reporting-ddf-file.md
index 5b16192077..d5d716e6bb 100644
--- a/windows/client-management/mdm/reporting-ddf-file.md
+++ b/windows/client-management/mdm/reporting-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
index ad6dd045e3..db7f1cc835 100644
--- a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
+++ b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
@@ -11,7 +11,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/18/2017
 ---
 
diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md
index c1e940ef69..3b298a1606 100644
--- a/windows/client-management/mdm/rootcacertificates-csp.md
+++ b/windows/client-management/mdm/rootcacertificates-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 03/06/2018
 ---
 
@@ -21,7 +21,7 @@ The RootCATrustedCertificates configuration service provider enables the enterpr
 > The **./User/** configuration is not supported for **RootCATrustedCertificates/Root/**.
 
  
-The following shows the RootCATrustedCertificates configuration service provider in tree format.
+The following example shows the RootCATrustedCertificates configuration service provider in tree format.
 
 Detailed specification of the principal root nodes:
 ```
@@ -82,7 +82,7 @@ Node for trusted publisher certificates.
 Node for trusted people certificates.
 
 **RootCATrustedCertificates/UntrustedCertificates**  
-Added in Windows 10, version 1803. Node for certificates that are not trusted. IT admin can use this node to immediately flag certificates that have been compromised and no longer usable.
+Added in Windows 10, version 1803. Node for certificates that aren't trusted. IT admin can use this node to immediately flag certificates that have been compromised and no longer usable.
 
 **_CertHash_**  
 Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. This node is common for all the principal root nodes.  The supported operations are Get and Delete.
@@ -90,19 +90,19 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi
 The following nodes are all common to the **_CertHash_** node:
 
 **/EncodedCertificate**  
-Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.  The supported operations are Add, Get, and Replace.
+Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc.  The supported operations are Add, Get, and Replace.
 
 **/IssuedBy**  
-Returns the name of the certificate issuer. This is equivalent to the **Issuer** member in the CERT\_INFO data structure.  The only supported operation is Get.
+Returns the name of the certificate issuer. This name is equivalent to the **Issuer** member in the CERT\_INFO data structure.  The only supported operation is Get.
 
 **/IssuedTo**  
-Returns the name of the certificate subject. This is equivalent to the **Subject** member in the CERT\_INFO data structure.  The only supported operation is Get.
+Returns the name of the certificate subject. This name is equivalent to the **Subject** member in the CERT\_INFO data structure.  The only supported operation is Get.
 
 **/ValidFrom**  
-Returns the starting date of the certificate's validity. This is equivalent to the **NotBefore** member in the CERT\_INFO data structure.  The only supported operation is Get.
+Returns the starting date of the certificate's validity. This date is equivalent to the **NotBefore** member in the CERT\_INFO data structure.  The only supported operation is Get.
 
 **/ValidTo**  
-Returns the expiration date of the certificate. This is equivalent to the **NotAfter** member in the CERT\_INFO data structure.  The only supported operation is Get.
+Returns the expiration date of the certificate. This date is equivalent to the **NotAfter** member in the CERT\_INFO data structure.  The only supported operation is Get.
 
 **/TemplateName**  
 Returns the certificate template name.  The only supported operation is Get.
diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md
index 166dfc0d43..78f3e0b69e 100644
--- a/windows/client-management/mdm/rootcacertificates-ddf-file.md
+++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 03/07/2018
 ---
 
diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md
index 57f3dfc283..bdc2932777 100644
--- a/windows/client-management/mdm/secureassessment-csp.md
+++ b/windows/client-management/mdm/secureassessment-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -16,7 +16,7 @@ ms.date: 06/26/2017
 
 The SecureAssessment configuration service provider is used to provide configuration information for the secure assessment browser.
 
-The following shows the SecureAssessment configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
+The following example shows the SecureAssessment configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
 ```
 ./Vendor/MSFT
 SecureAssessment
diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md
index 383470060b..76fa3dcb8b 100644
--- a/windows/client-management/mdm/secureassessment-ddf-file.md
+++ b/windows/client-management/mdm/secureassessment-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md
index 9e203d4d39..5664077e3e 100644
--- a/windows/client-management/mdm/securitypolicy-csp.md
+++ b/windows/client-management/mdm/securitypolicy-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -17,137 +17,98 @@ ms.date: 06/26/2017
 
 The SecurityPolicy configuration service provider is used to configure security policy settings for WAP push, OMA Client Provisioning, OMA DM, Service Indication (SI), Service Loading (SL), and MMS.
 
->  **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_SECURITY\_POLICIES capabilities to be accessed from a network configuration application.
+> [!NOTE]
+> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_SECURITY\_POLICIES capabilities to be accessed from a network configuration application.
 
  
 
-For the SecurityPolicy CSP, you cannot use the Replace command unless the node already exists.
+For the SecurityPolicy CSP, you can't use the Replace command unless the node already exists.
 
-The following diagram shows the SecurityPolicy configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning.
+The following example shows the SecurityPolicy configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning.
 
-![securitypolicy csp (dm,cp)](images/provisioning-csp-securitypolicy-dmandcp.png)
+```console
+./Vendor/MSFT
+SecurityPolicy
+----PolicyID
+```
 
 ***PolicyID***  
 Defines the security policy identifier as a decimal value.
 
 The following security policies are supported.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  PolicyIDPolicy namePolicy description
                  4104
                  
-
                  Hex:1008
                  TPS Policy
                  This setting indicates whether mobile operators can be assigned the Trusted Provisioning Server (TPS) SECROLE_OPERATOR_TPS role.
                  
-
                  Default value: 1
                  
-
                  Supported values:
                  
-
                  0: The TPS role assignment is disabled.
                  
-
                  1: The TPS role assignment is enabled, and can be assigned to mobile operators.
                  4105
                  
-
                  Hex:1009
                  Message Authentication Retry Policy
                  This setting specifies the maximum number of times the user is allowed to try authenticating a Wireless Application Protocol (WAP) PIN-signed message.
                  
-
                  Default value: 3
                  
-
                  Possible values: 0 through 256.
                  4108
                  
-
                  Hex:100c
                  Service Loading Policy
                  This setting indicates whether SL messages are accepted, by specifying the security roles that can accept SL messages. An SL message downloads new services or provisioning XML to the device.
                  
-
                  Default value: 256 (SECROLE_KNOWN_PPG)
                  
-
                  Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG
                  
-
                  4109
                  
-
                  Hex:100d
                  Service Indication Policy
                  This setting indicates whether SI messages are accepted, by specifying the security roles that can accept SI messages. An SI message is sent to the device to notify users of new services, service updates, and provisioning services.
                  
-
                  Default value: 256 (SECROLE_KNOWN_PPG)
                  
-
                  Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG
                  4111
                  
-
                  Hex:100f
                  OTA Provisioning Policy
                  This setting determines whether PIN signed OMA Client Provisioning messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the following roles in the role mask, then the message is processed. To ensure properly signed OMA Client Provisioning messages are accepted by the configuration client, all of the roles that are set in 4141, 4142, and 4143 policies must also be set in this policy. For example, to ensure properly signed USERNETWPIN signed OMA Client Provisioning messages are accepted by the device, if policy 4143 is set to 4096 (SECROLE_ANY_PUSH_SOURCE) for an carrier-unlocked device, policy 4111 must also have the SECROLE_ANY_PUSH_SOURCE role set.
                  
-
                  Default value: 384 (SECROLE_OPERATOR_TPS | SECROLE_KNOWN_PPG)
                  
-
                  Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS
                  
-
                  4113
                  
-
                  Hex:1011
                  WSP Push Policy
                  This setting indicates whether Wireless Session Protocol (WSP) notifications from the WAP stack are routed.
                  
-
                  Default value: 1
                  
-
                  Supported values:
                  
-
                  0: Routing of WSP notifications is not allowed.
                  
-
                  1: Routing of WSP notifications is allowed.
                  4132
                  
-
                  Hex:1024
                  Network PIN signed OTA Provision Message User Prompt Policy
                  This policy specifies whether the device will prompt a UI to get the user confirmation before processing a pure network pin signed OTA Provisioning message. If prompt, the user has the ability to discard the OTA provisioning message.
                  
-
                  Default value: 0
                  
-
                  Supported values:
                  
-
                  0: The device prompts a UI to get user confirmation when the OTA WAP provisioning message is signed purely with network pin.
                  
-
                  1: There is no user prompt.
                  4141
                  
-
                  Hex:102d
                  OMA CP NETWPIN Policy
                  This setting determines whether the OMA network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.
                  
-
                  Default value: 0
                  
-
                  Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE , SECROLE_OPERATOR_TPS
                  
-
                  4142
                  
-
                  Hex:102e
                  OMA CP USERPIN Policy
                  This setting determines whether the OMA user PIN or user MAC signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.
                  
-
                  Default value: 256
                  
-
                  Supported values: SECROLE_OPERATOR_TPS, SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG
                  4143
                  
-
                  Hex:102f
                  OMA CP USERNETWPIN Policy
                  This setting determines whether the OMA user network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.
                  
-
                  Default value: 256
                  
-
                  Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS
                  
-
                  4144
                  
-
                  Hex:1030
                  MMS Message Policy
                  This setting determines whether MMS messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the roles in the role mask, then the message is processed.
                  
-
                  Default value: 256 (SECROLE_KNOWN_PPG)
                  
-
                  Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE
                  
+- **PolicyID**: 4104 | Hex: 1008
+  - **Policy name**: TPS Policy
+  - **Policy description**: This setting indicates whether mobile operators can be assigned the Trusted Provisioning Server (TPS) SECROLE_OPERATOR_TPS role.
+    - Default value: 1
+    - Supported values:
+      - 0: The TPS role assignment is disabled.
+      - 1: The TPS role assignment is enabled, and can be assigned to mobile operators.
+
+- **PolicyID**: 4105 | Hex: 1009
+  - **Policy name**: Message Authentication Retry Policy
+  - **Policy description**: This setting specifies the maximum number of times the user is allowed to try authenticating a Wireless Application Protocol (WAP) PIN-signed message.
+    - Default value: 3
+    - Supported values: 0 through 256
+
+- **PolicyID**: 4108 | Hex: 100c
+  - **Policy name**: Service Loading Policy
+  - **Policy description**: This setting indicates whether SL messages are accepted, by specifying the security roles that can accept SL messages. An SL message downloads new services or provisioning XML to the device.
+    - Default value: 256 (SECROLE_KNOWN_PPG)
+    - Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG
+
+- **PolicyID**: 4109 | Hex:100d
+  - **Policy name**: Service Indication Policy
+  - **Policy description**: This setting indicates whether SI messages are accepted, by specifying the security roles that can accept SI messages. An SI message is sent to the device to notify users of new services, service updates, and provisioning services.
+    - Default value: 256 (SECROLE_KNOWN_PPG)
+    - Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG
+
+- **PolicyID**: 4111 | Hex:100f
+  - **Policy name**: OTA Provisioning Policy
+  - **Policy description**: This setting determines whether PIN signed OMA Client Provisioning messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the following roles in the role mask, then the message is processed. To ensure properly signed OMA Client Provisioning messages are accepted by the configuration client, all of the roles that are set in 4141, 4142, and 4143 policies must also be set in this policy. For example, to ensure properly signed USERNETWPIN signed OMA Client Provisioning messages are accepted by the device, if policy 4143 is set to 4096 (SECROLE_ANY_PUSH_SOURCE) for a carrier-unlocked device, policy 4111 must also have the SECROLE_ANY_PUSH_SOURCE role set.
+    - Default value: 384 (SECROLE_OPERATOR_TPS | SECROLE_KNOWN_PPG)
+    - Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS
+
+- **PolicyID**: 4113 | Hex:1011
+  - **Policy name**: WSP Push Policy
+  - **Policy description**: This setting indicates whether Wireless Session Protocol (WSP) notifications from the WAP stack are routed.
+    - Default value: 1
+    - Supported values: 
+      - 0: Routing of WSP notifications isn't allowed.
+      - 1: Routing of WSP notifications is allowed.
+
+- **PolicyID**: 4132 | Hex:1024
+  - **Policy name**: Network PIN signed OTA Provision Message User Prompt Policy
+  - **Policy description**: This policy specifies whether the device will prompt a UI to get the user confirmation before processing a pure network pin signed OTA Provisioning message. If prompt, the user has the ability to discard the OTA provisioning message.
+    - Default value: 0
+    - Supported values: 
+      - 0: The device prompts a UI to get user confirmation when the OTA WAP provisioning message is signed purely with network pin.
+      - 1: There's no user prompt.
+
+- **PolicyID**: 4141 | Hex:102d
+  - **Policy name**: OMA CP NETWPIN Policy
+  - **Policy description**: This setting determines whether the OMA network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.
+    - Default value: 0
+    - Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS
+
+- **PolicyID**: 4142 | Hex:102e
+  - **Policy name**: OMA CP USERPIN Policy
+  - **Policy description**: This setting determines whether the OMA user PIN or user MAC signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.
+    - Default value: 256
+    - Supported values: SECROLE_OPERATOR_TPS, SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG
+
+- **PolicyID**: 4143 | Hex:102f
+  - **Policy name**: OMA CP USERNETWPIN Policy
+  - **Policy description**: This setting determines whether the OMA user network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.
+    - Default value: 256
+    - Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS
+
+- **PolicyID**: 4144 | Hex:1030
+  - **Policy name**: MMS Message Policy
+  - **Policy description**: This setting determines whether MMS messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the roles in the role mask, then the message is processed.
+    - Default value: 256 (SECROLE_KNOWN_PPG)
+    - Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE
 
- 
 
 ## Remarks
 
@@ -156,41 +117,11 @@ Security roles allow or restrict access to device resources. The security role i
 
 The following security roles are supported.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  Security roleDecimal valueDescription
                  SECROLE_OPERATOR_TPS
                  128
                  Trusted Provisioning Server.
                  
-
                  Assigned to WAP messages that come from a Push Initiator that is authenticated (SECROLE_PPG_AUTH) by a trusted Push Proxy Gateway (SECROLE_TRUSTED_PPG), and where the Uniform Resource Identifier (URI) of the Push Initiator corresponds to the URI of the Trusted Provisioning Server (TPS) on the device.
                  
-
                  The mobile operator can determine whether this role and the SECROLE_OPERATOR role require the same permissions.
                  SECROLE_KNOWN_PPG
                  256
                  Known Push Proxy Gateway.
                  
-
                  Messages assigned this role indicate that the device knows the address to the Push Proxy Gateway.
                  SECROLE_ANY_PUSH_SOURCE
                  4096
                  Push Router.
                  
-
                  Messages received by the push router will be assigned to this role.
                  
+|Security role|Decimal value|Description|
+|--- |--- |--- |
+|SECROLE_OPERATOR_TPS|128|Trusted Provisioning Server.
                  Assigned to WAP messages that come from a Push Initiator that is authenticated (SECROLE_PPG_AUTH) by a trusted Push Proxy Gateway (SECROLE_TRUSTED_PPG), and where the Uniform Resource Identifier (URI) of the Push Initiator corresponds to the URI of the Trusted Provisioning Server (TPS) on the device.
                  The mobile operator can determine whether this role and the SECROLE_OPERATOR role require the same permissions.|
+|SECROLE_KNOWN_PPG|256|Known Push Proxy Gateway.
                  Messages assigned this role indicate that the device knows the address to the Push Proxy Gateway.|
+|SECROLE_ANY_PUSH_SOURCE|4096|Push Router.
                  Messages received by the push router will be assigned to this role.|
 
  
 
@@ -267,28 +198,10 @@ Querying a security policy:
 
 The following table shows the Microsoft custom elements that this Configuration Service Provider supports for OMA Client Provisioning.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  ElementsAvailable
                  parm-query
                  Yes
                  noparm
                  Yes. If this is used, then the policy is set to 0 by default (corresponding to the most restrictive of policy values).
                  
+|Elements|Available|
+|--- |--- |
+|parm-query|Yes|
+|noparm|Yes. If this element is used, then the policy is set to 0 by default (corresponding to the most restrictive of policy values).|
 
  
 
@@ -296,13 +209,3 @@ The following table shows the Microsoft custom elements that this Configuration
 
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/server-requirements-windows-mdm.md b/windows/client-management/mdm/server-requirements-windows-mdm.md
index 032469c901..76c6a97981 100644
--- a/windows/client-management/mdm/server-requirements-windows-mdm.md
+++ b/windows/client-management/mdm/server-requirements-windows-mdm.md
@@ -11,7 +11,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -21,13 +21,13 @@ The following list shows the general server requirements for using OMA DM to man
 
 -   The OMA DM server must support the OMA DM v1.1.2 or later protocol.
 
--   Secure Sockets Layer (SSL) must be on the OMA DM server, and it must provide server certificate-based authentication, data integrity check, and data encryption. If the certificate is not issued by a commercial Certification Authority whose root certificate is pre-installed in the device, you must provision the enterprise root certificate in the device's Root store.
+-   Secure Sockets Layer (SSL) must be on the OMA DM server, and it must provide server certificate-based authentication, data integrity check, and data encryption. If the certificate isn't issued by a commercial Certification Authority whose root certificate is pre-installed in the device, you must provision the enterprise root certificate in the device's Root store.
 
 -   To authenticate the client at the application level, you must use either Basic or MD5 client authentication.
 
 -   The server MD5 nonce must be renewed in each DM session. The DM client sends the new server nonce for the next session to the server over the Status element in every DM session.
 
--   The MD5 binary nonce is send over XML B64 encoded format, but the octal form of the binary data should be used when the service calculates the hash.
+-   The MD5 binary nonce is sent over XML B64 encoded format, but the octal form of the binary data should be used when the service calculates the hash.
 
     For more information about Basic or MD5 client authentication, MD5 hash, and MD5 nonce, see the OMA Device Management Security specification (OMA-TS-DM\_Security-V1\_2\_1-20080617-A), available from the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=526900).
 
diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md
index 82731ed689..7f8d360143 100644
--- a/windows/client-management/mdm/sharedpc-csp.md
+++ b/windows/client-management/mdm/sharedpc-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 01/16/2019
 ---
 
@@ -17,7 +17,7 @@ ms.date: 01/16/2019
 
 The SharedPC configuration service provider is used to configure settings for Shared PC usage.
 
-The following shows the SharedPC configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
+The following example shows the SharedPC configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
 ```
 ./Vendor/MSFT
 SharedPC
@@ -133,12 +133,12 @@ Configures when accounts are deleted.
 
 The supported operations are Add, Get, Replace, and Delete.
 
-For Windows 10, version 1607, here is the list shows the supported values:
+For Windows 10, version 1607, here's the list shows the supported values:
 
 -   0 - Delete immediately.
 -   1 (default) - Delete at disk space threshold.
 
-For Windows 10, version 1703, here is the list of supported values:  
+For Windows 10, version 1703, here's the list of supported values:  
 
 - 0 - Delete immediately
 - 1 - Delete at disk space threshold
@@ -154,7 +154,7 @@ Sets the percentage of disk space remaining on a PC before cached accounts will
 
 The default value is Not Configured. Its default value in the SharedPC provisioning package is 25.
 
-For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevelDeletion** number is set to 25 (both default values). Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) during a daily maintenance period, accounts will be deleted (oldest last used first) when the system is idle until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under half of the deletion threshold and disk space is very low, regardless of whether the PC is actively in use or not.
+For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevelDeletion** number is set to 25 (both default values). Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) during a daily maintenance period, accounts will be deleted (oldest last used first) when the system is idle until the free disk space is above 50% (the caching number). Accounts will be deleted immediately on signing out from an account if free space is under half of the deletion threshold and disk space is low, regardless of whether the PC is actively in use or not.
 
 The supported operations are Add, Get, Replace, and Delete.
 
@@ -166,7 +166,7 @@ Sets the percentage of available disk space a PC should have before it stops del
 
 The default value is Not Configured. The default value in the SharedPC provisioning package is 25.
 
-For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevelDeletion** number is set to 25 (both default values). Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) during a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under the deletion threshold and disk space is very low, regardless whether the PC is actively in use or not.
+For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevelDeletion** number is set to 25 (both default values). Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) during a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately on signing out from an account if free space is under the deletion threshold and disk space is low, regardless whether the PC is actively in use or not.
 
 The supported operations are Add, Get, Replace, and Delete.
 
@@ -187,7 +187,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 > If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
 
 **KioskModeUserTileDisplayText**  
-Added in Windows 10, version 1703. Specifies the display text for the account shown on the sign-in screen which launches the app specified by KioskModeAUMID. This node is optional. 
+Added in Windows 10, version 1703. Specifies the display text for the account shown on the sign-in screen that launches the app specified by KioskModeAUMID. This node is optional. 
 
 Value type is string. Supported operations are Add, Get, Replace, and Delete. 
 
@@ -195,14 +195,14 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 > If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
 
 **InactiveThreshold**  
-Added in Windows 10, version 1703. Accounts will start being deleted when they have not been logged on during the specified period, given as number of days.
+Added in Windows 10, version 1703. Accounts will start being deleted when they haven't been logged on during the specified period, given as number of days.
 
 The default value is Not Configured. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 The default in the SharedPC provisioning package is 30.
 
 **MaxPageFileSizeMB**  
-Added in Windows 10, version 1703. Maximum size of the paging file in MB. Applies only to systems with less than 32 GB storage and at least 3 GB of RAM. This node is optional. 
+Added in Windows 10, version 1703. Maximum size of the paging file in MB. Applies only to systems with less than 32-GB storage and at least 3 GB of RAM. This node is optional. 
 
 > [!NOTE]
 > If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md
index 61e26ea7a0..362f24ac59 100644
--- a/windows/client-management/mdm/sharedpc-ddf-file.md
+++ b/windows/client-management/mdm/sharedpc-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md
index ea5aad60ca..65bbfb02c9 100644
--- a/windows/client-management/mdm/storage-csp.md
+++ b/windows/client-management/mdm/storage-csp.md
@@ -8,12 +8,15 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
 # Storage CSP
 
+Storage CSP is deprecated. Use System/AllowStorageCard in [Policy CSP](policy-configuration-service-provider.md) instead.
+
+
 
 ## Related topics
 
+System/AllowStorageCard in [Policy CSP](policy-configuration-service-provider.md)
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md
index 17340fbf2d..83acf0f5a6 100644
--- a/windows/client-management/mdm/storage-ddf-file.md
+++ b/windows/client-management/mdm/storage-ddf-file.md
@@ -8,12 +8,15 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
 # Storage DDF file
 
+Storage CSP is deprecated. Use System/AllowStorageCard in [Policy CSP](policy-configuration-service-provider.md) instead.
+
+
 
+## Related topics
 
+System/AllowStorageCard in [Policy CSP](policy-configuration-service-provider.md)
 
+[Storage CSP (deprecated)](storage-csp.md)
 
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
index 2b482383bd..5c0940030d 100644
--- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
+++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -22,36 +22,14 @@ Each message is composed of a header, specified by the SyncHdr element, and a me
 
 The following table shows the OMA DM versions that are supported.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  VersionFormat
                  OMA DM version 1.1.2
                  <SyncML xmlns='SYNCML:SYNCML1.1'>
                  
-
                  </SyncML>
                  OMA DM version 1.2
                  <SyncML xmlns='SYNCML:SYNCML1.2'>
                  
-
                  </SyncML>
                  
-
- 
+|Version|Format|
+|--- |--- |
+|OMA DM version 1.1.2|<SyncML xmlns='SYNCML:SYNCML1.1'>
                  </SyncML>|
+|OMA DM version 1.2|<SyncML xmlns='SYNCML:SYNCML1.2'>
                  </SyncML>|
 
 ## File format
 
-The following example shows the general structure of the XML document sent by the server using OMA DM version 1.2.1 for demonstration purposes only. The initial XML packages exchanged between client and server could contain additional XML tags. For a detailed description and samples for those packages, see the [OMA Device Management Protocol 1.2.1](https://go.microsoft.com/fwlink/p/?LinkId=526902) specification.
+The following example shows the general structure of the XML document sent by the server using OMA DM version 1.2.1 for demonstration purposes only. The initial XML packages exchanged between client and server could contain additional XML tags. For a detailed description and samples for those packages, see the [OMA Device Management Protocol 1.2.1](https://www.openmobilealliance.org/release/DM/V1_2_1-20080617-A/OMA-TS-DM_Protocol-V1_2_1-20080617-A.pdf) specification.
 
 ```xml
 
@@ -103,7 +81,8 @@ This information is used to by the client device to properly manage the DM sessi
 
 The following example shows the header component of a DM message. In this case, OMA DM version 1.2 is used as an example only.
 
-> **Note**   The <LocURI> node value for the <Source> element in the SyncHdr of the device-generated DM package should be the same as the value of ./DevInfo/DevID. For more information about DevID, see [DevInfo configuration service provider](devinfo-csp.md).
+> [!NOTE]
+> The `` node value for the `` element in the SyncHdr of the device-generated DM package should be the same as the value of ./DevInfo/DevID. For more information about DevID, see [DevInfo configuration service provider](devinfo-csp.md).
 
  
 
@@ -128,7 +107,7 @@ SyncBody contains one or more DM commands. The SyncBody can contain multiple DM
 
 **Code example**
 
-The following example shows the body component of a DM message. In this example, SyncBody contains only one command, Get. This is indicated by the <Final /> tag that occurs immediately after the terminating tag for the Get command.
+The following example shows the body component of a DM message. In this example, SyncBody contains only one command, Get. This command is indicated by the <Final /> tag that occurs immediately after the terminating tag for the Get command.
 
 ```xml
 
@@ -145,9 +124,9 @@ The following example shows the body component of a DM message. In this example,
 
 ```
 
-When using SyncML for OMA DM provisioning, a LocURI in SyncBody can have a "." as a valid segment name only in the first segment. However, a "." is not a valid segment name for the other segments. For example, the following LocURI is not valid because the segment name of the seventh segment is a ".".
+When SyncML for OMA DM provisioning is being used, a LocURI in SyncBody can have a "." as a valid segment name only in the first segment. However, a "." isn't a valid segment name for the other segments. For example, the following LocURI isn't valid because the segment name of the seventh segment is a ".".
 
-```
+```xml
 ./Vendor/MSFT/Registry/HKLM/Security/./Test
 ```
 
@@ -188,11 +167,3 @@ The following example illustrates how to use the Replace command to update a dev
    
 
 ```
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md
index e41a8c2374..61cb297fdf 100644
--- a/windows/client-management/mdm/supl-csp.md
+++ b/windows/client-management/mdm/supl-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/12/2019
 ---
 
@@ -16,56 +16,30 @@ ms.date: 09/12/2019
 
 The SUPL configuration service provider is used to configure the location client, as shown in the following table:
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  Location ServiceSUPLV2 UPL
                  Connection type
                  All connections other than CDMA
                  CDMA
                  Configuration
                    
-
                  • Settings that need to get pushed to the GNSS driver to configure the SUPL behavior:
                    
-
                      
-
                    • Address of the Home SUPL (H-SLP) server.
                      • 
-
                    • H-SLP server certificate.
                      • 
-
                    • Positioning method.
                      • 
-
                    • Version of the protocol to use by default.
                      • 
-
                    • 
-
                  • MCC/MNC value pairs which are used to specify which networks' UUIC the SUPL account matches.
                    • 
-
                    
-
                  • Address of the server — a mobile positioning center for non-trusted mode.
                    • 
-
                  • The positioning method used by the MPC for non-trusted mode.
                    • 
-
                  
+- **Location Service**: Connection type
+  - **SUPL**: All connections other than CDMA
+  - **V2 UPL**: CDMA
 
- 
+- **Location Service**: Configuration
+  - **SUPL**: 
+    - Settings that need to get pushed to the GNSS driver to configure the SUPL behavior:
+      - Address of the Home SUPL (H-SLP) server.
+      - H-SLP server certificate.
+      - Positioning method.
+      - Version of the protocol to use by default.
+    - MCC/MNC value pairs that are used to specify which networks' UUIC the SUPL account matches.
+  - **V2 UPL**: 
+    - Address of the server—a mobile positioning center for non-trusted mode.
+    - The positioning method used by the MPC for non-trusted mode.
 
 The SUPL or V2 UPL connection will be reconfigured every time the device is rebooted, a new UICC is inserted, or new settings are provisioned by using OMA Client Provisioning, OMA DM, or test tools. When the device is in roaming mode, it reverts to Mobile Station Standalone mode, in which only the built–in Microsoft location components are used.
 
-The following shows the SUPL configuration service provider management object in tree format as used by OMA DM and OMA Client Provisioning.
+The following example shows the SUPL configuration service provider management object in tree format as used by OMA DM and OMA Client Provisioning.
 
-> **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION capability to be accessed from a network configuration application.
+> [!NOTE]
+> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION capability to be accessed from a network configuration application. 
 
- 
-
-```
+```console
 ./Vendor/MSFT/
 SUPL
 ----SUPL1
@@ -97,16 +71,17 @@ SUPL
 --------NIDefaultTimeout 
 --------ServerAccessInterval
 ```
+
 **SUPL1**  
 Required for SUPL. Defines the account for the SUPL Enabled Terminal (SET) node. Only one SUPL account is supported at a given time.
 
 **AppID**  
-Required. The AppID for SUPL is automatically set to `"ap0004"`. This is a read-only value.
+Required. The AppID for SUPL is automatically set to `"ap0004"`. This value is a read-only value.
 
 **Addr**  
 Optional. Specifies the address of the Home SUPL Location Platform (H-SLP) server for non-proxy mode. The value is a server address specified as a fully qualified domain name, and the port specified as an integer, with the format *server*: *port*.
 
-If this value is not specified, the device infers the H-SLP address from the IMSI as defined in the SUPL standard. To use automatic generation of the H-SLP address based on the IMSI, the MNC length must be set correctly on the UICC. Generally, this value is 2 or 3.
+If this value isn't specified, the device infers the H-SLP address from the IMSI as defined in the SUPL standard. To use automatic generation of the H-SLP address based on the IMSI, the MNC length must be set correctly on the UICC. Generally, this value is 2 or 3.
 
 For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
 
@@ -117,59 +92,30 @@ Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0
 Added in Windows 10, version 2004. Optional. Determines the full version (X.Y.Z where X, Y, and Z are the major version, the minor version, and the service indicator, respectively) of the SUPL protocol to use. The default is 1.0.0. If FullVersion is defined, Version field is ignored.
 
 **MCCMNCPairs**  
-Required. List all of the MCC and MNC pairs owned by the mobile operator. This list is used to verify that the UICC matches the network and SUPL can be used. When the UICC and network do not match, the device uses the default location service and does not use SUPL.
+Required. List all of the MCC and MNC pairs owned by the mobile operator. This list is used to verify that the UICC matches the network and SUPL can be used. When the UICC and network don't match, the device uses the default location service and doesn't use SUPL.
 
-This value is a string with the format "(X1,Y1)(X2,Y2)…(Xn,Yn)", in which `X` is a MCC and `Y` is an MNC.
+This value is a string with the format "(X1, Y1)(X2, Y2)…(Xn, Yn)", in which `X` is an MCC and `Y` is an MNC.
 
 For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
 
 **HighAccPositioningMethod**  
 Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers:
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  ValueDescription
                  0
                  None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection and ephemeris data) from the Microsoft Positioning Service.
                  1
                  Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.
                  2
                  Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.
                  3
                  Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.
                  4
                  OTDOA
                  5
                  AFLT
                  
+|Value|Description|
+|--- |--- |
+|0|None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection and ephemeris data) from the Microsoft Positioning Service.|
+|1|Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.|
+|2|Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.|
+|3|Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.|
+|4|OTDOA|
+|5|AFLT|
 
  
 
 The default is 0. The default method in Windows devices provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator’s network or location services.
 
-> **Important**   The Mobile Station Assisted, OTDOA, and AFLT positioning methods must only be configured for test purposes.
+> [!IMPORTANT]
+> The Mobile Station Assisted, OTDOA, and AFLT positioning methods must only be configured for test purposes.
 
  
 
@@ -180,44 +126,13 @@ Optional. Boolean. Specifies whether the location toggle on the **location** scr
 
 This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  Location toggle settingLocMasterSwitchDependencyNII settingNI request processing allowed
                  On
                  0
                  Yes
                  On
                  1
                  Yes
                  Off
                  0
                  Yes
                  Off
                  1
                  No (unless privacyOverride is set)
                  
+|Location toggle setting|LocMasterSwitchDependencyNII setting|NI request processing allowed|
+|--- |--- |--- |
+|On|0|Yes|
+|On|1|Yes|
+|Off|0|Yes|
+|Off|1|No (unless privacyOverride is set)|
 
- 
 
 When the location toggle is set to Off and this value is set to 1, the following application requests will fail:
 
@@ -231,7 +146,7 @@ When the location toggle is set to Off and this value is set to 1, the following
 
 However, if `privacyOverride` is set in the message, the location will be returned.
 
-When the location toggle is set to Off and this value is set to 0, the location toggle does not prevent SUPL network-initiated requests from working.
+When the location toggle is set to Off and this value is set to 0, the location toggle doesn't prevent SUPL network-initiated requests from working.
 
 For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
 
@@ -244,7 +159,7 @@ This value manages the settings for both SUPL and v2 UPL. If a device is configu
 Optional. Integer. Defines the minimum interval of time in seconds between mobile originated requests sent to the server to prevent overloading the mobile operator's network. The default value is 60.
 
 **RootCertificate**  
-Required. Specifies the root certificate for the H-SLP server. Windows does not support a non-secure mode. If this node is not included, the configuration service provider will fail but may not return a specific error.
+Required. Specifies the root certificate for the H-SLP server. Windows doesn't support a non-secure mode. If this node isn't included, the configuration service provider will fail but may not return a specific error.
 
 **RootCertificate/Name**  
 Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
@@ -309,46 +224,18 @@ Optional. The address of the Position Determination Entity (PDE), in the format
 **PositioningMethod\_MR**  
 Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers:
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  ValueDescription
                  0
                  None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection, and ephemeris data) from the Microsoft Positioning Service.
                  1
                  Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.
                  2
                  Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.
                  3
                  Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.
                  4
                  AFLT
                  
-
- 
+|Value|Description|
+|--- |--- |
+|0|None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection, and ephemeris data) from the Microsoft Positioning Service.|
+|1|Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.|
+|2|Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.|
+|3|Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.|
+|4|AFLT|
 
 The default is 0. The default method provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator’s network or location services.
 
->  **Important**   The Mobile Station Assisted and AFLT positioning methods must only be configured for test purposes.
+> [!IMPORTANT]
+> The Mobile Station Assisted and AFLT positioning methods must only be configured for test purposes.
 
  
 
@@ -359,44 +246,12 @@ Optional. Boolean. Specifies whether the location toggle on the **location** scr
 
 This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  Location toggle settingLocMasterSwitchDependencyNII settingNI request processing allowed
                  On
                  0
                  Yes
                  On
                  1
                  Yes
                  Off
                  0
                  Yes
                  Off
                  1
                  No (unless privacyOverride is set)
                  
-
- 
+|Location toggle setting|LocMasterSwitchDependencyNII setting|NI request processing allowed|
+|--- |--- |--- |
+|On|0|Yes|
+|On|1|Yes|
+|Off|0|Yes|
+|Off|1|No (unless privacyOverride is set)|
 
 When the location toggle is set to Off and this value is set to 1, the following application requests will fail:
 
@@ -410,7 +265,7 @@ When the location toggle is set to Off and this value is set to 1, the following
 
 However, if `privacyOverride` is set in the message, the location will be returned.
 
-When the location toggle is set to Off and this value is set to 0, the location toggle does not prevent SUPL network-initiated requests from working.
+When the location toggle is set to Off and this value is set to 0, the location toggle doesn't prevent SUPL network-initiated requests from working.
 
 For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
 
@@ -428,7 +283,7 @@ Optional. Integer. Defines the minimum interval of time in seconds between mobil
 ## Unsupported Nodes
 
 
-The following optional nodes are not supported on Windows devices.
+The following optional nodes aren't supported on Windows devices.
 
 -   ProviderID
 
@@ -444,14 +299,14 @@ The following optional nodes are not supported on Windows devices.
 
 -   AddrType
 
-If the configuration application tries to set, delete or query these nodes, a response indicating this node is not implemented will be returned over OMA DM. In OMA Client Provisioning, the request to set this node will be ignored and the configuration service provider will continue processing the rest of the nodes.
+If the configuration application tries to set, delete or query these nodes, a response indicating this node isn't implemented will be returned over OMA DM. In OMA Client Provisioning, the request to set this node will be ignored and the configuration service provider will continue processing the rest of the nodes.
 
-If a mobile operator requires the communication with the H-SLP to take place over a specific connection rather than a default cellular connection, then this must be configured by using the [CM\_CellularEntries configuration service provider](cm-cellularentries-csp.md) and the [CM\_ProxyEntries configuration service provider](cm-proxyentries-csp.md) to map the H-SLP server with the required connection.
+If a mobile operator requires the communication with the H-SLP to take place over a specific connection rather than a default cellular connection, then this configuration must be done by using the [CM\_CellularEntries configuration service provider](cm-cellularentries-csp.md) and the [CM\_ProxyEntries configuration service provider](cm-proxyentries-csp.md) to map the H-SLP server with the required connection.
 
 ## OMA Client Provisioning examples
 
 
-Adding new configuration information for a H-SLP server for SUPL. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value.
+Adding new configuration information for an H-SLP server for SUPL. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value.
 
 ```xml
 
@@ -584,32 +439,12 @@ Adding a SUPL account to a device. Values in italic must be replaced with correc
 
 The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  ElementsAvailable
                  parm-query
                  Yes
                  characteristic-query
                  Yes
                  
-
                  Recursive query: No
                  
-
                  Top level query: No
                  
+|Elements|Available|
+|--- |--- |
+|parm-query|Yes|
+|characteristic-query|Yes 

                  Recursive query: No

                  Top level query: No|
 
  
 ## Related topics
 
-[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md
index 1fabc85e07..dec54b3f0a 100644
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/03/2020
 ---
 
diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md
index 9755457f60..1e276239dd 100644
--- a/windows/client-management/mdm/surfacehub-csp.md
+++ b/windows/client-management/mdm/surfacehub-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 07/28/2017
 ---
 
@@ -16,7 +16,7 @@ ms.date: 07/28/2017
 
 The SurfaceHub configuration service provider (CSP) is used to configure Microsoft Surface Hub settings. This CSP was added in Windows 10, version 1511.
 
-The following shows the SurfaceHub CSP management objects in tree format.
+The following example shows the SurfaceHub CSP management objects in tree format.
 ```
 ./Vendor/MSFT
 SurfaceHub
@@ -31,7 +31,7 @@ SurfaceHub
 --------Email
 --------CalendarSyncEnabled
 --------ErrorContext
---------PasswordRotationPeriod
+--------PasswordRotationEnabled
 ----MaintenanceHoursSimple
 --------Hours
 ------------StartTime
@@ -56,6 +56,7 @@ SurfaceHub
 ----Properties
 --------FriendlyName
 --------DefaultVolume
+--------DefaultAutomaticFraming
 --------ScreenTimeout
 --------SessionTimeout
 --------SleepTimeout
@@ -72,12 +73,12 @@ SurfaceHub
 --------WorkspaceKey
 ```
 **./Vendor/MSFT/SurfaceHub**  
-
                  The root node for the Surface Hub configuration service provider.
+
                  The root node for the Surface Hub configuration service provider.
 
 **DeviceAccount**
-
                  Node for setting device account information. A device account is a Microsoft Exchange account that is connected with Skype for Business, which allows people to join scheduled meetings, make Skype for Business calls, and share content from the device. See the Surface Hub administrator guide for more information about setting up a device account.
+
                  Node for setting device account information. A device account is a Microsoft Exchange account that is connected with Skype for Business, which allows people to join scheduled meetings, make Skype for Business calls, and share content from the device. See the Surface Hub administrator guide for more information about setting up a device account.
 
-
                  To use a device account from Azure Active Directory
+
                  To use a device account from Azure Active Directory
 
 1. Set the UserPrincipalName (for Azure AD).
 2. Set a valid Password.
@@ -88,7 +89,7 @@ SurfaceHub
 > If the device cannot auto-discover the Exchange server and Session Initiation Protocol (SIP) address from this information, you should specify the ExchangeServer and SipAddress.
 
 
-
                  Here's a SyncML example.
+
                  Here's a SyncML example.
 
 ```xml
 
@@ -138,7 +139,7 @@ SurfaceHub
 
 ```
 
-
                  To use a device account from Active Directory
+
                  To use a device account from Active Directory
 
 1. Set the DomainName.
 2. Set the UserName.
@@ -146,461 +147,317 @@ SurfaceHub
 4. Execute the ValidateAndCommit node.
 
 **DeviceAccount/DomainName**
-
                  Domain of the device account when you are using Active Directory. To use a device account from Active Directory, you should specify both DomainName and UserName for the device account.
+
                  Domain of the device account when you're using Active Directory. To use a device account from Active Directory, you should specify both DomainName and UserName for the device account.
 
-
                  The data type is string. Supported operation is Get and Replace.
+
                  The data type is string. Supported operation is Get and Replace.
 
 **DeviceAccount/UserName**
-
                  Username of the device account when you are using Active Directory. To use a device account from Active Directory, you should specify both DomainName and UserName for the device account.
+
                  Username of the device account when you're using Active Directory. To use a device account from Active Directory, you should specify both DomainName and UserName for the device account.
 
-
                  The data type is string. Supported operation is Get and Replace.
+
                  The data type is string. Supported operation is Get and Replace.
 
 **DeviceAccount/UserPrincipalName**
-
                  User principal name (UPN) of the device account. To use a device account from Azure Active Directory or a hybrid deployment, you should specify the UPN of the device account.
+
                  User principal name (UPN) of the device account. To use a device account from Azure Active Directory or a hybrid deployment, you should specify the UPN of the device account.
 
-
                  The data type is string. Supported operation is Get and Replace.
+
                  The data type is string. Supported operation is Get and Replace.
 
 **DeviceAccount/SipAddress**
-
                  Session Initiation Protocol (SIP) address of the device account. Normally, the device will try to auto-discover the SIP. This field is only required if auto-discovery fails.
+
                  Session Initiation Protocol (SIP) address of the device account. Normally, the device will try to auto-discover the SIP. This field is only required if auto-discovery fails.
 
-
                  The data type is string. Supported operation is Get and Replace.
+
                  The data type is string. Supported operation is Get and Replace.
 
 **DeviceAccount/Password**
-
                  Password for the device account.
+
                  Password for the device account.
 
-
                  The data type is string. Supported operation is Get and Replace. The operation Get is allowed, but it will always return a blank.
+
                  The data type is string. Supported operation is Get and Replace. The operation Get is allowed, but it will always return a blank.
 
 **DeviceAccount/ValidateAndCommit**
-
                  This method validates the data provided and then commits the changes.
+
                  This method validates the data provided and then commits the changes.
 
-
                  The data type is string. Supported operation is Execute.
+
                  The data type is string. Supported operation is Execute.
 
 **DeviceAccount/Email**
-
                  Email address of the device account.
+
                  Email address of the device account.
 
-
                  The data type is string.
+
                  The data type is string.
 
 **DeviceAccount/PasswordRotationEnabled**
-
                  Specifies whether automatic password rotation is enabled. If you enforce a password expiration policy on the device account, use this setting to allow the device to manage its own password by changing it frequently, without requiring you to manually update the account information when the password expires. You can reset the password at any time using Active Directory (or Azure AD).
+
                  Specifies whether automatic password rotation is enabled. If you enforce a password expiration policy on the device account, use this setting to allow the device to manage its own password by changing it frequently, without requiring you to manually update the account information when the password expires. You can reset the password at any time using Active Directory (or Azure AD).
 
-
                  Valid values:
+
                  Valid values:
 
 - 0 - password rotation enabled
 - 1 - disabled
 
-
                  The data type is integer. Supported operation is Get and Replace.
+
                  The data type is integer. Supported operation is Get and Replace.
 
 **DeviceAccount/ExchangeServer**
-
                  Exchange server of the device account. Normally, the device will try to auto-discover the Exchange server. This field is only required if auto-discovery fails.
+
                  Exchange server of the device account. Normally, the device will try to auto-discover the Exchange server. This field is only required if auto-discovery fails.
 
-
                  The data type is string. Supported operation is Get and Replace.
+
                  The data type is string. Supported operation is Get and Replace.
 
 **DeviceAccount/ExchangeModernAuthEnabled**
-
                  Added in KB4598291 for Windows 10, version 20H2. Specifies whether Device Account calendar sync will attempt to use token-based Modern Authentication to connect to the Exchange Server. Default value is True.
+
                  Added in KB4598291 for Windows 10, version 20H2. Specifies whether Device Account calendar sync will attempt to use token-based Modern Authentication to connect to the Exchange Server. Default value is True.
 
-
                  The data type is boolean. Supported operation is Get and Replace.
+
                  The data type is boolean. Supported operation is Get and Replace.
 
 **DeviceAccount/CalendarSyncEnabled**
-
                  Specifies whether calendar sync and other Exchange server services is enabled.
+
                  Specifies whether calendar sync and other Exchange server services is enabled.
 
-
                  The data type is boolean. Supported operation is Get and Replace.
+
                  The data type is boolean. Supported operation is Get and Replace.
 
 **DeviceAccount/ErrorContext**
-
                  If there is an error calling ValidateAndCommit, there is additional context for that error in this node. Here are the possible error values:
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  ErrorContext valueStage where error occurredDescription and suggestions
                  1
                  Unknown
                  2
                  Populating account
                  Unable to retrieve account details using the username and password you provided.
                  
-
                    
-
                  • For Azure AD accounts, ensure that UserPrincipalName and Password are valid.
                    • 
-
                  • For AD accounts, ensure that DomainName, UserName, and Password are valid.
                    • 
-
                  • Ensure that the specified account has an Exchange server mailbox.
                    • 
-
                  3
                  Populating Exchange server address
                  Unable to auto-discover your Exchange server address. Try to manually specify the Exchange server address using the ExchangeServer field.
                  4
                  Validating Exchange server address
                  Unable to validate the Exchange server address. Ensure that the ExchangeServer field is valid.
                  5
                  Saving account information
                  Unable to save account details to the system.
                  6
                  Validating EAS policies
                  The device account uses an unsupported EAS policy. Make sure the EAS policy is configured correctly according to the admin guide.
                  
- 
-
                  The data type is integer. Supported operation is Get.
+If there's an error calling ValidateAndCommit, there's another context for that error in this node. Here are the possible error values:
+
+| ErrorContext value | Stage where error occurred | Description and suggestions |
+| --- | --- | --- |
+| 1 | Unknown | |
+| 2 | Populating account | Unable to retrieve account details using the username and password you provided.

                  -For Azure AD accounts, ensure that UserPrincipalName and Password are valid.
                  -For AD accounts, ensure that DomainName, UserName, and Password are valid.
                  -Ensure that the specified account has an Exchange server mailbox. |
+| 3 | Populating Exchange server address | Unable to auto-discover your Exchange server address. Try to manually specify the Exchange server address using the ExchangeServer field. |
+| 4 | Validating Exchange server address | Unable to validate the Exchange server address. Ensure that the ExchangeServer field is valid. |
+| 5 | Saving account information | Unable to save account details to the system. |
+| 6 | Validating EAS policies | The device account uses an unsupported EAS policy. Make sure the EAS policy is configured correctly according to the admin guide. |
+
+The data type is integer. Supported operation is Get.
 
 **MaintenanceHoursSimple/Hours**
-
                  Node for maintenance schedule.
+
+
                  Node for maintenance schedule.
 
 **MaintenanceHoursSimple/Hours/StartTime**
-
                  Specifies the start time for maintenance hours in minutes from midnight. For example, to set a 2:00 am start time, set this value to 120.
+
                  Specifies the start time for maintenance hours in minutes from midnight. For example, to set a 2:00 am start time, set this value to 120.
 
-
                  The data type is integer. Supported operation is Get and Replace.
+
                  The data type is integer. Supported operation is Get and Replace.
 
 **MaintenanceHoursSimple/Hours/Duration**
-
                  Specifies the duration of maintenance window in minutes. For example, to set a 3-hour duration, set this value to 180.
+
                  Specifies the duration of maintenance window in minutes. For example, to set a 3-hour duration, set this value to 180.
 
-
                  The data type is integer. Supported operation is Get and Replace.
+
                  The data type is integer. Supported operation is Get and Replace.
 
 **InBoxApps**
-
                  Node for the in-box app settings.
+
                  Node for the in-box app settings.
 
 **InBoxApps/SkypeForBusiness**
-
                  Added in Windows 10, version 1703. Node for the Skype for Business settings.
+
                  Added in Windows 10, version 1703. Node for the Skype for Business settings.
 
 **InBoxApps/SkypeForBusiness/DomainName**
-
                  Added in Windows 10, version 1703. Specifies the domain of the Skype for Business account when you are using Active Directory. For more information, see Set up Skype for Business Online.
+
                  Added in Windows 10, version 1703. Specifies the domain of the Skype for Business account when you're using Active Directory. For more information, see Set up Skype for Business Online.
 
-
                  The data type is string. Supported operation is Get and Replace.
+
                  The data type is string. Supported operation is Get and Replace.
 
 **InBoxApps/Welcome**
-
                  Node for the welcome screen.
+
                  Node for the welcome screen.
 
 **InBoxApps/Welcome/AutoWakeScreen**
-
                  Automatically turn on the screen using motion sensors.
+
                  Automatically turn on the screen using motion sensors.
 
-
                  The data type is boolean. Supported operation is Get and Replace.
+
                  The data type is boolean. Supported operation is Get and Replace.
 
 **InBoxApps/Welcome/CurrentBackgroundPath**
-
                  Background image for the welcome screen. To set this, specify an https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.
+
                  Download location for image to be used as the background during user sessions and on the welcome screen. To set this location, specify an https URL to a 32-bit PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, ensure they're valid and installed on the Hub, otherwise it may not be able to load the image.
 
-
                  The data type is string. Supported operation is Get and Replace.
+
                  The data type is string. Supported operation is Get and Replace.
 
 **InBoxApps/Welcome/MeetingInfoOption**
-
                  Meeting information displayed on the welcome screen.
+
                  Meeting information displayed on the welcome screen.
 
-
                  Valid values:
+
                  Valid values:
 
 - 0 - Organizer and time only
 - 1 - Organizer, time, and subject. Subject is hidden in private meetings.
 
-
                  The data type is integer. Supported operation is Get and Replace.
+
                  The data type is integer. Supported operation is Get and Replace.
 
 **InBoxApps/Whiteboard**
-
                  Node for the Whiteboard app settings.
+
                  Node for the Whiteboard app settings.
 
 **InBoxApps/Whiteboard/SharingDisabled**
-
                  Invitations to collaborate from the Whiteboard app are not allowed.
+
                  Invitations to collaborate from the Whiteboard app aren't allowed.
+
+
                  The data type is boolean. Supported operation is Get and Replace.
 
-
                  The data type is boolean. Supported operation is Get and Replace.
-    
 **InBoxApps/Whiteboard/SigninDisabled**
-
                  Sign-ins from the Whiteboard app are not allowed.
+
                  Sign-ins from the Whiteboard app aren't allowed.
+
+
                  The data type is boolean. Supported operation is Get and Replace.
 
-
                  The data type is boolean. Supported operation is Get and Replace.
-    
 **InBoxApps/Whiteboard/TelemeteryDisabled**
-
                  Telemetry collection from the Whiteboard app is not allowed.
+
                  Telemetry collection from the Whiteboard app isn't allowed.
 
-
                  The data type is boolean. Supported operation is Get and Replace.
+
                  The data type is boolean. Supported operation is Get and Replace.
 
 **InBoxApps/WirelessProjection**
-
                  Node for the wireless projector app settings.
+
                  Node for the wireless projector app settings.
 
 **InBoxApps/WirelessProjection/PINRequired**
-
                  Users must enter a PIN to wirelessly project to the device.
+
                  Users must enter a PIN to wirelessly project to the device.
 
-
                  The data type is boolean. Supported operation is Get and Replace.
+
                  The data type is boolean. Supported operation is Get and Replace.
 
 **InBoxApps/WirelessProjection/Enabled**
-
                  Enables wireless projection to the device.
+
                  Enables wireless projection to the device.
 
-
                  The data type is boolean. Supported operation is Get and Replace.
+
                  The data type is boolean. Supported operation is Get and Replace.
 
 **InBoxApps/WirelessProjection/Channel**
-
                  Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification.
+
                  Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  Works with all Miracast senders in all regions
                  1, 3, 4, 5, 6, 7, 8, 9, 10, 11
                  Works with all 5ghz band Miracast senders in all regions
                  36, 40, 44, 48
                  Works with all 5ghz band Miracast senders in all regions except Japan
                  149, 153, 157, 161, 165
                  
+|Compatibility|Values|
+|--- |--- |
+|Works with all Miracast senders in all regions|1, 3, 4, 5, 6, 7, 8, 9, 10, 11|
+|Works with all 5ghz band Miracast senders in all regions|36, 40, 44, 48|
+|Works with all 5ghz band Miracast senders in all regions except Japan|149, 153, 157, 161, 165|
 
 
-
                  The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly the driver will either not boot, or will broadcast on the wrong channel (which senders won't be looking for).
+
                  The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly the driver will either not boot, or will broadcast on the wrong channel (which senders won't be looking for).
 
-
                  The data type is integer. Supported operation is Get and Replace.
+
                  The data type is integer. Supported operation is Get and Replace.
 
 **InBoxApps/Connect**
-
                  Added in Windows 10, version 1703. Node for the Connect app.
+
                  Added in Windows 10, version 1703. Node for the Connect app.
 
 **InBoxApps/Connect/AutoLaunch**
-
                  Added in Windows 10, version 1703. Specifies whether to automatically launch the Connect app whenever a projection is initiated.
+
                  Added in Windows 10, version 1703. Specifies whether to automatically launch the Connect app whenever a projection is initiated.
 
-
                  If this setting is true, the Connect app will be automatically launched. If false, the user will need to launch the Connect app manually from the Hub’s settings.
+
                  If this setting is true, the Connect app will be automatically launched. If false, the user will need to launch the Connect app manually from the Hub’s settings.
 
-
                  The data type is boolean. Supported operation is Get and Replace.
+
                  The data type is boolean. Supported operation is Get and Replace.
 
 **Properties**
-
                  Node for the device properties.
+
                  Node for the device properties.
 
 **Properties/FriendlyName**
-
                  Friendly name of the device. Specifies the name that users see when they want to wirelessly project to the device.
+
                  Friendly name of the device. Specifies the name that users see when they want to wirelessly project to the device.
 
-
                  The data type is string. Supported operation is Get and Replace.
+
                  The data type is string. Supported operation is Get and Replace.
 
 **Properties/DefaultVolume**
-
                  Added in Windows 10, version 1703. Specifies the default volume value for a new session. Permitted values are 0-100. The default is 45.
+
                  Added in Windows 10, version 1703. Specifies the default volume value for a new session. Permitted values are 0-100. The default is 45.
 
-
                  The data type is integer. Supported operation is Get and Replace.
+
                  The data type is integer. Supported operation is Get and Replace.
+
+**Properties/DefaultAutomaticFraming**
+
                  Added in KB5010415 for Windows 10, version 20H2. Specifies whether the Surface Hub 2 Smart Camera feature to automatically zoom and keep users centered in the video is enabled. Default value is True.
+
+
                  The data type is boolean. Supported operation is Get and Replace.
 
 **Properties/ScreenTimeout**
-
                  Added in Windows 10, version 1703. Specifies the number of minutes until the Hub screen turns off.
+
                  Added in Windows 10, version 1703. Specifies the number of minutes until the Hub screen turns off.
 
-
                  The following table shows the permitted values.
+
                  The following table shows the permitted values.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  ValueDescription
                  0Never time out
                  11 minute
                  22 minutes
                  33 minutes
                  55 minutes (default)
                  1010 minutes
                  1515 minutes
                  3030 minutes
                  601 hour
                  1202 hours
                  2404 hours
                  
+|Value|Description|
+|--- |--- |
+|0|Never time out|
+|1|1 minute|
+|2|2 minutes|
+|3|3 minutes|
+|5|5 minutes (default)|
+|10|10 minutes|
+|15|15 minutes|
+|30|30 minutes|
+|60|1 hour|
+|120|2 hours|
+|240|4 hours|
 
-
                  The data type is integer. Supported operation is Get and Replace.
+
                  The data type is integer. Supported operation is Get and Replace.
 
 **Properties/SessionTimeout**
-
                  Added in Windows 10, version 1703. Specifies the number of minutes until the session times out.
+
                  Added in Windows 10, version 1703. Specifies the number of minutes until the session times out.
 
-
                  The following table shows the permitted values.
+
                  The following table shows the permitted values.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  ValueDescription
                  0Never time out
                  11 minute (default)
                  22 minutes
                  33 minutes
                  55 minutes
                  1010 minutes
                  1515 minutes
                  3030 minutes
                  601 hour
                  1202 hours
                  2404 hours
                  
+|Value|Description|
+|--- |--- |
+|0|Never time out|
+|1|1 minute (default)|
+|2|2 minutes|
+|3|3 minutes|
+|5|5 minutes|
+|10|10 minutes|
+|15|15 minutes|
+|30|30 minutes|
+|60|1 hour|
+|120|2 hours|
+|240|4 hours|
 
-
                  The data type is integer. Supported operation is Get and Replace.
+
                  The data type is integer. Supported operation is Get and Replace.
 
 **Properties/SleepTimeout**
-
                  Added in Windows 10, version 1703. Specifies the number of minutes until the Hub enters sleep mode.
+
                  Added in Windows 10, version 1703. Specifies the number of minutes until the Hub enters sleep mode.
 
-
                  The following table shows the permitted values.
+
                  The following table shows the permitted values.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  ValueDescription
                  0Never time out
                  11 minute
                  22 minutes
                  33 minutes
                  55 minutes (default)
                  1010 minutes
                  1515 minutes
                  3030 minutes
                  601 hour
                  1202 hours
                  2404 hours
                  
+|Value|Description|
+|--- |--- |
+|0|Never time out|
+|1|1 minute|
+|2|2 minutes|
+|3|3 minutes|
+|5|5 minutes (default)|
+|10|10 minutes|
+|15|15 minutes|
+|30|30 minutes|
+|60|1 hour|
+|120|2 hours|
+|240|4 hours|
 
-
                  The data type is integer. Supported operation is Get and Replace.
+
                  The data type is integer. Supported operation is Get and Replace.
 
 **Properties/SleepMode**
-
                  Added in Windows 10, version 20H2. Specifies the type of sleep mode for the Surface Hub.
+
                  Added in Windows 10, version 20H2. Specifies the type of sleep mode for the Surface Hub.
 
-
                  Valid values:
+
                  Valid values:
 
 - 0 - Connected Standby (default)
 - 1 - Hibernate
 
-
                  The data type is integer. Supported operation is Get and Replace.
+
                  The data type is integer. Supported operation is Get and Replace.
 
 **Properties/AllowSessionResume**
-
                  Added in Windows 10, version 1703. Specifies whether to allow the ability to resume a session when the session times out.
+
                  Added in Windows 10, version 1703. Specifies whether to allow the ability to resume a session when the session times out.
 
-
                  If this setting is true, the "Resume Session" feature will be available on the welcome screen when the screen is idle. If false, once the screen idles, the session will be automatically cleaned up as if the “End Session" feature was initiated.
+
                  If this setting is true, the "Resume Session" feature will be available on the welcome screen when the screen is idle. If false, once the screen idles, the session will be automatically cleaned up as if the “End Session" feature was initiated.
 
-
                  The data type is boolean. Supported operation is Get and Replace.
+
                  The data type is boolean. Supported operation is Get and Replace.
 
 **Properties/AllowAutoProxyAuth**
-
                  Added in Windows 10, version 1703. Specifies whether to use the device account for proxy authentication.
+
                  Added in Windows 10, version 1703. Specifies whether to use the device account for proxy authentication.
 
-
                  If this setting is true, the device account will be used for proxy authentication. If false, a separate account will be used.
+
                  If this setting is true, the device account will be used for proxy authentication. If false, a separate account will be used.
+
+
                  The data type is boolean. Supported operation is Get and Replace.
 
-
                  The data type is boolean. Supported operation is Get and Replace.
-    
 **Properties/ProxyServers**
-
                  Added in KB4499162 for Windows 10, version 1703. Specifies FQDNs of proxy servers to provide device account credentials to before any user interaction (if AllowAutoProxyAuth is enabled). This is a semi-colon separated list of server names, without any additional prefixes (e.g. https://).
+
                  Added in KB4499162 for Windows 10, version 1703. Specifies FQDNs of proxy servers to provide device account credentials to before any user interaction (if AllowAutoProxyAuth is enabled). This FQDN is a semi-colon separated list of server names, without any extra prefixes (for example, https://).
 
-
                  The data type is string. Supported operation is Get and Replace.
+
                  The data type is string. Supported operation is Get and Replace.
 
 **Properties/DisableSigninSuggestions**
-
                  Added in Windows 10, version 1703. Specifies whether to disable auto-populating of the sign-in dialog with invitees from scheduled meetings.
+
                  Added in Windows 10, version 1703. Specifies whether to disable auto-populating of the sign-in dialog with invitees from scheduled meetings.
 
-
                  If this setting is true, the sign-in dialog will not be populated. If false, the dialog will auto-populate.
+
                  If this setting is true, the sign-in dialog won't be populated. If false, the dialog will auto-populate.
 
-
                  The data type is boolean. Supported operation is Get and Replace.
+
                  The data type is boolean. Supported operation is Get and Replace.
 
 **Properties/DoNotShowMyMeetingsAndFiles**
-
                  Added in Windows 10, version 1703. Specifies whether to disable the "My meetings and files" feature in the Start menu, which shows the signed-in user's meetings and files from Office 365.
+
                  Added in Windows 10, version 1703. Specifies whether to disable the "My meetings and files" feature in the Start menu, which shows the signed-in user's meetings and files from Office 365.
 
-
                  If this setting is true, the “My meetings and files” feature will not be shown. When false, the “My meetings and files” feature will be shown.
+
                  If this setting is true, the “My meetings and files” feature won't be shown. When false, the “My meetings and files” feature will be shown.
 
-
                  The data type is boolean. Supported operation is Get and Replace.
+
                  The data type is boolean. Supported operation is Get and Replace.
 
 **MOMAgent**
-
                  Node for the Microsoft Operations Management Suite.
+
                  Node for the Microsoft Operations Management Suite.
 
 **MOMAgent/WorkspaceID**
-
                  GUID identifying the Microsoft Operations Management Suite workspace ID to collect the data. Set this to an empty string to disable the MOM agent.
+
                  GUID identifying the Microsoft Operations Management Suite workspace ID to collect the data. Set this GUID to an empty string to disable the MOM agent.
 
-
                  The data type is string. Supported operation is Get and Replace.
+
                  The data type is string. Supported operation is Get and Replace.
 
 **MOMAgent/WorkspaceKey**
-
                  Primary key for authenticating with the workspace.
+
                  Primary key for authenticating with the workspace.
 
-
                  The data type is string. Supported operation is Get and Replace. The Get operation is allowed, but it will always return an empty string.
+
                  The data type is string. Supported operation is Get and Replace. The Get operation is allowed, but it will always return an empty string.
 
diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md
index d270254f30..70ed2fa2a4 100644
--- a/windows/client-management/mdm/surfacehub-ddf-file.md
+++ b/windows/client-management/mdm/surfacehub-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md
index 3c062277a0..6f4815ab07 100644
--- a/windows/client-management/mdm/tenantlockdown-csp.md
+++ b/windows/client-management/mdm/tenantlockdown-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/13/2018
 ms.reviewer: 
 manager: dansimp
@@ -16,12 +16,12 @@ manager: dansimp
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. This CSP was added in Windows 10, version 1809.
 
-The TenantLockdown configuration service provider is used by the IT admin to lock a device to a tenant, which ensures that the device remains bound to the tenant in case of accidental or intentional resets or wipes.
+The TenantLockdown configuration service provider is used by the IT admin to lock a device to a tenant, which ensures that the device remains bound to the tenant if accidental or intentional resets or wipes occur.
 
 > [!NOTE]
 > The forced network connection is only applicable to devices after reset (not new).
 
-The following shows the TenantLockdown configuration service provider in tree format.
+The following example shows the TenantLockdown configuration service provider in tree format.
 ```
 ./Vendor/MSFT
 TenantLockdown
@@ -31,13 +31,13 @@ TenantLockdown
 The root node.
 
 **RequireNetworkInOOBE**  
-Specifies whether to require a network connection during the out-of-box experience (OOBE) at first logon.
+Specifies whether to require a network connection during the out-of-box experience (OOBE) at first sign in.
 
-When RequireNetworkInOOBE is true, when the device goes through OOBE at first logon or after a reset, the user is required to choose a network before proceeding. There is no "skip for now" option.
+When RequireNetworkInOOBE is true, when the device goes through OOBE at first sign in or after a reset, the user is required to choose a network before proceeding. There's no "skip for now" option.
 
 Value type is bool. Supported operations are Get and Replace.
 
--  true - Require network in OOBE  
--  false - No network connection requirement in OOBE
+-  True - Require network in OOBE  
+-  False - No network connection requirement in OOBE
 
-Example scenario:  Henry is the IT admin at Contoso. He deploys 1000 devices successfully with RequireNetworkInOOBE set to true. When users accidentally or intentionally reset their device, they are required to connect to a network before they can proceed. Upon successful connection, users see the Contoso branded sign-in experience where they must use their Azure AD credentials. There is no option to skip the network connection and create a local account.
+Example scenario:  Henry is the IT admin at Contoso. He deploys 1000 devices successfully with RequireNetworkInOOBE set to true. When users accidentally or intentionally reset their device, they're required to connect to a network before they can proceed. Upon successful connection, users see the Contoso branded sign-in experience where they must use their Azure AD credentials. There's no option to skip the network connection and create a local account.
diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md
index b064d57b68..af4f245a6e 100644
--- a/windows/client-management/mdm/tenantlockdown-ddf.md
+++ b/windows/client-management/mdm/tenantlockdown-ddf.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/13/2018
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 8680bff0db..ee13358bb5 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -23,9 +23,9 @@ items:
           href: certificate-authentication-device-enrollment.md
         - name: On-premises authentication device enrollment
           href: on-premise-authentication-device-enrollment.md
-    - name: Understanding ADMX-backed policies
+    - name: Understanding ADMX policies
       href: understanding-admx-backed-policies.md
-    - name: Enable ADMX-backed policies in MDM
+    - name: Enable ADMX policies in MDM
       href: enable-admx-backed-policies-in-mdm.md
     - name: Win32 and Desktop Bridge app policy configuration
       href: win32-and-centennial-app-policy-configuration.md
@@ -48,6 +48,8 @@ items:
       href: device-update-management.md
     - name: Bulk enrollment
       href: bulk-enrollment-using-windows-provisioning-tool.md
+    - name: Secured-Core PC Configuration Lock
+      href: config-lock.md
     - name: Management tool for the Microsoft Store for Business
       href: management-tool-for-windows-store-for-business.md
       items: 
@@ -80,8 +82,6 @@ items:
               href: bulk-assign-and-reclaim-seats-from-user.md
             - name: Get seats assigned to a user
               href: get-seats-assigned-to-a-user.md
-    - name: Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices
-      href: enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md
     - name: Certificate renewal
       href: certificate-renewal-windows-mdm.md
     - name: Disconnecting from the management infrastructure (unenrollment)
@@ -149,10 +149,6 @@ items:
           items: 
             - name: BitLocker DDF file
               href: bitlocker-ddf-file.md
-        - name: BOOTSTRAP CSP
-          href: bootstrap-csp.md
-        - name: BrowserFavorite CSP
-          href: browserfavorite-csp.md
         - name: CellularSettings CSP
           href: cellularsettings-csp.md
         - name: CertificateStore CSP
@@ -172,8 +168,6 @@ items:
               href: clientcertificateinstall-ddf-file.md
         - name: CM_CellularEntries CSP
           href: cm-cellularentries-csp.md
-        - name: CM_ProxyEntries CSP
-          href: cm-proxyentries-csp.md
         - name: CMPolicy CSP
           href: cmpolicy-csp.md
         - name: CMPolicyEnterprise CSP
@@ -201,8 +195,6 @@ items:
           items: 
             - name: DeveloperSetup DDF
               href: developersetup-ddf.md
-        - name: DeviceInstanceService CSP
-          href: deviceinstanceservice-csp.md
         - name: DeviceLock CSP
           href: devicelock-csp.md
           items: 
@@ -270,13 +262,6 @@ items:
           items: 
             - name: EnterpriseAppVManagement DDF file
               href: enterpriseappvmanagement-ddf.md
-        - name: EnterpriseAssignedAccess CSP
-          href: enterpriseassignedaccess-csp.md
-          items: 
-            - name: EnterpriseAssignedAccess DDF file
-              href: enterpriseassignedaccess-ddf.md
-            - name: EnterpriseAssignedAccess XSD
-              href: enterpriseassignedaccess-xsd.md
         - name: EnterpriseDataProtection CSP
           href: enterprisedataprotection-csp.md
           items: 
@@ -289,16 +274,6 @@ items:
               href: enterprisedesktopappmanagement-ddf-file.md
             - name: EnterpriseDesktopAppManagement XSD
               href: enterprisedesktopappmanagement2-xsd.md
-        - name: EnterpriseExt CSP
-          href: enterpriseext-csp.md
-          items: 
-            - name: EnterpriseExt DDF file
-              href: enterpriseext-ddf.md
-        - name: EnterpriseExtFileSystem CSP
-          href: enterpriseextfilessystem-csp.md
-          items: 
-            - name: EnterpriseExtFileSystem DDF file
-              href: enterpriseextfilesystem-ddf.md
         - name: EnterpriseModernAppManagement CSP
           href: enterprisemodernappmanagement-csp.md
           items: 
@@ -311,8 +286,6 @@ items:
           items: 
             - name: eUICCs DDF file
               href: euiccs-ddf-file.md
-        - name: FileSystem CSP
-          href: filesystem-csp.md
         - name: Firewall CSP
           href: firewall-csp.md
           items: 
@@ -323,13 +296,6 @@ items:
           items: 
             - name: HealthAttestation DDF
               href: healthattestation-ddf.md
-        - name: HotSpot CSP
-          href: hotspot-csp.md
-        - name: Maps CSP
-          href: maps-csp.md
-          items: 
-            - name: Maps DDF
-              href: maps-ddf-file.md
         - name: Messaging CSP
           href: messaging-csp.md
           items: 
@@ -381,7 +347,7 @@ items:
               href: policy-ddf-file.md
             - name: Policies in Policy CSP supported by Group Policy
               href: policies-in-policy-csp-supported-by-group-policy.md
-            - name: ADMX-backed policies in Policy CSP
+            - name: ADMX policies in Policy CSP
               href: policies-in-policy-csp-admx-backed.md
             - name: Policies in Policy CSP supported by HoloLens 2
               href: policies-in-policy-csp-supported-by-hololens2.md
@@ -407,6 +373,8 @@ items:
               href: policy-csp-admx-activexinstallservice.md
             - name: ADMX_AddRemovePrograms
               href: policy-csp-admx-addremoveprograms.md
+            - name: ADMX_AdmPwd
+              href: policy-csp-admx-admpwd.md  
             - name: ADMX_AppCompat
               href: policy-csp-admx-appcompat.md
             - name: ADMX_AppxPackageManager
@@ -439,14 +407,24 @@ items:
               href: policy-csp-admx-ctrlaltdel.md
             - name: ADMX_DataCollection
               href: policy-csp-admx-datacollection.md
+            - name: ADMX_DCOM
+              href: policy-csp-admx-dcom.md
             - name: ADMX_Desktop
               href: policy-csp-admx-desktop.md
+            - name: ADMX_DeviceCompat
+              href: policy-csp-admx-devicecompat.md
+            - name: ADMX_DeviceGuard
+              href: policy-csp-admx-deviceguard.md   
             - name: ADMX_DeviceInstallation
               href: policy-csp-admx-deviceinstallation.md
             - name: ADMX_DeviceSetup
               href: policy-csp-admx-devicesetup.md
+            - name: ADMX_DFS
+              href: policy-csp-admx-dfs.md
             - name: ADMX_DigitalLocker
               href: policy-csp-admx-digitallocker.md
+            - name: ADMX_DiskDiagnostic
+              href: policy-csp-admx-diskdiagnostic.md  
             - name: ADMX_DistributedLinkTracking
               href: policy-csp-admx-distributedlinktracking.md
             - name: ADMX_DnsClient
@@ -457,6 +435,8 @@ items:
               href: policy-csp-admx-eaime.md
             - name: ADMX_EncryptFilesonMove
               href: policy-csp-admx-encryptfilesonmove.md
+            - name: ADMX_EventLogging
+              href: policy-csp-admx-eventlogging.md  
             - name: ADMX_EnhancedStorage
               href: policy-csp-admx-enhancedstorage.md
             - name: ADMX_ErrorReporting
@@ -465,16 +445,26 @@ items:
               href: policy-csp-admx-eventforwarding.md
             - name: ADMX_EventLog
               href: policy-csp-admx-eventlog.md
+            - name: ADMX_EventViewer
+              href: policy-csp-admx-eventviewer.md  
             - name: ADMX_Explorer
               href: policy-csp-admx-explorer.md
+            - name: ADMX_ExternalBoot
+              href: policy-csp-admx-externalboot.md 
             - name: ADMX_FileRecovery
               href: policy-csp-admx-filerecovery.md
+            - name: ADMX_FileRevocation
+              href: policy-csp-admx-filerevocation.md  
             - name: ADMX_FileServerVSSProvider
               href: policy-csp-admx-fileservervssprovider.md
             - name: ADMX_FileSys
               href: policy-csp-admx-filesys.md
             - name: ADMX_FolderRedirection
               href: policy-csp-admx-folderredirection.md
+            - name: ADMX_FramePanes
+              href: policy-csp-admx-framepanes.md
+            - name: ADMX_FTHSVC
+              href: policy-csp-admx-fthsvc.md 
             - name: ADMX_Globalization
               href: policy-csp-admx-globalization.md
             - name: ADMX_GroupPolicy
@@ -483,8 +473,14 @@ items:
               href: policy-csp-admx-help.md
             - name: ADMX_HelpAndSupport
               href: policy-csp-admx-helpandsupport.md
+            - name: ADMX_HotSpotAuth
+              href: policy-csp-admx-hotspotauth.md
             - name: ADMX_ICM
               href: policy-csp-admx-icm.md
+            - name: ADMX_IIS
+              href: policy-csp-admx-iis.md
+            - name: ADMX_iSCSI
+              href: policy-csp-admx-iscsi.md  
             - name: ADMX_kdc
               href: policy-csp-admx-kdc.md
             - name: ADMX_Kerberos
@@ -493,8 +489,12 @@ items:
               href: policy-csp-admx-lanmanserver.md
             - name: ADMX_LanmanWorkstation
               href: policy-csp-admx-lanmanworkstation.md
+            - name: ADMX_LeakDiagnostic
+              href: policy-csp-admx-leakdiagnostic.md  
             - name: ADMX_LinkLayerTopologyDiscovery
               href: policy-csp-admx-linklayertopologydiscovery.md
+            - name: ADMX_LocationProviderAdm
+              href: policy-csp-admx-locationprovideradm.md  
             - name: ADMX_Logon
               href: policy-csp-admx-logon.md
             - name: ADMX_MicrosoftDefenderAntivirus
@@ -503,6 +503,10 @@ items:
               href: policy-csp-admx-mmc.md
             - name: ADMX_MMCSnapins
               href: policy-csp-admx-mmcsnapins.md
+            - name: ADMX_MobilePCMobilityCenter
+              href: policy-csp-admx-mobilepcmobilitycenter.md
+            - name: ADMX_MobilePCPresentationSettings
+              href: policy-csp-admx-mobilepcpresentationsettings.md
             - name: ADMX_MSAPolicy
               href: policy-csp-admx-msapolicy.md
             - name: ADMX_msched
@@ -511,6 +515,8 @@ items:
               href: policy-csp-admx-msdt.md
             - name: ADMX_MSI
               href: policy-csp-admx-msi.md
+            - name: ADMX_MsiFileRecovery
+              href: policy-csp-admx-msifilerecovery.md
             - name: ADMX_nca
               href: policy-csp-admx-nca.md
             - name: ADMX_NCSI
@@ -521,14 +527,20 @@ items:
               href: policy-csp-admx-networkconnections.md
             - name: ADMX_OfflineFiles
               href: policy-csp-admx-offlinefiles.md
+            - name: ADMX_pca
+              href: policy-csp-admx-pca.md  
             - name: ADMX_PeerToPeerCaching
               href: policy-csp-admx-peertopeercaching.md
+            - name: ADMX_PenTraining
+              href: policy-csp-admx-pentraining.md 
             - name: ADMX_PerformanceDiagnostics
               href: policy-csp-admx-performancediagnostics.md
             - name: ADMX_Power
               href: policy-csp-admx-power.md
             - name: ADMX_PowerShellExecutionPolicy
               href: policy-csp-admx-powershellexecutionpolicy.md
+            - name: ADMX_PreviousVersions
+              href: policy-csp-admx-previousversions.md  
             - name: ADMX_Printing
               href: policy-csp-admx-printing.md
             - name: ADMX_Printing2
@@ -547,10 +559,14 @@ items:
               href: policy-csp-admx-scripts.md
             - name: ADMX_sdiageng
               href: policy-csp-admx-sdiageng.md
+            - name: ADMX_sdiagschd
+              href: policy-csp-admx-sdiagschd.md  
             - name: ADMX_Securitycenter
               href: policy-csp-admx-securitycenter.md
             - name: ADMX_Sensors
               href: policy-csp-admx-sensors.md
+            - name: ADMX_ServerManager
+              href: policy-csp-admx-servermanager.md  
             - name: ADMX_Servicing
               href: policy-csp-admx-servicing.md
             - name: ADMX_SettingSync
@@ -560,9 +576,7 @@ items:
             - name: ADMX_Sharing
               href: policy-csp-admx-sharing.md
             - name: ADMX_ShellCommandPromptRegEditTools
-              href: policy-csp-admx-shellcommandpromptregedittools.md
-            - name: ADMX_SkyDrive
-              href: policy-csp-admx-skydrive.md
+              href: policy-csp-admx-shellcommandpromptregedittools.md  
             - name: ADMX_Smartcard
               href: policy-csp-admx-smartcard.md
             - name: ADMX_Snmp
@@ -571,12 +585,18 @@ items:
               href: policy-csp-admx-startmenu.md
             - name: ADMX_SystemRestore
               href: policy-csp-admx-systemrestore.md
+            - name: ADMX_TabletShell
+              href: policy-csp-admx-tabletshell.md
             - name: ADMX_Taskbar
               href: policy-csp-admx-taskbar.md
             - name: ADMX_tcpip
               href: policy-csp-admx-tcpip.md
+            - name: ADMX_TerminalServer
+              href: policy-csp-admx-terminalserver.md 
             - name: ADMX_Thumbnails
               href: policy-csp-admx-thumbnails.md
+            - name: ADMX_TouchInput
+              href: policy-csp-admx-touchinput.md  
             - name: ADMX_TPM
               href: policy-csp-admx-tpm.md
             - name: ADMX_UserExperienceVirtualization
@@ -587,16 +607,14 @@ items:
               href: policy-csp-admx-w32time.md
             - name: ADMX_WCM
               href: policy-csp-admx-wcm.md
+            - name: ADMX_WDI
+              href: policy-csp-admx-wdi.md  
             - name: ADMX_WinCal
               href: policy-csp-admx-wincal.md
-            - name: ADMX_WindowsAnytimeUpgrade
-              href: policy-csp-admx-windowsanytimeupgrade.md
             - name: ADMX_WindowsConnectNow
               href: policy-csp-admx-windowsconnectnow.md
             - name: ADMX_WindowsExplorer
               href: policy-csp-admx-windowsexplorer.md
-            - name: ADMX_WindowsFileProtection
-              href: policy-csp-admx-windowsfileprotection.md
             - name: ADMX_WindowsMediaDRM
               href: policy-csp-admx-windowsmediadrm.md
             - name: ADMX_WindowsMediaPlayer
@@ -613,6 +631,10 @@ items:
               href: policy-csp-admx-winsrv.md
             - name: ADMX_wlansvc
               href: policy-csp-admx-wlansvc.md
+            - name: ADMX_WordWheel
+              href: policy-csp-admx-wordwheel.md 
+            - name: ADMX_WorkFoldersClient
+              href: policy-csp-admx-workfoldersclient.md    
             - name: ADMX_WPN
               href: policy-csp-admx-wpn.md
             - name: ApplicationDefaults
@@ -677,6 +699,8 @@ items:
               href: policy-csp-display.md
             - name: DmaGuard
               href: policy-csp-dmaguard.md
+            - name: EAP
+              href: policy-csp-eap.md
             - name: Education
               href: policy-csp-education.md
             - name: EnterpriseCloudPrint
@@ -689,12 +713,16 @@ items:
               href: policy-csp-experience.md
             - name: ExploitGuard
               href: policy-csp-exploitguard.md
+            - name: Feeds
+              href: policy-csp-feeds.md
             - name: FileExplorer
               href: policy-csp-fileexplorer.md
             - name: Games
               href: policy-csp-games.md
             - name: Handwriting
               href: policy-csp-handwriting.md
+            - name: HumanPresence
+              href: policy-csp-humanpresence.md
             - name: InternetExplorer
               href: policy-csp-internetexplorer.md
             - name: Kerberos
@@ -713,6 +741,8 @@ items:
               href: policy-csp-lockdown.md
             - name: Maps
               href: policy-csp-maps.md
+            - name: MemoryDump
+              href: policy-csp-memorydump.md
             - name: Messaging
               href: policy-csp-messaging.md
             - name: MixedReality
@@ -725,6 +755,10 @@ items:
               href: policy-csp-multitasking.md
             - name: NetworkIsolation
               href: policy-csp-networkisolation.md
+            - name: NetworkListManager
+              href: policy-csp-networklistmanager.md
+            - name: NewsAndInterests
+              href: policy-csp-newsandinterests.md
             - name: Notifications
               href: policy-csp-notifications.md
             - name: Power
@@ -735,6 +769,8 @@ items:
               href: policy-csp-privacy.md
             - name: RemoteAssistance
               href: policy-csp-remoteassistance.md
+            - name: RemoteDesktop
+              href: policy-csp-remotedesktop.md
             - name: RemoteDesktopServices
               href: policy-csp-remotedesktopservices.md
             - name: RemoteManagement
@@ -777,8 +813,12 @@ items:
               href: policy-csp-update.md
             - name: UserRights
               href: policy-csp-userrights.md
+            - name: VirtualizationBasedTechnology
+              href: policy-csp-virtualizationbasedtechnology.md
             - name: Wifi
               href: policy-csp-wifi.md
+            - name: WindowsAutoPilot
+              href: policy-csp-windowsautopilot.md
             - name: WindowsConnectionManager
               href: policy-csp-windowsconnectionmanager.md
             - name: WindowsDefenderSecurityCenter
@@ -808,21 +848,11 @@ items:
           items: 
             - name: Reboot DDF file
               href: reboot-ddf-file.md
-        - name: Registry CSP
-          href: registry-csp.md
-          items: 
-            - name: Registry DDF file
-              href: registry-ddf-file.md
         - name: RemoteFind CSP
           href: remotefind-csp.md
           items: 
             - name: RemoteFind DDF file
               href: remotefind-ddf-file.md
-        - name: RemoteLock CSP
-          href: remotelock-csp.md
-          items: 
-            - name: RemoteLock DDF file
-              href: remotelock-ddf-file.md
         - name: RemoteRing CSP
           href: remotering-csp.md
           items: 
@@ -933,6 +963,11 @@ items:
           items: 
             - name: WindowsAdvancedThreatProtection DDF file
               href: windowsadvancedthreatprotection-ddf.md
+        - name: WindowsAutoPilot CSP
+          href: windowsautopilot-csp.md
+          items: 
+            - name: WindowsAutoPilot DDF file
+              href: windowsautopilot-ddf-file.md
         - name: WindowsDefenderApplicationGuard CSP
           href: windowsdefenderapplicationguard-csp.md
           items: 
@@ -943,11 +978,6 @@ items:
           items: 
             - name: WindowsLicensing DDF file
               href: windowslicensing-ddf-file.md
-        - name: WindowsSecurityAuditing CSP
-          href: windowssecurityauditing-csp.md
-          items: 
-            - name: WindowsSecurityAuditing DDF file
-              href: windowssecurityauditing-ddf-file.md
         - name: WiredNetwork CSP
           href: wirednetwork-csp.md
           items: 
diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md
index 863fa75311..0c7915fe7c 100644
--- a/windows/client-management/mdm/tpmpolicy-csp.md
+++ b/windows/client-management/mdm/tpmpolicy-csp.md
@@ -1,11 +1,11 @@
 ---
 title: TPMPolicy CSP
-description: The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components.
+description: The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero-exhaust configuration on a Windows device for TPM software components.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/01/2017
 ms.reviewer: 
 manager: dansimp
@@ -14,27 +14,27 @@ manager: dansimp
 # TPMPolicy CSP
 
 
-The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, and so on.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval.
+The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero-exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, and so on) from Windows and inbox applications to public IP addresses, unless directly intended by the user. This definition allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval.
 
 The TPMPolicy CSP was added in Windows 10, version 1703.
 
-The following shows the TPMPolicy configuration service provider in tree format.
+The following example shows the TPMPolicy configuration service provider in tree format.
 ```
 ./Vendor/MSFT
 TPMPolicy
 ----IsActiveZeroExhaust
 ```
 **./Device/Vendor/MSFT/TPMPolicy**  
-
                  Defines the root node.
                  
+
                  Defines the root node.
                  
 
 **IsActiveZeroExhaust**  
-
                  Boolean value that indicates whether network traffic from the device to public IP addresses is not allowed unless directly intended by the user (zero exhaust). Default value is false. Some examples when zero exhaust is configured:
                  
+
                  Boolean value that indicates that network traffic from the device to public IP addresses is not allowed unless directly intended by the user (zero exhaust). The default value is false. Examples of zero-exhaust configuration and the conditions it requires are described below:
                  
 
 
                    
 
                  • There should be no traffic when machine is on idle. When the user is not interacting with the system/device, no traffic is expected. 
                    • 
-
                  • There should be no traffic during installation of Windows and first logon when local ID is used.
                    • 
-
                  • Launching and using a local app (Notepad, Paint, and so on.) should not send any traffic. Similarly, performing common tasks (clicking on start menu, browsing folders, and so on.) should not send any traffic.
                    • 
-
                  • Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic data, and so on.) to Microsoft.
                    • 
+
                  • There should be no traffic during installation of Windows and first sign in when local ID is used.
                    • 
+
                  • Launching and using a local app (Notepad, Paint, and so on) should not send any traffic. Similarly, performing common tasks (clicking on start menu, browsing folders, and so on.) should not send any traffic.
                    • 
+
                  • Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic data, and so on) to Microsoft.
                    • 
 
                  
 
 Here is an example:
diff --git a/windows/client-management/mdm/tpmpolicy-ddf-file.md b/windows/client-management/mdm/tpmpolicy-ddf-file.md
index fd463047e0..5cd81b56b7 100644
--- a/windows/client-management/mdm/tpmpolicy-ddf-file.md
+++ b/windows/client-management/mdm/tpmpolicy-ddf-file.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md
index c6d416f858..8a3a6d1f58 100644
--- a/windows/client-management/mdm/uefi-csp.md
+++ b/windows/client-management/mdm/uefi-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/02/2018
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/uefi-ddf.md b/windows/client-management/mdm/uefi-ddf.md
index 1432ef811a..0124a0a281 100644
--- a/windows/client-management/mdm/uefi-ddf.md
+++ b/windows/client-management/mdm/uefi-ddf.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/02/2018
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md
index 5b211a0f55..da5516f990 100644
--- a/windows/client-management/mdm/understanding-admx-backed-policies.md
+++ b/windows/client-management/mdm/understanding-admx-backed-policies.md
@@ -1,75 +1,75 @@
 ---
-title: Understanding ADMX-backed policies
-description: Starting in Windows 10, version 1703, you can use ADMX-backed policies for Windows 10 mobile device management (MDM) across Windows 10 devices.
+title: Understanding ADMX policies
+description: In Windows 10, you can use ADMX policies for Windows 10 mobile device management (MDM) across Windows 10 devices.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 03/23/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
-# Understanding ADMX-backed policies
+# Understanding ADMX policies
 
-Due to increased simplicity and the ease with which devices can be targeted, enterprise businesses are finding it increasingly advantageous to move their PC management to a cloud-based device management solution. Unfortunately, current Windows PC device-management solutions lack the critical policy and app settings configuration capabilities that are supported in a traditional PC management solution. 
+Due to increased simplicity and the ease with which devices can be targeted, enterprise businesses are finding it increasingly advantageous to move their PC management to a cloud-based device management solution. Unfortunately, the modern Windows PC device-management solutions lack the critical policy and app settings configuration capabilities that are supported in a traditional PC management solution. 
 
-Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support will be expanded to allow access of select Group Policy administrative templates (ADMX-backed policies) for Windows PCs via the Policy configuration service provider (CSP). This expanded access ensures that enterprises do not need to compromise security of their devices in the cloud.
+Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support expanded to allow access of selected set of Group Policy administrative templates (ADMX policies) for Windows PCs via the Policy configuration service provider (CSP). This expanded access ensures that enterprises can keep their devices compliant and prevent the risk on compromising security of their devices managed through the cloud.
 
 ## Background
 
-In addition to standard policies, the Policy CSP can now also handle ADMX-backed policies. In an ADMX-backed policy, an administrative template contains the metadata of a Window Group Policy and can be edited in the Local Group Policy Editor on a PC. Each administrative template specifies the registry keys (and their values) that are associated with a Group Policy and defines the policy settings that can be managed. Administrative templates organize Group Policies in a hierarchy in which each segment in the hierarchical path is defined as a category. Each setting in a Group Policy administrative template corresponds to a specific registry value. These Group Policy settings are defined in a standards-based, XML file format known as an ADMX file. For more information, see [Group Policy ADMX Syntax Reference Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753471(v=ws.10)). 
+In addition to standard MDM policies, the Policy CSP can also handle selected set of ADMX policies. In an ADMX policy, an administrative template contains the metadata of a Windows Group Policy and can be edited in the Local Group Policy Editor on a PC. Each administrative template specifies the registry keys (and their values) that are associated with a Group Policy and defines the policy settings that can be managed. Administrative templates organize Group Policies in a hierarchy in which each segment in the hierarchical path is defined as a category. Each setting in a Group Policy administrative template corresponds to a specific registry value. These Group Policy settings are defined in a standards-based, XML file format known as an ADMX file. For more information, see [Group Policy ADMX Syntax Reference Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753471(v=ws.10)).
 
 ADMX files can either describe operating system (OS) Group Policies that are shipped with Windows or they can describe settings of applications, which are separate from the OS and can usually be downloaded and installed on a PC.
 Depending on the specific category of the settings that they control (OS or application), the administrative template settings are found in the following two locations in the Local Group Policy Editor:
 - OS settings: Computer Configuration/Administrative Templates
 - Application settings: User Configuration/Administrative Templates 
 
-In a domain controller/Group Policy ecosystem, Group Policies are automatically added to the registry of the client computer or user profile by the Administrative Templates Client Side Extension (CSE) whenever the client computer processes a Group Policy. Conversely, in an MDM-managed client, ADMX files are leveraged to define policies independent of Group Policies. Therefore, in an MDM-managed client, a Group Policy infrastructure, including the Group Policy Service (gpsvc.exe), is not required.
+In a domain controller/Group Policy ecosystem, Group Policies are automatically added to the registry of the client computer or user profile by the Administrative Templates Client Side Extension (CSE) whenever the client computer processes a Group Policy. Conversely, in an MDM-managed client, ADMX files are applied to define policies independent of Group Policies. Therefore, in an MDM-managed client, a Group Policy infrastructure, including the Group Policy Service (gpsvc.exe), isn't required.
 
-An ADMX file can either be shipped with Windows (located at `%SystemRoot%\policydefinitions`) or it can be ingested to a device through the Policy CSP URI (`./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`). Inbox ADMX files are processed into MDM policies at OS-build time. ADMX files that are ingested are processed into MDM policies post-OS shipment through the Policy CSP. Because the Policy CSP does not rely upon any aspect of the Group Policy client stack, including the PC's Group Policy Service (GPSvc), the policy handlers that are ingested to the device are able to react to policies that are set by the MDM.
+An ADMX file can either be shipped with Windows (located at `%SystemRoot%\policydefinitions`) or it can be ingested to a device through the Policy CSP URI (`./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`). Inbox ADMX files are processed into MDM policies at OS-build time. ADMX files that are ingested are processed into MDM policies post-OS shipment through the Policy CSP. Because the Policy CSP doesn't rely upon any aspect of the Group Policy client stack, including the PC's Group Policy Service (GPSvc), the policy handlers that are ingested to the device are able to react to policies that are set by the MDM.
 
-Windows maps the name and category path of a Group Policy to a MDM policy area and policy name by parsing the associated ADMX file, finding the specified Group Policy, and storing the definition (metadata) in the MDM Policy CSP client store. When the MDM policy is referenced by a SyncML command and the Policy CSP URI, `.\[device|user]\vendor\msft\policy\[config|result]\\`, this metadata is referenced and determines which registry keys are set or removed. For a list of ADMX-backed policies supported by MDM, see [Policy CSP - ADMX-backed policies](./policy-configuration-service-provider.md).
+Windows maps the name and category path of a Group Policy to an MDM policy area and policy name by parsing the associated ADMX file, finding the specified Group Policy, and storing the definition (metadata) in the MDM Policy CSP client store. When the MDM policy is referenced by a SyncML command and the Policy CSP URI, `.\[device|user]\vendor\msft\policy\[config|result]\\`, this metadata is referenced and determines which registry keys are set or removed. For a list of ADMX policies supported by MDM, see [Policy CSP - ADMX policies](./policy-configuration-service-provider.md).
 
->[!TIP]
->Intune has added a number of ADMX-backed administrative templates in public preview. Check if the policy settings you need are available in a template before using the SyncML method described below. [Learn more about Intune's administrative templates.](/intune/administrative-templates-windows)
+
+
 
 ## ADMX files and the Group Policy Editor
 
-To capture the end-to-end MDM handling of ADMX Group Policies, an IT administrator must use a UI, such as the Group Policy Editor (gpedit.msc), to gather the necessary data. The MDM ISV console UI determines how to gather the needed Group Policy data from the IT administrator. ADMX-backed Group Policies are organized in a hierarchy and can have a scope of machine, user, or both. The Group Policy example in the next section uses a machine-wide Group Policy named "Publishing Server 2 Settings." When this Group Policy is selected, its available states are **Not Configured**, **Enabled**, and **Disabled**. 
+To capture the end-to-end MDM handling of ADMX Group Policies, an IT administrator must use a UI, such as the Group Policy Editor (gpedit.msc), to gather the necessary data. The MDM ISV console UI determines how to gather the needed Group Policy data from the IT administrator. ADMX Group Policies are organized in a hierarchy and can have a scope of machine, user, or both. The Group Policy example in the next section uses a machine-wide Group Policy named "Publishing Server 2 Settings." When this Group Policy is selected, its available states are **Not Configured**, **Enabled**, and **Disabled**. 
 
 The ADMX file that the MDM ISV uses to determine what UI to display to the IT administrator is the same ADMX file that the client uses for the policy definition. The ADMX file is processed either by the OS at build time or set by the client at OS runtime. In either case, the client and the MDM ISV must be synchronized with the ADMX policy definitions. Each ADMX file corresponds to a Group Policy category and typically contains several policy definitions, each of which represents a single Group Policy. For example, the policy definition for the "Publishing Server 2 Settings" is contained in the appv.admx file, which holds the policy definitions for the Microsoft Application Virtualization (App-V) Group Policy category. 
 
 Group Policy option button setting:
 - If **Enabled** is selected, the necessary data entry controls are displayed for the user in the UI. When IT administrator enters the data and clicks **Apply**, the following events occur:
     - The MDM ISV server sets up a Replace SyncML command with a payload that contains the user-entered data.  
-    - The MDM client stack receives this data, which causes the Policy CSP to update the device's registry per the ADMX-backed policy definition.
+    - The MDM client stack receives this data, which causes the Policy CSP to update the device's registry per the ADMX policy definition.
 
 - If **Disabled** is selected and you click **Apply**, the following events occur:
     - The MDM ISV server sets up a Replace SyncML command with a payload set to ``. 
-    - The MDM client stack receives this command, which causes the Policy CSP to either delete the device's registry settings, set the registry keys, or both, per the state change directed by the ADMX-backed policy definition.
+    - The MDM client stack receives this command, which causes the Policy CSP to either delete the device's registry settings, set the registry keys, or both, per the state change directed by the ADMX policy definition.
 
 - If **Not Configured** is selected and you click **Apply**, the following events occur:
     - MDM ISV server sets up a Delete SyncML command. 
-    - The MDM client stack receives this command, which causes the Policy CSP to delete the device's registry settings per the ADMX-backed policy definition.
+    - The MDM client stack receives this command, which causes the Policy CSP to delete the device's registry settings per the ADMX policy definition.
 
 The following diagram shows the main display for the Group Policy Editor.
 
-![Group Policy editor](images/group-policy-editor.png)
+![Group Policy editor.](images/group-policy-editor.png)
 
 The following diagram shows the settings for the "Publishing Server 2 Settings" Group Policy in the Group Policy Editor.
 
-![Group Policy publisher server 2 settings](images/group-policy-publisher-server-2-settings.png)
+![Group Policy publisher server 2 settings.](images/group-policy-publisher-server-2-settings.png)
 
-Note that most Group Policies are a simple Boolean type. For a Boolean Group Policy, if you select **Enabled**, the options panel contains no data input fields and the payload of the SyncML is simply ``. However, if there are data input fields in the options panel, the MDM server must supply this data. The following *Enabling a Group Policy* example illustrates this complexity. In this example, 10 name-value pairs are described by `` tags in the payload, which correspond to the 10 data input fields in the Group Policy Editor options panel for the "Publishing Server 2 Settings" Group Policy. The ADMX file, which defines the Group Policies, is consumed by the MDM server, similarly to how the Group Policy Editor consumes it. The Group Policy Editor displays a UI to receive the complete Group Policy instance data, which the MDM server's IT administrator console must also do. For every `` element and id attribute in the ADMX policy definition, there must be a corresponding `` element and id attribute in the payload. The ADMX file drives the policy definition and is required by the MDM server via the SyncML protocol.
+Most Group Policies are a simple Boolean type. For a Boolean Group Policy, if you select **Enabled**, the options panel contains no data input fields and the payload of the SyncML is simply ``. However, if there are data input fields in the options panel, the MDM server must supply this data. The following *Enabling a Group Policy* example illustrates this complexity. In this example, 10 name-value pairs are described by `` tags in the payload, which correspond to the 10 data input fields in the Group Policy Editor options panel for the "Publishing Server 2 Settings" Group Policy. The ADMX file, which defines the Group Policies, is consumed by the MDM server, similarly to how the Group Policy Editor consumes it. The Group Policy Editor displays a UI to receive the complete Group Policy instance data, which the MDM server's IT administrator console must also do. For every `` element and ID attribute in the ADMX policy definition, there must be a corresponding `` element and ID attribute in the payload. The ADMX file drives the policy definition and is required by the MDM server via the SyncML protocol.
 
 > [!IMPORTANT]
 > Any data entry field that is displayed in the Group Policy page of the Group Policy Editor must be supplied in the encoded XML of the SyncML payload. The SyncML data payload is equivalent to the user-supplied Group Policy data through GPEdit.msc. 
 
 For more information about the Group Policy description format, see [Administrative Template File (ADMX) format](/previous-versions/windows/desktop/Policy/admx-schema). Elements can be Text, MultiText, Boolean, Enum, Decimal, or List (for more information, see [policy elements](/previous-versions/windows/desktop/Policy/element-elements)). 
 
-For example, if you search for the string, "Publishing_Server2_Name_Prompt" in both the *Enabling a policy* example and its corresponding ADMX policy definition in the appv.admx file, you will find the following occurrences:
+For example, if you search for the string, "Publishing_Server2_Name_Prompt" in both the *Enabling a policy* example and its corresponding ADMX policy definition in the appv.admx file, you'll find the following occurrences:
 
 Enabling a policy example:
 ```XML
@@ -83,9 +83,9 @@ Appv.admx file:
 ```
 
 
-## ADMX-backed policy examples
+## ADMX policy examples
 
-The following SyncML examples describe how to set a MDM policy that is defined by an ADMX template, specifically the Publishing_Server2_Policy Group Policy description in the application virtualization ADMX file, appv.admx. Note that the functionality that this Group Policy manages is not important; it is used to illustrate only how an MDM ISV can set an ADMX-backed policy. These SyncML examples illustrate common options and the corresponding SyncML code that can be used for testing your policies. Note that the payload of the SyncML must be XML-encoded; for this XML encoding, you can use favorite online tool. To avoid encoding the payload, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+The following SyncML examples describe how to set an MDM policy that is defined by an ADMX template, specifically the Publishing_Server2_Policy Group Policy description in the application virtualization ADMX file, appv.admx. The functionality that this Group Policy manages isn't important; it's used to illustrate only how an MDM ISV can set an ADMX policy. These SyncML examples illustrate common options and the corresponding SyncML code that can be used for testing your policies. The payload of the SyncML must be XML-encoded; for this XML encoding, you can use favorite online tool. To avoid encoding the payload, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ### Enabling a policy
@@ -231,13 +231,13 @@ The following SyncML examples describe how to set a MDM policy that is defined b
 
 This section describes sample SyncML for the various ADMX elements like Text, Multi-Text, Decimal, Boolean, and List.
 
-### How a Group Policy policy category path and name are mapped to a MDM area and policy name
+### How a Group Policy policy category path and name are mapped to an MDM area and policy name
 
-Below is the internal OS mapping of a Group Policy to a MDM area and name. This is part of a set of Windows manifest that when compiled parses out the associated ADMX file, finds the specified Group Policy policy and stores that definition (metadata) in the MDM Policy CSP client store.  ADMX backed policies are organized hierarchically. Their scope can be **machine**, **user**, or have a scope of **both**. When the MDM policy is referred to through a SyncML command and the Policy CSP URI, as shown below, this metadata is referenced and determines what registry keys are set or removed. Machine-scope policies are referenced via .\Device and the user scope policies via .\User. 
+Below is the internal OS mapping of a Group Policy to an MDM area and name. This mapping is part of a set of Windows manifest that when compiled parses out the associated ADMX file, finds the specified Group Policy policy and stores that definition (metadata) in the MDM Policy CSP client store.  ADMX backed policies are organized hierarchically. Their scope can be **machine**, **user**, or have a scope of **both**. When the MDM policy is referred to through a SyncML command and the Policy CSP URI, as shown below, this metadata is referenced and determines what registry keys are set or removed. Machine-scope policies are referenced via .\Device and the user scope policies via .\User. 
 
 `./[Device|User]/Vendor/MSFT/Policy/Config/[config|result]//`
 
-Note that the data payload of the SyncML needs to be encoded so that it does not conflict with the boilerplate SyncML XML tags. Use this online tool for encoding and encoding the policy data [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii)
+The data payload of the SyncML needs to be encoded so that it doesn't conflict with the boilerplate SyncML XML tags. Use this online tool for encoding and encoding the policy data [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii)
 
 **Snippet of manifest for AppVirtualization area:**
 
@@ -306,7 +306,7 @@ The `text` element simply corresponds to a string and correspondingly to an edit
 
 ### MultiText Element
 
-The `multiText` element simply corresponds to a REG_MULTISZ registry string and correspondingly to a grid to enter multiple strings in a policy panel display by gpedit.msc.  Note that it is expected that each string in the SyncML is to be separated by the Unicode character 0xF000 (encoded version: ``)
+The `multiText` element simply corresponds to a REG_MULTISZ registry string and correspondingly to a grid to enter multiple strings in a policy panel display by gpedit.msc.  It's expected that each string in the SyncML is to be separated by the Unicode character 0xF000 (encoded version: ``)
 
 ```XML
 List Element (and its variations)
 
-The `list` element simply corresponds to a hive of REG_SZ registry strings and correspondingly to a grid to enter multiple strings in a policy panel display by gpedit.msc. How this is represented in SyncML is as a string containing pairs of strings. Each pair is a REG_SZ name/value key. It is best to apply the policy through gpedit.msc (run as Administrator) and go to the registry hive location and see how the list values are stored. This will give you an idea of the way the name/value pairs are stored to express it through SyncML.
+The `list` element simply corresponds to a hive of REG_SZ registry strings and correspondingly to a grid to enter multiple strings in a policy panel display by gpedit.msc. How this element is represented in SyncML is as a string containing pairs of strings. Each pair is a REG_SZ name/value key. It's best to apply the policy through gpedit.msc (run as Administrator) and go to the registry hive location and see how the list values are stored. This location will give you an idea of the way the name/value pairs are stored to express it through SyncML.
 
 > [!NOTE]
-> It is expected that each string in the SyncML is to be separated by the Unicode character 0xF000 (encoded version: ``).
+> It's expected that each string in the SyncML is to be separated by the Unicode character 0xF000 (encoded version: ``).
 
-Variations of the `list` element are dictated by attributes. These attributes are ignored by the Policy Manager runtime. It is expected that the MDM server manages the name/value pairs. See below for a simple write up of Group Policy List.
+Variations of the `list` element are dictated by attributes. These attributes are ignored by the Policy Manager runtime. It's expected that the MDM server manages the name/value pairs. See below for a simple write-up of Group Policy List.
 
 **ADMX file: inetres.admx**
 
diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md
index 7916778bec..1904740772 100644
--- a/windows/client-management/mdm/unifiedwritefilter-csp.md
+++ b/windows/client-management/mdm/unifiedwritefilter-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -19,7 +19,7 @@ The UnifiedWriteFilter (UWF) configuration service provider enables the IT admin
 
 > **Note**  The UnifiedWriteFilter CSP is only supported in Windows 10 Enterprise and Windows 10 Education.
 
-The following shows the UWF configuration service provider in tree format.
+The following example shows the UWF configuration service provider in tree format.
 ```
 ./Vendor/MSFT
 UnifiedWriteFilter
@@ -114,12 +114,12 @@ Setting the value
 
 To “move” swapfile to another volume, set the SwapfileSize property on that other volume's CSP note to non-zero.
 
-Currently SwapfileSize should not be relied for determining or controlling the overlay size, 
+Currently SwapfileSize shouldn't be relied for determining or controlling the overlay size, 
 
 **CurrentSession/MaximumOverlaySize** or **NextSession/MaximumOverlaySize**
 should be used for that purpose.
 
-:::image type="content" source="images/overlaysetting.png" alt-text="This is the overlay setting":::
+:::image type="content" source="images/overlaysetting.png" alt-text="The overlay setting.":::
 
 > [!NOTE]
 > Only single swapfile is supported in current implementation and creating swapfile on specific volume will disable any other swapfile created on other volumes.
@@ -141,12 +141,12 @@ Required. Indicates the maximum cache size, in megabytes, of the overlay in the
 The only supported operation is Get.
 
 **CurrentSession/PersisitDomainSecretKey**  
-Required. Indicates if the domain secret registry key is in the registry exclusion list. If the registry key is not in the exclusion list, changes do not persist after a restart.
+Required. Indicates if the domain secret registry key is in the registry exclusion list. If the registry key isn't in the exclusion list, changes don't persist after a restart.
 
 The only supported operation is Get.
 
 **CurrentSession/PersistTSCAL**  
-Required. Indicates if the Terminal Server Client Access License (TSCAL) registry key is in the UWF registry exclusion list. If the registry key is not in the exclusion list, changes do not persist after a restart.
+Required. Indicates if the Terminal Server Client Access License (TSCAL) registry key is in the UWF registry exclusion list. If the registry key isn't in the exclusion list, changes don't persist after a restart.
 
 The only supported operation is Get.
 
@@ -180,7 +180,7 @@ Required. Indicates the type of binding that the volume uses in the current sess
 The only supported operation is Get.
 
 **CurrentSession/Volume/*Volume*/DriveLetter**  
-Required. The drive letter of the volume. If the volume does not have a drive letter, this value is NULL.
+Required. The drive letter of the volume. If the volume doesn't have a drive letter, this value is NULL.
 
 The only supported operation is Get.
 
@@ -203,7 +203,7 @@ Required. This method deletes the specified file and commits the deletion to the
 Supported operations are Get and Execute.
 
 **CurrentSession/ShutdownPending**  
-Required. This value is True if the system is pending on shutdown. Otherwise, it is False.
+Required. This value is True if the system is pending on shutdown. Otherwise, it's False.
 
 The only supported operation is Get.
 
@@ -243,12 +243,12 @@ Required. Indicates the maximum cache size, in megabytes, of the overlay for the
 Supported operations are Get and Replace.
 
 **NextSession/PersisitDomainSecretKey**  
-Required. Indicates if the domain secret registry key is in the registry exclusion list. If the registry key is not in the exclusion list, changes do not persist after a restart.
+Required. Indicates if the domain secret registry key is in the registry exclusion list. If the registry key isn't in the exclusion list, changes don't persist after a restart.
 
 Supported operations are Get and Replace.
 
 **NextSession/PersistTSCAL**  
-Required. Indicates if the Terminal Server Client Access License (TSCAL) registry key is in the UWF registry exclusion list. If the registry key is not in the exclusion list, changes do not persist after a restart.
+Required. Indicates if the Terminal Server Client Access License (TSCAL) registry key is in the UWF registry exclusion list. If the registry key isn't in the exclusion list, changes don't persist after a restart.
 
 Supported operations are Get and Replace.
 
@@ -286,7 +286,7 @@ Required. Indicates the type of binding that the volume uses in the next session
 Supported operations are Get and Replace.
 
 **NextSession/Volume/*Volume*/DriveLetter**  
-The drive letter of the volume. If the volume does not have a drive letter, this value is NULL.
+The drive letter of the volume. If the volume doesn't have a drive letter, this value is NULL.
 
 The only supported operation is Get.
 
diff --git a/windows/client-management/mdm/unifiedwritefilter-ddf.md b/windows/client-management/mdm/unifiedwritefilter-ddf.md
index 2eb8bf1445..f91c0ba659 100644
--- a/windows/client-management/mdm/unifiedwritefilter-ddf.md
+++ b/windows/client-management/mdm/unifiedwritefilter-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md
index 094b56add7..c728cdb027 100644
--- a/windows/client-management/mdm/update-csp.md
+++ b/windows/client-management/mdm/update-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 02/23/2018
 ---
 
@@ -19,7 +19,7 @@ The Update configuration service provider enables IT administrators to manage an
 > [!NOTE]
 > The Update CSP functionality of 'ApprovedUpdates' is not recommended for managing desktop devices. To manage updates to desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation for the recommended policies.
 
-The following shows the Update configuration service provider in tree format.
+The following example shows the Update configuration service provider in tree format.
 
 ```
 ./Vendor/MSFT/Update
@@ -52,136 +52,136 @@ The following shows the Update configuration service provider in tree format.
 ```
 
 **./Vendor/MSFT/Update**
-
                  The root node.
+
                  The root node.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **ApprovedUpdates**
-
                  Node for update approvals and EULA acceptance on behalf of the end-user.
+
                  Node for update approvals and EULA acceptance on behalf of the end-user.
 
 > [!NOTE]
 > When the RequireUpdateApproval policy is set, the MDM uses the ApprovedUpdates list to pass the approved GUIDs. These GUIDs should be a subset of the InstallableUpdates list.
 
-
                  The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It is only necessary to approve the EULA once per EULA ID, not one per update.
+
                  The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this presentation is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It's only necessary to approve the EULA once per EULA ID, not one per update.
 
-
                  The update approval list enables IT to approve individual updates and update classifications. Auto-approval by update classifications allows IT to automatically approve Definition Updates (i.e., updates to the virus and spyware definitions on devices) and Security Updates (i.e., product-specific updates for security-related vulnerability). The update approval list does not support the uninstallation of updates by revoking approval of already installed updates. Updates are approved based on UpdateID, and an UpdateID only needs to be approved once. An update UpdateID and RevisionNumber are part of the UpdateIdentity type. An UpdateID can be associated to several UpdateIdentity GUIDs due to changes to the RevisionNumber setting. MDM services must synchronize the UpdateIdentity of an UpdateID based on the latest RevisionNumber to get the latest metadata for an update. However, update approval is based on UpdateID.
+
                  The update approval list enables IT to approve individual updates and update classifications. Auto-approval by update classifications allows IT to automatically approve Definition Updates (that is, updates to the virus and spyware definitions on devices) and Security Updates (that is, product-specific updates for security-related vulnerability). The update approval list doesn't support the uninstallation of updates by revoking approval of already installed updates. Updates are approved based on UpdateID, and an UpdateID only needs to be approved once. An update UpdateID and RevisionNumber are part of the UpdateIdentity type. An UpdateID can be associated to several UpdateIdentity GUIDs due to changes to the RevisionNumber setting. MDM services must synchronize the UpdateIdentity of an UpdateID based on the latest RevisionNumber to get the latest metadata for an update. However, update approval is based on UpdateID.
 
 > [!NOTE]
 > For the Windows 10 build, the client may need to reboot after additional updates are added.
 
-
                  Supported operations are Get and Add.
+
                  Supported operations are Get and Add.
 
 **ApprovedUpdates/_Approved Update Guid_**
-
                  Specifies the update GUID.
+
                  Specifies the update GUID.
 
-
                  To auto-approve a class of updates, you can specify the Update Classifications GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. These are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly.
+
                  To auto-approve a class of updates, you can specify the Update Classifications GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. These GUIDs are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly.
 
-
                  Supported operations are Get and Add.
+
                  Supported operations are Get and Add.
 
-
                  Sample syncml:
+
                  Sample syncml:
 
 ```
 ./Vendor/MSFT/Update/ApprovedUpdates/%7ba317dafe-baf4-453f-b232-a7075efae36e%7d
 ```
 
 **ApprovedUpdates/*Approved Update Guid*/ApprovedTime**
-
                  Specifies the time the update gets approved.
+
                  Specifies the time the update gets approved.
 
-
                  Supported operations are Get and Add.
+
                  Supported operations are Get and Add.
 
 **FailedUpdates**
-
                  Specifies the approved updates that failed to install on a device.
+
                  Specifies the approved updates that failed to install on a device.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **FailedUpdates/_Failed Update Guid_**
-
                  Update identifier field of the UpdateIdentity GUID that represents an update that failed to download or install.
+
                  Update identifier field of the UpdateIdentity GUID that represents an update that failed to download or install.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **FailedUpdates/*Failed Update Guid*/HResult**
-
                  The update failure error code.
+
                  The update failure error code.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **FailedUpdates/*Failed Update Guid*/Status**
-
                  Specifies the failed update status (for example, download, install).
+
                  Specifies the failed update status (for example, download, install).
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **FailedUpdates/*Failed Update Guid*/RevisionNumber**
-
                  Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
+
                  Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **InstalledUpdates**
-
                  The updates that are installed on the device.
+
                  The updates that are installed on the device.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **InstalledUpdates/_Installed Update Guid_**
-
                  UpdateIDs that represent the updates installed on a device.
+
                  UpdateIDs that represent the updates installed on a device.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **InstalledUpdates/*Installed Update Guid*/RevisionNumber**
-
                  Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
+
                  Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **InstallableUpdates**
-
                  The updates that are applicable and not yet installed on the device. This includes updates that are not yet approved.
+
                  The updates that are applicable and not yet installed on the device. These updates include updates that aren't yet approved.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **InstallableUpdates/_Installable Update Guid_**
-
                  Update identifiers that represent the updates applicable and not installed on a device.
+
                  Update identifiers that represent the updates applicable and not installed on a device.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **InstallableUpdates/*Installable Update Guid*/Type**
-
                  The UpdateClassification value of the update. Valid values are:
+
                  The UpdateClassification value of the update. Valid values are:
 
 - 0 - None
 - 1 - Security
 - 2 - Critical
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **InstallableUpdates/*Installable Update Guid*/RevisionNumber**
-
                  The revision number for the update that must be passed in server to server sync to get the metadata for the update.
+
                  The revision number for the update that must be passed in server to server sync to get the metadata for the update.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **PendingRebootUpdates**
-
                  The updates that require a reboot to complete the update session.
+
                  The updates that require a reboot to complete the update session.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **PendingRebootUpdates/_Pending Reboot Update Guid_**
-
                  Update identifiers for the pending reboot state.
+
                  Update identifiers for the pending reboot state.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **PendingRebootUpdates/*Pending Reboot Update Guid*/InstalledTime**
-
                  The time the update is installed.
+
                  The time the update is installed.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **PendingRebootUpdates/*Pending Reboot Update Guid*/RevisionNumber**
-
                  Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
+
                  Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **LastSuccessfulScanTime**
-
                  The last successful scan time.
+
                  The last successful scan time.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **DeferUpgrade**
-
                  Upgrades deferred until the next period.
+
                  Upgrades deferred until the next period.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **Rollback**
 Added in Windows 10, version 1803. Node for the rollback operations.
@@ -193,7 +193,7 @@ Added in Windows 10, version 1803. Roll back latest Quality Update, if the machi
 - Condition 2: Device must be in a Paused State
 - Condition 3: Device must have the Latest Quality Update installed on the device (Current State)
 
-If the conditions are not true, the device will not Roll Back the Latest Quality Update.
+If the conditions aren't true, the device won't Roll Back the Latest Quality Update.
 
 **Rollback/FeatureUpdate**
 Added in Windows 10, version 1803. Roll Back Latest Feature Update, if the machine meets the following conditions:
@@ -204,9 +204,9 @@ Added in Windows 10, version 1803. Roll Back Latest Feature Update, if the machi
 - Condition 4: Machine should be within the uninstall period
 
 > [!NOTE]
-> This only works for Semi-Annual Channel Targeted devices.
+> This only works for General Availability Channel Targeted devices.
 
-If the conditions are not true, the device will not Roll Back the Latest Feature Update.
+If the conditions aren't true, the device won't Roll Back the Latest Feature Update.
 
 **Rollback/QualityUpdateStatus**
 Added in Windows 10, version 1803. Returns the result of last RollBack QualityUpdate operation.
diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md
index 44f580cb4f..fa91e9823e 100644
--- a/windows/client-management/mdm/update-ddf-file.md
+++ b/windows/client-management/mdm/update-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 02/23/2018
 ---
 
diff --git a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
index 37ff112671..7dee32b407 100644
--- a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
+++ b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
@@ -1,6 +1,6 @@
 ---
 title: Using PowerShell scripting with the WMI Bridge Provider
-description: This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, as well as how to invoke methods through the WMI Bridge Provider.
+description: This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the WMI Bridge Provider.
 ms.assetid: 238D45AD-3FD8-46F9-B7FB-6AEE42BE4C08
 ms.reviewer: 
 manager: dansimp
@@ -8,13 +8,13 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
 # Using PowerShell scripting with the WMI Bridge Provider
 
-This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, as well as how to invoke methods through the [WMI Bridge Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal).
+This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the [WMI Bridge Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal).
 
 
 ## Configuring per-device policy settings
@@ -89,7 +89,7 @@ class MDM_Policy_User_Config01_Authentication02
 
  
 
-If accessing or modifying settings for a different user, then the PowerShell script is more complicated because the WMI Bridge expects the user SID to be set in MI Custom Context, which is not supported in native PowerShell cmdlets.
+If accessing or modifying settings for a different user, then the PowerShell script is more complicated because the WMI Bridge expects the user SID to be set in MI Custom Context, which isn't supported in native PowerShell cmdlets.
 
 > **Note**   All commands must executed under local system.
 
diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md
index 3f6badf192..4e2ae5fec4 100644
--- a/windows/client-management/mdm/vpn-csp.md
+++ b/windows/client-management/mdm/vpn-csp.md
@@ -8,12 +8,15 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 04/02/2017
 ---
 
 # VPN CSP
 
+The VPN CSP is deprecated. Use [VPNv2 CSP](vpnv2-csp.md) instead.
+
+
+
 ## Related topics
 
+[VPNv2 CSP](vpnv2-csp.md)
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md
index 889a2f8f25..ba5b9526f2 100644
--- a/windows/client-management/mdm/vpn-ddf-file.md
+++ b/windows/client-management/mdm/vpn-ddf-file.md
@@ -8,12 +8,15 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
 # VPN DDF file
 
+The VPN CSP is deprecated. Use [VPNv2 CSP](vpnv2-csp.md) instead.
+
+
+
 ## Related topics
 
+[VPNv2 CSP](vpnv2-csp.md)
 
-[VPN configuration service provider](vpn-csp.md)
-
- 
-
- 
-
-
-
-
-
+[VPN configuration service provider (deprecated)](vpn-csp.md)
 
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 1fed240483..07dbd492dc 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -8,8 +8,8 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
-ms.date: 10/30/2020
+author: dansimp
+ms.date: 09/21/2021
 ---
 
 # VPNv2 CSP
@@ -20,20 +20,20 @@ The VPNv2 configuration service provider allows the mobile device management (MD
 Here are the requirements for this CSP:
 
 - VPN configuration commands must be wrapped in an Atomic block in SyncML.
-- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you are using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies.
+- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you're using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies.
 - Instead of changing individual properties, follow these steps to make any changes:
 
   - Send a Delete command for the ProfileName to delete the entire profile.
   - Send the entire profile again with new values wrapped in an Atomic block.
 
-    In certain conditions you can change some properties directly, but we do not recommend it.
+    In certain conditions you can change some properties directly, but we don't recommend it.
 
 The XSDs for all EAP methods are shipped in the box and can be found at the following locations:
 
 - `C:\Windows\schemas\EAPHost`
 - `C:\Windows\schemas\EAPMethods`
 
-The following shows the VPNv2 configuration service provider in tree format.
+The following example shows the VPNv2 configuration service provider in tree format.
 
 ```
 ./Vendor/MSFT
@@ -332,7 +332,7 @@ Supported operations include Get, Add, and Delete.
 Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect.
 
 **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId  
-A sequential integer identifier that allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers.
+A sequential integer identifier that allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you shouldn't skip numbers.
 
 Supported operations include Get, Add, Replace, and Delete.
 
@@ -340,35 +340,35 @@ Supported operations include Get, Add, Replace, and Delete.
 App Node under the Row Id.
 
 **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Id**  
-App identity, which is either an app’s package family name or file path. The type is inferred by the Id, and therefore cannot be specified in the get only App/Type field
+App identity, which is either an app’s package family name or file path. The type is inferred by the Id, and therefore can't be specified in the get only App/Type field
 
 **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Type**  
-Returns the type of **App/Id**. This value can be either of the following:
+Returns the type of **App/Id**. This value can be either of the following values:
 
-- PackageFamilyName - When this is returned, the App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of the Microsoft Store application.
-- FilePath - When this is returned, the App/Id value represents the full file path of the app. For example, `C:\Windows\System\Notepad.exe`.
+- PackageFamilyName - When this value is returned, the App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of the Microsoft Store application.
+- FilePath - When this value is returned, the App/Id value represents the full file path of the app. For example, `C:\Windows\System\Notepad.exe`.
 
 Value type is chr. Supported operation is Get.
 
 **VPNv2/**ProfileName**/RouteList/**  
-Optional node. List of routes to be added to the routing table for the VPN interface. This is required for split tunneling case where the VPN server site has more subnets that the default subnet based on the IP assigned to the interface.
+Optional node. List of routes to be added to the routing table for the VPN interface. This information is required for split tunneling case where the VPN server site has more subnets that the default subnet based on the IP assigned to the interface.
 
 Every computer that runs TCP/IP makes routing decisions. These decisions are controlled by the IP routing table. Adding values under this node updates the routing table with routes for the VPN interface post connection. The values under this node represent the destination prefix of IP routes. A destination prefix consists of an IP address prefix and a prefix length.
 
-Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this during connect negotiation and do not need this information in the VPN Profile. Please check with your VPN server administrator to determine whether you need this information in the VPN profile.
+Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this route during connect negotiation and don't need this information in the VPN Profile. Check with your VPN server administrator to determine whether you need this information in the VPN profile.
 
 **VPNv2/**ProfileName**/RouteList/**routeRowId  
-A sequential integer identifier for the RouteList. This is required if you are adding routes. Sequencing must start at 0.
+A sequential integer identifier for the RouteList. This value is required if you're adding routes. Sequencing must start at 0.
 
 Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/RouteList/**routeRowId**/Address**  
-Subnet address in IPv4/v6 address format which, along with the prefix will be used to determine the destination prefix to send via the VPN Interface. This is the IP address part of the destination prefix.
+Subnet address in IPv4/v6 address format which, along with the prefix, will be used to determine the destination prefix to send via the VPN Interface. This subnet address is the IP address part of the destination prefix.
 
 Supported operations include Get, Add, Replace, and Delete. Value type is chr. Example, `192.168.0.0`
 
 **VPNv2/**ProfileName**/RouteList/**routeRowId**/PrefixSize**  
-The subnet prefix size part of the destination prefix for the route entry. This, along with the address will be used to determine the destination prefix to route through the VPN Interface.
+The subnet prefix size part of the destination prefix for the route entry. This subnet prefix, along with the address, will be used to determine the destination prefix to route through the VPN Interface.
 
 Value type is int. Supported operations include Get, Add, Replace, and Delete.
 
@@ -388,7 +388,7 @@ Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/DomainNameInformationList**  
 Optional node. Name Resolution Policy Table (NRPT) rules for the VPN profile.
 
-The Name Resolution Policy Table (NRPT) is a table of namespaces and corresponding settings stored in the Windows registry that determines the DNS client behavior when issuing queries and processing responses. Each row in the NRPT represents a rule for a portion of the namespace for which the DNS client issues queries. Before issuing name resolution queries, the DNS client consults the NRPT to determine if any additional flags must be set in the query. After receiving the response, the client again consults the NRPT to check for any special processing or policy requirements. In the absence of the NRPT, the client operates based on the DNS servers and suffixes set on the interface.
+The Name Resolution Policy Table (NRPT) is a table of namespaces and corresponding settings stored in the Windows registry that determines the DNS client behavior when issuing queries and processing responses. Each row in the NRPT represents a rule for a portion of the namespace for which the DNS client issues queries. Before name resolution queries are issued, the DNS client consults the NRPT to determine if any extra flags must be set in the query. After the response is received, the client again consults the NRPT to check for any special processing or policy requirements. In the absence of the NRPT, the client operates based on the DNS servers and suffixes set on the interface.
 
 > [!NOTE]  
 > Only applications using the [Windows DNS API](/windows/win32/dns/dns-reference) can make use of the NRPT and therefore all settings configured within the DomainNameInformationList section. Applications using their own DNS implementation bypass the Windows DNS API. One example of applications not using the Windows DNS API is nslookup, so always use the PowerShell CmdLet [Resolve-DNSName](/powershell/module/dnsclient/resolve-dnsname) to check the functionality of the NRPT.
@@ -407,9 +407,9 @@ Used to indicate the namespace to which the policy applies. When a Name query is
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DomainNameType**  
-Returns the namespace type. This value can be one of the following:
+Returns the namespace type. This value can be one of the following values:
 
-- FQDN - If the DomainName was not prepended with a**.** and applies only to the fully qualified domain name (FQDN) of a specified host.
+- FQDN - If the DomainName wasn't prepended with a**.** and applies only to the fully qualified domain name (FQDN) of a specified host.
 - Suffix - If the DomainName was prepended with a**.** and applies to the specified namespace, all records in that namespace, and all subdomains.
 
 Value type is chr. Supported operation is Get.
@@ -420,7 +420,7 @@ List of comma-separated DNS Server IP addresses to use for the namespace.
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/WebProxyServers**  
-Optional. Web Proxy Server IP address if you are redirecting traffic through your intranet.
+Optional. Web Proxy Server IP address if you're redirecting traffic through your intranet.
 
 > [!NOTE]  
 > Currently only one web proxy server is supported.  
@@ -430,7 +430,7 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/AutoTrigger**  
 Added in Windows 10, version 1607. Optional. Boolean to determine whether this domain name rule will trigger the VPN.
 
-If set to False, this DomainName rule will not trigger the VPN.
+If set to False, this DomainName rule won't trigger the VPN.
 
 If set to True, this DomainName rule will trigger the VPN
 
@@ -439,7 +439,7 @@ By default, this value is false.
 Value type is bool.
 
 **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/Persistent**  
-Added in Windows 10, version 1607. A boolean value that specifies if the rule being added should persist even when the VPN is not connected. Value values:
+Added in Windows 10, version 1607. A boolean value that specifies if the rule being added should persist even when the VPN isn't connected. Value values:
 
 -   False (default) - This DomainName rule will only be applied when VPN is connected.
 -   True - This DomainName rule will always be present and applied.
@@ -452,18 +452,18 @@ An optional node that specifies a list of rules. Only traffic that matches these
 > [!NOTE]
 > Once a TrafficFilterList is added, all traffic are blocked other than the ones matching the rules.
 
-When adding multiple rules, each rule operates based on an OR with the other rules. Within each rule, each property operates based on an AND with each other.
+When multiple rules are being added, each rule operates based on an OR with the other rules. Within each rule, each property operates based on an AND with each other.
 
 **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId  
 A sequential integer identifier for the Traffic Filter rules. Sequencing must start at 0.
 
 **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/App**  
-Per app VPN rule. This will allow only the apps specified to be allowed over the VPN interface. Value type is chr.
+Per app VPN rule. This property will allow only the apps specified to be allowed over the VPN interface. Value type is chr.
 
 **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/App/Id**  
 App identity for the app-based traffic filter.
 
-The value for this node can be one of the following:
+The value for this node can be one of the following values:
 
 - PackageFamilyName - This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Microsoft Store application.
 - FilePath - This App/Id value represents the full file path of the app. For example, `C:\Windows\System\Notepad.exe`.
@@ -511,17 +511,17 @@ A list of comma-separated values specifying remote IP address ranges to allow.
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RoutingPolicyType**  
-Specifies the routing policy if an App or Claims type is used in the traffic filter. The scope of this property is for this traffic filter rule alone. The value can be one of the following:
+Specifies the routing policy if an App or Claims type is used in the traffic filter. The scope of this property is for this traffic filter rule alone. The value can be one of the following values:
 
 - SplitTunnel - For this traffic filter rule, only the traffic meant for the VPN interface (as determined by the networking stack) goes over the interface. Internet traffic can continue to go over the other interfaces.
 - ForceTunnel - For this traffic rule all IP traffic must go through the VPN Interface only.
 
-This is only applicable for App ID-based Traffic Filter rules.
+This property is only applicable for App ID-based Traffic Filter rules.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/Direction**  
-Added in Windows 10, version 2004. Specifies the traffic direction to apply this policy to. Default is Outbound. The value can be one of the following:
+Added in Windows 10, version 2004. Specifies the traffic direction to apply this policy to. Default is Outbound. The value can be one of the following values:
 
 - Outbound - The rule applies to all outbound traffic
 - Inbound - The rule applies to all inbound traffic
@@ -531,27 +531,27 @@ If no inbound filter is provided, then by default all unsolicited inbound traffi
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/EdpModeId**  
-Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
+Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this ID is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
 
-Additionally when connecting with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin does not have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the WIP policies and App lists automatically takes effect.
+Additionally when a connection is being established with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin doesn't have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the WIP policies and App lists automatically takes effect.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/RememberCredentials**  
-Boolean value (true or false) for caching credentials. Default is false, which means do not cache credentials. If set to true, credentials are cached whenever possible.
+Boolean value (true or false) for caching credentials. Default is false, which means don't cache credentials. If set to true, credentials are cached whenever possible.
 
 Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/AlwaysOn**  
-An optional flag to enable Always On mode. This will automatically connect the VPN at sign-in and will stay connected until the user manually disconnects.
+An optional flag to enable Always On mode. This flag will automatically connect the VPN at sign in and will stay connected until the user manually disconnects.
 
 > [!NOTE]
 > Always On only works for the active profile. The first profile provisioned that can be auto triggered will automatically be set as active.
 
 Preserving user Always On preference
 
-Windows has a feature to preserve a user’s AlwaysOn preference.  In the event that a user manually unchecks the “Connect    automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList.  
-Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference.
+Windows has a feature to preserve a user’s AlwaysOn preference.  If a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList.  
+Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows won't check the box if the profile name exists in the below registry value in order to preserve user preference.
 Key: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config`
 Value: AutoTriggerDisabledProfilesList
 Type: REG_MULTI_SZ
@@ -569,13 +569,13 @@ Device tunnel profile.
 
 Valid values:
 
-- False (default) - this is not a device tunnel profile.
-- True - this is a device tunnel profile.
+- False (default) - this profile isn't a device tunnel profile.
+- True - this profile is a device tunnel profile.
 
 When the DeviceTunnel profile is turned on, it does the following things:
 
 - First, it automatically becomes an "always on" profile.
-- Second, it does not require the presence or logging in of any user to the machine in order for it to connect.
+- Second, it doesn't require the presence or logging in of any user to the machine in order for it to connect.
 - Third, no other device tunnel profile maybe is present on the same machine.-
 
 A device tunnel profile must be deleted before another device tunnel profile can be added, removed, or connected.
@@ -587,11 +587,11 @@ Allows registration of the connection's address in DNS.
 
 Valid values:
 
-- False = Do not register the connection's address in DNS (default).
+- False = Don't register the connection's address in DNS (default).
 - True = Register the connection's addresses in DNS.
 
 **VPNv2/**ProfileName**/DnsSuffix**  
-Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
+Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList. Windows has a limit of 50 DNS suffixes that can be set. Windows name resolution will apply each suffix in order. Long DNS suffix lists may impact performance.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -599,7 +599,7 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 Reserved for future use.
 
 **VPNv2/**ProfileName**/TrustedNetworkDetection**  
-Optional. Comma-separated string to identify the trusted network. VPN will not connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device.
+Optional. Comma-separated string to identify the trusted network. VPN won't connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -657,7 +657,7 @@ Added in Windows 10, version 1607. Enables the Device Compliance flow from the
 Value type is bool. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/DeviceCompliance/Sso**  
-Added in Windows 10, version 1607. Nodes under SSO can be used to choose a certificate different from the VPN Authentication cert for the Kerberos Authentication in the case of Device Compliance.
+Added in Windows 10, version 1607. Nodes under SSO can be used to choose a certificate different from the VPN Authentication cert for the Kerberos Authentication if there's Device Compliance.
 
 **VPNv2/**ProfileName**/DeviceCompliance/Sso/Enabled**  
 Added in Windows 10, version 1607. If this field is set to True, the VPN Client will look for a separate certificate for Kerberos Authentication.
@@ -683,7 +683,7 @@ Required for plug-in profiles. Semicolon-separated list of servers in URL, hostn
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/PluginProfile/CustomConfiguration**  
-Optional. This is an HTML encoded XML blob for SSL-VPN plug-in specific configuration including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plugin provider for format and other details. Most plugins can also configure values based on the server negotiations as well as defaults.
+Optional. This property is an HTML encoded XML blob for SSL-VPN plug-in specific configuration including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plugin provider for format and other details. Most plugins can also configure values based on the server negotiations and defaults.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -708,7 +708,7 @@ You can make a list of server by making a list of server names (with optional fr
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/NativeProfile/RoutingPolicyType**  
-Optional for native profiles. Type of routing policy. This value can be one of the following:
+Optional for native profiles. Type of routing policy. This value can be one of the following values:
 
 - SplitTunnel - Traffic can go over any interface as determined by the networking stack.
 - ForceTunnel - All IP traffic must go over the VPN interface.
@@ -716,7 +716,7 @@ Optional for native profiles. Type of routing policy. This value can be one of t
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/NativeProfile/NativeProtocolType**  
-Required for native profiles. Type of tunneling protocol used. This value can be one of the following:
+Required for native profiles. Type of tunneling protocol used. This value can be one of the following values:
 
 - PPTP
 - L2TP
@@ -726,7 +726,7 @@ Required for native profiles. Type of tunneling protocol used. This value can be
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 > [!NOTE]
-> The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order is not customizable. 
+> The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order isn't customizable. 
 
 **VPNv2/**ProfileName**/NativeProfile/Authentication**  
 Required node for native profile. It contains authentication information for the native VPN profile.
@@ -735,14 +735,14 @@ Required node for native profile. It contains authentication information for the
 This value can be one of the following:
 
 -   EAP
--   MSChapv2 (This is not supported for IKEv2)
+-   MSChapv2 (This method isn't supported for IKEv2)
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/NativeProfile/Authentication/MachineMethod**  
 This is only supported in IKEv2.
 
-This value can be one of the following:
+This value can be one of the following values:
 
 -   Certificate
 
@@ -771,7 +771,9 @@ Reserved for future use.
 Reserved for future use.
 
 **VPNv2/**ProfileName**/NativeProfile/CryptographySuite**  
-Added in Windows 10, version 1607. Properties of IPSec tunnels.
+Added in Windows 10, version 1607. Properties of IPSec tunnels. 
+
+[!NOTE] If you specify any of the properties under CryptographySuite, you must specify all of them. It's not valid to specify just some of the properties.
 
 **VPNv2/**ProfileName**/NativeProfile/CryptographySuite/AuthenticationTransformConstants**  
 Added in Windows 10, version 1607.
diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index ea97295698..7ac4734a65 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 10/30/2020
 ---
 
diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md
index ee3e5cfb4c..d318a8734b 100644
--- a/windows/client-management/mdm/vpnv2-profile-xsd.md
+++ b/windows/client-management/mdm/vpnv2-profile-xsd.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 07/14/2020
 ---
 
diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md
index d6b9110b32..fca8b3674b 100644
--- a/windows/client-management/mdm/w4-application-csp.md
+++ b/windows/client-management/mdm/w4-application-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -19,13 +19,20 @@ Use an **APPLICATION** configuration service provider that has an APPID of w4 to
 
 The default security roles are defined in the root characteristic, and map to each subnode unless specific permission is granted to the subnode. The default security roles are Manager, Operator, and Operator – TPS.
 
-> **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_W4\_APPLICATION capabilities to be accessed from a network configuration application.
+> [!NOTE]
+> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_W4\_APPLICATION capabilities to be accessed from a network configuration application.
 
- 
+The following shows the configuration service provider in tree format as used by OMA Client Provisioning.
 
-The following diagram shows the configuration service provider in tree format as used by OMA Client Provisioning.
-
-![w4 application csp (cp)](images/provisioning-csp-w4-application-cp.png)
+```cmd
+APPLICATION
+----APPID
+----NAME
+----TO-PROXY
+----TO-NAPID
+----ADDR
+----MS
+```
 
 **APPID**
 Required. This parameter takes a string value. The only supported value for configuring MMS is "w4".
@@ -39,21 +46,20 @@ This parameter takes a string value. The possible values to configure the NAME p
 
 -   no value specified
 
-> **Note**  MDM servers should resend APPLICATION/NAME to DMAcc after an upgrade because this value is displayed in the UI but not saved in Windows Phone 8.1 and cannot be migrated to Windows 10.
+> [!NOTE]
+> The APPLICATION/NAME value is displayed in the UI. The APPLICATION/NAME value might not be saved on the device. So after an upgrade, the MDM servers should resend APPLICATION/NAME to DMAcc.
 
- 
-
-If no value is specified, the registry location will default to <unnamed>.
+If no value is specified, the registry location will default to ``.
 
 If `Name` is greater than 40 characters, it will be truncated to 40 characters.
 
 **TO-PROXY**
-Required. Specifies one logical proxy with a matching PROXY-ID. It is only possible to refer to proxies defined within the same provisioning file. Only one proxy can be listed.
+Required. Specifies one logical proxy with a matching PROXY-ID. It's only possible to refer to proxies defined within the same provisioning file. Only one proxy can be listed.
 
 The TO-PROXY value must be set to the value of the PROXY ID in PXLOGICAL that defines the MMS specific-proxy.
 
 **TO-NAPID**
-Required. Specifies the network access point identification name (NAPID) defined in the provisioning file. This parameter takes a string value. It is only possible to refer to network access points defined within the same provisioning file (except if the INTERNET attribute is set in the NAPDEF characteristic). For more information about the NAPDEF characteristic, see [NAPDEF configuration service provider](napdef-csp.md).
+Required. Specifies the network access point identification name (NAPID) defined in the provisioning file. This parameter takes a string value. It's only possible to refer to network access points defined within the same provisioning file (except if the INTERNET attribute is set in the NAPDEF characteristic). For more information about the NAPDEF characteristic, see [NAPDEF configuration service provider](napdef-csp.md).
 
 **ADDR**
 Required. Specifies the address of the MMS application server, as a string. The possible values to configure the ADDR parameter are:
@@ -65,19 +71,9 @@ Required. Specifies the address of the MMS application server, as a string. The
 -   A fully qualified Internet domain name
 
 **MS**
-Optional. The maximum authorized size, in KB, for multimedia content. This parameter takes a numeric value in string format. If the value is not a number, or is less than or equal to 10, it will be ignored and outgoing MMS will not be resized.
+Optional. The maximum authorized size, in KB, for multimedia content. This parameter takes a numeric value in string format. If the value isn't a number, or is less than or equal to 10, it will be ignored and outgoing MMS won't be resized.
 
 ## Related topics
 
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md
index 20f21f79bc..139c2e3cfd 100644
--- a/windows/client-management/mdm/w7-application-csp.md
+++ b/windows/client-management/mdm/w7-application-csp.md
@@ -8,22 +8,48 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
 # w7 APPLICATION CSP
 
 
-The APPLICATION configuration service provider that has an APPID of w7 is used for bootstrapping a device with an OMA DM account. Although this configuration service provider is used to set up an OMA DM account, it is managed over OMA Client Provisioning.
+The APPLICATION configuration service provider that has an APPID of w7 is used for bootstrapping a device with an OMA DM account. Although this configuration service provider is used to set up an OMA DM account, it's managed over OMA Client Provisioning.
 
 > **Note**  This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application.
 
- 
 
-The following image shows the configuration service provider in tree format as used by OMA Client Provisioning.
+The following shows the configuration service provider in tree format as used by OMA Client Provisioning.
 
-![w7 application csp (dm)](images/provisioning-csp-w7-application-dm.png)
+```console
+APPLICATION
+---APPADDR
+------ADDR
+------ADDRTYPE
+------PORT
+---------PORTNBR
+---APPAUTH
+------AAUTHDATA
+------AAUTHLEVEL
+------AAUTHNAME
+------AAUTHSECRET
+------AAUTHTYPE
+---AppID
+---BACKCOMPATRETRYDISABLED
+---CONNRETRYFREQ
+---DEFAULTENCODING
+---INIT
+---INITIALBACKOFTIME
+---MAXBACKOFTIME
+---NAME
+---PROTOVER
+---PROVIDER-ID
+---ROLE 
+---TO-NAPID
+---USEHWDEVID
+---SSLCLIENTCERTSEARCHCRITERIA
+```
 
 > **Note**   All parm names and characteristic types are case sensitive and must use all uppercase.
 Both APPSRV and CLIENT credentials must be provided in provisioning XML.
@@ -51,7 +77,7 @@ Required. The PORTNBR parameter is used in the PORT characteristic to get or set
 This characteristic is used in the w7 APPLICATION characteristic to specify authentication information.
 
 **APPAUTH/AAUTHDATA**  
-Optional. The AAUTHDATA parameter is used in the APPAUTH characteristic to get or set additional data used in authentication. This parameter is used to convey the nonce for digest authentication type. This parameter takes a string value. The value of this parameter is a base64-encoded in the form of a series of bytes. Note that if the AAUTHTYPE is DIGEST, this is used as a nonce value in the MD5 hash calculation, and the octal form of the binary data should be used when calculating the hash at the server side and device side.
+Optional. The AAUTHDATA parameter is used in the APPAUTH characteristic to get or set more data used in authentication. This parameter is used to convey the nonce for digest authentication type. This parameter takes a string value. The value of this parameter is a base64-encoded in the form of a series of bytes. If the AAUTHTYPE is DIGEST, this value is used as a nonce value in the MD5 hash calculation, and the octal form of the binary data should be used when calculating the hash at the server side and device side.
 
 **APPAUTH/AAUTHLEVEL**  
 Required. The AAUTHLEVEL parameter is used in the APPAUTH characteristic to indicate whether credentials are for server authentication or client authentication. This parameter takes a string value. You can set this value.
@@ -85,7 +111,7 @@ Required. The APPID parameter is used in the APPLICATION characteristic to diffe
 **BACKCOMPATRETRYDISABLED**  
 Optional. The BACKCOMPATRETRYDISABLED parameter is used in the APPLICATION characteristic to specify whether to retry resending a package with an older protocol version (for example, 1.1) in the SyncHdr (not including the first time).
 
-> **Note**   This parameter does not contain a value. The existence of this parameter means backward compatibility retry is disabled. If the parameter is missing, it means backward compatibility retry is enabled.
+> **Note**   This parameter doesn't contain a value. The existence of this parameter means backward compatibility retry is disabled. If the parameter is missing, it means backward compatibility retry is enabled.
 
  
 
@@ -104,8 +130,8 @@ The valid values are:
 **INIT**  
 Optional. The INIT parameter is used in the APPLICATION characteristic to indicate that the management server wants the client to initiate a management session immediately after settings approval. If the current w7 APPLICATION document will be put in ROM, the INIT parameter must not be present.
 
-> **Note**   This node is only for mobile operators and MDM servers that try to use this will fail. This node is not supported in the enterprise MDM enrollment scenario.
-This parameter forces the device to attempt to connect with the OMA DM server. The connection attempt fails if the XML is set during the coldinit phase. A common cause of this failure is that immediately after coldinit is finished the radio is not yet ready.
+> **Note**   This node is only for mobile operators and MDM servers that try to use this will fail. This node isn't supported in the enterprise MDM enrollment scenario.
+This parameter forces the device to attempt to connect with the OMA DM server. The connection attempt fails if the XML is set during the coldinit phase. A common cause of this failure is that immediately after coldinit is finished the radio isn't yet ready.
 
  
 
@@ -121,7 +147,7 @@ Optional. The NAME parameter is used in the APPLICATION characteristic to specif
 The NAME parameter can be a string or null (no value). If no value is specified, the registry location will default to <unnamed>.
 
 **PROTOVER**  
-Optional. The PROTOVER parameter is used in the APPLICATION characteristic to specify the OMA DM Protocol version the server supports. No default value is assumed. The protocol version set by this node will match the protocol version that the DM client reports to the server in SyncHdr in package 1. If this node is not specified when adding a DM server account, the latest DM protocol version that the client supports is used. In Windows Phone this is 1.2. This is a Microsoft custom parameter. You can set this parameter.
+Optional. The PROTOVER parameter is used in the APPLICATION characteristic to specify the OMA DM Protocol version the server supports. No default value is assumed. The protocol version set by this node will match the protocol version that the DM client reports to the server in SyncHdr in package 1. If this node isn't specified when adding a DM server account, the latest DM protocol version that the client supports is used. In Windows Phone, this version is 1.2. This parameter is a Microsoft custom parameter. You can set this parameter.
 
 Possible values:
 
@@ -133,32 +159,32 @@ Possible values:
 Optional. The PROVIDER-ID parameter is used in the APPLICATION characteristic to differentiate OMA DM servers. It specifies the server identifier for a management server used in the current management session. This parameter takes a string value. You can set this parameter.
 
 **ROLE**  
-Optional. The ROLE parameter is used in the APPLICATION characteristic to specify the security application chamber that the DM session should run with when communicating with the DM server. The only supported roles are 8 (mobile operator) and 32 (enterprise). If this parameter is not present, the mobile operator role is assumed. The enterprise role can only be set by the enterprise enrollment client. The enterprise client cannot set the mobile operator role. This is a Microsoft custom parameter. This parameter takes a numeric value in string format. You can get or set this parameter.
+Optional. The ROLE parameter is used in the APPLICATION characteristic to specify the security application chamber that the DM session should run with when communicating with the DM server. The only supported roles are 8 (mobile operator) and 32 (enterprise). If this parameter isn't present, the mobile operator role is assumed. The enterprise role can only be set by the enterprise enrollment client. The enterprise client can't set the mobile operator role. This parameter is a Microsoft custom parameter. This parameter takes a numeric value in string format. You can get or set this parameter.
 
 **TO-NAPID**  
 Optional. The TO-NAPID parameter is used in the APPLICATION characteristic to specify the Network Access Point the client will use to connect to the OMA DM server. If multiple TO-NAPID parameters are specified, only the first TO-NAPID value will be stored. This parameter takes a string value. You can set this parameter.
 
 **USEHWDEVID**  
-Optional. The USEHWDEVID parameter is used in the APPLICATION characteristic to specify use of device hardware identification. It does not have a value.
+Optional. The USEHWDEVID parameter is used in the APPLICATION characteristic to specify use of device hardware identification. It doesn't have a value.
 
--   If the parameter is not present, the default behavior is to use an application-specific GUID used rather than the hardware device ID.
+-   If the parameter isn't present, the default behavior is to use an application-specific GUID used rather than the hardware device ID.
 
 -   If the parameter is present, the hardware device ID will be provided at the **./DevInfo/DevID** node and in the Source LocURI for the DM package sent to the server. International Mobile Subscriber Identity (IMEI) is returned for a GSM device.
 
 **SSLCLIENTCERTSEARCHCRITERIA**  
-Optional. The SSLCLIENTCERTSEARCHCRITERIA parameter is used in the APPLICATION characteristic to specify the client certificate search criteria. This parameter supports search by subject attribute and certificate stores. If any other criteria are provided, it is ignored.
+Optional. The SSLCLIENTCERTSEARCHCRITERIA parameter is used in the APPLICATION characteristic to specify the client certificate search criteria. This parameter supports search by subject attribute and certificate stores. If any other criteria are provided, it's ignored.
 
 The string is a concatenation of name/value pairs, each member of the pair delimited by the "&" character. The name and values are delimited by the "=" character. If there are multiple values, each value is delimited by the Unicode character "U+F000". If the name or value contains characters not in the UNRESERVED set (as specified in RFC2396), then those characters are URI-escaped per the RFC.
 
-The supported names are Subject and Stores; wildcard certificate search is not supported.
+The supported names are Subject and Stores; wildcard certificate search isn't supported.
 
-Stores specifies which certificate stores the DM client will search to find the SSL client certificate. The valid store value is My%5CUser. The store name is not case sensitive.
+Stores specifies which certificate stores the DM client will search to find the SSL client certificate. The valid store value is My%5CUser. The store name isn't case sensitive.
 
 > **Note**   %EF%80%80 is the UTF8-encoded character U+F000.
 
  
 
-Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following:
+Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following syntax:
 
 ```xml
  [!WARNING]
 > Some information relates to pre-released products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
-The WiFi configuration service provider provides the functionality to add or delete Wi-Fi networks on a Windows device. The configuration service provider accepts SyncML input and converts it to a network profile that is installed on the device. This profile enables the device to connect to the Wi-Fi network when it is in range.
+The WiFi configuration service provider provides the functionality to add or delete Wi-Fi networks on a Windows device. The configuration service provider accepts SyncML input and converts it to a network profile that is installed on the device. This profile enables the device to connect to the Wi-Fi network when it's in range.
 
 Programming considerations:
 
--   If the authentication method needs a certificate, for example, EAP-TLS requires client certificates, you must configure it through the CertificateStore configuration service provider. The WiFi configuration service provider does not provide that functionality; instead, the Wi-Fi profile can specify characteristics of the certificate to be used for choosing the right certificate for that network. The server must successfully enroll the certificate first before deploying the Wi-Fi network configuration. For example, for an EAP-TLS profile, the server must successfully configure and enroll the required client certificate before deploying the Wi-Fi profile. Self-signed certificate works for EAP-TLS/PEAP-MSCHAPv2, but it is not supported in EAP-TLS.
--   Because the Windows 10 Mobile emulator does not support Wi-Fi, you cannot test the Wi-Fi configuration with an emulator. You can still provision a Wi-Fi network using the WiFi CSP, then check it in the Wi-Fi settings page, but you cannot test the network connectivity in the emulator.
--   For WEP, WPA, and WPA2-based networks, include the passkey in the network configuration in plaintext. The passkey is encrypted automatically when it is stored on the device.
--   The SSID of the Wi-Fi network part of the LocURI node must be a valid URI based on RFC 2396. This requires that all non-ASCII characters must be escaped using a %-character. Unicode characters without the necessary escaping are not supported.
+-   If the authentication method needs a certificate, for example, EAP-TLS requires client certificates, you must configure it through the CertificateStore configuration service provider. The WiFi configuration service provider doesn't provide that functionality; instead, the Wi-Fi profile can specify characteristics of the certificate to be used for choosing the right certificate for that network. The server must successfully enroll the certificate first before deploying the Wi-Fi network configuration. For example, for an EAP-TLS profile, the server must successfully configure and enroll the required client certificate before deploying the Wi-Fi profile. Self-signed certificate works for EAP-TLS/PEAP-MSCHAPv2, but it isn't supported in EAP-TLS.
+-   For WEP, WPA, and WPA2-based networks, include the passkey in the network configuration in plaintext. The passkey is encrypted automatically when it's stored on the device.
+-   The SSID of the Wi-Fi network part of the LocURI node must be a valid URI based on RFC 2396. This condition requires that all non-ASCII characters must be escaped using a %-character. Unicode characters without the necessary escaping aren't supported.
 -   The \*name\_goes\_here*\\ must match \\ *name\_goes\_here*\\.
--   For the WiFi CSP, you cannot use the Replace command unless the node already exists.
--   Using Proxyis only supported in Windows 10 Mobile. Using this configuration in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) will result in failure.
+-   For the WiFi CSP, you can't use the Replace command unless the node already exists.
+-   Using Proxyis in Windows 10 client editions (Home, Pro, Enterprise, and Education) will result in failure.
 
-The following image shows the WiFi configuration service provider in tree format.
+The following example shows the WiFi configuration service provider in tree format.
+
+```console
+./Device/Vendor/MSFT
+or
+./User/Vendor/MSFT
+WiFi
+---Profile 
+------SSID
+---------WlanXML
+---------WiFiCost
+```
 
-![wi-fi csp diagram](images/provisioning-csp-wifi.png)
 
 The following list shows the characteristics and parameters.
 
@@ -39,14 +48,14 @@ The following list shows the characteristics and parameters.
 For user profile, use ./User/Vendor/MSFT/Wifi path and for device profile, use ./Device/Vendor/MSFT/Wifi path.
 
 **Profile**
-Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is represented by a profile object. This network profile includes all the information required for the device to connect to that network – for example, the SSID, authentication and encryption methods and passphrase in case of WEP or WPA2 networks.
+Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is represented by a profile object. This network profile includes all the information required for the device to connect to that network – for example, the SSID, authentication and encryption methods and passphrase if there's WEP or WPA2 networks.
 
 Supported operation is Get.
 
 **\**
 Specifies the name of the Wi-Fi network (32 bytes maximum) to create, configure, query, or delete. The name is case sensitive and can be represented in ASCII. The SSID is added when the WlanXML node is added. When the SSID node is deleted, then all the subnodes are also deleted.
 
-SSID is the name of network you are connecting to, while Profile name is the name of the Profile which contains the WiFi settings information. If the Profile name is not set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. For example, \./Vendor/MSFT/WiFi/Profile/<*MUST BE NAME OF PROFILE AS PER WIFI XML*>/WlanXml\.
+SSID is the name of network you're connecting to, while Profile name is the name of the Profile that contains the WiFi settings information. If the Profile name isn't set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. For example, \./Vendor/MSFT/WiFi/Profile/<*MUST BE NAME OF PROFILE AS PER WIFI XML*>/WlanXml\.
 
 The supported operations are Add, Get, Delete, and Replace.
 
@@ -61,11 +70,16 @@ The profile XML must be escaped, as shown in the examples below.
 
 If it exists in the blob, the **keyType** and **protected** elements must come before **keyMaterial**, as shown in the example in [WPA2-Personal Profile Sample](/windows/win32/nativewifi/wpa2-personal-profile-sample).
 
-> **Note**  If you need to specify other advanced conditions, such as specifying criteria for certificates that can be used by the Wi-Fi profile, you can do so by specifying this through the EapHostConfig portion of the WlanXML. For more information, see [EAP configuration](./eap-configuration.md).
+> [!NOTE]
+> If you need to specify other advanced conditions, such as specifying criteria for certificates that can be used by the Wi-Fi profile, you can do so by specifying this through the EapHostConfig portion of the WlanXML. For more information, see [EAP configuration](./eap-configuration.md).
 
 The supported operations are Add, Get, Delete, and Replace.
 
 **Proxy**
+Don't use. Using this configuration in Windows 10 client editions will result in failure.
+
+
 
 **DisableInternetConnectivityChecks**
 > [!Note]
 > This node has been deprecated since Windows 10, version 1607.
 
-Added in Windows 10, version 1511. Optional. Disable the internet connectivity check for the profile.
+Added in Windows 10, version 1511. Optional. Disable the internet connectivity check for the profile.
 
 Value type is chr.
 
@@ -92,14 +107,24 @@ Value type is chr.
 Supported operations are Get, Add, Delete, and Replace.
 
 **ProxyPacUrl**
+Don't use. Using this configuration in Windows 10 client editions will result in failure.
+
+
 
 **ProxyWPAD**
-Added in Windows 10, version 1607. Optional. When set to true it enables Web Proxy Auto-Discovery Protocol (WPAD) for proxy lookup.This proxy configuration is only supported in Windows 10 Mobile.
+Don't use. Using this configuration in Windows 10 client editions will result in failure.
+
+
 
 **WiFiCost**
 Added in Windows 10, version 1809. Optional. This policy sets the cost of WLAN connection for the Wi-Fi profile. Default behavior: Unrestricted.
@@ -119,7 +144,7 @@ These XML examples show how to perform various tasks using OMA DM.
 
 ### Add a network
 
-The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwork,' a proxy URL 'testproxy,' and port 80.
+The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwork,'.
 
 ```xml
 
@@ -138,18 +163,6 @@ The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwor
           MyNetwork412D4D534654574C414EMyNetworkfalseESSmanualWPA2AEStrueuser2500025truetruefalse26falsefalsefalsefalsefalse 
         
       
-      
-        $CmdID$
-        
-          
-            ./Vendor/MSFT/WiFi/Profile/MyNetwork/Proxy
-          
-          
-            chr
-          
-          testproxy:80
-        
-      
     
     
   
diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md
index 8dff039754..c64fc0e3c2 100644
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/28/2018
 ---
 
@@ -120,84 +120,6 @@ The XML below is for Windows 10, version 1809.
             
           
         
-        
-          Proxy
-          
-            
-              
-              
-              
-              
-            
-            Optional node. The format is url:port. Configuration of the network proxy (if any).
-            
-              
-            
-            
-              
-            
-            
-              
-            
-            
-              
-            
-            
-              text/plain
-            
-          
-        
-        
-          ProxyPacUrl
-          
-            
-              
-              
-              
-              
-            
-            Optional node. URL to the PAC file location.
-            
-              
-            
-            
-              
-            
-            
-              
-            
-            
-              
-            
-            
-              text/plain
-            
-          
-        
-        
-          ProxyWPAD
-          
-            
-              
-              
-              
-              
-            
-            Optional node: The presence of the field enables WPAD for proxy lookup.
-            
-              
-            
-            
-              
-            
-            
-              
-            
-            
-              text/plain
-            
-          
-        
       
     
   
@@ -206,15 +128,4 @@ The XML below is for Windows 10, version 1809.
 
 ## Related topics
 
-
 [WiFi configuration service provider](wifi-csp.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
index 3d2584ee4e..f822a664d9 100644
--- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
+++ b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
@@ -1,31 +1,31 @@
 ---
-title: Win32 and Desktop Bridge app policy configuration
-description: Starting in Windows 10, version 1703, you can import ADMX files and set those ADMX-backed policies for Win32 and Desktop Bridge apps.
+title: Win32 and Desktop Bridge app ADMX policy Ingestion
+description: Starting in Windows 10, version 1703, you can ingest ADMX files and set those ADMX policies for Win32 and Desktop Bridge apps.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 03/23/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
-# Win32 and Desktop Bridge app policy configuration
+# Win32 and Desktop Bridge app ADMX policy Ingestion
   
 ## In this section
 
 -   [Overview](#overview)
 -   [Ingesting an app ADMX file](#ingesting-an-app-admx-file)
 -   [URI format for configuring an app policy](#uri-format-for-configuring-an-app-policy)
--   [ADMX-backed app policy examples](#admx-backed-app-policy-examples)
+-   [ADMX app policy examples](#admx-backed-app-policy-examples)
     - [Enabling an app policy](#enabling-an-app-policy)
     - [Disabling an app policy](#disabling-an-app-policy)
     - [Setting an app policy to not configured](#setting-an-app-policy-to-not-configured)
 
 ## Overview
 
-Starting in Windows 10, version 1703, you can import ADMX files (also called ADMX ingestion) and set those ADMX-backed policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies. 
+Starting in Windows 10, version 1703, you can ingest ADMX files (ADMX ingestion) and set those ADMX policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies. 
 
 NOTE: Starting from the following Windows 10 version Replace command is supported
 - Windows 10, version 1903 with KB4512941 and KB4517211 installed 
@@ -33,7 +33,7 @@ NOTE: Starting from the following Windows 10 version Replace command is supporte
 - Windows 10, version 1803 with KB4512509 and KB installed 
 - Windows 10, version 1709 with KB4516071 and KB installed 
 
-When the ADMX policies are imported, the registry keys to which each policy is written are checked so that known system registry keys, or registry keys that are used by existing inbox policies or system components, are not overwritten. This precaution helps to avoid security concerns over opening the entire registry. Currently, the ingested policies are not allowed to write to locations within the **System**, **Software\Microsoft**, and **Software\Policies\Microsoft** keys, except for the following locations:
+When the ADMX policies are ingested, the registry keys to which each policy is written are checked so that known system registry keys, or registry keys that are used by existing inbox policies or system components, are not overwritten. This precaution helps to avoid security concerns over opening the entire registry. Currently, the ingested policies are not allowed to write to locations within the **System**, **Software\Microsoft**, and **Software\Policies\Microsoft** keys, except for the following locations:
 
 - Software\Policies\Microsoft\Office\
 - Software\Microsoft\Office\
@@ -58,7 +58,7 @@ When the ADMX policies are imported, the registry keys to which each policy is w
 - Software\Microsoft\EdgeUpdate\
 
 > [!Warning]
-> Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined.
+> Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still ingest ADMX files and set ADMX policies regardless of whether the device is domain joined or non-domain joined.
 
 > [!NOTE]
 > Settings that cannot be configured using custom policy ingestion have to be set by pushing the appropriate registry keys directly (for example, by using PowerShell script). 
diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md
index c8c22786a1..a537048478 100644
--- a/windows/client-management/mdm/win32appinventory-csp.md
+++ b/windows/client-management/mdm/win32appinventory-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -17,7 +17,7 @@ ms.date: 06/26/2017
 
 The Win32AppInventory configuration service provider is used to provide an inventory of installed applications on a device.
 
-The following shows the Win32AppInventory configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
+The following example shows the Win32AppInventory configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
 
 ```
 ./Vendor/MSFT/Win32AppInventory
@@ -69,9 +69,9 @@ The supported operation is Get.
 **Win32InstalledProgram/_InstalledProgram_/RegKey**
 A string that specifies product code or registry subkey.
 
-For MSI-based applications this is the product code.
+For MSI-based applications, this string is the product code.
 
-For applications found in Add/Remove Programs, this is the registry subkey.
+For applications found in Add/Remove Programs, this string is the registry subkey.
 
 The supported operation is Get.
 
diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md
index 1f20685d75..a70763abb9 100644
--- a/windows/client-management/mdm/win32appinventory-ddf-file.md
+++ b/windows/client-management/mdm/win32appinventory-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
index a3868db287..015e95075d 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 07/19/2018
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
index ce4b0b3bf3..05237311f1 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 07/19/2018
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/mdm/windows-mdm-enterprise-settings.md
index a8be6bba9c..d9ef683424 100644
--- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md
+++ b/windows/client-management/mdm/windows-mdm-enterprise-settings.md
@@ -11,13 +11,13 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
 # Enterprise settings, policies, and app management
 
-The actual management interaction between the device and server is done via the DM client. The DM client communicates with the enterprise management server via DM v1.2 SyncML syntax. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526).
+The actual management interaction between the device and server is done via the DM client. The DM client communicates with the enterprise management server via DM v1.2 SyncML syntax. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://technical.openmobilealliance.org/).
 
 Windows currently supports one MDM server. The DM client that is configured via the enrollment process is granted access to enterprise related settings. Enterprise MDM settings are exposed via various configuration service providers to the DM client. For the list of available configuration service providers, see [Configuration service provider reference](configuration-service-provider-reference.md).
 
@@ -25,7 +25,7 @@ The DM client is configured during the enrollment process to be invoked by the t
 
 The following diagram shows the work flow between server and client.
 
-![windows client and server mdm diagram](images/enterprise-workflow.png)
+![windows client and server mdm diagram.](images/enterprise-workflow.png)
 
 
 ## Management workflow
@@ -36,12 +36,12 @@ To facilitate security-enhanced communication with the remote server for enterpr
 
 The DM client configuration, company policy enforcement, business application management, and device inventory are all exposed or expressed via configuration service providers (CSPs). CSPs are the Windows term for managed objects. The DM client communicates with the server and sends configuration request to CSPs. The server only needs to know the logical local URIs defined by those CSP nodes in order to use the DM protocol XML to manage the device.
 
-Here is a summary of the DM tasks supported for enterprise management:
+Here's a summary of the DM tasks supported for enterprise management:
 
 -   Company policy management: Company policies are supported via the Policy CSP allows the enterprise to manage various settings. It enables the management service to configure device lock related policies, disable/enable the storage card, and query the device encryption status. The RemoteWipe CSP allows IT pros to remotely fully wipe the internal user data storage.
--   Enterprise application management: This is addressed via the Enterprise ModernApp Management CSP and several ApplicationManagement-related policies. It is used to install the enterprise token, query installed business application names and versions, etc. This CSP is only accessible by the enterprise service.
+-   Enterprise application management: This task is addressed via the Enterprise ModernApp Management CSP and several ApplicationManagement-related policies. It's used to install the enterprise token, query installed business application names and versions, etc. This CSP is only accessible by the enterprise service.
 -   Certificate management: CertificateStore CSP, RootCACertificate CSP, and ClientCertificateInstall CSP are used to install certificates.
--   Basic device inventory and asset management: Some basic device information can be retrieved via the DevInfo CSP, DevDetail CSPs and the DeviceStatus CSP. These provide basic device information such as OEM name, device model, hardware version, OS version, processor types, etc. This is for asset management and device targeting. The NodeCache CSP enables the device to only send out delta inventory settings to the server to reduce over-the-air data usage. The NodeCache CSP is only accessible by the enterprise service.
+-   Basic device inventory and asset management: Some basic device information can be retrieved via the DevInfo CSP, DevDetail CSPs and the DeviceStatus CSP. These provide basic device information such as OEM name, device model, hardware version, OS version, processor types, etc. This information is for asset management and device targeting. The NodeCache CSP enables the device to only send out delta inventory settings to the server to reduce over-the-air data usage. The NodeCache CSP is only accessible by the enterprise service.
 
  
 
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
index c68424cd04..2d7afd2ff5 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/01/2017
 ---
 
@@ -17,105 +17,121 @@ ms.date: 11/01/2017
 
 The Windows Defender Advanced Threat Protection (WDATP) configuration service provider (CSP) allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP.
 
-The following diagram shows the WDATP configuration service provider in tree format as used by the Open Mobile Alliance (OMA) Device Management (DM).
+The following example shows the WDATP configuration service provider in tree format as used by the Open Mobile Alliance (OMA) Device Management (DM).
 
-![windowsadvancedthreatprotection csp diagram](images/provisioning-csp-watp.png)
+```console
+./Device/Vendor/MSFT
+WindowsAdvancedThreatProtection
+----Onboarding
+----HealthState
+--------LastConnected
+--------SenseIsRunning
+--------OnboardingState
+--------OrgId
+----Configuration
+--------SampleSharing
+--------TelemetryReportingFrequency
+----Offboarding
+----DeviceTagging
+--------Group
+--------Criticality
+```
 
 The following list describes the characteristics and parameters.
 
 **./Device/Vendor/MSFT/WindowsAdvancedThreatProtection**  
-
                  The root node for the Windows Defender Advanced Threat Protection configuration service provider.
+
                  The root node for the Windows Defender Advanced Threat Protection configuration service provider.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **Onboarding**  
-
                  Sets Windows Defender Advanced Threat Protection Onboarding blob and initiates onboarding to Windows Defender Advanced Threat Protection.
+
                  Sets Windows Defender Advanced Threat Protection Onboarding blob and initiates onboarding to Windows Defender Advanced Threat Protection.
 
-
                  The data type is a string.
+
                  The data type is a string.
 
-
                  Supported operations are Get and Replace.
+
                  Supported operations are Get and Replace.
 
 **HealthState**  
-
                  Node that represents the Windows Defender Advanced Threat Protection health state.
+
                  Node that represents the Windows Defender Advanced Threat Protection health state.
 
 **HealthState/LastConnected**  
-
                  Contains the timestamp of the last successful connection.
+
                  Contains the timestamp of the last successful connection.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **HealthState/SenseIsRunning**  
-
                  Boolean value that identifies the Windows Defender Advanced Threat Protection Sense running state.
+
                  Boolean value that identifies the Windows Defender Advanced Threat Protection Sense running state.
 
-
                  The default value is false.
+
                  The default value is false.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **HealthState/OnboardingState**  
-
                  Represents the onboarding state.
+
                  Represents the onboarding state.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
-
                  The following list shows the supported values:
+
                  The following list shows the supported values:
 
 -   0 (default) – Not onboarded.
 -   1 – Onboarded
 
 **HealthState/OrgId**  
-
                  String that represents the OrgID.
+
                  String that represents the OrgID.
 
-
                  Supported operation is Get.
+
                  Supported operation is Get.
 
 **Configuration**  
-
                  Represents Windows Defender Advanced Threat Protection configuration.
+
                  Represents Windows Defender Advanced Threat Protection configuration.
 
 **Configuration/SampleSharing**  
-
                  Returns or sets the Windows Defender Advanced Threat Protection Sample Sharing configuration parameter.
+
                  Returns or sets the Windows Defender Advanced Threat Protection Sample Sharing configuration parameter.
 
-
                  The following list shows the supported values:
+
                  The following list shows the supported values:
 
 -   0 – None
 -   1 (default)– All
 
-
                  Supported operations are Get and Replace.
+
                  Supported operations are Get and Replace.
 
 **Configuration/TelemetryReportingFrequency**  
-
                  Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection diagnostic data reporting frequency. 
+
                  Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection diagnostic data reporting frequency. 
 
-
                  The following list shows the supported values:
+
                  The following list shows the supported values:
 
 -   1 (default) – Normal
 -   2 - Expedite
 
-
                  Supported operations are Get and Replace.
+
                  Supported operations are Get and Replace.
 
 **Offboarding**  
-
                  Sets the Windows Defender Advanced Threat Protection Offboarding blob and initiates offboarding to Windows Defender Advanced Threat Protection.
+
                  Sets the Windows Defender Advanced Threat Protection Offboarding blob and initiates offboarding to Windows Defender Advanced Threat Protection.
 
-
                  The data type is a string.
+
                  The data type is a string.
 
-
                  Supported operations are Get and Replace.
+
                  Supported operations are Get and Replace.
 
 **DeviceTagging**  
-
                  Added in Windows 10, version 1709. Represents Windows Defender Advanced Threat Protection configuration for managing role based access and device tagging.
+
                  Added in Windows 10, version 1709. Represents Windows Defender Advanced Threat Protection configuration for managing role based access and device tagging.
 
-
                  Supported operations is Get.
+
                  Supported operation is Get.
 
 **DeviceTagging/Group**  
-
                  Added in Windows 10, version 1709. Device group identifiers.
+
                  Added in Windows 10, version 1709. Device group identifiers.
 
-
                  The data type is a string.
+
                  The data type is a string.
 
-
                  Supported operations are Get and Replace.
+
                  Supported operations are Get and Replace.
 
 **DeviceTagging/Criticality**  
-
                  Added in Windows 10, version 1709. Asset criticality value. Supported values:  
+
                  Added in Windows 10, version 1709. Asset criticality value. Supported values:  
 
 - 0 - Normal
 - 1 - Critical
 
-
                  The data type is an integer.
+
                  The data type is an integer.
 
-
                  Supported operations are Get and Replace.
+
                  Supported operations are Get and Replace.
 
 ## Examples
 
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
index 5877c32e22..93b378c6f0 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 12/05/2017
 ---
 
diff --git a/windows/client-management/mdm/windowsautopilot-csp.md b/windows/client-management/mdm/windowsautopilot-csp.md
new file mode 100644
index 0000000000..b50c42c129
--- /dev/null
+++ b/windows/client-management/mdm/windowsautopilot-csp.md
@@ -0,0 +1,29 @@
+---
+title: WindowsAutoPilot CSP
+description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, which results in security and privacy concerns in Autopilot.
+ms.assetid: E6BC6B0D-1F16-48A5-9AC4-76D69A7EDDA6
+ms.reviewer: 
+manager: dansimp
+ms.author: v-nsatapathy
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 02/07/2022
+---
+
+# WindowsAutoPilot CSP
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+The WindowsAutopilot CSP collects hardware information about a device and formats it into a BLOB. This BLOB is used as input for calling Windows Autopilot Service to mark a device as remediation required if the device underwent a hardware change that affects its ability to use Windows Autopilot.” with “The WindowsAutopilot CSP exposes Windows Autopilot related device information.” Because the CSP description should be more general/high level.
+
+**./Vendor/MSFT/WindowsAutopilot**
+
+Root node. Supported operation is Get.
+
+**HardwareMismatchRemediationData**
+
+Interior node. Supported operation is Get. Collects hardware information about a device and returns it as an encoded string. This string is used as input for calling Windows Autopilot Service to remediate a device if the device underwent a hardware change that affects its ability to use Windows Autopilot.
diff --git a/windows/client-management/mdm/windowsautopilot-ddf-file.md b/windows/client-management/mdm/windowsautopilot-ddf-file.md
new file mode 100644
index 0000000000..a07f24501d
--- /dev/null
+++ b/windows/client-management/mdm/windowsautopilot-ddf-file.md
@@ -0,0 +1,76 @@
+---
+title: WindowsAutoPilot DDF file
+description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, for the WindowsAutoPilot DDF file configuration service provider (CSP) .
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 02/07/2022
+ms.reviewer: 
+manager: dansimp
+---
+
+# WindowsAutoPilot DDF file
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+This topic shows the device description framework (DDF) for the **WindowsAutoPilot** configuration service provider. 
+
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+
+```xml
+WindowsAutopilot
+        ./Vendor/MSFT
+        
+          
+            
+          
+          These settings enable configuration of Windows Autopilot
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            com.microsoft/1.0/MDM/WindowsAutopilot
+          
+          
+            99.9.99999, 10.0.19041.1202, 10.0.19042.1202, 10.0.19043.1202
+            1.0
+          
+          
+            
+          
+        
+        
+          HardwareMismatchRemediationData
+          
+            
+              
+            
+            This data is used to remediate Autopilot hardware mismatches.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+      
+    
+  
+
+```
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index 468313fb87..febc8bed02 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -5,8 +5,8 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
-ms.date: 07/07/2020
+author: dansimp
+ms.date: 11/02/2021
 ms.reviewer: 
 manager: dansimp
 ---
@@ -15,7 +15,7 @@ manager: dansimp
 
 The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in Microsoft Defender Application Guard. This CSP was added in Windows 10, version 1709.
 
-The following shows the WindowsDefenderApplicationGuard configuration service provider in tree format.
+The following example shows the WindowsDefenderApplicationGuard configuration service provider in tree format.
 ```
 ./Device/Vendor/MSFT
 WindowsDefenderApplicationGuard
@@ -50,8 +50,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 The following list shows the supported values:
 - 0 - Disable Microsoft Defender Application Guard
 - 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY
-- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY
-- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments
+- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY (added in Windows 10, version 2004)
+- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments (added in Windows 10, version 2004)
 
 **Settings/ClipboardFileType**  
 Determines the type of content that can be copied from the host to Application Guard environment and vice versa. 
@@ -67,7 +67,7 @@ The following list shows the supported values:
 
 
 ADMX Info:  
-- GP English name: *Configure Microsoft Defender Application Guard clipboard settings*
+- GP Friendly name: *Configure Microsoft Defender Application Guard clipboard settings*
 - GP name: *AppHVSIClipboardFileType*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@@ -91,7 +91,7 @@ The following list shows the supported values:
 
 
 ADMX Info:  
-- GP English name: *Configure Microsoft Defender Application Guard clipboard settings*
+- GP Friendly name: *Configure Microsoft Defender Application Guard clipboard settings*
 - GP name: *AppHVSIClipboardSettings*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@@ -124,7 +124,7 @@ The following list shows the supported values:
 
 
 ADMX Info:  
-- GP English name: *Configure Microsoft Defender Application Guard print settings*
+- GP Friendly name: *Configure Microsoft Defender Application Guard print settings*
 - GP name: *AppHVSIPrintingSettings*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@@ -139,14 +139,14 @@ This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or W
 
 The following list shows the supported values:  
 - 0 (default) - Non-enterprise content embedded in enterprise sites is allowed to open outside of the Microsoft Defender Application Guard container, directly in Internet Explorer and Microsoft Edge.
-- 1 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Microsoft Defender Application Guard.
+- 1 - Non-enterprise content embedded on enterprise sites is stopped from opening in Internet Explorer or Microsoft Edge outside of Microsoft Defender Application Guard.
 
 > [!NOTE]
 > This policy setting is no longer supported in the new Microsoft Edge browser. The policy will be deprecated and removed in a future release. Webpages that contain mixed content, both enterprise and non-enterprise, may load incorrectly or fail completely if this feature is enabled.
 
 
 ADMX Info:  
-- GP English name: *Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer*
+- GP Friendly name: *Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer*
 - GP name: *BlockNonEnterpriseContent*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@@ -160,12 +160,12 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode.
 
 The following list shows the supported values:  
-- 0 - Application Guard discards user-downloaded files and other items (such as, cookies, Favorites, and so on) during machine restart or user log-off.
+- 0 - Application Guard discards user-downloaded files and other items (such as, cookies, Favorites, and so on) during machine restart or user sign out.
 - 1 - Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.
 
 
 ADMX Info:  
-- GP English name: *Allow data persistence for Microsoft Defender Application Guard*
+- GP Friendly name: *Allow data persistence for Microsoft Defender Application Guard*
 - GP name: *AllowPersistence*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@@ -181,34 +181,34 @@ This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or W
 If you enable this setting, Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If you enable this setting without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering.
 
 The following list shows the supported values:  
-- 0 (default) - Cannot access the vGPU and uses the CPU to support rendering graphics. When the policy is not configured, it is the same as disabled (0).
-- 1 - Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This can create a faster experience when working with graphics intense websites or watching video within the container. 
+- 0 (default) - Can't access the vGPU and uses the CPU to support rendering graphics. When the policy isn't configured, it's the same as disabled (0).
+- 1 - Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This functionality can create a faster experience when working with graphics intense websites or watching video within the container. 
 
 > [!WARNING]
 > Enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.
 
 
 ADMX Info:  
-- GP English name: *Allow hardware-accelerated rendering for Microsoft Defender Application Guard*
+- GP Friendly name: *Allow hardware-accelerated rendering for Microsoft Defender Application Guard*
 - GP name: *AllowVirtualGPU*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
 
 
 **Settings/SaveFilesToHost**  
-Added in Windows 10, version 1803. This policy setting allows you to determine whether users can elect to download files from Edge in the container and persist files them from container to the host operating system. This also enables users to elect files on the host operating system and upload it through Edge in the container. 
+Added in Windows 10, version 1803. This policy setting allows you to determine whether users can elect to download files from Edge in the container and persist files them from container to the host operating system. This policy setting also enables users to elect files on the host operating system and upload it through Edge in the container. 
 
 Value type is integer. Supported operations are Add, Get, Replace, and Delete. 
 
 This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode.
 
 The following list shows the supported values:  
-- 0 (default) - The user cannot download files from Edge in the container to the host file system, or upload files from host file system to Edge in the container. When the policy is not configured, it is the same as disabled (0).
+- 0 (default) - The user can't download files from Edge in the container to the host file system, or upload files from host file system to Edge in the container. When the policy isn't configured, it's the same as disabled (0).
 - 1 - Turns on the functionality to allow users to download files from Edge in the container to the host file system.  
 
 
 ADMX Info:  
-- GP English name: *Allow files to download and save to the host operating system from Microsoft Defender Application Guard*
+- GP Friendly name: *Allow files to download and save to the host operating system from Microsoft Defender Application Guard*
 - GP name: *SaveFilesToHost*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@@ -226,11 +226,11 @@ If you enable this setting, certificates with a thumbprint matching the ones spe
 Here's an example:  
 b4e72779a8a362c860c36a6461f31e3aa7e58c14,1b1d49f06d2a697a544a1059bd59a7b058cda924
 
-If you disable or don’t configure this setting, certificates are not shared with the Microsoft Defender Application Guard container.
+If you disable or don’t configure this setting, certificates aren't shared with the Microsoft Defender Application Guard container.
 
 
 ADMX Info:  
-- GP English name: *Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device*
+- GP Friendly name: *Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device*
 - GP name: *CertificateThumbprints*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@@ -251,7 +251,7 @@ If you enable this policy setting, applications inside Microsoft Defender Applic
 If you disable or don't configure this policy setting, applications inside Microsoft Defender Application Guard will be unable to access the camera and microphone on the user’s device.
 
 The following list shows the supported values:  
-- 0 (default) - Microsoft Defender Application Guard cannot access the device’s camera and microphone. When the policy is not configured, it is the same as disabled (0).
+- 0 (default) - Microsoft Defender Application Guard can't access the device’s camera and microphone. When the policy isn't configured, it's the same as disabled (0).
 - 1 - Turns on the functionality to allow Microsoft Defender Application Guard to access the device’s camera and microphone.
 
 > [!IMPORTANT]
@@ -259,14 +259,14 @@ The following list shows the supported values:
 
 
 ADMX Info:  
-- GP English name: *Allow camera and microphone access in Microsoft Defender Application Guard*
+- GP Friendly name: *Allow camera and microphone access in Microsoft Defender Application Guard*
 - GP name: *AllowCameraMicrophoneRedirection*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
 
 
 **Status**  
-Returns bitmask that indicates status of Application Guard installation and pre-requisites on the device. 
+Returns bitmask that indicates status of Application Guard installation for Microsoft Edge and prerequisites on the device.
 
 Value type is integer. Supported operation is Get.
 
@@ -275,11 +275,13 @@ Value type is integer. Supported operation is Get.
 - Bit 2	- Set to 1 when	the client machine has a valid OS license and SKU.
 - Bit 3	- Set to 1 when	Application Guard installed on the client machine.
 - Bit 4	- Set to 1 when	required Network Isolation Policies are configured.
+ > [!IMPORTANT]
+ > If you are deploying Application Guard via Intune, Network Isolation Policy must be configured to enable Application Guard for Microsoft Edge. 
 - Bit 5	- Set to 1 when the client machine meets minimum hardware requirements.
-- Bit 6 - Set to 1 when system reboot is required.
+- Bit 6	- Set to 1 when system reboot is required.
 
 **PlatformStatus**  
-Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. 
+Added in Windows 10, version 2004. Applies to Microsoft Office/Generic platform. Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. 
 
 Value type is integer. Supported operation is Get.
 
@@ -315,7 +317,7 @@ The following list shows the supported values:
 
 
 ADMX Info:  
-- GP English name: *Allow auditing events in Microsoft Defender Application Guard*
+- GP Friendly name: *Allow auditing events in Microsoft Defender Application Guard*
 - GP name: *AuditApplicationGuard*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
index 847d9d69c8..c4c0409389 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 09/10/2018
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index 9c3bf1705a..0789764ab1 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 08/15/2018
 ---
 
@@ -17,17 +17,17 @@ ms.date: 08/15/2018
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
-The WindowsLicensing configuration service provider is designed for licensing related management scenarios. Currently the scope is limited to edition upgrades of Windows 10 desktop and mobile devices, such as Windows 10 Pro to Windows 10 Enterprise. In addition, this CSP provides the capability to activate or change the product key of Windows 10 desktop devices.
+The WindowsLicensing configuration service provider is designed for licensing related management scenarios. Currently the scope is limited to edition upgrades of Windows 10 client devices, such as Windows 10 Pro to Windows 10 Enterprise. In addition, this CSP provides the capability to activate or change the product key of Windows 10 client devices.
 
-The following shows the WindowsLicensing configuration service provider in tree format.
-```
+The following example shows the WindowsLicensing configuration service provider in tree format.
+
+```console
 ./Vendor/MSFT
 WindowsLicensing
 ----UpgradeEditionWithProductKey
 ----ChangeProductKey
 ----Edition
 ----Status
-----UpgradeEditionWithLicense
 ----LicenseKeyType
 ----CheckApplicability
 ----ChangeProductKey (Added in Windows 10, version 1703)
@@ -41,7 +41,7 @@ WindowsLicensing
 --------Status (Added in Windows 10, version 1809)
 ```
 **./Device/Vendor/MSFT/WindowsLicensing**  
-This is the root node for the WindowsLicensing configuration service provider.
+This node is the root node for the WindowsLicensing configuration service provider.
 
 The supported operation is Get.
 
@@ -70,7 +70,7 @@ If a product key is entered in a provisioning package and the user begins instal
 
 After the device restarts, the edition upgrade process completes. The user will receive a notification of the successful upgrade.
 
-This node can also be used to activate or change a product key on a particular edition of Windows 10 desktop device by entering a product key. Activation or changing a product key does not require a reboot and is a silent process for the user.
+This node can also be used to activate or change a product key on a particular edition of Windows 10 desktop device by entering a product key. Activation or changing a product key doesn't require a reboot and is a silent process for the user.
 
 > [!IMPORTANT]
 > The product key entered must be 29 characters (that is, it should include dashes), otherwise the activation, edition upgrade, or product key change on Windows 10 desktop devices will fail. The product key is acquired from Microsoft Volume Licensing Service Center. Your organization must have a Volume Licensing contract with Microsoft to access the portal.
@@ -92,14 +92,14 @@ Activation or changing a product key can be carried out on the following edition
 -   Windows 10 Pro
 
 **Edition**  
-Returns a value that maps to the Windows 10 edition running on desktop or mobile devices. Take the value, convert it into its hexadecimal equivalent and search the GetProductInfo function page on MSDN for edition information.
+Returns a value that maps to the Windows 10 edition. Take the value, convert it into its hexadecimal equivalent and search the GetProductInfo function page on MSDN for edition information.
 
 The data type is an Int.
 
 The supported operation is Get.
 
 **Status**  
-Returns the status of an edition upgrade on Windows 10 desktop or mobile devices. The status corresponds to one of the following values:
+Returns the status of an edition upgrade on Windows devices. The status corresponds to one of the following values:
 
 -   0 = Failed
 -   1 = Pending
@@ -111,13 +111,13 @@ The data type is an Int.
 
 The supported operation is Get.
 
+
+
 **LicenseKeyType**  
 Returns the parameter type used by Windows 10 devices for an edition upgrade, activation, or product key change.
 
--   Windows 10 for desktop devices require a product key.
--   Windows 10 Mobile devices require a XML license file for an edition upgrade.
+- Windows 10 client devices require a product key.
 
 The data type is a chr.
 
@@ -153,7 +152,7 @@ The data type is a chr.
 The supported operation is Exec.
 
 **ChangeProductKey**  
-Added in Windows 10, version 1703. Installs a product key for Windows 10 desktop devices. Does not reboot.
+Added in Windows 10, version 1703. Installs a product key for Windows 10 desktop devices. Doesn't reboot.
 
 The data type is a chr.
 
@@ -192,7 +191,7 @@ Supported values:
 -  1 - User Blocked: The admin has blocked the user from switching their device out of S mode. Only the admin can switch the device out of S mode through the SMode/SwitchFromSMode node.
 
 **SMode/SwitchFromSMode**  
-Added in Windows 10, version 1809. Switches a device out of S mode if possible. Does not reboot. For an example, see [Execute SwitchFromSMode](#smode-switchfromsmode-execute)
+Added in Windows 10, version 1809. Switches a device out of S mode if possible. Doesn't reboot. For an example, see [Execute SwitchFromSMode](#smode-switchfromsmode-execute)
 
 Supported operation is Execute.
 
@@ -317,7 +316,7 @@ Values:
 > [!NOTE]
 > `XXXXX-XXXXX-XXXXX-XXXXX-XXXXX` in the **Data** tag should be replaced with your product key.
 
- 
+
+        YOUR XML ENCODED LICENSE GOES HERE
       
     
     
   
 
 ```
+-->
 
 **Get S mode status**
 
-```
+```xml
 
   
     
@@ -363,7 +363,7 @@ Values:
 
 **Execute SwitchFromSMode**
 
-```
+```xml
 
   
     
@@ -388,7 +388,7 @@ Values:
 
 **Add S mode SwitchingPolicy**
 
-```
+```xml
 
   
     
@@ -413,7 +413,7 @@ Values:
 
 **Get S mode SwitchingPolicy**
 
-```
+```xml
 
   
     
@@ -433,7 +433,7 @@ Values:
 
 **Replace S mode SwitchingPolicy**
 
-```
+```xml
 
   
     
@@ -458,7 +458,7 @@ Values:
 
 **Delete S mode SwitchingPolicy**
 
-```
+```xml
 
   
     
@@ -475,17 +475,7 @@ Values:
   
 
 ```
+
 ## Related topics
 
-
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md
index baa67a10f6..5286cedaa2 100644
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 07/16/2017
 ---
 
@@ -104,7 +104,7 @@ The XML below is for Windows 10, version 1809.
             
               
             
-            Returns a value that maps to the Windows 10 edition running on desktop or mobile devices. Take the value, convert it into its hexadecimal equivalent and search the GetProductInfo function page on MSDN for edition information.
+            Returns a value that maps to the Windows 10 edition running on devices. Take the value, convert it into its hexadecimal equivalent and search the GetProductInfo function page on MSDN for edition information.
             
               
             
@@ -128,7 +128,7 @@ The XML below is for Windows 10, version 1809.
             
               
             
-            Returns the status of an edition upgrade on Windows 10 desktop and mobile devices.	 Status: 0 = Failed, 1 = Pending, 2 = In progress, 3 = Completed, 4 = Unknown
+            Returns the status of an edition upgrade on Windows 10 client devices.	 Status: 0 = Failed, 1 = Pending, 2 = In progress, 3 = Completed, 4 = Unknown
             
               
             
diff --git a/windows/client-management/mdm/windowssecurityauditing-csp.md b/windows/client-management/mdm/windowssecurityauditing-csp.md
deleted file mode 100644
index 56f387cdc1..0000000000
--- a/windows/client-management/mdm/windowssecurityauditing-csp.md
+++ /dev/null
@@ -1,72 +0,0 @@
----
-title: WindowsSecurityAuditing CSP
-description: The WindowsSecurityAuditing configuration service provider (CSP) is used to enable logging of security audit events. This CSP was added in Windows 10, version 1511.
-ms.assetid: 611DF7FF-21CE-476C-AAB5-3D09C1CDF08A
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# WindowsSecurityAuditing CSP
-
-
-The WindowsSecurityAuditing configuration service provider (CSP) is used to enable logging of security audit events. This CSP was added in Windows 10, version 1511 for Mobile and Mobile Enterprise. Make sure to consult the [Configuration service provider reference](./configuration-service-provider-reference.md) to see if this CSP and others are supported on your Windows installation.
-
-The following shows the WindowsSecurityAuditing configuration service provider in tree format.
-```
-./Vendor/MSFT
-WindowsSecurityAuditing
-----ConfigurationSettings
---------EnableSecurityAuditing
-```
-**WindowsSecurityAuditing**  
-Root node.
-
-**ConfigurationSettings**  
-Interior node for handling all the audit configuration settings. Do not use the Get operation in this node. It is only used of grouping configuration settings.
-
-**ConfigurationSettings/EnableSecurityAuditing**  
-Specifies whether to enable or disable auditing for the device.
-
-Value type is boolean. If true, a default set of audit events will be captured to a log file for upload; if false, auditing is disabled and events are not logged. Default value is false.
-
-Supported operations are Get and Replace.
-
-## Examples
-
-
-Enable logging of audit events.
-
-```xml
-
-  
-    
-      1
-      
-        
-          
-            ./Vendor/MSFT/WindowsSecurityAuditing/ConfigurationSettings/EnableSecurityAuditing
-          
-        
-        
-          bool
-          text/plain
-        
-        true
-      
-    
-     
-  
-
-```
-
-For more information about Windows security auditing, see [What's new in security auditing](/windows/whats-new/whats-new-windows-10-version-1507-and-1511).
-
- 
-
- 
\ No newline at end of file
diff --git a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md
deleted file mode 100644
index c4710fae63..0000000000
--- a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md
+++ /dev/null
@@ -1,109 +0,0 @@
----
-title: WindowsSecurityAuditing DDF file
-description: View the OMA DM device description framework (DDF) for the WindowsSecurityAuditing configuration service provider.
-ms.assetid: B1F9A5FA-185B-48C6-A7F4-0F0F23B971F0
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 12/05/2017
----
-
-# WindowsSecurityAuditing DDF file
-
-
-This topic shows the OMA DM device description framework (DDF) for the WindowsSecurityAuditing configuration service provider. This CSP was added in Windows 10, version 1511.  
-
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-
-The XML below is the current version for this CSP.
-
-```xml
-
-]>
-
-    1.2
-    
-        WindowsSecurityAuditing
-        ./Vendor/MSFT
-        
-            
-                
-            
-            
-                
-            
-            
-                
-            
-            
-                
-            
-            
-                com.microsoft/1.0/MDM/WindowsSecurityAuditing
-            
-        
-        
-            ConfigurationSettings
-            
-                
-                    
-                
-                This branch handles all the audit configuration settings for the device. This node should not be used for a get/set but is simply a grouping interior node for all configuration functionality.
-                
-                    
-                
-                
-                    
-                
-                
-                    
-                
-                Configuration Settings
-                
-                    
-                
-            
-            
-                EnableSecurityAuditing
-                
-                    
-                        
-                        
-                    
-                    false
-                    Specifies whether to enable or disable auditing for the device. If the value is true, a default set of audit events will be captured to a log file for upload. If the value is false, auditing will be disabled and events will no longer be logged. 
-                    
-                        
-                    
-                    
-                        
-                    
-                    
-                        
-                    
-                    Enable Security Auditing
-                    
-                        text/plain
-                    
-                
-            
-        
-    
-
-```
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md
index ed5591ef9b..62808bc9bb 100644
--- a/windows/client-management/mdm/wirednetwork-csp.md
+++ b/windows/client-management/mdm/wirednetwork-csp.md
@@ -1,11 +1,11 @@
 ---
 title: WiredNetwork CSP
-description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP. Learn how it works.
+description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that don't have GP. Learn how it works.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/27/2018
 ms.reviewer: 
 manager: dansimp
@@ -16,9 +16,9 @@ manager: dansimp
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
-The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP to enable them to access corporate Internet over ethernet. This CSP was added in Windows 10, version 1809.
+The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that don't have GP to enable them to access corporate Internet over ethernet. This CSP was added in Windows 10, version 1809.
 
-The following shows the WiredNetwork configuration service provider in tree format.
+The following example shows the WiredNetwork configuration service provider in tree format.
 ```
 ./User/Vendor/MSFT
 WiredNetwork
diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md
index 6ca631d6fe..bc61e8f7d0 100644
--- a/windows/client-management/mdm/wirednetwork-ddf-file.md
+++ b/windows/client-management/mdm/wirednetwork-ddf-file.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/28/2018
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md
index 2f3cdf7fc7..c968865ad0 100644
--- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md
+++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md
@@ -11,7 +11,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -19,9 +19,8 @@ ms.date: 06/26/2017
 
 Windows Management Infrastructure (WMI) providers (and the classes they support) are used to manage settings and applications on devices that subscribe to the Mobile Device Management (MDM) service. The following subsections show the list WMI MDM classes that are supported in Windows 10.
 
-> **Note**  Applications installed using WMI classes are not removed when the MDM account is removed from device.
-
- 
+> [!NOTE]
+> Applications installed using WMI classes are not removed when the MDM account is removed from device. 
 
 The child node names of the result from a WMI query are separated by a forward slash (/) and not URI escaped. Here is an example query.
 
@@ -51,178 +50,61 @@ Result
 
 ## MDM Bridge WMI classes
 
-
 For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal).
 
 ## MDM WMI classes
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  ClassTest completed in Windows 10 for desktop
                  MDM_AppInstallJob
                  Currently testing.
                  MDM_Application
                  Currently testing.
                  MDM_ApplicationFramework
                  Currently testing.
                  MDM_ApplicationSetting
                  Currently testing.
                  MDM_BrowserSecurityZonescross mark
                  MDM_BrowserSettingscross mark
                  MDM_Certificatecross mark
                  MDM_CertificateEnrollmentcross mark
                  MDM_Client
                  Currently testing.
                  MDM_ConfigSettingcross mark
                  MDM_DeviceRegistrationInfo
                  MDM_EASPolicycross mark
                  MDM_MgMtAuthoritycross mark
                  MDM_MsiApplication
                  MDM_MsiInstallJob
                  MDM_RemoteApplication
                  Test not started.
                  MDM_RemoteAppUseCookie
                  Test not started.
                  MDM_Restrictionscross mark
                  MDM_RestrictionsUser
                  Test not started.
                  MDM_SecurityStatuscross mark
                  MDM_SideLoader
                  MDM_SecurityStatusUser
                  Currently testing.
                  MDM_Updatescross mark
                  MDM_VpnApplicationTriggercross mark
                  MDM_VpnConnection
                  MDM_WebApplication
                  Currently testing.
                  MDM_WirelessProfilecross mark
                  MDM_WirelesssProfileXMLcross mark
                  MDM_WNSChannelcross mark
                  MDM_WNSConfigurationcross mark
                  MSFT_NetFirewallProfilecross mark
                  MSFT_VpnConnectioncross mark
                  SoftwareLicensingProduct
                  SoftwareLicensingService
                  
-
- 
+|Class|Test completed in Windows 10 for desktop|
+|--- |--- |
+|[**MDM_AppInstallJob**](/previous-versions/windows/desktop/mdmappprov/mdm-appinstalljob)|Currently testing.|
+|[**MDM_Application**](/previous-versions/windows/desktop/mdmappprov/mdm-application)|Currently testing.|
+|[**MDM_ApplicationFramework**](/previous-versions/windows/desktop/mdmappprov/mdm-applicationframework)|Currently testing.|
+|[**MDM_ApplicationSetting**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-applicationsetting)|Currently testing.|
+|[**MDM_BrowserSecurityZones**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-browsersecurityzones)|Yes|
+|[**MDM_BrowserSettings**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-browsersettings)|Yes|
+|[**MDM_Certificate**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-certificate)|Yes|
+|[**MDM_CertificateEnrollment**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-certificateenrollment)|Yes|
+|[**MDM_Client**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-client)|Currently testing.|
+|[**MDM_ConfigSetting**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-configsetting)|Yes|
+|[**MDM_DeviceRegistrationInfo**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-deviceregistrationinfo)||
+|[**MDM_EASPolicy**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-easpolicy)|Yes|
+|[**MDM_MgMtAuthority**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-mgmtauthority)|Yes|
+|**MDM_MsiApplication**||
+|**MDM_MsiInstallJob**||
+|[**MDM_RemoteApplication**](/previous-versions/windows/desktop/mdmappprov/mdm-remoteapplication)|Test not started.|
+|[**MDM_RemoteAppUseCookie**](/previous-versions/windows/desktop/mdmappprov/mdm-remoteappusercookie)|Test not started.|
+|[**MDM_Restrictions**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-restrictions)|Yes|
+|[**MDM_RestrictionsUser**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-restrictionsuser)|Test not started.|
+|[**MDM_SecurityStatus**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-securitystatus)|Yes|
+|[**MDM_SideLoader**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-sideloader)||
+|[**MDM_SecurityStatusUser**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-securitystatususer)|Currently testing.|
+|[**MDM_Updates**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-updates)|Yes|
+|[**MDM_VpnApplicationTrigger**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-vpnapplicationtrigger)|Yes|
+|**MDM_VpnConnection**||
+|[**MDM_WebApplication**](/previous-versions/windows/desktop/mdmappprov/mdm-webapplication)|Currently testing.|
+|[**MDM_WirelessProfile**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wirelessprofile)|Yes|
+|[**MDM_WirelesssProfileXML**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wirelessprofilexml)|Yes|
+|[**MDM_WNSChannel**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnschannel)|Yes|
+|[**MDM_WNSConfiguration**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnsconfiguration)|Yes|
+|[**MSFT_NetFirewallProfile**](/previous-versions/windows/desktop/wfascimprov/msft-netfirewallprofile)|Yes|
+|[**MSFT_VpnConnection**](/previous-versions/windows/desktop/vpnclientpsprov/msft-vpnconnection)|Yes|
+|[**SoftwareLicensingProduct**](/previous-versions/windows/desktop/sppwmi/softwarelicensingproduct)||
+|[**SoftwareLicensingService**](/previous-versions/windows/desktop/sppwmi/softwarelicensingservice)||
 
 ### Parental control WMI classes
 
 | Class                                                                    | Test completed in Windows 10 for desktop |
 |--------------------------------------------------------------------------|------------------------------------------|
-| [**wpcappoverride**](/windows/win32/parcon/parental-controls-wmi-provider-schema)       | ![cross mark](images/checkmark.png)      |
-| [**wpcgameoverride**](/windows/win32/parcon/parental-controls-wmi-provider-schema)      | ![cross mark](images/checkmark.png)      |
-| [**wpcgamessettings**](/windows/win32/parcon/parental-controls-wmi-provider-schema)     | ![cross mark](images/checkmark.png)      |
-| [**wpcrating**](/windows/win32/parcon/parental-controls-wmi-provider-schema)            | ![cross mark](images/checkmark.png)      |
+| [**wpcappoverride**](/windows/win32/parcon/parental-controls-wmi-provider-schema)       | Yes     |
+| [**wpcgameoverride**](/windows/win32/parcon/parental-controls-wmi-provider-schema)      | Yes     |
+| [**wpcgamessettings**](/windows/win32/parcon/parental-controls-wmi-provider-schema)     | Yes     |
+| [**wpcrating**](/windows/win32/parcon/parental-controls-wmi-provider-schema)            | Yes     |
 | [**wpcRatingsDescriptor**](/windows/win32/parcon/parental-controls-wmi-provider-schema) |                                          |
-| [**wpcratingssystem**](/windows/win32/parcon/parental-controls-wmi-provider-schema)     | ![cross mark](images/checkmark.png)      |
-| [**wpcsystemsettings**](/windows/win32/parcon/parental-controls-wmi-provider-schema)    | ![cross mark](images/checkmark.png)      |
-| [**wpcurloverride**](/windows/win32/parcon/parental-controls-wmi-provider-schema)       | ![cross mark](images/checkmark.png)      |
-| [**wpcusersettings**](/windows/win32/parcon/parental-controls-wmi-provider-schema)      | ![cross mark](images/checkmark.png)      |
-| [**wpcwebsettings**](/windows/win32/parcon/parental-controls-wmi-provider-schema)       | ![cross mark](images/checkmark.png)      |
+| [**wpcratingssystem**](/windows/win32/parcon/parental-controls-wmi-provider-schema)     | Yes     |
+| [**wpcsystemsettings**](/windows/win32/parcon/parental-controls-wmi-provider-schema)    | Yes     |
+| [**wpcurloverride**](/windows/win32/parcon/parental-controls-wmi-provider-schema)       | Yes     |
+| [**wpcusersettings**](/windows/win32/parcon/parental-controls-wmi-provider-schema)      | Yes     |
+| [**wpcwebsettings**](/windows/win32/parcon/parental-controls-wmi-provider-schema)       | Yes     |
 
  
 
@@ -232,17 +114,17 @@ For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmw
 |--------------------------------------------------------------------------|------------------------------------------|
 [**Win32\_1394Controller**](/windows/win32/cimwin32prov/win32-1394controller) |
 [**Win32\_BaseBoard**](/windows/win32/cimwin32prov/win32-baseboard)      |
-[**Win32\_Battery**](/windows/win32/cimwin32prov/win32-battery)        | ![cross mark](images/checkmark.png)
-[**Win32\_BIOS**](/windows/win32/cimwin32prov/win32-bios)           | ![cross mark](images/checkmark.png)
+[**Win32\_Battery**](/windows/win32/cimwin32prov/win32-battery)        | Yes
+[**Win32\_BIOS**](/windows/win32/cimwin32prov/win32-bios)           | Yes
 [**Win32\_CDROMDrive**](/windows/win32/cimwin32prov/win32-cdromdrive)     |
-[**Win32\_ComputerSystem**](/windows/win32/cimwin32prov/win32-computersystem) | ![cross mark](images/checkmark.png)
-[**Win32\_ComputerSystemProduct**](/windows/win32/cimwin32prov/win32-computersystemproduct) | ![cross mark](images/checkmark.png)
-[**Win32\_CurrentTime**](/previous-versions/windows/desktop/wmitimepprov/win32-currenttime)    | ![cross mark](images/checkmark.png)
+[**Win32\_ComputerSystem**](/windows/win32/cimwin32prov/win32-computersystem) | Yes
+[**Win32\_ComputerSystemProduct**](/windows/win32/cimwin32prov/win32-computersystemproduct) | Yes
+[**Win32\_CurrentTime**](/previous-versions/windows/desktop/wmitimepprov/win32-currenttime)    | Yes
 [**Win32\_Desktop**](/windows/win32/cimwin32prov/win32-desktop)        |
-[**Win32\_DesktopMonitor**](/windows/win32/cimwin32prov/win32-desktopmonitor) |![cross mark](images/checkmark.png)
-[**Win32\_DiskDrive**](/windows/win32/cimwin32prov/win32-diskdrive)      | ![cross mark](images/checkmark.png)
+[**Win32\_DesktopMonitor**](/windows/win32/cimwin32prov/win32-desktopmonitor) |Yes
+[**Win32\_DiskDrive**](/windows/win32/cimwin32prov/win32-diskdrive)      | Yes
 [**Win32\_DiskPartition**](/windows/win32/cimwin32prov/win32-diskpartition)  |
-[**Win32\_DisplayConfiguration**](/previous-versions//aa394137(v=vs.85)) | ![cross mark](images/checkmark.png)
+[**Win32\_DisplayConfiguration**](/previous-versions//aa394137(v=vs.85)) | Yes
 [**Win32\_DMAChannel**](/windows/win32/cimwin32prov/win32-dmachannel)     | 
 [**Win32\_DriverVXD**](/previous-versions//aa394141(v=vs.85))      |
 [**Win32\_EncryptableVolume**](/windows/win32/secprov/win32-encryptablevolume) |
@@ -252,23 +134,23 @@ For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmw
 [**Win32\_IRQResource**](/windows/win32/cimwin32prov/win32-irqresource)    |
 [**Win32\_Keyboard**](/windows/win32/cimwin32prov/win32-keyboard)       |
 [**Win32\_LoadOrderGroup**](/windows/win32/cimwin32prov/win32-loadordergroup) |
-[**Win32\_LocalTime**](/previous-versions/windows/desktop/wmitimepprov/win32-localtime)      | ![cross mark](images/checkmark.png)
+[**Win32\_LocalTime**](/previous-versions/windows/desktop/wmitimepprov/win32-localtime)      | Yes
 [**Win32\_LoggedOnUser**](/windows/win32/cimwin32prov/win32-loggedonuser)   |
-[**Win32\_LogicalDisk**](/windows/win32/cimwin32prov/win32-logicaldisk)    | ![cross mark](images/checkmark.png)
+[**Win32\_LogicalDisk**](/windows/win32/cimwin32prov/win32-logicaldisk)    | Yes
 [**Win32\_MotherboardDevice**](/windows/win32/cimwin32prov/win32-motherboarddevice) |
-[**Win32\_NetworkAdapter**](/windows/win32/cimwin32prov/win32-networkadapter) | ![cross mark](images/checkmark.png)
+[**Win32\_NetworkAdapter**](/windows/win32/cimwin32prov/win32-networkadapter) | Yes
 [**Win32\_NetworkAdapterConfiguration**](/windows/win32/cimwin32prov/win32-networkadapterconfiguration) |
 [**Win32\_NetworkClient**](/windows/win32/cimwin32prov/win32-networkclient)  |
 [**Win32\_NetworkLoginProfile**](/windows/win32/cimwin32prov/win32-networkloginprofile) |
 [**Win32\_NetworkProtocol**](/windows/win32/cimwin32prov/win32-networkprotocol) |
 [**Win32\_NTEventlogFile**](/previous-versions/windows/desktop/legacy/aa394225(v=vs.85))  |
-[**Win32\_OperatingSystem**](/windows/win32/cimwin32prov/win32-operatingsystem) | ![cross mark](images/checkmark.png)
+[**Win32\_OperatingSystem**](/windows/win32/cimwin32prov/win32-operatingsystem) | Yes
 [**Win32\_OSRecoveryConfiguration**](/windows/win32/cimwin32prov/win32-osrecoveryconfiguration) |
 [**Win32\_PageFileSetting**](/windows/win32/cimwin32prov/win32-pagefilesetting) |
 [**Win32\_ParallelPort**](/windows/win32/cimwin32prov/win32-parallelport) |
 [**Win32\_PCMCIAController**](/windows/win32/cimwin32prov/win32-pcmciacontroller) |
 [**Win32\_PhysicalMedia**](/previous-versions/windows/desktop/cimwin32a/win32-physicalmedia)                                   |  
-[**Win32\_PhysicalMemory**](/windows/win32/cimwin32prov/win32-physicalmemory)   | ![cross mark](images/checkmark.png)
+[**Win32\_PhysicalMemory**](/windows/win32/cimwin32prov/win32-physicalmemory)   | Yes
 [**Win32\_PnPDevice**](/windows/win32/cimwin32prov/win32-pnpdevice)        |  
 [**Win32\_PnPEntity**](/windows/win32/cimwin32prov/win32-pnpentity)        |  
 [**Win32\_PointingDevice**](/windows/win32/cimwin32prov/win32-pointingdevice)   |
@@ -277,25 +159,25 @@ For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmw
 [**Win32\_POTSModem**](/windows/win32/cimwin32prov/win32-potsmodem)        |
 [**Win32\_Printer**](/windows/win32/cimwin32prov/win32-printer)          |
 [**Win32\_PrinterConfiguration**](/windows/win32/cimwin32prov/win32-printerconfiguration) |
-[**Win32\_Processor**](/windows/win32/cimwin32prov/win32-processor)        | ![cross mark](images/checkmark.png)
-[**Win32\_QuickFixEngineering**](/windows/win32/cimwin32prov/win32-quickfixengineering) | ![cross mark](images/checkmark.png)
+[**Win32\_Processor**](/windows/win32/cimwin32prov/win32-processor)        | Yes
+[**Win32\_QuickFixEngineering**](/windows/win32/cimwin32prov/win32-quickfixengineering) | Yes
 [**Win32\_Registry**](/windows/win32/cimwin32prov/win32-registry)         |
 [**Win32\_SCSIController**](/windows/win32/cimwin32prov/win32-scsicontroller)   |
 [**Win32\_SerialPort**](/windows/win32/cimwin32prov/win32-serialport)       |
 [**Win32\_SerialPortConfiguration**](/windows/win32/cimwin32prov/win32-serialportconfiguration) |
 [**Win32\_ServerFeature**](/windows/win32/wmisdk/win32-serverfeature)    |
-[**Win32\_Service**](/windows/win32/cimwin32prov/win32-service)          | ![cross mark](images/checkmark.png)
-[**Win32\_Share**](/windows/win32/cimwin32prov/win32-share)            | ![cross mark](images/checkmark.png)
+[**Win32\_Service**](/windows/win32/cimwin32prov/win32-service)          | Yes
+[**Win32\_Share**](/windows/win32/cimwin32prov/win32-share)            | Yes
 [**Win32\_SoundDevice**](/windows/win32/cimwin32prov/win32-sounddevice)      |
 [**Win32\_SystemAccount**](/windows/win32/cimwin32prov/win32-systemaccount)    |
-[**Win32\_SystemBIOS**](/windows/win32/cimwin32prov/win32-systembios)       | ![cross mark](images/checkmark.png)
+[**Win32\_SystemBIOS**](/windows/win32/cimwin32prov/win32-systembios)       | Yes
 [**Win32\_SystemDriver**](/windows/win32/cimwin32prov/win32-systemdriver)     |
-[**Win32\_SystemEnclosure**](/windows/win32/cimwin32prov/win32-systemenclosure)  | ![cross mark](images/checkmark.png)
+[**Win32\_SystemEnclosure**](/windows/win32/cimwin32prov/win32-systemenclosure)  | Yes
 [**Win32\_TapeDrive**](/windows/win32/cimwin32prov/win32-tapedrive)        |
-[**Win32\_TimeZone**](/windows/win32/cimwin32prov/win32-timezone)         | ![cross mark](images/checkmark.png)
+[**Win32\_TimeZone**](/windows/win32/cimwin32prov/win32-timezone)         | Yes
 [**Win32\_UninterruptiblePowerSupply**](/previous-versions//aa394503(v=vs.85)) |
 [**Win32\_USBController**](/windows/win32/cimwin32prov/win32-usbcontroller)    |
-[**Win32\_UTCTime**](/previous-versions/windows/desktop/wmitimepprov/win32-utctime)          | ![cross mark](images/checkmark.png)
+[**Win32\_UTCTime**](/previous-versions/windows/desktop/wmitimepprov/win32-utctime)          | Yes
 [**Win32\_VideoController**](/windows/win32/cimwin32prov/win32-videocontroller) |
 **Win32\_WindowsUpdateAgentVersion**                                                        |
  
@@ -305,4 +187,4 @@ For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmw
 [Configuration service provider reference](configuration-service-provider-reference.md)
 
 ## Related Links
-[CIM Video Controller](/windows/win32/cimwin32prov/cim-videocontroller)
\ No newline at end of file
+[CIM Video Controller](/windows/win32/cimwin32prov/cim-videocontroller)
diff --git a/windows/client-management/media/win11-control-panel-windows-tools.png b/windows/client-management/media/win11-control-panel-windows-tools.png
new file mode 100644
index 0000000000..4ecb8dcdf2
Binary files /dev/null and b/windows/client-management/media/win11-control-panel-windows-tools.png differ
diff --git a/windows/client-management/media/win11-windows-tools.png b/windows/client-management/media/win11-windows-tools.png
new file mode 100644
index 0000000000..d9a302340c
Binary files /dev/null and b/windows/client-management/media/win11-windows-tools.png differ
diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md
index 793835661a..79a75c3f90 100644
--- a/windows/client-management/new-policies-for-windows-10.md
+++ b/windows/client-management/new-policies-for-windows-10.md
@@ -1,6 +1,6 @@
 ---
 title: New policies for Windows 10 (Windows 10)
-description: Learn how Windows 10 includes new policies for management, like Group Policy settings for the Windows system and components.
+description: Learn how Windows 10 includes new policies for management, like Group Policy settings for the Windows system and components.
 ms.assetid: 1F24ABD8-A57A-45EA-BA54-2DA2238C573D
 ms.reviewer: 
 manager: dansimp
@@ -11,7 +11,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 10/24/2017
+ms.date: 09/15/2021
 ms.topic: reference
 ---
 
@@ -20,7 +20,8 @@ ms.topic: reference
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 11
 
 As of September 2020 This page will no longer be updated. To find the Group Polices that ship in each version of Windows,  refer to the Group Policy Settings Reference Spreadsheet. You can always locate the most recent version of the Spreadsheet by searching the Internet for "Windows Version + Group Policy Settings Reference".
 
@@ -56,7 +57,7 @@ The following Group Policy settings were added in Windows 10, version 1903:
 - Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Use WDDM graphics display driver for Remote Desktop Connections
 - Windows Components\Windows Logon Options\Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot
 
-## New Group Policy settings in Windows 10, version 1809
+## New Group Policy settings in Windows 10, version 1809
 
 The following Group Policy settings were added in Windows 10, version 1809:
 
@@ -241,7 +242,7 @@ The following Group Policy settings were added in Windows 10, version 1809:
 - Network\Windows Connection Manager\Enable Windows to soft-disconnect a computer from a network
 
 
-## New Group Policy settings in Windows 10, version 1803
+## New Group Policy settings in Windows 10, version 1803
 
 The following Group Policy settings were added in Windows 10, version 1803:
 
@@ -281,7 +282,7 @@ The following Group Policy settings were added in Windows 10, version 1803:
 - Windows Components\Windows Defender Security Center\Virus and threat protection\Hide the Ransomware data recovery area
 
 
-## New Group Policy settings in Windows 10, version 1709
+## New Group Policy settings in Windows 10, version 1709
 
 The following Group Policy settings were added in Windows 10, version 1709:
 
@@ -350,7 +351,7 @@ The following Group Policy settings were added in Windows 10, version 1709:
 - Windows Components\Windows Update\Do not allow update deferral policies to cause scans against Windows Update
 
 
-## New Group Policy settings in Windows 10, version 1703
+## New Group Policy settings in Windows 10, version 1703
 
 The following Group Policy settings were added in Windows 10, version 1703:
 
@@ -480,10 +481,9 @@ For a spreadsheet of Group Policy settings included in Windows 10 and Windows Se
 
 ## New MDM policies
 
+Mobile device management (MDM) for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education include previous Windows Phone settings, and new or enhanced settings for Windows 10, such as:
 
-Mobile device management (MDM) for Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile includes settings from Windows Phone 8.1, plus new or enhanced settings for Windows 10, such as:
-
--   Defender (Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education only)
+-   Defender (Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education only)
 
 -   Enhanced Bluetooth policies
 
@@ -507,7 +507,7 @@ Mobile device management (MDM) for Windows 10 Pro, Windows 10 Enterprise, Wind
 
 Windows 10, version 1703, adds a number of [ADMX-backed policies to MDM](./mdm/policy-configuration-service-provider.md).
 
-If you use Microsoft Intune for MDM, you can [configure custom policies](https://go.microsoft.com/fwlink/p/?LinkId=616316) to deploy Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings that can be used to control features on Windows 10. For a list of OMA-URI settings, see [Custom URI settings for Windows 10 devices](https://go.microsoft.com/fwlink/p/?LinkId=616317).
+If you use Microsoft Intune for MDM, you can [configure custom policies](/mem/intune/configuration/custom-settings-configure) to deploy Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings that can be used to control features on Windows 10. For a list of OMA-URI settings, see [Custom URI settings for Windows 10 devices](/mem/intune/configuration/custom-settings-windows-10).
 
 No new [Exchange ActiveSync policies](/exchange/mobile-device-mailbox-policies-exchange-2013-help). For more information, see the [ActiveSync configuration service provider](./mdm/activesync-csp.md) technical reference.
 
@@ -518,7 +518,3 @@ No new [Exchange ActiveSync policies](/exchange/mobile-device-mailbox-policies-e
 [Manage corporate devices](manage-corporate-devices.md)
 
 [Changes to Group Policy settings for Start in Windows 10](/windows/configuration/changes-to-start-policies-in-windows-10)
-
-
-
- 
\ No newline at end of file
diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md
index 6a50151342..120ac4d165 100644
--- a/windows/client-management/quick-assist.md
+++ b/windows/client-management/quick-assist.md
@@ -4,20 +4,24 @@ description: How IT Pros can use Quick Assist to help users
 ms.prod: w10
 ms.sitesec: library
 ms.topic: article
-author: jaimeo
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: jaimeo
-manager: laurawi
+ms.author: aaroncz
+manager: dougeby
+ms.collection: highpri
 ---
 
 # Use Quick Assist to help users
 
-Quick Assist is a Windows 10 application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user’s device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices.
+Quick Assist is a Windows application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user’s device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices.
 
 ## Before you begin
 
 All that's required to use Quick Assist is suitable network and internet connectivity. No particular roles, permissions, or policies are involved. Neither party needs to be in a domain. The helper must have a Microsoft account. The sharer doesn’t have to authenticate.
 
+> [!NOTE]
+> In case the helper and sharer use different keyboard layouts or mouse settings, the ones from the sharer are used during the session.
+
 ### Authentication
 
 The helper can authenticate when they sign in by using a Microsoft Account (MSA) or Azure Active Directory. Local Active Directory authentication is not supported at this time.
@@ -57,7 +61,7 @@ Both the helper and sharer must be able to reach these endpoints over port 443:
 
 7. RDP shares the video to the helper over https (port 443) through the RDP relay service to the helper's RDP control. Input is shared from the helper to the sharer through the RDP relay service.
 
-:::image type="content" source="images/quick-assist-flow.png" lightbox="images/quick-assist-flow.png" alt-text="Schematic flow of connections when a Quick Assist session is established":::
+:::image type="content" source="images/quick-assist-flow.png" lightbox="images/quick-assist-flow.png" alt-text="Schematic flow of connections when a Quick Assist session is established.":::
 
 ### Data and privacy
 
diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md
index 3fa7f1b6c8..777b9fa6ec 100644
--- a/windows/client-management/system-failure-recovery-options.md
+++ b/windows/client-management/system-failure-recovery-options.md
@@ -18,7 +18,7 @@ This article describes how to configure the actions that Windows takes when a sy
 
 - Write an event to the System log.
 
-- Alert administrators (if you have set up administrative alerts).
+- Alert administrators (if you've set up administrative alerts).
 
 - Put system memory into a file that advanced users can use for debugging.
 
@@ -92,9 +92,9 @@ Select one of the following type of information that you want Windows to record
 
 #### (none) 
 
-The option does not record any information in a memory dump file.
+The option doesn't record any information in a memory dump file.
 
-To specify that you do not want Windows to record information in a memory dump file, run the following command or modify the registry value:
+To specify that you don't want Windows to record information in a memory dump file, run the following command or modify the registry value:
 
 - ```cmd
   wmic recoveros set DebugInfoType = 0
@@ -123,7 +123,7 @@ To specify that you want to use a folder as your Small Dump Directory, run the f
 
 #### Kernel Memory Dump
 
-The option records only kernel memory. This option stores more information than a small memory dump file, but it takes less time to complete than a complete memory dump file. The file is stored in %SystemRoot%\Memory.dmp by default, and any previous kernel or complete memory dump files are overwritten if the **Overwrite any existing file** check box is selected. If you set this option, you must have a sufficiently large paging file on the boot volume. The required size depends on the amount of RAM in your computer However, the maximum amount of space that must be available for a kernel memory dump on a 32-bit system is 2 GB plus 16 MB. On a 64-bit system, the maximum amount of space that must be available for a kernel memory dump is the size of the RAM plus 128 MB. The following table provides guidelines for the size of the paging file:
+The option records only kernel memory. This option stores more information than a small memory dump file, but it takes less time to complete than a complete memory dump file. The file is stored in %SystemRoot%\Memory.dmp by default, and any previous kernel or complete memory dump files are overwritten if the **Overwrite any existing file** check box is selected. If you set this option, you must have a sufficiently large paging file on the boot volume. The required size depends on the amount of RAM in your computer. However, the maximum amount of space that must be available for a kernel memory dump on a 32-bit system is 2 GB plus 16 MB. On a 64-bit system, the maximum amount of space that must be available for a kernel memory dump is the size of the RAM plus 128 MB. The following table provides guidelines for the size of the paging file:
 
 |RAM size	|Paging file should be no smaller than|
 |-------|-----------------|
@@ -146,7 +146,7 @@ To specify that you want to use a file as your memory dump file, run the followi
 
 - Set the **DumpFile** Expandable String Value to \.
 
-To specify that you do not want to overwrite any previous kernel or complete memory dump files, run the following command or modify the registry value:
+To specify that you don't want to overwrite any previous kernel or complete memory dump files, run the following command or modify the registry value:
 
 - ```cmd
   wmic recoveros set OverwriteExistingDebugFile = 0
@@ -156,9 +156,9 @@ To specify that you do not want to overwrite any previous kernel or complete mem
 
 #### Complete Memory Dump
 
-The option records the contents of system memory when the computer stops unexpectedly. This option is not available on computers that have 2 or more GB of RAM. If you select this option, you must have a paging file on the boot volume that is sufficient to hold all the physical RAM plus 1 MB. The file is stored as specified in %SystemRoot%\Memory.dmp by default.
+The option records the contents of system memory when the computer stops unexpectedly. This option isn't available on computers that have 2 or more GB of RAM. If you select this option, you must have a paging file on the boot volume that is sufficient to hold all the physical RAM plus 1 MB. The file is stored as specified in %SystemRoot%\Memory.dmp by default.
 
-The extra megabyte is required for a complete memory dump file because Windows writes a header in addition to dumping the memory contents. The header contains a crash dump signature and specifies the values of some kernel variables. The header information does not require a full megabyte of space, but Windows sizes your paging file in increments of megabytes.
+The extra megabyte is required for a complete memory dump file because Windows writes a header in addition to dumping the memory contents. The header contains a crash dump signature and specifies the values of some kernel variables. The header information doesn't require a full megabyte of space, but Windows sizes your paging file in increments of megabytes.
 
 To specify that you want to use a complete memory dump file, run the following command or modify the registry value:
 
@@ -176,7 +176,7 @@ To specify that you want to use a file as your memory dump file, run the followi
 
 - Set the DumpFile Expandable String Value to \.
 
-To specify that you do not want to overwrite any previous kernel or complete memory dump files, run the following command or modify the registry value:
+To specify that you don't want to overwrite any previous kernel or complete memory dump files, run the following command or modify the registry value:
 
 - ```cmd
   wmic recoveros set OverwriteExistingDebugFile = 0
@@ -194,11 +194,11 @@ To view system failure and recovery settings for your local computer, type **wmi
 
 ### Tips
 
-- To take advantage of the dump file feature, your paging file must be on the boot volume. If you have moved the paging file to another volume, you must move it back to the boot volume before you use this feature.
+- To take advantage of the dump file feature, your paging file must be on the boot volume. If you've moved the paging file to another volume, you must move it back to the boot volume before you use this feature.
 
 - If you set the Kernel Memory Dump or the Complete Memory Dump option, and you select the **Overwrite any existing file** check box, Windows always writes to the same file name. To save individual dump files, click to clear the **Overwrite any existing file** check box, and then change the file name after each Stop error.
 
-- You can save some memory if you click to clear the **Write an event to the system log** and **Send an administrative alert** check boxes. The memory that you save depends on the computer, but these features typically require about 60 to 70 KB.
+- You can save some memory if you click to clear the **Write an event to the system log** and **Send an administrative alert** check boxes. The memory that you save depends on the computer, but these features typically require about 60-70 KB.
 
 ## References
 
diff --git a/windows/client-management/toc.yml b/windows/client-management/toc.yml
index 4f41f66ba5..92e5722e04 100644
--- a/windows/client-management/toc.yml
+++ b/windows/client-management/toc.yml
@@ -4,7 +4,7 @@ items:
   items: 
     - name: Client management tools and settings
       items:
-        - name: Administrative Tools in Windows 10
+        - name: Windows Tools/Administrative Tools
           href: administrative-tools-in-windows-10.md
         - name: Use Quick Assist to help users
           href: quick-assist.md
@@ -18,6 +18,8 @@ items:
           href: change-default-removal-policy-external-storage-media.md
         - name: Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education
           href: group-policies-for-enterprise-and-education-editions.md
+        - name: Manage Device Installation with Group Policy
+          href: manage-device-installation-with-group-policy.md
         - name: Manage the Settings app with Group Policy
           href: manage-settings-app-with-group-policy.md
         - name: What version of Windows am I running
@@ -34,7 +36,7 @@ items:
       items: 
         - name: CSP reference     
           href: mdm/configuration-service-provider-reference.md
-    - name: Troubleshoot Windows 10 clients
+    - name: Troubleshoot Windows clients
       items: 
         - name: Windows 10 support solutions      
           href: windows-10-support-solutions.md
@@ -53,6 +55,12 @@ items:
               items: 
                 - name: Collect data using Network Monitor
                   href: troubleshoot-tcpip-netmon.md
+                - name: "Part 1: TCP/IP performance overview"
+                  href: /troubleshoot/windows-server/networking/overview-of-tcpip-performance
+                - name: "Part 2: TCP/IP performance underlying network issues"
+                  href: /troubleshoot/windows-server/networking/troubleshooting-tcpip-performance-underlying-network
+                - name: "Part 3: TCP/IP performance known issues"
+                  href: /troubleshoot/windows-server/networking/tcpip-performance-known-issues                
                 - name: Troubleshoot TCP/IP connectivity
                   href: troubleshoot-tcpip-connectivity.md
                 - name: Troubleshoot port exhaustion
diff --git a/windows/client-management/troubleshoot-event-id-41-restart.md b/windows/client-management/troubleshoot-event-id-41-restart.md
index f2673f9414..48678bf786 100644
--- a/windows/client-management/troubleshoot-event-id-41-restart.md
+++ b/windows/client-management/troubleshoot-event-id-41-restart.md
@@ -2,7 +2,7 @@
 title: Advanced troubleshooting for Event ID 41 - "The system has rebooted without cleanly shutting down first"
 description: Describes the circumstances that cause a computer to generate Event ID 41, and provides guidance for troubleshooting the issue
 author: Teresa-Motiv
-ms.author: v-tea
+ms.author: dougeby
 ms.date: 12/27/2019
 ms.prod: w10
 ms.topic: article
@@ -13,7 +13,7 @@ audience: ITPro
 ms.localizationpriority: medium
 keywords: event id 41, reboot, restart, stop error, bug check code
 manager: kaushika
-
+ms.collection: highpri
 ---
 
 # Advanced troubleshooting for Event ID 41: "The system has rebooted without cleanly shutting down first"
@@ -23,7 +23,7 @@ manager: kaushika
 
 The preferred way to shut down Windows is to select **Start**, and then select an option to turn off or shut down the computer. When you use this standard method, the operating system closes all files and notifies the running services and applications so that they can write any unsaved data to disk and flush any active caches.
 
-If your computer shuts down unexpectedly, Windows logs Event ID 41 the next time that the computer starts. The event text resembles the following:
+If your computer shuts down unexpectedly, Windows logs Event ID 41 the next time that the computer starts. The event text resembles the following information:
 
 > Event ID: 41  
 > Description: The system has rebooted without cleanly shutting down first.
@@ -41,15 +41,15 @@ This event indicates that some unexpected activity prevented Windows from shutti
 
 ## How to use Event ID 41 when you troubleshoot an unexpected shutdown or restart
 
-By itself, Event ID 41 might not contain sufficient information to explicitly define what occurred. Typically, you have to also consider what was occurring at the time of the unexpected shutdown (for example, the power supply failed). Use the information in this article to identify a troubleshooting approach that is appropriate for your circumstances:
+By itself, Event ID 41 might not contain sufficient information to explicitly define what occurred. Typically, you've to also consider what was occurring at the time of the unexpected shutdown (for example, the power supply failed). Use the information in this article to identify a troubleshooting approach that is appropriate for your circumstances:
 
 - [Scenario 1](#scen1): The computer restarts because of a Stop error, and Event ID 41 contains a Stop error (bug check) code
 - [Scenario 2](#scen2): The computer restarts because you pressed and held the power button
-- [Scenario 3](#scen3): The computer is unresponsive or randomly restarts, and Event ID 41 is not logged or the Event ID 41 entry lists error code values of zero
+- [Scenario 3](#scen3): The computer is unresponsive or randomly restarts, and Event ID 41 isn't logged or the Event ID 41 entry lists error code values of zero
 
 ### Scenario 1: The computer restarts because of a Stop error, and Event ID 41 contains a Stop error (bug check) code
 
-When a computer shuts down or restarts because of a Stop error, Windows includes the Stop error data in Event ID 41 as part of the additional event data. This information includes the Stop error code (also called a bug check code), as shown in the following example:
+When a computer shuts down or restarts because of a Stop error, Windows includes the Stop error data in Event ID 41 as part of more event data. This information includes the Stop error code (also called a bug check code), as shown in the following example:
 
 > EventData  
 > BugcheckCode 159  
@@ -78,43 +78,43 @@ After you identify the hexadecimal value, use the following references to contin
 
 ### Scenario 2: The computer restarts because you pressed and held the power button
 
-Because this method of restarting the computer interferes with the Windows shutdown operation, we recommend that you use this method only if you have no alternative. For example, you might have to use this approach if your computer is not responding. When you restart the computer by pressing and holding the power button, the computer logs an Event ID 41 that includes a non-zero value for the **PowerButtonTimestamp** entry.
+Because this method of restarting the computer interferes with the Windows shutdown operation, we recommend that you use this method only if you've no alternative. For example, you might have to use this approach if your computer isn't responding. When you restart the computer by pressing and holding the power button, the computer logs an Event ID 41 that includes a non-zero value for the **PowerButtonTimestamp** entry.
 
 For help when troubleshooting an unresponsive computer, see [Windows Help](https://support.microsoft.com/hub/4338813/windows-help?os=windows-10). Consider searching for assistance by using keywords such as "hang," "responding," or "blank screen."
 
-### Scenario 3: The computer is unresponsive or randomly restarts, and Event ID 41 is not recorded or the Event ID 41 entry or lists error code values of zero
+### Scenario 3: The computer is unresponsive or randomly restarts, and Event ID 41 isn't recorded or the Event ID 41 entry or lists error code values of zero
 
 This scenario includes the following circumstances:
 
 - You shut off power to an unresponsive computer, and then you restart the computer.  
-   To verify that a computer is unresponsive, press the CAPS LOCK key on the keyboard. If the CAPS LOCK light on the keyboard does not change when you press the CAPS LOCK key, the computer might be completely unresponsive (also known as a *hard hang*).  
-- The computer restarts, but it does not generate Event ID 41.
+   To verify that a computer is unresponsive, press the CAPS LOCK key on the keyboard. If the CAPS LOCK light on the keyboard doesn't change when you press the CAPS LOCK key, the computer might be unresponsive (also known as a *hard hang*).  
+- The computer restarts, but it doesn't generate Event ID 41.
 - The computer restarts and generates Event ID 41, but the **BugcheckCode** and **PowerButtonTimestamp** values are zero.
 
 In such cases, something prevents Windows from generating error codes or from writing error codes to disk. Something might block write access to the disk (as in the case of an unresponsive computer) or the computer might shut down too quickly to write the error codes or even detect an error.
 
 The information in Event ID 41 provides some indication of where to start checking for problems:
 
-- **Event ID 41 is not recorded or the bug check code is zero**. This behavior might indicate a power supply problem. If the power to a computer is interrupted, the computer might shut down without generating a Stop error. If it does generate a Stop error, it might not finish writing the error codes to disk. The next time the computer starts, it might not log Event ID 41. Or, if it does, the bug check code is zero. Conditions such as the following might be the cause:
-  - In the case of a portable computer, the battery was removed or completely drained.
+- **Event ID 41 isn't recorded or the bug check code is zero**. This behavior might indicate a power supply problem. If the power to a computer is interrupted, the computer might shut down without generating a Stop error. If it does generate a Stop error, it might not finish writing the error codes to disk. The next time the computer starts, it might not log Event ID 41. Or, if it does, the bug check code is zero. The following conditions might be the cause:
+  - In the case of a portable computer, the battery was removed or drained.
   - In the case of a desktop computer, the computer was unplugged or experienced a power outage.
   - The power supply is underpowered or faulty.
 
-- **The PowerButtonTimestamp value is zero**. This behavior might occur if you disconnected the power to a computer that was not responding to input. Conditions such as the following might be the cause:
+- **The PowerButtonTimestamp value is zero**. This behavior might occur if you disconnected the power to a computer that wasn't responding to input. The following conditions might be the cause:
   - A Windows process blocked write access to the disk, and you shut down the computer by pressing and holding the power button for at least four seconds.
   - You disconnected the power to an unresponsive computer.
 
-Typically, the symptoms described in this scenario indicate a hardware problem. To help isolate the problem, do the following:
+Typically, the symptoms described in this scenario indicate a hardware problem. To help isolate the problem, do the following steps:
 
 - **Disable overclocking**. If the computer has overclocking enabled, disable it. Verify that the issue occurs when the system runs at the correct speed.
 - **Check the memory**. Use a memory checker to determine the memory health and configuration. Verify that all memory chips run at the same speed and that every chip is configured correctly in the system.
-- **Check the power supply**. Verify that the power supply has enough wattage to appropriately handle the installed devices. If you added memory, installed a newer processor, installed additional drives, or added external devices, such devices can require more energy than the current power supply can provide consistently. If the computer logged Event ID 41 because the power to the computer was interrupted, consider obtaining an uninterruptible power supply (UPS) such as a battery backup power supply.
+- **Check the power supply**. Verify that the power supply has enough wattage to appropriately handle the installed devices. If you added memory, installed a newer processor, installed more drives, or added external devices, such devices can require more energy than the current power supply can provide consistently. If the computer logged Event ID 41 because the power to the computer was interrupted, consider obtaining an uninterruptible power supply (UPS) such as a battery backup power supply.
 - **Check for overheating**. Examine the internal temperature of the hardware and check for any overheating components.
 
-If you perform these checks and still cannot isolate the problem, set the system to its default configuration and verify whether the issue still occurs.
+If you perform these checks and still can't isolate the problem, set the system to its default configuration and verify whether the issue still occurs.
 
 > [!NOTE]  
-> If you see a Stop error message that includes a bug check code, but Event ID 41 does not include that code, change the restart behavior for the computer. To do this, follow these steps:
+> If you see a Stop error message that includes a bug check code, but Event ID 41 doesn't include that code, change the restart behavior for the computer. To do this, follow these steps:
 >  
 > 1. Right-click **My Computer**, then select **Properties** > **Advanced system settings** > **Advanced**.
 > 1. In the **Startup and Recovery** section, select **Settings**.
diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md
index e0afd3d480..3437793da8 100644
--- a/windows/client-management/troubleshoot-inaccessible-boot-device.md
+++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md
@@ -37,11 +37,11 @@ Any one of the following factors might cause the stop error:
 
 * Corrupted files in the **Boot** partition (for example, corruption in the volume that's labeled **SYSTEM** when you run the `diskpart` > `list vol` command)
 
-* If there is a blank GPT entry before the entry of the **Boot** partition
+* If there's a blank GPT entry before the entry of the **Boot** partition
 
 ## Troubleshoot this error
 
-Start the computer in [Windows Recovery Mode (WinRE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre). To do this, follow these steps.
+Start the computer in [Windows Recovery Mode (WinRE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre) by following these steps.
 
 1. Start the system by using [the installation media for the installed version of Windows](https://support.microsoft.com/help/15088).
 
@@ -92,7 +92,7 @@ If the `list disk` command lists the OS disks correctly, run the `list vol` comm
 
 ### Verify the integrity of Boot Configuration Database
 
-Check whether the Boot Configuration Database (BCD) has all the correct entries. To do this, run `bcdedit` at the WinRE command prompt.
+Check whether the Boot Configuration Database (BCD) has all the correct entries. To do this step, run `bcdedit` at the WinRE command prompt.
 
 To verify the BCD entries:
 
@@ -119,7 +119,7 @@ To verify the BCD entries:
    > [!NOTE]
    > If the computer is UEFI-based, the file path value that's specified in the **path** parameter of **{bootmgr}** and **{default}** contains an **.efi** extension.
 
-   ![bcdedit](images/screenshot1.png)
+   ![bcdedit.](images/screenshot1.png)
 
 If any of the information is wrong or missing, we recommend that you create a backup of the BCD store. To do this, run `bcdedit /export C:\temp\bcdbackup`. This command creates a backup in **C:\\temp\\** that's named **bcdbackup**. To restore the backup, run `bcdedit /import C:\temp\bcdbackup`. This command overwrites all BCD settings by using the settings in **bcdbackup**.
 
@@ -150,7 +150,7 @@ If the files are missing, and you want to rebuild the boot files, follow these s
    Bcdboot <**OSDrive* >:\windows /s <**SYSTEMdrive* >: /f ALL
    ```
 
-   For example, if we assign the `` (WinRE drive) the letter R and the `` is the letter D, the following is the command that we would use:
+   For example, if we assign the `` (WinRE drive) the letter R and the `` is the letter D, we would use the following command:
 
    ```console
    Bcdboot D:\windows /s R: /f ALL
@@ -159,7 +159,7 @@ If the files are missing, and you want to rebuild the boot files, follow these s
    >[!NOTE]
    >The **ALL** part of the **bcdboot** command writes all the boot files (both UEFI and BIOS) to their respective locations.
 
-If you don't have a Windows 10 ISO, format the partition and copy **bootmgr** from another working computer that has a similar Windows build. To do this, follow these steps:
+If you don't have a Windows 10 ISO, format the partition and copy **bootmgr** from another working computer that has a similar Windows build. To do the formatting and copying, follow these steps:
 
 1. Start **Notepad**.
 
@@ -179,11 +179,11 @@ Dism /Image:: /Get-packages
 
 After you run this command, you'll see the **Install pending** and **Uninstall Pending** packages:
 
-![Dism output pending update](images/pendingupdate.png)
+![Dism output pending update.](images/pendingupdate.png)
 
 1. Run the `dism /Image:C:\ /Cleanup-Image /RevertPendingActions` command. Replace **C:** with the system partition for your computer.
 
-    ![Dism output revert pending](images/revertpending.png)
+    ![Dism output revert pending.](images/revertpending.png)
 
 2. Navigate to ***OSdriveLetter*:\Windows\WinSxS**, and then check whether the **pending.xml** file exists. If it does, rename it to **pending.xml.old**.
 
@@ -193,14 +193,14 @@ After you run this command, you'll see the **Install pending** and **Uninstall P
 
 5. Navigate to ***OSdriveLetter*:\Windows\System32\config**, select the file that's named **COMPONENT** (with no extension), and then select **Open**. When you're prompted, enter the name **OfflineComponentHive** for the new hive.
     
-    ![Load Hive](images/loadhive.png)
+    ![Load Hive.](images/loadhive.png)
 
 6. Expand **HKEY_LOCAL_MACHINE\OfflineComponentHive**, and check whether the **PendingXmlIdentifier** key exists. Create a backup of the **OfflineComponentHive** key, and then delete the **PendingXmlIdentifier** key.
 
-7. Unload the hive. To do this, highlight **OfflineComponentHive**, and then select **File** > **Unload hive**.
+7. Unload the hive. To do this unloading, highlight **OfflineComponentHive**, and then select **File** > **Unload hive**.
 
    > [!div class="mx-imgBorder"]
-   > ![Unload Hive](images/unloadhive.png)![Unload Hive](images/unloadhive1.png)
+   > ![Unload Hive.](images/unloadhive.png)![Unload Hive](images/unloadhive1.png)
 
 8. Select **HKEY_LOCAL_MACHINE**, go to **File** > **Load Hive**, navigate to ***OSdriveLetter*:\Windows\System32\config**, select the file that's named **SYSTEM** (with no extension), and then select **Open**. When you're prompted, enter the name **OfflineSystemHive** for the new hive.
 
@@ -229,7 +229,7 @@ After you run this command, you'll see the **Install pending** and **Uninstall P
 
    If these keys exist, check each one to make sure that it has a value that's named **Start**, and that it's set to **0**. If it's not, set the value to **0**.
 
-   If any of these keys don't exist, you can try to replace the current registry hive by using the hive from **RegBack**. To do this, run the following commands:
+   If any of these keys don't exist, you can try to replace the current registry hive by using the hive from **RegBack**. To do this step, run the following commands:
 
    ```console
    cd OSdrive:\Windows\System32\config
@@ -256,7 +256,7 @@ Check whether there are any non-Microsoft upper and lower filter drivers on the
    \Control\Class\\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
 
    > [!div class="mx-imgBorder"]
-   > ![Registry](images/controlset.png) 
+   > ![Registry.](images/controlset.png) 
 
    If an **UpperFilters**  or **LowerFilters**  entry is non-standard (for example, it's not a Windows default filter driver, such as PartMgr), remove the entry. To remove it, double-click it in the right pane, and then delete only that value.
 
@@ -270,12 +270,12 @@ Check whether there are any non-Microsoft upper and lower filter drivers on the
 
 ### Running SFC and Chkdsk
 
- If the computer still doesn't start, you can try to run a **chkdisk**  process on the system drive, and then also run System File Checker. To do this, run the following commands at a WinRE command prompt:
+ If the computer still doesn't start, you can try to run a **chkdisk**  process on the system drive, and then also run System File Checker. Do these steps by running the following commands at a WinRE command prompt:
 
 *	`chkdsk /f /r OsDrive:`
 
-    ![Check disk](images/check-disk.png)
+    ![Check disk.](images/check-disk.png)
 
 *	`sfc /scannow /offbootdir=OsDrive:\ /offwindir=OsDrive:\Windows`
 
-    ![SFC scannow](images/sfc-scannow.png)
+    ![SFC scannow.](images/sfc-scannow.png)
diff --git a/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md b/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md
index fb99d5d919..a22426c30a 100644
--- a/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md
+++ b/windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md
@@ -2,7 +2,7 @@
 title: Stop error occurs when you update the in-box Broadcom network adapter driver
 description: Describes an issue that causes a stop error when you update an in-box Broadcom driver on Windows Server 2019, version 1809.
 author: Teresa-Motiv
-ms.author: v-tea
+ms.author: dougeby
 ms.date: 2/3/2020
 ms.prod: w10
 ms.topic: article
diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md
index c76deedcd3..81396fc528 100644
--- a/windows/client-management/troubleshoot-stop-errors.md
+++ b/windows/client-management/troubleshoot-stop-errors.md
@@ -1,185 +1,175 @@
 ---
-title: Advanced troubleshooting for Stop error or blue screen error issue
-ms.reviewer: 
-manager: dansimp
-description: Learn advanced options for troubleshooting Stop errors, also known as blue screen errors or bug check errors.
+title: Advanced troubleshooting for stop or blue screen errors
+description: Learn advanced options for troubleshooting stop errors, also known as blue screen errors or bug check errors.
 ms.prod: w10
-ms.mktglfcycl:
-ms.sitesec: library
+ms.technology: windows
 ms.topic: troubleshooting
-author: dansimp
+author: aczechowski
+ms.author: aaroncz
+manager: dougeby
+ms.reviewer: 
 ms.localizationpriority: medium
-ms.author: dansimp
+ms.collection: highpri
 ---
 
-# Advanced troubleshooting for Stop error or blue screen error issue
+# Advanced troubleshooting for stop or blue screen errors
 
->[!NOTE]
->If you're not a support agent or IT professional, you'll find more helpful information about Stop error ("blue screen") messages in [Troubleshoot blue screen errors](https://support.microsoft.com/help/14238).
+> [!NOTE]
+> If you're not a support agent or IT professional, you'll find more helpful information about stop error ("blue screen") messages in [Troubleshoot blue screen errors](https://support.microsoft.com/sbs/windows/troubleshoot-blue-screen-errors-5c62726c-6489-52da-a372-3f73142c14ad).
 
- 
-## What causes Stop errors?
+## What causes stop errors?
 
-A Stop error is displayed as a blue screen that contains the name of the faulty driver, such as any of the following example drivers:
+A stop error is displayed as a blue screen that contains the name of the faulty driver, such as any of the following example drivers:
 
 - `atikmpag.sys`
 - `igdkmd64.sys`
 - `nvlddmkm.sys`
 
-There is no simple explanation for the cause of Stop errors (also known as blue screen errors or bug check errors). Many different factors can be involved. However, various studies indicate that Stop errors usually are not caused by Microsoft Windows components. Instead, these errors are generally related to malfunctioning hardware drivers or drivers that are installed by third-party software. This includes video cards, wireless network cards, security programs, and so on.
+There's no simple explanation for the cause of stop errors (also known as blue screen errors or bug check errors). Many different factors can be involved. However, various studies indicate that stop errors usually aren't caused by Microsoft Windows components. Instead, these errors are related to malfunctioning hardware drivers or drivers that are installed by third-party software. These drivers include video cards, wireless network cards, security programs, and so on.
 
-Our analysis of the root causes of crashes indicates the following:
+Our analysis of the root causes of crashes indicates that:
 
-- 70 percent are caused by third-party driver code
-- 10 percent are caused by hardware issues 
-- 5 percent are caused by Microsoft code
-- 15 percent have unknown causes (because the memory is too corrupted to analyze)
+- 70% are caused by third-party driver code.
+- 10% are caused by hardware issues.
+- 5% are caused by Microsoft code.
+- 15% have unknown causes, because the memory is too corrupted to analyze.
 
 > [!NOTE]
-> The root cause of Stop errors is never a user-mode process. While a user-mode process (such as Notepad or Slack) may trigger a Stop error, it is merely exposing the underlying bug which is always in a driver, hardware, or the OS.
+> The root cause of stop errors is never a user-mode process. While a user-mode process (such as Notepad or Slack) may trigger a stop error, it is merely exposing the underlying bug which is always in a driver, hardware, or the OS.
 
 ## General troubleshooting steps
 
-To troubleshoot Stop error messages, follow these general steps:
+To troubleshoot stop error messages, follow these general steps:
 
-1. Review the Stop error code that you find in the event logs. Search online for the specific Stop error codes to see whether there are any known issues, resolutions, or workarounds for the problem.
+1. Review the stop error code that you find in the event logs. Search online for the specific stop error codes to see whether there are any known issues, resolutions, or workarounds for the problem.
 
-2. As a best practice, we recommend that you do the following:
+1. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system. For example:
 
-    1. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system:
+    - [Windows 10, version 21H2](https://support.microsoft.com/topic/windows-10-update-history-857b8ccb-71e4-49e5-b3f6-7073197d98fb)
+    - [Windows 10, version 21H1](https://support.microsoft.com/topic/windows-10-update-history-1b6aac92-bf01-42b5-b158-f80c6d93eb11)
+    - [Windows 10, version 20H2](https://support.microsoft.com/topic/windows-10-update-history-7dd3071a-3906-fa2c-c342-f7f86728a6e3)
 
-        - [Windows 10, version 2004](https://support.microsoft.com/help/4555932)  
-        - [Windows 10, version 1909](https://support.microsoft.com/help/4529964)
-        - [Windows 10, version 1903](https://support.microsoft.com/help/4498140)
-        - [Windows 10, version 1809](https://support.microsoft.com/help/4464619)
-        - [Windows 10, version 1803](https://support.microsoft.com/help/4099479)
-        - [Windows 10, version 1709](https://support.microsoft.com/help/4043454)
-        - [Windows 10, version 1703](https://support.microsoft.com/help/4018124)
-        - [Windows Server 2016 and Windows 10, version 1607](https://support.microsoft.com/help/4000825)
-        - [Windows 10, version 1511](https://support.microsoft.com/help/4000824)
-        - [Windows Server 2012 R2 and Windows 8.1](https://support.microsoft.com/help/4009470)
-        - [Windows Server 2008 R2 and Windows 7 SP1](https://support.microsoft.com/help/4009469)
+1. Make sure that the BIOS and firmware are up-to-date.
 
-     1. Make sure that the BIOS and firmware are up-to-date.
+1. Run any relevant hardware and memory tests.
 
-     1. Run any relevant hardware and memory tests.
+1. Run [Microsoft Safety Scanner](/microsoft-365/security/intelligence/safety-scanner-download) or any other virus detection program that includes checks of the MBR for infections.
 
-3. Run the [Machine Memory Dump Collector](https://home.diagnostics.support.microsoft.com/selfhelp?knowledgebasearticlefilter=2027760&wa=wsignin1.0) Windows diagnostic package. This diagnostic tool is used to collect machine memory dump files and check for known solutions.
+1. Make sure that there's sufficient free space on the hard disk. The exact requirement varies, but we recommend 10-15 percent free disk space.
 
-4. Run [Microsoft Safety Scanner](https://www.microsoft.com/security/scanner/en-us/default.aspx) or any other virus detection program that includes checks of the Master Boot Record for infections.
+1. Contact the respective hardware or software vendor to update the drivers and applications in the following scenarios:
 
-5. Make sure that there is sufficient free space on the hard disk. The exact requirement varies, but we recommend 10–15 percent free disk space.
+    - The error message indicates that a specific driver is causing the problem.
+    - You're seeing an indication of a service that is starting or stopping before the crash occurred. In this situation, determine whether the service behavior is consistent across all instances of the crash.
+    - You have made any software or hardware changes.
 
-6. Contact the respective hardware or software vendor to update the drivers and applications in the following scenarios:
-  
-   - The error message indicates that a specific driver is causing the problem.
-   - You are seeing an indication of a service that is starting or stopping before the crash occurred. In this situation, determine whether the service behavior is consistent across all instances of the crash.
-   - You have made any software or hardware changes.
-
-     >[!NOTE]
-     >If there are no updates available from a specific manufacturer, it is recommended that you disable the related service.
-     >
-     >To do this, see [How to perform a clean boot in Windows](https://support.microsoft.com/help/929135).
-     >
-     >You can disable a driver by following the steps in [How to temporarily deactivate the kernel mode filter driver in Windows](https://support.microsoft.com/help/816071).
-     >
-     >You may also want to consider the option of rolling back changes or reverting to the last-known working state. For more information, see [Roll Back a Device Driver to a Previous Version](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732648(v=ws.11)).
+    > [!NOTE]
+    > If there are no updates available from a specific manufacturer, we recommend that you disable the related service.
+    >
+    > For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd).
+    >
+    > You can disable a driver by following the steps in [How to temporarily deactivate the kernel mode filter driver in Windows](/troubleshoot/windows-server/performance/deactivate-kernel-mode-filter-driver).
+    >
+    > You may also want to consider the option of rolling back changes or reverting to the last-known working state. For more information, see [Roll back a device driver to a previous version](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732648(v=ws.11)).
 
 ### Memory dump collection
 
 To configure the system for memory dump files, follow these steps:
 
-1. [Download DumpConfigurator tool](https://codeplexarchive.blob.core.windows.net/archive/projects/WinPlatTools/WinPlatTools.zip).
+1. Select the Taskbar search box, type **Advanced system settings**, and then press **Enter**.
 
-2. Extract the .zip file and navigate to **Source Code** folder.
+2. On the **Advanced** tab on the System Properties box, select the **Settings** button that appears in the section **Startup and Recovery**.
 
-3. Run the tool DumpConfigurator.hta, and then select **Elevate this HTA**.
+3. In the new window, select the drop-down below the option **Write debugging information**.
 
-4. Select **Auto Config Kernel**.
+4. Choose **Automatic memory dump**.
 
-5. Restart the computer for the setting to take effect. 
+5. Select **OK**.
 
-6. Stop and disable Automatic System Restart Services (ASR) to prevent dump files from being written. 
+6. Restart the computer for the setting to take effect.
 
-7. If the server is virtualized, disable auto reboot after the memory dump file is created. This lets you take a snapshot of the server in-state and also if the problem recurs.
+7. If the server is virtualized, disable auto reboot after the memory dump file is created. This disablement lets you take a snapshot of the server in-state and also if the problem recurs.
 
 The memory dump file is saved at the following locations:
 
-| Dump file type | Location |
-|----------------|----------|
-|(none) | %SystemRoot%\MEMORY.DMP (inactive, or grayed out) |
-|Small memory dump file (256 kb) | %SystemRoot%\Minidump |
-|Kernel memory dump file | %SystemRoot%\MEMORY.DMP |
-| Complete memory dump file | %SystemRoot%\MEMORY.DMP |
-| Automatic memory dump file | %SystemRoot%\MEMORY.DMP |
-| Active memory dump file | %SystemRoot%\MEMORY.DMP |
+| Dump file type                  | Location                                            |
+|---------------------------------|-----------------------------------------------------|
+| (none)                          | `%SystemRoot%\MEMORY.DMP` (inactive, or grayed out) |
+| Small memory dump file (256 kb) | `%SystemRoot%\Minidump`                             |
+| Kernel memory dump file         | `%SystemRoot%\MEMORY.DMP`                           |
+| Complete memory dump file       | `%SystemRoot%\MEMORY.DMP`                           |
+| Automatic memory dump file      | `%SystemRoot%\MEMORY.DMP`                           |
+| Active memory dump file         | `%SystemRoot%\MEMORY.DMP`                           |
 
-You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid. For more information, see the following video:

                  
+You can use the Microsoft Crash Dump File Checker (DumpChk) tool to verify that the memory dump files aren't corrupted or invalid. For more information, see the following video:
 
->[!video https://www.youtube.com/embed/xN7tOfgNKag]
+> [!VIDEO https://www.youtube.com/embed/xN7tOfgNKag]
 
-More information on how to use Dumpchk.exe to check your dump files:
+For more information on how to use Dumpchk.exe to check your dump files, see the following articles:
 
-- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
-- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
+- [Using DumpChk](/windows-hardware/drivers/debugger/dumpchk)
+- [Download DumpChk](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
 
-### Pagefile Settings
+### Pagefile settings
 
-- [Introduction of page file in Long-Term Servicing Channel and Semi-Annual Channel of Windows](https://support.microsoft.com/help/4133658) 
-- [How to determine the appropriate page file size for 64-bit versions of Windows](https://support.microsoft.com/help/2860880) 
-- [How to generate a kernel or a complete memory dump file in Windows Server 2008 and Windows Server 2008 R2](https://support.microsoft.com/help/969028)
+For more information on pagefile settings, see the following articles:
+
+- [Introduction to page files](introduction-page-file.md)
+- [How to determine the appropriate page file size for 64-bit versions of Windows](determine-appropriate-page-file-size.md)
+- [Generate a kernel or complete crash dump](generate-kernel-or-complete-crash-dump.md)
 
 ### Memory dump analysis
 
 Finding the root cause of the crash may not be easy. Hardware problems are especially difficult to diagnose because they may cause erratic and unpredictable behavior that can manifest itself in various symptoms.
 
-When a Stop error occurs, you should first isolate the problematic components, and then try to cause them to trigger the Stop error again. If you can replicate the problem, you can usually determine the cause.
+When a stop error occurs, you should first isolate the problematic components, and then try to cause them to trigger the stop error again. If you can replicate the problem, you can usually determine the cause.
 
-You can use the tools such as Windows Software Development KIT (SDK) and Symbols to diagnose dump logs. The next section discusses how to use this tool.
+You can use the tools such as Windows Software Development Kit (SDK) and symbols to diagnose dump logs. The next section discusses how to use this tool.
 
 ## Advanced troubleshooting steps
 
->[!NOTE]
->Advanced troubleshooting of crash dumps can be very challenging if you are not experienced with programming and internal Windows mechanisms. We have attempted to provide a brief insight here into some of the techniques used, including some examples. However, to really be effective at troubleshooting a crash dump, you should spend time becoming familiar with advanced debugging techniques. For a video overview, see [Advanced Windows Debugging](https://channel9.msdn.com/Blogs/Charles/Advanced-Windows-Debugging-An-Introduction) and [Debugging Kernel Mode Crashes and Hangs](https://channel9.msdn.com/Shows/Defrag-Tools/DefragTools-137-Debugging-kernel-mode-dumps). Also see the advanced references listed below.
+> [!NOTE]
+> Advanced troubleshooting of crash dumps can be very challenging if you aren't experienced with programming and internal Windows mechanisms. We have attempted to provide a brief insight here into some of the techniques used, including some examples. However, to really be effective at troubleshooting a crash dump, you should spend time becoming familiar with advanced debugging techniques. For a video overview, [Debugging kernel mode crashes and hangs](/shows/defrag-tools/defragtools-137-debugging-kernel-mode-dumps). Also see the advanced references listed below.
 
 ### Advanced debugging references
 
-- [Advanced Windows Debugging](https://www.amazon.com/Advanced-Windows-Debugging-Mario-Hewardt/dp/0321374460)
-- [Debugging Tools for Windows (WinDbg, KD, CDB, NTSD)](/windows-hardware/drivers/debugger/index)
+- [Advanced Windows Debugging, first edition book](https://www.amazon.com/Advanced-Windows-Debugging-Mario-Hewardt/dp/0321374460)
+- [Debugging Tools for Windows (WinDbg, KD, CDB, NTSD)](/windows-hardware/drivers/debugger/)
 
 ### Debugging steps
 
-1. Verify that the computer is set up to generate a complete memory dump file when a crash occurs. See the steps [here](troubleshoot-windows-freeze.md#method-1-memory-dump) for more information. 
+1. Verify that the computer is set up to generate a complete memory dump file when a crash occurs. For more information, see [Method 1: Memory dump](troubleshoot-windows-freeze.md#method-1-memory-dump).
 
 2. Locate the memory.dmp file in your Windows directory on the computer that is crashing, and copy that file to another computer.
 
 3. On the other computer, download the [Windows 10 SDK](https://developer.microsoft.com/windows/downloads/windows-10-sdk).
 
-4. Start the install and choose **Debugging Tools for Windows**. This installs the WinDbg tool.
+4. Start the install and choose **Debugging Tools for Windows**. The WinDbg tool is installed.
 
-5. Open the WinDbg tool and set the symbol path by clicking **File** and then clicking **Symbol File Path**.
+5. Go to the **File** menu and select **Symbol File Path** to open the WinDbg tool and set the symbol path.
 
-    1. If the computer is connected to the Internet, enter the [Microsoft public symbol server](/windows-hardware/drivers/debugger/microsoft-public-symbols) (https://msdl.microsoft.com/download/symbols) and click **OK**. This is the recommended method.
+    1. If the computer is connected to the internet, enter the [Microsoft public symbol server](/windows-hardware/drivers/debugger/microsoft-public-symbols): `https://msdl.microsoft.com/download/symbols` and select **OK**. This method is recommended.
 
-    1. If the computer is not connected to the Internet, you must specify a local [symbol path](/windows-hardware/drivers/debugger/symbol-path).
+    1. If the computer isn't connected to the internet, specify a local [symbol path](/windows-hardware/drivers/debugger/symbol-path).
 
-6. Click on **Open Crash Dump**, and then open the memory.dmp file that you copied. See the example below.
+6. Select **Open Crash Dump**, and then open the memory.dmp file that you copied.
 
-    ![WinDbg img](images/windbg.png)
+    :::image type="content" alt-text="Example output in WinDbg when opening a crash dump file." source="images/windbg.png" lightbox="images/windbg.png":::
 
-7. There should be a link that says **!analyze -v** under **Bugcheck Analysis**. Click that link. This will enter the command !analyze -v in the prompt at the bottom of the page.
+7. Under **Bugcheck Analysis**, select **`!analyze -v`**. The command `!analyze -v` is entered in the prompt at the bottom of the page.
 
-8. A detailed bugcheck analysis will appear. See the example below.
+8. A detailed bug check analysis appears.
 
-    ![Bugcheck analysis](images/bugcheck-analysis.png)
+    :::image type="content" alt-text="An example detailed bug check analysis." source="images/bugcheck-analysis.png" lightbox="images/bugcheck-analysis.png":::
 
-9. Scroll down to the section where it says **STACK_TEXT**. There will be rows of numbers with each row followed by a colon and some text. That text should tell you what DLL is causing the crash and if applicable what service is crashing the DLL.
+9. Scroll down to the **STACK_TEXT** section. There will be rows of numbers with each row followed by a colon and some text. That text should tell you what DLL is causing the crash. If applicable, it also says what service is crashing the DLL.
 
-10. See [Using the !analyze Extension](/windows-hardware/drivers/debugger/using-the--analyze-extension) for details about how to interpret the STACK_TEXT output.
+10. For more information about how to interpret the STACK_TEXT output, see [Using the !analyze Extension](/windows-hardware/drivers/debugger/using-the--analyze-extension).
 
-There are many possible causes of a bugcheck and each case is unique. In the example provided above, the important lines that can be identified from the STACK_TEXT are 20, 21, and 22:
+There are many possible causes of a bug check and each case is unique. In the example provided above, the important lines that can be identified from the STACK_TEXT are 20, 21, and 22:
 
-(HEX data is removed here and lines are numbered for clarity)
+> [!NOTE]
+> HEX data is removed here and lines are numbered for clarity.
 
 ```console
 1  : nt!KeBugCheckEx
@@ -213,62 +203,114 @@ There are many possible causes of a bugcheck and each case is unique. In the exa
 29 : ntdll!RtlUserThreadStart+0x21
 ```
 
-The problem here is with **mpssvc** which is a component of the Windows Firewall. The problem was repaired by disabling the firewall temporarily and then resetting firewall policies. 
+This issue is because of the **mpssvc** service, which is a component of the Windows Firewall. The problem was repaired by disabling the firewall temporarily and then resetting firewall policies.
 
-Additional examples are provided in the [Debugging examples](#debugging-examples) section at the bottom of this article.
+For more examples, see [Debugging examples](#debugging-examples).
 
 ## Video resources
 
 The following videos illustrate various troubleshooting techniques for analyzing dump files.
 
-- [Analyze Dump File](https://www.youtube.com/watch?v=s5Vwnmi_TEY)
-- [Installing Debugging Tool for Windows (x64 and x86)](https://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-Building-your-USB-thumbdrive/player#time=22m29s:paused)
-- [Debugging kernel mode crash memory dumps](https://channel9.msdn.com/Shows/Defrag-Tools/DefragTools-137-Debugging-kernel-mode-dumps)
-- [Special Pool](https://www.youtube.com/watch?v=vHXYS9KdU1k)
- 
+- [Analyze dump file](https://www.youtube.com/watch?v=s5Vwnmi_TEY)
+- [Installing debugging tool for Windows (x64 and x86)](/shows/defrag-tools/building-your-usb-thumbdrive)
+- [Debugging kernel mode crash memory dumps](/shows/defrag-tools/defragtools-137-debugging-kernel-mode-dumps)
+- [Special pool](https://www.youtube.com/watch?v=vHXYS9KdU1k)
+
 ## Advanced troubleshooting using Driver Verifier
 
-We estimate that about 75 percent of all Stop errors are caused by faulty drivers. The Driver Verifier tool provides several methods to help you troubleshoot. These include running drivers in an isolated memory pool (without sharing memory with other components), generating extreme memory pressure, and validating parameters. If the tool encounters errors in the execution of driver code, it proactively creates an exception to let that part of the code be examined further.
+We estimate that about 75 percent of all stop errors are caused by faulty drivers. The Driver Verifier tool provides several methods to help you troubleshoot. These include running drivers in an isolated memory pool (without sharing memory with other components), generating extreme memory pressure, and validating parameters. If the tool encounters errors in the execution of driver code, it proactively creates an exception. It can then further examine that part of the code.
 
->[!WARNING]
->Driver Verifier consumes lots of CPU and can slow down the computer significantly. You may also experience additional crashes. Verifier disables faulty drivers after a Stop error occurs, and continues to do this until you can successfully restart the system and access the desktop. You can also expect to see several dump files created.
+> [!WARNING]
+> Driver Verifier consumes lots of CPU and can slow down the computer significantly. You may also experience additional crashes. Verifier disables faulty drivers after a stop error occurs, and continues to do this until you can successfully restart the system and access the desktop. You can also expect to see several dump files created.
 >
->Don’t try to verify all the drivers at one time. This can degrade performance and make the system unusable. This also limits the effectiveness of the tool.
+> Don't try to verify all the drivers at one time. This action can degrade performance and make the system unusable. It also limits the effectiveness of the tool.
 
 Use the following guidelines when you use Driver Verifier:  
 
-- Test any “suspicious” drivers (drivers that were recently updated or that are known to be problematic).
+- Test any "suspicious" drivers. For example, drivers that were recently updated or that are known to be problematic.
 
 - If you continue to experience non-analyzable crashes, try enabling verification on all third-party and unsigned drivers.
 
-- Enable concurrent verification on groups of 10–20 drivers.
+- Enable concurrent verification on groups of 10-20 drivers.
 
-- Additionally, if the computer cannot boot into the desktop because of Driver Verifier, you can disable the tool by starting in Safe mode. This is because the tool cannot run in Safe mode.
+- Additionally, if the computer can't boot into the desktop because of Driver Verifier, you can disable the tool by starting in Safe mode. This solution is because the tool can't run in Safe mode.
 
 For more information, see [Driver Verifier](/windows-hardware/drivers/devtest/driver-verifier).
 
-## Common Windows Stop errors
+## Common Windows stop errors
 
 This section doesn't contain a list of all error codes, but since many error codes have the same potential resolutions, your best bet is to follow the steps below to troubleshoot your error.
 
-The following table lists general troubleshooting procedures for common Stop error codes.
+The following sections list general troubleshooting procedures for common stop error codes.
 
-Stop error message and code | Mitigation
---- | ---
-VIDEO_ENGINE_TIMEOUT_DETECTED or VIDEO_TDR_TIMEOUT_DETECTED
                  Stop error code 0x00000141, or 0x00000117 | Contact the vendor of the listed display driver to get an appropriate update for that driver.
-DRIVER_IRQL_NOT_LESS_OR_EQUAL 
                  Stop error code 0x0000000D1 | Apply the latest updates for the driver by applying the latest cumulative updates for the system through the Microsoft Update Catalog website.Update an outdated NIC driver. Virtualized VMware systems often run “Intel(R) PRO/1000 MT Network Connection” (e1g6032e.sys). This driver is available at [http://downloadcenter.intel.com](http://downloadcenter.intel.com). Contact the hardware vendor to update the NIC driver for a resolution. For VMware systems, use the VMware integrated NIC driver (types VMXNET or VMXNET2 , VMXNET3 can be used) instead of Intel e1g6032e.sys.
-PAGE_FAULT_IN_NONPAGED_AREA 
                  Stop error code 0x000000050 | If a driver is identified in the Stop error message, contact the manufacturer for an update.If no updates are available, disable the driver, and monitor the system for stability. Run Chkdsk /f /r to detect and repair disk errors. You must restart the system before the disk scan begins on a system partition. Contact the manufacturer for any diagnostic tools that they may provide for the hard disk subsystem. Try to reinstall any application or service that was recently installed or updated. It's possible that the crash was triggered while the system was starting applications and reading the registry for preference settings. Reinstalling the application can fix corrupted registry keys.If the problem persists, and you have run a recent system state backup, try to restore the registry hives from the backup.
-SYSTEM_SERVICE_EXCEPTION 
                  Stop error code c000021a {Fatal System Error} The Windows SubSystem system process terminated unexpectedly with a status of 0xc0000005. The system has been shut down. | Use the System File Checker tool to repair missing or corrupted system files. The System File Checker lets users scan for corruptions in Windows system files and restore corrupted files.  For more information, see [Use the System File Checker tool](https://support.microsoft.com/en-us/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system-files).
-NTFS_FILE_SYSTEM 
                  Stop error code 0x000000024 | This Stop error is commonly caused by corruption in the NTFS file system or bad blocks (sectors) on the hard disk. Corrupted drivers for hard disks (SATA or IDE) can also adversely affect the system's ability to read and write to disk. Run any hardware diagnostics that are provided by the manufacturer of the storage subsystem. Use the scan disk tool to verify that there are no file system errors. To do this, right-click the drive that you want to scan, select Properties, select Tools, and then select the Check now button.We also suggest that you update the NTFS file system driver (Ntfs.sys), and apply the latest cumulative updates for the current operating system that is experiencing the problem. 
-KMODE_EXCEPTION_NOT_HANDLED 
                  Stop error code 0x0000001E | If a driver is identified in the Stop error message, disable or remove that driver. Disable or remove any drivers or services that were recently added. 

                  If the error occurs during the startup sequence, and the system partition is formatted by using the NTFS file system, you might be able to use Safe mode to disable the driver in Device Manager. To do this, follow these steps:

                  Go to **Settings > Update & security > Recovery**. Under **Advanced startup**, select **Restart now**. After your PC restarts to the **Choose an option** screen, select **Troubleshoot > Advanced options > Startup Settings > Restart**. After the computer restarts, you'll see a list of options. Press **4** or **F4** to start the computer in Safe mode. Or, if you intend to use the Internet while in Safe mode, press **5** or **F5** for the Safe Mode with Networking option.
-DPC_WATCHDOG_VIOLATION 
                  Stop error code 0x00000133 | This Stop error code is caused by a faulty driver that does not complete its work within the allotted time frame in certain conditions. To enable us to help mitigate this error, collect the memory dump file from the system, and then use the Windows Debugger to find the faulty driver. If a driver is identified in the Stop error message, disable the driver to isolate the problem. Check with the manufacturer for driver updates. Check the system log in Event Viewer for additional error messages that might help identify the device or driver that is causing Stop error 0x133. Verify that any new hardware that is installed is compatible with the installed version of Windows. For example, you can get information about required hardware at Windows 10 Specifications. If Windows Debugger is installed, and you have access to public symbols, you can load the c:\windows\memory.dmp file into the Debugger, and then refer to [Determining the source of Bug Check 0x133 (DPC_WATCHDOG_VIOLATION) errors on Windows Server 2012](/archive/blogs/ntdebugging/determining-the-source-of-bug-check-0x133-dpc_watchdog_violation-errors-on-windows-server-2012) to find the problematic driver from the memory dump.  
-USER_MODE_HEALTH_MONITOR 
                  Stop error code 0x0000009E		| This Stop error indicates that a user-mode health check failed in a way that prevents graceful shutdown. Therefore, Windows restores critical services by restarting or enabling application failover to other servers. The Clustering Service incorporates a detection mechanism that may detect unresponsiveness in user-mode components.
                  This Stop error usually occurs in a clustered environment, and the indicated faulty driver is RHS.exe.Check the event logs for any storage failures to identify the failing process. Try to update the component or process that is indicated in the event logs. You should see the following event recorded:
                  Event ID: 4870
                  Source: Microsoft-Windows-FailoverClustering
                  Description: User mode health monitoring has detected that the system is not being responsive. The Failover cluster virtual adapter has lost contact with the Cluster Server process with a process ID ‘%1’, for ‘%2’ seconds. Recovery action is taken. Review the Cluster logs to identify the process and investigate which items might cause the process to hang. 
                  For more information, see ["Why is my Failover Clustering node blue screening with a Stop 0x0000009E?"](https://blogs.technet.microsoft.com/askcore/2009/06/12/why-is-my-failover-clustering-node-blue-screening-with-a-stop-0x0000009e) Also, see the following Microsoft video [What to do if a 9E occurs](https://www.youtube.com/watch?v=vOJQEdmdSgw).
+### VIDEO_ENGINE_TIMEOUT_DETECTED or VIDEO_TDR_TIMEOUT_DETECTED
+
+Stop error code 0x00000141, or 0x00000117
+
+Contact the vendor of the listed display driver to get an appropriate update for that driver.
+
+### DRIVER_IRQL_NOT_LESS_OR_EQUAL
+
+Stop error code 0x0000000D1
+
+Apply the latest updates for the driver by applying the latest cumulative updates for the system through the Microsoft Update Catalog website. Update an outdated network driver. Virtualized VMware systems often run "Intel(R) PRO/1000 MT Network Connection" (e1g6032e.sys). You can download this driver from the [Intel Download Drivers & Software website](https://downloadcenter.intel.com). Contact the hardware vendor to update the network driver for a resolution. For VMware systems, use the VMware integrated network driver instead of Intel's e1g6032e.sys. For example, use VMware types `VMXNET`, `VMXNET2`, or `VMXNET3`.
+
+### PAGE_FAULT_IN_NONPAGED_AREA
+
+Stop error code 0x000000050
+
+If a driver is identified in the stop error message, contact the manufacturer for an update. If no updates are available, disable the driver, and monitor the system for stability. Run `chkdsk /f /r` to detect and repair disk errors. Restart the system before the disk scan begins on a system partition. Contact the manufacturer for any diagnostic tools that they may provide for the hard disk subsystem. Try to reinstall any application or service that was recently installed or updated. It's possible that the crash was triggered while the system was starting applications and reading the registry for preference settings. Reinstalling the application can fix corrupted registry keys. If the problem persists, and you have run a recent system state backup, try to restore the registry hives from the backup.
+
+### SYSTEM_SERVICE_EXCEPTION
+
+Stop error code c000021a {Fatal System Error} The Windows SubSystem system process terminated unexpectedly with a status of 0xc0000005. The system has been shut down.
+
+Use the System File Checker tool to repair missing or corrupted system files. The System File Checker lets users scan for corruptions in Windows system files and restore corrupted files.  For more information, see [Use the System File Checker tool](https://support.microsoft.com/topic/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system-files-79aa86cb-ca52-166a-92a3-966e85d4094e).
+
+### NTFS_FILE_SYSTEM
+
+Stop error code 0x000000024
+
+This stop error is commonly caused by corruption in the NTFS file system or bad blocks (sectors) on the hard disk. Corrupted drivers for hard disks (SATA or IDE) can also adversely affect the system's ability to read and write to disk. Run any hardware diagnostics that are provided by the manufacturer of the storage subsystem. Use the scan disk tool to verify that there are no file system errors. To do this step, right-click the drive that you want to scan, select Properties, select Tools, and then select the Check now button. Update the NTFS file system driver (Ntfs.sys). Apply the latest cumulative updates for the current operating system that's experiencing the problem.
+
+### KMODE_EXCEPTION_NOT_HANDLED
+
+Stop error code 0x0000001E
+
+If a driver is identified in the stop error message, disable or remove that driver. Disable or remove any drivers or services that were recently added.
+
+If the error occurs during the startup sequence, and the system partition is formatted by using the NTFS file system, you might be able to use safe mode to disable the driver in Device Manager. To disable the driver, follow these steps:
+
+1. Go to **Settings > Update & security > Recovery**.
+1. Under **Advanced startup**, select **Restart now**.
+1. After your PC restarts to the **Choose an option** screen, select **Troubleshoot > Advanced options > Startup Settings > Restart**.
+1. After the computer restarts, you'll see a list of options. Press **4** or **F4** to start the computer in safe mode. If you intend to use the internet while in safe mode, press **5** or **F5** for the **Safe Mode with Networking** option.
+
+### DPC_WATCHDOG_VIOLATION
+
+Stop error code 0x00000133
+
+This stop error code is caused by a faulty driver that doesn't complete its work within the allotted time frame in certain conditions. To help mitigate this error, collect the memory dump file from the system, and then use the Windows Debugger to find the faulty driver. If a driver is identified in the stop error message, disable the driver to isolate the problem. Check with the manufacturer for driver updates. Check the system log in Event Viewer for other error messages that might help identify the device or driver that's causing stop error 0x133. Verify that any new hardware that's installed is compatible with the installed version of Windows. For example, you can get information about required hardware at Windows 10 Specifications. If Windows Debugger is installed, and you have access to public symbols, you can load the `c:\windows\memory.dmp` file into the debugger. Then refer to [Determining the source of Bug Check 0x133 (DPC_WATCHDOG_VIOLATION) errors on Windows Server 2012](/archive/blogs/ntdebugging/determining-the-source-of-bug-check-0x133-dpc_watchdog_violation-errors-on-windows-server-2012) to find the problematic driver from the memory dump.
+
+### USER_MODE_HEALTH_MONITOR
+
+Stop error code 0x0000009E
+
+This stop error indicates that a user-mode health check failed in a way that prevents graceful shutdown. Windows restores critical services by restarting or enabling application failover to other servers. The Clustering Service incorporates a detection mechanism that may detect unresponsiveness in user-mode components.
+
+This stop error usually occurs in a clustered environment, and the indicated faulty driver is RHS.exe. Check the event logs for any storage failures to identify the failing process. Try to update the component or process that's indicated in the event logs. You should see the following event recorded:
+
+- Event ID: 4870
+- Source: Microsoft-Windows-FailoverClustering
+- Description: User mode health monitoring has detected that the system isn't being responsive. The Failover cluster virtual adapter has lost contact with the Cluster Server process with a process ID '%1', for '%2' seconds. Recovery action is taken. Review the Cluster logs to identify the process and investigate which items might cause the process to hang.
+
+For more information, see ["0x0000009E" Stop error on cluster nodes in a Windows Server-based multi-node failover cluster environment](https://support.microsoft.com/topic/-0x0000009e-stop-error-on-cluster-nodes-in-a-windows-server-based-multi-node-failover-cluster-environment-7e0acceb-b498-47f8-e004-96de6e497cba) Also, see the following Microsoft video [What to do if a 9E occurs](https://www.youtube.com/watch?v=vOJQEdmdSgw).
 
 ## Debugging examples
 
 ### Example 1
 
-This bugcheck is caused by a driver hang during upgrade, resulting in a bugcheck D1 in NDIS.sys (a Microsoft driver).  The **IMAGE_NAME** tells you the faulting driver, but since this is Microsoft driver it cannot be replaced or removed. The resolution method is to disable the network device in device manager and try the upgrade again.
+This bug check is caused by a driver hang during upgrade, resulting in a bug check D1 in NDIS.sys, which is a Microsoft driver. The **IMAGE_NAME** tells you the faulting driver, but since this driver is s Microsoft driver, it can't be replaced or removed. The resolution method is to disable the network device in device manager and try the upgrade again.
 
 ```console
 2: kd> !analyze -v
@@ -339,7 +381,7 @@ ANALYSIS_SESSION_HOST:  SHENDRIX-DEV0
 ANALYSIS_SESSION_TIME:  01-17-2019 11:06:05.0653
 ANALYSIS_VERSION: 10.0.18248.1001 amd64fre
 TRAP_FRAME:  ffffa884c0c3f6b0 -- (.trap 0xffffa884c0c3f6b0)
-NOTE: The trap frame does not contain all registers.
+NOTE: The trap frame doesn't contain all registers.
 Some register values may be zeroed or incorrect.
 rax=fffff807ad018bf0 rbx=0000000000000000 rcx=000000000011090a
 rdx=fffff807ad018c10 rsi=0000000000000000 rdi=0000000000000000
@@ -427,7 +469,7 @@ Followup:     ndiscore
 
 ### Example 2
 
-In this example, a non-Microsoft driver caused page fault, so we don’t have symbols for this driver.  However, looking at **IMAGE_NAME** and or **MODULE_NAME** indicates it’s **WwanUsbMP.sys** that caused the issue.  Disconnecting the device and retrying the upgrade is a possible solution.
+In this example, a non-Microsoft driver caused page fault, so we don't have symbols for this driver. However, looking at **IMAGE_NAME** and or **MODULE_NAME** indicates it's **WwanUsbMP.sys** that caused the issue. Disconnecting the device and retrying the upgrade is a possible solution.
 
 ```console
 1: kd> !analyze -v
@@ -438,7 +480,7 @@ In this example, a non-Microsoft driver caused page fault, so we don’t have sy
 *******************************************************************************
 
 PAGE_FAULT_IN_NONPAGED_AREA (50)
-Invalid system memory was referenced.  This cannot be protected by try-except.
+Invalid system memory was referenced.  This can't be protected by try-except.
 Typically the address is just plain bad or it is pointing at freed memory.
 Arguments:
 Arg1: 8ba10000, memory referenced.
@@ -603,4 +645,4 @@ ReadVirtual: 812d1248 not properly sign extended
 
 ## References
 
-[Bug Check Code Reference](/windows-hardware/drivers/debugger/bug-check-code-reference2)
+[Bug check code reference](/windows-hardware/drivers/debugger/bug-check-code-reference2)
diff --git a/windows/client-management/troubleshoot-tcpip-connectivity.md b/windows/client-management/troubleshoot-tcpip-connectivity.md
index 77e524634d..56573160e6 100644
--- a/windows/client-management/troubleshoot-tcpip-connectivity.md
+++ b/windows/client-management/troubleshoot-tcpip-connectivity.md
@@ -10,6 +10,7 @@ ms.author: dansimp
 ms.date: 12/06/2018
 ms.reviewer: 
 manager: dansimp
+ms.collection: highpri
 ---
 
 # Troubleshoot TCP/IP connectivity
@@ -24,7 +25,7 @@ You might come across connectivity errors on the application end or timeout erro
  
 When you suspect that the issue is on the network, you collect a network trace. The network trace would then be filtered. During troubleshooting connectivity errors, you might come across TCP reset in a network capture that could indicate a network issue.  
  
-* TCP is defined as connection-oriented and reliable protocol. One of the ways in which TCP ensures reliability is through the handshake process. Establishing a TCP session would begin with a three-way handshake, followed by data transfer, and then a four-way closure. The four-way closure where both sender and receiver agree on closing the session is termed as *graceful closure*. After the 4-way closure, the server will allow 4 minutes of time (default), during which any pending packets on the network are to be processed, this is the TIME_WAIT state. After the TIME_WAIT state completes, all the resources allocated for this connection are released.  
+* TCP is defined as connection-oriented and reliable protocol. One of the ways in which TCP ensures reliability is through the handshake process. Establishing a TCP session would begin with a three-way handshake, followed by data transfer, and then a four-way closure. The four-way closure where both sender and receiver agree on closing the session is termed as *graceful closure*. After the four-way closure, the server will allow 4 minutes of time (default), during which any pending packets on the network are to be processed, this period is the TIME_WAIT state. After the TIME_WAIT state completes, all the resources allocated for this connection are released.  
  
 * TCP reset is an abrupt closure of the session; it causes the resources allocated to the connection to be immediately released and all other information about the connection is erased.  
  
@@ -32,67 +33,67 @@ When you suspect that the issue is on the network, you collect a network trace.
  
 A network trace on the source and the destination helps you to determine the flow of the traffic and see at what point the failure is observed.  
  
-The following sections describe some of the scenarios when you will see a RESET. 
+The following sections describe some of the scenarios when you'll see a RESET. 
  
 ## Packet drops
  
-When one TCP peer is sending out TCP packets for which there is no response received from the other end, the TCP peer would end up retransmitting the data and when there is no response received, it would end the session by sending an ACK RESET (this means that the application acknowledges whatever data is exchanged so far, but because of packet drop, the connection is closed).  
+When one TCP peer is sending out TCP packets for which there's no response received from the other end, the TCP peer would end up retransmitting the data and when there's no response received, it would end the session by sending an ACK RESET (thisACK RESET means that the application acknowledges whatever data is exchanged so far, but because of packet drop, the connection is closed).  
  
-The simultaneous network traces on source and destination will help you verify this behavior where on the source side you would see the packets being retransmitted and on the destination none of these packets are seen. This would mean, the network device between the source and destination is dropping the packets. 
+The simultaneous network traces on source and destination will help you verify this behavior where on the source side you would see the packets being retransmitted and on the destination none of these packets are seen. This scenario denotes that the network device between the source and destination is dropping the packets. 
  
 If the initial TCP handshake is failing because of packet drops, then you would see that the TCP SYN packet is retransmitted only three times. 
     
 Source side connecting on port 445:
 
-![Screenshot of frame summary in Network Monitor](images/tcp-ts-6.png)
+![Screenshot of frame summary in Network Monitor.](images/tcp-ts-6.png)
 
-Destination side: applying the same filter, you do not see any packets.
+Destination side: applying the same filter, you don't see any packets.
 
-![Screenshot of frame summary with filter in Network Monitor](images/tcp-ts-7.png)
+![Screenshot of frame summary with filter in Network Monitor.](images/tcp-ts-7.png)
 
 For the rest of the data, TCP will retransmit the packets five times.
 
 **Source 192.168.1.62 side trace:**
 
-![Screenshot showing packet side trace](images/tcp-ts-8.png)
+![Screenshot showing packet side trace.](images/tcp-ts-8.png)
 
 **Destination 192.168.1.2 side trace:**
      
-You would not see any of the above packets. Engage your network team to investigate with the different hops and see if any of them are potentially causing drops in the network.
+You wouldn't see any of the above packets. Engage your network team to investigate with the different hops and see if any of them are potentially causing drops in the network.
     
-If you are seeing that the SYN packets are reaching the destination, but the destination is still not responding, then verify if the port that you are trying to connect to is in the listening state. (Netstat output will help). If the port is listening and still there is no response, then there could be a wfp drop.  
+If you're seeing that the SYN packets are reaching the destination, but the destination is still not responding, then verify if the port that you're trying to connect to is in the listening state. (Netstat output will help). If the port is listening and still there's no response, then there could be a wfp drop.  
  
 ## Incorrect parameter in the TCP header
  
-You see this behavior when the packets are modified in the network by middle devices and TCP on the receiving end is unable to accept the packet, such as the sequence number being modified, or packets being replayed by middle device by changing the sequence number. Again, the simultaneous network trace on the source and destination will be able to tell you if any of the TCP headers are modified. Start by comparing the source trace and destination trace, you will be able to notice if there is a change in the packets itself or if any new packets are reaching the destination on behalf of the source.  
+You see this behavior when the packets are modified in the network by middle devices and TCP on the receiving end is unable to accept the packet, such as the sequence number being modified, or packets being replayed by middle device by changing the sequence number. Again, the simultaneous network trace on the source and destination will be able to tell you if any of the TCP headers are modified. Start by comparing the source trace and destination trace, you'll be able to notice if there's a change in the packets itself or if any new packets are reaching the destination on behalf of the source.  
  
 In this case, you'll again need help from the network team to identify any device that's modifying packets or replaying packets to the destination. The most common ones are RiverBed devices or WAN accelerators. 
  
      
 ## Application side reset
  
-When you have identified that the resets are not due to retransmits or incorrect parameter or packets being modified with the help of network trace, then you have narrowed it down to application level reset.
+When you've identified that the resets aren't due to retransmits or incorrect parameter or packets being modified with the help of network trace, then you've narrowed it down to application level reset.
     
-The application resets are the ones where you see the Acknowledgment flag set to `1` along with the reset flag. This would mean that the server is acknowledging the receipt of the packet but for some reason it will not accept the connection. This is when the application that received the packet did not like something it received.  
+The application resets are the ones where you see the Acknowledgment flag set to `1` along with the reset flag. This setting would mean that the server is acknowledging the receipt of the packet but for some reason it will not accept the connection. This stage is when the application that received the packet didn't like something it received.  
  
 In the below screenshots, you see that the packets seen on the source and the destination are the same without any modification or any drops, but you see an explicit reset sent by the destination to the source.
     
 **Source Side**
 
-![Screenshot of packets on source side in Network Monitor](images/tcp-ts-9.png)
+![Screenshot of packets on source side in Network Monitor.](images/tcp-ts-9.png)
 
 **On the destination-side trace** 
 
-![Screenshot of packets on destination side in Network Monitor](images/tcp-ts-10.png)
+![Screenshot of packets on destination side in Network Monitor.](images/tcp-ts-10.png)
 
-You also see an ACK+RST flag packet in a case when the TCP establishment packet SYN is sent out. The TCP SYN packet is sent when the client wants to connect on a particular port, but if the destination/server for some reason does not want to accept the packet, it would send an ACK+RST packet.  
+You also see an ACK+RST flag packet in a case when the TCP establishment packet SYN is sent out. The TCP SYN packet is sent when the client wants to connect on a particular port, but if the destination/server for some reason doesn't want to accept the packet, it would send an ACK+RST packet.  
 
-![Screenshot of packet flag](images/tcp-ts-11.png)
+![Screenshot of packet flag.](images/tcp-ts-11.png)
 
 The application that's causing the reset (identified by port numbers) should be investigated to understand what is causing it to reset the connection. 
  
 >[!Note]
->The above information is about resets from a TCP standpoint and not UDP. UDP is a connectionless protocol and the packets are sent unreliably. You would not see retransmission or resets when using UDP as a transport protocol. However, UDP makes use of ICMP as a error reporting protocol. When you have the UDP packet sent out on a port and the destination does not have port listed, you will see the destination sending out  **ICMP Destination host unreachable: Port unreachable** message immediately after the UDP packet
+>The above information is about resets from a TCP standpoint and not UDP. UDP is a connectionless protocol and the packets are sent unreliably. You wouldn't see retransmission or resets when using UDP as a transport protocol. However, UDP makes use of ICMP as a error reporting protocol. When you've the UDP packet sent out on a port and the destination does not have port listed, you'll see the destination sending out  **ICMP Destination host unreachable: Port unreachable** message immediately after the UDP packet
  
  
 ```
@@ -102,7 +103,7 @@ The application that's causing the reset (identified by port numbers) should be
 ```
  
  
-During the course of troubleshooting connectivity issue, you might also see in the network trace that a machine receives packets but does not respond to. In such cases, there could be a drop at the server level. To understand whether the local firewall is dropping the packet, enable the firewall auditing on the machine.
+During the troubleshooting connectivity issue, you might also see in the network trace that a machine receives packets but doesn't respond to. In such cases, there could be a drop at the server level. To understand whether the local firewall is dropping the packet, enable the firewall auditing on the machine.
  
 ```
 auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:enable /failure:enable
@@ -110,8 +111,8 @@ auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:enable /fai
  
 You can then review the Security event logs to see for a packet drop on a particular port-IP and a filter ID associated with it.
 
-![Screenshot of Event Properties](images/tcp-ts-12.png)
+![Screenshot of Event Properties.](images/tcp-ts-12.png)
 
-Now, run the command `netsh wfp show state`, this will generate a wfpstate.xml file. After you open this file and filter for the ID that you find in the above event (2944008), you'll be able to see a firewall rule name that's associated with this ID that's blocking the connection.
+Now, run the command `netsh wfp show state`, this execution will generate a wfpstate.xml file. After you open this file and filter for the ID that you find in the above event (2944008), you'll be able to see a firewall rule name that's associated with this ID that's blocking the connection.
 
-![Screenshot of wfpstate.xml file](images/tcp-ts-13.png)
+![Screenshot of wfpstate.xml file.](images/tcp-ts-13.png)
diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md
index b432191920..aed2257b4d 100644
--- a/windows/client-management/troubleshoot-tcpip-netmon.md
+++ b/windows/client-management/troubleshoot-tcpip-netmon.md
@@ -7,41 +7,42 @@ ms.topic: troubleshooting
 author: dansimp
 ms.localizationpriority: medium
 ms.author: dansimp
-ms.date: 12/06/2018
+ms.date: 01/27/2022
 ms.reviewer: 
 manager: dansimp
+ms.collection: highpri
 ---
 
 # Collect data using Network Monitor
 
-In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic.
+In this article, you'll learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic.
 
 > [!NOTE]
-> Network Monitor is the archived protocol analyzer and is no longer under development. **Microsoft Message Analyzer** is the replacement for Network Monitor. For more details, see [Microsoft Message Analyzer Operating Guide](/message-analyzer/microsoft-message-analyzer-operating-guide).
+> Network Monitor is the archived protocol analyzer and is no longer under development. Also, Microsoft Message Analyzer (MMA) was retired and its download packages were removed from microsoft.com sites on November 25, 2019. There is currently no Microsoft replacement for Microsoft Message Analyzer in development at this time.  For similar functionality, consider using another, non-Microsoft network protocol analyzer tool. For more information, see [Microsoft Message Analyzer Operating Guide](/message-analyzer/microsoft-message-analyzer-operating-guide).
 
 To get started, [download Network Monitor tool](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image:
 
-![Adapters](images/nm-adapters.png)
+![Adapters.](images/nm-adapters.png)
 
 When the driver gets hooked to the network interface card (NIC) during installation, the NIC is reinitialized, which might cause a brief network glitch.
 
 **To capture traffic**
 
-1. Run netmon in an elevated status by choosing Run as Administrator.
+1. Run netmon in an elevated status by choosing **Run as Administrator**.
 
-    ![Image of Start search results for Netmon](images/nm-start.png)
+    ![Image of Start search results for Netmon.](images/nm-start.png)
 
-2. Network Monitor opens with all network adapters displayed. Select the network adapters where you want to capture traffic, click **New Capture**, and then click **Start**.
+2. Network Monitor opens with all network adapters displayed. Select the network adapters where you want to capture traffic, click **New Capture**, and then select **Start**.
 
-    ![Image of the New Capture option on menu](images/tcp-ts-4.png)
+    ![Image of the New Capture option on menu.](images/tcp-ts-4.png)
 
-3. Reproduce the issue, and you will see that Network Monitor grabs the packets on the wire.
+3. Reproduce the issue, and you'll see that Network Monitor grabs the packets on the wire.
 
-    ![Frame summary of network packets](images/tcp-ts-5.png)
+    ![Frame summary of network packets.](images/tcp-ts-5.png)
 
 4. Select **Stop**, and go to **File > Save as** to save the results. By default, the file will be saved as a ".cap" file.
 
-The saved file has captured all the traffic that is flowing to and from the selected network adapters on the local computer. However, your interest is only to look into the traffic/packets that are related to the specific connectivity problem you are facing. So you will need to filter the network capture to see only the related traffic. 
+The saved file has captured all the traffic that is flowing to and from the selected network adapters on the local computer. However, your interest is only to look into the traffic/packets that are related to the specific connectivity problem you're facing. So you'll need to filter the network capture to see only the related traffic. 
  
 **Commonly used filters**
  
@@ -57,7 +58,7 @@ The saved file has captured all the traffic that is flowing to and from the sele
 >[!TIP]
 >If you want to filter the capture for a specific field and do not know the syntax for that filter, just right-click that field and select **Add *the selected value* to Display Filter**. 
  
-Network traces which are collected using the **netsh** commands built in to Windows are of the extension "ETL". However, these ETL files can be opened using Network Monitor for further analysis. 
+Network traces that are collected using the **netsh** commands built in to Windows are of the extension "ETL". However, these ETL files can be opened using Network Monitor for further analysis. 
 
 ## More information
 
@@ -66,4 +67,4 @@ Network traces which are collected using the **netsh** commands built in to Wind
 [Network Monitor Wireless Filtering](https://social.technet.microsoft.com/wiki/contents/articles/1900.network-monitor-wireless-filtering.aspx)
                  
 [Network Monitor TCP Filtering](https://social.technet.microsoft.com/wiki/contents/articles/1134.network-monitor-tcp-filtering.aspx)
                  
 [Network Monitor Conversation Filtering](https://social.technet.microsoft.com/wiki/contents/articles/1829.network-monitor-conversation-filtering.aspx)
                  
-[How to setup and collect network capture using Network Monitor tool](/archive/blogs/msindiasupp/how-to-setup-and-collect-network-capture-using-network-monitor-tool)
                  
\ No newline at end of file
+[How to setup and collect network capture using Network Monitor tool](/archive/blogs/msindiasupp/how-to-setup-and-collect-network-capture-using-network-monitor-tool)
                  
diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
index e41c64b649..938136edad 100644
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
@@ -7,9 +7,10 @@ ms.topic: troubleshooting
 author: dansimp
 ms.localizationpriority: medium
 ms.author: dansimp
-ms.date: 12/06/2018
+ms.date: 02/07/2022
 ms.reviewer: 
 manager: dansimp
+ms.collection: highpri
 ---
 
 # Troubleshoot port exhaustion issues
@@ -18,16 +19,16 @@ TCP and UDP protocols work based on port numbers used for establishing connectio
  
 There are two types of ports:
 
-- *Ephemeral ports*, which are usually dynamic ports, are the set of ports that every machine by default will have them to make an outbound connection.
+- *Ephemeral ports*, which are dynamic ports, are the set of ports that every machine by default will have them to make an outbound connection.
 - *Well-known ports* are the defined port for a particular application or service. For example, file server service is on port 445, HTTPS is 443, HTTP is 80, and RPC is 135. Custom application will also have their defined port numbers.
  
-Clients when connecting to an application or service will make use of an ephemeral port from its machine to connect to a well-known port defined for that application or service. A browser on a client machine will use an ephemeral port to connect to https://www.microsoft.com on port 443.
+When a connection is being established with an application or service, client devices use an ephemeral port from the device to connect to a well-known port defined for that application or service. A browser on a client machine will use an ephemeral port to connect to `https://www.microsoft.com` on port 443.
  
-In a scenario where the same browser is creating a lot of connections to multiple website, for any new connection that the browser is attempting, an ephemeral port is used. After some time, you will notice that the connections will start to fail and one high possibility for this would be because the browser has used all the available ports to make connections outside and any new attempt to establish a connection will fail as there are no more ports available. When all the ports are on a machine are used, we term it as *port exhaustion*. 
+In a scenario where the same browser is creating many connections to multiple websites, for any new connection that the browser is attempting, an ephemeral port is used. After some time, you'll notice that the connections will start to fail and one high possibility for this failure would be because the browser has used all the available ports to make connections outside and any new attempt to establish a connection will fail as there are no more ports available. When all the ports on a machine are used, we term it as *port exhaustion*. 
  
 ## Default dynamic port range for TCP/IP
  
-To comply with [Internet Assigned Numbers Authority (IANA)](http://www.iana.org/assignments/port-numbers) recommendations, Microsoft has increased the dynamic client port range for outgoing connections. The new default start port is **49152**, and the new default end port is **65535**. This is a change from the configuration of earlier versions of Windows that used a default port range of **1025** through **5000**. 
+To comply with [Internet Assigned Numbers Authority (IANA)](http://www.iana.org/assignments/port-numbers) recommendations, Microsoft has increased the dynamic client port range for outgoing connections. The new default start port is **49152**, and the new default end port is **65535**. This increase is a change from the configuration of earlier versions of Windows that used a default port range of **1025** through **5000**. 
  
 You can view the dynamic port range on a computer by using the following netsh commands: 
 
@@ -39,7 +40,7 @@ You can view the dynamic port range on a computer by using the following netsh c
 
 The range is set separately for each transport (TCP or UDP). The port range is now a range that has a starting point and an ending point. Microsoft customers who deploy servers that are running Windows Server may have problems that affect RPC communication between servers if firewalls are used on the internal network. In these situations, we recommend that you reconfigure the firewalls to allow traffic between servers in the dynamic port range of **49152** through **65535**. This range is in addition to well-known ports that are used by services and applications. Or, the port range that is used by the servers can be modified on each server. You adjust this range by using the netsh command, as follows. The above command sets the dynamic port range for TCP. 
  
-```cmd
+```console
 netsh int  set dynamic  start=number num=range
 ```
  
@@ -50,27 +51,27 @@ The start port is number, and the total number of ports is range. The following
 - `netsh int ipv6 set dynamicport tcp start=10000 num=1000`
 - `netsh int ipv6 set dynamicport udp start=10000 num=1000`
  
-These sample commands set the dynamic port range to start at port 10000 and to end at port 10999 (1000 ports). The minimum range of ports that can be set is 255. The minimum start port that can be set is 1025. The maximum end port (based on the range being configured) cannot exceed 65535. To duplicate the default behavior of Windows Server 2003, use 1025 as the start port, and then use 3976 as the range for both TCP and UDP. This results in a start port of 1025 and an end port of 5000.
+These sample commands set the dynamic port range to start at port 10000 and to end at port 10999 (1000 ports). The minimum range of ports that can be set is 255. The minimum start port that can be set is 1025. The maximum end port (based on the range being configured) can't exceed 65535. To duplicate the default behavior of Windows Server 2003, use 1025 as the start port, and then use 3976 as the range for both TCP and UDP. This usage pattern results in a start port of 1025 and an end port of 5000.
  
-Specifically, about outbound connections as incoming connections will not require an Ephemeral port for accepting connections.
+Specifically, about outbound connections as incoming connections won't require an Ephemeral port for accepting connections.
  
-Since outbound connections start to fail, you will see a lot of the below behaviors:
+Since outbound connections start to fail, you'll see many instances of the below behaviors:
  
-- Unable to sign in to the machine with domain credentials, however sign-in with local account works. Domain sign-in will require you to contact the DC for authentication which is again an outbound connection. If you have cache credentials set, then domain sign-in might still work.
+- Unable to sign in to the machine with domain credentials, however sign-in with local account works. Domain sign in will require you to contact the DC for authentication, which is again an outbound connection. If you've cache credentials set, then domain sign-in might still work.
 
-    ![Screenshot of error for NETLOGON in Event Viewer](images/tcp-ts-14.png)
+    :::image type="content" alt-text="Screenshot of error for NETLOGON in Event Viewer." source="images/tcp-ts-14.png" lightbox="images/tcp-ts-14.png":::
 
 - Group Policy update failures:
 
-    ![Screenshot of event properties for Group Policy failure](images/tcp-ts-15.png)
+    ![Screenshot of event properties for Group Policy failure.](images/tcp-ts-15.png)
 
 - File shares are inaccessible:
 
-    ![Screenshot of error message "Windows cannot access"](images/tcp-ts-16.png)
+    ![Screenshot of error message "Windows cannot access."](images/tcp-ts-16.png)
 
 - RDP from the affected server fails:
 
-    ![Screenshot of error when Remote Desktop is unable to connect](images/tcp-ts-17.png)
+    ![Screenshot of error when Remote Desktop is unable to connect.](images/tcp-ts-17.png)
 
 - Any other application running on the machine will start to give out errors
 
@@ -78,40 +79,40 @@ Reboot of the server will resolve the issue temporarily, but you would see all t
 
 If you suspect that the machine is in a state of port exhaustion: 
  
-1. Try making an outbound connection. From the server/machine, access a remote share or try an RDP to another server or telnet to a server on a port. If the outbound connection fails for all of these, go to the next step.
+1. Try making an outbound connection. From the server/machine, access a remote share or try an RDP to another server or telnet to a server on a port. If the outbound connection fails for all of these options, go to the next step.
 
-2. Open event viewer and under the system logs, look for the events which clearly indicate the current state: 
+2. Open event viewer and under the system logs, look for the events that clearly indicate the current state: 
 
-    a.	**Event ID 4227**
+    1. **Event ID 4227**
 
-    ![Screenshot of event id 4227 in Event Viewer](images/tcp-ts-18.png)
+       :::image type="content" alt-text="Screenshot of event ID 4227 in Event Viewer." source="images/tcp-ts-18.png" lightbox="images/tcp-ts-18.png":::
 
-    b.	**Event ID 4231**
+    1. **Event ID 4231**
 
-    ![Screenshot of event id 4231 in Event Viewer](images/tcp-ts-19.png)
+       :::image type="content" alt-text="Screenshot of event ID 4231 in Event Viewer." source="images/tcp-ts-19.png" lightbox="images/tcp-ts-19.png":::
 
-3. Collect a `netstat -anob output` from the server. The netstat output will show you a huge number of entries for TIME_WAIT state for a single PID.
+3. Collect a `netstat -anob` output from the server. The netstat output will show you a huge number of entries for TIME_WAIT state for a single PID.
 
-    ![Screenshot of netstate command output](images/tcp-ts-20.png)
+    ![Screenshot of netstate command output.](images/tcp-ts-20.png)
 
-After a graceful closure or an abrupt closure of a session, after a period of 4 minutes (default), the port used the process or application would be released back to the available pool. During this 4 minutes, the TCP connection state will be TIME_WAIT state. In a situation where you suspect port exhaustion, an application or process will not be able to release all the ports that it has consumed and will remain in the TIME_WAIT state.
- 
-You may also see CLOSE_WAIT state connections in the same output, however CLOSE_WAIT state is a state when one side of the TCP peer has no more data to send (FIN sent) but is able to receive data from the other end. This state does not necessarily indicate port exhaustion.
- 
->[!Note]
->Having huge connections in TIME_WAIT state does not always indicate that the server is currently out of ports unless the first two points are verified. Having lot of TIME_WAIT connections does indicate that the process is creating lot of TCP connections and may eventually lead to port exhaustion.
->
->Netstat has been updated in Windows 10 with the addition of the **-Q** switch to show ports that have transitioned out of time wait as in the BOUND state.  An update for Windows 8.1 and Windows Server 2012 R2 has been released that contains this functionality. The PowerShell cmdlet `Get-NetTCPConnection` in Windows 10 also shows these BOUND ports.
->
->Until 10/2016, netstat was inaccurate. Fixes for netstat, back-ported to 2012 R2, allowed Netstat.exe and Get-NetTcpConnection to correctly report TCP or UDP port usage in Windows Server 2012 R2. See [Windows Server 2012 R2: Ephemeral ports hotfixes](https://support.microsoft.com/help/3123245/update-improves-port-exhaustion-identification-in-windows-server-2012) to learn more.
+    After a graceful closure or an abrupt closure of a session, after a period of 4 minutes (default), the port used by the process or application would be released back to the available pool. During this 4 minutes, the TCP connection state will be TIME_WAIT state. In a situation where you suspect port exhaustion, an application or process won't be able to release all the ports that it has consumed and will remain in the TIME_WAIT state.
+     
+    You might also see CLOSE_WAIT state connections in the same output; however, CLOSE_WAIT state is a state when one side of the TCP peer has no more data to send (FIN sent) but is able to receive data from the other end. This state doesn't necessarily indicate port exhaustion.
+     
+    > [!Note]
+    > Having huge connections in TIME_WAIT state doesn't always indicate that the server is currently out of ports unless the first two points are verified. Having lot of TIME_WAIT connections does indicate that the process is creating lot of TCP connections and may eventually lead to port exhaustion.
+    >
+    > Netstat has been updated in Windows 10 with the addition of the **-Q** switch to show ports that have transitioned out of time wait as in the BOUND state.  An update for Windows 8.1 and Windows Server 2012 R2 has been released that contains this functionality. The PowerShell cmdlet `Get-NetTCPConnection` in Windows 10 also shows these BOUND ports.
+    >
+    > Until 10/2016, netstat was inaccurate. Fixes for netstat, back-ported to 2012 R2, allowed Netstat.exe and Get-NetTcpConnection to correctly report TCP or UDP port usage in Windows Server 2012 R2. See [Windows Server 2012 R2: Ephemeral ports hotfixes](https://support.microsoft.com/help/3123245/update-improves-port-exhaustion-identification-in-windows-server-2012) to learn more.
  
 4. Open a command prompt in admin mode and run the below command
 
-   ```cmd
+   ```console
    Netsh trace start scenario=netconnection capture=yes tracefile=c:\Server.etl
    ```
 
-5. Open the server.etl file with [Network Monitor](troubleshoot-tcpip-netmon.md) and in the filter section, apply the filter **Wscore_MicrosoftWindowsWinsockAFD.AFD_EVENT_BIND.Status.LENTStatus.Code == 0x209**. You should see entries which say **STATUS_TOO_MANY_ADDRESSES**. If you do not find any entries, then the server is still not out of ports. If you find them, then you can confirm that the server is under port exhaustion.
+5. Open the server.etl file with [Network Monitor](troubleshoot-tcpip-netmon.md) and in the filter section, apply the filter **Wscore_MicrosoftWindowsWinsockAFD.AFD_EVENT_BIND.Status.LENTStatus.Code == 0x209**. You should see entries that say **STATUS_TOO_MANY_ADDRESSES**. If you don't find any entries, then the server is still not out of ports. If you find them, then you can confirm that the server is under port exhaustion.
  
 ## Troubleshoot Port exhaustion
  
@@ -119,30 +120,30 @@ The key is to identify which process or application is using all the ports. Belo
  
 ### Method 1
 
-Start by looking at the netstat output. If you are using Windows 10 or Windows Server 2016, then you can run the command `netstat -anobq` and check for the process ID which has maximum entries as BOUND. Alternately, you can also run the below Powershell command to identify the process:
+Start by looking at the netstat output. If you're using Windows 10 or Windows Server 2016, then you can run the command `netstat -anobq` and check for the process ID that has maximum entries as BOUND. Alternately, you can also run the below PowerShell command to identify the process:
 
-```Powershell
+```powershell
 Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Select -Property Count, Name, @{Name="ProcessName";Expression={(Get-Process -PID ($_.Name.Split(',')[-1].Trim(' '))).Name}}, Group | Sort Count -Descending 
 ```
 
-Most port leaks are caused by user-mode processes not correctly closing the ports when an error was encountered. At the user-mode level ports (actually sockets) are handles. Both **TaskManager** and **ProcessExplorer** are able to display handle counts which allows you to identify which process is consuming all of the ports.
+Most port leaks are caused by user-mode processes not correctly closing the ports when an error was encountered. At the user-mode level, ports (actually sockets) are handles. Both **TaskManager** and **ProcessExplorer** are able to display handle counts, which allows you to identify which process is consuming all of the ports.
  
-For Windows 7 and Windows Server 2008 R2, you can update your Powershell version to include the above cmdlet. 
+For Windows 7 and Windows Server 2008 R2, you can update your PowerShell version to include the above cmdlet. 
  
 ### Method 2
 
-If method 1 does not help you identify the process (prior to Windows 10 and Windows Server 2012 R2), then have a look at Task Manager: 
+If method 1 doesn't help you identify the process (prior to Windows 10 and Windows Server 2012 R2), then have a look at Task Manager: 
 
 1. Add a column called “handles” under details/processes.
 2. Sort the column handles to identify the process with the highest number of handles. Usually the process with handles greater than 3000 could be the culprit except for processes like System, lsass.exe, store.exe, sqlsvr.exe.
 
-    ![Screenshot of handles column in Windows Task Maner](images/tcp-ts-21.png)
+    ![Screenshot of handles column in Windows Task Maner.](images/tcp-ts-21.png)
 
-3. If any other process than these has a higher number, stop that process and then try to login using domain credentials and see if it succeeds.
+3. If any other process than these processes has a higher number, stop that process and then try to sign in using domain credentials and see if it succeeds.
  
 ### Method 3
 
-If Task Manager did not help you identify the process, then use Process Explorer to investigate the issue.
+If Task Manager didn't help you identify the process, then use Process Explorer to investigate the issue.
  
 Steps to use Process explorer: 
 
@@ -157,26 +158,26 @@ Steps to use Process explorer:
     
     File   \Device\AFD
 
-    ![Screenshot of Process Explorer](images/tcp-ts-22.png)
+    :::image type="content" alt-text="Screenshot of Process Explorer." source="images/tcp-ts-22.png" lightbox="images/tcp-ts-22.png":::
 
-10. Some are normal, but large numbers of them are not (hundreds to thousands). Close the process in question. If that restores outbound connectivity, then you have further proven that the app is the cause. Contact the vendor of that app.
+10. Some are normal, but large numbers of them aren't (hundreds to thousands). Close the process in question. If that restores outbound connectivity, then you've further proven that the app is the cause. Contact the vendor of that app.
  
-Finally, if the above methods did not help you isolate the process, we suggest you collect a complete memory dump of the machine in the issue state. The dump will tell you which process has the maximum handles.
+Finally, if the above methods didn't help you isolate the process, we suggest you collect a complete memory dump of the machine in the issue state. The dump will tell you which process has the maximum handles.
  
-As a workaround, rebooting the computer will get the it back in normal state and would help you resolve the issue for the time being. However, when a reboot is impractical, you can also consider increasing the number of ports on the machine using the below commands:
+As a workaround, rebooting the computer will get it back in normal state and would help you resolve the issue for the time being. However, when a reboot is impractical, you can also consider increasing the number of ports on the machine using the below commands:
 
-```cmd
+```console
 netsh int ipv4 set dynamicport tcp start=10000 num=1000
 ```
 
-This will set the dynamic port range to start at port 10000 and to end at port 10999 (1000 ports). The minimum range of ports that can be set is 255. The minimum start port that can be set is 1025. The maximum end port (based on the range being configured) cannot exceed 65535.
+This command will set the dynamic port range to start at port 10000 and to end at port 10999 (1000 ports). The minimum range of ports that can be set is 255. The minimum start port that can be set is 1025. The maximum end port (based on the range being configured) can't exceed 65535.
  
 >[!NOTE]
->Note that increasing the dynamic port range is not a permanent solution but only temporary. You will need to track down which process/processors are consuming max number of ports and troubleshoot from that process standpoint as to why its consuming such high number of ports. 
+>Note that increasing the dynamic port range is not a permanent solution but only temporary. You'll need to track down which process/processors are consuming max number of ports and troubleshoot from that process standpoint as to why it's consuming such high number of ports. 
 
 For Windows 7 and Windows Server 2008 R2, you can use the below script to collect the netstat output at defined frequency. From the outputs, you can see the port usage trend.
 
-```
+```console
 @ECHO ON
 set v=%1
 :loop
@@ -195,5 +196,5 @@ goto loop
 ## Useful links
 
 - [Port Exhaustion and You!](/archive/blogs/askds/port-exhaustion-and-you-or-why-the-netstat-tool-is-your-friend) - this article gives a detail on netstat states and how you can use netstat output to determine the port status
+- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script that will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10 and Windows 11)
 
-- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10)
\ No newline at end of file
diff --git a/windows/client-management/troubleshoot-tcpip-rpc-errors.md b/windows/client-management/troubleshoot-tcpip-rpc-errors.md
index 37b4dfa002..ed7f973fef 100644
--- a/windows/client-management/troubleshoot-tcpip-rpc-errors.md
+++ b/windows/client-management/troubleshoot-tcpip-rpc-errors.md
@@ -10,15 +10,16 @@ ms.author: dansimp
 ms.date: 12/06/2018
 ms.reviewer: 
 manager: dansimp
+ms.collection: highpri
 ---
 
 # Troubleshoot Remote Procedure Call (RPC) errors
 
 You might encounter an **RPC server unavailable** error when connecting to Windows Management Instrumentation (WMI), SQL Server, during a remote connection, or for some Microsoft Management Console (MMC) snap-ins. The following image is an example of an RPC error.
 
-![The following error has occurred: the RPC server is unavailable](images/rpc-error.png)
+![The following error has occurred: the RPC server is unavailable.](images/rpc-error.png)
 
-This is a commonly encountered error message in the networking world and one can lose hope very fast without trying to understand much, as to what is happening ‘under the hood’. 
+This message is a commonly encountered error message in the networking world and one can lose hope fast without trying to understand much, as to what is happening ‘under the hood’. 
 
 Before getting in to troubleshooting the *RPC server unavailable- error, let’s first understand basics about the error. There are a few important terms to understand:
 
@@ -28,7 +29,7 @@ Before getting in to troubleshooting the *RPC server unavailable- error
 - UUID – a well-known GUID that identifies the RPC application. The UUID is what you use to see a specific kind of RPC application conversation, as there are likely to be many.
 - Opnum – the identifier of a function that the client wants the server to execute. It’s just a hexadecimal number, but a good network analyzer will translate the function for you. If neither knows, your application vendor must tell you.
 - Port – the communication endpoints for the client and server applications.
-- Stub data – the information given to functions and data exchanged between the client and server. This is the payload, the important part.
+- Stub data – the information given to functions and data exchanged between the client and server. This data is the payload, the important part.
  
 >[!Note]
 > A lot of the above information is used in troubleshooting, the most important is the Dynamic RPC port number you get while talking to EPM.
@@ -37,7 +38,7 @@ Before getting in to troubleshooting the *RPC server unavailable- error
 
 Client A wants to execute some functions or wants to make use of a service running on the remote server, will first establish the connection with the Remote Server by doing a three-way handshake.  
 
-![Diagram illustrating connection to remote server](images/rpc-flow.png)
+:::image type="content" alt-text="Diagram illustrating connection to remote server." source="images/rpc-flow.png" lightbox="images/rpc-flow.png":::
 
 RPC ports can be given from a specific range as well.
 ### Configure RPC dynamic port allocation
@@ -46,10 +47,10 @@ Remote Procedure Call (RPC) dynamic port allocation is used by server applicatio
  
 Customers using firewalls may want to control which ports RPC is using so that their firewall router can be configured to forward only these Transmission Control Protocol (UDP and TCP) ports. Many RPC servers in Windows let you specify the server port in custom configuration items such as registry entries. When you can specify a dedicated server port, you know what traffic flows between the hosts across the firewall, and you can define what traffic is allowed in a more directed manner.
  
-As a server port, please choose a port outside of the range you may want to specify below. You can find a comprehensive list of server ports that are used in Windows and major Microsoft products in the article [Service overview and network port requirements for Windows](https://support.microsoft.com/help/832017).
+As a server port, choose a port outside of the range you may want to specify below. You can find a comprehensive list of server ports that are used in Windows and major Microsoft products in the article [Service overview and network port requirements for Windows](/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements).
 The article also lists the RPC servers and which RPC servers can be configured to use custom server ports beyond the facilities the RPC runtime offers. 
  
-Some firewalls also allow for UUID filtering where it learns from a RPC Endpoint Mapper request for a RPC interface UUID. The response has the server port number, and a subsequent RPC Bind on this port is then allowed to pass.
+Some firewalls also allow for UUID filtering where it learns from an RPC Endpoint Mapper request for an RPC interface UUID. The response has the server port number, and a subsequent RPC Bind on this port is then allowed to pass.
  
 With Registry Editor, you can modify the following parameters for RPC. The RPC Port key values discussed below are all located in the following key in the registry:
  
@@ -57,11 +58,11 @@ With Registry Editor, you can modify the following parameters for RPC. The RPC P
 
 **Ports REG_MULTI_SZ**
  
-- Specifies a set of IP port ranges consisting of either all the ports available from the Internet or all the ports not available from the Internet. Each string represents a single port or an inclusive set of ports. For example, a single port may be represented by **5984**, and a set of ports may be represented by **5000-5100**. If any entries are outside the range of 0 to 65535, or if any string cannot be interpreted, the RPC runtime treats the entire configuration as invalid.
+- Specifies a set of IP port ranges consisting of either all the ports available from the Internet or all the ports not available from the Internet. Each string represents a single port or an inclusive set of ports. For example, a single port may be represented by **5984**, and a set of ports may be represented by **5000-5100**. If any entries are outside the range of 0 to 65535, or if any string can't be interpreted, the RPC runtime treats the entire configuration as invalid.
  
 **PortsInternetAvailable REG_SZ Y or N (not case-sensitive)**
  
-- If Y, the ports listed in the Ports key are all the Internet-available ports on that computer. If N, the ports listed in the Ports key are all those ports that are not Internet-available.
+- If Y, the ports listed in the Ports key are all the Internet-available ports on that computer. If N, the ports listed in the Ports key are all those ports that aren't Internet-available.
  
 **UseInternetPorts REG_SZ ) Y or N (not case-sensitive)**
  
@@ -71,7 +72,7 @@ With Registry Editor, you can modify the following parameters for RPC. The RPC P
  
 **Example:**
 
-In this example ports 5000 through 6000 inclusive have been arbitrarily selected to help illustrate how the new registry key can be configured. This is not a recommendation of a minimum number of ports needed for any particular system.
+In this example, ports 5000 through 6000 inclusive have been arbitrarily selected to help illustrate how the new registry key can be configured. This example isn't a recommendation of a minimum number of ports needed for any particular system.
 
 1. Add the Internet key under: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
 
@@ -100,22 +101,22 @@ You should open up a range of ports above port 5000. Port numbers below 5000 may
 >Description:
 >The Netlogon service could not add the AuthZ RPC interface. The service was terminated. The following error occurred: 'The parameter is incorrect.'
  
-If you would like to do a deep dive as to how it works, see [RPC over IT/Pro](https://blogs.technet.microsoft.com/askds/2012/01/24/rpc-over-itpro/).
+If you would like to do a deep dive as to how it works, see [RPC over IT/Pro](https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/rpc-over-it-pro/ba-p/399898).
  
  
 ## Troubleshooting RPC error
  
 ### PortQuery
 
-The best thing to always troubleshoot RPC issues before even getting in to traces is by making use of tools like **PortQry**. You can quickly determine if you are able to make a connection by running the command:
+The best thing to always troubleshoot RPC issues before even getting in to traces is by making use of tools like **PortQry**. You can quickly determine if you're able to make a connection by running the command:
 
-```cmd
+```console
 Portqry.exe -n  -e 135
 ``` 
  
-This would give you a lot of output to look for, but you should be looking for *ip_tcp- and the port number in the brackets, which tells whether you were successfully able to get a dynamic port from EPM and also make a connection to it. If the above fails, you can typically start collecting simultaneous network traces. Something like this from the output of “PortQry”:
+This command would give you much of the output to look for, but you should be looking for *ip_tcp- and the port number in the brackets, which tells whether you were successfully able to get a dynamic port from EPM and also make a connection to it. If the above fails, you can typically start collecting simultaneous network traces. Something like this from the output of “PortQry”:
 
-```cmd 
+```console
 Portqry.exe -n 169.254.0.2 -e 135
 ```
 Partial output below:
@@ -137,20 +138,23 @@ The one in bold is the ephemeral port number that you made a connection to succe
  
 ### Netsh
 
-You can run the commands below to leverage Windows inbuilt netsh captures, to collect a simultaneous trace. Remember to execute the below on an “Admin CMD”, it requires elevation.
+You can run the commands below to use Windows inbuilt netsh captures, to collect a simultaneous trace. Remember to execute the below on an “Admin CMD”, it requires elevation.
  
 - On the client
-  ```cmd
+
+  ```console
   Netsh trace start scenario=netconnection capture=yes tracefile=c:\client_nettrace.etl maxsize=512 overwrite=yes report=yes
   ```
  
 - On the Server
-  ```cmd
+
+  ```console
   Netsh trace start scenario=netconnection capture=yes tracefile=c:\server_nettrace.etl maxsize=512 overwrite=yes report=yes
   ```
 
 Now try to reproduce your issue from the client machine and as soon as you feel the issue has been reproduced, go ahead and stop the traces using the command
-```cmd
+
+```console
 Netsh trace stop
 ```
 
@@ -160,30 +164,30 @@ Open the traces in [Microsoft Network Monitor 3.4](troubleshoot-tcpip-netmon.md)
 
 - Look for the “EPM” Protocol Under the “Protocol” column.
 
-- Now check if you are getting a response from the server. If you get a response, note the dynamic port number that you have been allocated to use.
+- Now check if you're getting a response from the server. If you get a response, note the dynamic port number that you've been allocated to use.
 
-    ![Screenshot of Network Monitor with dynamic port highlighted](images/tcp-ts-23.png)
+  :::image type="content" alt-text="Screenshot of Network Monitor with dynamic port highlighted." source="images/tcp-ts-23.png" lightbox="images/tcp-ts-23.png":::
 
-- Check if we are connecting successfully to this Dynamic port successfully.
+- Check if we're connecting successfully to this Dynamic port successfully.
 
 - The filter should be something like this: `tcp.port==` and `ipv4.address==` 
 
-    ![Screenshot of Network Monitor with filter applied](images/tcp-ts-24.png)
+  :::image type="content" alt-text="Screenshot of Network Monitor with filter applied." source="images/tcp-ts-24.png" lightbox="images/tcp-ts-24.png":::
 
-This should help you verify the connectivity and isolate if any network issues are seen.
+This filter should help you verify the connectivity and isolate if any network issues are seen.
 
 
 ### Port not reachable
 
-The most common reason why we would see the RPC server unavailable is when the dynamic port that the client tries to connect is not reachable. The client side trace would then show TCP SYN retransmits for the dynamic port.
+The most common reason why we would see the RPC server unavailable is when the dynamic port that the client tries to connect isn't reachable. The client side trace would then show TCP SYN retransmits for the dynamic port.
  
-![Screenshot of Network Monitor with TCP SYN retransmits](images/tcp-ts-25.png)
+:::image type="content" alt-text="Screenshot of Network Monitor with TCP SYN retransmits." source="images/tcp-ts-25.png" lightbox="images/tcp-ts-25.png":::
  
-The port cannot be reachable due to one of the following reasons:
+The port can't be reachable due to one of the following reasons:
 
 - The dynamic port range is blocked on the firewall in the environment. 
 - A middle device is dropping the packets. 
-- The destination server is dropping the packets (WFP drop / NIC drop/ Filter driver etc).
+- The destination server is dropping the packets (WFP drop / NIC drop/ Filter driver etc.).
 
 
 
diff --git a/windows/client-management/troubleshoot-tcpip.md b/windows/client-management/troubleshoot-tcpip.md
index 48a95cd4e0..1ffd3f1dc2 100644
--- a/windows/client-management/troubleshoot-tcpip.md
+++ b/windows/client-management/troubleshoot-tcpip.md
@@ -17,6 +17,9 @@ manager: dansimp
 In these topics, you will learn how to troubleshoot common problems in a TCP/IP network environment.
 
 - [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md)
+- [Part 1: TCP/IP performance overview](/troubleshoot/windows-server/networking/overview-of-tcpip-performance)
+- [Part 2: TCP/IP performance underlying network issues](/troubleshoot/windows-server/networking/troubleshooting-tcpip-performance-underlying-network)
+- [Part 3: TCP/IP performance known issues](/troubleshoot/windows-server/networking/tcpip-performance-known-issues)
 - [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md)
 - [Troubleshoot port exhaustion issues](troubleshoot-tcpip-port-exhaust.md)
 - [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md)
diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md
index 3b6738986f..9820130606 100644
--- a/windows/client-management/troubleshoot-windows-freeze.md
+++ b/windows/client-management/troubleshoot-windows-freeze.md
@@ -1,287 +1,257 @@
 --- 
-title: Advanced troubleshooting for Windows-based computer freeze issues 
-ms.reviewer: 
-manager: dansimp
+title: Advanced troubleshooting for Windows freezes
 description: Learn how to troubleshoot computer freeze issues on Windows-based computers and servers. Also, you can learn how to diagnose, identify, and fix these issues.
 ms.prod: w10 
-ms.mktglfcycl: 
-ms.sitesec: library 
+ms.technology: windows
 ms.topic: troubleshooting 
-author: dansimp
+author: aczechowski
+ms.author: aaroncz
+manager: dougeby
+ms.reviewer: 
 ms.localizationpriority: medium 
-ms.author: dansimp
+ms.collection: highpri
 --- 
 
-# Advanced troubleshooting for Windows-based computer freeze issues 
+# Advanced troubleshooting for Windows freezes
 
-This article describes how to troubleshoot freeze issues on Windows-based computers and servers. It also provides methods for collecting data that will help administrators or software developers diagnose, identify, and fix these issues. 
+This article describes how to troubleshoot freeze issues on Windows-based computers and servers. It also provides methods for collecting data that will help administrators or software developers diagnose, identify, and fix these issues.
 
 > [!NOTE]
-> The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. 
+> The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
 
-## Identify the problem  
+## Identify the problem
 
-*   Which computer is freezing? (Example: The impacted computer is a physical server, virtual server, and so on.) 
-*   What operation was being performed when the freezes occurred? (Example: This issue occurs when you shut down GUI, perform one or more operations, and so on.) 
-*   How often do the errors occur? (Example: This issue occurs every night at 7 PM, every day around 7 AM, and so on.) 
-*   On how many computers does this occur? (Example: All computers, only one computer, 10 computers, and so on.) 
+- Which computer is freezing? For example, the affected computer is a physical server or a virtual server.
+- What operation happened when it froze? For example, this issue occurs when you shut down.
+- How often do the errors occur? For example, this issue occurs every night at 7 PM.
+- On how many computers does this freeze occur? For example, all computers or only one computer.
 
-## Troubleshoot the freeze issues  
+## Troubleshoot the freeze issues
 
-To troubleshoot the freeze issues, check the current status of your computer, and follow one of the following methods. 
+To troubleshoot the freeze issues, check the current status of your computer, and follow one of the following methods.
 
-### For the computer that's still running in a frozen state 
+### For the computer that's still running in a frozen state
 
-If the physical computer or the virtual machine is still freezing, use one or more of the following methods for troubleshooting: 
+If the physical computer or the virtual machine is still freezing, use one or more of the following methods for troubleshooting:
 
-*   Try to access the computer through Remote Desktop, Citrix, and so on. 
-*   Use the domain account or local administrator account to log on the computer by using one of the Remote Physical Console Access features, such as Dell Remote Access Card (DRAC), HP Integrated Lights-Out (iLo), or IBM Remote supervisor adapter (RSA). 
-*   Test ping to the computer. Packet dropping and high network latency may be observed. 
-*   Access administrative shares (\\\\**ServerName**\\c$). 
-*   Press Ctrl + Alt + Delete command and check response. 
-*   Try to use Remote Admin tools such as Computer Management, remote Server Manager, and Wmimgmt.msc.   
+- Try to access the computer through a remote desktop connection.
+- Use a domain account or local administrator account to sign in to the computer with the hardware manufacturer's remote access solution. For example, Dell Remote Access Card (DRAC), HP Integrated Lights-Out (iLo), or IBM Remote supervisor adapter (RSA).
+- Test ping to the computer. Look for dropped packets and high network latency.
+- Access administrative shares, for example `\\ServerName\c$`.
+- Press **Ctrl** + **Alt** + **Delete** and check the response.
+- Try to use Windows remote administration tools. For example, Computer Management, Server Manager, and Wmimgmt.msc.
 
-### For the computer that is no longer frozen 
+### For the computer that's no longer frozen
 
-If the physical computer or virtual machine froze but is now running in a good state, use one or more of the following methods for troubleshooting.  
+If the physical computer or virtual machine froze, but is now running in a good state, use one or more of the following methods for troubleshooting.
 
-#### For a physical computer 
+#### For a physical computer
 
-*   Review the System and Application logs from the computer that is having the issue. Check the event logs for the relevant Event ID:
+- Review the System and Application logs from the computer that's having the issue. Check the event logs for the relevant Event ID:
 
-    - Application event log : Application Error (suggesting Crash or relevant System Process)
-    - System Event logs, Service Control Manager Error event IDs for Critical System Services
-    - Error Event IDs 2019/2020 with source Srv/Server
+  - Application event log: Application Error, which suggests a crash or relevant system process
+  - System Event logs, Service Control Manager Error event IDs for critical system services
+  - Error Event IDs 2019/2020 with source Srv/Server
 
-*   Generate a System Diagnostics report by running the perfmon /report command. 
+- Generate a System Diagnostics report by running `perfmon /report`.
 
-#### For a virtual machine 
+#### For a virtual machine
 
-*   Review the System and Application logs from the computer that is having the issue.  
-*   Generate a System Diagnostics report by running the perfmon /report command. 
-*   Check history in virtual management monitoring tools. 
+- Review the System and Application logs from the computer that is having the issue.
+- Generate a System Diagnostics report by running `perfmon /report`.
+- Check the system's history in virtual management monitoring tools.
 
+## Collect data for the freeze issues
 
-## Collect data for the freeze issues 
+To collect data for a server freeze, check the following table, and use one or more of the suggested methods.
 
-To collect data for a server freeze, check the following table, and use one or more of the suggested methods. 
+|Computer type and state    |Data collection method |
+|-------------------------|--------------------|
+|A physical computer that's running in a frozen state|[Use a memory dump file to collect data](#use-memory-dump-to-collect-data-for-the-physical-computer-thats-running-in-a-frozen-state). Or use method 2, 3, or 4. These methods are listed later in this section.|
+|A physical computer that is no longer frozen|Use method 1, 2, 3, or 4. These methods are listed later in this section. And [use Pool Monitor to collect data](#use-pool-monitor-to-collect-data-for-the-physical-computer-that-is-no-longer-frozen).|
+|A virtual machine that's running in a frozen state|Hyper-V or VMware: [Use a memory dump file to collect data for the virtual machine that's running in a frozen state](#use-memory-dump-to-collect-data-for-the-virtual-machine-thats-running-in-a-frozen-state). 
                   XenServer: Use method 1, 2, 3, or 4. These methods are listed later in this section.|
+|A virtual machine that is no longer frozen|Use method 1, 2, 3, or 4. These methods are listed later in this section.|
 
-|Computer type and state    |Data collection method | 
-|-------------------------|--------------------| 
-|A physical computer that's running in a frozen state|[Use a memory dump file to collect data](#use-memory-dump-to-collect-data-for-the-physical-computer-thats-running-in-a-frozen-state). Or use method 2, 3, or 4. These methods are listed later in this section.| 
-|A physical computer that is no longer frozen|Use method 1, 2, 3, or 4. These methods are listed later in this section. And [use Pool Monitor to collect data](#use-pool-monitor-to-collect-data-for-the-physical-computer-that-is-no-longer-frozen).| 
-|A virtual machine that's running in a frozen state|Hyper-V or VMware: [Use a memory dump file to collect data for the virtual machine that's running in a frozen state](#use-memory-dump-to-collect-data-for-the-virtual-machine-thats-running-in-a-frozen-state). 
                   XenServer: Use method 1, 2, 3, or 4. These methods are listed later in this section.| 
-|A virtual machine that is no longer frozen|Use method 1, 2, 3, or 4. These methods are listed later in this section.| 
+### Method 1: Memory dump
 
+> [!IMPORTANT]
+> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/topic/how-to-back-up-and-restore-the-registry-in-windows-855140ad-e318-2a13-2829-d428a2ab0692) in case problems occur.
 
-### Method 1: Memory dump 
+A complete memory dump file records all the contents of system memory when the computer stops unexpectedly. A complete memory dump file may contain data from processes that were running when the memory dump file was collected.
+
+If the computer is no longer frozen and now is running in a good state, use the following steps to enable memory dump so that you can collect memory dump when the freeze issue occurs again. If the virtual machine is still running in a frozen state, use the following steps to enable and collect memory dump.
 
 > [!NOTE]
-> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.   
+> If you have a restart feature that's enabled on the computer, such as the Automatic System Restart (ASR) feature in Compaq computers, disable it. This setting is usually found in the BIOS. With this feature enabled, if the BIOS doesn't detect a heartbeat from the operating system, it will restart the computer. The restart can interrupt the dump process.
 
-A complete memory dump file records all the contents of system memory when the computer stops unexpectedly. A complete memory dump file may contain data from processes that were running when the memory dump file was collected.   
+1. Make sure that the computer is set up to get a complete memory dump file.
 
-If the computer is no longer frozen and now is running in a good state, use the following steps to enable memory dump so that you can collect memory dump when the freeze issue occurs again. If the virtual machine is still running in a frozen state, use the following steps to enable and collect memory dump.   
+    1. Go to **Run** and enter `Sysdm.cpl`, and then press enter.
 
-> [!NOTE]
-> If you have a restart feature that is enabled on the computer, such as the Automatic System Restart (ASR) feature in Compaq computers, disable it. This setting is usually found in the BIOS. With this feature enabled, if the BIOS doesn't detect a heartbeat from the operating system, it will restart the computer. The restart can interrupt the dump process.   
+    1. In **System Properties**, on the **Advanced** tab, select **Performance** \> **Settings** \> **Advanced**. Select **Change** to check or change the virtual memory.
 
+    1. Go back to **System Properties** \> **Advanced** \> **Settings** in **Startup and Recovery**.
 
-1. Make sure that the computer is set up to get a complete memory dump file. To do this, follow these steps: 
+    1. In the **Write Debugging Information** section, select **Complete Memory Dump**.
 
-   1.  Go to **Run** and enter `Sysdm.cpl`, and then press enter.
-    
-   2. In **System Properties**, on the **Advanced** tab, select **Performance** \> **Settings** \> **Advanced**, and then check or change the virtual memory by clicking **Change**. 
+    1. Select **Overwrite any existing file**.
 
-   2.  Go back to **System Properties** \> **Advanced** \> **Settings** in **Startup and Recovery**. 
+    1. Make sure that there's a paging file (pagefile.sys) on the system drive and that it's at least 100 MB over the installed RAM (Initial and Maximum Size).
 
-   3.  In the **Write Debugging Information** section, select **Complete Memory Dump**. 
+    1. Make sure that there's more available space on the system drive than there's physical RAM.
 
-       > [!NOTE]
-       > For Windows versions that are earlier than Windows 8 or Windows Server 2012, the Complete Memory Dump type isn't available in the GUI. You have to change it in Registry Editor. To do this, change the value of the following **CrashDumpEnabled** registry entry to **1** (REG_DWORD):
-       >**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled**   
+1. To allow the system to generate a dump file by using the keyboard, enable the `CrashOnCtrlScroll` registry value.
 
-   4.  Select **Overwrite any existing file**. 
+    1. Open the Registry Editor, and then locate the following registry keys:
 
-   5.  Make sure that there's a paging file (pagefile.sys) on the system drive and that it’s at least 100 megabytes (MB) over the installed RAM (Initial and Maximum Size). 
+        - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters`
 
-       Additionally, you can use the workaround for [space limitations on the system drive in Windows Server 2008](#space-limitations-on-the-system-drive-in-windows-server-2008). 
+        - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters`
 
-   6.  Make sure that there's more available space on the system drive than there is physical RAM. 
+    1. Create the following `CrashOnCtrlScroll` registry entry in the two registry keys:
 
-2. Enable the CrashOnCtrlScroll registry value to allow the system to generate a dump file by using the keyboard. To do this, follow these steps: 
+        - **Value Name**: `CrashOnCtrlScroll`
+        - **Data Type**: `REG_DWORD`
+        - **Value**: `1`
 
-   1. Go to Registry Editor, and then locate the following registry keys: 
+    1. Close the Registry Editor and restart the computer.
 
-      *   `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters` 
+1. On some physical computers running earlier versions of Windows, you may generate a nonmakeable interruption (NMI) from a web interface feature such as DRAC, iLo, or RSA. However, by default, this setting will stop the system without creating a memory dump.
 
-      *   `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters` 
+    > [!NOTE]
+    > For currently supported versions of Windows, the `NMICrashDump` registry key is no longer required. An NMI causes a [Stop error that follows a memory dump data collection](/troubleshoot/windows-client/performance/nmi-hardware-failure-error).
 
-   2. Create the following CrashOnCtrlScroll registry entry in the two registry keys: 
+1. When the computer exhibits the problem, hold down the right **Ctrl** key, and press the **Scroll Lock** key two times to generate a memory dump file.
 
-      - **Value Name**: `CrashOnCtrlScroll`    
-      - **Data Type**: `REG_DWORD`      
-      - **Value**: `1`  
- 
-   3. Exit Registry Editor. 
+    > [!NOTE]
+    > By default, the dump file is located in the following path: `%SystemRoot%\MEMORY.DMP`
 
-   4. Restart the computer. 
+### Method 2: Data sanity check
 
-3. On some physical computers, you may generate a nonmakeable interruption (NMI) from the Web Interface feature (such as DRAC, iLo, and RSA). However, by default, this setting will stop the system without creating a memory dump.   
+Use the Dump Check Utility (Dumpchk.exe) to read a memory dump file. It can also verify that the file was created correctly and isn't corrupted or invalid.
 
-   To allow the operating system to generate a memory dump file at an NMI interruption, set the value of the [NMICrashDump](/previous-versions/windows/it-pro/windows-server-2003/cc783271(v=ws.10)) registry entry to `1` (REG_DWORD). Then, restart the computer to apply this change.   
+- [Using DumpChk](/windows-hardware/drivers/debugger/dumpchk)
+- [Download DumpChk](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
 
-   > [!NOTE]
-   > This is applicable only for Windows 7, Windows Server 2008 R2, and earlier versions of Windows. For Windows 8 Windows Server 2012, and later versions of Windows, the NMICrashDump registry key is no longer required, and an NMI interruption will result in [a Stop error that follows a memory dump data collection](https://support.microsoft.com/help/2750146).   
+Learn how to use Dumpchk.exe to check your dump files:
 
-4. When the computer exhibits the problem, hold down the right **Ctrl** key, and press the **Scroll Lock** key two times to generate a memory dump file.   
+> [!VIDEO https://www.youtube.com/embed/xN7tOfgNKag]
 
-   > [!NOTE]
-   > By default, the dump file is located in the following path:
                   
-   > %SystemRoot%\MEMORY.DMP 
+### Method 3: Performance Monitor
 
+You can use Windows Performance Monitor to examine how programs that you run affect your computer's performance, both in real time and by collecting log data for later analysis. To create performance counter and event trace log collections on local and remote systems, run the following commands in a command prompt as administrator:
 
-### Method 2: Data sanity check 
+```command
+Logman create counter LOGNAME_Long -u DOMAIN\USERNAME * -f bincirc -v mmddhhmm -max 500 -c "\\COMPUTERNAME\LogicalDisk(*)\*" "\\COMPUTERNAME\Memory\*" "\\COMPUTERNAME\Network Interface(*)\*" "\\COMPUTERNAME\Paging File(*)\*" "\\COMPUTERNAME\PhysicalDisk(*)\*" "\\COMPUTERNAME\Process(*)\*" "\\COMPUTERNAME\Redirector\*" "\\COMPUTERNAME\Server\*" "\\COMPUTERNAME\System\*" "\\COMPUTERNAME\Terminal Services\*" "\\COMPUTERNAME\Processor(*)\*" "\\COMPUTERNAME\Cache\*" -si 00:05:00
+```
 
-Use the Dump Check Utility (Dumpchk.exe) to read a memory dump file or verify that the file was created correctly. You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid. 
+```command
+Logman create counter LOGNAME_Short -u DOMAIN\USERNAME * -f bincirc -v mmddhhmm -max 500 -c "\\COMPUTERNAME\LogicalDisk(*)\*" "\\COMPUTERNAME\Memory\*" "\\COMPUTERNAME\Network Interface(*)\*" "\\COMPUTERNAME\Paging File(*)\*" "\\COMPUTERNAME\PhysicalDisk(*)\*" "\\COMPUTERNAME\Process(*)\*" "\\COMPUTERNAME\Redirector\*" "\\COMPUTERNAME\Server\*" "\\COMPUTERNAME\System\*" "\\COMPUTERNAME\Terminal Services\*" "\\COMPUTERNAME\Processor(*)\*" "\\COMPUTERNAME\Cache\*" -si 00:00:10
+```
 
-- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
-- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
+Then, you can start or stop the log by running the following commands:
 
-Learn how to use Dumpchk.exe to check your dump files: 
+```command
+logman start LOGNAME_Long / LOGNAME_Short
+logman stop LOGNAME_Long / LOGNAME_Short
+```
 
-> [!video https://www.youtube-nocookie.com/embed/xN7tOfgNKag] 
+The Performance Monitor log is located in the path: `C:\PERFLOGS`
 
+### Other methods to collect data
 
-### Method 3: Performance Monitor 
-
-You can use Windows Performance Monitor to examine how programs that you run affect your computer's performance, both in real time and by collecting log data for later analysis. To create performance counter and event trace log collections on local and remote systems, run the following commands in a command prompt as administrator: 
-
-```cmd 
-Logman create counter LOGNAME_Long -u DOMAIN\USERNAME * -f bincirc -v mmddhhmm -max 500 -c "\\COMPUTERNAME\LogicalDisk(*)\*" "\\COMPUTERNAME\Memory\*" "\\COMPUTERNAME\Network Interface(*)\*" "\\COMPUTERNAME\Paging File(*)\*" "\\COMPUTERNAME\PhysicalDisk(*)\*" "\\COMPUTERNAME\Process(*)\*" "\\COMPUTERNAME\Redirector\*" "\\COMPUTERNAME\Server\*" "\\COMPUTERNAME\System\*" "\\COMPUTERNAME\Terminal Services\*" "\\COMPUTERNAME\Processor(*)\*" "\\COMPUTERNAME\Cache\*" -si 00:05:00  
-``` 
-
-```cmd 
-Logman create counter LOGNAME_Short -u DOMAIN\USERNAME * -f bincirc -v mmddhhmm -max 500 -c "\\COMPUTERNAME\LogicalDisk(*)\*" "\\COMPUTERNAME\Memory\*" "\\COMPUTERNAME\Network Interface(*)\*" "\\COMPUTERNAME\Paging File(*)\*" "\\COMPUTERNAME\PhysicalDisk(*)\*" "\\COMPUTERNAME\Process(*)\*" "\\COMPUTERNAME\Redirector\*" "\\COMPUTERNAME\Server\*" "\\COMPUTERNAME\System\*" "\\COMPUTERNAME\Terminal Services\*" "\\COMPUTERNAME\Processor(*)\*" "\\COMPUTERNAME\Cache\*" -si 00:00:10  
-``` 
-
-Then, you can start or stop the log by running the following commands: 
-
-```cmd 
-logman start LOGNAME_Long / LOGNAME_Short   
-logman stop LOGNAME_Long / LOGNAME_Short  
-``` 
-
-The Performance Monitor log is located in the path: C:\PERFLOGS   
-
-### Method 4: Microsoft Support Diagnostics 
-
-1.  In the search box of the [Microsoft Support Diagnostics Self-Help Portal](https://home.diagnostics.support.microsoft.com/selfhelp), type Windows Performance Diagnostic. 
-
-2.  In the search results, select **Windows Performance Diagnostic**, and then click **Create**. 
-
-3.  Follow the steps of the diagnostic. 
-
-
-### Additional methods to collect data 
-
-#### Use memory dump to collect data for the physical computer that's running in a frozen state 
+#### Use memory dump to collect data for the physical computer that's running in a frozen state
 
 > [!WARNING]
-> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.   
+> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/topic/how-to-back-up-and-restore-the-registry-in-windows-855140ad-e318-2a13-2829-d428a2ab0692) in case problems occur.
 
-If the physical computer is still running in a frozen state, follow these steps to enable and collect memory dump: 
+If the physical computer is still running in a frozen state, follow these steps to enable and collect memory dump:
 
+1. Make sure that the computer is set up to get a complete memory dump file and that you can access it through the network.
 
-1. Make sure that the computer is set up to get a complete memory dump file and that you can access it through the network. To do this, follow these steps:   
-   > [!NOTE]
-   > If it isn't possible to access the affected computer through the network, try to generate a memory dump file through NMI interruption. The result of the action may not collect a memory dump file if some of the following settings aren't qualified.   
+    > [!NOTE]
+    > If it isn't possible to access the affected computer through the network, try to generate a memory dump file through NMI. The result of the action may not collect a memory dump file if some of the following settings aren't qualified.
 
-   1. Try to access the desktop of the computer by any means.   
-
-      > [!NOTE]
-      > In case accessing the operating system isn't possible, try to access Registry Editor on the computer remotely in order to check the type of memory dump file and page file with which the computer is currently configured.   
-
-   2. From a remote computer that is preferably in the same network and subnet, go to **Registry Editor** \> **Connect Network Registry**. Then, connect to the concerned computer, and verify the following settings: 
-
-      * `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled`   
-
-         Make sure that the [CrashDumpEnabled](/previous-versions/windows/it-pro/windows-2000-server/cc976050(v=technet.10)) registry entry is `1`.            
-
-      * `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\NMICrashDump`   
-
-        On some physical servers, if the NMICrashDump registry entry exists and its value is `1`, you may take advantage of the NMI from the remote management capabilities (such as DRAC, iLo, and RSA). 
-
-      * `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PagingFiles and ExistingPageFiles`   
-
-        If the value of the **Pagefile** registry entry is system managed, the size won't be reflected in the registry (Example value: ?:\pagefile.sys).   
-
-        If the page file is customized, the size will be reflected in the registry, such as ‘?:\pagefile.sys 1024 1124’ where 1024 is the initial size and 1124 is the max size.   
+    1. Try to access the desktop of the computer by any means.
 
         > [!NOTE]
-        > If the size isn't reflected in the Registry, try to access an Administrative share where the page file is located (such as \\\\**ServerName**\C$). 
+        > In case accessing the OS isn't possible, try to remotely access Registry Editor on the computer. You can then check the type of memory dump file and page file with which the computer is currently configured.
 
-   3. Make sure that there's a paging file (pagefile.sys) on the system drive of the computer, and it's at least 100 MB over the installed RAM. 
+    1. From a remote computer that's preferably in the same network and subnet, go to **Registry Editor** \> **Connect Network Registry**. Then, connect to the affected computer, and verify the following settings:
 
-   4. Make sure that there's more free space on the hard disk drives of the computer than there is physical RAM. 
+        - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled`
 
-2. Enable the **CrashOnCtrlScroll** registry value on the computer to allow the system to generate a dump file by using the keyboard. To do this, follow these steps: 
+            Make sure that the [CrashDumpEnabled](/previous-versions/windows/it-pro/windows-2000-server/cc976050(v=technet.10)) registry entry is `1`.
 
-   1.  From a remote computer preferably in the same network and subnet, go to Registry Editor \> Connect Network Registry. Connect to the concerned computer and locate the following registry keys: 
+        - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\NMICrashDump`
 
-       *   `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters` 
+            On some physical servers, if the NMICrashDump registry entry exists and its value is `1`, you may take advantage of the NMI from the remote management provider such as DRAC, iLo, and RSA.
 
-       *   `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters` 
+        - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PagingFiles and ExistingPageFiles`
 
-   2.  Create the following CrashOnCtrlScroll registry entry in the two registry keys: 
+            If the value of the **Pagefile** registry entry is system-managed, the size won't be reflected in the registry. For example, `?:\pagefile.sys)`
 
-       **Value Name**: `CrashOnCtrlScroll`     
-       **Data Type**: `REG_DWORD`     
-       **Value**: `1`  
+            If the page file is customized, the size will be reflected in the registry, such as `?:\pagefile.sys 1024 1124`. In this example, `1024` is the initial size and `1124` is the max size.
 
-   3.  Exit Registry Editor. 
+            > [!NOTE]
+            > If the size isn't reflected in the Registry, try to access an administrative share where the page file is located. For example, `\\ServerName\C$`
 
-   4.  Restart the computer. 
+    1. Make sure that there's a paging file (pagefile.sys) on the system drive of the computer, and it's at least 100 MB over the installed RAM.
 
-3. When the computer exhibits the problem, hold down the right **CTRL** key, and press the **Scroll Lock** key two times to generate a memory dump.  
-   > [!NOTE]
-   > By default, the dump file is located in the path: %SystemRoot%\MEMORY.DMP 
+    1. Make sure that there's more free space on the hard disk drives of the computer than there's physical RAM.
 
-### Use Pool Monitor to collect data for the physical computer that is no longer frozen 
+1. Enable the **CrashOnCtrlScroll** registry value on the computer to allow the system to generate a dump file by using the keyboard.
 
-Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag.   
+    1. From a remote computer preferably in the same network and subnet, go to Registry Editor \> Connect Network Registry. Connect to the affected computer and locate the following registry keys:
 
-Learn [how to use Memory Pool Monitor to troubleshoot kernel mode memory leaks](https://support.microsoft.com/office/how-to-use-memory-pool-monitor-poolmon-exe-to-troubleshoot-kernel-mode-memory-leaks-4f4a05c2-ef8a-fca4-3ae0-670b940af398). 
+        - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters`
 
-### Use memory dump to collect data for the virtual machine that's running in a frozen state 
+        - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters`
 
-Use the one of the following methods for the application on which the virtual machine is running.   
+    1. Create the following `CrashOnCtrlScroll` registry entry in the two registry keys:
 
-#### Microsoft Hyper-V 
+        **Value Name**: `CrashOnCtrlScroll`
+        **Data Type**: `REG_DWORD`
+        **Value**: `1`
 
-If the virtual machine is running Windows 8, Windows Server 2012, or a later version of Windows on Microsoft Hyper-V Server 2012, you can use the built-in NMI feature through a [Debug-VM](/previous-versions/windows/powershell-scripting/dn464280(v=wps.630)) cmdlet to debug and get a memory dump.   
+    1. Close the Registry Editor and restart the computer.
 
-To debug the virtual machines on Hyper-V, run the following cmdlet in Windows PowerShell: 
+1. When the computer exhibits the problem, hold down the right **CTRL** key, and press the **Scroll Lock** key two times to generate a memory dump.
 
-```powershell 
+    > [!NOTE]
+    > By default, the dump file is located in the path: `%SystemRoot%\MEMORY.DMP`
+
+### Use Pool Monitor to collect data for the physical computer that is no longer frozen
+
+Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag.
+
+For more information, see [How to use Memory Pool Monitor to troubleshoot kernel mode memory leaks](https://support.microsoft.com/topic/4f4a05c2-ef8a-fca4-3ae0-670b940af398).
+
+### Use memory dump to collect data for the virtual machine that's running in a frozen state
+
+Use the one of the following methods for the application on which the virtual machine is running.
+
+#### Microsoft Hyper-V
+
+You can also use the built-in NMI feature through a [Debug-VM](/powershell/module/hyper-v/debug-vm) cmdlet to debug and get a memory dump.
+
+To debug the virtual machines on Hyper-V, run the following cmdlet in Windows PowerShell:
+
+```powershell
 Debug-VM -Name "VM Name" -InjectNonMaskableInterrupt -ComputerName Hostname  
-``` 
+```
 
-> [!NOTE]
-> This method is applicable only to Windows 8, Windows Server 2012, and later versions of Windows virtual machines. For the earlier versions of Windows, see methods 1 through 4 that are described earlier in this section.  
+#### VMware
 
-#### VMware 
+You can use VMware snapshots or suspend state and extract a memory dump file equivalent to a complete memory dump file. Use VMware's [Checkpoint To Core Tool (vmss2core)](https://flings.vmware.com/vmss2core) to convert both suspend (`.vmss`) and snapshot (`.vmsn`) state files to a dump file. Then analyze the file by using the standard Windows debugging tools.
 
-You can use VMware Snapshots or suspend state and extract a memory dump file equivalent to a complete memory dump file. By using [Checkpoint To Core Tool (vmss2core)](https://labs.vmware.com/flings/vmss2core), you can convert both suspend (.vmss) and snapshot (.vmsn) state files to a dump file and then analyze the file by using the standard Windows debugging tools.   
+#### Citrix XenServer
 
-#### Citrix XenServer 
+The memory dump process occurs by pressing the RIGHT CTRL + SCROLL LOCK + SCROLL LOCK keyboard combination. For more information, see Method 1 of [How to Trigger a Memory Dump from a Windows Virtual Machine Running on XenServer](https://support.citrix.com/article/ctx123177) from Citrix.
 
-The memory dump process occurs by pressing the RIGHT CTRL + SCROLL LOCK + SCROLL LOCK keyboard combination that's described in Method 1 and on [the Citrix site](http://support.citrix.com/article/ctx123177).   
+## Space limitations on the system drive in Windows Server
 
-## Space limitations on the system drive in Windows Server 2008 
+On a Windows Server, you may not have enough free disk space to generate a complete memory dump file on the system volume.
+There's a second option if the system drive doesn't have sufficient space. You can use the DedicatedDumpFile registry entry. For more information, see [Configure the destination path for a memory dump](/windows-server/administration/server-core/server-core-memory-dump#step-2-configure-the-destination-path-for-a-memory-dump).
 
-On Windows Server 2008, you may not have enough free disk space to generate a complete memory dump file on the system volume. There's a [hotfix](https://support.microsoft.com/help/957517) that allows for the data collection even though there isn't sufficient space on the system drive to store the memory dump file.   
-
-Additionally, on Windows Server 2008 Service Pack (SP2), there's a second option if the system drive doesn't have sufficient space. Namely, you can use the DedicatedDumpFile registry entry. To learn how to use the registry entry, see [New behavior in Windows Vista and Windows Server 2008](https://support.microsoft.com/help/969028).   
-
-For more information, see [How to use the DedicatedDumpFile registry value to overcome space limitations on the system drive](https://blogs.msdn.com/b/ntdebugging/archive/2010/04/02/how-to-use-the-dedicateddumpfile-registry-value-to-overcome-space-limitations-on-the-system-drive-when-capturing-a-system-memory-dump.aspx).
\ No newline at end of file
+For more information, see [How to use the DedicatedDumpFile registry value to overcome space limitations on the system drive](/archive/blogs/ntdebugging/how-to-use-the-dedicateddumpfile-registry-value-to-overcome-space-limitations-on-the-system-drive-when-capturing-a-system-memory-dump).
diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md
deleted file mode 100644
index 47b2fc60cb..0000000000
--- a/windows/client-management/windows-10-mobile-and-mdm.md
+++ /dev/null
@@ -1,1090 +0,0 @@
----
-title: Windows 10 Mobile deployment and management guide (Windows 10)
-description: This guide helps IT professionals plan for and deploy Windows 10 Mobile devices.
-ms.assetid: 6CAA1004-CB65-4FEC-9B84-61AAD2125E5E
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-keywords: Mobile, diagnostic data, BYOD, MDM
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: mobile, devices, security
-ms.localizationpriority: medium
-author: dansimp
-ms.date:
-ms.topic: article
----
-
-# Windows 10 Mobile deployment and management guide
-
-**Applies to:**
-- Windows 10 Mobile, version 1511 and Windows 10 Mobile, version 1607
-
-This guide helps IT professionals plan for and deploy Windows 10 Mobile devices.
-
-Employees increasingly depend on smartphones to complete daily work tasks, but these devices introduce unique management and security challenges. Whether providing corporate devices or allowing people to use their personal devices, IT needs to deploy and manage mobile devices and apps quickly to meet business goals. However, they also need to ensure that the apps and data on those mobile devices are protected against cybercrime or loss. Windows 10 Mobile helps organizations directly address these challenges with robust, flexible, built-in mobile device and app management technologies.
-Windows 10 supports end-to-end device lifecycle management to give companies control over their devices, data, and apps. Devices can easily be incorporated into standard lifecycle practices, from device enrollment, configuration, and application management to maintenance, monitoring, and retirement, by using a comprehensive mobile device management solution.
-
-**In this article**
-- [Deploy](#deploy)
-- [Configure](#configure)
-- [Apps](#apps)
-- [Manage](#manage)
-- [Retire](#retire)
-
-
-## Deploy
-
-Windows 10 Mobile has a built-in device management client to deploy, configure, maintain, and support smartphones. Common to all editions of the Windows 10 operating system, including desktop, mobile, and Internet of Things (IoT), this client provides a single interface through which mobile device management (MDM) solutions can manage any device that runs Windows 10. Because the MDM client integrates with identity management, the effort required to manage devices throughout the lifecycle is greatly reduced.
-Windows 10 includes comprehensive MDM capabilities that can be managed by Microsoft management solutions, such as Microsoft Intune or Microsoft Endpoint Configuration Manager, as well as many third-party MDM solutions. There is no need to install an additional, custom MDM app to enroll devices and bring them under MDM control. All MDM system vendors have equal access to Windows 10 Mobile device management application programming interfaces (APIs), giving IT organizations the freedom to select the system that best fits their management requirements, whether Microsoft Intune or a third-party MDM product. For more information about Windows 10 Mobile device management APIs, see [Mobile device management](./mdm/index.md).
-
-### Deployment scenarios
-
-*Applies to: Corporate and personal devices*
-
-The built-in MDM client is common to all editions of the Windows 10 operating system, including desktop, mobile, and Internet of Things (IoT). The client provides a single interface through which you can manage any device that runs Windows 10. The client has two important roles: device enrollment in an MDM system and device management.
-
-Organizations typically have two scenarios to consider when it comes to device deployment: Bring Your Own (BYO) personal devices and Choose Your Own (CYO) company-owned devices. In both cases, the device must be enrolled in an MDM system, which would configure it with settings appropriate for the organization and the employee.
-Windows 10 Mobile device management capabilities support both personal devices used in the BYO scenario and corporate devices used in the CYO scenario. The operating system offers a flexible approach to registering devices with directory services and MDM systems. IT organizations can provision comprehensive device-configuration profiles based on their business needs to control and protect mobile business data. Apps can be provisioned easily to personal or corporate devices through the Microsoft Store for Business, or by using their MDM system, which can also work with the Microsoft Store for Business for public store apps.
-Knowing who owns the device and what the employee uses it for are the major factors in determining your management strategy and which controls your organization should put in place. Whether personal devices, corporate devices, or a mixture of the two, deployment processes and configuration policies may differ.
-
-For **personal devices**, companies need to be able to manage corporate apps and data on the device without impeding the employee’s ability to personalize it to meet their individual needs. The employee owns the device and corporate policy allows them to use it for both business and personal purposes, with the ability to add personal apps at their discretion. The main concern with personal devices is how organizations can prevent corporate data from being compromised, while still keeping personal data private and under the sole control of the employee. This requires that the device be able to support separation of apps and data with strict control of business and personal data traffic.
-
-For **corporate devices**, organizations have a lot more control. IT can provide a selected list of supported device models to employees, or they can directly purchase and preconfigure them. Because devices are owned by the company, employees can be limited as to how much they can personalize these devices. Security and privacy concerns may be easier to navigate, because the device falls entirely under existing company policy.
-
-### Device enrollment
-
-*Applies to: Corporate and personal devices*
-
-The way in which personal and corporate devices are enrolled into an MDM system differs. Your operations team should consider these differences when determining which approach is best for mobile workers in your organization.
-
-**Device initialization and enrollment considerations**
-
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  Personal devicesCorporate devices
                  OwnershipEmployeeOrganization
                  Device Initialization
-
-In the out-of-box experience (OOBE), the first time the employee starts the device, they are requested to add a cloud identity to the device.The primary identity on the device is a personal identity. Personal devices are initiated with a Microsoft Account (MSA), which uses a personal email address. The primary identity on the device is an organizational identity. Corporate devices are initialized with an organizational account (account@corporatedomain.ext).
-Initialization of a device with a corporate account is unique to Windows 10. No other mobile platform currently offers this capability. The default option is to use an Azure Active Directory (Azure AD) organizational identity.
-Skipping the account setup in OOBE results in the creation of a local account. The only option to add a cloud account later is to add an MSA, putting this device into a personal device deployment scenario. To start over, the device must be reset.
-
                  Device Enrollment
-
-Enrolling devices in an MDM system helps control and protect corporate data while keeping workers productive. Device enrollment can be initiated by employees. They can add an Azure account as a secondary account to the Windows 10 Mobile device. Provided the MDM system is registered with your Azure AD, the device is automatically enrolled in the MDM system when the user adds an Azure AD account as a secondary account (MSA+Azure AD+MDM). If your organization does not have Azure AD, the employee’s device is automatically enrolled into your organization’s MDM system (MSA+MDM).
-MDM enrollment can also be initiated with a provisioning package. This option enables IT to offer easy-to-use self-service enrollment of personal devices. Provisioning is currently only supported for MDM-only enrollment (MSA+MDM).
-The user initiates MDM enrollment by joining the device to the Azure AD instance of their organization. The device is automatically enrolled in the MDM system when the device registers in Azure AD. This requires your MDM system to be registered with your Azure AD (Azure AD+MDM).
                  
-
-Microsoft recommends Azure AD registration and automatic MDM enrollment for corporate devices (Azure AD+MDM) and personal devices (MSA+Azure AD+MDM). This requires Azure AD Premium.
-
-### Identity management
-
-*Applies to: Corporate and personal devices*
-
-Employees can use only one account to initialize a device so it’s imperative that your organization controls which account is enabled first. The account chosen determines who controls the device and influences your management capabilities.
-
-> [!NOTE]
-> Why must the user add an account to the device in OOBE? Windows 10 Mobile are single user devices and the user accounts give access to a number of default cloud services that enhance the productivity and entertainment value of the phone for the user. Such services are: Store for downloading apps, Groove for music and entertainment, Xbox for gaming, and so on. Both an [MSA](https://www.microsoft.com/account/) and an [Azure AD account](https://www.microsoft.com/server-cloud/products/azure-active-directory/?WT.srch=1&WT.mc_id=SEM_%5B_uniqid%5D&utm_source=Bing&utm_medium=CPC&utm_term=azure%20ad&utm_campaign=Enterprise_Mobility_Suite) provide access to these services.
-
-The following table describes the impact of identity choice on device management characteristics of the personal and corporate device scenarios.
-
-**Identity choice considerations for device management**
-
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  Personal identityWork identity
                  First account on the deviceMicrosoft AccountAzure AD account
                  Ease of enrollmentEmployees use their Microsoft Account to activate the device. Then, they use their Azure AD account (organizational identity) to register the device in Azure AD and enroll it with the company’s MDM solution (MSA+Azure AD+MDM).Employees use their Azure AD account to register the device in Azure AD and automatically enroll it with the organization’s MDM solution (Azure AD+MDM – requires Azure AD Premium).
                  Credential managementEmployees sign in to the device with Microsoft Account credentials.
-Users cannot sign in to devices with Azure AD credentials, even if they add the credentials after initial activation with a Microsoft Account.
-Employees sign in to the device with Azure AD credentials.
-IT can block the addition of a personal identity, such as an MSA or Google Account. IT controls all devices access policies, without limitations.
-
                  Ability to block the use of a personal identity on the deviceNoYes
                  User settings and data roaming across multiple Windows devicesUser and app settings roam across all devices activated with the same personal identity through OneDrive.If the device is activated with an MSA, then adds an Azure AD account, user an app settings roam. If you add your MSA to an Azure AD-joined device, this is not the case. Microsoft is investigating Enterprise roaming for a future release.
                  Level of controlOrganizations can apply most of the available restrictive policies to devices and disable the Microsoft account. You can prevent users from reclaiming full control over their devices by unenrolling them from the organization’s MDM solution or resetting the device. Legal limitations may apply. For more information, contact your legal department.Organizations are free to apply any restrictive policies to devices to bring them in line with corporate standards and compliance regulations. They can also prevent the user from unenrolling the device from the enterprise.
                  Information ProtectionYou can apply policies to help protect and contain corporate apps and data on the devices and prevent intellectual property leaks, but still provide employees with full control over personal activities like downloading and installing apps and games.Companies can block personal use of devices. Using organizational identities to initialize devices gives organizations complete control over devices and allows them to prevent personalization.
                  App purchasesEmployees can purchase and install apps from the Store using a personal credit card.Employees can install apps from your Store for Business. Employees cannot install or purchase app from the Store without the addition of an MSA.
                  
-
-
-> [!NOTE]
-> In the context of [Windows-as-a-Service](/windows/deployment/update/), differentiation of MDM capabilities may change in the future.
-
-### Infrastructure choices
-
-*Applies to: Corporate and personal devices*
-
-For both personal and corporate deployment scenarios, an MDM system is the essential infrastructure required to deploy and manage Windows 10 Mobile devices. An Azure AD Premium subscription is recommended as an identity provider and required to support certain capabilities. Windows 10 Mobile allows you to have a pure cloud-based infrastructure or a hybrid infrastructure that combines Azure AD identity management with an on-premises management system to manage devices. Microsoft now also supports a pure on-premises solution to manage Windows 10 Mobile devices with [Configuration Manager](/mem/configmgr/mdm/understand/what-happened-to-hybrid).
-
-**Azure Active Directory**
-Azure AD is a cloud-based directory service that provides identity and access management. You can integrate it with existing on-premises directories to create a hybrid identity solution. Organizations that use Microsoft Office 365 or Intune are already using Azure AD, which has three editions: Free Basic, and Premium (see [Azure Active Directory editions](/azure/active-directory/fundamentals/active-directory-whatis)). All editions support Azure AD device registration, but the Premium edition is required to enable MDM auto-enrollment and conditional access based on device state.
-
-**Mobile Device Management**
-Microsoft [Intune](https://www.microsoft.com/server-cloud/products/microsoft-intune/overview.aspx), part of the Enterprise Mobility + Security, is a cloud-based MDM system that manages devices off premises. Intune uses Azure AD for identity management so employees use the same credentials to enroll devices in Intune that they use to sign into Microsoft 365. Intune supports devices that run other operating systems, such as iOS and Android, to provide a complete MDM solution.
-Multiple MDM systems support Windows 10 and most support personal and corporate device deployment scenarios. Most industry-leading MDM vendors already support integration with Azure AD. You can find the MDM vendors that support Azure AD in [Azure Marketplace](https://azure.microsoft.com/marketplace/). If your organization doesn’t use Azure AD, the user must use an MSA during OOBE before enrolling the device in your MDM using a corporate account.
-
-> [!NOTE]
-> Although not covered in this guide, you can use Exchange ActiveSync (EAS) to manage mobile devices instead of using a full-featured MDM system. EAS is available in Microsoft Exchange Server 2010 or later and Microsoft 365.
-In addition, Microsoft recently added MDM capabilities powered by Intune to Microsoft 365, called Basic Mobility and Security for Microsoft 365. Basic Mobility and Security for Microsoft 365 supports mobile devices only, such as those running Windows 10 Mobile, iOS, and Android. Basic Mobility and Security for Microsoft 365 offers a subset of the management capabilities found in Intune, including the ability to remotely wipe a device, block a device from accessing Exchange Server email, and configure device policies (e.g., passcode requirements). For more information, see [Overview of Basic Mobility and Security for Microsoft 365](/microsoft-365/admin/basic-mobility-security/overview).
-
-**Cloud services**
-On mobile devices that run Windows 10 Mobile, users can easily connect to cloud services that provide user notifications and collect diagnostic and usage data. Windows 10 Mobile enables organizations to manage how devices consume these cloud services.
-
-**Windows Push Notification Services**
-The Windows Push Notification Services enable software developers to send toast, tile, badge, and raw updates from their cloud services. It provides a mechanism to deliver updates to users in a power-efficient and dependable way.
-However, push notifications can affect battery life so the battery saver in Windows 10 Mobile limits background activity on the devices to extend battery life. Users can configure battery saver to turn on automatically when the battery drops below a set threshold. Windows 10 Mobile disables the receipt of push notifications to save energy when battery saver is on.
-However, there is an exception to this behavior. In Windows 10 Mobile, the Always allowed battery saver setting (found in the Settings app) allows apps to receive push notifications even when battery saver is on. Users can manually configure this list, or IT can use the MDM system to configure the battery saver settings URI scheme in Windows 10 Mobile (ms-settings:batterysaver-settings).
-
-For more information about health attestation in Windows 10 Mobile, see the [Windows 10 Mobile security guide](/windows/device-security/windows-10-mobile-security-guide).
-
-**Windows Update for Business**
-Microsoft designed Windows Update for Business to provide IT administrators with additional Windows Update-centric management capabilities, such as the ability to deploy updates to groups of devices and to define maintenance windows for installing updates.
-
-**Microsoft Store for Business**
-The Microsoft Store for Business is the place where IT administrators can find, acquire, manage, and distribute apps to Windows 10 devices. This includes both internal line-of-business (LOB) apps, as well as commercially available third-party apps.
-
-## Configure
-
-MDM administrators can define and implement policy settings on any personal or corporate device enrolled in an MDM system. The configuration settings you use depend on the deployment scenario, and corporate devices offer IT the broadest range of control.
-
-> [!NOTE]
-> This guide helps IT professionals understand management options available for the Windows 10 Mobile OS. Please consult your MDM system documentation to understand how these policies are enabled by your MDM vendor.
-Not all MDM systems support every setting described in this guide. Some support custom policies through OMA-URI XML files. See [Microsoft Intune support for Custom Policies](/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#custom-uri-settings-for-windows-10-devices). Naming conventions may also vary among MDM vendors.
-
-### Account profile
-
-*Applies to: Corporate devices*
-
-Enforcing what accounts employees can use on a corporate device is important for avoiding data leaks and protecting privacy. Limiting the device to just one account controlled by the organization reduces the risk of a data breach. However, you can choose to allow employees to add a personal Microsoft Account or other consumer email accounts.
-
--   **Allow Microsoft Account** Specifies whether users are allowed to add a Microsoft Account to the device and use this account to authenticate to cloud services, such as purchasing apps in Microsoft Store, Xbox, or Groove.
--   **Allow Adding Non-Microsoft Accounts** Specifies whether users are allowed to add email accounts other than a Microsoft Account.
-
-### Email accounts
-
-*Applies to: Corporate and personal devices*
-
-Email and associated calendar and contacts are the primary apps that users access on their smartphones. Configuring them properly is key to the success of any mobility program. In both corporate and personal device deployment scenarios, these email account settings get deployed immediately after enrollment. Using your corporate MDM system, you can define corporate email account profiles, deploy them to devices, and manage inbox policies.
-
--   Most corporate email systems leverage **Exchange ActiveSync (EAS)**. For more details on configuring EAS email profiles, see the [Exchange ActiveSync CSP](./mdm/activesync-csp.md).
--   **Simple Mail Transfer Protocol (SMTP)** email accounts can also be configured with your MDM system. For more detailed information on SMTP email profile configuration, see the [Email CSP](./mdm/email2-csp.md). Microsoft Intune does not currently support the creation of an SMTP email profile.
-
-### Device Lock restrictions
-
-*Applies to: Corporate and personal devices*
-
-It’s common practice to protect a device that contains corporate information with a passcode when it is not in use. As a best practice, Microsoft recommends that you implement a device lock policy for Windows 10 Mobile devices for securing apps and data. You can use a complex password or numeric PIN to lock devices. Introduced with Windows 10, [Windows Hello](https://windows.microsoft.com/en-us/windows-10/getstarted-what-is-hello) allows you to use a PIN, a companion device (like Microsoft band), or biometrics to validate your identity to unlock Windows 10 Mobile devices.
-
-> [!NOTE]
-> When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multifactor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics.
-To use Windows Hello with biometrics, specialized hardware, including fingerprint reader, illuminated IR sensor, or other biometric sensors is required. Hardware-based protection of the Windows Hello credentials requires TPM 1.2 or greater; if no TPM exists or is configured, credentials/keys protection will be software-based.
-Companion devices must be paired with a Windows 10 PC using Bluetooth. To use a Windows Hello companion device that enables the user to roam with their Windows Hello credentials requires the Pro or Enterprise edition of Windows 10.
-
-Most of the device lock restriction policies have been available through Exchange ActiveSync and MDM since Windows Phone 7 and are still available today for Windows 10 Mobile. If you are deploying Windows 10 devices in a personal device deployment scenario, these settings would apply:
-
--   **Device Password Enabled** Specifies whether users are required to use a device lock password.
--   **Allow Simple Device Password** Specifies whether users can use a simple password (for example, 1111 or 1234).
--   **Alphanumeric Device Password Required** Specifies whether users need to use an alphanumeric password. When configured, Windows prompts the user with a full device keyboard to enter a complex password. When not configured, the user can enter a numeric PIN on the keyboard.
--   **Min Device Password Complex Characters** The number of password element types (uppercase letters, lowercase letters, numbers, or punctuation) required to create strong passwords.
--   **Device Password History** The number of passwords Windows 10 Mobile remembers in the password history. (Users cannot reuse passwords in the history to create new passwords.)
--   **Min Device Password Length** The minimum number of characters required to create new passwords.
--   **Max Inactivity Time Device Lock** The number of minutes of inactivity before devices are locked and require a password to unlock.
--   **Allow Idle Return Without Password** Specifies whether users are required to re-authenticate when their devices return from a sleep state before the inactivity time was reached.
--   **Max Device Password Failed Attempts** The number of authentication failures allowed before a device is wiped. (A value of zero disables device wipe functionality.)
--   **Screen Timeout While Locked** The number of minutes before the lock screen times out. (This policy influences device power management.)
--   **Allow Screen Timeout While Locked User Configuration** Specifies whether users can manually configure screen timeout while the device is on the lock screen. (Windows 10 Mobile ignores the **Screen Timeout While Locked** setting if you disable this setting.)
-
-Settings related to Windows Hello would be important device lock settings to configure if you are deploying devices using the corporate deployment scenario.
-Microsoft made it a requirement for all users to create a numeric passcode as part of Azure AD Join. This policy default requires users to select a four-digit passcode, but this can be configured with an Azure AD-registered MDM system to whatever passcode complexity your organization desires. If you are using Azure AD with an automatic MDM enrollment mechanism, these policy settings are automatically applied during device enrollment.
-
-You may notice that some of the settings are very similar, specifically those related to passcode length, history, expiration, and complexity. If you set the policy in multiple places, both policies are applied, with the strongest policy retained. Read [PassportForWork CSP](./mdm/passportforwork-csp.md), [DeviceLock CSP](./mdm/devicelock-csp.md) (Windows Phone 8.1), and [Policy CSP](./mdm/policy-configuration-service-provider.md) for more detailed information.
-
-### Prevent changing of settings
-
-*Applies to: Corporate devices*
-
-Employees are usually allowed to change certain personal device settings that you may want to lock down on corporate devices. Employees can interactively adjust certain settings of the phone through the settings applets. Using MDM, you can limit what users are allowed to change, including:
-
--   **Allow Your Account** Specifies whether users are allowed to change account configuration in the **Your Email and Accounts** panel in Settings
--   **Allow VPN** Specifies whether users are allowed to change VPN settings
--   **Allow Data Sense** Specifies whether users are allowed to change Data Sense settings
--   **Allow Date Time** Specifies whether users are allowed to change data and time setting
--   **Allow Edit Device Name** Specifies whether users are allowed to change the device name
--   **Allow Speech Model Update** Specifies whether the device receives updates to the speech recognition and speech synthesis models (to improve accuracy and performance)
-
-### Hardware restrictions
-
-*Applies to: Corporate devices*
-
-Windows 10 Mobile devices use state-of-the-art technology that includes popular hardware features such as cameras, global positioning system (GPS) sensors, microphones, speakers, near-field communication (NFC) radios, storage card slots, USB interfaces, Bluetooth interfaces, cellular radios, and Wi-Fi. You can use hardware restrictions to control the availability of these features.
-
-The following is a list of the MDM settings that Windows 10 Mobile supports to configure hardware restrictions:
-
-> [!NOTE]
-> Some of these hardware restrictions provide connectivity and assist in data protection.
-
--   **Allow NFC:** Specifies whether the NFC radio is enabled
--   **Allow USB Connection:** Specifies whether the USB connection is enabled (doesn’t affect USB charging)
--   **Allow Bluetooth:** Specifies whether users can enable and use the Bluetooth radio on their devices
--   **Allow Bluetooth Advertising:** Specifies whether the device can act as a source for Bluetooth advertisements and be discoverable to other devices
--   **Allow Bluetooth Discoverable Mode:** Specifies whether the device can discover other devices (such as headsets)
--   **Allow Bluetooth pre-pairing** Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device
--   **Bluetooth Services Allowed List:** The list of Bluetooth services and profiles to which the device can connect
--   **Set Bluetooth Local Device Name:** The local Bluetooth device name
--   **Allow Camera:** Specifies whether the camera is enabled
--   **Allow Storage Card:** Specifies whether the storage card slot is enabled
--   **Allow Voice Recording:** Specifies whether the user can use the microphone to create voice recordings
--   **Allow Location:** Specifies whether the device can use the GPS sensor or other methods to determine location so applications can use location information
-
-### Certificates
-
-*Applies to: Personal and corporate devices*
-
-Certificates help improve security by providing account authentication, Wi-Fi authentication, VPN encryption, and SSL encryption of web content. Although users can manage certificates on devices manually, it’s a best practice to use your MDM system to manage those certificates throughout their entire lifecycle – from enrollment through renewal and revocation.
-To install certificates manually, you can post them on Microsoft Edge website or send them directly by using email, which is ideal for testing purposes.
-Using Simple Certificate Enrollment Protocol (SCEP) and MDM systems, certificate management is completely transparent and requires no user intervention, helping improve user productivity, and reduce support calls. Your MDM system can automatically deploy these certificates to the devices’ certificate stores after you enroll the device, as long as the MDM system supports the SCEP or Personal Information Exchange (PFX). The MDM server can also query and delete SCEP enrolled client certificate (including user installed certificates), or trigger a new enrollment request before the current certificate is expired.
-In addition to SCEP certificate management, Windows 10 Mobile supports deployment of PFX certificates. The table below lists the Windows 10 Mobile PFX certificate deployment settings.
-For more detailed information about MDM certificate management, see [Client Certificate Install CSP](./mdm/clientcertificateinstall-csp.md) and [Install digital certificates on Windows 10 Mobile](/windows/access-protection/installing-digital-certificates-on-windows-10-mobile).
-Use the Allow Manual Root Certificate Installation setting to prevent users from manually installing root and intermediate CA certificates intentionally or accidentally.
-
-> [!NOTE]
-> To diagnose certificate-related issues on Windows 10 Mobile devices, use the free Certificates app in Microsoft Store. This Windows 10 Mobile app can help you:
-> -   View a summary of all personal certificates
-> -   View the details of individual certificates
-> -   View the certificates used for VPN, Wi-Fi, and email authentication
-> -   Identify which certificates may have expired
-> -   Verify the certificate path and confirm that you have the correct intermediate and root CA certificates
-> -   View the certificate keys stored in the device TPM
-
-### Wi-Fi profiles
-
-*Applies to: Corporate and personal devices*
-
-Wi-Fi is used on mobile devices as much as, or more than, cellular data connections. Most corporate Wi-Fi networks require certificates and other complex information to restrict and secure user access. This advanced Wi-Fi information is difficult for typical users to configure, but MDM systems can fully configure these Wi-Fi profiles without user intervention.
-You can create multiple Wi-Fi profiles in your MDM system. The Windows 10 Mobile Wi-Fi connection profile settings that can be configured by administrators include:
-
--   **SSID** The case-sensitive name of the Wi-Fi network Service Set Identifier
--   **Security type** The type of security the Wi-Fi network uses; can be one of the following authentication types:
-    -   Open 802.11
-    -   Shared 802.11
-    -   WPA-Enterprise 802.11
-    -   WPA-Personal 802.11
-    -   WPA2-Enterprise 802.11
-    -   WPA2-Personal 802.11
--   **Authentication encryption** The type of encryption the authentication uses; can be one of the following encryption methods:
-    -   None (no encryption)
-    -   Wired Equivalent Privacy
-    -   Temporal Key Integrity Protocol
-    -   Advanced Encryption Standard (AES)
--   **Extensible Authentication Protocol Transport Layer Security (EAP-TLS)** WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use EAP-TLS with certificates for authentication
--   **Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MSCHAPv2)** WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use PEAP-MSCHAPv2 with a user name and password for authentication
--   **Shared key** WPA-Personal 802.11 and WPA2-Personal 802.11 security types can use a shared key for authentication.
--   **Proxy** The configuration of any network proxy that the Wi-Fi connection requires (to specify the proxy server, use its fully qualified domain name [FQDN], Internet Protocol version 4 [IPv4] address, IP version 6 [IPv6] address, or IPvFuture address)
--   **Disable Internet connectivity checks** Whether the Wi-Fi connection should check for Internet connectivity
--   **Proxy auto-configuration URL** A URL that specifies the proxy auto-configuration file
--   **Enable Web Proxy Auto-Discovery Protocol (WPAD)** Specifies whether WPAD is enabled
-
-In addition, you can set the following device wide Wi-Fi settings:
--   **Allow Auto Connect to Wi-Fi Sense Hotspots** Specifies whether the device automatically detects and connects to Wi-Fi networks
--   **Allow Manual Wi-Fi Configuration** Specifies whether the user can manually configure Wi-Fi settings
--   **Allow Wi-Fi** Specifies whether the Wi-Fi hardware is enabled
--   **Allow Internet Sharing** Allows or disallows Internet sharing
--   **WLAN Scan Mode** Specifies how actively the device scans for Wi-Fi networks
-
-For more detailed information about Wi-Fi connection profile settings, see [Wi-Fi CSP](./mdm/wifi-csp.md) and [Policy CSP](./mdm/policy-configuration-service-provider.md).
-
-### APN profiles
-
-*Applies to: Corporate devices*
-
-An Access Point Name (APN) defines network paths for cellular data connectivity. Typically, you define just one APN for a device in collaboration with a mobile operator, but you can define multiple APNs if your company uses multiple mobile operators.
-An APN provides a private connection to the corporate network that is unavailable to other companies on the mobile operator network.
-You can define and deploy APN profiles in MDM systems that configure cellular data connectivity for Windows 10 Mobile. Devices running Windows 10 Mobile can have only one APN profile. The following lists the MDM settings that Windows 10 Mobile supports for APN profiles:
-
--   **APN name** The APN name
--   *IP connection type* The IP connection type; set to one of the following values:
-    - IPv4 only
-    - IPv6 only
-    - IPv4 and IPv6 concurrently
-    - IPv6 with IPv4 provided by 46xlat
--   **LTE attached** Specifies whether the APN should be attached as part of an LTE Attach
--   **APN class ID** The globally unique identifier that defines the APN class to the modem
--   **APN authentication type** The APN authentication type; set to one of the following values:
-    - None
-    - Auto
-    - PAP
-    - CHAP
-    - MSCHAPv2
--   **User name** The user account when users select Password Authentication Protocol (PAP), CHAP, or MSCHAPv2 authentication in APN authentication type
--   **Password** The password for the user account specified in User name
--   **Integrated circuit card ID** The integrated circuit card ID associated with the cellular connection profile
--   **Always on** Specifies whether the connection manager automatically attempts to connect to the APN when it is available
--   **Connection enabled** Specifies whether the APN connection is enabled
--   **Allow user control** Allows users to connect with other APNs than the enterprise APN
--   **Hide view** Specifies whether the cellular UX allows the user to view enterprise APNs
-
-For more detailed information about APN settings, see [APN CSP](./mdm/enterpriseapn-csp.md).
-
-### Proxy
-
-*Applies to: Corporate devices*
-
-The following lists the Windows 10 Mobile settings for managing APN proxy settings for Windows 10 Mobile device connectivity:
-
--   **Connection name** Specifies the name of the connection the proxy is associated with (this is the APN name of a configured connection)
--   **Bypass Local** Specifies whether the proxy should be bypassed when local hosts are accessed by the device
--   **Enable** Specifies whether the proxy is enabled
--   **Exception** Specifies a semi-colon delimited list of external hosts which should bypass the proxy when accessed
--   **User Name** Specifies the username used to connect to the proxy
--   **Password** Specifies the password used to connect to the proxy
--   **Server** Specifies the name of the proxy server
--   **Proxy connection type** The proxy connection type, supporting: Null proxy, HTTP, WAP, SOCKS4
--   **Port** The port number of the proxy connection
-
-For more details on proxy settings, see [CM_ProxyEntries CSP](./mdm/cm-proxyentries-csp.md).
-
-### VPN
-
-*Applies to: Corporate and personal devices*
-
-Organizations often use a VPN to control access to apps and resources on their company’s intranet. In addition to native Microsoft Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Internet Key Exchange Protocol version 2 (IKEv2) VPNs, Windows 10 Mobile supports SSL VPN connections, which require a downloadable plugin from the Microsoft Store and are specific to the VPN vendor of your choice. These plugins work like apps and can be installed directly from the Microsoft Store using your MDM system (see App Management).
-
-You can create and provision multiple VPN connection profiles and then deploy them to managed devices that run Windows 10 Mobile.
-To create a VPN profile that uses native Windows 10 Mobile VPN protocols (such as IKEv2, PPTP, or L2TP), you can use the following settings:
-
--   **VPN Servers** The VPN server for the VPN profile
--   **Routing policy type** The type of routing policy the VPN profile uses can be set to one of the following values:
-    -   Split tunnel: Only network traffic destined to the intranet goes through the VPN connection
-    -   Force tunnel: All traffic goes through the VPN connection
--   **Tunneling protocol type** The tunneling protocol used for VPN profiles that use native Windows 10 Mobile VPN protocols can be one the following values: PPTP, L2TP, IKEv2, Automatic
--   **User authentication method** The user authentication method for the VPN connection can have a value of EAP or MSChapv2 (Windows 10 Mobile does not support the value MSChapv2 for IKEv2-based VPN connections)
--   **Machine certificate** The machine certificate used for IKEv2-based VPN connections
--   **EAP configuration** To create a single sign-on experience for VPN users using certificate authentication, you need to create an Extensible Authentication Protocol (EAP) configuration XML file and include it in the VPN profile
--   **L2tpPsk** The pre-shared key used for an L2TP connection
--   **Cryptography Suite** Enable the selection of cryptographic suite attributes used for IPsec tunneling
-
-> [!NOTE]
-> The easiest way to create a profile for a single sign-on experience with an EAP configuration XML is through the rasphone tool on a Windows 10 PC. Once you run the rasphone.exe, the configuration wizard walks you through the necessary steps. For step-by-step instructions on creating the EAP configuration XML blob, see EAP configuration. You can use the resulting XML blob in the MDM system to create the VPN profile on Windows 10 Mobile phone. If you have multiple certificates on the devices, you may want to configure filtering conditions for automatic certificate selection, so the employee does not need to select an authentication certificate every time the VPN is turned on. See this article for details. Windows 10 for PCs and Windows 10 Mobile have the same VPN client.
-
-Microsoft Store–based VPN plugins for the VPN connection allow you to create a VPN plugin profile with the following attributes:
-
--   **VPN server** A comma-separated list of VPN servers; you can specify the servers with a URL, fully qualified host name, or IP address
--   **Custom configuration** An HTML-encoded XML blob for SSL–VPN plugin–specific configuration information (such as authentication information) that the plugin provider requires
--   **Microsoft Store VPN plugin family name** Specifies the Microsoft Store package family name for the Microsoft Store–based VPN plugin
-
-In addition, you can specify per VPN profile:
-
--   **App Trigger List** You can add an App Trigger List to every VPN profile. The app specified in the list automatically triggers the VPN profile for intranet connectivity. When multiple VPN profiles are needed to serve multiple apps, the operating system automatically establishes the VPN connection when the user switches between apps. Only one VPN connection at a time can be active. In the event the device drops the VPN connection, Windows 10 Mobile automatically reconnects to the VPN without user intervention.
--   **Route List** List of routes to be added to the routing table for the VPN interface. This is required for split tunneling cases where the VPN server site has more subnets that the default subnet based on the IP assigned to the interface.
--   **Domain Name Information List** Name Resolution Policy Table (NRPT) rules for the VPN profile.
--   **Traffic Filter List** Specifies a list of rules. Only traffic that matches these rules can be sent via the VPN Interface.
--   **DNS suffixes** A comma-separated list of DNS suffixes for the VPN connection. Any DNS suffixes in this list are automatically added to Suffix Search List.
--   **Proxy** Any post-connection proxy support required for the VPN connection; including Proxy server name and Automatic proxy configuration URL. Specifies the URL for automatically retrieving proxy server settings.
--   **Always on connection** Windows 10 Mobile features always-on VPN, which makes it possible to automatically start a VPN connection when a user signs in. The VPN stays connected until the user manually disconnects it.
--   **Remember credentials** Specifies whether the VPN connection caches credentials.
--   **Trusted network detection** A comma-separated list of trusted networks that causes the VPN not to connect when the intranet is directly accessible (Wi-Fi).
--   **Enterprise Data Protection Mode ID** Enterprise ID, which is an optional field that allows the VPN to automatically trigger based on an app defined with a Windows Information Protection policy.
--   **Device Compliance** To set up Azure AD-based Conditional Access for VPN and allow that SSO with a certificate different from the VPN Authentication certificate for Kerberos Authentication in the case of Device Compliance.
--   **Lock Down VPN profile** A Lock Down VPN profile has the following characteristics:
-    -   It is an always-on VPN profile.
-    -   It can never be disconnected.
-    -   If the VPN profile is not connected, the user has no network connectivity.
-    -   No other VPN profiles can be connected or modified.
--   **ProfileXML** In case your MDM system does not support all the VPN settings you want to configure, you can create an XML file that defines the VPN profile you want to apply to all the fields you require.
-
-For more details about VPN profiles, see [VPNv2 CSP](./mdm/vpnv2-csp.md).
-
-Some device-wide settings for managing VPN connections can help you manage VPNs over cellular data connections, which in turn helps reduce costs associated with roaming or data plan charges:
--   **Allow VPN** Specifies whether users can change VPN settings
--   **Allow VPN Over Cellular** Specifies whether users can establish VPN connections over cellular networks
--   **Allow VPN Over Cellular when Roaming** Specifies whether users can establish VPN connections over cellular networks when roaming
-
-### Storage management
-
-*Applies to: Corporate and personal devices*
-
-Protecting the apps and data stored on a device is critical to device security. One method for helping protect your apps and data is to encrypt internal device storage. The [device encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) in Windows 10 Mobile helps protect corporate data against unauthorized access, even when an unauthorized user has physical possession of the device.
-
-Windows 10 Mobile also has the ability to install apps on a secure digital (SD) card. The operating system stores apps on a partition specifically designated for that purpose. This feature is always on so you don’t need to set a policy explicitly to enable it.
-
-The SD card is uniquely paired with a device. No other devices can see the apps or data on the encrypted partition, but they can access the data stored on the unencrypted partition of the SD card, such as music or photos. This gives users the flexibility to use an SD card while still protecting the confidential apps and data on it.
-
-You can disable the **Allow Storage Card** setting if you wish to prevent users from using SD cards entirely. If you choose not to encrypt storage, you can help protect your corporate apps and data by using the Restrict app data to the system volume and Restrict apps to the system volume settings. These help ensure that users cannot copy your apps and data to SD cards.
-
-Here is a list of MDM storage management settings that Windows 10 Mobile provides:
-
--   **Allow Storage Card** Specifies whether the use of storage cards for data storage is allowed
--   **Require Device Encryption** Specifies whether internal storage is encrypted (when a device is encrypted, you cannot use a policy to turn encryption off)
--   **Encryption method** Specifies the BitLocker drive encryption method and cipher strength; can be one of the following values:
-    -   AES-Cipher Block Chaining (CBC) 128-bit
-    -   AES-CBC 256-bit
-    -   XEX-based tweaked-codebook mode with cipher text stealing (XTS)–AES (XTS-AES) 128-bit (this is the default)
-    -   XTS-AES-256-bit
--   **Allow Federal Information Processing Standard (FIPS) algorithm policy** Specifies whether the device allows or disallows the FIPS algorithm policy
--   **SSL cipher suites** Specifies a list of the allowed cryptographic cipher algorithms for SSL connections
--   **Restrict app data to the system volume** Specifies whether app data is restricted to the system drive
--   **Restrict apps to the system volume** Specifies whether apps are restricted to the system drive
-
-
-## Apps
-
-*Applies to: Corporate and personal devices*
-
-User productivity on mobile devices is often driven by apps.
-
-Windows 10 makes it possible to develop apps that work seamlessly across multiple devices using the Universal Windows Platform (UWP) for Windows apps. UWP converges the application platform for all devices running Windows 10 so that apps run without modification on all editions of Windows 10. This saves developers both time and resources, helping deliver apps to mobile users more quickly and efficiently. This write-once, run-anywhere model also boosts user productivity by providing a consistent, familiar app experience on any device type.
-
-For compatibility with existing apps, Windows Phone 8.1 apps still run on Windows 10 Mobile devices, easing the migration to the newest platform. Microsoft recommend migrating your apps to UWP to take full advantage of the improvements in Windows 10 Mobile. In addition, bridges have been developed to easily and quickly update existing Windows Phone 8.1 (Silverlight) and iOS apps to the UWP.
-
-Microsoft also made it easier for organizations to license and purchase UWP apps via Microsoft Store for Business and deploy them to employee devices using the Microsoft Store, or an MDM system, that can be integrated with the Microsoft Store for Business. Putting apps into the hands of mobile workers is critical, but you also need an efficient way to ensure those apps comply with corporate policies for data security.
-
-To learn more about Universal Windows apps, see the [Guide to Universal Windows Platform (UWP) apps](/windows/uwp/get-started/universal-application-platform-guide) for additional information, or take this [Quick Start Challenge: Universal Windows Apps in Visual Studio](https://mva.microsoft.com/en-US/training-courses/quick-start-challenge-universal-windows-apps-in-visual-studio-14477?l=Be2FMfgmB_505192797). Also, see [Porting apps to Windows 10](/windows/uwp/porting/).
-
-### Microsoft Store for Business: Sourcing the right app
-
-*Applies to: Corporate and personal devices*
-
-The first step in app management is to obtain the apps your users need. You can develop your own apps or source your apps from the Microsoft Store. With Windows Phone 8.1, an MSA was needed to acquire and install apps from the Microsoft Store. With the Microsoft Store for Business, Microsoft enables organizations to acquire apps for employees from a private store with the Microsoft Store, without the need for MSAs on Windows 10 devices.
-
-Microsoft Store for Business is a web portal that allows IT administrators to find, acquire, manage, and distribute apps to Windows 10 devices.
-
-Azure AD authenticated managers have access to Microsoft Store for Business functionality and settings, and store managers can create a private category of apps that are specific and private to their organization. (You can get more details about what specific Azure AD accounts have access to Microsoft Store for Business here). Microsoft Store for Business enables organizations to purchase app licenses for their organization and make apps available to their employees. In addition to commercially available apps, your developers can publish line-of-business (LOB) apps to Microsoft Store for Business by request. You can also integrate their Microsoft Store for Business subscriptions with their MDM systems, so the MDM system can distribute and manage apps from Microsoft Store for Business.
-
-Microsoft Store for Business supports app distribution under two licensing models: online and offline.
-
-The online model (store-managed) is the recommended method, and supports both personal device and corporate device management scenarios. To install online apps, the device must have Internet access at the time of installation. On corporate devices, an employee can be authenticated with an Azure AD account to install online apps. On personal devices, an employee must register their device with Azure AD to be able to install corporate licensed online apps.
-Corporate device users can find company licensed apps in the Store app on their phone in a private catalog. When an MDM system is associated with the Store for Business, IT administrators can present Store apps within the MDM system App Catalog where users can find and install their desired apps. IT administrators can also push required apps directly to employee devices without the employee’s intervention.
-
-Employees with personal devices can install apps licensed by their organization using the Store app on their device. They can use either the Azure AD account or Microsoft Account within the Store app if they wish to purchase personal apps. If you allow employees with corporate devices to add a secondary Microsoft Account (MSA), the Store app on the device provides a unified method for installing personal and corporate apps.
-
-Online licensed apps do not need to be transferred or downloaded from the Microsoft Store to the MDM system to be distributed and managed. When an employee chooses a company-owned app, it's automatically installed from the cloud. Also, apps are automatically updated when a new version is available or can be removed if needed. When an app is removed from a device by the MDM system or the user, Microsoft Store for Business reclaims the license so it can be used for another user or on another device.
-
-To distribute an app offline (organization-managed), the app must be downloaded from the Microsoft Store for Business. This can be accomplished in the Microsoft Store for Business portal by an authorized administrator. Offline licensing requires the app developer to opt-in to the licensing model, as the Microsoft Store is no longer able to track licenses for the developer. If the app developer doesn’t allow download of the app from Microsoft Store, then you must obtain the files directly from the developer or use the online licensing method.
-
-To install acquired Microsoft Store or LOB apps offline on a Windows 10 Mobile device, IT administrators can use an MDM system. The MDM system distributes the app packages that you downloaded from Microsoft Store (also called sideloading) to Windows 10 Mobile devices. Support for offline app distribution depends on the MDM system you are using, so consult your MDM vendor documentation for details. You can fully automate the app deployment process so that no user intervention is required.
-
-Microsoft Store apps or LOB apps that have been uploaded to the Microsoft Store for Business are automatically trusted on all Windows devices, as they are cryptographically signed with Microsoft Store certificates. LOB apps that are uploaded to the Microsoft Store for Business are private to your organization and are never visible to other companies or consumers. If you do not want to upload your LOB apps, you have to establish trust for the app on your devices. To establish this trust, you’ll need to generate a signing certificate with your Public Key Infrastructure and add your chain of trust to the trusted certificates on the device (see the certificates section). You can install up to 20 self-signed LOB apps per device with Windows 10 Mobile. To install more than 20 apps on a device, you can purchase a signing certificate from a trusted public Certificate Authority, or upgrade your devices to Windows 10 edition.
-
-For more information, see [Microsoft Store for Business](/microsoft-store/index).
-
-### Managing apps
-
-*Applies to: Corporate devices*
-
-IT administrators can control which apps are allowed to be installed on Windows 10 Mobile devices and how they should be kept up-to-date.
-
-Windows 10 Mobile includes AppLocker, which enables administrators to create allow or disallow lists of apps from the Microsoft Store. This capability extends to built-in apps, as well, such as Xbox, Groove, text messaging, email, and calendar, etc. The ability to allow or deny apps helps to ensure that people use their mobile devices for their intended purposes. However, it is not always an easy approach to find a balance between what employees need or request and security concerns. Creating allow or disallow lists also requires keeping up with the changing app landscape in the Microsoft Store.
-
-For more information, see [AppLocker CSP](./mdm/applocker-csp.md).
-
-In addition to controlling which apps are allowed, IT professionals can also implement additional app management settings on Windows 10 Mobile, using an MDM:
-
--   **Allow All Trusted Apps** Specifies whether users can sideload apps on the device.
--   **Allow App Store Auto Update** Specifies whether automatic updates of apps from Microsoft Store are allowed.
--   **Allow Developer Unlock** Specifies whether developer unlock is allowed.
--   **Allow Shared User App Data** Specifies whether multiple users of the same app can share data.
--   **Allow Store** Specifies whether Microsoft Store app is allowed to run. This completely blocks the user from installing apps from the Store, but still allows app distribution through an MDM system.
--   **Application Restrictions** An XML blob that defines the app restrictions for a device. The XML blob can contain an app allow or deny list. You can allow or deny apps based on their app ID or publisher. See AppLocker above.
--   **Disable Store Originated Apps** Disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded before the policy was applied.
--   **Require Private Store Only** Specifies whether the private store is exclusively available to users in the Store app on the device. If enabled, only the private store is available. If disabled, the retail catalog and private store are both available.
--   **Restrict App Data to System Volume** Specifies whether app data is allowed only on the system drive or can be stored on an SD card.
--   **Restrict App to System Volume** Specifies whether app installation is allowed only to the system drive or can be installed on an SD card.
--   **Start screen layout** An XML blob used to configure the Start screen (for more information, see [Start layout for Windows 10 Mobile](/windows/configuration/mobile-devices/start-layout-xml-mobile)).
-
-Find more details on application management options in the [Policy CSP](./mdm/policy-configuration-service-provider.md).
-
-### Data leak prevention
-
-*Applies to: Corporate and personal devices*
-
-One of the biggest challenges in protecting corporate information on mobile devices is keeping that data separate from personal data. Most solutions available to create this data separation require users to login in with a separate username and password to a container that stores all corporate apps and data, an experience that degrades user productivity.
-
-Windows 10 Mobile includes Windows Information Protection to transparently keep corporate data protected and personal data private. It automatically tags personal and corporate data and applies policies for those apps that can access data classified as corporate. This includes when data is at rest on local or removable storage. Because corporate data is always protected, users cannot copy it to public locations like social media or personal email.
-
-Windows Information Protection works with all apps, which are classified into two categories: enlightened and unenlightened. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on policies. Corporate data is encrypted at all times and any attempt to copy/paste or share this information with non-corporate apps or users fails. Unenlightened apps consider all data corporate and encrypt everything by default.
-
-Any app developed on the UWA platform can be enlightened. Microsoft has made a concerted effort to enlighten several of its most popular apps, including:
--   Microsoft Edge
--   Microsoft People
--   Mobile Office apps (Word, Excel, PowerPoint, and OneNote)
--   Outlook Mail and Calendar
--   Microsoft Photos
--   Microsoft OneDrive
--   Groove Music
--   Microsoft Movies & TV
--   Microsoft Messaging
-
-The following table lists the settings that can be configured for Windows Information Protection:
--   **Enforcement level*** Set the enforcement level for information protection:
-    -   Off (no protection)
-    -   Silent mode (encrypt and audit only)
-    -   Override mode (encrypt, prompt, and audit)
-    -   Block mode (encrypt, block, and audit)
--   **Enterprise protected domain names*** A list of domains used by the enterprise for its user identities. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected.
--   **Allow user decryption** Allows the user to decrypt files. If not allowed, the user is not able to remove protection from enterprise content through the OS or app user experience.
--   **Require protection under lock configuration** Specifies whether the protection under lock feature (also known as encrypt under PIN) should be configured.
--   **Data recovery certificate*** Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent (DRA) certificate for encrypting file system (EFS), only delivered through MDM instead of Group Policy.
--   **Revoke on unenroll** Specifies whether to revoke the information protection keys when a device unenrolls from the management service.
--   **RMS template ID for information protection** Allows the IT admin to configure the details about who has access to RMS-protected files and for how long.
--   **Allow Azure RMS for information protection** Specifies whether to allow Azure RMS encryption for information protection.
--   **Show information protection icons** Determines whether overlays are added to icons for information protection secured files in web browser and enterprise-only app tiles in the **Start** menu.
--   **Status** A read-only bit mask that indicates the current state of information protection on the device. The MDM service can use this value to determine the current overall state of information protection.
--   **Enterprise IP Range*** The enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers is considered part of the enterprise and protected.
--   **Enterprise Network Domain Names*** the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device is considered enterprise data and is protected.
--   **Enterprise Cloud Resources** A list of Enterprise resource domains hosted in the cloud that need to be protected.
-
-* Mandatory Windows Information Protection policies. To make Windows Information Protection functional, AppLocker and network isolation settings (specifically Enterprise IP Range and Enterprise Network Domain Names) must be configured. This defines the source of all corporate data that needs protection and also ensures data written to these locations won’t be encrypted by the user’s encryption key so that others in the company can access it.
-
-For more information on Windows Information Protection, see the [EnterpriseDataProtection CSP](./mdm/enterprisedataprotection-csp.md) and the following in-depth article series [Protect your enterprise data using Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip).
-
-### Managing user activities
-
-*Applies to: Corporate devices*
-
-On corporate devices, some user activities expose corporate data to unnecessary risk. For example, users might create a screen capture of corporate information out of an internal LOB app. To mitigate the risk, you can restrict the Windows 10 Mobile user experience to help protect corporate data and prevent data leaks. The following demonstrates those capabilities that can be used to help prevent data leaks:
-
--   **Allow copy and paste** Specifies whether users can copy and paste content
--   **Allow Cortana** Specifies whether users can use Cortana on the device (where available)
--   **Allow device discovery** Specifies whether the device discovery user experience is available on the lock screen (for example, controlling whether a device could discover a projector [or other devices] when the lock screen is displayed)
--   **Allow input personalization** Specifies whether personally identifiable information can leave the device or be saved locally (e.g., Cortana learning, inking, dictation)
--   **Allow manual MDM unenrollment** Specifies whether users are allowed to delete the workplace account (i.e., unenroll the device from the MDM system)
--   **Allow screen capture** Specifies whether users are allowed to capture screenshots on the device
--   **Allow SIM error dialog prompt** Specifies whether to display a dialog prompt when no SIM card is installed
--   **Allow sync my settings** Specifies whether the user experience settings are synchronized between devices (works with Microsoft accounts only)
--   **Allow toasts notifications above lock screen** Specifies whether users are able to view toast notification on the device lock screen
--   **Allow voice recording** Specifies whether users are allowed to perform voice recordings
--   **Do Not Show Feedback Notifications** Prevents devices from showing feedback questions from Microsoft
--   **Allow Task Switcher** Allows or disallows task switching on the device to prevent visibility of App screen tombstones in the task switcher
--   **Enable Offline Maps Auto Update** Disables the automatic download and update of map data
--   **Allow Offline Maps Download Over Metered Connection** Allows the download and update of map data over metered connections
-
-You can find more details on the experience settings in Policy CSP.
-
-### Microsoft Edge
-
-*Applies to: Corporate and personal devices*
-
-MDM systems also give you the ability to manage Microsoft Edge on mobile devices. Microsoft Edge is the only browser available on Windows 10 Mobile devices. It differs slightly from the desktop version as it does not support Flash or Extensions. Edge is also an excellent PDF viewer as it can be managed and integrates with Windows Information Protection.
-
-The following settings for Microsoft Edge on Windows 10 Mobile can be managed:
-
--   **Allow Browser** Specifies whether users can run Microsoft Edge on the device
--   **Allow Do Not Track headers** Specifies whether Do Not Track headers are allowed
--   **Allow InPrivate** Specifies whether users can use InPrivate browsing
--   **Allow Password Manager** Specifies whether users can use Password Manager to save and manage passwords locally
--   **Allow Search Suggestions in Address Bar** Specifies whether search suggestions are shown in the address bar
--   **Allow Windows Defender SmartScreen** Specifies whether Windows Defender SmartScreen is enabled
--   **Cookies**	Specifies whether cookies are allowed
--   **Favorites** Configure Favorite URLs
--   **First Run URL** The URL to open when a user launches Microsoft Edge for the first time
--   **Prevent Windows Defender SmartScreen Prompt Override** Specifies whether users can override the Windows Defender SmartScreen warnings for URLs
--   **Prevent Smart Screen Prompt Override for Files** Specifies whether users can override the Windows Defender SmartScreen warnings for files
-
-## Manage
-
-In enterprise IT environments, the need for security and cost control must be balanced against the desire to provide users with the latest technologies. Since cyberattacks have become an everyday occurrence, it is important to properly maintain the state of your Windows 10 Mobile devices. IT needs to control configuration settings, keeping them from drifting out of compliance, as well as enforce which devices can access internal applications. Windows 10 Mobile delivers the mobile operations management capabilities necessary to ensure that devices are in compliance with corporate policy.
-
-### Servicing options
-
-#### A streamlined update process
-
-*Applies to: Corporate and personal devices*
-
-Microsoft has streamlined the Windows product engineering and release cycle so new features, experiences, and functionality demanded by the market can be delivered more quickly than ever before. Microsoft plans to deliver two Feature Updates per year (12-month period). Feature Updates establish a Current Branch or CB, and have an associated version.
-
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  BranchVersionRelease Date
                  Current Branch1511November 2015
                  Current Branch for Business1511March 2016
                  Current Branch1607July 2016
                  
-
-Microsoft also delivers and installs monthly updates for security and stability directly to Windows 10 Mobile devices. These Quality Updates, released under Microsoft control via Windows Update, are available for all devices running Windows 10 Mobile. Windows 10 Mobile devices consume Feature Updates and Quality Updates as part of the same standard update process.
-
-Quality Updates are usually smaller than Feature Updates, but the installation process and experience is very similar, though larger updates take more time to install.  Enterprise customers can manage the update experience and process on Windows 10 Mobile devices using an MDM system, after upgrading the devices to Enterprise edition. In most cases, policies to manage the update process apply to both feature and quality updates.
-
-Microsoft aspires to update Windows 10 Mobile devices with the latest updates automatically and without being disruptive for all customers. Out-of-the-box, a Windows 10 Mobile device uses Auto Scan to search for available updates. However, depending on the device’s network and power status, update methods and timing may vary.
-
-
--------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  







                  Network connectionDescriptionAuto ScanAuto DownloadAuto InstallAuto Restart
                  Wi-FiDevice is connected to a personal or corporate Wi-Fi network (no data charges)YesYes/td>
-YesYes – outside of Active Hours (forced restart after 7 days if user postpones restart)
                  CellularDevice is only connected to a cellular network (standard data charges apply)Skips a daily scan if scan was successfully completed in the last 5 daysOnly occurs if update package is small and does not exceed the mobile operator data limit.YesIdem
                  Cellular -- RoamingDevice is only connected to a cellular network and roaming charges applyNoNoNoIdem
                  
-
-#### Keeping track of updates releases
-
-*Applies to: Corporate and Personal devices*
-
-Microsoft publishes new feature updates for Windows 10 and Windows 10 Mobile on a regular basis. The [Windows release information page](https://technet.microsoft.com/windows/release-info) is designed to help you determine if your devices are current with the latest Windows 10 feature and quality updates. The release information published on this page, covers both Windows 10 for PCs and Windows 10 Mobile. In addition, the [Windows update history page](https://windows.microsoft.com/en-us/windows-10/update-history-windows-10) helps you understand what these updates are about.
-
-> [!NOTE]
-> We invite IT Professionals to participate in the Windows Insider Program to test updates before they are officially released to make Windows 10 Mobile even better. If you find any issues, please send us feedback by using the Feedback Hub.
-
-#### Windows as a Service
-
-*Applies to: Corporate and Personal devices*
-
-Microsoft created a new way to deliver and install updates to Windows 10 Mobile directly to devices without Mobile Operator approval. This capability helps to simplify update deployments and ongoing management, broadens the base of employees who can be kept current with the latest Windows features and experiences, and lowers total cost of ownership for organizations who no longer have to manage updates to keep devices secure.
-
-Update availability depends on what servicing option you choose for the device. These servicing options are outlined in the following chart.
-
-
-------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  






                  Servicing optionAvailability of new features for installationMinimum length of servicing lifetimeKey benefitsSupported editions
                  Windows Insider BuildsAs appropriate during development cycle, released to Windows Insiders onlyVariable, until the next Insider build is released to Windows InsidersAllows Insiders to test new feature and application compatibility before a Feature Update is released/td>
-Mobile
                  Current Branch (CB)Immediately after the Feature Update is published to Windows Update by MicrosoftMicrosoft typically releases two Feature Updates per 12-month period (approximately every four months, though it can potentially be longer)Makes new features available to users as soon as possible
                  Current Branch for Business (CBB)A minimum of four months after the corresponding Feature Update is first published to Windows Update by MicrosoftA minimum of four months, though it potentially can be longerNoProvides additional time to test new feature before deployment
                  
-
-#### Enterprise edition
-
-*Applies to: Corporate devices*
-
-While Windows 10 Mobile provides updates directly to user devices from Windows Update, there are many organizations that want to track, test, and schedule updates to corporate devices. To support these requirements, we created the Windows 10 edition.
-
-Upgrading to Windows 10 edition provides additional device and app management capabilities for organizations that want to:
--   **Defer, approve and deploy feature and quality updates:** Windows 10 Mobile devices get updates directly from Windows Update. If you want to curate updates prior to deploying them, an upgrade to Windows 10 edition is required. Once Enterprise edition is enabled, the phone can be set to the Current Branch for Business servicing option, giving IT additional time to test updates before they are released.
--   **Deploy an unlimited number of self-signed LOB apps to a single device:** To use an MDM system to deploy LOB apps directly to devices, you must cryptographically sign the software packages with a code signing certificate that your organization’s certificate authority (CA) generates. You can deploy a maximum of 20 self-signed LOB apps to a Windows 10 Mobile device. To deploy more than 20 self-signed LOB apps, Windows 10 is required.
--   **Set the diagnostic data level:** Microsoft collects diagnostic data to help keep Windows devices secure and to help Microsoft improve the quality of Windows and Microsoft services. An upgrade to Windows 10 Mobile Enterprise edition is required to set the diagnostic data level so that only diagnostic information required to keep devices secured is gathered.
-
-To learn more about diagnostic, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization).
-
-To activate Windows 10 Mobile Enterprise, use your MDM system or a provisioning package to inject the Windows 10 Enterprise license on a Windows 10 Mobile device. Licenses can be obtained from the Volume Licensing portal. For testing purposes, you can obtain a licensing file from the MSDN download center. A valid MSDN subscription is required.
-
-For more information on updating a device to Enterprise edition, see [WindowsLicensing CSP](./mdm/windowslicensing-csp.md).
-
-> [!NOTE]
-> We recommend using Enterprise edition only on corporate devices. Once a device has been upgraded, it cannot be downgraded. Even a device wipe or reset will not remove the enterprise license from personal devices.
-
-#### Deferring and approving updates with MDM
-
-*Applies to: Corporate devices with Enterprise edition*
-
-Once a device is upgraded to Windows 10 Mobile Enterprise edition, you can manage devices that receive updates from Windows Update (or Windows Update for Business) with a set of update policies.
-
-To control Feature Updates, you will need to move your devices to the Current Branch for Business (CBB) servicing option. A device that subscribes to CBB will wait for the next CBB to be published by Microsoft Update. While the device will wait for Feature Updates until the next CBB, Quality Updates will still be received by the device.
-
-To control monthly Quality Update additional deferral policies, need to be set to your desired deferral period. When Quality Updates are available for your Windows 10 Mobile devices from Windows Update, these updates will not install until your deferral period lapses. This gives IT Professionals some time to test the impact of the updates on devices and apps.
-
-Before updates are distributed and installed, you may want to test them for issues or application compatibility. IT pros have the ability require updates to be approved. This enables the MDM administrator to select and approve specific updates to be installed on a device and accept the EULA associated with the update on behalf of the user. Please remember that on Windows 10 Mobile all updates are packaged as a “OS updates” and never as individual fixes.
-
-You may want to choose to handle Quality Updates and Feature Updates in the same way and not wait for the next CBB to be released to your devices. This streamlines the release of updates using the same process for approval and release. You can apply different deferral period by type of update. In version 1607 Microsoft added additional policy settings to enable more granularity to control over updates.
-
-Once updates are being deployed to your devices, you may want to pause the rollout of updates to enterprise devices.
-For example, after you start rolling out a quality update, certain phone models are adversely impacted or users are reporting a specific LOB app is not connecting and updating a database. Problems can occur that did not surface during initial testing.
-IT professionals can pause updates to investigate and remediate unexpected issues.
-
-The following table summarizes applicable update policy settings by version of Windows 10 Mobile.  All policy settings are backward compatible, and will be maintained in future Feature Updates. Consult the documentation of your MDM system to understand support for these settings in your MDM.
-
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  Activity (Policy)Version 1511 settingsVersion 1607 settings
                  Subscribe device to CBB, to defer Feature UpdatesRequireDeferUpgrade
-
-Defers Feature Update until next CBB release. Device receives quality updates from Current Branch for Business (CBB).
-Defers feature update for minimum of 4 months after Current Branch was release.BranchReadinessLevel
-
-Defers Feature Update until next CBB release. Device receives quality updates from Current Branch for Business (CBB).
-Defers feature update for minimum of 4 months after Current Branch was release.
                  Defer UpdatesDeferUpdatePeriod
-
-Defer Quality Updates for 4 weeks or 28 daysDeferQualityUpdatePeriodInDays
-
-Defer Feature and Quality Updates for up to 30 days.
                  Approve UpdatesRequireUpdateApproval
-
-RequireUpdateApproval
-
-
                  Pause Update rollout once an approved update is being deployed, pausing the rollout of the update.PauseDeferrals
-
-Pause Feature Updates for up to 35 daysPauseQualityUpdates
-
-Pause Feature Updates for up to 35 days
                  
-
-#### Managing the update experience
-
-*Applies to: Corporate devices with Enterprise edition*
-
-Set update client experience with [Allowautomaticupdate](./mdm/policy-configuration-service-provider.md) policy for your employees. This allows the IT Pro to influence the way the update client on the devices behaves when scanning, downloading, and installing updates.
-
-This can include:
--   Notifying users prior to downloading updates.
--   Automatically downloading updates, and then notifying users to schedule a restart (this is the default behavior if this policy is not configured).
--   Automatically downloading and restarting devices with user notification.
--   Automatically downloading and restarting devices at a specified time.
--   Automatically downloading and restarting devices without user interaction.
--   Turning off automatic updates. This option should be used only for systems under regulatory compliance. The device does not receive any updates.
-
-In addition, in version 1607, you can configure when the update is applied to the employee device to ensure updates installs or reboots don’t interrupt business or worker productivity. Update installs and reboots can be scheduled [outside of active hours](./mdm/policy-configuration-service-provider.md) (supported values are 0-23, where 0 is 12am, 1 is 1am, and so on) or on a specific [day of the week](./mdm/policy-configuration-service-provider.md) (supported values are 0-7,  where 0 is every day, 1  is Sunday, 2 is Monday, and so on).
-
-#### Managing the source of updates with MDM
-
-*Applies to: Corporate devices with Enterprise edition*
-
-Although Windows 10 Enterprise enables IT administrators to defer installation of new updates from Windows Update, enterprises may also want additional control over update processes. With this in mind, Microsoft created Windows Update for Business. Microsoft designed Windows Update for Business to provide IT administrators with additional Windows Update-centric management capabilities, such as the ability to deploy updates to groups of devices and to define maintenance windows for installing updates. If you are using a MDM system, the use of Windows Update for Business is not a requirement, as you can manage these features from your MDM system.
-
-For more information, see [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb).
-
-IT administrators can specify where the device gets updates from with AllowUpdateService. This could be Microsoft Update, Windows Update for Business, or Windows Server Update Services (WSUS).
-
-#### Managing Updates with Windows Update Server
-
-*Applies to: Corporate devices with Enterprise edition*
-
-When using WSUS, set **UpdateServiceUrl** to allow the device to check for updates from a WSUS server instead of Windows Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet, usually handheld devices used for task completion, or other Windows IoT devices.
-
-For more information, see [managing updates with Windows Server Update Services (WSUS)](/windows/deployment/deploy-whats-new).
-
-#### Querying the device update status
-
-*Applies to: Personal and corporate devices*
-
-In addition to configuring how Windows 10 Mobile Enterprise obtains updates, the MDM administrator can query devices for Windows 10 Mobile update information so that update status can be checked against a list of approved updates:
-
-The device update status query provides an overview of:
--   Installed updates: A list of updates that are installed on the device.
--   Installable updates: A list of updates that are available for installation.
--   Failed updates: A list of updates that failed during installation, including indication of why the update failed.
--   Pending reboot: A list of updates that require a restart to complete update installation.
--   Last successful scan time: The last time a successful update scan was completed.
--   Defer upgrade: Whether the upgrade is deferred until the next update cycle.
-
-### Device health
-
-*Applies to: Personal and corporate devices*
-
-Device Health Attestation (DHA) is another line of defense that is new to Windows 10 Mobile. It can be used to remotely detect devices that lack a secure configuration or have vulnerabilities that could allow them to be easily exploited by sophisticated attacks.
-
-Windows 10 Mobile makes it easy to integrate with Microsoft Intune or third-party MDM solutions for an overall view of device health and compliance. Using these solutions together, you can detect jailbroken devices, monitor device compliance, generate compliance reports, alert users or administrators to issues, initiate corrective action, and manage conditional access to resources like Office 365 or VPN.
-
-The first version of DHA was released in June 2015 for Windows 10 devices that supported TPM 2.0 and operated in an enterprise cloud-based topology. In the Windows 10 anniversary release, DHA capabilities are extended to legacy devices that support TPM 1.2, hybrid, and on-premises environments that have access to the Internet or operate in an air-gapped network.
-
-The health attestation feature is based on Open Mobile Alliance (OMA) standards. IT managers can use DHA to validate devices that:
--   Run Windows 10 operating system (mobile phone or PC)
--   Support Trusted Module Platform (TPM 1.2 or 2.0) in discrete of firmware format
--   Are managed by a DHA-enabled device management solution (Intune or third-party MDM)
--   Operate in cloud, hybrid, on-premises, and BYOD scenarios
-
-DHA-enabled device management solutions help IT managers create a unified security bar across all managed Windows 10 Mobile devices. This allows IT managers to:
--   Collect hardware attested data (highly assured) data remotely
--   Monitor device health compliance and detect devices that are vulnerable or could be exploited by sophisticated attacks
--   Take actions against potentially compromised devices, such as:
--   Trigger corrective actions remotely so offending device is inaccessible (lock, wipe, or brick the device)
--   Prevent the device from getting access to high-value assets (conditional access)
--   Trigger further investigation and monitoring (route the device to a honeypot for further monitoring)
--   Simply alert the user or the admin to fix the issue
-
-> [!NOTE]
-> Windows Device Health Attestation Service can be used for conditional access scenarios that may be enabled by Mobile Device Management solutions (such as Microsoft Intune) and other types of management systems (such as SCCM) purchased separately.
-
-For more information about health attestation in Windows 10 Mobile, see the [Windows 10 Mobile security guide](/windows/device-security/windows-10-mobile-security-guide).
-
-This is a list of attributes that are supported by DHA and can trigger the corrective actions mentioned above:
--   **Attestation Identity Key (AIK) present** Indicates that an AIK is present (i.e., the device can be trusted more than a device without an AIK).
--   **Data Execution Prevention (DEP) enabled** Specifies whether a DEP policy is enabled for the device, indicating that the device can be trusted more than a device without a DEP policy.
--   **BitLocker status** BitLocker helps protect the storage on the device. A device with BitLocker can be trusted more than a device without BitLocker.
--   **Secure Boot enabled** Specifies whether Secure Boot is enabled on the device. A device with Secure Boot enabled can be trusted more than a device without Secure Boot. Secure Boot is always enabled on Windows 10 Mobile devices.
--   **Code integrity enabled** Specifies whether the code integrity of a drive or system file is validated each time it’s loaded into memory. A device with code integrity enabled can be trusted more than a device without code integrity.
--   **Safe mode** Specifies whether Windows is running in safe mode. A device that is running Windows in safe mode isn’t as trustworthy as a device running in standard mode.
--   **Boot debug enabled** Specifies whether the device has boot debug enabled. A device that has boot debug enabled is less secure (trusted) than a device without boot debug enabled.
--   **OS kernel debugging enabled** Specifies whether the device has operating system kernel debugging enabled. A device that has operating system kernel debugging enabled is less secure (trusted) than a device with operating system kernel debugging disabled.
--   **Test signing enabled** Specifies whether test signing is disabled. A device that has test signing disabled is more trustworthy than a device that has test signing enabled.
--   **Boot Manager Version** The version of the Boot Manager running on the device. The HAS can check this version to determine whether the most current Boot Manager is running, which is more secure (trusted).
--   **Code integrity version** Specifies the version of code that is performing integrity checks during the boot sequence. The HAS can check this version to determine whether the most current version of code is running, which is more secure (trusted).
--   **Secure Boot Configuration Policy (SBCP) present** Specifies whether the hash of the custom SBCP is present. A device with an SBCP hash present is more trustworthy than a device without an SBCP hash.
--   **Boot cycle allow list** The view of the host platform between boot cycles as defined by the manufacturer compared to a published allow list. A device that complies with the allow list is more trustworthy (secure) than a device that is noncompliant.
-
-#### Example scenario
-
-Windows 10 mobile has protective measures that work together and integrate with Microsoft Intune or third-party Mobile Device Management (MDM) solutions. IT administrators can monitor and verify compliance to ensure corporate resources are protected end-to–end with the security and trust rooted in the physical hardware of the device.
-
-Here is what occurs when a smartphone is turned on:
-1. Windows 10 Secure Boot protects the boot sequence, enables the device to boot into a defined and trusted configuration, and loads a factory trusted boot loader.
-2. Windows 10 Trusted Boot takes control, verifies the digital signature of the Windows kernel, and the components are loaded and executed during the Windows startup process.
-3. In parallel to Steps 1 and 2, Windows 10 Mobile TPM (Trusted Platform Modules – measured boot) runs independently in a hardware-protected security zone (isolated from boot execution path monitors boot activities) to create an integrity protected and tamper evident audit trail - signed with a secret that is only accessible by TPM.
-4. Devices managed by a DHA-enabled MDM solution send a copy of this audit trail to Microsoft Health Attestation Service (HAS) in a protected, tamper-resistant, and tamper-evident communication channel.
-5. Microsoft HAS reviews the audit trails, issues an encrypted/signed report, and forwards it to the device.
-6. IT managers can use a DHA-enabled MDM solution to review the report in a protected, tamper-resistant and tamper-evident communication channel. They can assess if a device is running in a compliant (healthy) state, allow access, or trigger corrective action aligned with security needs and enterprise policies.
-
-### Asset reporting
-
-*Applies to: Corporate devices with Enterprise edition*
-
-Device inventory helps organizations better manage devices because it provides in-depth information about those devices. MDM systems collect inventory information remotely and provide reporting capabilities to analyze device resources and information. This data informs IT about the current hardware and software resources of the device (such as installed updates).
-
-The following list shows examples of the Windows 10 Mobile software and hardware information that a device inventory provides. In addition to this information, the MDM system can read any of the configuration settings described in this guide:
-
--   **Installed enterprise apps** List of the enterprise apps installed on the device
--   **Device name** The device name configured for the device
--   **Firmware version** Version of firmware installed on the device
--   **Operating system version** Version of the operating system installed on the device
--   **Device local time** Local time on the device
--   **Processor type** Processor type for the device
--   **Device model** Model of the device as defined by the manufacturer
--   **Device manufacturer** Manufacturer of the device
--   **Device processor architecture** Processor architecture for the device
--   **Device language** Language in use on the device
--   **Phone number** Phone number assigned to the device
--   **Roaming status** Indicates whether the device has a roaming cellular connection
--   **International mobile equipment identity (IMEI) and international mobile subscriber identity (IMSI)** Unique identifiers for the cellular connection for the phone (Global System for Mobile Communications networks identify valid devices by using the IMEI, and all cellular networks use the IMSI to identify the device and user)
--   **Wi-Fi IP address** IPv4 and IPv6 addresses currently assigned to the Wi-Fi adapter in the device
--   **Wi-Fi media access control (MAC) address** MAC address assigned to the Wi-Fi adapter in the device
--   **Wi-Fi DNS suffix and subnet mask** DNS suffix and IP subnet mask assigned to the Wi-Fi adapter in the device
--   **Secure Boot state** Indicates whether Secure Boot is enabled
--   **Enterprise encryption policy compliance** Indicates whether the device is encrypted
-
-### Manage diagnostic data
-
-*Applies to: Corporate devices with Windows 10 Mobile Enterprise edition*
-
-Microsoft uses diagnostics, performance, and usage data from Windows devices to help inform decisions and focus efforts to provide the most robust and valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Diagnostic data helps keep Windows devices healthy, improve the operating system, and personalize features and services.
-
-You can control the level of data that diagnostic data systems collect. To configure devices, specify one of these levels in the Allow Telemetry setting with your MDM system.
-
-For more information, see [Configure Windows diagnostic data in Your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization).
-
-> [!NOTE]
-> Diagnostic data can only be managed when the device is upgraded to Windows 10 Mobile Enterprise edition.
-
-### Remote assistance
-
-*Applies to: Personal and corporate devices*
-
-The remote assistance features in Windows 10 Mobile help resolve issues that users might encounter even when the help desk does not have physical access to the device. These features include:
--   **Remote lock** Support personnel can remotely lock a device. This ability can help when a user loses his or her mobile device and can retrieve it, but not immediately (such as leaving the device at a customer site).
--   **Remote PIN reset** Support personnel can remotely reset the PIN, which helps when users forget their PIN and are unable to access their device. No corporate or user data is lost and users are able to quickly gain access to their devices.
--   **Remote ring** Support personnel can remotely make devices ring. This ability can help users locate misplaced devices and, in conjunction with the Remote Lock feature, help ensure that unauthorized users are unable to access the device if they find it.
--   **Remote find** Support personnel can remotely locate a device on a map, which helps identify the geographic location of the device. Remote find parameters can be configured via phone settings (see table below). The remote find feature returns the most current latitude, longitude, and altitude of the device.
-
-**Remote assistance policies**
--   **Desired location accuracy** The desired accuracy as a radius value in meters; has a value between 1 and 1,000 meters
--   **Maximum remote find** Maximum length of time in minutes that the server will accept a successful remote find; has a value between 0 and 1,000 minutes
--   **Remote find timeout** The number of seconds devices should wait for a remote find to finish; has a value between 0 and 1,800 seconds
-
-These remote management features help organizations reduce the IT effort required to manage devices. They also help users quickly regain use of their device should they misplace it or forget the device password.
-
-> [!NOTE]
-> Microsoft does not provide build-in remote control software, but works with partners to deliver these capabilities and services. With version 1607, remote assistant and control applications are available in the Microsoft Store.
-
-## Retire
-
-*Applies to: Corporate and Personal devices*
-
-Device retirement is the last phase of the device lifecycle, which in today’s business environment averages about 18 months. After that time period, employees want the productivity and performance improvements that come with the latest hardware. It’s important that devices being replaced with newer models are securely retired since you don’t want any company data to remain on discarded devices that could compromise the confidentiality of your data. This is typically not a problem with corporate devices, but it can be more challenging in a personal device scenario. You need to be able to selectively wipe all corporate data without impacting personal apps and data on the device. IT also needs a way to adequately support users who need to wipe devices that are lost or stolen.
-
-Windows 10 Mobile IT supports device retirement in both personal and corporate scenarios, allowing IT to be confident that corporate data remains confidential and user privacy is protected.
-
-> [!NOTE]
-> All these MDM capabilities are in addition to the device’s software and hardware factory reset features, which employees can use to restore devices to their factory configuration.
-
-**Personal devices:** Windows 10 mobile supports the USA regulatory requirements for a “kill switch” in case your phone is lost or stolen. Reset protection is a free service on account.microsoft.com that helps ensure that the phone cannot be easily reset and reused. All you need to do to turn on **Reset Protection** is sign in with your Microsoft account and accept the recommended settings. To manually turn it on, you can find it under Settings > Updates & security > Find my phone. At this point, Reset Protection is only available with an MSA, not with Azure AD account. It is also only available in the USA and not in other regions of the world.
-
-If you choose to completely wipe a device when lost or when an employee leaves the company, make sure you obtain consent from the user and follow any local legislation that protects the user’s personal data.
-
-A better option than wiping the entire device is to use Windows Information Protection to clean corporate-only data from a personal device. As explained in the Apps chapter, all corporate data is tagged and when the device is unenrolled from your MDM system of your choice, all enterprise encrypted data, apps, settings and profiles are immediately removed from the device without affecting the employee’s existing personal data. A user can initiate unenrollment via the settings screen or unenrollment action can be taken by IT from within the MDM management console. Unenrollment is a management event and is reported to the MDM system.
-
-**Corporate device:** You can certainly remotely expire the user’s encryption key in case of device theft, but please remember that also makes the encrypted data on other Windows devices unreadable for the user. A better approach for retiring a discarded or lost device is to execute a full device wipe. The help desk or device users can initiate a full device wipe. When the wipe is complete, Windows 10 Mobile returns the device to a clean state and restarts the OOBE process.
-
-**Settings for personal or corporate device retirement**
--   **Allow manual MDM unenrollment** Specifies whether users are allowed to delete the workplace account (unenroll the device from the MDM system)
--   **Allow user to reset phone** Specifies whether users are allowed to use Settings or hardware key combinations to return the device to factory defaults
-
-
-## Related topics
-
-- [Mobile device management](./mdm/index.md)
-- [Enterprise Mobility + Security](https://go.microsoft.com/fwlink/p/?LinkId=723984)
-- [Overview of Mobile Device Management for Office 365](/microsoft-365/admin/basic-mobility-security/overview)
-- [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=722910)
-
-
-## Revision History
-
--   November 2015   Updated for Windows 10 Mobile (version 1511)
--   August 2016     Updated for Windows 10 Mobile Anniversary Update (version 1607)
diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md
index ef2b5a09cc..2c423bfbc7 100644
--- a/windows/client-management/windows-10-support-solutions.md
+++ b/windows/client-management/windows-10-support-solutions.md
@@ -16,7 +16,7 @@ ms.topic: troubleshooting
 
 Microsoft regularly releases both updates for Windows Server. To ensure your servers can receive future updates, including security updates, it's important to keep your servers updated. Check out - [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/en-us/help/4000825/windows-10-windows-server-2016-update-history) for a complete list of released updates.
 
-This section contains advanced troubleshooting topics and links to help you resolve issues with Windows 10 in an enterprise or IT pro environment. Additional topics will be added as they become available.
+This section contains advanced troubleshooting topics and links to help you resolve issues with Windows 10 in an enterprise or IT pro environment. More topics will be added as they become available.
 
 ## Troubleshoot 802.1x Authentication
 - [Advanced Troubleshooting 802.1X Authentication](./advanced-troubleshooting-802-authentication.md)
@@ -24,12 +24,12 @@ This section contains advanced troubleshooting topics and links to help you reso
 
 ## Troubleshoot BitLocker
 - [Guidelines for troubleshooting BitLocker](/windows/security/information-protection/bitlocker/troubleshoot-bitlocker)
-- [BitLocker cannot encrypt a drive: known issues](/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues)
+- [BitLocker can't encrypt a drive: known issues](/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues)
 - [Enforcing BitLocker policies by using Intune: known issues](/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues)
 - [BitLocker Network Unlock: known issues](/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues)
 - [BitLocker recovery: known issues](/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues)
 - [BitLocker configuration: known issues](/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues)
-- [BitLocker cannot encrypt a drive: known TPM issues](/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues)
+- [BitLocker can't encrypt a drive: known TPM issues](/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues)
 - [BitLocker and TPM: other known issues](/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues)
 - [Decode Measured Boot logs to track PCR changes](/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs)
 - [BitLocker frequently asked questions (FAQ)](/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions)
@@ -110,7 +110,7 @@ This section contains advanced troubleshooting topics and links to help you reso
 - [Windows Update log files](/windows/deployment/update/windows-update-logs)
 - [Windows Update troubleshooting](/windows/deployment/update/windows-update-troubleshooting)
 - [Windows Update common errors and mitigation](/windows/deployment/update/windows-update-errors)
-- [Windows Update - Additional resources](/windows/deployment/update/windows-update-resources)
+- [Windows Update - More resources](/windows/deployment/update/windows-update-resources)
 - [Get started with Windows Update](/windows/deployment/update/windows-update-overview)
 - [Servicing stack updates](/windows/deployment/update/servicing-stack-updates)
 
diff --git a/windows/client-management/windows-libraries.md b/windows/client-management/windows-libraries.md
index a287d48be1..5db8c1238b 100644
--- a/windows/client-management/windows-libraries.md
+++ b/windows/client-management/windows-libraries.md
@@ -10,11 +10,11 @@ ms.technology: storage
 ms.topic: article
 author: dansimp
 description: All about Windows Libraries, which are containers for users' content, such as Documents and Pictures.
-ms.date: 04/19/2017
+ms.date: 09/15/2021
 ---
 # Windows libraries
 
-> Applies to: Windows 10, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
+> Applies to: Windows 10, Windows 11, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
 
 Libraries are virtual containers for users’ content. A library can contain files and folders stored on the local computer or in a remote storage location. In Windows Explorer, users interact with libraries in ways similar to how they would interact with other folders. Libraries are built upon the legacy known folders (such as My Documents, My Pictures, and My Music) that users are familiar with, and these known folders are automatically included in the default libraries and set as the default save location.
 
diff --git a/windows/client-management/windows-version-search.md b/windows/client-management/windows-version-search.md
index 29a781be98..52a2fb766d 100644
--- a/windows/client-management/windows-version-search.md
+++ b/windows/client-management/windows-version-search.md
@@ -1,7 +1,7 @@
 ---
 title: What version of Windows am I running?
-description: Discover which version of Windows you are running to determine whether or not your device is enrolled in the Long-Term Servicing Channel or Semi-Annual Channel.
-keywords: Long-Term Servicing Channel, LTSC, LTSB, Semi-Annual Channel, SAC, Windows, version, OS Build
+description: Discover which version of Windows you are running to determine whether or not your device is enrolled in the Long-Term Servicing Channel or General Availability Channel.
+keywords: Long-Term Servicing Channel, LTSC, LTSB, General Availability Channel, GAC, Windows, version, OS Build
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -15,37 +15,37 @@ ms.topic: troubleshooting
 
 # What version of Windows am I running?
 
-To determine if your device is enrolled in the [Long-Term Servicing Channel](/windows/deployment/update/waas-overview#servicing-channels) (LTSC, formerly LTSB) or the [Semi-Annual Channel](/windows/deployment/update/waas-overview#servicing-channels) (SAC) you'll need to know what version of Windows 10 you're running. There are a few ways to figure this out. Each method provides a different set of details, so it’s useful to learn about all of them. 
+To determine if your device is enrolled in the [Long-Term Servicing Channel](/windows/deployment/update/waas-overview#servicing-channels) (LTSC, formerly LTSB) or the [General Availability Channel](/windows/deployment/update/waas-overview#servicing-channels) (SAC) you'll need to know what version of Windows 10 you're running. There are a few ways to figure this out. Each method provides a different set of details, so it’s useful to learn about all of them. 
 
 ## System Properties
 Click **Start** > **Settings** > **System** > click **About** from the bottom of the left-hand menu
 
 You'll now see **Edition**, **Version**, and **OS Build** information. Something like this:
 
-![screenshot of the system properties window for a device running Windows 10](images/systemcollage.png)
+![screenshot of the system properties window for a device running Windows 10.](images/systemcollage.png)
 
 ## Using Keyword Search
 You can simply type the following in the search bar and press **ENTER** to see version details for your device. 
 
 **“winver”**
 
-![screenshot of the About Windows display text](images/winver.png)
+![screenshot of the About Windows display text.](images/winver.png)
 
 **“msinfo”** or **"msinfo32"** to open **System Information**:
 
-![screenshot of the System Information display text](images/msinfo32.png)
+![screenshot of the System Information display text.](images/msinfo32.png)
 
 ## Using Command Prompt or PowerShell
 At the Command Prompt or PowerShell interface, type **"systeminfo | findstr /B /C:"OS Name" /B /C:"OS Version"** and then press **ENTER**
 
-![screenshot of system information display text](images/refcmd.png)
+![screenshot of system information display text.](images/refcmd.png)
 
 At the Command Prompt or PowerShell, type **"slmgr /dlv"**, and then press ENTER. The /dlv command displays the detailed licensing information. Notice the output displays "EnterpriseS" as seen in the image below:
 
-![screenshot of software licensing manager](images/slmgr_dlv.png)
+![screenshot of software licensing manager.](images/slmgr_dlv.png)
 
 ## What does it all mean?
 
 The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This build of Windows doesn’t contain many in-box applications, such as Microsoft Edge, Microsoft Store, Cortana (you do have some limited search capabilities), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. It’s important to remember that the LTSC model is primarily for specialized devices.
 
-In the Semi-Annual Channel, you can set feature updates as soon as Microsoft releases them. This servicing modal is ideal for pilot deployments and to test Windows 10 feature updates and for users like developers who need to work with the latest features immediately. Once you've tested the latest release, you can choose when to roll it out broadly in your deployment.
\ No newline at end of file
+In the General Availability Channel, you can set feature updates as soon as Microsoft releases them. This servicing modal is ideal for pilot deployments and to test Windows 10 feature updates and for users like developers who need to work with the latest features immediately. Once you've tested the latest release, you can choose when to roll it out broadly in your deployment.
\ No newline at end of file
diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml
index 867a205b26..24868ba91e 100644
--- a/windows/configuration/TOC.yml
+++ b/windows/configuration/TOC.yml
@@ -1,24 +1,40 @@
-- name: Configure Windows 10
+- name: Configure Windows client
   href: index.yml
-- name: Configure appearance settings
+- name: Customize the appearance
   items:
+    - name: Windows 11
+      items:
+        - name: Start menu
+          items:
+          - name: Customize Start menu layout
+            href: customize-start-menu-layout-windows-11.md
+          - name: Supported Start menu CSPs
+            href: supported-csp-start-menu-layout-windows.md
+        - name: Taskbar
+          items:
+          - name: Customize Taskbar
+            href: customize-taskbar-windows-11.md
+          - name: Supported Taskbar CSPs
+            href: supported-csp-taskbar-windows.md
     - name: Windows 10 Start and taskbar
       items:
-        - name: Manage Windows 10 Start and taskbar layout
+        - name: Start layout and taskbar
           href: windows-10-start-layout-options-and-policies.md
-        - name: Configure Windows 10 taskbar
-          href: configure-windows-10-taskbar.md
-        - name: Customize and export Start layout
-          href: customize-and-export-start-layout.md
-        - name: Add image for secondary tiles
-          href: start-secondary-tiles.md
-        - name: Start layout XML for desktop editions of Windows 10 (reference)
-          href: start-layout-xml-desktop.md
-        - name: Customize Windows 10 Start and taskbar with Group Policy
+        - name: Use XML
+          items: 
+          - name: Customize and export Start layout
+            href: customize-and-export-start-layout.md
+          - name: Customize the taskbar
+            href: configure-windows-10-taskbar.md
+          - name: Add image for secondary Microsoft Edge tiles
+            href: start-secondary-tiles.md
+          - name: Start layout XML for Windows 10 desktop editions (reference)
+            href: start-layout-xml-desktop.md
+        - name: Use group policy
           href: customize-windows-10-start-screens-by-using-group-policy.md
-        - name: Customize Windows 10 Start and taskbar with provisioning packages
+        - name: Use provisioning packages
           href: customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
-        - name: Customize Windows 10 Start and taskbar with mobile device management (MDM)
+        - name: Use mobile device management (MDM)
           href: customize-windows-10-start-screens-by-using-mobile-device-management.md
         - name: Troubleshoot Start menu errors
           href: start-layout-troubleshoot.md
@@ -46,17 +62,15 @@
       href: kiosk-methods.md
     - name: Prepare a device for kiosk configuration
       href: kiosk-prepare.md
-    - name: Set up digital signs on Windows 10
+    - name: Set up digital signs
       href: setup-digital-signage.md
     - name: Set up a single-app kiosk
       href: kiosk-single-app.md
     - name: Set up a multi-app kiosk
       href: lock-down-windows-10-to-specific-apps.md
-    - name: Set up a shared or guest PC with Windows 10
+    - name: Set up a shared or guest PC
       href: set-up-shared-or-guest-pc.md
-    - name: Set up a kiosk on Windows 10 Mobile 
-      href: mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md 
-    - name: Additional kiosk reference information
+    - name: Kiosk reference information
       items:
         - name: More kiosk methods and reference information
           href: kiosk-additional-reference.md
@@ -72,9 +86,9 @@
           href: kiosk-xml.md
         - name: Use AppLocker to create a Windows 10 kiosk
           href: lock-down-windows-10-applocker.md
-        - name: Use Shell Launcher to create a Windows 10 kiosk
+        - name: Use Shell Launcher to create a Windows client kiosk
           href: kiosk-shelllauncher.md
-        - name: Use MDM Bridge WMI Provider to create a Windows 10 kiosk
+        - name: Use MDM Bridge WMI Provider to create a Windows client kiosk
           href: kiosk-mdm-bridge.md
         - name: Troubleshoot kiosk mode issues
           href: kiosk-troubleshoot.md
@@ -82,9 +96,9 @@
 
 - name: Use provisioning packages
   items:
-    - name: Provisioning packages for Windows 10
+    - name: Provisioning packages for Windows client
       href: provisioning-packages/provisioning-packages.md
-    - name: How provisioning works in Windows 10
+    - name: How provisioning works in Windows client
       href: provisioning-packages/provisioning-how-it-works.md
     - name: Introduction to configuration service providers (CSPs)
       href: provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@@ -104,7 +118,7 @@
       href: provisioning-packages/provisioning-script-to-install-app.md
     - name: Create a provisioning package with multivariant settings
       href: provisioning-packages/provisioning-multivariant.md
-    - name: PowerShell cmdlets for provisioning Windows 10 (reference)
+    - name: PowerShell cmdlets for provisioning Windows client (reference)
       href: provisioning-packages/provisioning-powershell.md
     - name: Windows Configuration Designer command-line interface (reference)
       href: provisioning-packages/provisioning-command-line.md
@@ -121,7 +135,7 @@
           href: cortana-at-work/cortana-at-work-testing-scenarios.md
         - name: Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query
           href: cortana-at-work/cortana-at-work-scenario-1.md
-        - name: Test scenario 2 - Perform a Bing search with Cortana
+        - name: Test scenario 2 - Run a Bing search with Cortana
           href: cortana-at-work/cortana-at-work-scenario-2.md
         - name: Test scenario 3 - Set a reminder
           href: cortana-at-work/cortana-at-work-scenario-3.md
@@ -129,9 +143,9 @@
           href: cortana-at-work/cortana-at-work-scenario-4.md
         - name: Test scenario 5 - Find out about a person
           href: cortana-at-work/cortana-at-work-scenario-5.md
-        - name: Test scenario 6 - Change your language and perform a quick search with Cortana
+        - name: Test scenario 6 - Change your language and run a quick search with Cortana
           href: cortana-at-work/cortana-at-work-scenario-6.md
-    - name: Send feedback about Cortana back to Microsoftr
+    - name: Send feedback about Cortana back to Microsoft
       href: cortana-at-work/cortana-at-work-feedback.md
     - name: Testing scenarios using Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
       items:
@@ -141,13 +155,13 @@
           href: cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
         - name: Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query
           href: cortana-at-work/test-scenario-1.md
-        - name: Test scenario 2 - Perform a quick search with Cortana at work
+        - name: Test scenario 2 - Run a quick search with Cortana at work
           href: cortana-at-work/test-scenario-2.md
         - name: Test scenario 3 - Set a reminder for a specific location using Cortana at work
           href: cortana-at-work/test-scenario-3.md
         - name: Test scenario 4 - Use Cortana at work to find your upcoming meetings
           href: cortana-at-work/test-scenario-4.md
-        - name: Test scenario 5 - Use Cortana to send email to a co-worker
+        - name: Test scenario 5 - Use Cortana to send email to a coworker
           href: cortana-at-work/test-scenario-5.md
         - name: Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
           href: cortana-at-work/test-scenario-6.md
@@ -162,8 +176,6 @@
 
 - name: Reference
   items:
-    - name: Configure Windows 10 Mobile devices
-      href: mobile-devices/configure-mobile.md
     - name: Windows Configuration Designer reference
       items:
         - name: Windows Configuration Designer provisioning settings (reference)
@@ -178,14 +190,8 @@
           href: wcd/wcd-admxingestion.md 
         - name: AssignedAccess
           href: wcd/wcd-assignedaccess.md 
-        - name: AutomaticTime
-          href: wcd/wcd-automatictime.md 
         - name: Browser
           href: wcd/wcd-browser.md 
-        - name: CallAndMessagingEnhancement
-          href: wcd/wcd-callandmessagingenhancement.md 
-        - name: Calling
-          href: wcd/wcd-calling.md
         - name: CellCore
           href: wcd/wcd-cellcore.md
         - name: Cellular
@@ -206,8 +212,6 @@
           href: wcd/wcd-developersetup.md     
         - name: DeviceFormFactor
           href: wcd/wcd-deviceformfactor.md  
-        - name: DeviceInfo
-          href: wcd/wcd-deviceinfo.md
         - name: DeviceManagement
           href: wcd/wcd-devicemanagement.md  
         - name: DeviceUpdateCenter
@@ -215,9 +219,7 @@
         - name: DMClient
           href: wcd/wcd-dmclient.md 
         - name: EditionUpgrade
-          href: wcd/wcd-editionupgrade.md 
-        - name: EmbeddedLockdownProfiles
-          href: wcd/wcd-embeddedlockdownprofiles.md     
+          href: wcd/wcd-editionupgrade.md    
         - name: FirewallConfiguration
           href: wcd/wcd-firewallconfiguration.md     
         - name: FirstExperience
@@ -226,10 +228,6 @@
           href: wcd/wcd-folders.md  
         - name: HotSpot
           href: wcd/wcd-hotspot.md
-        - name: InitialSetup
-          href: wcd/wcd-initialsetup.md     
-        - name: InternetExplorer
-          href: wcd/wcd-internetexplorer.md 
         - name: KioskBrowser
           href: wcd/wcd-kioskbrowser.md      
         - name: Licensing
@@ -237,23 +235,13 @@
         - name: Location
           href: wcd/wcd-location.md      
         - name: Maps
-          href: wcd/wcd-maps.md  
-        - name: Messaging
-          href: wcd/wcd-messaging.md     
-        - name: ModemConfigurations
-          href: wcd/wcd-modemconfigurations.md     
-        - name: Multivariant
-          href: wcd/wcd-multivariant.md     
+          href: wcd/wcd-maps.md 
         - name: NetworkProxy
           href: wcd/wcd-networkproxy.md     
         - name: NetworkQOSPolicy
-          href: wcd/wcd-networkqospolicy.md
-        - name: NFC
-          href: wcd/wcd-nfc.md     
+          href: wcd/wcd-networkqospolicy.md 
         - name: OOBE
-          href: wcd/wcd-oobe.md    
-        - name: OtherAssets
-          href: wcd/wcd-otherassets.md     
+          href: wcd/wcd-oobe.md 
         - name: Personalization
           href: wcd/wcd-personalization.md     
         - name: Policies
@@ -261,13 +249,9 @@
         - name: Privacy
           href: wcd/wcd-privacy.md  
         - name: ProvisioningCommands
-          href: wcd/wcd-provisioningcommands.md    
-        - name: RcsPresence
-          href: wcd/wcd-rcspresence.md 
+          href: wcd/wcd-provisioningcommands.md
         - name: SharedPC
-          href: wcd/wcd-sharedpc.md     
-        - name: Shell
-          href: wcd/wcd-shell.md     
+          href: wcd/wcd-sharedpc.md 
         - name: SMISettings
           href: wcd/wcd-smisettings.md     
         - name: Start
@@ -283,11 +267,7 @@
         - name: TabletMode
           href: wcd/wcd-tabletmode.md  
         - name: TakeATest
-          href: wcd/wcd-takeatest.md    
-        - name: TextInput
-          href: wcd/wcd-textinput.md  
-        - name: Theme
-          href: wcd/wcd-theme.md  
+          href: wcd/wcd-takeatest.md
         - name: Time
           href: wcd/wcd-time.md    
         - name: UnifiedWriteFilter
@@ -333,7 +313,7 @@
               href: ue-v/uev-deploy-uev-for-custom-applications.md
         - name: Administer UE-V
           items:
-            - name: UE-V administion guide
+            - name: UE-V administration guide
               href: ue-v/uev-administering-uev.md
             - name: Manage Configurations for UE-V
               items:
@@ -375,23 +355,3 @@
               href: ue-v/uev-application-template-schema-reference.md
             - name: Security Considerations for UE-V
               href: ue-v/uev-security-considerations.md
-
-
-    - name: Use Windows Configuration Designer for Windows 10 Mobile devices
-      items:
-        - name: Use Windows Configuration Designer to configure Windows 10 Mobile devices
-          href: mobile-devices/provisioning-configure-mobile.md
-        - name: NFC-based device provisioning
-          href: mobile-devices/provisioning-nfc.md
-        - name: Barcode provisioning and the package splitter tool
-          href: mobile-devices/provisioning-package-splitter.md
-        - name: Use the Lockdown Designer app to create a Lockdown XML file
-          href: mobile-devices/mobile-lockdown-designer.md
-        - name: Configure Windows 10 Mobile using Lockdown XML
-          href: mobile-devices/lockdown-xml.md
-        - name: Settings and quick actions that can be locked down in Windows 10 Mobile
-          href: mobile-devices/settings-that-can-be-locked-down.md
-        - name: Product IDs in Windows 10 Mobile
-          href: mobile-devices/product-ids-in-windows-10-mobile.md
-        - name: Start layout XML for mobile editions of Windows 10 (reference)
-          href: mobile-devices/start-layout-xml-mobile.md
\ No newline at end of file
diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md
index 2deeb1c576..756137de7c 100644
--- a/windows/configuration/changes-to-start-policies-in-windows-10.md
+++ b/windows/configuration/changes-to-start-policies-in-windows-10.md
@@ -3,13 +3,13 @@ title: Changes to Group Policy settings for Windows 10 Start menu (Windows 10)
 description: Learn about changes to Group Policy settings for the Windows 10 Start menu. Also, learn about the new Windows 10 Start experience.
 ms.assetid: 612FB68A-3832-451F-AA97-E73791FEAA9F
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 keywords: ["group policy", "start menu", "start screen"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 11/28/2017
@@ -29,85 +29,24 @@ Windows 10 has a brand new Start experience. As a result, there are changes to
 
 These policy settings are available in **Administrative Templates\\Start Menu and Taskbar** under **User Configuration**.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  PolicyNotes
                  Clear history of recently opened documents on exitDocuments that the user opens are tracked during the session. When the user signs off, the history of opened documents is deleted.
                  Do not allow pinning items in Jump ListsJump Lists are lists of recently opened items, such as files, folders, or websites, organized by the program that you use to open them. This policy prevents users from pinning items to any Jump List.
                  Do not display or track items in Jump Lists from remote locationsWhen this policy is applied, only items local on the computer are shown in Jump Lists.
                  Do not keep history of recently opened documentsDocuments that the user opens are not tracked during the session.
                  Prevent changes to Taskbar and Start Menu SettingsIn Windows 10, this disables all of the settings in Settings > Personalization > Start as well as the options in dialog available via right-click Taskbar > Properties
                  Prevent users from customizing their Start Screen
                  Use this policy in conjunction with a customized Start layout to prevent users from changing it
                  Prevent users from uninstalling applications from StartIn Windows 10, this removes the uninstall button in the context menu. It does not prevent users from uninstalling the app through other entry points (e.g. PowerShell)
                  Remove All Programs list from the Start menuIn Windows 10, this removes the All apps button.
                  Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commandsThis removes the Shut Down, Restart, Sleep, and Hibernate commands from the Start Menu, Start Menu power button, CTRL+ALT+DEL screen, and Alt+F4 Shut Down Windows menu.
                  Remove common program groups from Start MenuAs in earlier versions of Windows, this removes apps specified in the All Users profile from Start
                  Remove frequent programs list from the Start MenuIn Windows 10, this removes the top left Most used group of apps.
                  Remove Logoff on the Start MenuLogoff has been changed to Sign Out in the user interface, however the functionality is the same.
                  Remove pinned programs list from the Start MenuIn Windows 10, this removes the bottom left group of apps (by default, only File Explorer and Settings are pinned).
                  Show "Run as different user" command on StartThis enables the Run as different user option in the right-click menu for apps.
                  Start Layout
                  This applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in User Configuration or Computer Configuration.
                  
-
                  
- 
-
                  Force Start to be either full screen size or menu sizeThis applies a specific size for Start.
                  
-
+|Policy|Notes|
+|--- |--- |
+|Clear history of recently opened documents on exit|Documents that the user opens are tracked during the session. When the user signs off, the history of opened documents is deleted.|
+|Do not allow pinning items in Jump Lists|Jump Lists are lists of recently opened items, such as files, folders, or websites, organized by the program that you use to open them. This policy prevents users from pinning items to any Jump List.|
+|Do not display or track items in Jump Lists from remote locations|When this policy is applied, only items local on the computer are shown in Jump Lists.|
+|Do not keep history of recently opened documents|Documents that the user opens are not tracked during the session.|
+|Prevent changes to Taskbar and Start Menu Settings|In Windows 10, this disables all of the settings in **Settings** > **Personalization** > **Start** as well as the options in dialog available via right-click Taskbar > **Properties**|
+|Prevent users from customizing their Start Screen|Use this policy in conjunction with a [customized Start layout](windows-10-start-layout-options-and-policies.md) to prevent users from changing it|
+|Prevent users from uninstalling applications from Start|In Windows 10, this removes the uninstall button in the context menu. It does not prevent users from uninstalling the app through other entry points (e.g. PowerShell)|
+|Remove All Programs list from the Start menu|In Windows 10, this removes the **All apps** button.|
+|Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands|This removes the Shut Down, Restart, Sleep, and Hibernate commands from the Start Menu, Start Menu power button, CTRL+ALT+DEL screen, and Alt+F4 Shut Down Windows menu.|
+|Remove common program groups from Start Menu|As in earlier versions of Windows, this removes apps specified in the All Users profile from Start|
+|Remove frequent programs list from the Start Menu|In Windows 10, this removes the top left **Most used** group of apps.|
+|Remove Logoff on the Start Menu|**Logoff** has been changed to **Sign Out** in the user interface, however the functionality is the same.|
+|Remove pinned programs list from the Start Menu|In Windows 10, this removes the bottom left group of apps (by default, only File Explorer and Settings are pinned).|
+|Show "Run as different user" command on Start|This enables the **Run as different user** option in the right-click menu for apps.|
+|Start Layout|This applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in **User Configuration** or **Computer Configuration**.|
+|Force Start to be either full screen size or menu size|This applies a specific size for Start.|
  
 
 ## Deprecated Group Policy settings for Start
diff --git a/windows/configuration/configure-windows-10-taskbar.md b/windows/configuration/configure-windows-10-taskbar.md
index 15407ebc50..500f5c624f 100644
--- a/windows/configuration/configure-windows-10-taskbar.md
+++ b/windows/configuration/configure-windows-10-taskbar.md
@@ -5,13 +5,14 @@ keywords: ["taskbar layout","pin apps"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 01/18/2018
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
+ms.collection: highpri
 ---
 # Configure Windows 10 taskbar
 
@@ -31,7 +32,7 @@ The order of apps in the XML file dictates the order of pinned apps on the taskb
 
 The following example shows how apps will be pinned: Windows default apps to the left (blue circle), apps pinned by the user in the center (orange triangle), and apps that you pin using the XML file to the right (green square).
 
-![Windows left, user center, enterprise to the right](images/taskbar-generic.png)
+![Windows left, user center, enterprise to the right.](images/taskbar-generic.png)
 
 
 ## Configure taskbar (general)
@@ -142,11 +143,11 @@ The `` section will append listed apps to the tas
 ```
 **Before:**
 
-![default apps pinned to taskbar](images/taskbar-default.png)
+![default apps pinned to taskbar.](images/taskbar-default.png)
 
 **After:**
 
- ![additional apps pinned to taskbar](images/taskbar-default-plus.png)
+ ![additional apps pinned to taskbar.](images/taskbar-default-plus.png)
 
 ## Remove default apps and add your own
 
@@ -175,11 +176,11 @@ If you only want to remove some of the default pinned apps, you would use this m
 ```
 **Before:**
 
-![Taskbar with default apps](images/taskbar-default.png)
+![Taskbar with default apps.](images/taskbar-default.png)
 
 **After:**
 
-![Taskbar with default apps removed](images/taskbar-default-removed.png)
+![Taskbar with default apps removed.](images/taskbar-default-removed.png)
 
 ## Remove default apps
 
@@ -250,15 +251,15 @@ The following example shows you how to configure taskbars by country or region.
 
 When the preceding example XML file is applied, the resulting taskbar for computers in the US or UK:
 
-![taskbar for US and UK locale](images/taskbar-region-usuk.png)
+![taskbar for US and UK locale.](images/taskbar-region-usuk.png)
 
 The resulting taskbar for computers in Germany or France:
 
-![taskbar for DE and FR locale](images/taskbar-region-defr.png)
+![taskbar for DE and FR locale.](images/taskbar-region-defr.png)
 
 The resulting taskbar for computers in any other country region:
 
-![taskbar for all other regions](images/taskbar-region-other.png)
+![taskbar for all other regions.](images/taskbar-region-other.png)
 
 
 > [!NOTE]
@@ -326,4 +327,4 @@ The resulting taskbar for computers in any other country region:
 - [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
 - [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
 - [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
-- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
\ No newline at end of file
+- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-crm.md b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
index e8a0cdee55..805a227811 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-crm.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
@@ -1,15 +1,15 @@
 ---
-title: Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in your organization (Windows 10)
+title: Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in Windows
 description: How to set up Cortana to give salespeople insights on important CRM activities, including sales leads, accounts, and opportunities.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in your organization
@@ -19,10 +19,10 @@ Cortana integration is a Preview feature that's available for your test or dev e
 >[!NOTE]
 >For more info about Dynamics CRM integration, how to turn on Cortana, and how to provide feedback, see [Preview feature: Set up Cortana integration](https://go.microsoft.com/fwlink/p/?LinkId=746819).
 
-![Cortana at work, showing the sales data pulled from Dynamics CRM](../images/cortana-crm-screen.png)
+![Cortana at work, showing the sales data pulled from Dynamics CRM.](../images/cortana-crm-screen.png)
 
 ## Turn on Cortana with Dynamics CRM in your organization
-You must be a CRM administrator to turn on and use Preview features. For more info about what Preview features are and how to use them, see [What are Preview features and how do I enable them](https://go.microsoft.com/fwlink/p/?LinkId=746817)?
+You must be a CRM administrator to turn on and use Preview features. For more info about what Preview features are and how to use them, see [What are Preview features and how do I enable them](/dynamics365/marketing/marketing-preview-features).
 
 **To turn on Cortana with Dynamics CRM**
 
@@ -43,7 +43,7 @@ You must tell your employees to turn on Cortana, before they’ll be able to use
 
 2. Click on **Connected Services**, click **Dynamics CRM**, and then click **Connect**.
 
-    ![Cotana at work, showing how to turn on the connected services for Dynamics CRM](../images/cortana-connect-crm.png)
+    ![Cotana at work, showing how to turn on the connected services for Dynamics CRM.](../images/cortana-connect-crm.png)
 
     The employee can also disconnect by clicking **Disconnect** from the **Dynamics CRM** screen.
 
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
index cd31806c01..6d940ecc14 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
@@ -4,12 +4,12 @@ description: Learn how to send feedback to Microsoft about Cortana at work so yo
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Send feedback about Cortana back to Microsoft
@@ -22,4 +22,4 @@ To provide feedback about the application in general, go to the **Settings** men
 
 :::image type="content" source="../screenshot12.png" alt-text="Screenshot: Select Feedback to go to the Feedback Hub":::
 
-In order for enterprise users to provide feedback, admins must unblock the Feedback Hub in the [Azure portal](https://portal.azure.com/). Go to the **Enterprise applications section** and enable **Users can allow apps to access their data**.
\ No newline at end of file
+In order for enterprise users to provide feedback, admins must unblock the Feedback Hub in the [Azure portal](https://portal.azure.com/). Go to the **Enterprise applications section** and enable **Users can allow apps to access their data**.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
index 2241f9d819..d949c55ed5 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
@@ -4,12 +4,12 @@ description: Learn how to connect Cortana to Office 365 so employees are notifie
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
@@ -20,7 +20,7 @@ Your employees can use Cortana to help manage their day and be more productive b
 
 **See also:**
 
-[Known issues for Windows Desktop Search and Cortana in Windows 10](https://support.microsoft.com/help/3206883/known-issues-for-windows-desktop-search-and-cortana-in-windows-10).
+[Known issues for Windows Desktop Search and Cortana in Windows 10](/troubleshoot/windows-client/shell-experience/windows-desktop-search-and-cortana-issues).
 
 ### Before you begin
 There are a few things to be aware of before you start using Cortana in Windows 10, versions 1909 and earlier.
@@ -53,4 +53,4 @@ Cortana in Windows 10, versions 1909 and earlier can only access data in your Mi
 
 3. Expand **Settings** and select **Org Settings**.
 
-4. Select **Cortana** to toggle Cortana's access to Microsoft 365 data off.
\ No newline at end of file
+4. Select **Cortana** to toggle Cortana's access to Microsoft 365 data off.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
index 5d25f337c9..2b72551c54 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
@@ -1,23 +1,23 @@
 ---
-title: Configure Cortana in Windows 10
+title: Configure Cortana in Windows 10 and Windows 11
 ms.reviewer: 
-manager: dansimp
-description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.
+manager: dougeby
+description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and for enterprise environments.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ---
 
-# Configure Cortana in Windows 10
+# Configure Cortana in Windows 10 and Windows 11
 
 ## Who is Cortana?
 
-Cortana is a personal productivity assistant in Microsoft 365, helping your users achieve more with less effort and focus on what matters. The Cortana app in Windows 10 helps users quickly get information across Microsoft 365, using typed or spoken queries to connect with people, check calendars, set reminders, add tasks, and more.
+Cortana is a personal productivity assistant in Microsoft 365, helping your users achieve more with less effort and focus on what matters. The Cortana app in Windows 10 and Windows 11 helps users quickly get information across Microsoft 365, using typed or spoken queries to connect with people, check calendars, set reminders, add tasks, and more.
 
-:::image type="content" source="../screenshot1.png" alt-text="Screenshot: Cortana home page example":::
+:::image type="content" source="./images/screenshot1.png" alt-text="Screenshot: Cortana home page example":::
 
 ## Where is Cortana available for use in my organization?
 
@@ -34,10 +34,13 @@ Cortana requires a PC running Windows 10, version 1703 or later, as well as the
 
 | Software | Minimum version |
 |---------|---------|
-|Client operating system     |     Desktop: 
                   - Windows 10, version 2004 (recommended)  
                   
                   - Windows 10, version 1703 (legacy version of Cortana) 
                   
                   Mobile: Windows 10 mobile, version 1703 (legacy version of Cortana) 
                   
                   For more information on the differences between Cortana in Windows 10, version 2004 and earlier versions, see [**How is my data processed by Cortana**](#how-is-my-data-processed-by-cortana) below. |
+|Client operating system     | - Windows 10, version 2004 (recommended)  
                   
                   - Windows 10, version 1703 (legacy version of Cortana) 
                   
                   For more information on the differences between Cortana in Windows 10, version 2004 and earlier versions, see [**How is my data processed by Cortana**](#how-is-my-data-processed-by-cortana) below. |
 |Azure Active Directory (Azure AD)    | While all employees signing into Cortana need an Azure AD account, an Azure AD premium tenant isn't required.        |
 |Additional policies (Group Policy and Mobile Device Management (MDM))     |There is a rich set of policies that can be used to manage various aspects of Cortana. Most of these policies will limit the abilities of Cortana but won't turn Cortana off. For example, if you turn **Speech** off, your employees won't be able to use the wake word ("Cortana") for hands-free activation or voice commands to easily ask for help.  |
 
+>[!NOTE]
+>For Windows 11, Cortana is no longer pinned to the taskbar by default. You can still pin the Cortana app to the taskbar as you would any other app. In addition, the keyboard shortcut that launched Cortana (Win+C) no longer opens Cortana.
+
 ## Signing in using Azure AD
 
 Your organization must have an Azure AD tenant and your employees' devices must all be Azure AD-joined for the best Cortana experience. (Users may also sign into Cortana with a Microsoft account, but will not be able to use their enterprise email or calendar.) For info about what an Azure AD tenant is, how to get your devices joined, and other Azure AD maintenance info, see [Azure Active Directory documentation.](/azure/active-directory/)
@@ -46,9 +49,9 @@ Your organization must have an Azure AD tenant and your employees' devices m
 
 Cortana's approach to integration with Microsoft 365 has changed with Windows 10, version 2004 and later.
 
-### Cortana in Windows 10, version 2004 and later
+### Cortana in Windows 10, version 2004 and later, or Windows 11
 
-Cortana enterprise services that can be accessed using Azure AD through Cortana in Windows 10, version 2004 and later, meet the same enterprise-level privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/en-us/licensing/product-licensing/products). To learn more, see [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide#what-data-is-processed-by-cortana-in-office-365).
+Cortana enterprise services that can be accessed using Azure AD through Cortana meet the same enterprise-level privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/en-us/licensing/product-licensing/products). To learn more, see [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide#what-data-is-processed-by-cortana-in-office-365&preserve-view=true).
 
 #### How does Microsoft store, retain, process, and use Customer Data in Cortana?
 
@@ -74,7 +77,7 @@ First, the user must enable the wake word from within Cortana settings. Once it
 
 The first decision is made by the Windows Multiple Voice Assistant platform leveraging hardware optionally included in the user's PC for power savings. If the wake word is detected, Windows will show a microphone icon in the system tray indicating an assistant app is listening.
 
-:::image type="content" source="../screenshot2.png" alt-text="Screenshot: Microphone icon in the system tray indicating an assistant app is listening":::
+:::image type="content" source="./images/screenshot2.png" alt-text="Screenshot: Microphone icon in the system tray indicating an assistant app is listening":::
 
 At that point, the Cortana app will receive the audio, run a second, more accurate wake word detector, and optionally send it to a Microsoft cloud service where a third wake word detector will confirm. If the service does not confirm that the activation was valid, the audio will be discarded and deleted from any further processing or server logs. On the user's PC, the Cortana app will be silently dismissed, and no query will be shown in conversation history because the query was discarded.
 
@@ -88,4 +91,4 @@ Cortana is covered under the [Microsoft Privacy Statement](https://privacy.micro
 
 ## See also
 
-- [What is Cortana?](https://go.microsoft.com/fwlink/p/?LinkId=746818)
\ No newline at end of file
+- [What is Cortana?](https://go.microsoft.com/fwlink/p/?LinkId=746818)
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
index 2d82042faa..2eb0ba6a03 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
@@ -1,52 +1,84 @@
 ---
-title: Configure Cortana with Group Policy and MDM settings (Windows 10)
+title: Configure Cortana with Group Policy and MDM settings (Windows)
 description: The list of Group Policy and mobile device management (MDM) policy settings that apply to Cortana at work.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
-ms.date: 10/05/2017
+ms.author: aaroncz
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization
 
->[!NOTE]
->For specific info about how to set, manage, and use each of these MDM policies to configure Cortana in your enterprise, see the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) topic, located in the configuration service provider reference topics.
+For specific info about how to set, manage, and use each of these MDM policies to configure Cortana in your enterprise, see the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
 
+- **Allow Cortana**
+  - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana`
+  - **MDM policy CSP**: [Experience/AllowCortana](/windows/client-management/mdm/policy-csp-experience#experience-allowcortana)
+  - **Description**: Specifies if users can use Cortana.
 
-|**Group policy**  |**MDM policy**  |**Description**  |
-|---------|---------|---------|
-|Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana     |Experience/AllowCortana         |Specifies whether employees can use Cortana. 
                  
-> [!IMPORTANT]
-> Cortana won’t work if this setting is turned off (disabled). However, on Windows 10, version 1809 and below, employees can still perform local searches even with Cortana turned off.         |
-|Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortanaAboveLock     |AboveLock/AllowCortanaAboveLock         |Specifies whether an employee can interact with Cortana using voice commands when the system is locked. 
                  
-> [!NOTE]
-> Cortana in Windows 10, versions 2004 and later do not currently support Above Lock.         |
-|Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsActivateWithVoice     |[Privacy/LetAppsActivateWithVoice](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsactivatewithvoice)         |Specifies whether apps (such as Cortana or other voice assistants) can activate using a wake word (e.g. “Hey Cortana”). 
                  
-> [!NOTE]
-> This setting only applies to Windows 10 versions 2004 and later. To disable wake word activation on Windows 10 versions 1909 and earlier, you will need to disable voice commands using Privacy/AllowInputPersonalization.        |
-|Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsAccessMicrophone     |[Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone-forcedenytheseapps)         |  Use this to disable Cortana’s access to the microphone. To do so, specify Cortana’s Package Family Name: Microsoft.549981C3F5F10_8wekyb3d8bbwe 
                  
-Users will still be able to type queries to Cortana.      |
-|Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow users to enable online speech recognition services     |Privacy/AllowInputPersonalization         |Specifies whether an employee can use voice commands with Cortana in your organization. 
                  
-**In Windows 10, version 1511** 
                   Cortana won’t work if this setting is turned off (disabled). 
                   **In Windows 10, version 1607 and later** 
                   Non-speech aspects of Cortana will still work if this setting is turned off (disabled). 
                   **In Windows 10, version 2004 and later** 
                   Cortana will work, but voice input will be disabled.       |
-|None     |System/AllowLocation         |Specifies whether to allow app access to the Location service. 
                  
-**In Windows 10, version 1511** 
                   Cortana won’t work if this setting is turned off (disabled). 
                  
-**In Windows 10, version 1607 and later** 
                  
-Cortana still works if this setting is turned off (disabled). 
                  
-**In Windows 10, version 2004 and later** 
                  
-Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later do not currently use the Location service.       |
-|None     |Accounts/AllowMicrosoftAccountConnection         |Specifies whether to allow employees to sign in using a Microsoft account (MSA) from Windows apps. 
                  
-Disable this setting if you only want to allow users to sign in with their Azure AD account.         |
-|Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location     |Search/AllowSearchToUseLocation         |Specifies whether Cortana can use your current location during searches and for location reminders. 
                  
-**In Windows 10, version 2004 and later** 
                   Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later, do not currently use the Location service.         |
-|Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results     |Search/DoNotUseWebResults         |Specifies whether search can perform queries on the web and if the web results are displayed in search. 
                  
-**In Windows 10 Pro edition** 
                   This setting can’t be managed.
-**In Windows 10 Enterprise edition** 
                   Cortana won't work if this setting is turned off (disabled).
-**In Windows 10, version 2004 and later** 
                   This setting no longer affects Cortana.         |
-|Computer Configuration\Administrative Templates\Windows Components\Search\Set the SafeSearch setting for Search     |Search/SafeSearchPermissions         |Specifies what level of safe search (filtering adult content) is required. 
                  
-> [!NOTE]
-> This setting only applies to Windows 10 Mobile. Other versions of Windows should use Don't search the web or display web results.        |
\ No newline at end of file
+    Cortana won’t work if this setting is turned off (disabled). On Windows 10, version 1809 and below, users can still do local searches, even with Cortana turned off.
+
+- **AllowCortanaAboveLock**
+  - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortanaAboveLock`
+  - **MDM policy CSP**: [AboveLock/AllowCortanaAboveLock](/windows/client-management/mdm/policy-csp-abovelock#abovelock-allowcortanaabovelock)
+  - **Description**: Specifies whether users can interact with Cortana using voice commands when the system is locked.
+
+    This setting:
+
+    - Doesn't apply to Windows 10, versions 2004 and later
+    - Doesn't apply to Windows 11
+
+- **LetAppsActivateWithVoice**
+  - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsActivateWithVoice`
+  - **MDM policy CSP**: [Privacy/LetAppsActivateWithVoice](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsactivatewithvoice)
+  - **Description**: Specifies if apps, like Cortana or other voice assistants, can activate using a wake word, like “Hey Cortana”.
+
+    This setting applies to:
+
+    - Windows 10 versions 2004 and later
+    - Windows 11
+
+    To disable wake word activation on Windows 10 versions 1909 and earlier, disable voice commands using the [Privacy/AllowInputPersonalization CSP](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization).
+
+- **LetAppsAccessMicrophone**
+  - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsAccessMicrophone`
+  - **MDM policy CSP**: [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone-forcedenytheseapps)
+  - **Description**: Disables Cortana’s access to the microphone. To use this setting, enter Cortana’s Package Family Name: `Microsoft.549981C3F5F10_8wekyb3d8bbwe`. Users can still type queries to Cortana.
+
+- **Allow users to enable online speech recognition services**
+  - **Group policy**: `Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow users to enable online speech recognition services`
+  - **MDM policy CSP**: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization)
+  - **Description**: Specifies whether users can use voice commands with Cortana in your organization.
+    - **Windows 10, version 1511**: Cortana won’t work if this setting is turned off (disabled).
+    - **Windows 10, version 1607 and later**: Non-speech aspects of Cortana will still work if this setting is turned off (disabled).
+    - **Windows 10, version 2004 and later**: Cortana will work, but voice input will be disabled.
+
+- **AllowLocation**
+  - **Group policy**: None
+  - **MDM policy CSP**: [System/AllowLocation](/windows/client-management/mdm/policy-csp-system#system-allowlocation)
+  - **Description**: Specifies whether to allow app access to the Location service.
+    - **Windows 10, version 1511**: Cortana won’t work if this setting is turned off (disabled).
+    - **Windows 10, version 1607 and later**: Cortana still works if this setting is turned off (disabled).
+    - **Windows 10, version 2004 and later**: Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later, or Windows 11 don't use the Location service.
+
+- **AllowMicrosoftAccountConnection**
+  - **Group policy**: None
+  - **MDM policy CSP**: [Accounts/AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection)
+  - **Description**: Specifies whether to allow users to sign in using a Microsoft account (MSA) from Windows apps. If you only want to allow users to sign in with their Azure AD account, then disable this setting.
+
+- **Allow search and Cortana to use location**
+  - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location`
+  - **MDM policy CSP**: [Search/AllowSearchToUseLocation](/windows/client-management/mdm/policy-csp-search#search-allowsearchtouselocation)
+  - **Description**: Specifies whether Cortana can use your current location during searches and for location reminders. In **Windows 10, version 2004 and later**, Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later, or Windows 11, don't use the Location service.
+
+- **Don't search the web or display web results**
+  - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results`
+  - **MDM policy CSP**: [Search/DoNotUseWebResults](/windows/client-management/mdm/policy-csp-search#search-donotusewebresults)
+  - **Description**: Specifies if search can do queries on the web, and if the web results are shown in search.
+    - **Windows 10 Pro edition**: This setting can’t be managed.
+    - **Windows 10 Enterprise edition**: Cortana won't work if this setting is turned off (disabled).
+    - **Windows 10, version 2004 and later**: This setting no longer impacts Cortana.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
index 65919eb8e8..a54d958f6e 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
@@ -1,15 +1,15 @@
 ---
-title: Set up and test Cortana for Power BI in your organization (Windows 10)
+title: Set up and test Cortana for Power BI in your organization (Windows)
 description: How to integrate Cortana with Power BI to help your employees get answers directly from your key business data.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Set up and test Cortana for Power BI in your organization
@@ -25,7 +25,7 @@ Integration between Cortana and Power BI shows how Cortana can work with custom
 ## Before you begin
 To use this walkthrough, you’ll need:
 
-- **Windows 10**. You’ll need to be running at least Windows 10, version 1703.
+- **Windows 10 or Windows 11**. You’ll need your PC to be running at least Windows 10, version 1703 or later, or Windows 11.
 
 - **Cortana**. You need to have Cortana turned on and be logged into your account.
 
@@ -48,38 +48,38 @@ Before you can start this testing scenario, you must first set up your test envi
 
 2. Expand the left rail by clicking the **Show the navigation pane** icon.
 
-    ![Cortana at work, showing the navigation expand icon in Power BI](../images/cortana-powerbi-expand-nav.png)
+    ![Cortana at work, showing the navigation expand icon in Power BI.](../images/cortana-powerbi-expand-nav.png)
 
 3. Click **Get Data** from the left-hand navigation in Power BI.
 
-    ![Cortana at work, showing the Get Data link](../images/cortana-powerbi-getdata.png)
+    ![Cortana at work, showing the Get Data link.](../images/cortana-powerbi-getdata.png)
 
 4. Click **Samples** from the **Content Pack Library** area of the **Get Data** screen.
 
-    ![Cortana at work, showing the Samples link](../images/cortana-powerbi-getdata-samples.png)
+    ![Cortana at work, showing Samples link](../images/cortana-powerbi-getdata-samples.png)
 
 5. Click **Retail Analysis Sample**, and then click **Connect**.
 
-    ![Cortana at work, showing the Samples link](../images/cortana-powerbi-retail-analysis-sample.png)
+    ![Cortana at work, showing the Samples link.](../images/cortana-powerbi-retail-analysis-sample.png)
  
     The sample data is imported and you’re returned to the **Power BI** screen.
 
 6. Click **Dashboards** from the left pane of the **Power BI** screen, and then click **Retail Analysis Sample**.
 
-    ![Cortana at work, showing a dashboard view of the sample data](../images/cortana-powerbi-retail-analysis-dashboard.png)    
+    ![Cortana at work, showing a dashboard view of the sample data.](../images/cortana-powerbi-retail-analysis-dashboard.png)    
  
 7. In the upper right-hand menu, click the **Settings** icon, and then click **Settings**.
 
-    ![Cortana at work, showing where to find the Settings option](../images/cortana-powerbi-settings.png) 
+    ![Cortana at work, showing where to find the Settings option.](../images/cortana-powerbi-settings.png) 
 
 8. Click the **Datasets** tab, and then pick the **Retail Analysis Sample** dataset from the list.
 
 9. Click **Q&A and Cortana**, check the **Allow Cortana to access this dataset** box, and then click **Apply**.
 
-    ![Cortana at work, showing where to find the dataset options](../images/cortana-powerbi-retail-analysis-dataset.png)
+    ![Cortana at work, showing where to find the dataset options.](../images/cortana-powerbi-retail-analysis-dataset.png)
 
     >[!NOTE]
-    >It can take up to 30 minutes for a new dataset to appear for Power BI and Cortana. Logging in and out of Windows 10, or otherwise restarting Cortana, causes the new content to appear immediately.
                  If you enable a dataset for Cortana, and that dataset is part of a content pack you own, you’ll need to re-publish for your colleagues to also use it with Cortana.
+    >It can take up to 30 minutes for a new dataset to appear for Power BI and Cortana. Logging in and out of Windows, or otherwise restarting Cortana, causes the new content to appear immediately.
                  If you enable a dataset for Cortana, and that dataset is part of a content pack you own, you’ll need to re-publish for your colleagues to also use it with Cortana.
 
 ## Create a custom Answer Page for Cortana
 You must create special reports, known as _Answer Pages_, to display the most commonly asked answers in Cortana. For example, if you want Cortana to quickly show sales data to your employees, you can create a 2016 sales data Answer Page that shows sales data, with various pivots, in Cortana.
@@ -87,12 +87,12 @@ You must create special reports, known as _Answer Pages_, to display the most co
 After you’ve finished creating your Answer Page, you can continue to the included testing scenarios.
 
 >[!NOTE]
->It can take up to 30 minutes for a custom Answer Page to appear for Power BI and Cortana. Logging in and out of Windows 10, or otherwise restarting Cortana, causes the new content to appear immediately.
+>It can take up to 30 minutes for a custom Answer Page to appear for Power BI and Cortana. Logging in and out of Windows, or otherwise restarting Cortana, causes the new content to appear immediately.
 
 **To create a custom sales data Answer Page for Cortana**
 1. In Power BI, click **My Workspace**, click **Create**, and then click **Report**.
 
-    ![Cortana at work, showing where to create the new report](../images/cortana-powerbi-create-report.png)
+    ![Cortana at work, showing where to create the new report.](../images/cortana-powerbi-create-report.png)
  
 2. In the **Create Report** screen, click the **Retail Analysis Sample**, and then click **Create**.
 
@@ -100,11 +100,11 @@ After you’ve finished creating your Answer Page, you can continue to the inclu
 
 3. In the **Visualizations** pane, click the paint roller icon, expand **Page Size**, and then pick **Cortana** from the **Type** drop-down list.
 
-    ![Cortana at work, showing the Visualizations options](../images/cortana-powerbi-pagesize.png)
+    ![Cortana at work, showing the Visualizations options.](../images/cortana-powerbi-pagesize.png)
 
 4. In the **Fields** pane, click to expand **Sales**, expand **This year sales**, and then add both **Value** and **Goal**.
 
-    ![Cortana at work, showing the Field options](../images/cortana-powerbi-field-selection.png)
+    ![Cortana at work, showing the Field options.](../images/cortana-powerbi-field-selection.png)
  
     The automatically generated graph is added to your blank report. You have the option to change colors, add borders, add additional visualizations, and modify this page so that it answers the question about sales data as precisely, and in as custom a way, as you want. You just need to make sure that it all stays within the page borders.
 
@@ -112,11 +112,11 @@ After you’ve finished creating your Answer Page, you can continue to the inclu
 
     The alternate names help Cortana to know what questions to look for and when to show this report. To also improve your results, you should avoid using the names of your report columns.
 
-    ![Cortana at work, showing the page info for your specific report](../images/cortana-powerbi-report-qna.png)
+    ![Cortana at work, showing the page info for your specific report.](../images/cortana-powerbi-report-qna.png)
     
 6. Click **File**, click **Save as**, and save the report as _Sales data 2016_. 
 
-    Because this is part of the Retail Analysis Sample, it will automatically be included as part of the dataset you included for Cortana. However, you will still need to log in and out of Windows 10, or otherwise restart Cortana, before the new content appears.
+    Because this is part of the Retail Analysis Sample, it will automatically be included as part of the dataset you included for Cortana. However, you will still need to log in and out of Windows, or otherwise restart Cortana, before the new content appears.
 
 ## Test Scenario: Use Cortana to show info from Power BI in your organization
 Now that you’ve set up your device, you can use Cortana to show your info from within Power BI.
@@ -128,13 +128,13 @@ Now that you’ve set up your device, you can use Cortana to show your info from
 
     Cortana shows you the available results.
 
-    ![Cortana at work, showing the best matches based on the Power BI data](../images/cortana-powerbi-search.png)
+    ![Cortana at work, showing the best matches based on the Power BI data.](../images/cortana-powerbi-search.png)
  	 
 3. In the **Power BI** area, click **This year in sales – in Retail Analysis Sample**.
 
  	Cortana returns your custom report.
 
-    ![Cortana at work, showing your custom report from Power BI](../images/cortana-powerbi-myreport.png)
+    ![Cortana at work, showing your custom report from Power BI.](../images/cortana-powerbi-myreport.png)
  	 
 >[!NOTE]
 >For more info about how to connect your own data, build your own custom Power BI cards and Answer Pages for Cortana, and how to share the cards with everyone in your organization, see [Use Power BI to create a custom Answer Page for Cortana](https://powerbi.microsoft.com/documentation/powerbi-service-cortana-desktop-entity-cards/).
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
index 2b6dca5a4a..de0f3315ae 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
@@ -4,11 +4,11 @@ description: A test scenario walking you through signing in and managing the not
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Test scenario 1 – Sign into Azure AD, enable the wake word, and try a voice query
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
index 33ac963a8e..b9c64414bc 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
@@ -1,15 +1,15 @@
 ---
-title: Perform a quick search with Cortana at work (Windows 10)
-description: A test scenario about how to perform a quick search with Cortana at work.
+title: Perform a quick search with Cortana at work (Windows)
+description: This is a test scenario about how to perform a quick search with Cortana at work.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Test scenario 2 – Perform a Bing search with Cortana
@@ -23,4 +23,4 @@ Cortana will respond with the information from Bing.
 :::image type="content" source="../screenshot5.png" alt-text="Screenshot: Cortana showing current time in Hyderabad":::
 
 >[!NOTE]
->This scenario requires Bing Answers to be enabled. To learn more, see [Set up and configure the Bing Answers feature](./set-up-and-test-cortana-in-windows-10.md#set-up-and-configure-the-bing-answers-feature).
\ No newline at end of file
+>This scenario requires Bing Answers to be enabled. To learn more, see [Set up and configure the Bing Answers feature](./set-up-and-test-cortana-in-windows-10.md#set-up-and-configure-the-bing-answers-feature).
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
index b3c72fad56..68ba398dbf 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
@@ -1,15 +1,15 @@
 ---
-title: Set a reminder for a location with Cortana at work (Windows 10)
+title: Set a reminder for a location with Cortana at work (Windows)
 description: A test scenario about how to set a location-based reminder using Cortana at work.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Test scenario 3 - Set a reminder
@@ -22,4 +22,4 @@ Cortana will create a reminder in Microsoft To Do and will remind you at the app
 
 :::image type="content" source="../screenshot6.png" alt-text="Screenshot: Cortana set a reminder":::
 
-:::image type="content" source="../screenshot7.png" alt-text="Screenshot: Cortana showing reminder on page":::
\ No newline at end of file
+:::image type="content" source="../screenshot7.png" alt-text="Screenshot: Cortana showing reminder on page":::
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
index f5377cf7c3..6c6a391833 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
@@ -1,18 +1,18 @@
 ---
-title: Use Cortana at work to find your upcoming meetings (Windows 10)
-description: A test scenario about how to use Cortana at work to find your upcoming meetings.
+title: Use Cortana at work to find your upcoming meetings (Windows)
+description: A test scenario on how to use Cortana at work to find your upcoming meetings.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
-# Test scenario 4 - Use Cortana to find free time on your calendar
+# Test scenario 4 - Use Cortana to find free time on your calendar for your upcoming meetings.
 
 This scenario helps you find out if a time slot is free on your calendar.
 
@@ -24,4 +24,4 @@ This scenario helps you find out if a time slot is free on your calendar.
 
 Cortana will respond with your availability for that time, as well as nearby meetings.
 
-:::image type="content" source="../screenshot8.png" alt-text="Screenshot: Cortana showing free time on a calendar":::
\ No newline at end of file
+:::image type="content" source="../screenshot8.png" alt-text="Screenshot: Cortana showing free time on a calendar":::
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
index a434e14f90..63f5f07436 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
@@ -1,15 +1,15 @@
 ---
-title: Use Cortana to send email to a co-worker (Windows 10)
+title: Use Cortana to send email to a co-worker (Windows)
 description: A test scenario about how to use Cortana at work to send email to a co-worker.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Test scenario 5 - Test scenario 5 – Find out about a person
@@ -22,4 +22,4 @@ Cortana can help you quickly look up information about someone or the org chart.
 
 :::image type="content" source="../screenshot9.png" alt-text="Screenshot: Cortana showing name of person in your organization":::
 
-Cortana will respond with information about the person. You can select the person to see more information about them in Microsoft Search.
\ No newline at end of file
+Cortana will respond with information about the person. You can select the person to see more information about them in Microsoft Search.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
index 9abb865b58..c4647b52d8 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
@@ -1,15 +1,15 @@
 ---
-title: Review a reminder suggested by Cortana (Windows 10)
-description: A test scenario about how to use Cortana with the Suggested reminders feature.
+title: Review a reminder suggested by Cortana (Windows)
+description: A test scenario on how to use Cortana with the Suggested reminders feature.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Test scenario 6 – Change your language and perform a quick search with Cortana
@@ -22,4 +22,4 @@ Cortana can help employees in regions outside the US search for quick answers li
 
 3. Once the app has restarted, type or say **Convierte 100 Euros a Dólares**.
 
-:::image type="content" source="../screenshot10.png" alt-text="Screenshot: Cortana showing a change your language and showing search results in Spanish":::
\ No newline at end of file
+:::image type="content" source="../screenshot10.png" alt-text="Screenshot: Cortana showing a change your language and showing search results in Spanish":::
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
index 5b6970f37b..6a7ab71a9a 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
@@ -1,15 +1,15 @@
 ---
-title: Help protect data with Cortana and WIP (Windows 10)
+title: Help protect data with Cortana and WIP (Windows)
 description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP).
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
index 8137313839..cf0cd10b10 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
@@ -4,12 +4,12 @@ description: Suggested testing scenarios that you can use to test Cortana in you
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 06/28/2021
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Cortana at work testing scenarios
@@ -22,4 +22,4 @@ We've come up with a list of suggested testing scenarios that you can use to tes
 - [Use Cortana to find free time on your calendar](cortana-at-work-scenario-4.md)
 - [Find out about a person](cortana-at-work-scenario-5.md)
 - [Change your language and perform a quick search with Cortana](cortana-at-work-scenario-6.md)
-- [Use Windows Information Protection (WIP) to secure content on a device and then try to manage your organization’s entries in the notebook](cortana-at-work-scenario-7.md)
\ No newline at end of file
+- [Use Windows Information Protection (WIP) to secure content on a device and then try to manage your organization’s entries in the notebook](cortana-at-work-scenario-7.md)
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
index 478aeb7938..10a3e5644b 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
@@ -1,15 +1,15 @@
 ---
-title: Set up and test custom voice commands in Cortana for your organization (Windows 10)
+title: Set up and test custom voice commands in Cortana for your organization (Windows)
 description: How to create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Set up and test custom voice commands in Cortana for your organization
@@ -49,7 +49,7 @@ While these aren't line-of-business apps, we've worked to make sure to implement
 
 2. Click on **Connected Services**, click **Uber**, and then click **Connect**.
 
-    ![Cortana at work, showing where to connect the Uber service to Cortana](../images/cortana-connect-uber.png)
+    ![Cortana at work, showing where to connect the Uber service to Cortana.](../images/cortana-connect-uber.png)
 
 **To use the voice-enabled commands with Cortana**
 1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the **Search** box).
@@ -59,4 +59,4 @@ While these aren't line-of-business apps, we've worked to make sure to implement
     Cortana changes, letting you provide your trip details for Uber.
 
 ## See also
-- [Cortana for developers](/cortana/skills/)
\ No newline at end of file
+- [Cortana for developers](/cortana/skills/)
diff --git a/windows/configuration/cortana-at-work/images/screenshot1.png b/windows/configuration/cortana-at-work/images/screenshot1.png
new file mode 100644
index 0000000000..ed62740e92
Binary files /dev/null and b/windows/configuration/cortana-at-work/images/screenshot1.png differ
diff --git a/windows/configuration/cortana-at-work/images/screenshot2.png b/windows/configuration/cortana-at-work/images/screenshot2.png
new file mode 100644
index 0000000000..fb7995600e
Binary files /dev/null and b/windows/configuration/cortana-at-work/images/screenshot2.png differ
diff --git a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
index addf307b70..b922d049e4 100644
--- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
+++ b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
@@ -1,21 +1,21 @@
 ---
 title: Set up and test Cortana in Windows 10, version 2004 and later
 ms.reviewer: 
-manager: dansimp
-description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.
+manager: dougeby
+description: Cortana includes powerful configuration options specifically to optimize unique small to medium-sized business and enterprise environments.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ---
 
 # Set up and test Cortana in Windows 10, version 2004 and later
 
 ## Before you begin
 
-- If your enterprise had previously disabled Cortana for your employees using the **Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana** Group Policy or the **Experience\AllowCortana** MDM setting but want to enable it now that Cortana is part of Microsoft 365, you will need to re-enable it at least for Windows 10, version 2004 and later.
+- If your enterprise had previously disabled Cortana for your employees using the **Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana** Group Policy or the **Experience\AllowCortana** MDM setting but want to enable it now that Cortana is part of Microsoft 365, you will need to re-enable it at least for Windows 10, version 2004 and later, or Windows 11.
 - **Cortana is regularly updated through the Microsoft Store.** Beginning with Windows 10, version 2004, Cortana is an appx preinstalled with Windows and is regularly updated through the Microsoft Store. To receive the latest updates to Cortana, you will need to [enable updates through the Microsoft Store](../stop-employees-from-using-microsoft-store.md).
 
 ## Set up and configure the Bing Answers feature
@@ -46,4 +46,4 @@ When a user enters a search query (by speech or text), Cortana evaluates if the
 Bing Answers is enabled by default for all users. However, admins can configure and change this for specific users and user groups in their organization.
 
 ## How the Bing Answer policy configuration is applied
-Before a query is sent to Bing for a search of public results from Bing.com, the Bing Answers service checks with the Office Cloud Policy Service to see if there are any policy configurations that pertain to the user for allowing Bing Answers to respond to questions users ask Cortana. If the user is a member of an AAD group that is assigned that policy configuration, then the appropriate policy settings are applied and a check is made again in 10 minutes.
\ No newline at end of file
+Before a query is sent to Bing for a search of public results from Bing.com, the Bing Answers service checks with the Office Cloud Policy Service to see if there are any policy configurations that pertain to the user for allowing Bing Answers to respond to questions users ask Cortana. If the user is a member of an AAD group that is assigned that policy configuration, then the appropriate policy settings are applied and a check is made again in 10 minutes.
diff --git a/windows/configuration/cortana-at-work/test-scenario-1.md b/windows/configuration/cortana-at-work/test-scenario-1.md
index daef056559..729352fb95 100644
--- a/windows/configuration/cortana-at-work/test-scenario-1.md
+++ b/windows/configuration/cortana-at-work/test-scenario-1.md
@@ -4,12 +4,12 @@ description: A test scenario about how to sign in with your work or school accou
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Test scenario 1 – Sign in with your work or school account and use Cortana to manage the notebook
@@ -43,4 +43,4 @@ This process helps you to manage the content Cortana shows in your Notebook.
 3. Add **Redmond, Washington**.
 
 > [!IMPORTANT]
-> The data created as part of these scenarios will be uploaded to Microsoft's Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
\ No newline at end of file
+> The data created as part of these scenarios will be uploaded to Microsoft's Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
diff --git a/windows/configuration/cortana-at-work/test-scenario-2.md b/windows/configuration/cortana-at-work/test-scenario-2.md
index 36934cf4a6..86c279c752 100644
--- a/windows/configuration/cortana-at-work/test-scenario-2.md
+++ b/windows/configuration/cortana-at-work/test-scenario-2.md
@@ -4,12 +4,12 @@ description: A test scenario about how to perform a quick search with Cortana at
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Test scenario 2 – Perform a quick search with Cortana at work
@@ -35,4 +35,4 @@ This process helps you to use Cortana at work and voice commands to perform a qu
 1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the Search box).
 
 2. Say **What's the weather in Chicago?** Cortana tells you and shows you the current weather in Chicago.
-Insert screenshot
\ No newline at end of file
+Insert screenshot
diff --git a/windows/configuration/cortana-at-work/test-scenario-3.md b/windows/configuration/cortana-at-work/test-scenario-3.md
index 709082bda6..f1706c3579 100644
--- a/windows/configuration/cortana-at-work/test-scenario-3.md
+++ b/windows/configuration/cortana-at-work/test-scenario-3.md
@@ -4,12 +4,12 @@ description: A test scenario about how to set up, review, and edit a reminder ba
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Test scenario 3 - Set a reminder for a specific location using Cortana at work
@@ -76,4 +76,4 @@ This process helps you to edit or archive and existing or completed reminder.
 
 2. Click the pending reminder you want to edit.
 
-3. Change any text that you want to change, click **Add photo** if you want to add or replace an image, click **Delete** if you want to delete the entire reminder, click Save to save your changes, and click **Complete and move to History** if you want to save a completed reminder in your **Reminder History**.
\ No newline at end of file
+3. Change any text that you want to change, click **Add photo** if you want to add or replace an image, click **Delete** if you want to delete the entire reminder, click Save to save your changes, and click **Complete and move to History** if you want to save a completed reminder in your **Reminder History**.
diff --git a/windows/configuration/cortana-at-work/test-scenario-4.md b/windows/configuration/cortana-at-work/test-scenario-4.md
index b15cd265db..635172f826 100644
--- a/windows/configuration/cortana-at-work/test-scenario-4.md
+++ b/windows/configuration/cortana-at-work/test-scenario-4.md
@@ -1,18 +1,18 @@
 ---
-title: Use Cortana at work to find your upcoming meetings (Windows 10)
+title: Use Cortana to find your upcoming meetings at work (Windows)
 description: A test scenario about how to use Cortana at work to find your upcoming meetings.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
-# Test scenario 4 - Use Cortana at work to find your upcoming meetings
+# Test scenario 4 - Use Cortana to find your upcoming meetings at work
 
 >[!Important]
 >The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
@@ -49,4 +49,4 @@ This process helps you to use Cortana at work and voice commands to find your up
 >Make sure that you have a meeting scheduled for the time you specify here.
 
 Cortana at work, showing the meeting scheduled for 3pm
-screenshot
\ No newline at end of file
+screenshot
diff --git a/windows/configuration/cortana-at-work/test-scenario-5.md b/windows/configuration/cortana-at-work/test-scenario-5.md
index 3dabe7811b..7770f46dfd 100644
--- a/windows/configuration/cortana-at-work/test-scenario-5.md
+++ b/windows/configuration/cortana-at-work/test-scenario-5.md
@@ -1,18 +1,18 @@
 ---
-title: Use Cortana to send email to a co-worker (Windows 10)
-description: A test scenario about how to use Cortana at work to send email to a co-worker.
+title: Use Cortana to send an email to co-worker (Windows)
+description: A test scenario on how to use Cortana at work to send email to a co-worker.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
-# Test scenario 5 - Use Cortana to send email to a co-worker
+# Test scenario 5 - Use Cortana to send an email to co-worker
 
 >[!Important]
 >The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
@@ -58,4 +58,4 @@ screenshot
 The email is sent.
 
 Cortana at work, showing the sent email text
-screenshot
\ No newline at end of file
+screenshot
diff --git a/windows/configuration/cortana-at-work/test-scenario-6.md b/windows/configuration/cortana-at-work/test-scenario-6.md
index 88853dfe0d..e9b09188c2 100644
--- a/windows/configuration/cortana-at-work/test-scenario-6.md
+++ b/windows/configuration/cortana-at-work/test-scenario-6.md
@@ -4,12 +4,12 @@ description: A test scenario about how to use Cortana with the Suggested reminde
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
@@ -45,4 +45,4 @@ screenshot
 If the reminder has a specific date or time associated with it, like end of day, Cortana notifies you at the appropriate time and puts the reminder into the Action Center. Also from the Home screen, you can view the email where you made the promise, set aside time on your calendar, officially set the reminder, or mark the reminder as completed.
 
 Cortana Home screen with your suggested reminder showing
-screenshot
\ No newline at end of file
+screenshot
diff --git a/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md b/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
index 3933c23706..57153a781a 100644
--- a/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
+++ b/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
@@ -4,12 +4,12 @@ description: A list of suggested testing scenarios that you can use to test Cort
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Testing scenarios using Cortana in your business or organization
@@ -22,4 +22,4 @@ We've come up with a list of suggested testing scenarios that you can use to tes
 - [Use Cortana at work to find your upcoming meetings](./cortana-at-work-scenario-4.md)
 - [Use Cortana to send email to a co-worker](./cortana-at-work-scenario-5.md)
 - [Review a reminder suggested by Cortana based on what you've promised in email](./cortana-at-work-scenario-6.md)
-- [Use Cortana and Windows Information Protection (WIP) to help protect your organization's data on a device](./cortana-at-work-scenario-7.md)
\ No newline at end of file
+- [Use Cortana and Windows Information Protection (WIP) to help protect your organization's data on a device](./cortana-at-work-scenario-7.md)
diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md
index 601ad70810..c979753ccb 100644
--- a/windows/configuration/customize-and-export-start-layout.md
+++ b/windows/configuration/customize-and-export-start-layout.md
@@ -3,16 +3,17 @@ title: Customize and export Start layout (Windows 10)
 description: The easiest method for creating a customized Start layout is to set up the Start screen and export the layout.
 ms.assetid: CA8DF327-5DD4-452F-9FE5-F17C514B6236
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 keywords: ["start screen"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/18/2018
+ms.collection: highpri
 ---
 
 # Customize and export Start layout
@@ -80,7 +81,7 @@ To prepare a Start layout for export, you simply customize the Start layout on a
 
 ## Export the Start layout
 
-When you have the Start layout that you want your users to see, use the [Export-StartLayout](/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet in Windows PowerShell to export the Start layout to an .xml file. Start layout is located by default at C:\Users\username\AppData\Local\Microsoft\Windows\Shell\
+When you have the Start layout that you want your users to see, use the [Export-StartLayout](/powershell/module/startlayout/export-startlayout) cmdlet in Windows PowerShell to export the Start layout to an .xml file. Start layout is located by default at C:\Users\username\AppData\Local\Microsoft\Windows\Shell\
 
 >[!IMPORTANT]
 >If you include secondary Microsoft Edge tiles (tiles that link to specific websites in Microsoft Edge), see [Add custom images to Microsoft Edge secondary tiles](start-secondary-tiles.md) for instructions.
@@ -101,38 +102,25 @@ When you have the Start layout that you want your users to see, use the [Export-
 
     In the previous command, `-path` is a required parameter that specifies the path and file name for the export file. You can specify a local path or a UNC path (for example, \\\\FileServer01\\StartLayouts\\StartLayoutMarketing.xml).
 
-    Use a file name of your choice—for example, StartLayoutMarketing.xml. Include the .xml file name extension. The [Export-StartLayout](/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet does not append the file name extension, and the policy settings require the extension.
+    Use a file name of your choice—for example, StartLayoutMarketing.xml. Include the .xml file name extension. The [Export-StartLayout](/powershell/module/startlayout/export-startlayout) cmdlet does not append the file name extension, and the policy settings require the extension.
     
     Example of a layout file produced by `Export-StartLayout`:
 
-    
-    
-    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
                  


                  XML
                  <LayoutModificationTemplate Version="1" xmlns="https://schemas.microsoft.com/Start/2014/LayoutModification">
-      <DefaultLayoutOverride>
-        <StartLayoutCollection>
-          <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="https://schemas.microsoft.com/Start/2014/FullDefaultLayout">
-            <start:Group Name="Life at a glance" xmlns:start="https://schemas.microsoft.com/Start/2014/StartLayout">
-              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
-              <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI" />
-              <start:Tile Size="2x2" Column="2" Row="0" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
-            </start:Group>        
-          </defaultlayout:StartLayout>
-        </StartLayoutCollection>
-      </DefaultLayoutOverride>
-    </LayoutModificationTemplate>
                  
+    ```xml
+    
+          
+            
+              
+                
+                  
+                  
+                  
+                        
+              
+            
+          
+        
+    ```
 
 3. (Optional) Edit the .xml file to add [a taskbar configuration](configure-windows-10-taskbar.md) or to [modify the exported layout](start-layout-xml-desktop.md). When you make changes to the exported layout, be aware that [the order of the elements in the .xml file is critical.](start-layout-xml-desktop.md#required-order)
 
@@ -161,7 +149,7 @@ When you have the Start layout that you want your users to see, use the [Export-
 
 A partial Start layout enables you to add one or more customized tile groups to users' Start screens or menus, while still allowing users to make changes to other parts of the Start layout. All groups that you add are *locked*, meaning users cannot change the contents of those tile groups, however users can change the location of those groups. Locked groups are identified with an icon, as shown in the following image.
 
-![locked tile group](images/start-pinned-app.png)
+![locked tile group.](images/start-pinned-app.png)
 
 When a partial Start layout is applied for the first time, the new groups are added to the users' existing Start layouts. If an app tile is in both an existing group and in a new locked group, the duplicate app tile is removed from the existing (unlocked) group.
 
@@ -197,4 +185,4 @@ If the Start layout is applied by Group Policy or MDM, and the policy is removed
 - [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
 - [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
 - [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
-- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
\ No newline at end of file
+- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md
new file mode 100644
index 0000000000..f21e9bf9dc
--- /dev/null
+++ b/windows/configuration/customize-start-menu-layout-windows-11.md
@@ -0,0 +1,185 @@
+---
+title: Add or remove pinned apps on the Start menu in Windows 11 | Microsoft Docs
+description: Export Start layout to LayoutModification.json with pinned apps, and add or remove pinned apps. Use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
+ms.assetid: 
+manager: dougeby
+ms.author: aaroncz
+ms.reviewer: ericpapa
+ms.prod: w11
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mobile
+author: aczechowski
+ms.localizationpriority: medium
+ms.collection: highpri
+---
+
+# Customize the Start menu layout on Windows 11
+
+**Applies to**:
+
+- Windows 11
+
+> **Looking for OEM information?** See [Customize the Taskbar](/windows-hardware/customize/desktop/customize-the-windows-11-taskbar) and [Customize the Start layout](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
+
+Your organization can deploy a customized Start layout to your Windows 11 devices. Customizing the Start layout is common when you have similar devices used by many users, or you want to pin specific apps.
+
+For example, you can override the default set of apps with your own a set of pinned apps, and in the order you choose. As an administrator, use this feature to pin apps, remove default pinned apps, order the apps, and more.
+
+To add apps you want pinned to the Start menu, you use a JSON file. In previous Windows versions, IT administrators used an XML file to customize the Start menu. The XML file isn't available on Windows 11 and later ***unless*** [you're an OEM](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
+
+This article shows you how to export an existing Start menu layout, and use the JSON in a Microsoft Endpoint Manager policy.
+
+## Before you begin
+
+- When you customize the Start layout, you overwrite the entire full layout. A partial Start layout isn't available. Users can pin and unpin apps, and uninstall apps from Start. You can't prevent users from changing the layout.
+
+- It's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. For Microsoft, that includes using Microsoft Endpoint Manager. Endpoint Manager includes Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
+
+  In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
+
+  - [Microsoft Endpoint Manager overview](/mem/endpoint-manager-overview)
+  - [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Intune planning guide](/mem/intune/fundamentals/intune-planning-guide)
+  - [What is Configuration Manager?](/mem/configmgr/core/understand/introduction)
+
+## Start menu features and areas
+
+In Windows 11, the Start menu is redesigned with a simplified set of apps that are arranged in a grid of pages. There aren't folders, groups, or different-sized app icons:
+
+:::image type="content" source="./images/customize-start-menu-layout-windows-11/start-menu-layout.png" alt-text="Sample start menu layout on Windows 11 devices that shows pinned apps, access to all apps, and shows recommended files.":::
+
+Start has the following areas:
+
+- **Pinned**: Shows pinned apps, or a subset of all of the apps installed on the device. You can create a list of pinned apps you want on the devices using the **ConfigureStartPins** policy. **ConfigureStartPins** overrides the entire layout, which also removes apps that are pinned by default.
+
+  This article shows you [how to use the **ConfigureStartPins** policy](#get-the-pinnedlist-json).
+
+- **All apps**: Users select this option to see an alphabetical list of all the apps on the device. This section can't be customized using the JSON file.
+
+  The [Start/HideFrequentlyUsedApps CSP](/windows/client-management/mdm/policy-csp-start#start-hidefrequentlyusedapps) exposes settings that configure the "Most used" section, which is at the top of the all apps list.
+
+  In **Endpoint Manager**, you can configure this Start menu layout feature, and more. For more information on the Start menu settings you can configure in an Endpoint Manager policy, see [Windows 10/11 device settings to allow or restrict features](/mem/intune/configuration/device-restrictions-windows-10#start).
+
+  In **Group Policy**, there are policies that include settings that control the Start menu layout. Some policies may not work as expected. Be sure to test your policies before broadly deploying them across your devices:
+
+  - `Computer Configuration\Administrative Templates\Start Menu and Taskbar`
+  - `User Configuration\Administrative Templates\Start Menu and Taskbar`
+
+- **Recommended**: Shows recently opened files and recently installed apps. This section can't be customized using the JSON file.
+
+  The  [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists) exposes settings that prevent files from showing in this section. This CSP also hides recent files that show from the taskbar.
+
+  In **Endpoint Manager**, you can configure this feature, and more. For more information on the Start menu settings you can configure in an Endpoint Manager policy, see [Windows 10/11 device settings to allow or restrict features](/mem/intune/configuration/device-restrictions-windows-10#start).
+
+  In **Group Policy**, there are policies that include settings that control the Start menu layout. Some policies may not work as expected. Be sure to test your policies before broadly deploying them across your devices:
+
+  - `Computer Configuration\Administrative Templates\Start Menu and Taskbar`
+  - `User Configuration\Administrative Templates\Start Menu and Taskbar`
+
+## Create the JSON file
+
+On an existing Windows 11 device, set up your own Start layout with the pinned apps you want users to see. Then, use the [Windows PowerShell Export-StartLayout](/powershell/module/startlayout/export-startlayout) cmdlet to export the existing layout to a `LayoutModification.json` file.
+
+The JSON file controls the Start menu layout, and lists all the apps that are pinned. You can update the JSON file to:
+
+- Change the order of existing apps. The apps in the JSON file are shown on Start in the same order.
+- Add more apps by entering the app ID. For more information, see [Get the pinnedList JSON](#get-the-pinnedlist-json) (in this article).
+
+If you're familiar with creating JSON files, you can create your own `LayoutModification.json` file. But, it's easier and faster to export the layout from an existing device.
+
+### Export an existing Start layout
+
+1. Create a folder to save the `.json` file. For example, create the `C:\Layouts` folder.
+2. On a Windows 11 device, open the Windows PowerShell app.
+3. Run the following cmdlet. Name the file `LayoutModification.json`.
+
+    ```powershell
+    Export-StartLayout -Path "C:\Layouts\LayoutModification.json" 
+    ```
+
+### Get the pinnedList JSON
+
+1. Open the `LayoutModification.json` file in a JSON editor, such as Visual Studio Code or Notepad. For more information, see [edit JSON with Visual Studio Code](https://code.visualstudio.com/docs/languages/json).
+2. In the file, you see the `pinnedList` section. This section includes all of the pinned apps. Copy the `pinnedList` content in the JSON file. You'll use it in the next section.
+
+    In the following example, you see that Microsoft Edge, Microsoft Word, the Microsoft Store app, and Notepad are pinned:
+
+    ```json
+    { 
+      "pinnedList": [ 
+        { "desktopAppId": "MSEdge" }, 
+        { "desktopAppId": "Microsoft.Office.WINWORD.EXE.15" }, 
+        { "packagedAppId": "Microsoft.WindowsStore_8wekyb3d8bbwe!App" }, 
+        { "packagedAppId": "Microsoft.WindowsNotepad_8wekyb3d8bbwe!App" } 
+      ] 
+    } 
+    ```
+
+3. Starting with Windows 11, the **ConfigureStartPins** policy is available. This policy uses the `LayoutModification.json` file to add apps to the Pinned section. In your JSON file, you can add more apps to this section using the following keys:
+
+    ---
+    | Key | Description |
+    | --- | --- |
+    | packagedAppID | Use this option for Universal Windows Platform apps. To pin a UWP app, use the app's AUMID.|
+    | desktopAppID | Use this option for unpackaged Win32 apps. To pin a Win32 app, use the app's AUMID. If the app doesn't have an AUMID, then enter the `desktopAppLink` instead. |
+    | desktopAppLink | Use this option for unpackaged Win32 apps that don't have an associated AUMID. To pin this type of app, use the path to the `.lnk` shortcut that points to the app. |
+
+## Use MDM to create and deploy a pinned list policy
+
+Now that you have the JSON syntax, you're ready to deploy your customized Start layout to devices in your organization.
+
+MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD).  Using an MDM provider, such as Microsoft Endpoint Manager, you can deploy a policy that configures the pinned list.
+
+This section shows you how to create a pinned list policy in Endpoint Manager. There isn't a Group Policy to create a pinned list.
+
+### Create a pinned list using an Endpoint Manager policy
+
+To deploy this policy, the devices must be enrolled, and managed by your organization. For more information, see [What is device enrollment?](/mem/intune/enrollment/device-enrollment).
+
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. Select **Devices** > **Configuration profiles** > **Create profile**.
+3. Enter the following properties:
+
+    - **Platform**: Select **Windows 10 and later**.
+    - **Profile**: Select **Templates** > **Custom**.
+
+4. Select **Create**.
+5. In **Basics**, enter the following properties:
+
+    - **Name**: Enter a descriptive name for the profile. Name your profiles so you can easily identify them later. For example, a good profile name is **Win11: Custom Start layout**.
+    - **Description**: Enter a description for the profile. This setting is optional, and recommended.
+
+6. Select **Next**.
+7. In **Configuration settings** > **OMA-URI**, select **Add**. Add the following properties:
+
+    - **Name**: Enter something like **Configure Start pins**.
+    - **Description**: Enter a description for the row. This setting is optional, and recommended.
+    - **OMA-URI**: Enter `./Vendor/MSFT/Policy/Config/Start/ConfigureStartPins`.
+    - **Data type**: Select **String**.
+    - **Value**: Paste the JSON you created or updated in the previous section. For example, enter the following text:
+
+      ```json
+      { 
+        "pinnedList": [ 
+          { "desktopAppId": "MSEdge" }, 
+          { "desktopAppId": "Microsoft.Office.WINWORD.EXE.15" }, 
+          { "packagedAppId": "Microsoft.WindowsStore_8wekyb3d8bbwe!App" }, 
+          { "packagedAppId": "Microsoft.WindowsNotepad_8wekyb3d8bbwe!App" } 
+        ] 
+      } 
+      ```
+
+    Your settings look similar to the following settings:
+
+    :::image type="content" source="./images/customize-start-menu-layout-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png" alt-text="Custom OMA-URI settings to customize Start menu layout using pinnedList":::
+
+8. Select **Save** > **Next** to save your changes.
+9. Configure the rest of the policy settings. For more specific information, see [Create a profile with custom settings](/mem/intune/configuration/custom-settings-configure).
+
+The Windows OS exposes many CSPs that apply to the Start menu. For a list, see [Supported CSP policies for Windows 11 Start menu](supported-csp-start-menu-layout-windows.md).
+
+### Deploy the policy using Endpoint Manager
+
+When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized Start layout, the policy can be deployed anytime, including before users sign in the first time.
+
+For more information and guidance on assigning policies to devices in your organization, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md
new file mode 100644
index 0000000000..8679cc641f
--- /dev/null
+++ b/windows/configuration/customize-taskbar-windows-11.md
@@ -0,0 +1,247 @@
+---
+title: Configure and customize Windows 11 taskbar | Microsoft Docs
+description: On Windows 11 devices, pin and unpin default apps and organization apps on the taskbar using an XML file. Deploy the taskbar XML file using Group Policy or MDM and Microsoft Endpoint Manager. See what happens to the taskbar when the Windows OS client is installed or upgraded.
+ms.assetid: 
+manager: dougeby
+ms.author: aaroncz
+ms.reviewer: chataylo
+ms.prod: w11
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mobile
+author: aczechowski
+ms.localizationpriority: medium
+ms.collection: highpri
+---
+
+# Customize the Taskbar on Windows 11
+
+**Applies to**:
+
+- Windows 11
+
+> **Looking for OEM information?** See [Customize the Taskbar](/windows-hardware/customize/desktop/customize-the-windows-11-taskbar) and [Customize the Start layout](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
+
+Your organization can deploy a customized taskbar to your Windows devices. Customizing the taskbar is common when your organization uses a common set of apps, or wants to bring attention to specific apps. You can also remove the default pinned apps.
+
+For example, you can override the default set of apps with your own a set of pinned apps, and in the order you choose. As an administrator, use this feature to pin apps, remove default pinned apps, order the apps, and more on the taskbar.
+
+To add apps you want pinned to the taskbar, you use an XML file. You can use an existing XML file, or create a new file. If you have an XML file that's used on Windows 10 devices, you can also use it on Windows 11 devices. You may have to update the App IDs.
+
+This article shows you how to create the XML file, add apps to the XML, and deploy the XML file.
+
+## Before you begin
+
+- There isn't a limit on the number of apps that you can pin. In the XML file, add apps using the [Application User Model ID (AUMID)](./find-the-application-user-model-id-of-an-installed-app.md) or Desktop Application Link Path (the local path to the app).
+
+- There are some situations that an app pinned in your XML file won't be pinned in the taskbar. For example, if an app isn't approved or installed for a user, then the pinned icon won't show on the taskbar.
+
+- The order of apps in the XML file dictates the order of pinned apps on the taskbar, from left to right, and to the right of any existing apps pinned by the user. If the OS is configured to use a right-to-left language, then the taskbar order is reversed.
+
+- Some classic Windows applications are packaged differently than they were in previous versions of Windows, including Notepad and File Explorer. Be sure to enter the correct AppID. For more information, see [Application User Model ID (AUMID)](./find-the-application-user-model-id-of-an-installed-app.md) and [Get the AUMID and Desktop app link path](#get-the-aumid-and-desktop-app-link-path) (in this article).
+
+- It's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. For Microsoft, that includes using Microsoft Endpoint Manager. Endpoint Manager includes Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
+
+  In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
+
+  - [Microsoft Endpoint Manager overview](/mem/endpoint-manager-overview)
+  - [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Intune planning guide](/mem/intune/fundamentals/intune-planning-guide)
+  - [What is Configuration Manager?](/mem/configmgr/core/understand/introduction)
+
+## Create the XML file
+
+1. In a text editor, such as Visual Studio Code, create a new XML file. To help you get started, you can copy and paste the following XML sample. The sample pins two apps to the taskbar - File Explorer and the Command Prompt:
+
+    ```xml
+    
+    
+      
+        
+          
+            
+            
+          
+        
+     
+    
+    ```
+
+2. In the `` node, add (or remove) the apps you want pinned. You can pin Universal Windows Platform (UWP) apps and desktop apps:
+
+    - ``: Select this option for UWP apps. Add the [AUMID](./find-the-application-user-model-id-of-an-installed-app.md) of the UWP app.
+    - ``: Select this option for desktop apps. Add the Desktop Application Link Path of the desktop app.
+
+    You can pin as many apps as you want.  Just keep adding them to the list. Remember, the app order in the list is the same order the apps are shown on the taskbar.
+
+    For more information, see [Get the AUMID and Desktop app link path](#get-the-aumid-and-desktop-app-link-path) (in this article).
+
+3. In the `` node, the apps you add are pinned after the default apps. If you want to remove the default apps, and only show the apps you add in the XML file, then add `PinListPlacement="Replace"`:
+
+    - ``: Keeps the default pinned apps. After the default apps, the apps you add are pinned.
+    - ``: Unpins the default apps. Only the apps you add are pinned.
+
+    If you want to remove some of the default pinned apps, then add `PinListPlacement="Replace"`. When you add your apps to ``, include the default apps you still want pinned.
+
+4. In the `` node, use `region=" | "` to use different taskbar configurations based on the device locale and region.
+
+    In the following XML example, two regions are added: `US|UK` and `DE|FR`:
+
+    ```xml
+    
+    
+
+      
+        
+          
+            
+            
+            
+            
+          
+        
+        
+          
+            
+            
+            
+            
+          
+        
+        
+          
+            
+            
+            
+          
+        
+      
+    
+    ```
+
+    The taskbar applies when:
+
+    - If the `` node has a country or region, then the apps are pinned on devices configured for that country or region.
+    - If the `` node doesn't have a region tag for the current region, then the first `` node with no region is applied.
+
+5. Save the file, and name the file so you know what it is. For example, name the file something like `TaskbarLayoutModification.xml`. Once you have the file, it's ready to be deployed to your Windows devices.
+
+## Use Group Policy or MDM to create and deploy a taskbar policy
+
+Now that you have the XML file with your customized taskbar, you're ready to deploy it to devices in your organization. You can deploy your taskbar XML file using Group Policy, or using an MDM provider, like Microsoft Endpoint Manager.
+
+This section shows you how to deploy the XML both ways.
+
+### Use Group Policy to deploy your XML file
+
+Use the following steps to add your XML file to a group policy, and apply the policy:
+
+1. Open your policy editor. For example, open Group Policy Management Console (GPMC) for domain-based group policies, or open `gpedit` for local policies.
+2. Go to one of the following policies:
+
+    - `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Start Layout`
+    - `User Configuration\Administrative Templates\Start Menu and Taskbar\Start Layout`
+
+3. Double-select `Start Layout` > **Enable**. Enter the fully qualified path to your XML file, including the XML file name. You can enter a local path, like `C:\StartLayouts\TaskbarLayoutModification.xml`, or a network path, like `\\Server\Share\TaskbarLayoutModification.xml`. Be sure you enter the correct file path. If using a network share, be sure to give users read access to the XML file. If the file isn't available when the user signs in, then the taskbar isn't changed. Users can't customize the taskbar when this setting is enabled.
+
+    Your policy looks like the following policy:
+
+    :::image type="content" source="./images/customize-taskbar-windows-11/start-layout-group-policy.png" alt-text="Add your taskbar layout XML file to the Start Layout policy on Windows devices.":::
+
+    The `User Configuration\Administrative Templates\Start Menu and Taskbar` policy includes other settings that control the taskbar. Some policies may not work as expected. Be sure to test your policies before broadly deploying them across your devices.
+
+4. When you apply the policy, the taskbar includes your changes. The next time users sign in, they'll see the changes.
+
+    For more information on using group policies, see [Implement Group Policy Objects](/learn/modules/implement-group-policy-objects/).
+
+### Create a Microsoft Endpoint Manager policy to deploy your XML file
+
+MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD). Using an MDM provider, such as Microsoft Endpoint Manager, you can deploy a policy that configures the pinned list.
+
+Use the following steps to create an Endpoint Manager policy that deploys your taskbar XML file:
+
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+
+2. Select **Devices** > **Configuration profiles** > **Create profile**.
+
+3. Enter the following properties:
+
+    - **Platform**: Select **Windows 10 and later**.
+    - **Profile type**: Select **Templates** > **Device restrictions** > **Create**.
+
+4. In **Basics**, enter the following properties:
+
+    - **Name**: Enter a descriptive name for the profile. Name your profiles so you can easily identify it later. For example, a good profile name is **Win11: Custom taskbar**.
+    - **Description**: Enter a description for the profile. This setting is optional, and recommended.
+
+5. Select **Next**.
+
+6. In **Configuration settings**, select **Start** > **Start menu layout**. Browse to, and select your taskbar XML file.
+
+7. Select **Next**, and configure the rest of the policy settings. For more specific information, see [Configure device restriction settings](/mem/intune/configuration/device-restrictions-configure).
+
+8. When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized taskbar, the policy can also be deployed before users sign in the first time.
+
+    For more information and guidance on assigning policies using Microsoft Endpoint Manager, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
+
+> [!NOTE]
+> For third party partner MDM solutions, you may need to use an OMA-URI setting for Start layout, based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider). The OMA-URI setting is `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`.
+
+## Get the AUMID and Desktop app link path
+
+In the layout modification XML file, you add apps in the XML markup. To pin an app, you enter the AUMID or Desktop Application Link Path. The easiest way to find this app information is to use the [Export-StartLayout](/powershell/module/startlayout/export-startlayout) Windows PowerShell cmdlet:
+
+1. On an existing Windows 11 device, pin the app to the Start menu.
+2. Create a folder to save an output file. For example, create the `C:\Layouts` folder.
+3. Open the Windows PowerShell app, and run the following cmdlet:
+
+    ```powershell
+    Export-StartLayout -Path "C:\Layouts\GetIDorPath.xml"
+    ```
+
+4. Open the generated GetIDorPath.xml file, and look for the app you pinned. When you find the app, get the AppID or Path. Add these properties to your XML file.
+
+## Pin order for all apps
+
+On a taskbar, the following apps are typically pinned:
+
+- Apps pinned by the user
+- Default Windows apps pinned during the OS installation, such as Microsoft Edge, File Explorer, and Microsoft Store.
+- Apps pinned by your organization, such as in an unattended Windows setup.
+
+  In an unattended Windows setup file, use the XML file you created in this article. It's not recommended to use [TaskbarLinks](/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-taskbarlinks).
+
+Apps are pinned in the following order:
+
+1. Windows default apps are pinned first.
+2. User-pinned apps are pinned after the Windows default apps.
+3. XML-pinned apps are pinned after the user-pinned apps.
+
+If the OS is configured to use a right-to-left language, then the taskbar order is reversed.
+
+## OS install and upgrade
+
+- On a clean install of the Windows client, if you apply a taskbar layout, the following apps are pinned to the taskbar:
+
+  - Apps you specifically add
+  - Any default apps you don't remove
+
+  After the taskbar layout is applied, users can pin more apps, change the order, and unpin apps.
+
+- On a Windows client upgrade, apps are already pinned to the taskbar. These apps may have been pinned by a user, by an image, or by using Windows unattended setup. For upgrades, the taskbar layout applies the following behavior:
+
+  - If users pinned apps to the taskbar, then those pinned apps remain. New apps are pinned after the existing user-pinned apps.
+  - If the apps are pinned during the install or by a policy (not by a user), and the apps aren't pinned in an updated layout file, then the apps are unpinned.
+  - If a user didn't pin an app, and the same app is pinned in the updated layout file, then the app is pinned after any existing pinned apps.
+  - New apps in updated layout file are pinned after the user's pinned apps.
+
+  After the layout is applied, users can pin more apps, change the order, and unpin apps.
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
index 12f62c8444..434d699db3 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
@@ -1,17 +1,18 @@
 ---
 title: Customize Windows 10 Start and taskbar with Group Policy (Windows 10)
-description: In Windows 10, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain.
+description: In Windows 10, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain.
 ms.assetid: F4A47B36-F1EF-41CD-9CBA-04C83E960545
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 keywords: ["Start layout", "start menu", "layout", "group policy"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.topic: article
+ms.collection: highpri
 ---
 
 # Customize Windows 10 Start and taskbar with Group Policy
@@ -19,11 +20,11 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
 >**Looking for consumer information?** See [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
 
-In Windows 10 Pro, Enterprise, and Education, you can use a Group Policy Object (GPO) to deploy a customized Start and taskbar layout to users in a domain. No reimaging is required, and the layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
+In Windows 10 Pro, Enterprise, and Education, you can use a Group Policy Object (GPO) to deploy a customized Start and taskbar layout to users in a domain. No reimaging is required, and the layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
 
 This topic describes how to update Group Policy settings to display a customized Start and taskbar layout when the users sign in. By creating a domain-based GPO with these settings, you can deploy a customized Start and taskbar layout to users in a domain.
 
@@ -37,16 +38,16 @@ This topic describes how to update Group Policy settings to display a customized
 ## Operating system requirements
 
 
-In Windows 10, version 1607, Start and taskbar layout control using Group Policy is supported in Windows 10 Enterprise and Windows 10 Education. In Windows 10, version 1703, Start and taskbar layout control using Group Policy is also supported in Windows 10 Pro.
+In Windows 10, version 1607, Start and taskbar layout control using Group Policy is supported in Windows 10 Enterprise and Windows 10 Education. In Windows 10, version 1703, Start and taskbar layout control using Group Policy is also supported in Windows 10 Pro.
 
-The GPO can be configured from any computer on which the necessary ADMX and ADML files (StartMenu.admx and StartMenu.adml) for Windows 10 are installed. In Group Policy, ADMX files are used to define Registry-based policy settings in the Administrative Templates category. To find out how to create a central store for Administrative Templates files, see [article 929841, written for Windows Vista and still applicable](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) in the Microsoft Knowledge Base.
+The GPO can be configured from any computer on which the necessary ADMX and ADML files (StartMenu.admx and StartMenu.adml) for Windows 10 are installed. In Group Policy, ADMX files are used to define Registry-based policy settings in the Administrative Templates category. To find out how to create a central store for Administrative Templates files, see [article 929841, written for Windows Vista and still applicable](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) in the Microsoft Knowledge Base.
 
 ## How Start layout control works
 
 
 Three features enable Start and taskbar layout control:
 
--   The [Export-StartLayout](/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. 
+-   The [Export-StartLayout](/powershell/module/startlayout/export-startlayout) cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. 
 
     >[!NOTE]
     >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](/powershell/module/startlayout/import-startlayout) cmdlet.
@@ -56,7 +57,7 @@ Three features enable Start and taskbar layout control:
 -   In Group Policy, you use the **Start Layout** settings for the **Start Menu and Taskbar** administrative template to set a Start and taskbar layout from an .xml file when the policy is applied. The Group Policy object doesn't support an empty tile layout, so the default tile layout for Windows is loaded in that case.
 
 >[!NOTE]
->To learn how customize Start to include your line-of-business apps when you deploy Windows 10, see [Customize the Windows 10 Start layout]( https://go.microsoft.com/fwlink/p/?LinkId=620863).
+>To learn how customize Start to include your line-of-business apps when you deploy Windows 10, see [Customize the Windows 10 Start layout]( https://go.microsoft.com/fwlink/p/?LinkId=620863).
 
  
 
@@ -67,9 +68,9 @@ To apply the Start and taskbar layout to users in a domain, use the Group Policy
 
 The GPO applies the Start and taskbar layout at the next user sign-in. Each time the user signs in, the timestamp of the .xml file with the Start and taskbar layout is checked and if a newer version of the file is available, the settings in the latest version of the file are applied.
 
-The GPO can be configured from any computer on which the necessary ADMX and ADML files (StartMenu.admx and StartMenu.adml) for Windows 10 are installed.
+The GPO can be configured from any computer on which the necessary ADMX and ADML files (StartMenu.admx and StartMenu.adml) for Windows 10 are installed.
 
-The .xml file with the Start and taskbar layout must be located on shared network storage that is available to the users’ computers when they sign in and the users must have Read-only access to the file. If the file is not available when the first user signs in, Start and the taskbar are not customized during the session, but the user will be prevented from making changes to Start. On subsequent sign-ins, if the file is available at sign-in, the layout it contains will be applied to the user's Start and taskbar.
+The .xml file with the Start and taskbar layout must be located on shared network storage that is available to the users' computers when they sign in and the users must have Read-only access to the file. If the file is not available when the first user signs in, Start and the taskbar are not customized during the session, but the user will be prevented from making changes to Start. On subsequent sign-ins, if the file is available at sign-in, the layout it contains will be applied to the user's Start and taskbar.
 
 For information about deploying GPOs in a domain, see [Working with Group Policy Objects](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)).
 
@@ -81,7 +82,7 @@ You can use the Local Group Policy Editor to provide a customized Start and task
 >[!NOTE]
 >This procedure applies the policy settings on the local computer only. For information about deploying the Start and taskbar layout to users in a domain, see [Use Group Policy to deploy a customized Start layout in a domain](#bkmk-domaingpodeployment).
 >
->This procedure creates a Local Group Policy that applies to all users on the computer. To configure Local Group Policy that applies to a specific user or group on the computer, see [Step-by-Step Guide to Managing Multiple Local Group Policy Objects](/previous-versions/windows/it-pro/windows-vista/cc766291(v=ws.10)). The guide was written for Windows Vista and the procedures still apply to Windows 10.
+>This procedure creates a Local Group Policy that applies to all users on the computer. To configure Local Group Policy that applies to a specific user or group on the computer, see [Step-by-Step Guide to Managing Multiple Local Group Policy Objects](/previous-versions/windows/it-pro/windows-vista/cc766291(v=ws.10)). The guide was written for Windows Vista and the procedures still apply to Windows 10.
 
 
 This procedure adds the customized Start and taskbar layout to the user configuration, which overrides any Start layout settings in the local computer configuration when a user signs in on the computer.
@@ -92,13 +93,13 @@ This procedure adds the customized Start and taskbar layout to the user configur
 
 2. Go to **User Configuration** or **Computer Configuration** > **Administrative Templates** >**Start Menu and Taskbar**.
 
-   ![start screen layout policy settings](images/starttemplate.jpg)
+   ![start screen layout policy settings.](images/starttemplate.jpg)
 
 3. Right-click **Start Layout** in the right pane, and click **Edit**.
 
    This opens the **Start Layout** policy settings.
 
-   ![policy settings for start screen layout](images/startlayoutpolicy.jpg)
+   ![policy settings for start screen layout.](images/startlayoutpolicy.jpg)
 
 4. Enter the following settings, and then click **OK**:
 
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
index 814515de59..a06b4c2919 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
@@ -1,18 +1,18 @@
 ---
-title: Alter Windows 10 Start and taskbar via mobile device management
-description: In Windows 10, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users.
+title: Change the Windows 10 Start and taskbar using mobile device management | Microsoft Docs
+description: In Windows 10, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. For example, use Microsoft Intune to configure the start menu layout and taskbar, and deploy the policy to your devices.
 ms.assetid: F487850D-8950-41FB-9B06-64240127C1E4
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 keywords: ["start screen", "start menu"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.topic: article
-ms.author: greglin
+ms.author: aaroncz
 ms.localizationpriority: medium
-ms.date: 02/08/2018
+ms.date: 08/05/2021
 ---
 
 # Customize Windows 10 Start and taskbar with mobile device management (MDM)
@@ -25,7 +25,7 @@ ms.date: 02/08/2018
 
 >**Looking for consumer information?** [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
 
-In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. No reimaging is required, and the layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead.
+In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. No reimaging is required. The layout can be updated simply by overwriting the `.xml` file that contains the layout. This feature enables you to customize Start layouts for different departments or organizations, with minimal management overhead.
 
 >[!NOTE]
 >Support for applying a customized taskbar using MDM is added in Windows 10, version 1703.
@@ -56,36 +56,39 @@ Two features enable Start layout control:
 
 ## Create a policy for your customized Start layout
 
+The following example uses Microsoft Intune to configure an MDM policy that applies a customized Start layout:
 
-This example uses Microsoft Intune to configure an MDM policy that applies a customized Start layout. See the documentation for your MDM solution for help in applying the policy.
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
-1.  In the Microsoft Azure portal, search for **Intune** or go to **More services** > **Intune**.
+2. Select **Devices** > **Configuration profiles** > **Create profile**.
 
-2.  Select **Device configuration**.
+3. Enter the following properties:
 
-3.  Select **Profiles**.
+    - **Platform**: Select **Windows 10 and later**.
+    - **Profile type**: Select **Templates** > **Device restrictions** > **Create**.
 
-4.  Select **Create profile**.
+4. In **Basics**, enter the following properties:
 
-5.  Enter a friendly name for the profile.
+    - **Name**: Enter a descriptive name for the profile. Name your profiles so you can easily identify it later. For example, a good profile name is **Customize Start menu and taskbar**.
+    - **Description**: Enter a description for the profile. This setting is optional, but recommended.
 
-6.  Select **Windows 10 and later** for the platform.
+5. Select **Next**.
 
-7. Select **Device restrictions for the profile type.
+6. In **Configuration settings**, select **Start**:
 
-8. Select **Start**.
+    - If you're using an XML file, select **Start menu layout**. Browse to and select your Start layout XML file.
+    - If you don't have an XML file, configure the others settings. For more information on these settings, see [Start settings in Microsoft Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
 
-9. In **Start menu layout**, browse to and select your Start layout XML File.
+7. Select **Next**.
+8. In **Scope tags**, select **Next**. For more information about scope tags, see [Use RBAC and scope tags for distributed IT](/mem/intune/fundamentals/scope-tags).
+9. In **Assignments**, select the user or groups that will receive your profile. Select **Next**. For more information on assigning profiles, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
+10. In **Review + create**, review your settings. When you select **Create**, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.
 
-10. Select **OK** twice, and then select **Create**.
-
-11. Assign the profile to a device group.
-
-For other MDM solutions, you may need to use an OMA-URI setting for Start layout, based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider). The OMA-URI setting is `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`.
+> [!NOTE]
+> For third party partner MDM solutions, you may need to use an OMA-URI setting for Start layout, based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider). The OMA-URI setting is `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`.
 
 
-## Related topics
-
+## Next steps
 
 - [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
 - [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
@@ -95,5 +98,3 @@ For other MDM solutions, you may need to use an OMA-URI setting for Start layout
 - [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
 - [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
 - [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
- 
-
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
index ea856b24cd..110d43b999 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
@@ -1,15 +1,15 @@
 ---
-title: Customize Windows 10 Start and tasbkar with provisioning packages (Windows 10)
+title: Customize Windows 10 Start and taskbar with provisioning packages (Windows 10)
 description: In Windows 10, you can use a provisioning package to deploy a customized Start layout to users.
 ms.assetid: AC952899-86A0-42FC-9E3C-C25F45B1ACAC
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 keywords: ["Start layout", "start menu"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
 ---
@@ -21,9 +21,11 @@ ms.localizationpriority: medium
 
 - Windows 10
 
-
 > **Looking for consumer information?** [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
 
+> [!NOTE]
+> Currently, using provisioning packages to customize the Start menu layout is supported on Windows 10. It's not supported on Windows 11.
+
 In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, version 1703, you can use a provisioning package that you create with Windows Configuration Designer to deploy a customized Start and taskbar layout to users. No reimaging is required, and the Start and taskbar layout can be updated simply by overwriting the .xml file that contains the layout. The provisioning package can be applied to a running device. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
 
 > [!IMPORTANT]
@@ -87,7 +89,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
 7. Open the customizations.xml file in a text editor. The **<Customizations>** section will look like this:
 
-    ![Customizations file with the placeholder text to replace highlighted](images/customization-start.png)
+    ![Customizations file with the placeholder text to replace highlighted.](images/customization-start.png)
 
 7. Replace **layout.xml** with the text from the layout.xml file, [with markup characters replaced with escape characters](#escape).
 
@@ -136,5 +138,5 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 - [Add image for secondary tiles](start-secondary-tiles.md)
 - [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
 - [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
-- [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
-- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
\ No newline at end of file
+- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
+- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json
index 44006a3af5..18a8bd0b88 100644
--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@@ -32,7 +32,8 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
-      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "recommendations": true,
+      "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",
diff --git a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
index b255491bc9..05e5647ef7 100644
--- a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
+++ b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
@@ -1,13 +1,14 @@
 ---
 title: Find the Application User Model ID of an installed app
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: sybruckm
+manager: dougeby
 description: To configure assigned access (kiosk mode), you need the Application User Model ID (AUMID) of apps installed on a device. 
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
 ms.prod: w10
+ms.collection: highpri
 ---
 # Find the Application User Model ID of an installed app
 
@@ -18,13 +19,13 @@ To configure assigned access (kiosk mode), you need the Application User Model I
 To get the names and AUMIDs for all apps installed for the current user, open a Windows PowerShell command prompt and enter the following command:
 
 ```powershell
-get-StartApps
+Get-StartApps
 ```
 
 To get the names and AUMIDs for Windows Store apps installed for another user, open a Windows PowerShell command prompt and enter the following commands:
 
 ```powershell
-$installedapps = get-AppxPackage
+$installedapps = Get-AppxPackage
 
 $aumidList = @()
 foreach ($app in $installedapps)
@@ -50,7 +51,7 @@ To get the names and AUMIDs for all apps installed for the current user, perform
 
 3. In the **Choose Details** window, select **AppUserModelId**, and then select **OK**. (You might need to change the **View** setting from **Tiles** to **Details**.)
 
-![Image of the Choose Details options](images/aumid-file-explorer.png)
+![Image of the Choose Details options.](images/aumid-file-explorer.png)
 
 ## To find the AUMID of an installed app for the current user by using the registry
 
@@ -75,12 +76,12 @@ function listAumids( $userAccount ) {
     elseif ($userAccount)
     {
         # Find installed packages for the specified account. Must be run as an administrator in order to use this option.
-        $installedapps = get-AppxPackage -user $userAccount
+        $installedapps = Get-AppxPackage -user $userAccount
     }
     else
     {
         # Find installed packages for the current account.
-        $installedapps = get-AppxPackage
+        $installedapps = Get-AppxPackage
     }
 
     $aumidList = @()
diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index d24b76cd0c..13779d0100 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -1,17 +1,17 @@
 ---
-title: Guidelines for choosing an app for assigned access (Windows 10)
+title: Guidelines for choosing an app for assigned access (Windows 10/11)
 description: The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
 keywords: ["kiosk", "lockdown", "assigned access"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.topic: article
-ms.date: 10/02/2018
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: sybruckm
+manager: dougeby
+ms.collection: highpri
 ---
 
 # Guidelines for choosing an app for assigned access (kiosk mode)
@@ -19,7 +19,8 @@ manager: dansimp
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 11
 
 
 You can use assigned access to restrict customers at your business to using only one Windows app so your device acts like a kiosk.  Administrators can use assigned access to restrict a selected user account to access a single Windows app. You can choose almost any Windows app for assigned access; however, some apps may not provide a good user experience.
@@ -45,9 +46,9 @@ Avoid selecting Windows apps that are designed to launch other apps as part of t
 
 ## Guidelines for web browsers
 
-In Windows 10, version 1809, Microsoft Edge includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode.](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
+Starting with Windows 10 version 1809+, Microsoft Edge includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode.](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
 
-In Windows 10, version 1803 and later, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure additional settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren’t allowed to go to a competitor's website. 
+In Windows client, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure additional settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren’t allowed to go to a competitor's website. 
 
 >[!NOTE]
 >Kiosk Browser supports a single tab. If a website has links that open a new tab, those links will not work with Kiosk Browser. Kiosk Browser does not support .pdfs.
@@ -55,7 +56,7 @@ In Windows 10, version 1803 and later, you can install the **Kiosk Browser** app
 >Kiosk Browser cannot access intranet websites.
 
 
-**Kiosk Browser** must be downloaded for offline licensing using Microsoft Store For Business. You can deploy **Kiosk Browser** to devices running Windows 10, version 1803 (Pro, Business, Enterprise, and Education).
+**Kiosk Browser** must be downloaded for offline licensing using Microsoft Store For Business. You can deploy **Kiosk Browser** to devices running Windows 10, version 1803 (Pro, Business, Enterprise, and Education) and Windows 11.
 
 1. [Get **Kiosk Browser** in Microsoft Store for Business with offline license type.](/microsoft-store/acquire-apps-microsoft-store-for-business#acquire-apps)
 2. [Deploy **Kiosk Browser** to kiosk devices.](/microsoft-store/distribute-offline-apps)
@@ -81,7 +82,8 @@ Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh stat
 > 
 > 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
 > 2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18). 
-> 3. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com). 
+> 3. Insert the null character string in between each URL 
+(e.g `www.bing.com` and `www.contoso.com`). 
 > 4. Save the XML file.
 > 5. Open the project again in Windows Configuration Designer.
 > 6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
@@ -119,8 +121,8 @@ The following table describes the results for different combinations of blocked
 
 Blocked URL rule |  Block URL exception rule | Result
 --- | --- | ---
-`*` | `contoso.com`
                  `fabrikam.com` | All requests are blocked unless it is to contoso.com, fabrikam.com, or any of their subdomains.
-`contoso.com` | `mail.contoso.com`
                  `.contoso.com`
                  `.www.contoso.com` | Block all requests to contoso.com, except for the main page and its mail subdomain.
+`*` | `contoso.com`
                  `fabrikam.com` | All requests are blocked unless it is to `contoso.com, fabrikam.com,` or any of their subdomains.
+`contoso.com` | `mail.contoso.com`
                  `.contoso.com`
                  `.www.contoso.com` | Block all requests to `contoso.com,` except for the main page and its mail subdomain.
 `youtube.com` | `youtube.com/watch?v=v1`
                  `youtube.com/watch?v=v2` | Blocks all access to youtube.com except for the specified videos (v1 and v2).
 
 The following table gives examples for blocked URLs. 
@@ -128,11 +130,11 @@ The following table gives examples for blocked URLs.
 
 |          Entry           |                                    Result                                     |
 |--------------------------|-------------------------------------------------------------------------------|
-|      `contoso.com`       | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com  |
+|      `contoso.com`       | Blocks all requests to contoso.com, `www.contoso.com,` and sub.www.contoso.com  |
 |       `https://*`        |                   Blocks all HTTPS requests to any domain.                    |
-|    `mail.contoso.com`    | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com |
+|    `mail.contoso.com`    | Blocks requests to mail.contoso.com but not to `www.contoso.com` or `contoso.com` |
 |      `.contoso.com`      |    Blocks contoso.com but not its subdomains, like subdomain.contoso.com.     |
-|    `.www.contoso.com`    |                Blocks www.contoso.com but not its subdomains.                 |
+|    `.www.contoso.com`    |                Blocks `www.contoso.com` but not its subdomains.                 |
 |           `*`            |    Blocks all requests except for URLs in the Blocked URL Exceptions list.    |
 |         `*:8080`         |                       Blocks all requests to port 8080.                       |
 |   `contoso.com/stuff`    |         Blocks all requests to contoso.com/stuff and its subdomains.          |
@@ -162,10 +164,10 @@ Check the guidelines published by your selected app and set up accordingly.
 
 ## Develop your kiosk app
 
-Assigned access in Windows 10 leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app. 
+Assigned access in Windows client leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app. 
 
 Follow the [best practices guidance for developing a kiosk app for assigned access](/windows-hardware/drivers/partnerapps/create-a-kiosk-app-for-assigned-access). 
 
 ## Test your assigned access experience
 
-The above guidelines may help you select or develop an appropriate Windows app for your assigned access experience. Once you have selected your app, we recommend that you thoroughly test the assigned access experience to ensure that your device provides a good customer experience.
\ No newline at end of file
+The above guidelines may help you select or develop an appropriate Windows app for your assigned access experience. Once you have selected your app, we recommend that you thoroughly test the assigned access experience to ensure that your device provides a good customer experience.
diff --git a/windows/configuration/images/customize-start-menu-layout-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png b/windows/configuration/images/customize-start-menu-layout-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png
new file mode 100644
index 0000000000..cd508b3dea
Binary files /dev/null and b/windows/configuration/images/customize-start-menu-layout-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png differ
diff --git a/windows/configuration/images/customize-start-menu-layout-windows-11/start-menu-layout.png b/windows/configuration/images/customize-start-menu-layout-windows-11/start-menu-layout.png
new file mode 100644
index 0000000000..ca0cbd51cc
Binary files /dev/null and b/windows/configuration/images/customize-start-menu-layout-windows-11/start-menu-layout.png differ
diff --git a/windows/configuration/images/customize-taskbar-windows-11/start-layout-group-policy.png b/windows/configuration/images/customize-taskbar-windows-11/start-layout-group-policy.png
new file mode 100644
index 0000000000..99252bd139
Binary files /dev/null and b/windows/configuration/images/customize-taskbar-windows-11/start-layout-group-policy.png differ
diff --git a/windows/configuration/images/customize-taskbar-windows-11/taskbar-windows-11.png b/windows/configuration/images/customize-taskbar-windows-11/taskbar-windows-11.png
new file mode 100644
index 0000000000..9baebd536f
Binary files /dev/null and b/windows/configuration/images/customize-taskbar-windows-11/taskbar-windows-11.png differ
diff --git a/windows/configuration/images/kiosk-account.PNG b/windows/configuration/images/kiosk-account.PNG
deleted file mode 100644
index f78f9b9d56..0000000000
Binary files a/windows/configuration/images/kiosk-account.PNG and /dev/null differ
diff --git a/windows/configuration/images/kiosk-common.PNG b/windows/configuration/images/kiosk-common.PNG
deleted file mode 100644
index f5873a53aa..0000000000
Binary files a/windows/configuration/images/kiosk-common.PNG and /dev/null differ
diff --git a/windows/configuration/images/seven.png b/windows/configuration/images/seven.png
deleted file mode 100644
index 285a92df0b..0000000000
Binary files a/windows/configuration/images/seven.png and /dev/null differ
diff --git a/windows/configuration/images/six.png b/windows/configuration/images/six.png
deleted file mode 100644
index e8906332ec..0000000000
Binary files a/windows/configuration/images/six.png and /dev/null differ
diff --git a/windows/configuration/includes/multi-app-kiosk-support-windows11.md b/windows/configuration/includes/multi-app-kiosk-support-windows11.md
new file mode 100644
index 0000000000..e3b0982b66
--- /dev/null
+++ b/windows/configuration/includes/multi-app-kiosk-support-windows11.md
@@ -0,0 +1,12 @@
+---
+author: aczechowski
+ms.author: aaroncz
+ms.date: 09/21/2021
+ms.reviewer: 
+audience: itpro
+manager: dougeby
+ms.prod: w10
+ms.topic: include
+---
+
+Currently, multi-app kiosk is only supported on Windows 10. It's not supported on Windows 11.
diff --git a/windows/configuration/index.yml b/windows/configuration/index.yml
index 30c052cbfe..aa2502cdf2 100644
--- a/windows/configuration/index.yml
+++ b/windows/configuration/index.yml
@@ -1,19 +1,22 @@
 ### YamlMime:Landing
 
-title: Configure Windows 10 # < 60 chars
-summary: Find out how to apply custom configurations to Windows 10 devices. Windows 10 provides a number of features and methods to help you configure or lock down specific parts of Windows 10.  # < 160 chars
+title: Configure Windows client # < 60 chars
+summary: Find out how to apply custom configurations to Windows 10 and Windows 11 devices. Windows 10 provides a number of features and methods to help you configure or lock down specific parts of Windows client.  # < 160 chars
 
 metadata:
-  title: Configure Windows 10 # Required; page title displayed in search results. Include the brand. < 60 chars.
-  description: Find out how to apply custom configurations to Windows 10 devices. # Required; article description that is displayed in search results. < 160 chars.
+  title: Configure Windows client # Required; page title displayed in search results. Include the brand. < 60 chars.
+  description: Find out how to apply custom configurations to Windows client devices. # Required; article description that is displayed in search results. < 160 chars.
   services: windows-10
   ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
   ms.subservice: subservice
   ms.topic: landing-page # Required
-  ms.collection: windows-10
-  author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
-  ms.author: greglin #Required; microsoft alias of author; optional team alias.
-  ms.date: 03/23/2021 #Required; mm/dd/yyyy format.
+  ms.collection:
+    - windows-10
+    - highpri
+  author: aczechowski
+  ms.author: aaroncz
+  manager: dougeby
+  ms.date: 08/05/2021 #Required; mm/dd/yyyy format.
   localization_priority: medium
     
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@@ -22,7 +25,7 @@ landingContent:
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
-  - title: Manage Windows 10 settings 
+  - title: Manage Windows client settings 
     linkLists:
       - linkListType: overview
         links:
@@ -35,7 +38,7 @@ landingContent:
 
 
   # Card (optional)
-  - title: Configure a Windows 10 kiosk
+  - title: Configure a Windows kiosk
     linkLists:
       - linkListType: overview
         links:
@@ -48,7 +51,7 @@ landingContent:
 
 
   # Card (optional)
-  - title: Windows 10 provisioning packages
+  - title: Windows client provisioning packages
     linkLists:
       - linkListType: overview
         links:
@@ -70,7 +73,7 @@ landingContent:
             url: wcd/wcd-oobe.md
 
   # Card (optional)
-  - title: Configure Cortana in Windows 10
+  - title: Configure Cortana in Windows client
     linkLists:
       - linkListType: overview
         links:
@@ -80,7 +83,7 @@ landingContent:
             url: cortana-at-work/cortana-at-work-voice-commands.md
 
   # Card (optional)
-  - title: User Experience Virtualization (UE-V) for Windows 10
+  - title: User Experience Virtualization (UE-V) for Windows client
     linkLists:
       - linkListType: overview
         links:
diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md
index 67f49befe3..cd38222026 100644
--- a/windows/configuration/kiosk-additional-reference.md
+++ b/windows/configuration/kiosk-additional-reference.md
@@ -1,15 +1,15 @@
 ---
-title: More kiosk methods and reference information (Windows 10)
+title: More kiosk methods and reference information (Windows 10/11)
 description: Find more information for configuring, validating, and troubleshooting kiosk configuration.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
-ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+ms.reviewer: sybruckm
+manager: dougeby
+ms.author: aaroncz
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
 ms.topic: reference
 ---
@@ -19,7 +19,8 @@ ms.topic: reference
 
 **Applies to**
 
--   Windows 10 Pro, Enterprise, and Education
+- Windows 10 Pro, Enterprise, and Education
+- Windows 11
 
 
 ## In this section
@@ -31,11 +32,8 @@ Topic | Description
 [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | These guidelines will help you choose an appropriate Windows app for your assigned access experience.
 [Policies enforced on kiosk devices](kiosk-policies.md) | Learn about the policies enforced on a device when you configure it as a kiosk.
 [Assigned access XML reference](kiosk-xml.md) | The XML and XSD for kiosk device configuration.
-[Use AppLocker to create a Windows 10 kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education, version 1703 and earlier, so that users can only run a few specific apps.
-[Use Shell Launcher to create a Windows 10 kiosk](kiosk-shelllauncher.md) |  Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface.
-[Use MDM Bridge WMI Provider to create a Windows 10 kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
+[Use AppLocker to create a Windows client kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a Windows client kiosk device running Enterprise or Education so that users can only run a few specific apps.
+[Use Shell Launcher to create a Windows client kiosk](kiosk-shelllauncher.md) |  Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface.
+[Use MDM Bridge WMI Provider to create a Windows client kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
 [Troubleshoot kiosk mode issues](kiosk-troubleshoot.md) | Tips for troubleshooting multi-app kiosk configuration.
 
-
-
-
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md
index 73c8fdcc17..7c0a77b39e 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk-mdm-bridge.md
@@ -1,26 +1,26 @@
 ---
-title: Use MDM Bridge WMI Provider to create a Windows 10 kiosk (Windows 10)
+title: Use MDM Bridge WMI Provider to create a Windows 10/11 kiosk (Windows 10/11)
 description: Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
-ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+ms.reviewer: sybruckm
+manager: dougeby
+ms.author: aaroncz
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.date: 11/07/2018
 ms.topic: article
 ---
 
-# Use MDM Bridge WMI Provider to create a Windows 10 kiosk
+# Use MDM Bridge WMI Provider to create a Windows client kiosk
 
 
 **Applies to**
 
--   Windows 10 Pro, Enterprise, and Education
+- Windows 10 Pro, Enterprise, and Education
+- Windows 11
 
 Environments that use [Windows Management Instrumentation (WMI)](/windows/win32/wmisdk/wmi-start-page) can use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to configure the MDM_AssignedAccess class. For more information about using a PowerShell script to configure AssignedAccess, see [PowerShell Scripting with WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). 
 
@@ -88,4 +88,4 @@ $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
 "@)
 
 Set-CimInstance -CimInstance $obj
-```
\ No newline at end of file
+```
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index 0f19463f6b..ea9c57c785 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -1,16 +1,17 @@
 ---
-title: Configure kiosks and digital signs on Windows desktop editions (Windows 10)
-ms.reviewer: 
-manager: dansimp
-ms.author: greglin
-description: In this article, learn about the methods for configuring kiosks and digital signs on Windows desktop editions.
+title: Configure kiosks and digital signs on Windows 10/11 desktop editions
+ms.reviewer: sybruckm
+manager: dougeby
+ms.author: aaroncz
+description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: greg-lindsay
+author: aczechowski
 ms.topic: article
+ms.collection: highpri
 ---
 
 # Configure kiosks and digital signs on Windows desktop editions
@@ -18,29 +19,60 @@ ms.topic: article
 >[!WARNING]
 >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
-Some desktop devices in an enterprise serve a special purpose, such as a PC in the lobby that customers can use to view your product catalog or a PC displaying visual content as a digital sign. Windows 10 offers two different locked-down experiences for public or specialized use:
+**Applies to**
 
-|  |  |
---- | ---
- | **A single-app kiosk**, which runs a single Universal Windows Platform (UWP) app in fullscreen above the lockscreen. People using the kiosk can see only that app.

                  When the kiosk account (a local standard user account) signs in, the kiosk app will launch automatically, and you can configure the kiosk account to sign in automatically as well. If the kiosk app is closed, it will automatically restart.

                  A single-app kiosk is ideal for public use.

                  (Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk does not run above the lockscreen.) | ![Illustration of a full-screen kiosk experience](images/kiosk-fullscreen.png)
- |  **A multi-app kiosk**, which runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types.

                  A multi-app kiosk is appropriate for devices that are shared by multiple people.

                  When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that will affect **all** non-administrator users on the device. | ![Illustration of a kiosk Start screen](images/kiosk-desktop.png)
+- Windows 10
+- Windows 11
 
-Kiosk configurations are based on **Assigned Access**, a feature in Windows 10 that allows an administrator to manage the user's experience by limiting the application entry points exposed to the user. 
+Some desktop devices in an enterprise serve a special purpose. For example, a PC in the lobby that customers use to see your product catalog. Or, a PC displaying visual content as a digital sign. Windows client offers two different locked-down experiences for public or specialized use:
+
+- **A single-app kiosk**: Runs a single Universal Windows Platform (UWP) app in full screen above the lock screen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app will launch automatically, and you can configure the kiosk account to sign in automatically as well. If the kiosk app is closed, it will automatically restart. 
+  
+  A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk does not run above the lock screen. 
+
+  ![Illustration of a full-screen kiosk experience that runs one app on a Windows client device.](images/kiosk-fullscreen.png)
+
+- **A multi-app kiosk**: Runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types. 
+
+  > [!NOTE]
+  > [!INCLUDE [Multi-app kiosk mode not supported on Windows 11](./includes/multi-app-kiosk-support-windows11.md)]
+
+  A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that will affect **all** non-administrator users on the device. 
+
+  ![Illustration of a kiosk Start screen that runs multiple apps on a Windows client device.](images/kiosk-desktop.png)
+
+Kiosk configurations are based on **Assigned Access**, a feature in Windows client that allows an administrator to manage the user's experience by limiting the application entry points exposed to the user. 
 
 There are several kiosk configuration methods that you can choose from, depending on your answers to the following questions.
 
-|  |  |
---- | ---
-![icon that represents apps](images/office-logo.png) | **Which type of app will your kiosk run?** Your kiosk can run a Universal Windows Platform (UWP) app or a Windows desktop application. For [digital signage](setup-digital-signage.md), simply select a digital sign player as your kiosk app. [Check out the guidelines for kiosk apps.](guidelines-for-assigned-access-app.md) 
-![icon that represents a kiosk](images/kiosk.png) | **Which type of kiosk do you need?** If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#uwp) or a [Windows desktop application](#classic). For a kiosk that people can sign in to with their accounts or that runs more than one app, choose [a multi-app kiosk](#desktop). 
-![icon that represents Windows](images/windows.png) | **Which edition of Windows 10 will the kiosk run?** All of the configuration methods work for Windows 10 Enterprise and Education; some of the methods work for Windows 10 Pro. Kiosk mode is not available on Windows 10 Home. 
-![icon that represents a user account](images/user.png) | **Which type of user account will be the kiosk account?** The kiosk account can be a local standard user account, a local administrator account, a domain account, or an Azure Active Directory (Azure AD) account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use a multi-app kiosk configuration. The single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method.     
+- **Which type of app will your kiosk run?**
+
+    ![icon that represents apps.](images/office-logo.png) 
+
+    Your kiosk can run a Universal Windows Platform (UWP) app or a Windows desktop application. For [digital signage](setup-digital-signage.md), select a digital sign player as your kiosk app. [Check out the guidelines for kiosk apps.](guidelines-for-assigned-access-app.md)
+
+- **Which type of kiosk do you need?**
+
+    ![icon that represents a kiosk.](images/kiosk.png)
+
+    If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#methods-for-a-single-app-kiosk-running-a-uwp-app) or a [Windows desktop application](#classic). For a kiosk that people can sign in to with their accounts or that runs more than one app, choose [a multi-app kiosk](#desktop).
+
+- **Which edition of Windows client will the kiosk run?**
+
+    ![icon that represents Windows.](images/windows.png)
+
+    All of the configuration methods work for Windows client Enterprise and Education; some of the methods work for Windows Pro. Kiosk mode isn't available on Windows Home.
+
+- **Which type of user account will be the kiosk account?**
+
+    ![icon that represents a user account.](images/user.png)
+
+    The kiosk account can be a local standard user account, a local administrator account, a domain account, or an Azure Active Directory (Azure AD) account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use a multi-app kiosk configuration. The single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method.
 
 
 >[!IMPORTANT]
->Single-app kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
- 
-
+>Single-app kiosk mode isn't supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
+
 ## Methods for a single-app kiosk running a UWP app
 
 You can use this method | For this edition | For this kiosk account type 
@@ -52,6 +84,7 @@ You can use this method | For this edition | For this kiosk account type
 [Shell Launcher](kiosk-shelllauncher.md) v2 | Ent, Edu | Local standard user, Active Directory, Azure AD
 
 
+
 ## Methods for a single-app kiosk running a Windows desktop application
 
 You can use this method | For this edition | For this kiosk account type 
@@ -61,6 +94,7 @@ You can use this method | For this edition | For this kiosk account type
 [Shell Launcher](kiosk-shelllauncher.md) v1 and v2 | Ent, Edu | Local standard user, Active Directory, Azure AD
 
 
+
 ## Methods for a multi-app kiosk
 
 You can use this method | For this edition | For this kiosk account type 
@@ -73,15 +107,14 @@ You can use this method | For this edition | For this kiosk account type
 
 Method | App type | Account type | Single-app kiosk | Multi-app kiosk
 --- | --- | --- | :---: | :---:
-[Assigned access in Settings](kiosk-single-app.md#local) | UWP | Local account | X  |
-[Assigned access cmdlets](kiosk-single-app.md#powershell) | UWP | Local account | X |
-[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | UWP, Windows desktop app | Local standard user, Active Directory, Azure AD | X  |
-[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md)  | UWP, Windows desktop app | Local standard user, Active Directory, Azure AD | X  | X
-Microsoft Intune or other MDM [for full-screen single-app kiosk](kiosk-single-app.md#mdm) or [for multi-app kiosk with desktop](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Azure AD | X | X
-[Shell Launcher](kiosk-shelllauncher.md) |Windows desktop app | Local standard user, Active Directory, Azure AD | X | 
-[MDM Bridge WMI Provider](kiosk-mdm-bridge.md) | UWP, Windows desktop app | Local standard user, Active Directory, Azure AD |  | X
+[Assigned access in Settings](kiosk-single-app.md#local) | UWP | Local account | ✔️  |
+[Assigned access cmdlets](kiosk-single-app.md#powershell) | UWP | Local account | ✔️ |
+[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | UWP, Windows desktop app | Local standard user, Active Directory, Azure AD | ✔️  |
+[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md)  | UWP, Windows desktop app | Local standard user, Active Directory, Azure AD | ✔️  | ✔️
+Microsoft Intune or other MDM [for full-screen single-app kiosk](kiosk-single-app.md#mdm) or [for multi-app kiosk with desktop](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Azure AD | ✔️ | ✔️
+[Shell Launcher](kiosk-shelllauncher.md) |Windows desktop app | Local standard user, Active Directory, Azure AD | ✔️ | 
+[MDM Bridge WMI Provider](kiosk-mdm-bridge.md) | UWP, Windows desktop app | Local standard user, Active Directory, Azure AD |  | ✔️
 
 
 >[!NOTE]
->For devices running Windows 10 Enterprise and Education, version 1703 and earlier, you can use [AppLocker](lock-down-windows-10-applocker.md) to lock down a device to specific apps. 
-
+>For devices running Windows client Enterprise and Education, you can also use [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) or [AppLocker](lock-down-windows-10-applocker.md) to lock down a device to specific apps.
diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md
index 9f817f7581..6524e3e543 100644
--- a/windows/configuration/kiosk-policies.md
+++ b/windows/configuration/kiosk-policies.md
@@ -1,18 +1,17 @@
 ---
-title: Policies enforced on kiosk devices (Windows 10)
+title: Policies enforced on kiosk devices (Windows 10/11)
 description: Learn about the policies enforced on a device when you configure it as a kiosk.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: sybruckm
+manager: dougeby
 keywords: ["lockdown", "app restrictions", "applocker"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: edu, security
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.date: 07/30/2018
-ms.author: greglin
+ms.author: aaroncz
 ms.topic: article
 ---
 
@@ -21,7 +20,8 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10 Pro, Enterprise, and Education
+- Windows 10 Pro, Enterprise, and Education
+- Windows 11
 
 
 
@@ -80,4 +80,4 @@ Start/HidePeopleBar		| 1 - True (hide)	| 	No
 [Start/HideChangeAccountSettings](/windows/client-management/mdm/policy-csp-start#start-hidechangeaccountsettings)		| 1 - True (hide) | Yes
 [WindowsInkWorkspace/AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-csp-windowsinkworkspace#windowsinkworkspace-allowwindowsinkworkspace)	| 	0 - Access to ink workspace is disabled and the feature is turned off	| 	Yes
 [Start/StartLayout](/windows/client-management/mdm/policy-csp-start#start-startlayout)	| Configuration dependent	| 	No
-[WindowsLogon/DontDisplayNetworkSelectionUI](/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-dontdisplaynetworkselectionui)	| 	<Enabled/>	| 	Yes
\ No newline at end of file
+[WindowsLogon/DontDisplayNetworkSelectionUI](/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-dontdisplaynetworkselectionui)	| 	<Enabled/>	| 	Yes
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index cd326e6f66..45dec9443a 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -1,17 +1,18 @@
 ---
-title: Prepare a device for kiosk configuration (Windows 10)
+title: Prepare a device for kiosk configuration on Windows 10/11 | Microsoft Docs
 description: Learn how to prepare a device for kiosk configuration. Also, learn about the recommended kiosk configuration changes.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
-ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+ms.reviewer: sybruckm
+manager: dougeby
+ms.author: aaroncz
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
 ms.topic: article
+ms.collection: highpri
 ---
 
 # Prepare a device for kiosk configuration
@@ -19,49 +20,206 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10 Pro, Enterprise, and Education
+- Windows 10 Pro, Enterprise, and Education
+- Windows 11
 
-> [!WARNING]
-> For kiosks in public-facing environments with auto sign-in enabled, you should use a user account with the least privileges, such as a local standard user account.
->
-> Assigned access can be configured via Windows Management Instrumentation (WMI) or configuration service provider (CSP) to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that might allow an attacker subverting the assigned access application to gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so.
 
-> [!IMPORTANT]
-> [User account control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
->
-> Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
+
+## Before you begin
+
+- [User account control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
+- Kiosk mode isn't supported over a remote desktop connection. Your kiosk users must sign in on the physical device that's set up as a kiosk.
+- For kiosks in public-facing environments with auto sign-in enabled, you should use a user account with the least privileges, such as a local standard user account.
+
+  Assigned access can be configured using Windows Management Instrumentation (WMI) or configuration service provider (CSP). Assigned access runs an application using a domain user or service account, not a local account. Using a domain user or service accounts has risks, and might allow an attacker to gain access to domain resources that are accessible to any domain account. When using domain accounts with assigned access, proceed with caution. Consider the domain resources potentially exposed by using a domain account.
+
+- MDM providers, such as [Microsoft Endpoint Manager](/mem/endpoint-manager-getting-started), use the configuration service providers (CSP) exposed by the Windows OS to manage settings on devices. In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
+
+  - [Microsoft Endpoint Manager](/mem/endpoint-manager-getting-started)
+  - [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Intune planning guide](/mem/intune/fundamentals/intune-planning-guide)
+  - [What is Configuration Manager?](/mem/configmgr/core/understand/introduction)
 
 ## Configuration recommendations
 
-For a more secure kiosk experience, we recommend that you make the following configuration changes to the device before you configure it as a kiosk: 
+For a more secure kiosk experience, we recommend that you make the following configuration changes to the device before you configure it as a kiosk:
 
-Recommendation | How to
---- | ---
-Hide update notifications
                  (New in Windows 10, version 1809)   | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\Windows Components\\Windows Update\\Display options for update notifications**
                  -or-
                  Use the MDM setting **Update/UpdateNotificationLevel** from the [**Policy/Update** configuration service provider](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel)
                  -or-
                  Add the following registry keys as type DWORD (32-bit) in the path of **HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate**:
                  **\SetUpdateNotificationLevel** with a value of `1`, and **\UpdateNotificationLevel** with a value of `1` to hide all notifications except restart warnings, or value of `2` to hide all notifications, including restart warnings.
-Enable and schedule automatic updates | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\Windows Components\\Windows Update\\Configure Automatic Updates**, and select `option 4 (Auto download and schedule the install)`
                  -or-
                  Use the MDM setting **Update/AllowAutoUpdate** from the [**Policy/Update** configuration service provider](/windows/client-management/mdm/policy-csp-update#update-allowautoupdate), and select `option 3 (Auto install and restart at a specified time)`

                  **Note:** Installations can take from between 30 minutes and 2 hours, depending on the device, so you should schedule updates to occur when a block of 3-4 hours is available.

                  To schedule the automatic update, configure **Schedule Install Day**, **Schedule Install Time**, and **Schedule Install Week**.
-Enable automatic restart at the scheduled time | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\Windows Components\\Windows Update\\Always automatically restart at the scheduled time**
-Replace "blue screen" with blank screen for OS errors   | Add the following registry key as DWORD (32-bit) type with a value of `1`:

                  **HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\DisplayDisabled**
-Put device in **Tablet mode**. | If you want users to be able to use the touch (on screen) keyboard, go to **Settings** > **System** > **Tablet mode** and choose **On.** Do not turn on this setting if users will not interact with the kiosk, such as for a digital sign.
-Hide **Ease of access** feature on the sign-in screen. |     See [how to disable the Ease of Access button in the registry.](/windows-hardware/customize/enterprise/complementary-features-to-custom-logon#welcome-screen)
-Disable the hardware power button. |     Go to **Power Options** > **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**.
-Remove the power button from the sign-in screen. |     Go to **Computer Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** >**Security Options** > **Shutdown: Allow system to be shut down without having to log on** and select **Disabled.**
-Disable the camera. |     Go to **Settings** > **Privacy** > **Camera**, and turn off **Let apps use my camera**.
-Turn off app notifications on the lock screen. |     Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**.
-Disable removable media. |     Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.

                  **NOTE**: To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.
+- **Hide update notifications**. Starting with Windows 10 version 1809, you can hide notifications from showing on the devices. To enable this feature, you have the following options:
 
+  - **Use Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Windows Update\Display options for update notifications`
+
+  - **Use an MDM provider**: This feature uses the [Update/UpdateNotificationLevel CSP](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel). In Endpoint Manager, you can use the [Windows update settings](/mem/intune/protect/windows-update-settings) to manage this feature.
+
+  - **Use the registry**:
+
+    1. Open Registry Editor (regedit).
+    2. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate`.
+    3. Create a **New** > **DWORD (32-bit) Value**. Enter `SetUpdateNotificationLevel`, and set its value to `1`.
+    4. Create a **New** > **DWORD (32-bit) Value**. Enter `UpdateNotificationLevel`. For value, you can enter:
+
+        - `1`: Hides all notifications except restart warnings.
+        - `2`: Hides all notifications, including restart warnings.
+
+- **Enable and schedule automatic updates**. To enable this feature, you have the following options:
+
+  - **Use Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates`. Select `4 - Auto download and schedule the install`.
+  - **Use an MDM provider**: This feature uses the [Update/AllowAutoUpdate CSP](/windows/client-management/mdm/policy-csp-update#update-allowautoupdate). Select `3 - Auto install and restart at a specified time`. In Endpoint Manager, you can use the [Windows update settings](/mem/intune/protect/windows-update-settings) to manage this feature.
+
+  You can also schedule automatic updates, including **Schedule Install Day**, **Schedule Install Time**, and **Schedule Install Week**. Installations can take between 30 minutes and 2 hours, depending on the device. Schedule updates to occur when a block of 3-4 hours is available.
+
+- **Enable automatic restart at the scheduled time**. To enable this feature, you have the following options:
+
+  - **Use Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Windows Update\Always automatically restart at the scheduled time`. Select `4 - Auto download and schedule the install`.
+
+  - **Use an MDM provider**: This feature uses the [Update/ActiveHoursStart](/windows/client-management/mdm/policy-csp-update#update-activehoursstart) and [Update/ActiveHoursEnd](/windows/client-management/mdm/policy-csp-update#update-activehoursend) CSPs. In Endpoint Manager, you can use the [Windows update settings](/mem/intune/protect/windows-update-settings) to manage this feature.
+
+- **Replace "blue screen" with blank screen for OS errors**. To enable this feature, use the Registry Editor:
+
+  1. Open Registry Editor (regedit).
+  2. Go to `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl`.
+  3. Create a **New** > **DWORD (32-bit) Value**. Enter `DisplayDisabled`, and set its value to `1`.
+
+- **Put device in "Tablet mode"**. If you want users to use the touch screen, without using a keyboard or mouse, then turn on tablet mode using the Settings app. If users won't interact with the kiosk, such as for a digital sign, then don't turn on this setting.
+
+  Applies to Windows 10 only. Currently, Tablet mode isn't supported on Windows 11.
+
+  Your options:
+
+  - Use the **Settings** app:
+    1. Open the **Settings** app.
+    2. Go to **System** > **Tablet mode**.
+    3. Configure the settings you want.
+
+  - Use the **Action Center**:
+    1. On your device, swipe in from the left.
+    2. Select **Tablet mode**.
+
+- **Hide "Ease of access" feature on the sign-in screen**: To enable this feature, you have the following options:
+
+  - **Use an MDM provider**: In Endpoint Manager, you can use the [Control Panel and Settings](/mem/intune/configuration/device-restrictions-windows-10#control-panel-and-settings) to manage this feature.
+  - **Use the registry**: For more information, see [how to disable the Ease of Access button in the registry](/windows-hardware/customize/enterprise/complementary-features-to-custom-logon#welcome-screen).
+
+- **Disable the hardware power button**: To enable this feature, you have the following options:
+
+  - **Use the Settings app**:
+    1. Open the **Settings** app.
+    2. Go to **System** > **Power & Sleep** > **Additional power settings** > **Choose what the power button does**.
+    3. Select **Do nothing**.
+    4. **Save changes**.
+
+  - **Use Group Policy**: Your options:
+
+    - `Computer Configuration\Administrative Templates\System\Power Management\Button Settings`: Set `Select Power Button Action on Battery` and `Select Power Button Action on Plugged In` to **Take no action**.
+    - `User Configuration\Administrative Templates\Start Menu and Taskbar\Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands`: This policy hides the buttons, but doesn't disable them.
+    - `Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Shut down the system`: Remove the users or groups from this policy.
+
+      To prevent this policy from affecting a member of the Administrators group, be sure to keep the Administrators group.
+
+  - **Use an MDM provider**: In Endpoint Manager, you have some options:
+
+    - [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following settings:
+
+      - `Power\Select Power Button Action on Battery`: Set to **Take no action**.
+      - `Power\Select Power Button Action on Plugged In`: Set to **Take no action**.
+      - `Start\Hide Power Button`: Set to **Enabled**. This policy hides the button, but doesn't disable it.
+
+    - [Administrative templates](/mem/intune/configuration/administrative-templates-windows): These templates are the administrative templates used in on-premises Group Policy. Configure the following setting:
+
+      - `\Start menu and Taskbar\Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands`: This policy hides the buttons, but doesn't disable them.
+
+      When looking at settings, check the supported OS for each setting to make sure it applies.
+
+    - [Start settings in a device configuration profile](/mem/intune/configuration/device-restrictions-windows-10#start): This option shows this setting, and all the Start menu settings you can manage.
+
+- **Remove the power button from the sign-in screen**. To enable this feature, you have the following options:
+
+  - **Use Group Policy**: `Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on`. Select **Disabled**.
+
+  - **Use MDM**: In Endpoint Manager, you have the following option:
+
+    - [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following setting:
+
+      - `Local Policies Security Options\Shutdown Allow System To Be Shut Down Without Having To Log On`: Set to **Disabled**.
+
+- **Disable the camera**: To enable this feature, you have the following options:
+
+  - **Use the Settings app**: 
+    1. Open the **Settings** app.
+    2. Go to **Privacy** > **Camera**.
+    3. Select **Allow apps use my camera** > **Off**.
+
+  - **Use Group Policy**: `Computer Configuration\Administrative Templates\Windows Components\Camera: Allow use of camera`: Select **Disabled**.
+
+  - **Use an MDM provider**: This feature uses the [Policy CSP - Camera](/windows/client-management/mdm/policy-csp-camera). In Endpoint Manager, you have the following options:
+
+    - [General settings in a device configuration profile](/mem/intune/configuration/device-restrictions-windows-10#general): This option shows this setting, and more settings you can manage.
+    - [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following setting:
+
+      - `Camera\Allow camera`: Set to **Not allowed**.
+
+- **Turn off app notifications on the lock screen**: To enable this feature, you have the following options:
+
+  - **Use the Settings app**:
+
+    1. Open the **Settings** app.
+    2. Go to **System** > **Notifications & actions**.
+    3. In **Show notifications on the lock screen**, select **Off**.
+
+  - **Use Group policy**:
+    - `Computer Configuration\Administrative Templates\System\Logon\Turn off app notifications on the lock screen`: Select **Enabled**.
+    - `User Configuration\Administrative Templates\Start Menu and Taskbar\Notifications\Turn off toast notifications on the lock screen`: Select **Enabled**.
+
+  - **Use an MDM provider**: This feature uses the [AboveLock/AllowToasts CSP](/windows/client-management/mdm/policy-csp-abovelock#abovelock-allowtoasts). In Endpoint Manager, you have the following options:
+
+    - [Locked screen experience device configuration profile](/mem/intune/configuration/device-restrictions-windows-10#locked-screen-experience): See this setting, and more settings you can manage.
+
+    - [Administrative templates](/mem/intune/configuration/administrative-templates-windows): These templates are the administrative templates used in on-premises Group Policy. Configure the following settings:
+
+      - `\Start Menu and Taskbar\Notifications\Turn off toast notifications on the lock screen`: Select **Enabled**.
+      - `\System\Logon\Turn off app notifications on the lock screen`: Select **Enabled**.
+
+      When looking at settings, check the supported OS for each setting to make sure it applies.
+
+    - [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following settings:
+
+      - `\Start Menu and Taskbar\Notifications\Turn off toast notifications on the lock screen`: Select **Enabled**.
+      - `\System\Logon\Turn off app notifications on the lock screen`: Select **Enabled**.
+
+- **Disable removable media**:  To enable this feature, you have the following options:
+
+  - **Use Group policy**: `Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions`. Review the available settings that apply to your situation.
+
+    To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
+
+  - **Use an MDM provider**: In Endpoint Manager, you have the following options:
+
+    - [General settings in a device configuration profile](/mem/intune/configuration/device-restrictions-windows-10#general): See the **Removable storage** setting, and more settings you can manage.
+
+    - [Administrative templates](/mem/intune/configuration/administrative-templates-windows): These templates are the administrative templates used in on-premises Group Policy. Configure the following settings:
+
+      - `\System\Device Installation`: There are several policies you can manage, including restrictions in `\System\Device Installation\Device Installation Restrictions`.
+
+        To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
+
+      When looking at settings, check the supported OS for each setting to make sure it applies.
+
+    - [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following settings:
+
+      - `\Administrative Templates\System\Device Installation`: There are several policies you can manage, including restrictions in `\System\Device Installation\Device Installation Restrictions`. 
+
+        To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
 
 ## Enable logging
 
 Logs can help you [troubleshoot issues](./kiosk-troubleshoot.md) kiosk issues. Logs about configuration and runtime issues can be obtained by enabling the **Applications and Services Logs\Microsoft\Windows\AssignedAccess\Operational** channel, which is disabled by default.
 
-![Event Viewer, right-click Operational, select enable log](images/enable-assigned-access-log.png)
+:::image type="content" source="images/enable-assigned-access-log.png" alt-text="On Windows client, open Event Viewer, right-click Operational, select enable log to turn on logging to help troubleshoot.":::
 
 ## Automatic logon
 
-In addition to the settings in the table, you may want to set up **automatic logon** for your kiosk device. When your kiosk device restarts, whether from an update or power outage, you can sign in the assigned access account manually or you can configure the device to sign in to the assigned access account automatically. Make sure that Group Policy settings applied to the device do not prevent automatic sign in.
+You may also want to set up **automatic logon** for your kiosk device. When your kiosk device restarts, from an update or power outage, you can sign in the assigned access account manually. Or, you can configure the device to sign in to the assigned access account automatically. Make sure that Group Policy settings applied to the device don't prevent automatic sign in.
 
 > [!NOTE]
-> If you are using a Windows 10 and later device restriction CSP to set "Preferred Azure AD tenant domain", this will break the "User logon type" auto-login feature of the Kiosk profile.
+> If you are using a Windows client device restriction CSP to set "Preferred Azure AD tenant domain", this will break the "User logon type" auto-login feature of the Kiosk profile.
 
 > [!TIP]
 > If you use the [kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) or [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) to configure your kiosk, you can set an account to sign in automatically in the wizard or XML. 
@@ -88,7 +246,7 @@ In addition to the settings in the table, you may want to set up **automatic log
    - *DefaultPassword*: set value as the password for the account.
 
      > [!NOTE]
-     > If *DefaultUserName* and *DefaultPassword* aren't there, add them as **New** > **String Value**.
+     > If *DefaultUserName* and *DefaultPassword* aren't there, add them as **New** > **String Value**.
 
    - *DefaultDomainName*: set value for domain, only for domain accounts. For local accounts, do not add this key.
 
@@ -104,150 +262,56 @@ In addition to the settings in the table, you may want to set up **automatic log
 
 The following table describes some features that have interoperability issues we recommend that you consider when running assigned access.
 
-> [!Note]
-> Where applicable, the table notes which features are optional that you can configure for assigned access.
+- **Accessibility**: Assigned access does not change Ease of Access settings. We recommend that you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block the following key combinations that bring up accessibility features:
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  FeatureDescription
                  Accessibility
                  Assigned access does not change Ease of Access settings.
                  
-
                  We recommend that you use Keyboard Filter to block the following key combinations that bring up accessibility features:
                  
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  Key combinationBlocked behavior
                  Left Alt+Left Shift+Print Screen
                  Open High Contrast dialog box.
                  Left Alt+Left Shift+Num Lock
                  Open Mouse Keys dialog box.
                  Windows logo key+U
                  Open Ease of Access Center.
                  
-
                   
                  Assigned access Windows PowerShell cmdlets
                  In addition to using the Windows UI, you can use the Windows PowerShell cmdlets to set or clear assigned access. For more information, see Assigned access Windows PowerShell reference.
                  Key sequences blocked by assigned access
                  When in assigned access, some key combinations are blocked for assigned access users.
                  
-
                  Alt+F4, Alt+Shift+Tab, Alt+Tab are not blocked by Assigned Access, it is recommended you use Keyboard Filter to block these key combinations.
                  
-
                  Ctrl+Alt+Delete is the key to break out of Assigned Access. If needed, you can use Keyboard Filter to configure a different key combination to break out of assigned access by setting BreakoutKeyScanCode as described in WEKF_Settings.
                  
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  Key combinationBlocked behavior for assigned access users
                  Alt+Esc
                  Cycle through items in the reverse order from which they were opened.
                  Ctrl+Alt+Esc
                  Cycle through items in the reverse order from which they were opened.
                  Ctrl+Esc
                  Open the Start screen.
                  Ctrl+F4
                  Close the window.
                  Ctrl+Shift+Esc
                  Open Task Manager.
                  Ctrl+Tab
                  Switch windows within the application currently open.
                  LaunchApp1
                  Open the app that is assigned to this key.
                  LaunchApp2
                  Open the app that is assigned to this key, which on many Microsoft keyboards is Calculator.
                  LaunchMail
                  Open the default mail client.
                  Windows logo key
                  Open the Start screen.
                  
-
                   
                  
-
                  Keyboard Filter settings apply to other standard accounts.
                  Key sequences blocked by Keyboard Filter
                  If Keyboard Filter is turned ON then some key combinations are blocked automatically without you having to explicitly block them. For more information, see the Keyboard Filter reference topic.
                  
-
                  Keyboard Filter is only available on Windows 10 Enterprise or Windows 10 Education.
                  
-
                  Power button
                  Customizations for the Power button complement assigned access, letting you implement features such as removing the power button from the Welcome screen. Removing the power button ensures the user cannot turn off the device when it is in assigned access.
                  
-
                  For more information on removing the power button or disabling the physical power button, see Custom Logon.
                  Unified Write Filter (UWF)
                  UWFsettings apply to all users, including those with assigned access.
                  
-
                  For more information, see Unified Write Filter.
                  WEDL_AssignedAccess class
                  Although you can use this class to configure and manage basic lockdown features for assigned access, we recommend that you use the Windows PowerShell cmdlets instead.
                  
-
                  If you need to use assigned access API, see WEDL_AssignedAccess.
                  Welcome Screen
                  Customizations for the Welcome screen let you personalize not only how the Welcome screen looks, but for how it functions. You can disable the power or language button, or remove all user interface elements. There are many options to make the Welcome screen your own.
                  
-
                  For more information, see Custom Logon.
                  
+  | Key combination | Blocked behavior |
+  | --- | --- | 
+  | Left Alt + Left Shift + Print Screen | Open High Contrast dialog box. |
+  | Left Alt + Left Shift + Num Lock | Open Mouse Keys dialog box. |
+  | Windows logo key + U | Open Ease of Access Center. | 
 
+- **Assigned access Windows PowerShell cmdlets**: In addition to using the Windows UI, you can use the Windows PowerShell cmdlets to set or clear assigned access. For more information, see [Assigned access Windows PowerShell reference](/powershell/module/assignedaccess/)
 
-
+- **Key sequences blocked by assigned access**: When in assigned access, some key combinations are blocked for assigned access users.
+
+  Alt + F4, Alt + Shift + Tab, Alt + Tab are not blocked by Assigned Access, it's recommended you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block these key combinations.
+
+  Ctrl + Alt + Delete is the key to break out of Assigned Access. If needed, you can use Keyboard Filter to configure a different key combination to break out of assigned access by setting BreakoutKeyScanCode as described in [WEKF_Settings](/windows-hardware/customize/enterprise/wekf-settings).
+
+  | Key combination | Blocked behavior for assigned access users |
+  | --- | --- | 
+  | Alt + Esc | Cycle through items in the reverse order from which they were opened. |
+  | Ctrl + Alt + Esc | Cycle through items in the reverse order from which they were opened. |
+  | Ctrl + Esc | Open the Start screen. |
+  | Ctrl + F4 | Close the window. |
+  | Ctrl + Shift + Esc | Open Task Manager. |
+  | Ctrl + Tab | Switch windows within the application currently open. |
+  | LaunchApp1 | Open the app that is assigned to this key. |
+  | LaunchApp2 | Open the app that is assigned to this key, which on many Microsoft keyboards is Calculator. |
+  | LaunchMail | Open the default mail client. |
+  | Windows logo key | Open the Start screen. |
+
+  Keyboard Filter settings apply to other standard accounts.
+
+- **Key sequences blocked by [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)**: If Keyboard Filter is turned ON, then some key combinations are blocked automatically without you having to explicitly block them. For more information, see the [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter).
+
+  [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) is only available on Windows client Enterprise or Education.
+
+- **Power button**: Customizations for the Power button complement assigned access, letting you implement features such as removing the power button from the Welcome screen. Removing the power button ensures the user cannot turn off the device when it's in assigned access.
+
+  For more information on removing the power button or disabling the physical power button, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).
+
+- **Unified Write Filter (UWF)**: UWFsettings apply to all users, including users with assigned access.
+
+  For more information, see [Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter).
+
+- **WEDL_AssignedAccess class**: You can use this class to configure and manage basic lockdown features for assigned access. It's recommended to you use the Windows PowerShell cmdlets instead.
+
+  If you need to use assigned access API, see [WEDL_AssignedAccess](/windows-hardware/customize/enterprise/wedl-assignedaccess).
+
+- **Welcome Screen**: Customizations for the Welcome screen let you personalize not only how the Welcome screen looks, but for how it functions. You can disable the power or language button, or remove all user interface elements. There are many options to make the Welcome screen your own.
+
+  For more information, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).
 
 ## Testing your kiosk in a virtual machine (VM)
 
@@ -257,8 +321,8 @@ A single-app kiosk configuration runs an app above the lock screen. It doesn't w
 
 When you connect to a VM configured as a single-app kiosk, you need a *basic* session rather than an enhanced session. In the following image, notice that **Enhanced session** is not selected in the **View** menu; that means it's a basic session.
 
-![VM windows, View menu, Extended session is not selected](images/vm-kiosk.png)
+:::image type="content" source="images/vm-kiosk.png" alt-text="Use a basic session to connect a virtual machine. In the View menu, Extended session isn't selected, which means basic is used.":::
 
-To connect to a VM in a basic session, do not select **Connect** in the connection dialog, as shown in the following image, but instead, select the **X** button in the upper-right corner to cancel the dialog. 
+To connect to a VM in a basic session, don't select **Connect** in the connection dialog, as shown in the following image, but instead, select the **X** button in the upper-right corner to cancel the dialog:
 
-![Do not select the connect button, use "close X" in the top corner](images/vm-kiosk-connect.png)
\ No newline at end of file
+:::image type="content" source="images/vm-kiosk-connect.png" alt-text="Don't select the connect button. Use the close X in the top corner to connect to a VM in basic session.":::
diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index f510b637bd..3cd7d04a31 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -1,26 +1,28 @@
 ---
-title: Use Shell Launcher to create a Windows 10 kiosk (Windows 10)
+title: Use Shell Launcher to create a Windows 10/11 kiosk (Windows 10/11)
 description: Shell Launcher lets you change the default shell that launches when a user signs in to a device.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
-ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+ms.reviewer: sybruckm
+manager: dougeby
+ms.author: aaroncz
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
 ms.topic: article
+ms.collection: highpri
 ---
 
-# Use Shell Launcher to create a Windows 10 kiosk
+# Use Shell Launcher to create a Windows client kiosk
 
 
 **Applies to**
 - Windows 10 Ent, Edu
+- Windows 11
 
-Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows 10, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in Windows 10, version 1809 and above, you can also specify a UWP app as the replacement shell. To use **Shell Launcher v2** in version 1809, you need to install the [KB4551853](https://support.microsoft.com/help/4551853) update. 
+Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows client, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in Windows 10 version 1809+ / Windows 11, you can also specify a UWP app as the replacement shell. To use **Shell Launcher v2** in Windows 10 version 1809, you need to install the [KB4551853](https://support.microsoft.com/help/4551853) update. 
 
 >[!NOTE]
 >Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components. 
@@ -30,7 +32,7 @@ Using Shell Launcher, you can configure a device that runs an application as the
 >- [AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview) - Application control policies
 >- [Mobile Device Management](/windows/client-management/mdm) - Enterprise management of device security policies
 
-You can apply a custom shell through Shell Launcher [by using PowerShell](#configure-a-custom-shell-using-powershell). In Windows 10, version 1803 and later, you can also [use mobile device management (MDM)](#configure-a-custom-shell-in-mdm) to apply a custom shell through Shell Launcher.
+You can apply a custom shell through Shell Launcher [by using PowerShell](#configure-a-custom-shell-using-powershell). Starting with Windows 10 version 1803+, you can also [use mobile device management (MDM)](#configure-a-custom-shell-in-mdm) to apply a custom shell through Shell Launcher.
 
 
 ## Differences between Shell Launcher v1 and Shell Launcher v2
@@ -137,7 +139,7 @@ The OMA-URI path is `./Device/Vendor/MSFT/AssignedAccess/ShellLauncher`.
 
 For the value, you can select data type `String` and paste the desired configuration file content into the value box. If you wish to upload the xml instead of pasting the content, choose data type `String (XML file)`. 
 
-![Screenshot of custom OMA-URI settings](images/slv2-oma-uri.png)
+![Screenshot of custom OMA-URI settings.](images/slv2-oma-uri.png)
 
 After you configure the profile containing the custom Shell Launcher setting, select **All Devices** or selected groups of devices to apply the profile to. Don't assign the profile to users or user groups.
 
@@ -292,7 +294,7 @@ Value|Description
 
 These action can be used as default action, or can be mapped to a specific exit code. Refer to [Shell Launcher](/windows-hardware/customize/enterprise/wesl-usersettingsetcustomshell) to see how these codes with Shell Launcher WMI.
 
-To configure these action with Shell Launcher CSP, use below syntax in the shell launcher configuration xml. You can specify at most 4 custom actions mapping to 4 exit codes, and one default action for all other exit codes. When app exits and if the exit code is not found in the custom action mapping, or there is no default action defined, it will be no-op, i.e. nothing happens. So it's recommeded to at least define DefaultAction. [Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2)
+To configure these action with Shell Launcher CSP, use below syntax in the shell launcher configuration xml. You can specify at most 4 custom actions mapping to 4 exit codes, and one default action for all other exit codes. When app exits and if the exit code is not found in the custom action mapping, or there is no default action defined, it will be no-op, i.e. nothing happens. So it's recommended to at least define DefaultAction. [Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2)
 ``` xml
 
     
@@ -302,4 +304,4 @@ To configure these action with Shell Launcher CSP, use below syntax in the shell
 
 
 
-```
\ No newline at end of file
+```
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index ca176d9d44..e002ead309 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -1,32 +1,31 @@
 ---
-title: Set up a single-app kiosk (Windows 10)
-description: A single-use device is easy to set up in Windows 10 for desktop editions (Pro, Enterprise, and Education).
+title: Set up a single-app kiosk on Windows 10/11
+description: A single-use device is easy to set up in Windows 10 and Windows 11 for desktop editions (Pro, Enterprise, and Education).
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
-ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+ms.reviewer: sybruckm
+manager: dougeby
+ms.author: aaroncz
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.date: 01/09/2019
 ms.topic: article
+ms.collection: highpri
 ---
 
-# Set up a single-app kiosk
+# Set up a single-app kiosk on Windows 10/11
 
 
 **Applies to**
 
--   Windows 10 Pro, Enterprise, and Education
+- Windows 10 Pro, Enterprise, and Education
+- Windows 11
 
+A single-app kiosk uses the Assigned Access feature to run a single app above the lock screen. When the kiosk account signs in, the app is launched automatically. The person using the kiosk cannot do anything on the device outside of the kiosk app.
 
-
-|  |  |
---- | ---
-A single-app kiosk uses the Assigned Access feature to run a single app above the lockscreen.

                   When the kiosk account signs in, the app is launched automatically. The person using the kiosk cannot do anything on the device outside of the kiosk app. | ![Illustration of a single-app kiosk experience](images/kiosk-fullscreen-sm.png)
+![Illustration of a single-app kiosk experience.](images/kiosk-fullscreen-sm.png)
 
 >[!IMPORTANT]
 >[User account control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
@@ -35,48 +34,69 @@ A single-app kiosk uses the Assigned Access feature to run a single app above th
 
 You have several options for configuring your single-app kiosk. 
 
-Method | Description
---- | ---
-[Locally, in Settings](#local) | The **Set up a kiosk** (previously named **Set up assigned access**) option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account. 

                  This method is supported on Windows 10 Pro, Enterprise, and Education.
-[PowerShell](#powershell) | You can use Windows PowerShell cmdlets to set up a single-app kiosk. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.

                  This method is supported on Windows 10 Pro, Enterprise, and Education.
-[The kiosk wizard in Windows Configuration Designer](#wizard) | Windows Configuration Designer is a tool that produces a *provisioning package*, which is a package of configuration settings that can be applied to one or more devices during the first-run experience (OOBE) or after OOBE is done (runtime). You can also create the kiosk user account and install the kiosk app, as well as other useful settings, using the kiosk wizard.

                  This method is supported on Windows 10 Pro (version 1709 and later), Enterprise, and Education.
-[Microsoft Intune or other mobile device management (MDM) provider](#mdm) | For managed devices, you can use MDM to set up a kiosk configuration.

                  This method is supported on Windows 10 Pro (version 1709 and later), Enterprise, and Education.
+- [Locally, in Settings](#local):  The **Set up a kiosk** (previously named **Set up assigned access**) option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account. 
 
+  This option supports:
 
->[!TIP]
->You can also configure a kiosk account and app for single-app kiosk within [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) by using a [kiosk profile](lock-down-windows-10-to-specific-apps.md#profile).  
+  - Windows 10 Pro, Enterprise, and Education
+  - Windows 11
+
+- [PowerShell](#powershell): You can use Windows PowerShell cmdlets to set up a single-app kiosk. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.
+
+  This option supports:
+
+  - Windows 10 Pro, Enterprise, and Education
+  - Windows 11
+
+- [The kiosk wizard in Windows Configuration Designer](#wizard): Windows Configuration Designer is a tool that produces a *provisioning package*. A provisioning package includes configuration settings that can be applied to one or more devices during the first-run experience (OOBE), or after OOBE is done (runtime). Using the kiosk wizard, you can also create the kiosk user account, install the kiosk app, and configure more useful settings.
+
+  This option supports:
+
+  - Windows 10 Pro version 1709+, Enterprise, and Education
+  - Windows 11
+
+- [Microsoft Intune or other mobile device management (MDM) provider](#mdm): For devices managed by your organization, you can use MDM to set up a kiosk configuration.
+
+  This option supports:
+
+  - Windows 10 Pro version 1709+, Enterprise, and Education
+  - Windows 11
+
+> [!TIP]
+> You can also configure a kiosk account and app for single-app kiosk within [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) by using a [kiosk profile](lock-down-windows-10-to-specific-apps.md#profile).  
 >
->Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
-
+> Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
 
 
 
 
 ## Set up a kiosk in local Settings
 
->App type: UWP
+>App type: 
+> - UWP
 >
->OS edition: Windows 10 Pro, Ent, Edu
+>OS:
+> - Windows 10 Pro, Ent, Edu
+> - Windows 11
 >
->Account type: Local standard user
+>Account type:
+> - Local standard user
 
 You can use **Settings** to quickly configure one or a few devices as a kiosk. 
 
-When your kiosk is a local device that is not managed by Active Directory or Azure Active Directory, there is a default setting that enables automatic sign-in after a restart. That means that when the device restarts, the last signed-in user will be signed in automatically. If the last signed-in user is the kiosk account, the kiosk app will be launched automatically after the device restarts.
+When your kiosk is a local device that isn't managed by Active Directory or Azure Active Directory, there is a default setting that enables automatic sign-in after a restart. That means that when the device restarts, the last signed-in user will be signed in automatically. If the last signed-in user is the kiosk account, the kiosk app will be launched automatically after the device restarts.
 
-- If you want the kiosk account signed in automatically and the kiosk app launched when the device restarts, there is nothing you need to do.
+- If you want the kiosk account to sign in automatically, and the kiosk app launched when the device restarts, then you don't need to do anything.
 
-- If you do not want the kiosk account signed in automatically when the device restarts, you must change the default setting before you configure the device as a kiosk. Sign in with the account that you will assign as the kiosk account, go to **Settings** > **Accounts** > **Sign-in options**, and toggle the **Use my sign-in info to automatically finish setting up my device after an update or restart** setting to **Off**. After you change the setting, you can apply the kiosk configuration to the device.
+- If you don't want the kiosk account to sign in automatically when the device restarts, then you must change the default setting before you configure the device as a kiosk. Sign in with the account that you will assign as the kiosk account. Open the **Settings** app > **Accounts** > **Sign-in options**. Set the **Use my sign-in info to automatically finish setting up my device after an update or restart** setting to **Off**. After you change the setting, you can apply the kiosk configuration to the device.
 
-![Screenshot of automatic sign-in setting](images/auto-signin.png)
+  ![Screenshot of automatic sign-in setting.](images/auto-signin.png)
 
-### Instructions for Windows 10, version 1809
+### Windows 10 version 1809+ / Windows 11
 
-When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows 10, version 1809, you create the kiosk user account at the same time.
+When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows client, you create the kiosk user account at the same time. To set up assigned access in PC settings:
 
-**To set up assigned access in PC settings**
-
-1.  Go to **Start** > **Settings** > **Accounts** > **Other users**.
+1.  Open the **Settings** app > **Accounts**. Select **Other users** or **Family and other users**.
 
 2.  Select **Set up a kiosk > Assigned access**, and then select **Get started**.
 
@@ -96,15 +116,15 @@ When you set up a kiosk (also known as *assigned access*) in **Settings** for Wi
 To remove assigned access, select the account tile on the **Set up a kiosk** page, and then select **Remove kiosk**.
 
 
-### Instructions for Windows 10, version 1803 and earlier
+### Windows 10 version 1803 and earlier
 
-When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows 10, version 1803 and earlier, you must select an existing local standard user account. [Learn how to create a local standard user account.](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10)
+When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows 10 version 1803 and earlier, you must select an existing local standard user account. [Learn how to create a local standard user account.](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10)
 
-![The Set up assigned access page in Settings](images/kiosk-settings.png)
+![The Set up assigned access page in Settings.](images/kiosk-settings.png)
 
 **To set up assigned access in PC settings**
 
-1.  Go to **Start** > **Settings** > **Accounts** > **Other people**.
+1.  Go to **Start** > **Settings** > **Accounts** > **Other people**.
 
 2.  Select **Set up assigned access**.
 
@@ -112,158 +132,213 @@ When you set up a kiosk (also known as *assigned access*) in **Settings** for Wi
 
 4.  Choose an app. Only apps that can run above the lock screen will be available in the list of apps to choose from. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md).
 
-5.  Close **Settings** – your choices are saved automatically, and will be applied the next time that user account logs on.
+5.  Close **Settings** – your choices are saved automatically, and will be applied the next time that user account signs in.
 
 To remove assigned access, choose **Turn off assigned access and sign out of the selected account**.
 
-
-
-
-
-
-
 
 
 ## Set up a kiosk using Windows PowerShell
 
  
->App type: UWP
+>App type: 
+> - UWP
 >
->OS edition: Windows 10 Pro, Ent, Edu
+>OS: 
+> - Windows 10 Pro, Ent, Edu
+> - Windows 11
 >
->Account type: Local standard user
+>Account type: 
+> - Local standard user
 
-![PowerShell windows displaying Set-AssignedAccess cmdlet](images/set-assignedaccess.png)
+![PowerShell windows displaying Set-AssignedAccess cmdlet.](images/set-assignedaccess.png)
 
 You can use any of the following PowerShell cmdlets to set up assigned access on multiple devices. 
 
 Before you run the cmdlet:
 
-1. Log in as administrator.
+1. Sign in as administrator.
 2. [Create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) for Assigned Access.
-3. Log in as the Assigned Access user account.
+3. Sign in as the Assigned Access user account.
 4. Install the Universal Windows app that follows the assigned access/above the lock guidelines.
-5. Log out as the Assigned Access user account.
-6. Log in as administrator.
+5. Sign out as the Assigned Access user account.
+6. Sign in as administrator.
 
-To open PowerShell on Windows 10, search for PowerShell and find **Windows PowerShell Desktop app** in the results. Run PowerShell as administrator.
+To open PowerShell on Windows client, search for PowerShell, and find **Windows PowerShell Desktop app** in the results. Run PowerShell as administrator.
 
-**Configure assigned access by AppUserModelID and user name**
-
-```
-Set-AssignedAccess -AppUserModelId  -UserName 
-```
-**Configure assigned access by AppUserModelID and user SID**
-
-```
-Set-AssignedAccess -AppUserModelId  -UserSID 
-```
-**Configure assigned access by app name and user name**
-
-```
-Set-AssignedAccess -AppName  -UserName 
-```
-**Configure assigned access by app name and user SID**
-
-```
-Set-AssignedAccess -AppName  -UserSID 
-```
+- **Configure assigned access by AppUserModelID and user name**: `Set-AssignedAccess -AppUserModelId  -UserName `
+- **Configure assigned access by AppUserModelID and user SID**: `Set-AssignedAccess -AppUserModelId  -UserSID `
+- **Configure assigned access by app name and user name**: `Set-AssignedAccess -AppName  -UserName `
+- **Configure assigned access by app name and user SID**: `Set-AssignedAccess -AppName  -UserSID `
 
 > [!NOTE]
-> To set up assigned access using `-AppName`, the user account that you specify for assigned access must have logged on at least once. 
+> To set up assigned access using `-AppName`, the user account that you enter for assigned access must have signed in at least once. 
 
 [Learn how to get the AUMID](./find-the-application-user-model-id-of-an-installed-app.md).
 
 [Learn how to get the AppName](/powershell/module/assignedaccess/set-assignedaccess) (see **Parameters**).
 
-To remove assigned access, using PowerShell, run the following cmdlet.
+To remove assigned access, using PowerShell, run the following cmdlet:
 
-```
+```powershell
 Clear-AssignedAccess
 ```
 
-
 
 
 ## Set up a kiosk using the kiosk wizard in Windows Configuration Designer
 
->App type: UWP or Windows desktop application
+>App type:
+> - UWP 
+> - Windows desktop application
 >
->OS edition: Windows 10 Pro (version 1709 and later) for UWP only; Ent, Edu for both app types
+>OS:
+> - Windows 10 Pro version 1709+ for UWP only
+> - Windows 10 Ent, Edu for UWP and Windows desktop applications
+> - Windows 11
 >
->Account type: Local standard user, Active Directory 
+>Account type:
+> - Local standard user
+> - Active Directory 
 
-![Kiosk wizard option in Windows Configuration Designer](images/kiosk-wizard.png)
+![Kiosk wizard option in Windows Configuration Designer.](images/kiosk-wizard.png)
 
 
 >[!IMPORTANT]
->When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows).
+>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon).
 
 When you use the **Provision kiosk devices** wizard in Windows Configuration Designer, you can configure the kiosk to run either a Universal Windows app or a Windows desktop application.
 
+[Install Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md), then open Windows Configuration Designer and select **Provision kiosk devices**. After you name your project, and select **Next**, configure the following settings:
 
-[Install Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md), then open Windows Configuration Designer and select **Provision kiosk devices**. After you name your project, and click **Next**, configure the settings as shown in the following table.
+1. Enable device setup:
 
+    :::image type="content" source="images/set-up-device-details.png" alt-text="In Windows Configuration Designer, enable device setup, enter the device name, the product key to upgrade, turn off shared use, and remove preinstalled software.":::
 
+    If you want to enable device setup, select **Set up device**, and configure the following settings:
 
-
-
-
-
-
- 
-
-
-
-
                  step oneset up device

                  Enable device setup if you want to configure settings on this page.

                  If enabled:

                  Enter a name for the device.

                  (Optional) Select a license file to upgrade Windows 10 to a different edition. See the permitted upgrades.

                  Toggle Configure devices for shared use off. This setting optimizes Windows 10 for shared use scenarios and isn't necessary for a kiosk scenario.

                  You can also select to remove pre-installed software from the device.                   		device name, upgrade to enterprise, shared use, remove pre-installed software
                  step two  set up network

                  Enable network setup if you want to configure settings on this page.

                  If enabled:

                  Toggle On or Off for wireless network connectivity. If you select On, enter the SSID, the network type (Open or WPA2-Personal), and (if WPA2-Personal) the password for the wireless network.                  		Enter network SSID and type
                  step three  account management

                  Enable account management if you want to configure settings on this page. 

                  If enabled:

                  You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device

                  To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.

                  Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization. The maximum number of devices per user setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 180 days from the date you get the token). Click Get bulk token. In the Let's get you signed in window, enter an account that has permissions to join a device to Azure AD, and then the password. Click Accept to give Windows Configuration Designer the necessary permissions.

                  Warning: You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.

                  To create a local administrator account, select that option and enter a user name and password. 

                  Important: If you create a local account in the provisioning package, you must change the password using the Settings app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.                    		join Active Directory, Azure AD, or create a local admin account
                  step four add applications

                  You can provision the kiosk app in the Add applications step. You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see Provision PCs with apps

                  Warning: If you click the plus button to add an application, you must specify an application for the provisioning package to validate. If you click the plus button in error, select any executable file in Installer Path, and then a Cancel button becomes available, allowing you to complete the provisioning package without an application.                   		add an application
                  step five add certificates

                  To provision the device with a certificate for the kiosk app, click Add a certificate. Enter a name for the certificate, and then browse to and select the certificate to be used.                  		add a certificate
                  step six  Configure kiosk account and app

                  You can create a local standard user account that will be used to run the kiosk app. If you toggle No, make sure that you have an existing user account to run the kiosk app.

                  If you want to create an account, enter the user name and password, and then toggle Yes or No to automatically sign in the account when the device starts. (If you encounter issues with auto sign-in after you apply the provisioning package, check the Event Viewer logs for auto logon issues under Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational.)

                  In Configure the kiosk mode app, enter the name of the user account that will run the kiosk mode app. Select the type of app to run in kiosk mode, and then enter the path or filename (for a Windows desktop application) or the AUMID (for a Universal Windows app). For a Windows desktop application, you can use the filename if the path to the file is in the PATH environment variable, otherwise the full path is required.                  		The 'Configure kiosk common settings' button as displayed while provisioning a kiosk device in Windows Configuration Designer.
                  step seven  configure kiosk common settings

                  On this step, select your options for tablet mode, the user experience on the Welcome and shutdown screens, and the timeout settings.                  		set tablet mode and configure welcome and shutdown and turn off timeout settings
                    The 'finish' button as displayed while provisioning a kiosk device in Windows Configuration Designer.

                  You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.                  		Protect your package
                  
+    - **Device name**: Required. Enter a unique 15-character name for the device. You can use variables to add unique characters to the name, such as `Contoso-%SERIAL%` and `Contoso-%RAND:5%`.
+    - **Enter product key**: Optional. Select a license file to upgrade Windows client to a different edition. For more information, see [the permitted upgrades](/windows/deployment/upgrade/windows-10-edition-upgrades).
+    - **Configure devices for shared use**: This setting optimizes Windows client for shared use scenarios, and isn't necessary for a kiosk scenario. Set this value to **No**, which may be the default.
+    - **Remove pre-installed software**: Optional. Select **Yes** if you want to remove preinstalled software.
 
+2. Set up the network:
+
+    :::image type="content" source="images/set-up-network-details.png" alt-text="In Windows Configuration Designer, turn on wireless connectivity, enter the network SSID, and network type.":::
+
+    If you want to enable network setup, select **Set up network**, and configure the following settings:
+
+    - **Set up network**: To enable wireless connectivity, select **On**.
+    - **Network SSID**: Enter the Service Set Identifier (SSID) of the network.
+    - **Network type**: Select **Open** or **WPA2-Personal**. If you select **WPA2-Personal**, enter the password for the wireless network.
+
+3. Enable account management:
+
+    :::image type="content" source="images/account-management-details.png" alt-text="In Windows Configuration Designer, join Active Directory, Azure AD, or create a local admin account.":::
+
+    If you want to enable account management, select **Account Management**, and configure the following settings:
+
+    - **Manage organization/school accounts**: Choose how devices are enrolled. Your options:
+      - **Active Directory**: Enter the credentials for a least-privileged user account to join the device to the domain.
+      - **Azure Active Directory**: Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup). In your Azure AD tenant, the **maximum number of devices per user** setting determines how many times the bulk token in the wizard can be used.
+
+        If you select this option, enter a friendly name for the bulk token you get using the wizard. Set an expiration date for the token. The maximum is 180 days from the date you get the token. Select **Get bulk token**. In **Let's get you signed in**, enter an account that has permissions to join a device to Azure AD, and then the password. Select **Accept** to give Windows Configuration Designer the necessary permissions.
+
+        You must run Windows Configuration Designer on Windows client to configure Azure AD enrollment using any of the wizards.
+
+      - **Local administrator**: If you select this option, enter a user name and password. If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password isn't changed during that period, the account might be locked out, and unable to sign in.
+
+4. Add applications:
+
+    :::image type="content" source="images/add-applications-details.png" alt-text="In Windows Configuration Designer, add an application that will run in kiosk mode.":::
+
+    To add applications to the devices, select **Add applications**. You can install multiple applications in a provisioning package, including Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps. The settings in this step vary depending on the application you select. For help with the settings, see [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md).
+
+    > [!WARNING]
+    > If you select the plus button to add an application, you must enter an application for the provisioning package to validate. If you select the plus button by mistake, then:
+    >
+    > 1. In **Installer Path**, select any executable file.
+    > 2. When the **Cancel** button shows, select it.
+    >
+    > These steps let you complete the provisioning package without adding an application.
+
+5. Add certificates:
+
+    :::image type="content" source="images/add-certificates-details.png" alt-text="In Windows Configuration Designer, add a certificate.":::
+
+    To add a certificate to the devices, select **Add certificates**, and configure the following settings:
+
+    - **Certificate name**: Enter a name for the certificate.
+    - **Certificate path**: Browse and select the certificate you want to add.
+
+6. Configure the kiosk account, and the kiosk mode app:
+
+    :::image type="content" source="images/kiosk-account-details.png" alt-text="In Windows Configuration Designer, the Configure kiosk common settings button is shown when provisioning a kiosk device.":::
+
+    To add the account that runs the app and choose the app type, select **Configure kiosk account and app**, and configure the following settings:
+
+    - **Create a local standard user account to run the kiosk mode app**: Select **Yes** to create a local standard user account, and enter the **User name** and **Password**. This user account runs the app. If you select **No**, make sure you have an existing user account to run the kiosk app.
+    - **Auto sign-in**: Select **Yes** to automatically sign in the account when the device starts. **No** doesn't automatically sign in the account. If there are issues with auto sign-in after you apply the provisioning package, then check the Event Viewer logs for auto logon issues (`Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational`).
+    - **Configure the kiosk mode app**: Enter the **User name** of the account that will run the kiosk mode app. In **App type**, select the type of app to run. Your options:
+      - **Windows desktop application**: Enter the path or filename. If the file path is in the PATH environment variable, then you can use the filename. Otherwise, the full path is required.
+      - **Universal Windows app**: Enter the AUMID.
+
+7. Configure kiosk common settings:
+
+    :::image type="content" source="images/kiosk-common-details.png" alt-text="In Windows Configuration Designer, set tablet mode, configure the welcome and shutdown screens, and turn off the power timeout settings.":::
+
+    To configure the tablet mode, configure welcome and shutdown screens, and set the power settings, select **Configure kiosk common settings**, and configure the following settings:
+
+    - **Set tablet mode**
+    - **Customize user experience**
+    - **Configure power settings**
+
+8. Finish:
+
+    :::image type="content" source="images/finish-details.png" alt-text="In Windows Configuration Designer, protect your package with a password.":::
+
+    To complete the wizard, select **Finish**, and configure the following setting:
+
+    - **Protect your package**: Select **Yes** to password protect your provisioning package. When you apply the provisioning package to a device, you must enter this password.
 
 >[!NOTE]
->If you want to use [the advanced editor in Windows Configuration Designer](provisioning-packages/provisioning-create-package.md#configure-settings), specify the user account and app (by AUMID) in **Runtime settings** > **AssignedAccess** > **AssignedAccessSettings**
+>If you want to use [the advanced editor in Windows Configuration Designer](provisioning-packages/provisioning-create-package.md#configure-settings), specify the user account and app (by AUMID) in **Runtime settings** > **AssignedAccess** > **AssignedAccessSettings**
 
 >[!IMPORTANT]
 >When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 
-
-
-
 [Learn how to apply a provisioning package.](provisioning-packages/provisioning-apply-package.md)
 
-
-
-
-
- 
-
-
 
 
 ## Set up a kiosk or digital sign using Microsoft Intune or other MDM service
 
->App type: UWP 
+>App type: 
+> - UWP
 >
->OS edition: Windows 10 Pro (version 1709), Ent, Edu
+>OS: 
+> - Windows 10 Pro version 1709+, Ent, Edu
+> - Windows 11
 >
->Account type: Local standard user, Azure AD
-
-
+>Account type:
+> - Local standard user
+> - Azure AD
 
 Microsoft Intune and other MDM services enable kiosk configuration through the [AssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/assignedaccess-csp). Assigned Access has a `KioskModeApp` setting. In the `KioskModeApp` setting, you enter the user account name and the [AUMID](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the app to run in kiosk mode.
 
 >[!TIP]
->Starting in Windows 10, version 1803, a ShellLauncher node has been added to the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). 
+>A ShellLauncher node has been added to the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). 
 
-To configure a kiosk in Microsoft Intune, see [Windows 10 and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](/intune/kiosk-settings). For other MDM services, see the documentation for your provider.
+To configure a kiosk in Microsoft Intune, see [Windows client and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](/intune/kiosk-settings). For other MDM services, see the documentation for your provider.
 
 
 
 ## Sign out of assigned access
 
-To exit the assigned access (kiosk) app, press **Ctrl + Alt + Del**, and then sign in using another account. When you press **Ctrl + Alt + Del** to sign out of assigned access, the kiosk app will exit automatically. If you sign in again as the assigned access account or wait for the login screen timeout, the kiosk app will be re-launched. The assigned access user will remain signed in until an admin account opens **Task Manager** > **Users** and signs out the user account.
+To exit the assigned access (kiosk) app, press **Ctrl + Alt + Del**, and then sign in using another account. When you press **Ctrl + Alt + Del** to sign out of assigned access, the kiosk app will exit automatically. If you sign in again as the assigned access account or wait for the sign in screen timeout, the kiosk app relaunches. The assigned access user will remain signed in until an admin account opens **Task Manager** > **Users** and signs out the user account.
 
 If you press **Ctrl + Alt + Del** and do not sign in to another account, after a set time, assigned access will resume. The default time is 30 seconds, but you can change that in the following registry key:
 
-**HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI**
+`HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI`
 
 To change the default time for assigned access to resume, add *IdleTimeOut* (DWORD) and enter the value data as milliseconds in hexadecimal.
-
diff --git a/windows/configuration/kiosk-troubleshoot.md b/windows/configuration/kiosk-troubleshoot.md
index 75781737fb..cb60660c38 100644
--- a/windows/configuration/kiosk-troubleshoot.md
+++ b/windows/configuration/kiosk-troubleshoot.md
@@ -1,17 +1,17 @@
 ---
-title: Troubleshoot kiosk mode issues (Windows 10)
+title: Troubleshoot kiosk mode issues (Windows 10/11)
 description: Learn how to troubleshoot single-app and multi-app kiosk configurations, as well as common problems like sign-in issues.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: sybruckm
+manager: dougeby
 keywords: ["lockdown", "app restrictions"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: edu, security
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.topic: article
 ---
 
@@ -20,12 +20,13 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 11
 
 ## Single-app kiosk issues
 
 >[!TIP]
->We recommend that you [enable logging for kiosk issues](kiosk-prepare.md#enable-logging). For some failures, events are only captured once. If you enable logging after an issue occurs with your kiosk, the logs may not capture those one-time events. In that case, prepare a new kiosk environment (such as a [virtual machine (VM)](kiosk-prepare.md#test-vm)), set up your kiosk account and configuration, and try to reproduce the problem.
+>We recommend that you [enable logging for kiosk issues](kiosk-prepare.md#enable-logging). For some failures, events are only captured once. If you enable logging after an issue occurs with your kiosk, the logs may not capture those one-time events. In that case, prepare a new kiosk environment (such as a [virtual machine (VM)](kiosk-prepare.md#testing-your-kiosk-in-a-virtual-machine-vm)), set up your kiosk account and configuration, and try to reproduce the problem.
 
 ### Sign-in issues 
 
@@ -38,6 +39,9 @@ Check the Event Viewer logs for auto logon issues under **Applications and Servi
 
 ## Multi-app kiosk issues
 
+> [!NOTE]
+> [!INCLUDE [Multi-app kiosk mode not supported on Windows 11](./includes/multi-app-kiosk-support-windows11.md)]
+
 ### Unexpected results 
 
 For example:
@@ -53,7 +57,7 @@ For example:
 3. Verify that the configuration XML file is authored and formatted correctly. Correct any configuration errors, then create and apply a new provisioning package. Sign out and sign in again to check the new configuration.
 4. Additional logs about configuration and runtime issues can be obtained by enabling the **Applications and Services Logs\Microsoft\Windows\AssignedAccess\Operational** channel, which is disabled by default.
 
-![Event Viewer, right-click Operational, select enable log](images/enable-assigned-access-log.png)
+![Event Viewer, right-click Operational, select enable log.](images/enable-assigned-access-log.png)
 
 
 ### Automatic logon issues 
diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk-validate.md
index 13ba945753..934dd1ed77 100644
--- a/windows/configuration/kiosk-validate.md
+++ b/windows/configuration/kiosk-validate.md
@@ -1,17 +1,16 @@
 ---
-title: Validate kiosk configuration (Windows 10)
-description: In this article, learn what to expect on a multi-app kiosk in Windows 10 Pro, Enterprise, and Education.
+title: Validate kiosk configuration (Windows 10/11)
+description: In this article, learn what to expect on a multi-app kiosk in Windows 10/11 Pro, Enterprise, and Education.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
-ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+ms.reviewer: sybruckm
+manager: dougeby
+ms.author: aaroncz
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.date: 07/30/2018
 ms.topic: article
 ---
 
@@ -20,7 +19,8 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10 Pro, Enterprise, and Education
+- Windows 10 Pro, Enterprise, and Education
+- Windows 11
 
 To identify the provisioning packages applied to a device, go to **Settings** > **Accounts** > **Access work or school**, and then click **Add or remove a provisioning package**. You should see a list of packages that were applied to the device.
 
@@ -93,4 +93,4 @@ The multi-app mode removes options (e.g. **Change a password**, **Task Manager**
 
 ### Auto-trigger touch keyboard
 
-In the multi-app mode, the touch keyboard will be automatically triggered when there is an input needed and no physical keyboard is attached on touch-enabled devices. You don’t need to configure any other setting to enforce this behavior.
\ No newline at end of file
+In the multi-app mode, the touch keyboard will be automatically triggered when there is an input needed and no physical keyboard is attached on touch-enabled devices. You don’t need to configure any other setting to enforce this behavior.
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index 36dd8ce054..7dd54085f1 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -1,18 +1,17 @@
 ---
-title: Assigned Access configuration kiosk XML reference (Windows 10)
-description: Learn about the assigned access configuration (kiosk) for XML and XSD for kiosk device configuration in Windows 10.
+title: Assigned Access configuration kiosk XML reference (Windows 10/11)
+description: Learn about the assigned access configuration (kiosk) for XML and XSD for kiosk device configuration in Windows 10/11.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: sybruckm
+manager: dougeby
 keywords: ["lockdown", "app restrictions", "applocker"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: edu, security
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.date: 10/02/2018
-ms.author: greglin
+ms.author: aaroncz
 ms.topic: article
 ---
 
@@ -21,7 +20,8 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 11
 
 ## Full XML sample
 
@@ -255,9 +255,16 @@ This sample demonstrates that both UWP and Win32 apps can be configured to autom
 ```
 
 ## Global Profile Sample XML
-Global Profile is currently supported in Windows 10, version 2004. Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lockdown mode, or used as mitigation when a profile cannot be determined for a user.
 
-This sample demonstrates that only a global profile is used, no active user configured. Global profile will be applied when every non-admin account logs in 
+Global Profile is supported on:
+
+- Windows 10 version 2004+
+- Windows 11
+
+Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lockdown mode, or used as mitigation when a profile cannot be determined for a user.
+
+This sample demonstrates that only a global profile is used, no active user configured. Global profile will be applied when every non-admin account logs in.
+
 ```xml
 
 [!NOTE]
->Updated for Windows 10, version 1903 and later.
-Below schema is for AssignedAccess Configuration up to Windows 10 1803 release.
+>Updated for Windows 10, version 1903+.
+
+The following XML schema is for AssignedAccess Configuration up to Windows 10 1803 release:
 
 ```xml
 
@@ -814,7 +822,8 @@ Below schema is for AssignedAccess Configuration up to Windows 10 1803 release.
 
 ```
 
-Here is the schema for new features introduced in Windows 10 1809 release
+The following XML is the schema for new features introduced in Windows 10 1809 release:
+
 ```xml
 
 
 ```
 
-Schema for Windows 10, version 1909 and later
+The following XML is the schema for Windows 10 version 1909+:
+
 ```xml
 
 
 ```
 
-To authorize a compatible configuration XML that includes elements and attributes from Windows 10, version 1809 or newer, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. For example, to configure the autolaunch feature that was added in Windows 10, version 1809, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10, version 1809, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
+To authorize a compatible configuration XML that includes elements and attributes from Windows 10 version 1809 or newer / Windows 11, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias.
+
+For example, to configure the autolaunch feature that was added in Windows 10 version 1809 / Windows 11, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10 version 1809 / Windows 11, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
+
 ```xml
  [!NOTE]
+> [!INCLUDE [Multi-app kiosk mode not supported on Windows 11](./includes/multi-app-kiosk-support-windows11.md)]
+> The use of multiple monitors isn't supported for multi-app kiosk mode.
+
+A [kiosk device](./kiosk-single-app.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/assignedaccess-csp) was expanded to make it easy for administrators to create kiosks that run more than one app. The benefit of a kiosk that runs only one or more specified apps is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don't need to access.
 
 The following table lists changes to multi-app kiosk in recent updates.
 
-|                                                                                                                            New features and improvements                                                                                                                             |                                                                                                           In update                                                                                                           |
-|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|                     - Configure [a single-app kiosk profile](#profile) in your XML file

                  - Assign [group accounts to a config profile](#config-for-group-accounts)

                  - Configure [an account to sign in automatically](#config-for-autologon-account)                     |                                                                                                   Windows 10, version 1803                                                                                                    |
+| New features and improvements |  In update |
+| --- | ---|
+| - Configure [a single-app kiosk profile](#profile) in your XML file

                  - Assign [group accounts to a config profile](#config-for-group-accounts)

                  - Configure [an account to sign in automatically](#config-for-autologon-account) | Windows 10, version 1803 |
 | - Explicitly allow [some known folders when user opens file dialog box](#fileexplorernamespacerestrictions)

                  - [Automatically launch an app](#allowedapps) when the user signs in

                  - Configure a [display name for the autologon account](#config-for-autologon-account) | Windows 10, version 1809

                  **Important:** To use features released in Windows 10, version 1809, make sure that [your XML file](#create-xml-file) references `https://schemas.microsoft.com/AssignedAccess/201810/config`. |
 
 >[!WARNING]
@@ -43,7 +43,10 @@ You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provi
 
 ## Configure a kiosk in Microsoft Intune
 
-To configure a kiosk in Microsoft Intune, see [Windows 10 and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](/intune/kiosk-settings). For explanations of the specific settings, see [Windows 10 and later device settings to run as a kiosk in Intune](/intune/kiosk-settings-windows).
+To configure a kiosk in Microsoft Intune, see:
+
+- [Windows client and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](/intune/kiosk-settings)
+- [Windows client device settings to run as a kiosk in Intune](/intune/kiosk-settings-windows)
 
 
 
@@ -59,7 +62,7 @@ Watch how to use a provisioning package to configure a multi-app kiosk.
 
 >[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]
 
-If you don't want to use a provisioning package, you can deploy the configuration XML file using [mobile device management (MDM)](#alternate-methods) or you can configure assigned access using the [MDM Bridge WMI Provider](kiosk-mdm-bridge.md).
+If you don't want to use a provisioning package, you can deploy the configuration XML file using [mobile device management (MDM)](#use-mdm-to-deploy-the-multi-app-configuration), or you can configure assigned access using the [MDM Bridge WMI Provider](kiosk-mdm-bridge.md).
 
 ### Prerequisites
 
@@ -79,11 +82,11 @@ Let's start by looking at the basic structure of the XML file.
 
 - Multiple config sections can be associated to the same profile.
 
-- A profile has no effect if it’s not associated to a config section.
+- A profile has no effect if it's not associated to a config section.
 
-    ![profile = app and config = account](images/profile-config.png)
+    ![profile = app and config = account.](images/profile-config.png)
 
-You can start your file by pasting the following XML (or any other examples in this topic) into a XML editor, and saving the file as *filename*.xml. Each section of this XML is explained in this topic. You can see a full sample version in the [Assigned access XML reference.](kiosk-xml.md)
+You can start your file by pasting the following XML into an XML editor, and saving the file as *filename*.xml. Each section of this XML is explained in this article. You can see a full sample version in the [Assigned access XML reference.](kiosk-xml.md)
 
 ```xml
 
@@ -114,7 +117,7 @@ You can start your file by pasting the following XML (or any other examples in t
 There are two types of profiles that you can specify in the XML:
 
 - **Lockdown profile**: Users assigned a lockdown profile will see the desktop in tablet mode with the specific apps on the Start screen.
-- **Kiosk profile**: New in Windows 10, version 1803, this profile replaces the KioskModeApp node of the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). Users assigned a kiosk profile will not see the desktop, but only the kiosk app running in full-screen mode.
+- **Kiosk profile**: Starting with Windows 10 version 1803, this profile replaces the KioskModeApp node of the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). Users assigned a kiosk profile won't see the desktop, but only the kiosk app running in full-screen mode.
 
 A lockdown profile section in the XML has the following entries:
 
@@ -146,28 +149,28 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can
 
 ##### AllowedApps
 
-**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Windows desktop applications. In Windows 10, version 1809, you can configure a single app in the **AllowedApps** list to run automatically when the assigned access user account signs in.
+**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Windows desktop applications. Starting with Windows 10 version 1809, you can configure a single app in the **AllowedApps** list to run automatically when the assigned access user account signs in.
 
 - For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](./find-the-application-user-model-id-of-an-installed-app.md), or [get the AUMID from the Start Layout XML](#startlayout).
-- For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%).
-- If an app has a dependency on another app, both must be included in the allowed apps list. For example, Internet Explorer 64-bit has a dependency on Internet Explorer 32-bit, so you must allow both "C:\Program Files\internet explorer\iexplore.exe" and “C:\Program Files (x86)\Internet Explorer\iexplore.exe”.
+- For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of `%variableName%`. For example, `%systemroot%` or `%windir%`.
+- If an app has a dependency on another app, both must be included in the allowed apps list. For example, Internet Explorer 64-bit has a dependency on Internet Explorer 32-bit, so you must allow both `"C:\Program Files\internet explorer\iexplore.exe"` and `"C:\Program Files (x86)\Internet Explorer\iexplore.exe"`.
 - To configure a single app to launch automatically when the user signs in, include `rs5:AutoLaunch="true"` after the AUMID or path. You can also include arguments to be passed to the app. For an example, see [the AllowedApps sample XML](#apps-sample).
 
 When the multi-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration. Here are the predefined assigned access AppLocker rules for **UWP apps**:
 
 1. Default rule is to allow all users to launch the signed package apps.
-2. The package app deny list is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the deny list. This list will exclude the default allowed inbox package apps which are critical for the system to function, and then exclude the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This deny list will be used to prevent the user from accessing the apps which are currently available for the user but not in the allowed list.
+2. The package app blocklist is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the blocklist. This list will exclude the default allowed inbox package apps, which are critical for the system to function. It then excludes the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This blocklist will be used to prevent the user from accessing the apps that are currently available for the user but not in the allowed list.
 
-    >[!NOTE]
-    >You cannot manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh994629(v=ws.11)#BKMK_Using_Snapins). Avoid creating AppLocker rules that conflict with AppLocker rules that are generated by the multi-app kiosk configuration.
+    > [!NOTE]
+    > You can't manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh994629(v=ws.11)#BKMK_Using_Snapins). Avoid creating AppLocker rules that conflict with AppLocker rules that are generated by the multi-app kiosk configuration.
     >
-    >Multi-app kiosk mode doesn’t block the enterprise or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in again, the app will be included in the deny list. If this is an enterprise-deployed line-of-business app and you want to allow it to run, update the assigned access configuration to include it in the allowed app list.
+    > Multi-app kiosk mode doesn't block the enterprise or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in again, the app will be included in the blocklist. If this is an enterprise-deployed line-of-business app and you want to allow it to run, update the assigned access configuration to include it in the allowed app list.
 
 Here are the predefined assigned access AppLocker rules for **desktop apps**:
 
 1. Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs.
-2. There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list that you defined in the multi-app configuration.
-3. Enterprise-defined allowed desktop apps are added in the AppLocker allow list.
+2. There's a predefined inbox desktop app blocklist for the assigned access user account, and this blocklist is adjusted based on the desktop app allowlist that you defined in the multi-app configuration.
+3. Enterprise-defined allowed desktop apps are added in the AppLocker allowlist.
 
 The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device, with Notepad configured to automatically launch and create a file called `123.text` when the user signs in.
 
@@ -189,7 +192,7 @@ The following example allows Groove Music, Movies & TV, Photos, Weather, Calcula
 
 ##### FileExplorerNamespaceRestrictions
 
-Starting in Windows 10, version 1809, you can explicitly allow some known folders to be accessed when the user tries to open the file dialog box in multi-app assigned access by including **FileExplorerNamespaceRestrictions** in your XML file. Currently, **Downloads** is the only folder supported.  This can also be set using Microsoft Intune.
+Starting in Windows 10 version 1809, you can explicitly allow some known folders to be accessed when the user tries to open the file dialog box in multi-app assigned access by including **FileExplorerNamespaceRestrictions** in your XML file. Currently, **Downloads** is the only folder supported.  This behavior can also be set using Microsoft Intune.
 
 The following example shows how to allow user access to the Downloads folder in the common file dialog box.
 
@@ -219,28 +222,33 @@ The following example shows how to allow user access to the Downloads folder in
     
                   
 ```
-FileExplorerNamespaceRestriction has been extended in current Windows 10 Prerelease for finer granularity and easier use, see in the [Assigned access XML reference.](kiosk-xml.md) for full samples. The changes will allow IT Admin to configure if user can access Downloads folder, Removable drives, or no restriction at all by using certain new elements. Note that FileExplorerNamesapceRestrictions and AllowedNamespace:Downloads are available in namespace https://schemas.microsoft.com/AssignedAccess/201810/config, AllowRemovableDrives and NoRestriction are defined in a new namespace https://schemas.microsoft.com/AssignedAccess/2020/config.
 
-* When FileExplorerNamespaceRestrictions node is not used, or used but left empty, user will not be able to access any folder in common dialog (e.g. Save As in Microsoft Edge browser).
+`FileExplorerNamespaceRestriction` has been extended in current Windows 10 Prerelease for finer granularity and easier use. For more information and full samples, see [Assigned access XML reference](kiosk-xml.md). By using new elements, you can configure whether a user can access the Downloads folder or removable drives, or have no restrictions at all.
+
+> [!NOTE]
+> - `FileExplorerNamespaceRestrictions` and `AllowedNamespace:Downloads` are available in namespace `https://schemas.microsoft.com/AssignedAccess/201810/config`.
+> - `AllowRemovableDrives` and `NoRestriction` are defined in a new namespace `https://schemas.microsoft.com/AssignedAccess/2020/config`.
+
+* When `FileExplorerNamespaceRestrictions` node isn't used, or used but left empty, the user won't be able to access any folder in a common dialog. For example, **Save As** in the Microsoft Edge browser.
 * When Downloads is mentioned in allowed namespace, user will be able to access Downloads folder.
-* When AllowRemovableDrives is used, user will be to access removable drives.
-* When NoRestriction is used, no restriction will be applied to the dialog.
-* AllowRemovableDrives and AllowedNamespace:Downloads can be used at the same time.
+* When `AllowRemovableDrives` is used, user will be to access removable drives.
+* When `NoRestriction` is used, no restriction will be applied to the dialog.
+* `AllowRemovableDrives` and `AllowedNamespace:Downloads` can be used at the same time.
 
 ##### StartLayout
 
 After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen.
 
-The easiest way to create a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test device and then export the layout. For detailed steps, see [Customize and export Start layout](customize-and-export-start-layout.md).
+The easiest way to create a customized Start layout to apply to other Windows client devices is to set up the Start screen on a test device and then export the layout. For detailed steps, see [Customize and export Start layout](customize-and-export-start-layout.md).
 
 A few things to note here:
 
 - The test device on which you customize the Start layout should have the same OS version that is installed on the device where you plan to deploy the multi-app assigned access configuration.
 - Since the multi-app assigned access experience is intended for fixed-purpose devices, to ensure the device experiences are consistent and predictable, use the *full* Start layout option instead of the *partial* Start layout.
-- There are no apps pinned on the taskbar in the multi-app mode, and it is not supported to configure Taskbar layout using the `` tag in a layout modification XML as part of the assigned access configuration.
-- The following example uses DesktopApplicationLinkPath to pin the desktop app to start. When the desktop app doesn’t have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files).
+- There are no apps pinned on the taskbar in the multi-app mode, and it's not supported to configure Taskbar layout using the `` tag in a layout modification XML as part of the assigned access configuration.
+- The following example uses `DesktopApplicationLinkPath` to pin the desktop app to start. When the desktop app doesn’t have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files).
 
-This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps on Start.
+The following example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps on Start:
 
 ```xml
 
@@ -269,9 +277,9 @@ This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint,
 ```
 
 >[!NOTE]
->If an app is not installed for the user but is included in the Start layout XML, the app will not be shown on the Start screen.
+>If an app isn't installed for the user, but is included in the Start layout XML, the app isn't shown on the Start screen.
 
-![What the Start screen looks like when the XML sample is applied](images/sample-start.png)
+![What the Start screen looks like when the XML sample is applied.](images/sample-start.png)
 
 ##### Taskbar
 
@@ -305,9 +313,9 @@ The following example hides the taskbar:
 
 #### Configs
 
-Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or mobile device management (MDM) policies set as part of the multi-app experience.
+Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced. This behavior includes the allowed apps, Start layout, taskbar configuration, and other local group policies or mobile device management (MDM) policies set as part of the multi-app experience.
 
-The full multi-app assigned access experience can only work for non-admin users. It’s not supported to associate an admin user with the assigned access profile; doing this in the XML file will result in unexpected/unsupported experiences when this admin user signs in.
+The full multi-app assigned access experience can only work for non-admin users. It's not supported to associate an admin user with the assigned access profile. Making this configuration in the XML file will result in unexpected or unsupported experiences when this admin user signs in.
 
 You can assign:
 
@@ -333,7 +341,7 @@ The following example shows how to specify an account to sign in automatically.
 
 ```
 
-In Windows 10, version 1809, you can configure the display name that will be shown when the user signs in. The following example shows how to create an AutoLogon Account that shows the name "Hello World".
+Starting with Windows 10 version 1809, you can configure the display name that will be shown when the user signs in. The following example shows how to create an AutoLogon Account that shows the name "Hello World".
 
 ```xml
 
@@ -347,7 +355,7 @@ In Windows 10, version 1809, you can configure the display name that will be sho
 On domain-joined devices, local user accounts aren't shown on the sign-in screen by default. To show the **AutoLogonAccount** on the sign-in screen, enable the following Group Policy setting: **Computer Configuration > Administrative Templates > System > Logon > Enumerate local users on domain-joined computers**. (The corresponding MDM policy setting is [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers in the Policy CSP](/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-enumeratelocalusersondomainjoinedcomputers).)
 
 >[!IMPORTANT]
->When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows).
+>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon).
 
 ##### Config for individual accounts
 
@@ -355,7 +363,7 @@ Individual accounts are specified using ``.
 
 - Local account can be entered as `machinename\account` or `.\account` or just `account`.
 - Domain account should be entered as `domain\account`.
-- Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided AS IS (consider it’s a fixed domain name), then follow with the Azure AD email address, e.g. AzureAD\someone@contoso.onmicrosoft.com.
+- Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided _as is_, and consider it's a fixed domain name. Then follow with the Azure AD email address. For example, `AzureAD\someone@contoso.onmicrosoft.com`
 
 >[!WARNING]
 >Assigned access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account.  However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so.
@@ -363,7 +371,7 @@ Individual accounts are specified using ``.
 Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail.
 
 >[!NOTE]
->For both domain and Azure AD accounts, it’s not required that target account is explicitly added to the device. As long as the device is AD-joined or Azure AD-joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for assigned access.
+>For both domain and Azure AD accounts, it's not required that target account is explicitly added to the device. As long as the device is AD-joined or Azure AD-joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for assigned access.
 
 ```xml
 
@@ -376,9 +384,9 @@ Before applying the multi-app configuration, make sure the specified user accoun
 
 ##### Config for group accounts
 
-Group accounts are specified using ``. Nested groups are not supported. For example, if user A is member of Group 1, Group 1 is member of Group 2, and Group 2 is used in ``, user A will not have the kiosk experience.
+Group accounts are specified using ``. Nested groups aren't supported. For example, if user A is member of Group 1, Group 1 is member of Group 2, and Group 2 is used in ``, user A won't have the kiosk experience.
 
-- Local group: Specify the group type as **LocalGroup** and put the group name in Name attribute. Any Azure AD accounts that are added to the local group will not have the kiosk settings applied.
+- Local group: Specify the group type as **LocalGroup** and put the group name in Name attribute. Any Azure AD accounts that are added to the local group won't have the kiosk settings applied.
 
   ```xml
   
@@ -410,15 +418,16 @@ Group accounts are specified using ``. Nested groups are not supporte
 
 
 
-#### [Preview] Global Profile
-Global profile is added in current Windows 10 Prerelease. There are times when IT Admin wants to everyone who logging into a specific devices are assigned access users, even there is no dedicated profile for that user, or there are times that Assigned Access could not identify a profile for the user and a fallback profile is wished to use. Global Profile is designed for these scenarios.
+#### [Preview] Global profile
 
-Usage is demonstrated below, by using the new xml namespace and specify GlobalProfile from that namespace. When GlobalProfile is configured, a non-admin account logs in, if this user does not have designated profile in Assigned Access, or Assigned Access fails to determine a profile for current user, global profile will be applied for the user.
+Global profile is available in Windows 10. If you want everyone who signs into a specific device to be assigned as an access user, even if there's no dedicated profile for that user. Alternatively, perhaps Assigned Access couldn't identify a profile for the user and you want to have a fallback profile. Global profile is designed for these scenarios.
 
-Note:
-1. GlobalProfile can only be multi-app profile
-2. Only one GlobalProfile can be used in one AssignedAccess Configuration Xml
-3. GlobalProfile can be used as the only config, or it can be used among with regular user or group Config.
+Usage is demonstrated below, by using the new XML namespace and specifying `GlobalProfile` from that namespace. When you configure `GlobalProfile`, a non-admin account logs in, if this user doesn't have a designated profile in Assigned Access, or Assigned Access fails to determine a profile for current user, a global profile is applied for the user.
+
+> [!NOTE]
+> 1. `GlobalProfile` can only be a multi-app profile.
+> 2. Only one `GlobalProfile` can be used in one `AssignedAccess` configuration XML.
+> 3. `GlobalProfile` can be used as the only config, or it can be used along with regular user or group config.
 
 ```xml
 
@@ -480,25 +489,25 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 >[!IMPORTANT]
 >When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 
-1. Open Windows Configuration Designer (by default, %systemdrive%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
+1. Open Windows Configuration Designer. By default: `%systemdrive%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe`.
 
 2. Choose **Advanced provisioning**.
 
-3. Name your project, and click **Next**.
+3. Name your project, and select **Next**.
 
-4. Choose **All Windows desktop editions** and click **Next**.
+4. Choose **All Windows desktop editions** and select **Next**.
 
-5. On **New project**, click **Finish**. The workspace for your package opens.
+5. On **New project**, select **Finish**. The workspace for your package opens.
 
 6. Expand **Runtime settings** > **AssignedAccess** > **MultiAppAssignedAccessSettings**.
 
-7. In the center pane, click **Browse** to locate and select the assigned access configuration XML file that you created.
+7. In the center pane, select **Browse**. Locate and select the assigned access configuration XML file that you created.
 
-   ![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer](images/multiappassignedaccesssettings.png)
+   ![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer.](images/multiappassignedaccesssettings.png)
 
-8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** > **Accounts** > **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.
+8. _Optional: If you want to apply the provisioning package after device initial setup and there's an admin user already available on the kiosk device, skip this step._ Create an admin user account in **Runtime settings** > **Accounts** > **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.
 
-9. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** > **Accounts** > **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
+9. _Optional: If you already have a non-admin account on the kiosk device, skip this step._ Create a local standard user account in **Runtime settings** > **Accounts** > **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
 
 10. On the **File** menu, select **Save.**
 
@@ -512,22 +521,22 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
     - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
 
-14. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
+14. Select **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
 
-    Optionally, you can click **Browse** to change the default output location.
+    Optionally, you can select **Browse** to change the default output location.
 
-15. Click **Next**.
+15. Select **Next**.
 
-16. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
+16. Select **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
 
-    If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
+    If you need to cancel the build, select **Cancel**. This action cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
 
 17. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
 
     If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
 
-    - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
-    - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
+    - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this action, select **Back** to change the output package name and path, and then select **Next** to start another build.
+    - If you're done, select **Finish** to close the wizard and go back to the **Customizations Page**.
 
 18. Copy the provisioning package to the root directory of a USB drive.
 
@@ -538,13 +547,13 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
 
 >[!TIP]
->In addition to the methods below, you can use the PowerShell comdlet [install-provisioningpackage](/powershell/module/provisioning/Install-ProvisioningPackage?view=win10-ps) with `-LogsDirectoryPath` to get logs for the operation.
+>In addition to the methods below, you can use the PowerShell comdlet [install-provisioningpackage](/powershell/module/provisioning/Install-ProvisioningPackage) with `-LogsDirectoryPath` to get logs for the operation.
 
 #### During initial setup, from a USB drive
 
 1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
 
-    ![The first screen to set up a new PC](images/oobe.jpg)
+    ![The first screen to set up a new PC.](images/oobe.jpg)
 
 2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
 
@@ -552,11 +561,11 @@ Provisioning packages can be applied to a device during the first-run experience
 
 3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
 
-    ![Provision this device](images/prov.jpg)
+    ![Provision this device.](images/prov.jpg)
 
 4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**.
 
-    ![Choose a package](images/choose-package.png)
+    ![Choose a package.](images/choose-package.png)
 
 5. Select **Yes, add it**.
 
@@ -567,17 +576,16 @@ Provisioning packages can be applied to a device during the first-run experience
 1. Sign in with an admin account.
 2. Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. For a provisioning package stored on a network folder or on a SharePoint site, navigate to the provisioning package and double-click it to begin installation.
 
->[!NOTE]
->if your provisioning package doesn’t include the assigned access user account creation, make sure the account you specified in the multi-app configuration XML exists on the device.
+> [!NOTE]
+> If your provisioning package doesn't include the assigned access user account creation, make sure the account you specified in the multi-app configuration XML exists on the device.
 
-![add a package option](images/package.png)
+![Add a package option.](images/package.png)
 
-
 ### Use MDM to deploy the multi-app configuration
 
 Multi-app kiosk mode is enabled by the [AssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/assignedaccess-csp). Your MDM policy can contain the assigned access configuration XML.
 
-If your device is enrolled with a MDM server which supports applying the assigned access configuration, you can use it to apply the setting remotely.
+If your device is enrolled with an MDM service that supports applying the assigned access configuration, you can use it to apply the setting remotely.
 
 The OMA-URI for multi-app policy is `./Device/Vendor/MSFT/AssignedAccess/Configuration`.
 
@@ -594,23 +602,23 @@ To create a multi-app kiosk that can run mixed reality apps, you must include th
 
 ```
 
-These are in addition to any mixed reality apps that you allow.
+These apps are in addition to any mixed reality apps that you allow.
 
-**Before your kiosk user signs in:** An admin user must sign in to the PC, connect a mixed reality device, and complete the guided setup for the Mixed Reality Portal. The first time that the Mixed Reality Portal is set up, some files and content are downloaded. A kiosk user would not have permissions to download and so their setup of the Mixed Reality Portal would fail.
+**Before your kiosk user signs in:** An admin user must sign in to the PC, connect a mixed reality device, and complete the guided setup for the Mixed Reality Portal. The first time that the Mixed Reality Portal is set up, some files and content are downloaded. A kiosk user wouldn't have permissions to download and so their setup of the Mixed Reality Portal would fail.
 
 After the admin has completed setup, the kiosk account can sign in and repeat the setup. The admin user may want to complete the kiosk user setup before providing the PC to employees or customers.
 
-There is a difference between the mixed reality experiences for a kiosk user and other users. Typically, when a user connects a mixed reality device, they begin in the [Mixed Reality home](https://developer.microsoft.com/windows/mixed-reality/navigating_the_windows_mixed_reality_home). The Mixed Reality home is a shell that runs in "silent" mode when the PC is configured as a kiosk. When a kiosk user connects a mixed reality device, they will see only a blank display in the device, and will not have access to the features and functionality available in the home. To run a mixed reality app, the kiosk user must launch the app from the PC Start screen.
+There's a difference between the mixed reality experiences for a kiosk user and other users. Typically, when a user connects a mixed reality device, they begin in the [Mixed Reality home](https://developer.microsoft.com/windows/mixed-reality/navigating_the_windows_mixed_reality_home). The Mixed Reality home is a shell that runs in "silent" mode when the PC is configured as a kiosk. When a kiosk user connects a mixed reality device, they'll see only a blank display in the device, and won't have access to the features and functionality available in the home. To run a mixed reality app, the kiosk user must launch the app from the PC Start screen.
 
 ## Policies set by multi-app kiosk configuration
 
-It is not recommended to set policies enforced in assigned access multi-app mode to different values using other channels, as the multi-app mode has been optimized to provide a locked-down experience.
+It's not recommended to set policies enforced in assigned access multi-app mode to different values using other channels, as the multi-app mode has been optimized to provide a locked-down experience.
 
-When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device.
+When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will affect other users on the device.
 
-### Group Policy
+### Group policy
 
-The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not.  This includes local users, domain users, and Azure Active Directory users.
+The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. This list includes local users, domain users, and Azure Active Directory users.
 
 | Setting | Value |
 | --- | --- |
@@ -646,7 +654,7 @@ Prevent access to drives from My Computer    |  Enabled - Restrict all drivers
 
 ### MDM policy
 
-Some of the MDM policies based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider) affect all users on the system (i.e. system-wide).
+Some of the MDM policies based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider) affect all users on the system.
 
 Setting |   Value   | System-wide
  --- | --- | ---
@@ -692,4 +700,4 @@ In Windows Configuration Designer, under **ProvisioningCommands** > **DeviceCont
 
 ## Other methods
 
-Environments that use WMI can use the [MDM Bridge WMI Provider to configure a kiosk](kiosk-mdm-bridge.md).
\ No newline at end of file
+Environments that use WMI can use the [MDM Bridge WMI Provider to configure a kiosk](kiosk-mdm-bridge.md).
diff --git a/windows/configuration/lockdown-features-windows-10.md b/windows/configuration/lockdown-features-windows-10.md
index ac5d6ad1fd..36bf667cc7 100644
--- a/windows/configuration/lockdown-features-windows-10.md
+++ b/windows/configuration/lockdown-features-windows-10.md
@@ -3,118 +3,38 @@ title: Lockdown features from Windows Embedded 8.1 Industry (Windows 10)
 description: Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10. 
 ms.assetid: 3C006B00-535C-4BA4-9421-B8F952D47A14
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 keywords: lockdown, embedded
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
 ---
 
 # Lockdown features from Windows Embedded 8.1 Industry
 
 **Applies to**
--   Windows 10
 
+- Windows 10
 
 Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10. This table maps Windows Embedded Industry 8.1 features to Windows 10 Enterprise features, along with links to documentation.
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  Windows Embedded 8.1 Industry lockdown featureWindows 10 featureChanges
                  Hibernate Once/Resume Many (HORM): Quick boot to device
                  		HORM
                  HORM is supported in Windows 10, version 1607 and later. 
                  Unified Write Filter: protect a device's physical storage media
                  		Unified Write Filter
                  The Unified Write Filter is continued in Windows 10.
                  Keyboard Filter: block hotkeys and other key combinations
                  		Keyboard Filter
                  Keyboard filter is added in Windows 10, version 1511. As in Windows Embedded Industry 8.1, Keyboard Filter is an optional component that can be turned on via Turn Windows Features On/Off. Keyboard Filter (in addition to the WMI configuration previously available) will be configurable through Windows Imaging and Configuration Designer (ICD) in the SMISettings path.
                  Shell Launcher: launch a Windows desktop application on sign-on
                  		Shell Launcher
                  Shell Launcher continues in Windows 10. It is now configurable in Windows ICD under the SMISettings category.
                  
-
                  Learn how to use Shell Launcher to create a kiosk device that runs a Windows desktop application.
                  Application Launcher: launch a Universal Windows Platform (UWP) app on sign-on
                  		Assigned Access
                  The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus.
                  Dialog Filter: suppress system dialogs and control which processes can run
                  		AppLocker
                  Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.
                  
-
                    
-
                  • Control over which processes are able to run will now be provided by AppLocker.
                    • 
-
                  • System dialogs in Windows 10 have been replaced with system toasts. To see more on blocking system toasts, see Toast Notification Filter below.
                    • 
-
                  Toast Notification Filter: suppress toast notifications
                  		Mobile device management (MDM) and Group Policy
                  Toast Notification Filter has been replaced by MDM and Group Policy settings for blocking the individual components of non-critical system toasts that may appear. For example, to prevent a toast from appearing when a USB drive is connected, ensure that USB connections have been blocked using the USB-related policies, and turn off notifications from apps.
                  
-
                  Group Policy: User Configuration > Administrative Templates > Start Menu and Taskbar > Notifications
                  
-
                  MDM policy name may vary depending on your MDM service. In Microsoft Intune, use Allow action center notifications and a custom OMA-URI setting for AboveLock/AllowActionCenterNotifications.
                  Embedded Lockdown Manager: configure lockdown features
                  		Windows Imaging and Configuration Designer (ICD)
                  The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager.
                  USB Filter: restrict USB devices and peripherals on system
                  		MDM and Group Policy
                  The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.
                  
-
                  Group Policy: Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions
                  
-
                  MDM policy name may vary depending on your MDM service. In Microsoft Intune, use Allow removable storage or Allow USB connection (Windows 10 Mobile only).
                  Assigned Access: launch a UWP app on sign-in and lock access to system
                  		Assigned Access
                  Assigned Access has undergone significant improvement for Windows 10. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and non-critical system notifications, but it also applied some of these limitations to other accounts on the device.
                  
-
                  In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed.
                  
-
                  Learn how to use Assigned Access to create a kiosk device that runs a Universal Windows app.
                  Gesture Filter: block swipes from top, left, and right edges of screen
                  		MDM and Group Policy
                  In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the Allow edge swipe policy. 
                  Custom Logon: suppress Windows UI elements during Windows sign-on, sign-off, and shutdown
                  		Embedded Logon
                  No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.
                  Unbranded Boot: custom brand a device by removing or replacing Windows boot UI elements
                  		Unbranded Boot
                  No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.
                  
- 
- 
+|Windows Embedded 8.1 Industry lockdown feature|Windows 10 feature|Changes|
+|--- |--- |--- |
+|[Hibernate Once/Resume Many (HORM)](/previous-versions/windows/embedded/dn449302(v=winembedded.82)): Quick boot to device|[HORM](/windows-hardware/customize/enterprise/hibernate-once-resume-many-horm-)|HORM is supported in Windows 10, version 1607 and later.|
+|[Unified Write Filter](/previous-versions/windows/embedded/dn449332(v=winembedded.82)): protect a device's physical storage media|[Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter)|The Unified Write Filter is continued in Windows 10.|
+|[Keyboard Filter](/previous-versions/windows/embedded/dn449298(v=winembedded.82)): block hotkeys and other key combinations|[Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)|Keyboard filter is added in Windows 10, version 1511. As in Windows Embedded Industry 8.1, Keyboard Filter is an optional component that can be turned on via **Turn Windows Features On/Off**. Keyboard Filter (in addition to the WMI configuration previously available) will be configurable through Windows Imaging and Configuration Designer (ICD) in the SMISettings path.|
+|[Shell Launcher](/previous-versions/windows/embedded/dn449423(v=winembedded.82)): launch a Windows desktop application on sign-on|[Shell Launcher](/windows-hardware/customize/enterprise/shell-launcher)|Shell Launcher continues in Windows 10. It is now configurable in Windows ICD under the **SMISettings** category.
                  Learn [how to use Shell Launcher to create a kiosk device](/windows/configuration/kiosk-single-app) that runs a Windows desktop application.|
+|[Application Launcher](/previous-versions/windows/embedded/dn449251(v=winembedded.82)): launch a Universal Windows Platform (UWP) app on sign-on|[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)|The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus.|
+|[Dialog Filter](/previous-versions/windows/embedded/dn449395(v=winembedded.82)): suppress system dialogs and control which processes can run|[AppLocker](/windows/device-security/applocker/applocker-overview)|Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.
                • Control over which processes are able to run will now be provided by AppLocker.
                • System dialogs in Windows 10 have been replaced with system toasts. To see more on blocking system toasts, see Toast Notification Filter below.|
+|[Toast Notification Filter](/previous-versions/windows/embedded/dn449360(v=winembedded.82)): suppress toast notifications|Mobile device management (MDM) and Group Policy|Toast Notification Filter has been replaced by MDM and Group Policy settings for blocking the individual components of non-critical system toasts that may appear. For example, to prevent a toast from appearing when a USB drive is connected, ensure that USB connections have been blocked using the USB-related policies, and turn off notifications from apps.
                  Group Policy: **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications**
                  MDM policy name may vary depending on your MDM service. In Microsoft Intune, use **Allow action center notifications** and a [custom OMA-URI setting](/mem/intune/configuration/custom-settings-windows-10) for **AboveLock/AllowActionCenterNotifications**.|
+|[Embedded Lockdown Manager](/previous-versions/windows/embedded/dn449279(v=winembedded.82)): configure lockdown features|[Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd)|The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager.|
+|[USB Filter](/previous-versions/windows/embedded/dn449350(v=winembedded.82)): restrict USB devices and peripherals on system|MDM and Group Policy|The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.
                   
                   Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Device Installation** > **Device Installation Restrictions**
                  MDM policy name may vary depending on your MDM service. In Microsoft Intune, use **Removable storage**.|
+|[Assigned Access](/previous-versions/windows/embedded/dn449303(v=winembedded.82)): launch a UWP app on sign-in and lock access to system|[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)|Assigned Access has undergone significant improvement for Windows 10. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and non-critical system notifications, but it also applied some of these limitations to other accounts on the device.
                  In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed.

                  Learn [how to use Assigned Access to create a kiosk device](/windows/configuration/kiosk-single-app) that runs a Universal Windows app.|
+|[Gesture Filter](/previous-versions/windows/embedded/dn449374(v=winembedded.82)): block swipes from top, left, and right edges of screen|MDM and Group Policy|In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the [Allow edge swipe](/windows/client-management/mdm/policy-configuration-service-provider#LockDown_AllowEdgeSwipe) policy.|
+|[Custom Logon](/previous-versions/windows/embedded/dn449309(v=winembedded.82)): suppress Windows UI elements during Windows sign-on, sign-off, and shutdown|[Embedded Logon](/windows-hardware/customize/desktop/unattend/microsoft-windows-embedded-embeddedlogon)|No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.|
+|[Unbranded Boot](/previous-versions/windows/embedded/dn449249(v=winembedded.82)): custom brand a device by removing or replacing Windows boot UI elements|[Unbranded Boot](/windows-hardware/customize/enterprise/unbranded-boot)|No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.|
diff --git a/windows/configuration/manage-tips-and-suggestions.md b/windows/configuration/manage-tips-and-suggestions.md
index 1744b013b6..2dcf1d588b 100644
--- a/windows/configuration/manage-tips-and-suggestions.md
+++ b/windows/configuration/manage-tips-and-suggestions.md
@@ -6,13 +6,13 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: devices
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/20/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions
@@ -61,4 +61,4 @@ Windows 10 provides organizations the ability to centrally manage the type of co
 
  
 
- 
\ No newline at end of file
+ 
diff --git a/windows/configuration/manage-wifi-sense-in-enterprise.md b/windows/configuration/manage-wifi-sense-in-enterprise.md
index d577b69cff..8149182469 100644
--- a/windows/configuration/manage-wifi-sense-in-enterprise.md
+++ b/windows/configuration/manage-wifi-sense-in-enterprise.md
@@ -3,50 +3,51 @@ title: Manage Wi-Fi Sense in your company (Windows 10)
 description: Wi-Fi Sense automatically connects you to Wi-Fi, so you can get online quickly in more places.
 ms.assetid: 1845e00d-c4ee-4a8f-a5e5-d00f2735a271
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 keywords: ["WiFi Sense", "automatically connect to wi-fi", "wi-fi hotspot connection"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: mobile
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.date: 05/02/2018
 ms.topic: article
 ---
 
 # Manage Wi-Fi Sense in your company
-**Applies to:**
 
--   Windows 10
--   Windows 10 Mobile
+**Applies to**
 
->[!IMPORTANT]
->Beginning with Windows 10, version 1803, Wifi-Sense is no longer available. The following information only applies to Windows 10, version 1709 and prior. Please see [Connecting to open Wi-Fi hotspots in Windows 10](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) for more details.
+- Windows 10 version 1709 and older
 
-Wi-Fi Sense learns about open Wi-Fi hotspots your Windows PC or Windows phone connects to by collecting information about the network, like whether the open Wi-Fi network has a high-quality connection to the Internet. By using that information from your device and from other Wi-Fi Sense customers' devices too, Wi-Fi Sense builds a database of these high-quality networks. When you’re in range of one of these Wi-Fi hotspots, you automatically get connected to it.
+> [!IMPORTANT]
+> Beginning with Windows 10, version 1803, Wifi-Sense is no longer available. The following information only applies to Windows 10, version 1709 and prior. Please see [Connecting to open Wi-Fi hotspots in Windows 10](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) for more details.
 
-The initial settings for Wi-Fi Sense are determined by the options you chose when you first set up your PC with Windows 10.
+Wi-Fi Sense learns about open Wi-Fi hotspots your Windows device by collecting information about the network, like whether the open Wi-Fi network has a high-quality connection to the Internet. By using that information from your device and from other Wi-Fi Sense customers' devices too, Wi-Fi Sense builds a database of these high-quality networks. When you’re in range of one of these Wi-Fi hotspots, you automatically get connected to it.
 
-**Note**
                  Wi-Fi Sense isn’t available in all countries or regions.
+The initial settings for Wi-Fi Sense are determined by the options you chose when you first set up your device with Windows 10.
+
+> [!NOTE]
+> >Wi-Fi Sense isn’t available in all countries or regions.
 
 ## How does Wi-Fi Sense work?
 Wi-Fi Sense connects your employees to open Wi-Fi networks. Typically, these are the open (no password required) Wi-Fi hotspots you see when you’re out and about.
 
 ## How to manage Wi-Fi Sense in your company
-In a company environment, you will most likely deploy Windows 10 to your employees' PCs using your preferred deployment method and then manage their settings globally. With that in mind, you have a few options for managing how your employees will use Wi-Fi Sense.
+In a company environment, you will most likely deploy Windows 10 to your employees' devices using your preferred deployment method and then manage their settings globally. With that in mind, you have a few options for managing how your employees will use Wi-Fi Sense.
 
-**Important**
                  Turning off Wi-Fi Sense stops employees from connecting automatically to open hotspots.
+> [!IMPORTANT]
+> Turning off Wi-Fi Sense stops employees from connecting automatically to open hotspots.
 
-### Using Group Policy (available starting with Windows 10, version 1511)
+### Using Group Policy (available starting with Windows 10, version 1511)
 You can manage your Wi-Fi Sense settings by using Group Policy and your Group Policy editor.
 
 **To set up Wi-Fi Sense using Group Policy**
 
 1.  Open your Group Policy editor and go to the `Computer Configuration\Administrative Templates\Network\WLAN Service\WLAN Settings\Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services` setting.
 
-    ![Group Policy Editor, showing the Wi-Fi Sense setting](images/wifisense-grouppolicy.png)
+    ![Group Policy Editor, showing the Wi-Fi Sense setting.](images/wifisense-grouppolicy.png)
 
 2.  Turn Wi-Fi Sense on (enabled) or off (disabled), based on your company's environment.
 
@@ -58,9 +59,10 @@ You can manage your Wi-Fi Sense settings by using registry keys and the Registry
 1. Open your Registry Editor and go to `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config\`
 
 2. Create and set a new **DWORD (32-bit) Value** named, **AutoConnectAllowedOEM**, with a **Value data** of **0 (zero)**.
-   
                  Setting this value to 0 turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see How to configure Wi-Fi Sense on Windows 10 in an enterprise.
 
-   ![Registry Editor, showing the creation of a new DWORD value](images/wifisense-registry.png)
+    Setting this value to `0` turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see [How to configure Wi-Fi Sense on Windows 10 in an enterprise](/troubleshoot/windows-client/networking/configure-wifi-sense-and-paid-wifi-service).
+
+   ![Registry Editor, showing the creation of a new DWORD value.](images/wifisense-registry.png)
 
 ### Using the Windows Provisioning settings
 You can manage your Wi-Fi Sense settings by changing the Windows provisioning setting, **WiFISenseAllowed**.
@@ -68,7 +70,8 @@ You can manage your Wi-Fi Sense settings by changing the Windows provisioning se
 **To set up Wi-Fi Sense using WiFISenseAllowed**
 
 - Change the Windows Provisioning setting, **WiFISenseAllowed**, to **0**.
-  
                  Setting this value to 0 turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Windows Provisioning settings reference topic, WiFiSenseAllowed.
+
+  Setting this value to `0` turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Windows Provisioning settings reference topic, [WiFiSenseAllowed](./wcd/wcd-connectivityprofiles.md#wifisense).
 
 ### Using Unattended Windows Setup settings
 If your company still uses Unattend, you can manage your Wi-Fi Sense settings by changing the Unattended Windows Setup setting, **WiFiSenseAllowed**.
@@ -76,24 +79,24 @@ If your company still uses Unattend, you can manage your Wi-Fi Sense settings by
 **To set up Wi-Fi Sense using WiFISenseAllowed**
 
 - Change the Unattended Windows Setup setting, **WiFISenseAllowed**, to **0**.
-  
                  Setting this value to 0 turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Unattended Windows Setup Reference topic, WiFiSenseAllowed.
+
+  Setting this value to `0` turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Unattended Windows Setup Reference topic, [WiFiSenseAllowed](/previous-versions//mt186511(v=vs.85)).
 
 ### How employees can change their own Wi-Fi Sense settings
-If you don’t turn off the ability for your employees to use Wi-Fi Sense, they can turn it on locally by selecting **Settings > Network & Internet > Wi-Fi > Manage Wi-Fi settings**, and then turning on **Connect to suggested open hotspots**.
+If you don’t turn off the ability for your employees to use Wi-Fi Sense, they can turn it on locally by selecting **Settings > Network & Internet > Wi-Fi > Manage Wi-Fi settings**, and then turning on **Connect to suggested open hotspots**.
 
-![Wi-Fi Sense options shown to employees if it's not turned off](images/wifisense-settingscreens.png)
+![Wi-Fi Sense options shown to employees if it's not turned off.](images/wifisense-settingscreens.png)
 
-**Important**
                  The service that was used to share networks with Facebook friends, Outlook.com contacts, or Skype contacts is no longer available. This means:
+> [!IMPORTANT]
+> The service that was used to share networks with Facebook friends, Outlook.com contacts, or Skype contacts is no longer available. This means:
 
-The **Connect to networks shared by my contacts** setting will still appear in **Settings > Network & Internet > Wi-Fi > Manage Wi-Fi settings** on your PC and in **Settings > Network & wireless > Wi‑Fi > Wi‑Fi Sense** on your phone. However, this setting will have no effect now. Regardless of what it’s set to, networks won’t be shared with your contacts. Your contacts won’t be connected to networks you’ve shared with them, and you won’t be connected to networks they’ve shared with you.
+The **Connect to networks shared by my contacts** setting will still appear in **Settings > Network & Internet > Wi-Fi > Manage Wi-Fi settings** on your device. However, this setting will have no effect now. Regardless of what it’s set to, networks won’t be shared with your contacts. Your contacts won’t be connected to networks you’ve shared with them, and you won’t be connected to networks they’ve shared with you.
 
 Even if you selected **Automatically connect to networks shared by your contacts** when you first set up your Windows 10 device, you still won’t be connected to networks your contacts have shared with you.
 
 If you select the **Share network with my contacts** check box the first time you connect to a new network, the network won’t be shared.
 
 ## Related topics
+
 - [Wi-Fi Sense and Privacy](https://go.microsoft.com/fwlink/p/?LinkId=620911)
 - [How to configure Wi-Fi Sense on Windows 10 in an enterprise](/troubleshoot/windows-client/networking/configure-wifi-sense-and-paid-wifi-service)
-
- 
-
diff --git a/windows/configuration/mobile-devices/configure-mobile.md b/windows/configuration/mobile-devices/configure-mobile.md
deleted file mode 100644
index fd9c3065aa..0000000000
--- a/windows/configuration/mobile-devices/configure-mobile.md
+++ /dev/null
@@ -1,33 +0,0 @@
----
-title: Configure Windows 10 Mobile devices
-description: 
-keywords: Windows 10, MDM, WSUS, Windows update
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-author: greg-lindsay
-ms.author: greglin
-ms.topic: article
-ms.date: 07/27/2017
-ms.reviewer: 
-manager: dansimp
----
-
-# Configure Windows 10 Mobile devices
-
-Windows 10 Mobile enables administrators to define what users can see and do on a device, which you might think of as "configuring" or "customizing" or "device lockdown". Your device configuration can provide a standard Start screen with pre-installed apps, or restrict various settings and features, or even limit the device to run only a single app (kiosk). 
-
-## In this section
-
-| Topic | Description |
-| --- | --- |
-| [Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise](set-up-a-kiosk-for-windows-10-for-mobile-edition.md) | You can configure a device running Windows 10 Mobile or Windows 10 Mobile Enterprise as a kiosk device, so that users can only interact with a single application that you select. |
-| [Use Windows Configuration Designer to configure Windows 10 Mobile devices](provisioning-configure-mobile.md) | Use Windows Configuration Designer to create provisioning packages. Using provisioning packages, you can easily specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in a matter of minutes.  |
-| [Use the Lockdown Designer app to configure Windows 10 Mobile devices](mobile-lockdown-designer.md) | The Lockdown Designer app provides a guided wizard-like process to generate a Lockdown XML file that you can apply to devices running Windows 10 Mobile. |
-| [Configure Windows 10 Mobile using Lockdown XML](lockdown-xml.md) | Windows 10 Mobile allows enterprises to lock down a device, define multiple user roles, and configure custom layouts on a device. |
-| [Start layout XML for mobile editions of Windows 10 (reference)](start-layout-xml-mobile.md) | On Windows 10 Mobile, you can use the XML-based layout to modify the Start screen and provide the most robust and complete Start customization experience. This reference topic describes the supported elements and attributes for the LayoutModification.xml file. |
-| [Settings and quick actions that can be locked down in Windows 10 Mobile](settings-that-can-be-locked-down.md) | This topic lists the settings and quick actions that can be locked down in Windows 10 Mobile. |
-| [Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md) | You can use the product ID and Application User Model (AUMID) in Lockdown.xml to specify apps that will be available to the user. |
-
diff --git a/windows/configuration/mobile-devices/lockdown-xml.md b/windows/configuration/mobile-devices/lockdown-xml.md
deleted file mode 100644
index ecf485cb1d..0000000000
--- a/windows/configuration/mobile-devices/lockdown-xml.md
+++ /dev/null
@@ -1,868 +0,0 @@
----
-title: Configure Windows 10 Mobile using Lockdown XML (Windows 10)
-description: Windows 10 Mobile allows enterprises to lock down a device, define multiple user roles, and configure custom layouts on a device.
-ms.assetid: 22C8F654-2EC3-4E6D-8666-1EA9FCF90F5F
-ms.reviewer: 
-manager: dansimp
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security, mobile
-author: greg-lindsay
-ms.author: greglin
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 07/27/2017
----
-
-# Configure Windows 10 Mobile using Lockdown XML
-
-
-**Applies to**
-
--   Windows 10 Mobile
-
-Windows 10 Mobile allows enterprises to lock down a device, define multiple user roles, and configure custom layouts on a device. For example, the enterprise can lock down a device so that only applications and settings in an allow list are available.
-
-This is accomplished using Lockdown XML, an XML file that contains settings for Windows 10 Mobile. When you deploy the lockdown XML file to a device, it is saved on the device as **wehlockdown.xml**. When the device boots, it looks for wehlockdown.xml and applies any settings configured in the file. 
-
-In this topic, you'll learn how to create an XML file that contains all lockdown entries available in the AssignedAccessXml area of the [EnterpriseAssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/enterpriseassignedaccess-csp). This topic provides example XML that you can use in your own lockdown XML file that can be included in a provisioning package or when using a mobile device management (MDM) solution to push lockdown settings to enrolled devices. You can also use the [Lockdown Designer app](mobile-lockdown-designer.md) to configure and export your lockdown XML file.
-
-> [!NOTE]
->  On Windows 10 desktop editions, *assigned access* is a feature that lets you configure the device to run a single app above the lockscreen ([kiosk mode](../kiosk-methods.md)). On a Windows 10 Mobile device, assigned access refers to the lockdown settings in AssignedAccessXml in the [EnterpriseAssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/enterpriseassignedaccess-csp).
-
-If you're not familiar with CSPs, read [Introduction to configuration service providers (CSPs)](../provisioning-packages/how-it-pros-can-use-configuration-service-providers.md) first.
-
-## Overview of the lockdown XML file
-
-Let's start by looking at the basic structure of the lockdown XML file. You can start your file by pasting the following XML (or any other examples in this topic) into a text or XML editor, and saving the file as *filename*.xml.
-
-```xml
-
-
-    
-        
-        
-        
-        
-        
-        
-        
-        
-    
-
-```
-
-**Default** and the entries beneath it establish the default device settings that are applied for every user. The device will always boot to this Default role. You can create additional roles on the device, each with its own settings, in the same XML file. [Learn how to add roles.](#configure-additional-roles)
-
-The settings for the Default role and other roles must be listed in your XML file in the order presented in this topic. All of the entries are optional. If you don't include a setting, that aspect of the device will operate as it would for an nonconfigured device.
-
->[!TIP]
->Keep your XML file easy to work with and to understand by using proper indentation and adding comments for each setting you configure.
-
-## Action Center
-
-![XML for Action Center](../images/ActionCenterXML.jpg)
-
-The Action Center setting controls whether the user can open the Action Center on the device. When the Action Center is disabled, notifications on the lockscreen and toasts are also disabled. You can use optional attributes with the Action Center element to change that behavior for either notifications, toasts, or both.
-
-In the following example, the Action Center is enabled and both policies are disabled.
-
-```xml
-
-```
-
-In the following example, Action Center and the toast policy are enabled, and the notifications policy is disabled.
-
-```xml
-
-```
-
-The following example is a complete lockdown XML file that disables Action Center, notifications, and toasts. 
-
-```xml
-
-
-    
-    
-        
-    
-
-```
-
-## Apps
-
-![XML for Apps](../images/AppsXML.png)
-
-The Apps setting serves as an allow list and specifies the applications that will be available in the All apps list. Apps that are not included in this setting are hidden from the user and blocked from running. 
-
-You provide the App User Model ID (AUMID) and product ID for each app in your file. The product ID identifies an app package, and an app package can contain multiple apps, so you also provide the ADUMID to differentiate the app. Optionally, you can set an app to run automatically. [Get product ID and AUMID for apps in Windows 10 Mobile.](product-ids-in-windows-10-mobile.md)
-
-The following example makes Outlook Calendar available on the device.
-
-```xml
-
-    
-    
-    
-
-```
-
-When you list an app, you can also set the app to be pinned to the Start screen by specifying the tile size and location. Tip: draw a grid and mark your app tiles on it to make sure you get the result you want. The width (X axis) in the following example is the limit for Windows 10 Mobile, but the length (Y axis) is unlimited. The number of columns available to you depends on the value for [StartScreenSize](#start-screen-size).
-
-![Grid to lay out tiles for Start](../images/StartGrid.jpg)
-
-Tile sizes are:
-* Small: 1x1
-* Medium: 2x2
-* Large: 2x4
-
-Based on 6 columns, you can pin six small tiles or three medium tiles on a single row. A large tile can be combined with two small tiles or one medium tile on the same row. Obviously, you cannot set a medium tile for LocationX=5, or a large tile for LocationX=3, 4, or 5.
-
-If the tile configuration in your file exceeds the available width, such as setting a large tile to start at position 3 on the X axis, that tile is appended to the bottom of the Start screen. Also, if the tile configuration in your file would result in tiles overlapping each other, the overlapping tiles are instead appended to the bottom of the Start screen.
-
-In the following example, Outlook Calendar and Outlook Mail are pinned to the Start screen, and the Store app is allowed but is not pinned to Start.
-
-```xml
-
-    
-    
-        
-            Large
-            
-                0
-                0
-            
-        
-    
-    
-    
-        
-            Medium
-            
-                4
-                0
-            
-        
-    
-    
-    
-
-```
-
-That layout would appear on a device like this:
-
-![Example of the layout on a Start screen](../images/StartGridPinnedApps.jpg)
-
-You can create and pin folders to Start by using the Apps setting. Each folder requires a **folderId**, which must be a consecutive positive integer starting with `1`. You can also specify a **folderName** (optional) which will be displayed on Start.
-
-```xml
-
-    
-    
-      
-            Medium
-            
-                4
-                0
-            
-        
-    
-
-```
-
-To add apps to the folder, include **ParentFolderId** in the application XML, as shown in the following example:
-
-```xml
-
-    
-    
-        
-            Large
-            
-                0
-                0
-            
-            1
-        
-    
-    
-    
-        
-            Medium
-            
-                4
-                0
-            
-            1
-        
-    
-
-```
-When an app is contained in a folder, its **PinToStart** configuration (tile size and location) applies to its appearance when the folder is opened.
-
-## Buttons
-
-![XML for buttons](../images/ButtonsXML.jpg)
-
-In the Buttons setting, you use ButtonLockdownList to disable hardware buttons and ButtonRemapList to change button events to open an app that you specify. 
-
-### ButtonLockdownList
-
-When a user taps a button that is in the lockdown list, nothing will happen. The following table lists which events can be disabled for each button.
-
-Button | Press | PressAndHold | All
----|:---:|:---:|:--:|-
-Start | ![no](../images/crossmark.png) | ![yes](../images/checkmark.png) | ![no](../images/crossmark.png)
-Back | ![yes](../images/checkmark.png) | ![yes](../images/checkmark.png) | ![yes](../images/checkmark.png) 
-Search | ![yes](../images/checkmark.png) | ![yes](../images/checkmark.png) | ![yes](../images/checkmark.png)
-Camera | ![yes](../images/checkmark.png) | ![yes](../images/checkmark.png) | ![yes](../images/checkmark.png)
-Custom 1, 2, and 3 | ![yes](../images/checkmark.png) | ![yes](../images/checkmark.png) | ![yes](../images/checkmark.png)
-
-> [!NOTE]
->  Custom buttons are hardware buttons that can be added to devices by OEMs.
-
-In the following example, press-and-hold is disabled for the Back button.
-
-```xml
-
-    
-        
-    
-
-```
-
-If you don't specify a button event, all actions for the button are disabled. In the next example, all actions are disabled for the camera button.
-
-```xml
-
-    
-        
-    
-
-```
-
-### ButtonRemapList
-
-ButtonRemapList lets you change the app that a button will run. You can remap the Search button and any custom buttons included by the OEM. You can't remap the Back, Start, or Camera buttons.
-
-> [!WARNING]
->  Button remapping can enable a user to open an application that is not in the allow list for that user role. Use button lock down to prevent application access for a user role.
-
-To remap a button, you specify the button, the event, and the product ID for the app that you want the event to open. 
-In the following example, when a user presses the Search button, the phone dialer will open instead of the Search app.
-
-```xml
-
-    
-        
-    
-
-```
-
-## CSPRunner
-
-![XML for CSP Runner](../images/CSPRunnerXML.jpg)
-
-You can use CSPRunner to include settings that are not defined in AssignedAccessXML. For example, you can include settings from other sections of EnterpriseAssignedAccess CSP, such as lockscreen, theme, and time zone. You can also include settings from other CSPs, such as [Wi-Fi CSP](/windows/client-management/mdm/wifi-csp) or [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
-
-CSPRunner is helpful when you are configuring a device to support multiple roles. It lets you apply different policies according to the role that is signed on. For example, Wi-Fi could be enabled for a supervisor role and disabled for a stocking clerk role. 
-
-In CSPRunner, you specify the CSP and settings using SyncML, a standardized markup language for device management. A SyncML section can include multiple settings, or you can use multiple SyncML sections -- it's up to you how you want to organize settings in this section.
-
-> [!NOTE]
-> This description of SyncML is just the information that you need to use SyncML in a lockdown XML file. To learn more about SyncML, see [Structure of OMA DM provisioning files](/windows/client-management/mdm/structure-of-oma-dm-provisioning-files).
-
-Let's start with the structure of SyncML in the following example:
-
-```xml
-SyncML>
-    
-        |
-            #
-            
-                
-                    CSP Path
-                
-                
-                    Data Type
-                
-                Value
-            
-        |
-        
-    
-
-```
-
-This table explains the parts of the SyncML structure.
-
-SyncML entry | Description
----|---
-**Add** or **Replace** | Use **Add** to apply a setting or policy that is not already configured. Use **Replace** to change an existing setting or policy.
-**CmdID** | SyncBody can contain multiple commands. Each command in a lockdown XML file must have a different **CmdID** value.
-**Item** | **Item** is a wrapper for a single setting. You can include multiple items for the command if they all use the same **Add** or **Replace** operation.
-**Target > LocURI** | **LocURI** is the path to the CSP. 
-**Meta > Format** | The data format required by the CSP.
-**Data** | The value for the setting.
-
-
-## Menu items
-
-![XML for menu items](../images/MenuItemsXML.png)
-
-Use DisableMenuItems to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Apps list. You can include this entry in the default profile and in any additional user role profiles that you create.
-
-```xml
-  
-      
-  
-```
-
-## Settings
-
-![XML for settings](../images/SettingsXML.png)
-
-The **Settings** section contains an `allow` list of pages in the Settings app and quick actions. The following example allows all settings.
-
-```xml
- 
-     
- 
- ```
-In earlier versions of Windows 10, you used the page name to define allowed settings. Starting in Windows 10, version 1703, you use the settings URI.
-
-In the following example for Windows 10, version 1703, all system setting pages that have a settings URI are enabled.
-
-```xml
- 
-   
-   
-  
-  
-   
-   
-   
-   
-   
- 
-```
-
-If you list a setting or quick action in **Settings**, all settings and quick actions that are not listed are blocked. To remove access to all of the settings in the system, do not include the settings application in [Apps](#apps).
-
-For a list of the settings and quick actions that you can allow or block, see [Settings and quick actions that can be locked down in Windows 10 Mobile](settings-that-can-be-locked-down.md).
-
-
- ## Tiles
-
- ![XML for tiles](../images/TilesXML.png)
-
- By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile. 
-
- > [!IMPORTANT]
- > If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile. 
-
- ```xml
- 
-     
- 
- ```
-
- ## Start screen size
-
- Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: 
-
-- Small sets the width to 4 columns on devices with short axis (less than 400epx) or 6 columns on devices with short axis (greater than or equal to 400epx).
-- Large sets the width to 6 columns on devices with short axis (less than 400epx) or 8 columns on devices with short axis (greater than or equal to 400epx).
-
-  If you have existing lockdown xml, you must update start screen size if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. 
-
-  [Learn about effective pixel width (epx) for different device size classes.](/windows/uwp/design/layout/screen-sizes-and-breakpoints-for-responsive-design)
-
-
-## Configure additional roles
-
-You can add custom configurations by role. In addition to the role configuration, you must also install a login application on the device. The app displays a list of available roles on the device; the user taps a role, such as "Manager"; the configuration defined for the "Manager" role is applied.
-
-[Learn how to create a login application that will work with your Lockdown XML file.](https://github.com/Microsoft/Windows-universal-samples/tree/master/Samples/DeviceLockdownAzureLogin) For reference, see the [Windows.Embedded.DeviceLockdown API](/uwp/api/Windows.Embedded.DeviceLockdown).
-
-In the XML file, you define each role with a GUID and name, as shown in the following example:
-
-```xml
-
-```
-
-You can create a GUID using a GUID generator -- free tools are available online. The GUID needs to be unique within this XML file.
-
-You can configure the same settings for each role as you did for the default role, except Start screen size which can only be configured for the default role. If you use CSPRunner with roles, be aware that the last CSP setting applied will be retained across roles unless explicitly changed in each role configuration. CSP settings applied by CSPRunner may conflict with settings applied by MDM. 
-
-```xml
-
-
-    
-        
-        
-        
-        
-        
-        
-        
-        
-    
-        
-            
-                
-                
-                
-                
-                
-                
-                
-            
-        
-
-```
-
-## Validate your XML
-
-You can validate your lockdown XML file against the [EnterpriseAssignedAccess XSD](/windows/client-management/mdm/enterpriseassignedaccess-xsd).
-
-## Add lockdown XML to a provisioning package
-
-
-Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](https://go.microsoft.com/fwlink/p/?LinkId=526740)
-
-1.  Follow the instructions at [Build and apply a provisioning package](../provisioning-packages/provisioning-create-package.md) to create a project, selecting **Common to all Windows mobile editions** for your project.
-
-2.  In **Available customizations**, go to **Runtime settings** > **EmbeddedLockdownProfiles** > **AssignedAccessXml**.
-
-3.  In the center pane, click **Browse** to locate and select the lockdown XML file that you created.
-
-    ![browse button](../images/icdbrowse.png)
-
-4.  On the **File** menu, select **Save.**
-
-5.  On the **Export** menu, select **Provisioning package**.
-
-6.  Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
-
-7.  Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
-
-    -   **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
-
-    -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package.
-
-8.  Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows ICD uses the project folder as the output location.
-
-    Optionally, you can click **Browse** to change the default output location.
-
-9.  Click **Next**.
-
-10. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
-
-    If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
-
-11. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
-
-    If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
-
-    -   If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
-    -   If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
-
-After you build the provisioning package, follow the instructions for [applying a provisioning package at runtime to Windows 10 Mobile](../provisioning-packages/provisioning-create-package.md).
-
-## Push lockdown XML using MDM
-
-
-After you deploy your devices, you can still configure lockdown settings through your MDM solution if it supports the [EnterpriseAssignedAccess CSP](/windows/client-management/mdm/enterpriseassignedaccess-csp).
-
-To push lockdown settings to enrolled devices, use the AssignedAccessXML setting and use the lockdown XML as the value. The lockdown XML will be in a HandheldLockdown section that becomes XML embedded in XML, so the XML that you enter must use escaped characters (such as `<` in place of <). After the MDM provider pushes your lockdown settings to the device, the CSP processes the file and updates the device.
-
-## Full Lockdown.xml example
-
-```xml
-
-
-    
-        
-        
-            
-            
-                
-                    Large
-                    
-                        0
-                        0
-                    
-                
-            
-            
-            
-                
-                    Small
-                    
-                        0
-                        2
-                    
-                
-            
-            
-            
-                
-                    Medium
-                    
-                        2
-                        2
-                    
-                
-            
-            
-            
-            
-            
-        
-        
-            
-                
-                
-                
-                
-                
-                
-            
-            
-                
-            
-        
-        
-            
-                
-                    
-                        1
-                        
-                            
-                                ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorID
-                            
-                            
-                                int
-                            
-                            
-                            7
-                        
-                    
-                    
-                
-            
-            
-                
-                    
-                        1
-                        
-                            
-                                ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeBackground
-                            
-                            
-                                int
-                            
-                            
-                            1
-                        
-                    
-                    
-                
-            
-            
-                
-                    
-                        2
-                        
-                            
-                                ./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName
-                            
-                            
-                                chr
-                                text/plain
-                            
-                            c:\windows\system32\lockscreen\480x800\Wallpaper_05.jpg
-                        
-                    
-                    
-                
-            
-        
-        
-            
-        
-        
-            
-            
-            
-            
-            
-            
-            
-            
-            
-        
-        
-            
-        
-        Small
-    
-    
-        
-            
-            
-                
-                
-                    
-                        Small
-                        
-                            0
-                            0
-                        
-                    
-                
-                
-                
-                    
-                        Large
-                        
-                            0
-                            2
-                        
-                    
-                
-                
-                
-            
-            
-            
-                
-                    
-                        
-                            1
-                            
-                                
-                                    ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorID
-                                
-                                
-                                    int
-                                
-                                
-                                10
-                            
-                        
-                        
-                    
-                
-                
-                    
-                        
-                            1
-                            
-                                
-                                    ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeBackground
-                                
-                                
-                                    int
-                                
-                                
-                                0
-                            
-                        
-                        
-                    
-                
-                
-                    
-                        
-                            2
-                            
-                                
-                                    ./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName
-                                
-                                
-                                    chr
-                                    text/plain
-                                
-                                c:\windows\system32\lockscreen\480x800\Wallpaper_08.jpg
-                            
-                        
-                        
-                    
-                
-            
-            
-                
-            
-            
-                
-                
-                
-                
-                
-                
-                
-                
-                
-                
-            
-        
-        
-            
-            
-                
-                
-                    
-                        Small
-                        
-                            0
-                            0
-                        
-                    
-                
-                
-                
-                    
-                        Small
-                        
-                            1
-                            0
-                        
-                    
-                
-                
-                
-                    
-                        Medium
-                        
-                            2
-                            0
-                        
-                    
-                
-                
-                
-                
-                
-                    
-                        Small
-                        
-                            0
-                            2
-                        
-                    
-                
-                
-                
-                    
-                        Medium
-                        
-                            2
-                            2
-                        
-                    
-                
-                
-                
-            
-            
-            
-                
-                    
-                        
-                            1
-                            
-                                
-                                    ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorID
-                                
-                                
-                                    int
-                                
-                                
-                                2
-                            
-                        
-                        
-                    
-                
-                
-                    
-                        
-                            1
-                            
-                                
-                                    ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeBackground
-                                
-                                
-                                    int
-                                
-                                
-                                1
-                            
-                        
-                        
-                    
-                
-                
-                    
-                        
-                            2
-                            
-                                
-                                    ./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName
-                                
-                                
-                                    chr
-                                    text/plain
-                                
-                                c:\windows\system32\lockscreen\480x800\Wallpaper_015.jpg
-                            
-                        
-                        
-                    
-                
-            
-            
-                
-            
-            
-                
-            
-            
-                
-            
-        
-    
-
-```
-
-## Learn more
-
-[Customizing Your Device Experience with Assigned Access](https://channel9.msdn.com/Events/Build/2016/P508)
-
-## Related topics
-
-
-[Settings and quick actions that can be locked down in Windows 10 Mobile](settings-that-can-be-locked-down.md)
-
-[Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md)
\ No newline at end of file
diff --git a/windows/configuration/mobile-devices/mobile-lockdown-designer.md b/windows/configuration/mobile-devices/mobile-lockdown-designer.md
deleted file mode 100644
index 68774e0da5..0000000000
--- a/windows/configuration/mobile-devices/mobile-lockdown-designer.md
+++ /dev/null
@@ -1,172 +0,0 @@
----
-title: Use the Lockdown Designer app to create a Lockdown XML file (Windows 10)
-description: 
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-author: greg-lindsay
-ms.author: greglin
-ms.topic: article
-ms.date: 07/27/2017
-ms.reviewer: 
-manager: dansimp
----
-
-# Use the Lockdown Designer app to create a Lockdown XML file
-
-![Lockdown Designer in the Store](../images/ldstore.png)
-
-Windows 10 Mobile allows enterprises to lock down a device, define multiple user roles, and configure custom layouts on a device. For example, the enterprise can lock down a device so that only applications and settings in an allow list are available. This is accomplished using Lockdown XML, an XML file that contains settings for Windows 10 Mobile. 
-
-When you deploy the lockdown XML file to a device, it is saved on the device as **wehlockdown.xml**. When the device boots, it looks for wehlockdown.xml and applies any settings configured in the file. You can deploy the lockdown XML file by [adding it to a provisioning package](lockdown-xml.md#add-lockdown-xml-to-a-provisioning-package) or [by using mobile device management (MDM)](lockdown-xml.md#push-lockdown-xml-using-mdm).
-
-The Lockdown Designer app helps you configure and create a lockdown XML file that you can apply to devices running Windows 10 Mobile, version 1703, and includes a remote simulation to help you determine the layout for tiles on the Start screen. Lockdown Designer also validates the XML. Using Lockdown Designer is easier than [manually creating a lockdown XML file](lockdown-xml.md).
-
-
-
-## Overview
-
-Lockdown Designer can be installed on a PC running Windows 10, version 1607 or later. After you install the app, you connect a mobile device running Windows 10 Mobile, version 1703, to the PC. 
-
->[!NOTE]
->Lockdown Designer will not make any changes to the connected device, but we recommend that you use a test device.
-
-Lockdown Designer will populate the available settings and apps to configure from the connected device. Using the different pages in the app, you select the settings, apps, and layout to be included in the lockdown XML.
-
-When you're done, you export the configuration to a lockdown XML file. This configuration can be applied to any device running Windows 10 Mobile, version 1703.
-
->[!NOTE]
->You can also import an existing WEHLockdown.xml file to Lockdown Designer and modify it in the app.
-
-## Prepare the test mobile device
-
-Perform these steps on the device running Windows 10 Mobile that you will use to supply the settings, apps, and layout to Lockdown Designer.
-
-1. Install all apps on the device that you want to include in the configuration, including line-of-business apps.
-
-2. On the mobile device, go to **Settings** > **Update & security** > **For developers**, enable **Developer mode**. 
-
-3. Read the disclaimer, then click **Yes** to accept the change.
-
-4. Enable **Device discovery**, and then turn on **Device Portal**. 
-
->[!IMPORTANT]
->Check **Settings > Personalization > Start > Show more tiles** on the test mobile device. If **Show more tiles** is **On**, you must select **Large** on the [**Start screen** page](#start) in Lockdown Designer. If you want to apply a **Small** layout, set **Show more tiles** on the test mobile device to **Off**.
->
->![turn off show more tiles for small start screen size](../images/show-more-tiles.png) 
-
-## Prepare the PC
-
-[Install Lockdown Designer](https://www.microsoft.com/store/r/9nblggh40753) on the PC. 
-
-If the PC and the test mobile device are on the same Wi-Fi network, you can connect the devices using Wi-Fi. 
-
-If you want to connect the PC and the test mobile device using a USB cable, perform the following steps on the PC:
-
-1. [Install the Windows 10 Software Development Kit (SDK)](https://developer.microsoft.com/windows/downloads/windows-10-sdk). This enables the **Windows Phone IP over USB Transport (IpOverUsbSvc)** service.
-
-2. Open a command prompt as an administrator and run `checknetisolation  LoopbackExempt -a -n=microsoft.lockdowndesigner_8wekyb3d8bbwe`
-
-    >[!NOTE]
-    >Loopback is permitted only for development purposes. To remove the loopback exemption when you're done using Lockdown Designer, run `checknetisolation  LoopbackExempt -d -n=microsoft.lockdowndesigner_8wekyb3d8bbwe`
-
-
-
-
-## Connect the mobile device to Lockdown Designer
-
-**Using Wi-Fi**
-
-1. Open Lockdown Designer.
-
-2. Click **Create new project**.
-
-3. On the test mobile device, go to **Settings** > **Update & security** > **For developers** > **Connect using:** and get the IP address listed for **Wi-Fi**.
-
-2. On the **Project setting** > **General settings** page, in **Remote device IP address**, enter the IP address for the test mobile device, using `https://`.
-
-3. Click **Pair**. 
-
-    ![Pair](../images/ld-pair.png)
-
-    **Connect to remote device** appears. 
-
-4. On the mobile device, under **Device discovery**, tap **Pair**. A case-sensitive code is displayed.
-
-5. On the PC, in **Connect to remote device**, enter the code from the mobile device.
-
-6. Next, click **Sync** to pull information from the device in to Lockdown Designer.
-
-    ![Sync](../images/ld-sync.png)
-
-7. Click the **Save** icon and enter a name for your project. 
-
-**Using a USB cable**
-
-1. Open Lockdown Designer.
-
-2. Click **Create new project**.
-
-2. Connect a Windows 10 Mobile device to the PC by USB and unlock the device.
-
-3. On the **Project setting** > **General settings** page, click **Pair**. 
-
-    ![Pair](../images/ld-pair.png)
-
-    **Connect to remote device** appears. 
-
-4. On the mobile device, under **Device discovery**, tap **Pair**. A case-sensitive code is displayed.
-
-5. On the PC, in **Connect to remote device**, enter the code from the mobile device.
-
-6. Next, click **Sync** to pull information from the device in to Lockdown Designer.
-
-    ![Sync](../images/ld-sync.png)
-
-7. Click the **Save** icon and enter a name for your project. 
-
-
-## Configure your lockdown XML settings
-
-The apps and settings available in the pages of Lockdown Designer should now be populated from the test mobile device. The following table describes what you can configure on each page.
-
-| Page | Description |
-| --- | --- |
-| ![Applications](../images/ld-apps.png) | Each app from the test mobile device is listed. Select the apps that you want visible to users.

                  You can select an app to run automatically when a user signs in to the device. The **Select Auto-Run** menu is populated by the apps that you select to allow on the device. |
-| ![CSP Runner](../images/ld-csp.png) | CSPRunner enables you to include settings and policies that are not defined in other sections of the app. To make use of CSPRunner, you must create the SyncML block that contains the settings, and then import the SyncML in Lockdown Designer. [Learn how to use CSPRunner and author SyncML.](lockdown-xml.md#csprunner)  |
-| ![Settings](../images/ld-settings.png)  |  On this page, you select the settings that you want visible to users. See the [ms settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference) to see which Settings page maps to a URI.  |
-| ![Quick actions](../images/ld-quick.png)  |  On this page, you select the settings that you want visible to users. |
-| ![Buttons](../images/ld-buttons.png)  |  Each hardware button on a mobile device has different actions that can be disabled. In addition, the behavior for **Search** button can be changed to open an app other than **Search**.

                  Some devices may have additional hardware buttons provided by the OEM. These are listed as Custom1, Custom2, and Custom3. If your device has custom hardware buttons, contact your equipment provider to identify how their custom buttons are defined. |
-| ![Other settings](../images/ld-other.png)  | This page contains several settings that you can configure:

                  - The context menu is displayed when a user presses and holds an application in the All Apps list. You can enable or disable the context menu.

                  - Tile manipulation allows users to pin, unpin, move, and resize tiles on the Start screen. You can enable or disable tile manipulation.

                  - The Action Center setting controls whether the user can open the Action Center on the device. When the Action Center is disabled, notifications on the lockscreen and toasts are also disabled. You can use optional attributes with the Action Center element to change that behavior for either notifications, toasts, or both.  |
-| ![Start screen](../images/ld-start.png)  | On this page, you can start a remote simulation session with the test mobile device. Click **Start remote simulation**. You will see a **Start screen remote simulation in progress** message on the PC. (If the **Start remote simulation** button is not active, [pair the mobile device with the PC again](#pair).)

                  On the test mobile device, tiles for the apps that you allowed on the **Applications** page are displayed on the screen. You can move, resize, or unpin these tiles to achieve the desired layout.

                  When you are done changing the layout on the test mobile device, click **Accept** on the PC. |
-
-
-## Validate and export
-
-On the **Validate and export** page, click **Validate** to make sure your lockdown XML is valid. 
-
->[!WARNING]
->Lockdown Designer cannot validate SyncML that you imported to CSPRunner.
-
-Click **Export** to generate the XML file for your project. You can select the location to save the file.
-
-## Create and configure multiple roles
-
-You can create additional roles for the device and have unique configurations for each role. For example, you could have one configuration for a **Manager** role and a different configuration for a **Salesperson** role.
-
->[!NOTE]
->Using multiple roles on a device requires a login application that displays the list of roles and allows users to sign in to Azure Active Directory. [Learn how to create a login application that will work with your Lockdown XML file.](https://github.com/Microsoft/Windows-universal-samples/tree/master/Samples/DeviceLockdownAzureLogin) 
-
-**For each role:**
-
-1. On the **Project setting** page, click **Role management**.
-
-2. Click **Add a role**.
-
-3. Enter a name for the role, and then click **Save**.
-
-4. Configure the settings for the role as above, but make sure on each page that you select the correct role.
-
-    ![Current role selection box](../images/ld-role.png)
\ No newline at end of file
diff --git a/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md b/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md
deleted file mode 100644
index fbea1f61d8..0000000000
--- a/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md
+++ /dev/null
@@ -1,254 +0,0 @@
----
-title: Product IDs in Windows 10 Mobile (Windows 10)
-description: You can use the product ID and Application User Model (AUMID) in Lockdown.xml to specify apps that will be available to the user.
-ms.assetid: 31116BED-C16A-495A-BD44-93218A087A1C
-ms.reviewer: 
-manager: dansimp
-keywords: ["lockdown"]
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: mobile
-author: greg-lindsay
-ms.author: greglin
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 07/27/2017
----
-
-# Product IDs in Windows 10 Mobile
-
-
-**Applies to**
-
--   Windows 10 Mobile
-
-You can use the product ID and Application User Model (AUMID) in Lockdown.xml to specify apps that will be available to the user.
-
-## Apps included in Windows 10 Mobile
-
-
-The following table lists the product ID and AUMID for each app that is included in Windows 10 Mobile.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  AppProduct IDAUMID
                  Alarms and clock44F7D2B4-553D-4BEC-A8B7-634CE897ED5FMicrosoft.WindowsAlarms_8wekyb3d8bbwe!App
                  CalculatorB58171C6-C70C-4266-A2E8-8F9C994F4456Microsoft.WindowsCalculator_8wekyb3d8bbwe!App
                  CameraF0D8FEFD-31CD-43A1-A45A-D0276DB069F1Microsoft.WindowsCamera_8wekyb3d8bbwe!App
                  Contact Support0DB5FCFF-4544-458A-B320-E352DFD9CA2BWindows.ContactSupport_cw5n1h2txyewy!App
                  CortanaFD68DCF4-166F-4C55-A4CA-348020F71B94Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                  ExcelEAD3E7C0-FAE6-4603-8699-6A448138F4DCMicrosoft.Office.Excel_8wekyb3d8bbwe!microsoft.excel
                  Facebook82A23635-5BD9-DF11-A844-00237DE2DB9EMicrosoft.MSFacebook_8wekyb3d8bbwe!x82a236355bd9df11a84400237de2db9e
                  File ExplorerC5E2524A-EA46-4F67-841F-6A9465D9D515c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy!App
                  FM RadioF725010E-455D-4C09-AC48-BCDEF0D4B626N/A
                  Get StartedB3726308-3D74-4A14-A84C-867C8C735C3CMicrosoft.Getstarted_8wekyb3d8bbwe!App
                  Groove MusicD2B6A184-DA39-4C9A-9E0A-8B589B03DEC0Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic
                  MapsED27A07E-AF57-416B-BC0C-2596B622EF7DMicrosoft.WindowsMaps_8wekyb3d8bbwe!App
                  Messaging27E26F40-E031-48A6-B130-D1F20388991AMicrosoft.Messaging_8wekyb3d8bbwe!x27e26f40ye031y48a6yb130yd1f20388991ax
                  Microsoft Edge395589FB-5884-4709-B9DF-F7D558663FFDMicrosoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
                  Money1E0440F1-7ABF-4B9A-863D-177970EEFB5EMicrosoft.BingFinance_8wekyb3d8bbwe!AppexFinance
                  Movies and TV6AFFE59E-0467-4701-851F-7AC026E21665Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo
                  News9C3E8CAD-6702-4842-8F61-B8B33CC9CAF1Microsoft.BingNews_8wekyb3d8bbwe!AppexNews
                  OneDriveAD543082-80EC-45BB-AA02-FFE7F4182BA8Microsoft.MicrosoftSkydrive_8wekyb3d8bbwe!App
                  OneNoteCA05B3AB-F157-450C-8C49-A1F127F5E71DMicrosoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim
                  Outlook Calendar
                  A558FEBA-85D7-4665-B5D8-A2FF9C19799B
                  Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar
                  Outlook Mail
                  A558FEBA-85D7-4665-B5D8-A2FF9C19799B
                  Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail
                  People60BE1FB8-3291-4B21-BD39-2221AB166481Microsoft.People_8wekyb3d8bbwe!xb94d6231y84ddy49a8yace3ybc955e769e85x
                  Phone (dialer)F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7Microsoft.CommsPhone_8wekyb3d8bbwe!App
                  PhotosFCA55E1B-B9A4-4289-882F-084EF4145005Microsoft.Windows.Photos_8wekyb3d8bbwe!App
                  PodcastsC3215724-B279-4206-8C3E-61D1A9D63ED3Microsoft.MSPodcast_8wekyb3d8bbwe!xc3215724yb279y4206y8c3ey61d1a9d63ed3x
                  PowerpointB50483C4-8046-4E1B-81BA-590B24935798Microsoft.Office.PowerPoint_8wekyb3d8bbwe!microsoft.pptim
                  Settings2A4E62D8-8809-4787-89F8-69D0F01654FB2a4e62d8-8809-4787-89f8-69d0f01654fb_8wekyb3d8bbwe!App
                  SkypeC3F8E570-68B3-4D6A-BDBB-C0A3F4360A51Microsoft.SkypeApp_kzf8qxf38zg5c!Skype.AppId
                  Skype Video27E26F40-E031-48A6-B130-D1F20388991AMicrosoft.Messaging_8wekyb3d8bbwe!App
                  Sports0F4C8C7E-7114-4E1E-A84C-50664DB13B17Microsoft.BingSports_8wekyb3d8bbwe!AppexSports
                  Storage5B04B775-356B-4AA0-AAF8-6491FFEA564DN/A
                  Store7D47D89A-7900-47C5-93F2-46EB6D94C159Microsoft.WindowsStore_8wekyb3d8bbwe!App
                  Voice recorder7311B9C5-A4E9-4C74-BC3C-55B06BA95AD0Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe!App
                  Wallet587A4577-7868-4745-A29E-F996203F1462Microsoft.MicrosoftWallet_8wekyb3d8bbwe!App
                  Weather63C2A117-8604-44E7-8CEF-DF10BE3A57C8Microsoft.BingWeather_8wekyb3d8bbwe!App
                  Windows Feedback7604089D-D13F-4A2D-9998-33FC02B63CE3Microsoft.WindowsFeedback_8wekyb3d8bbwe!App
                  Word258F115C-48F4-4ADB-9A68-1387E634459BMicrosoft.Office.Word_8wekyb3d8bbwe!microsoft.word
                  XboxB806836F-EEBE-41C9-8669-19E243B81B83Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp
                  
-
- 
-
-
-
-## Related topics
-
-
-[Configure Windows 10 Mobile using Lockdown XML](lockdown-xml.md)
-
-[Settings and quick actions that can be locked down in Windows 10 Mobile](settings-that-can-be-locked-down.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/configuration/mobile-devices/provisioning-configure-mobile.md b/windows/configuration/mobile-devices/provisioning-configure-mobile.md
deleted file mode 100644
index 1d321fd9cb..0000000000
--- a/windows/configuration/mobile-devices/provisioning-configure-mobile.md
+++ /dev/null
@@ -1,91 +0,0 @@
----
-title: Configure Windows 10 Mobile devices with Configuration Designer
-description: Use Windows Configuration Designer to configure Windows 10 Mobile devices
-keywords: phone, handheld, lockdown, customize
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-author: greg-lindsay
-ms.author: greglin
-ms.topic: article
-ms.date: 07/27/2017
-ms.reviewer: 
-manager: dansimp
----
-
-# Use Windows Configuration Designer to configure Windows 10 Mobile devices 
-
-Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using provisioning packages, you can easily specify desired configuration, settings, and information required to enroll the devices into management, and then apply that configuration to target devices in a matter of minutes. 
-
-A provisioning package (.ppkg) is a container for a collection of configuration settings. Using Windows Configuration Designer, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
-
-Windows Configuration Designer can be installed from the [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). Windows Configuration Designer is also available as an app in the Microsoft Store. [Learn more about installing Windows Configuration Designer.](../provisioning-packages/provisioning-install-icd.md)
-
-## Create a provisioning package using the wizard
-
-The **Provision Windows mobile devices** wizard lets you configure common settings for devices running Windows 10 Mobile in a simple, graphical workflow.
-
-### Start a new project
-
-1. Open Windows Configuration Designer:
-   - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click the Windows Configuration Designer shortcut, 
-    
-     or
-    
-   - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
-
-2. On the **Start** page, choose **Provision Windows mobile devices**.
-
-3. Enter a name for your project, and then click **Next**.
-
-
-### Configure settings in the wizard
-
-
-
-
-
-
-
                  step oneset up device

                  Enter a device name.

                   Optionally, you can enter a product key to upgrade the device from Windows 10 Mobile to Windows 10 Mobile Enterprise.                   		device name, upgrade license
                  step two  set up network

                  Toggle On or Off for wireless network connectivity. 

                  If you select On, enter the SSID, network type (Open or WPA2-Personal), and (if WPA2-Personal) the password for the wireless network.                  		Enter network SSID and type
                  step three  bulk enrollment in Azure Active Directory

                  Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization. The maximum number of devices per user setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. 

                   Set an expiration date for the token (maximum is 180 days from the date you get the token). Click Get bulk token. In the Let's get you signed in window, enter an account that has permissions to join a device to Azure AD, and then the password. Click Accept to give Windows Configuration Designer the necessary permissions.

                  Warning: You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.                   		Enter expiration and get bulk token
                  step four finish

                  You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.                  		Protect your package
                  
-
-After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
-
-### Apply provisioning package
-
-You can apply a provisioning package to a device running Windows 10 Mobile by using:
-
-- removable media 
-- copying the provisioning package to the device
-- [NFC tags](provisioning-nfc.md)
-- [barcodes](provisioning-package-splitter.md)
-
-### Using removable media
-
-1. Insert an SD card containing the provisioning package into the device.
-2. Navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. 
-
-    ![add a package option](../images/packages-mobile.png)
-
-3. Click **Add**.
-
-4. On the device, the **Is this package from a source you trust?** message will appear. Tap **Yes, add it**.
-
-    ![Is this package from a source you trust](../images/package-trust.png)
-    
-### Copying the provisioning package to the device
-
-1. Connect the device to your PC through USB.
-
-2. On the PC, select the provisioning package that you want to use to provision the device and then drag and drop the file to your device.
-
-3. On the device, the **Is this package from a source you trust?** message will appear. Tap **Yes, add it**.
-
-    ![Is this package from a source you trust](../images/package-trust.png)
-
-
-## Related topics
-
-- [NFC-based device provisioning](provisioning-nfc.md)
-- [Use the package splitter tool](provisioning-package-splitter.md)
\ No newline at end of file
diff --git a/windows/configuration/mobile-devices/provisioning-nfc.md b/windows/configuration/mobile-devices/provisioning-nfc.md
deleted file mode 100644
index 571a1488af..0000000000
--- a/windows/configuration/mobile-devices/provisioning-nfc.md
+++ /dev/null
@@ -1,144 +0,0 @@
----
-title: NFC-based device provisioning (Windows 10)
-description: 
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.reviewer: 
-manager: dansimp
----
-
-# NFC-based device provisioning
-
-
-**Applies to**
-
--   Windows 10 Mobile
-
-
-Near field communication (NFC) enables Windows 10 Mobile Enterprise and Windows 10 Mobile devices to communicate with an NFC tag or another NFC-enabled transmitting device. Enterprises that do bulk provisioning can use NFC-based device provisioning to provide a provisioning package to the device that's being provisioned. NFC provisioning is simple and convenient and it can easily store an entire provisioning package. 
-
-The NFC provisioning option enables the administrator to provide a provisioning package during initial device setup (the out-of-box experience or OOBE phase). Administrators can use the NFC provisioning option to transfer provisioning information to persistent storage by tapping an unprovisioned mobile device to an NFC tag or NFC-enabled device. To use NFC for pre-provisioning a device, you must either prepare your own NFC tags by storing your provisioning package to a tag as described in this section, or build the infrastructure needed to transmit a provisioning package between an NFC-enabled device and a mobile device during OOBE.
-
-## Provisioning OOBE UI
-
-All Windows 10 Mobile Enterprise and Windows 10 Mobile images have the NFC provisioning capability incorporated into the operating system. On devices that support NFC and are running Windows 10 Mobile Enterprise or Windows 10 Mobile, NFC-based device provisioning provides an additional mechanism to provision the device during OOBE.
-
-On all Windows devices, device provisioning during OOBE can be triggered by 5 fast taps on the Windows hardware key, which shows the **Provision this device** screen. In the **Provision this device** screen, select **NFC** for NFC-based provisioning. 
-
-![Example of Provision this device screen](../images/nfc.png)
-
-If there is an error during NFC provisioning, the device will show a message if any of the following errors occur:
-
-- **NFC initialization error** - This can be caused by any error that occurs before data transfer has started. For example, if the NFC driver isn't enabled or there's an error communicating with the proximity API.
-- **Interrupted download or incomplete package transfer** - This error can happen if the peer device is out of range or the transfer is aborted. This error can be caused whenever the device being provisioned fails to receive the provisioning package in time.
-- **Incorrect package format** - This error can be caused by any protocol error that the operating system encounters during the data transfer between the devices.
-- **NFC is disabled by policy** - Enterprises can use policies to disallow any NFC usage on the managed device. In this case, NFC functionality is not enabled.
-
-## NFC tag
-
-You can use an NFC tag for minimal provisioning and use an NFC-enabled device tag for larger provisioning packages.
-
-The protocol used for NFC-based device provisioning is similar to the one used for NFC provisioning on Windows Embedded 8.1 Handheld, which supported both single-chunk and multi-chunk transfer when the total transfer didn't fit in one NDEP message size. In Windows 10, the provisioning stack contains the following changes:
-
-- **Protocol namespace** - The protocol namespace has changed from Windows.WEH.PreStageProv.Chunk to Windows.ProvPlugins.Chunk.
-- **Tag data type** - The tag data type has changed from UTF-8 into binary raw data.
-
-
->[!NOTE]
->The NFC tag doesn't go in the secondary device. You can transfer the NFC tag by using a provisioning package from device-to-device using the NFC radio or by re-reading the provisioning package from an NFC tag.
-
-### NFC tag components
-
-NFC tags are suitable for very light applications where minimal provisioning is required. The size of NFC tags that contain provisioning packages is typically 4 KB to 10 KB. 
-
-To write to an NFC tag, you will need to use an NFC Writer tool, or you can use the [ProximityDevice class API](/uwp/api/Windows.Networking.Proximity.ProximityDevice) to write your own custom tool to transfer your provisioning package file to your NFC tag. The tool must publish a binary message (write) a Chunk data type to your NFC tag.
-
-The following table describes the information that is required when writing to an NFC tag.
-
-| Required field | Description |
-| --- | --- |
-| **Type** | Windows.ProvPlugins.Chunk

                  The receiving device uses this information to understand information in the Data field. |
-| **Data** | Tag data with small header in raw binary format that contains a chunk of the provisioning package to be transferred. |
- 
-
-
-### NFC provisioning helper
-
-The NFC provisioning helper device must split the provisioning package raw content into multiple parts and publish these in order. Each part should follow the following format:
-
-
                  Version
                  (1 byte)                  		Leading
                  (1 byte)                  		Order
                  (1 byte)                  		Total
                  (1 byte)                  		Chunk payload
                  (N bytes)
                  
- 
-For each part:
-- Version should always be 0x00.
-- Leading byte should always be 0xFF.
-- Order represents which message chunk (out of the whole message) the part belongs to. The Order begins with zero (0). 
-- Total represents the total number of chunks to be transferred for the whole message.
-- Chunk payload represents each of the split parts.
-
-The NFC provisioning helper device must publish the record in a type of Windows.ProvPlugins.Chunk.
-
-**Code example**
-
-The following example shows how to write to an NFC tag. This example assumes that the tag is already in range of the writing device.
-
-```
-        private async void WriteProvPkgToTag(IStorageFile provPkgFile)
-        {
-            var buffer = await FileIO.ReadBufferAsync(provPkgFile);
-            if (null == buffer)
-            {
-                return;
-            }
-
-            var proximityDevice = Windows.Networking.Proximity.ProximityDevice.GetDefault();
-            if (null == proximityDevice)
-            {
-                return;
-            }
-
-            var dataWriter = new DataWriter();
-            var header = new NfcProvHeader();
-
-            header.version = NFC_PROV_MESSAGE_CURRENT_VERSION;  // Currently the supported version is 0x00.
-            header.leading = NFC_PROV_MESSAGE_LEADING_BYTE;     // The leading byte should be always 0xFF.
-            header.index = 0; // Assume we only have 1 chunk.
-            header.total = 1; // Assume we only have 1 chunk.
-
-            // Write the header first and then the raw data of the provisioning package.
-            dataWriter.WriteBytes(GetBytes(header));
-            dataWriter.WriteBuffer(buffer);
-
-            var chunkPubId = proximityDevice.PublishBinaryMessage(
-                            "Windows:WriteTag.ProvPlugins.Chunk",
-                            dataWriter.DetachBuffer());
-        }
-```
-
-
-### NFC-enabled device tag components
-
-Provisioning from an NFC-enabled source device allows for larger provisioning packages than can be transferred using an NFC tag. When provisioning from an NFC-enabled device, we recommend that the total file size not exceed 120 KB. Be aware that the larger the NFC file is, the longer it will take to transfer the provisioning file. Depending on your NFC hardware, the transfer time for a 120 KB file will vary between 2.5 seconds and 10 seconds.
-
-To provision from an NFC-enabled source device, use [ProximityDevice class API](/uwp/api/Windows.Networking.Proximity.ProximityDevice) to write your own custom tool that transfers your provisioning package in chunks to your target mobile device. The tool must publish binary messages (transmit) a Header message, followed by one or more Chunk messages. The Header specifies the total amount of data that will be transferred to the target device; the Chunks must contain binary raw data formatted provisioning data, as shown in the NFC tag components section.
-
-For detailed information and code samples on how to implement an NFC-enabled device tag, see **ConvertToNfcMessageAsync** in [this GitHub NfcProvisioner Universal Windows app example](https://github.com/Microsoft/Windows-universal-samples/blob/master/Samples/NfcProvisioner/cs/Scenario1.xaml.cs). The sample app shows you how to host the provisioning package on a master device so that you can transfer it to the receiving device.
-
- 
-
-
-
-
-
-## Related topics
-
-- [Use Windows Configuration Designer to configure Windows 10 Mobile devices](provisioning-configure-mobile.md)
-
-- [Barcode provisioning and the package splitter tool](provisioning-package-splitter.md)
- 
-
diff --git a/windows/configuration/mobile-devices/provisioning-package-splitter.md b/windows/configuration/mobile-devices/provisioning-package-splitter.md
deleted file mode 100644
index 3bfd9c31b4..0000000000
--- a/windows/configuration/mobile-devices/provisioning-package-splitter.md
+++ /dev/null
@@ -1,93 +0,0 @@
----
-title: Barcode provisioning and the package splitter tool (Windows 10)
-description: 
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.reviewer: 
-manager: dansimp
----
-
-# Barcode provisioning and  the package splitter tool
-
-
-**Applies to**
-
-- Windows 10 Mobile
-
-Enterprises that do bulk provisioning can use barcode-based device provisioning to provide a provisioning package to the device that's being provisioned. 
-
-The barcode provisioning option enables the administrator to provide a provisioning package during initial device setup (the out-of-box experience or OOBE phase). To use barcodes to provision a device, your devices must have an integrated barcode scanner. You can get the barcode format that the scanner supports from your OEM or device provider, and use your existing tools and processes to convert a provisioning package into barcodes.
-
-Enterprise IT professionals who want to use a barcode to provision mobile devices during OOBE can use the package splitter tool, **ppkgtobase64.exe**, which is a command-line tool to split the provisioning package into smaller files.
-
-The smallest provisioning package is typically 5-6 KB, which cannot fit into one single barcode. The package splitter tool allows partners to split the original provisioning package into multiple smaller sized chunks that are encoded with Base64 so that enterprises can leverage their existing tools to convert these files into barcodes.
-
-When you [install Windows Configuration Designer](../provisioning-packages/provisioning-install-icd.md) from the Windows Assessment and Deployment Kit (ADK), **ppkgtobase64.exe** is installed to the same folder.
-
-## Prerequisites
-
-Before you can use the tool, you must have a built provisioning package. The package file is the input to the package splitter tool.
-
-- To build a provisioning package using the Windows Configuration Designer UI, see [Use Windows Configuration Designer to configure Windows 10 Mobile devices](provisioning-configure-mobile.md). 
-- To build a provisioning package using the Windows Configuration Designer CLI, see [Windows Configuration Designer command-line interface](../provisioning-packages/provisioning-command-line.md).
-
-## To use the package splitter tool (ppkgtobase64.exe)
-
-1. Open a command-line window with administrator privileges.
-
-
-2. From the command-line, navigate to the Windows Configuration Designer install directory.
-
-    On an x64 computer, type:
-    ```
-    cd C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86
-    ```
-
-   - or -
-
-     On an x86 computer, type:
-    
-     ```
-     cd C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86
-     ```
-
-3. Run `ppkgtobase64.exe`. The [syntax](#syntax) and [switches and arguments](#switches-and-arguments) sections provide details for the command.
-
-
-### Syntax
-
-```
-ppkgtobase64.exe -i  -o  -s   [-c]  [/?]  
-```
-
-### Switches and arguments
-
-| Switch | Required? | Arguments |
-| --- | --- | --- |
-| -i | Yes | Use to specify the path and file name of the provisioning package that you want to divide into smaller files.

                  The tool allows you to specify the absolute path of the provisioning package file. However, if you don't specify the path, the tool will search the current folder for a package that matches the file name you specified. |
-| -o | Yes | Use to specify the directory where the output files will be saved. |
-| -s | Yes | Use to specify the size of the block that will be encoded in Base64. |
-| -c | No | Use to delete any files in the output directory if the directory already exists. This parameter is optional. |
-| /? | No | Lists the switches and their descriptions for the command-line tool or for certain commands. |
- 
-
-
-
-
-## Related topics
-
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md b/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
deleted file mode 100644
index 711f3cfc4e..0000000000
--- a/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
+++ /dev/null
@@ -1,202 +0,0 @@
----
-title: Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise (Windows 10)
-description: A device in kiosk mode runs a specified app with no access to other device functions, menus, or settings.
-ms.assetid: 35EC82D8-D9E8-45C3-84E9-B0C8C167BFF7
-ms.reviewer: 
-manager: dansimp
-keywords: kiosk, lockdown, assigned access
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: mobile
-author: greg-lindsay
-ms.author: greglin
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 07/27/2017
----
-
-# Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise
-
-
-**Applies to**
-
--   Windows 10 Mobile
-
-
-A device in kiosk mode runs a specified app with no access to other device functions, menus, or settings. You use the [Enterprise Assigned Access](#enterprise-assigned-access) configuration service provider (CSP) to configure a kiosk experience. You can also configure a device running Windows 10 Mobile or Windows 10 Mobile Enterprise, version 1607 or earlier, for kiosk mode by using the [Apps Corner](#apps-corner) feature. (Apps Corner is removed in version 1703.)
-
-
-
-## Enterprise Assigned Access
-
-
-Enterprise Assigned Access allows you to put your Windows 10 Mobile or Windows 10 Mobile Enterprise device in kiosk mode by creating a user role that has only a single app, set to run automatically, in the Allow list.
-
->[!NOTE]
->The app can be a Universal Windows app, Universal Windows Phone 8 app, or a legacy Silverlight app.
-
- 
-
-### Set up Enterprise Assigned Access in MDM
-
-In AssignedAccessXml, for Application, you enter the product ID for the app to run in kiosk mode. Find product IDs at [Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md).
-
-[See the technical reference for the Enterprise Assigned Access configuration service provider (CSP).](/windows/client-management/mdm/enterpriseassignedaccess-csp)
-
-### Set up assigned access using Windows Configuration Designer
-
->[!IMPORTANT]
->When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
-
-#### Create the *AssignedAccess*.xml file
-
-1.  Create an *AssignedAccess*.xml file that specifies the app the device will run. (You can name use any file name.) For instructions on AssignedAccessXml, see [EnterpriseAssignedAccess CSP](/windows/client-management/mdm/enterpriseassignedaccess-csp).
-
-    >[!NOTE]
-    >Do not escape the xml in *AssignedAccess*.xml file as Windows Configuration Designer will do that when building the package. Providing escaped xml in Windows ICD will cause building the package fail.
-    
-#### Create the provisioning package
-
-1. [Install Windows Configuration Designer.](../provisioning-packages/provisioning-install-icd.md)
-
-2.  Open Windows Configuration Designer (if you installed it from the Windows ADK, `%windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe`).
-
-3. Choose **Advanced provisioning**.
-
-
-
-4.  Name your project, and click **Next**.
-
-5.  Choose **All Windows mobile editions** and click **Next**.
-
-6.  On **New project**, click **Finish**. The workspace for your package opens.
-
-7.  Expand **Runtime settings** > **EmbeddedLockdownProfiles**, and click **AssignedAccessXml**.
-
-8.  Click **Browse** to select the *AssignedAccess*.xml file.
-
-9.  On the **File** menu, select **Save.**
-
-10. On the **Export** menu, select **Provisioning package**.
-
-11. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
-
-12. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
-
-    -   **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
-
-    -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package.
-
-13. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows ICD uses the project folder as the output location.
-
-    Optionally, you can click **Browse** to change the default output location.
-
-14. Click **Next**.
-
-15. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
-
-    If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
-
-16. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
-
-    If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
-
-    -   If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
-    -   If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
-
-17. Select the **output location** link to go to the location of the package. 
-
-#### Distribute the provisioning package
-
-You can distribute that .ppkg to mobile devices using any of the following methods:
-
--   Removable media (USB/SD)
-
-    **To apply a provisioning package from removable media**
-
-    1.  Copy the provisioning package file to the root directory on a micro SD card.
-
-    2.  On the device, insert the micro SD card containing the provisioning package.
-
-    3.  Go to **Settings** > **Accounts** > **Provisioning.**
-
-    4.  Tap **Add a package**.
-
-    5.  On the **Choose a method** screen, in the **Add from** dropdown menu, select **Removable Media**.
-
-    6.  Select a package will list all available provisioning packages on the micro SD card. Tap the desired package, and then tap **Add**.
-
-    7.  You will see a message that tells you what the package will do the device, such as **Adding it will: Lock down the user interface**. Tap **Yes, add it**.
-
-    8.  Restart the device and verify that the runtime settings that were configured in the provisioning package were applied to the device.
-
--   Email
-
-    **To apply a provisioning package sent in email**
-
-    1.  Send the provisioning package in email to an account on the device.
-
-    2.  Open the email on the device, and then double-tap the attached file.
-
-    3.  You will see a message that tells you what the package will do the device, such as **Adding it will: Lock down the user interface**. Tap **Yes, add it**.
-
-    4.  Restart the device and verify that the runtime settings that were configured in the provisioning package were applied to the device.
-
--   USB tether 
-
-    **To apply a provisioning package using USB tether**
-
-    1.  Connect the device to your PC by USB.
-
-    2.  Select the provisioning package that you want to use to provision the device, and then drag and drop the file to your device.
-
-    3.  The provisioning package installation dialog will appear on the phone.
-
-    4.  You will see a message that tells you what the package will do the device, such as **Adding it will: Lock down the user interface**. Tap **Yes, add it**.
-
-    5.  Restart the device and verify that the runtime settings that were configured in the provisioning package were applied to the device.
-
-       
-
-## Apps Corner
-
->[!NOTE]
->For Windows 10, versions 1507, 1511, and 1607 only.
-
-Apps Corner lets you set up a custom Start screen on your Windows 10 Mobile or Windows 10 Mobile Enterprise device, where you can share only the apps you choose with the people you let use your device. You configure a device for kiosk mode by selecting a single app to use in Apps Corner.
-
-**To set up Apps Corner**
-
-1.  On Start ![start](../images/starticon.png), swipe over to the App list, then tap **Settings** ![settings](../images/settingsicon.png) > **Accounts** > **Apps Corner**.
-
-2.  Tap **Apps**, tap to select the app that you want people to use in the kiosk mode, and then tap done ![done icon](images/doneicon.png).
-
-3.  If your phone doesn't already have a lock screen password, you can set one now to ensure that people can't get to your Start screen from Apps Corner. Tap **Protect my phone with a password**, click **Add**, type a PIN in the **New PIN** box, type it again in the **Confirm PIN** box, and then tap **OK**. Press **Back** ![back](../images/backicon.png) to the Apps Corner settings.
-
-4.  Turn **Action center** on or off, depending on whether you want people to be able to use these features when using the device in kiosk mode.
-
-5.  Tap **advanced**, and then turn features on or off, depending on whether you want people to be able to use them.
-
-6.  Press **Back** ![back](../images/backicon.png) when you're done.
-
-**To use Apps Corner**
-
-1.  On Start ![start](../images/starticon.png), swipe over to the App list, then tap **Settings** ![settings](../images/settingsicon.png) > **Accounts** > **Apps Corner** > launch ![launch](../images/launchicon.png).
-
-    >[!TIP]
-    >Want to get to Apps Corner with one tap? In **Settings**, tap **Apps Corner** > **pin** to pin the Apps Corner tile to your Start screen.
-  
-2.  Give the device to someone else, so they can use the device and only the one app you chose.
-
-3.  When they're done and you get the device back, press and hold Power ![power](../images/powericon.png), and then swipe right to exit Apps Corner.
-
-## Related topics
-
-
-[Set up a kiosk on Windows 10 Pro, Enterprise, or Education](../kiosk-single-app.md)
-
-[Configure Windows 10 Mobile using Lockdown XML](lockdown-xml.md)
-
-[Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md)
-
diff --git a/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md b/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md
deleted file mode 100644
index c616794f43..0000000000
--- a/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md
+++ /dev/null
@@ -1,499 +0,0 @@
----
-title: Lock down settings and quick actions in Windows 10 Mobile
-description: This topic lists the settings and quick actions that can be locked down in Windows 10 Mobile.
-ms.assetid: 69E2F202-D32B-4FAC-A83D-C3051DF02185
-ms.reviewer: 
-manager: dansimp
-keywords: ["lockdown"]
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: mobile
-author: greg-lindsay
-ms.author: greglin
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 07/27/2017
----
-
-# Settings and quick actions that can be locked down in Windows 10 Mobile
-
-
-**Applies to**
-
--   Windows 10 Mobile
-
-This topic lists the settings and quick actions that can be locked down in Windows 10 Mobile.
-
-## Settings lockdown in Windows 10, version 1703
-
-In earlier versions of Windows 10, you used the page name to define allowed settings. Starting in Windows 10, version 1703, you use the settings URI.
-
-For example, in place of **SettingsPageDisplay**, you would use **ms-settings:display**.
-
-See the [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference) to find the URI for each Settings page.
-
-## Settings lockdown in Windows 10, version 1607 and earlier
-
-
-You can use Lockdown.xml to configure lockdown settings.
-
-The following table lists the settings pages and page groups. Use the page name in the Settings section of Lockdown.xml. The Settings section contains an allow list of pages in the Settings app.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  Main menuSub-menuPage name
                  SystemSettingsPageGroupPCSystem
                  DisplaySettingsPageDisplay
                  Notifications & actionsSettingsPageAppsNotifications
                  PhoneSettingsPageCalls
                  MessagingSettingsPageMessaging
                  BatterySettingsPageBatterySaver
                  Apps for websitesSettingsPageAppsForWebsites
                  StorageSettingsPageStorageSenseStorageOverview
                  Driving modeSettingsPageDrivingMode
                  Offline mapsSettingsPageMaps
                  AboutSettingsPagePCSystemInfo
                  DevicesSettingsPageGroupDevices
                  Default cameraSettingsPagePhotos
                  BluetoothSettingsPagePCSystemBluetooth
                  NFCSettingsPagePhoneNFC
                  MouseSettingsPageMouseTouchpad
                  USBSettingsPageUsb
                  Network and wirelessSettingsPageGroupNetwork
                  Cellular & SIMSettingsPageNetworkCellular
                  Wi-FiSettingsPageNetworkWiFi
                  Airplane modeSettingsPageNetworkAirplaneMode
                  Data usageSettingsPageDataSenseOverview
                  Mobile hotspotSettingsPageNetworkMobileHotspot
                  VPNSettingsPageNetworkVPN
                  PersonalizationSettingsPageGroupPersonalization
                  StartSettingsPageBackGround
                  ColorsSettingsPageColors
                  SoundsSettingsPageSounds
                  Lock screenSettingsPageLockscreen
                  Glance screenSettingsPageGlance
                  Navigation barSettingsNagivationBar
                  AccountsSettingsPageGroupAccounts
                  Your infoSettingsPageAccountsPicture
                  Sign-in optionsSettingsPageAccountsSignInOptions
                  Email & app accountsSettingsPageAccountsEmailApp
                  Access work or schoolSettingsPageWorkAccess
                  Sync your settingsSettingsPageAccountsSync
                  Apps corner
                  
-
                  (disabled in Assigned Access)
                  		SettingsPageAppsCorner
                  Time & languageSettingsPageGroupTimeRegion
                  Date & timeSettingsPageTimeRegionDateTime
                  LanguageSettingsPageTimeLanguage
                  RegionSettingsPageTimeRegion
                  KeyboardSettingsPageKeyboard
                  SpeechSettingsPageSpeech
                  Ease of accessSettingsPageGroupEaseOfAccess
                  NarratorSettingsPageEaseOfAccessNarrator
                  MagnifierSettingsPageEaseOfAccessMagnifier
                  High contrastSettingsPageEaseOfAccessHighContrast
                  Closed captionsSettingsPageEaseOfAccessClosedCaptioning
                  More optionsSettingsPageEaseOfAccessMoreOptions
                  PrivacySettingsPageGroupPrivacy
                  LocationSettingsPagePrivacyLocation
                  CameraSettingsPagePrivacyWebcam
                  MicrophoneSettingsPagePrivacyMicrophone
                  MotionSettingsPagePrivacyMotionData
                  NotificationsSettingsPagePrivacyNotifications
                  Speech. inking, & typingSettingsPagePrivacyPersonalization
                  Account infoSettingsPagePrivacyAccountInfo
                  ContactsSettingsPagePrivacyContacts
                  CalendarSettingsPagePrivacyCalendar
                  Phone callsSettingsPagePrivacyPhoneCall
                  Call historySettingsPagePrivacyCallHistory
                  EmailSettingsPagePrivacyEmail
                  MessagingSettingsPagePrivacyMessaging
                  RadiosSettingsPagePrivacyRadios
                  Continue App ExperiencesSettingsPagePrivacyCDP
                  Background appsSettingsPagePrivacyBackgroundApps
                  Accessory appsSettingsPageAccessories
                  Advertising IDSettingsPagePrivacyAdvertisingId
                  Other devicesSettingsPagePrivacyCustomPeripherals
                  Feedback and diagnosticsSettingsPagePrivacySIUFSettings
                  Update and securitySettingsPageGroupRestore
                  Phone updateSettingsPageRestoreMusUpdate
                  Windows Insider ProgramSettingsPageFlights
                  Device encryptionSettingsPageGroupPCSystemDeviceEncryption
                  BackupSettingsPageRestoreOneBackup
                  Find my phoneSettingsPageFindMyDevice
                  For developersSettingsPageSystemDeveloperOptions
                  OEMSettingsPageGroupExtensibility
                  ExtensibilitySettingsPageExtensibility
                  
-
- 
-
-## Quick actions lockdown
-
-
-Quick action buttons are locked down in exactly the same way as Settings pages/groups. By default they are always conditional.
-
-You can specify the quick actions as follows:
-
-```xml
-
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
- 
-```
-
-
-
- 
-
-## Related topics
-
-
-[Configure Windows 10 Mobile using Lockdown XML](lockdown-xml.md)
-
-[Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md)
-
- 
-
- 
\ No newline at end of file
diff --git a/windows/configuration/mobile-devices/start-layout-xml-mobile.md b/windows/configuration/mobile-devices/start-layout-xml-mobile.md
deleted file mode 100644
index 41fc17fe04..0000000000
--- a/windows/configuration/mobile-devices/start-layout-xml-mobile.md
+++ /dev/null
@@ -1,393 +0,0 @@
----
-title: Start layout XML for mobile editions of Windows 10 (Windows 10)
-description: This topic describes the options for customizing Start layout in LayoutModification.xml for Windows 10 mobile editions.
-keywords: ["start screen"]
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.reviewer: 
-manager: dansimp
----
-
-# Start layout XML for mobile editions of Windows 10 (reference)
-
-
-**Applies to**
-
--   Windows 10
-
->**Looking for consumer information?** See [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
-
-
-On Windows 10 Mobile, you can use the XML-based layout to modify the Start screen and provide the most robust and complete Start customization experience. 
-
-On Windows 10 Mobile, the customized Start works by:
-
-- Windows 10 performs checks to determine the correct base default layout. The checks include the mobile edition, whether the device is dual SIM, the column width, and whether Cortana is supported for the country/region.
-- Windows 10 ensures that it does not overwrite the layout that you have set and will sequence the level checks and read the file layout such that any multivariant settings that you have set is not overwritten.
-- Windows 10 reads the LayoutModification.xml file and appends the group to the Start screen. 
-
-## Default Start layouts
-
-The following diagrams show the default Windows 10, version 1607 Start layouts for single SIM and dual SIM devices with Cortana support, and single SIM and dual SIM devices with no Cortana support. 
-
-![Start layout for Windows 10 Mobile](../images/mobile-start-layout.png)
-
-The diagrams show:
-
-- Tile coordinates - These are determined by the row number and the column number.
-- Fold - Tiles "above the fold" are visible when users first navigate to the Start screen. Tiles "below the fold" are visible after users scroll up.
-- Partner-customizable tiles - OEM and mobile operator partners can customize these areas of the Start screen by prepinning content. The partner configurable slots are:
-    - Rows 6-9
-    - Rows 16-19
-
-## LayoutModification XML
-
-IT admins can provision the Start layout by creating a LayoutModification.xml file. This file supports several mechanisms to modify or replace the default Start layout and its tiles.
-
->[!NOTE]
->To make sure the Start layout XML parser processes your file correctly, follow these guidelines when writing your LayoutModification.xml file:
->- Do not leave spaces or white lines in between each element.
->- Do not add comments inside the StartLayout node or any of its children elements.
->- Do not add multiple rows of comments.
-
-The following table lists the supported elements and attributes for the LayoutModification.xml file.
-
-| Element | Attributes | Description |
-| --- | --- | --- |
-| LayoutModificationTemplate | xmlns
                  xmlns:defaultlayout
                  xmlns:start
                  Version | Use to describe the changes to the default Start layout. |
-| DefaultLayoutOverride

                  Parent:
                  LayoutModificationTemplate | n/a | Use to specify the customized Start layout for mobile devices. |
-| StartLayoutCollection

                  Parent:
                  DefaultLayoutOverride | n/a | Use to contain a collection of Start layouts. |
-| StartLayout

                  Parent:
                  StartLayoutCollection | n/a | Use to specify the tile groups that will be appended to the Start screen. |
-| start:Group

                  Parent:
                  StartLayout | Name | Use to specify the tiles that need to be appended to the default Start layout. | 
-| start:Tile

                  Parent:
                  start:Group | AppUserModelID
                  Size
                  Row
                  Column | Use to specify any Universal Windows app that has a valid **AppUserModelID** attribute. |
-| start:SecondaryTile

                  Parent:
                  start:Group | AppUserModelID
                  TileID
                  Arguments
                  DisplayName
                  Square150x150LogoUri
                  ShowNameOnSquare150x150Logo
                  ShowNameOnWide310x150Logo
                  Wide310x150LogoUri
                  BackgroundColor
                  ForegroundText
                  IsSuggestedApp
                  Size
                  Row
                  Column | Use to pin a Web link through a Microsoft Edge secondary tile. |
-| start:PhoneLegacyTile

                  Parent:
                  start:Group | ProductID
                  Size
                  Row
                  Column | Use to add a mobile app that has a valid **ProductID** attribute. |
-| start:Folder

                  Parent:
                  start:Group | Name
                  Size
                  Row
                  Column | Use to add a folder to the mobile device's Start screen. |
-| RequiredStartTiles

                  Parent:
                  LayoutModificationTemplate | n/a | Use to specify the tiles that will be pinned to the bottom of the Start screen even if a restored Start screen does not have the tiles during backup or restore. |
-
-### start:Group
- 
-**start:Group** tags specify a group of tiles that will be appended to Start. You can set the **Name** attribute to specify a name for the Start group.
-
->[!NOTE]
->Windows 10 Mobile only supports one Start group.
-
- For Windows 10 Mobile, **start:Group** tags can contain the following tags or elements:
-
-- **start:Tile**
-- **start:SecondaryTile**
-- **start:PhoneLegacyTile**
-- **start:Folder**
-
-### Specify Start tiles
-
-To pin tiles to Start, you must use the right kind of tile depending on what you want to pin. 
-
-#### Tile size and coordinates
-
-All tile types require a size (**Size**) and coordinates (**Row** and **Column**) attributes regardless of the tile type that you use when prepinning items to Start.
-
-The following table describes the attributes that you must use to specify the size and location for the tile.
-
-| Attribute | Description |
-| --- | --- |
-| Size | Determines how large the tile will be. 
                  - 1x1 - small tile
                  - 2x2 - medium tile
                  - 4x2 - wide tile
                  - 4x4 - large tile |
-| Row | Specifies the row where the tile will appear. |
-| Column | Specifies the column where the tile will appear. |
- 
-For example, a tile with Size="2x2", Row="2", and Column="2" results in a tile located at (2,2) where (0,0) is the top-left corner of a group.
-
-#### start:Tile
-
-You can use the **start:Tile** tag to pin a Universal Windows app to Start.
-
-To specify an app, you must set the **AppUserModelID** attribute to the application user model ID that's associated with the corresponding app. 
-
-The following example shows how to pin the Microsoft Edge Universal Windows app:
-
-```XML
-
-```
-
-#### start:SecondaryTile
-
-You can use the **start:SecondaryTile** tag to pin a Web link through a Microsoft Edge secondary tile. 
-
-The following example shows how to create a tile of the Web site's URL using the Microsoft Edge secondary tile:
-
-```XML
-
-```
-
-The following table describes the other attributes that you can use with the **start:SecondaryTile** tag in addition to **Size**, **Row**, and **Column**.
-
-| Attribute | Required/optional | Description |
-| --- | --- | --- |
-| AppUserModelID | Required | Must point to Microsoft Edge. |
-| TileID | Required | Must uniquely identify your Web site tile. |
-| Arguments | Required | Must contain the URL of your Web site. |
-| DisplayName | Required | Must specify the text that you want users to see. |
-| Square150x150LogoUri | Required | Specifies the logo to use on the 2x2 tile. |
-| Wide310x150LogoUri | Optional | Specifies the logo to use on the 4x2 tile. |
-| ShowNameOnSquare150x150Logo | Optional | Specifies whether the display name is shown on the 2x2 tile. You can set the value for this attribute to true or false. By default, this is set to false. |
-| ShowNameOnWide310x150Logo | Optional | Specifies whether the display name is shown on the 4x2 tile. You can set the value for this attribute to true or false. By default, this is set to false. |
-| BackgroundColor | Optional | Specifies the color of the tile. You can specify the value in ARGB hexadecimal (for example, #FF112233) or specify "transparent". |
-| ForegroundText | Optional | Specifies the color of the foreground text. Set the value to either "light" or "dark". |
- 
- Secondary Microsoft Edge tiles have the same size and location behavior as a Universal Windows app.
-
-#### start:PhoneLegacyTile
-
-You can use the **start:PhoneLegacyTile** tag to add a mobile app that has a valid ProductID, which you can find in the app's manifest file. The **ProductID** attribute must be set to the GUID of the app.
-
-The following example shows how to add a mobile app with a valid ProductID using the start:PhoneLegacyTile tag:
-
-```XML
-
-```
-
-#### start:Folder
-
-You can use the **start:Folder** tag to add a folder to the mobile device's Start screen.
-
-You must set these attributes to specify the size and location of the folder: **Size**, **Row**, and **Column**. 
-
-Optionally, you can also specify a folder name by using the **Name** attribute. If you specify a name, set the value to a string.
-
-The position of the tiles inside a folder is relative to the folder. You can add any of the following tile types to the folder:
-
-- Tile - Use to pin a Universal Windows app to Start.
-- SecondaryTile - Use to pin a Web link through a Microsoft Edge secondary tile. 
-- PhoneLegacyTile - Use to pin a mobile app that has a valid ProductID.
-
-The following example shows how to add a medium folder that contains two apps inside it:
-
-```XML
-
-          
-          
-          
-```
-
-#### RequiredStartTiles
-
-You can use the **RequiredStartTiles** tag to specify the tiles that will be pinned to the bottom of the Start screen even if a restored Start screen does not have the tiles during backup or restore.
-
->[!NOTE]
->Enabling this Start customization may be disruptive to the user experience.
-
-For Windows 10 Mobile, **RequiredStartTiles** tags can contain the following tags or elements. These are similar to the tiles supported in **start:Group**. 
-
-- Tile - Use to pin a Universal Windows app to Start.
-- SecondaryTile - Use to pin a Web link through a Microsoft Edge secondary tile. 
-- PhoneLegacyTile - Use to pin a mobile app that has a valid ProductID.
-- Folder - Use to pin a folder to the mobile device's Start screen.
-
-Tiles specified within the **RequiredStartTiles** tag have the following behavior:
-
-- The partner-pinned tiles will begin in a new row at the end of the user-restored Start screen. 
-- If there’s a duplicate tile between what the user has in their Start screen layout and what the OEM has pinned to the Start screen, only the app or tile shown in the user-restored Start screen layout will be shown and the duplicate tile will be omitted from the pinned partner tiles at the bottom of the Start screen.
-
-The lack of duplication only applies to pinned apps. Pinned Web links may be duplicated.
-
-- If partners have prepinned folders to the Start screen, Windows 10 treats these folders in the same way as appended apps on the Start screen. Duplicate folders will be removed. 
-- All partner tiles that are appended to the bottom of the user-restored Start screen will be medium-sized. There will be no gaps in the appended partner Start screen layout. Windows 10 will shift tiles accordingly to prevent gaps.
-
-## Sample LayoutModification.xml
-
-The following sample LayoutModification.xml shows how you can configure the Start layout for devices running Windows 10 Mobile:
-
-```XML
-
-
-    
-      
-            
-              
-                  
-                  
-              
-            
-      
-    
-    
-         
-         
-         
-         
-    
-
-```
-
-## Use Windows Provisioning multivariant support
-
-The Windows Provisioning multivariant capability allows you to declare target conditions that, when met, supply specific customizations for each variant condition. For Start customization, you can create specific layouts for each variant that you have. To do this, you must create a separate LayoutModification.xml file for each variant that you want to support and then include these in your provisioning package. For more information on how to do this, see Create a provisioning package with multivariant settings.
-
-The provisioning engine chooses the right customization file based on the target conditions that were met, adds the file in the location that's specified for the setting, and then uses the specific file to customize Start. To differentiate between layouts, you can add modifiers to the LayoutModification.xml filename such as "LayoutCustomization1". Regardless of the modifier that you use, the provsioning engine will always output "LayoutCustomization.xml" so that the OS has a consistent file name to query against.
-
-For example, if you want to ensure that there's a specific layout for a certain mobile operator in a certain country/region, you can:
-1. Create a specific layout customization file and then name it LayoutCustomization1.xml.
-2. Include the file as part of your provisioning package.
-3. Create your multivariant target and reference the XML file within the target condition in the main customization XML file.
-
-The following example shows what the overall customization file might look like with multivariant support for Start:
-
-```XML
-
-
-  
-    {6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}
-    My Provisioning Package
-    1.0
-    OEM
-    50
-  
-  
-    
-      
-         
-           
-             
-             
-           
-        
-        
-          
-           
-             
-             
-          
-          
-        
-      
-      
-         
-           
-            1 
-            1 
-            1 
-           
-           
-            1 
-           
-         
-      
-      
-        
-          
-        
-        
-          c:\users\\appdata\local\Microsoft\Windows\Shell\LayoutCustomization1.XML
-          
-            1
-          
-        
-      
-    
-  
-
-```
-
-When the condition is met, the provisioning engine takes the XML file and places it in the location that Windows 10 has set and then the Start subsystem reads the file and applies the specific customized layout.
-
-You must repeat this process for all variants that you want to support so that each variant can have a distinct layout for each of the conditions and targets that need to be supported. For example, if you add a **Language** condition, you can create a Start layout that has it's own localized group or folder titles.
-
-## Add the LayoutModification.xml file to the image
-
-Once you have created your LayoutModification.xml file to customize devices that will run Windows 10 Mobile, you can use Windows ICD to add the XML file to the device:
-
-1. In the **Available customizations** pane, expand **Runtime settings**, select **Start** and then click the **StartLayout** setting.
-2. In the middle pane, click **Browse** to open File Explorer.
-3. In the File Explorer window, navigate to the location where you saved your LayoutModification.xml file. 
-4. Select the file and then click **Open**. 
-
-This should set the value of **StartLayout**. The setting appears in the **Selected customizations** pane.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-## Related topics
-
-
-- [Manage Windows 10 Start layout options](../windows-10-start-layout-options-and-policies.md)
-- [Configure Windows 10 taskbar](../configure-windows-10-taskbar.md)
-- [Customize Windows 10 Start and taskbar with Group Policy](../customize-windows-10-start-screens-by-using-group-policy.md)
-- [Customize Windows 10 Start and taskbar with ICD and provisioning packages](../customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start with mobile device management (MDM)](../customize-windows-10-start-screens-by-using-mobile-device-management.md)
-- [Changes to Group Policy settings for Windows 10 Start](../changes-to-start-policies-in-windows-10.md)
-- [Start layout XML for desktop editions of Windows 10 (reference)](../start-layout-xml-desktop.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/configuration/provisioning-apn.md b/windows/configuration/provisioning-apn.md
index 326ea5b8b8..ffe4a55f6d 100644
--- a/windows/configuration/provisioning-apn.md
+++ b/windows/configuration/provisioning-apn.md
@@ -3,12 +3,12 @@ title: Configure cellular settings for tablets and PCs (Windows 10)
 description: Enterprises can provision cellular settings for tablets and PC with built-in cellular modems or plug-in USB modem dongles.
 ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/13/2018
@@ -53,11 +53,11 @@ For users who work in different locations, you can configure one APN to connect
 
 5. Enter a name for the connection, and then click **Add**.
 
-    ![Example of APN connection name](images/apn-add.png)
+    ![Example of APN connection name.](images/apn-add.png)
     
 6. The connection appears in the **Available customizations** pane. Select it to view the settings that you can configure for the connection.
 
-    ![settings for new connection](images/apn-add-details.png)
+    ![settings for new connection.](images/apn-add-details.png)
     
 7. The following table describes the settings available for the connection.
 
diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
index 67c28a8b90..9147bc6b90 100644
--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@@ -1,44 +1,38 @@
 ---
-title: Configuration service providers for IT pros (Windows 10)
+title: Configuration service providers for IT pros (Windows 10/11)
 description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices. 
 ms.assetid: 25C1FDCA-0E10-42A1-A368-984FFDB2B7B6
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: gkomatsu
+manager: dougeby
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
 ---
 
 # Configuration service providers for IT pros
 
 **Applies to**
 
--   Windows 10
--   Windows 10 Mobile
+- Windows 10
+- Windows 11
 
-This article explains how IT pros and system administrators can take advantage of many settings available through configuration service providers (CSPs) to configure devices running Windows 10 and Windows 10 Mobile in their organizations. CSPs expose device configuration settings in Windows 10. The CSPs are used by mobile device management (MDM) service providers and are documented in the [Hardware Dev Center](/windows/client-management/mdm/configuration-service-provider-reference). 
-
-> [!NOTE]
-> The information provided here about CSPs and CSP documentation also applies to Windows Mobile 5, Windows Mobile 6, Windows Phone 7, and Windows Phone 8, but links to current CSPs are for Windows 10 and Windows 10 Mobile.
-
- [See what's new for CSPs in Windows 10, version 1809.](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1809)
+This article explains how IT pros and system administrators can take advantage of many settings available through configuration service providers (CSPs) to configure devices running Windows client in their organizations. CSPs expose device configuration settings in Windows client. The CSPs are used by mobile device management (MDM) service providers and are documented in the [Hardware Dev Center](/windows/client-management/mdm/configuration-service-provider-reference).
 
 ## What is a CSP?
 
 In the client operating system, a CSP is the interface between configuration settings that are specified in a provisioning document and configuration settings that are on the device. CSPs are similar to Group Policy client-side extensions in that they provide an interface to read, set, modify, or delete configuration settings for a given feature. Typically, these settings map to registry keys, files, or permissions. Some of these settings are configurable, and some are read-only.
 
-Starting with Windows Mobile 5.0, CSPs were used to manage Windows mobile devices. On the Windows 10 platform, the management approach for both desktop and mobile devices converges, taking advantage of the same CSPs to configure and manage all devices running Windows 10.
+On the Windows client platform, the management approach for desktop uses CSPs to configure and manage all devices running Windows client.
 
 Each CSP provides access to specific settings. For example, the [Wi-Fi CSP](/windows/client-management/mdm/wifi-csp) contains the settings to create a Wi-Fi profile.
 
-CSPs are behind many of the management tasks and policies for Windows 10, both in Microsoft Intune and in non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
+CSPs are behind many of the management tasks and policies for Windows client, both in Microsoft Intune and in non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
 
-![how intune maps to csp](../images/policytocsp.png)
+:::image type="content" source="../images/policytocsp.png" alt-text="How intune maps to CSP":::
 
 CSPs receive configuration policies in the XML-based Synchronization Markup Language (SyncML) format, pushed from an MDM-compliant management server, such as Microsoft Intune. Traditional enterprise management systems, such as Microsoft Endpoint Configuration Manager, can also target CSPs, by using a client-side Windows Management Instrumentation (WMI)-to-CSP Bridge.
 
@@ -48,7 +42,7 @@ The Open Mobile Alliance Device Management (OMA-DM) protocol uses the XML-based
 
 ### The WMI-to-CSP Bridge
 
-The WMI-to-CSP Bridge is a component allowing configuration of Windows 10 CSPs using scripts and traditional enterprise management software, such as Configuration Manager using WMI. The bridge is responsible for reading WMI commands and through a component called the common device configurator pass them to a CSP for application on the device.
+The WMI-to-CSP Bridge is a component allowing configuration of Windows client CSPs using scripts and traditional enterprise management software, such as Configuration Manager using WMI. The bridge is responsible for reading WMI commands and through a component called the common device configurator pass them to a CSP for application on the device.
 
 [Learn how to use the WMI Bridge Provider with PowerShell.](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider)
 
@@ -56,9 +50,7 @@ The WMI-to-CSP Bridge is a component allowing configuration of Windows 10 CSPs u
 
 Generally, enterprises rely on Group Policy or MDM to configure and manage devices. For devices running Windows, MDM services use CSPs to configure your devices.
 
-In addition, you may have unmanaged devices, or a large number of devices that you want to configure before enrolling them in management. You may also want to apply custom settings that aren't available through your MDM service. The [CSP documentation](#bkmk-csp-doc) can help you understand the settings that can be configured or queried.
-
-Some of the articles in the [Windows 10 and Windows 10 Mobile](/windows/windows-10) library on Technet include links to applicable CSP reference topics, such as [Cortana integration in your business or enterprise](../cortana-at-work/cortana-at-work-overview.md), which links to the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider). In the CSP topics, you can learn about all of the available configuration settings.
+In addition, you may have unmanaged devices, or a large number of devices that you want to configure before enrolling them in management. You may also want to apply custom settings that aren't available through your MDM service. The [CSP documentation](#bkmk-csp-doc) can help you understand the settings that can be configured or queried. You can also learn about all of the available configuration settings.
 
 ### CSPs in Windows Configuration Designer
 
@@ -66,27 +58,25 @@ You can use Windows Configuration Designer to create [provisioning packages](./p
 
 Many settings in Windows Configuration Designer will display documentation for that setting in the center pane, and will include a reference to the CSP if the setting uses one, as shown in the following image.
 
-![how help content appears in icd](../images/cspinicd.png)
+:::image type="content" source="../images/cspinicd.png" alt-text="In Windows Configuration Designer, how help content appears in icd.":::
 
-[Provisioning packages in Windows 10](provisioning-packages.md) explains how to use the Windows Configuration Designer tool to create a runtime provisioning package.
+[Provisioning packages in Windows client](provisioning-packages.md) explains how to use the Windows Configuration Designer tool to create a runtime provisioning package.
 
 ### CSPs in MDM
 
 Most, if not all, CSPs are surfaced through your MDM service. If you see a CSP that provides a capability that you want to make use of and cannot find that capability in your MDM service, contact your MDM provider for assistance. It might be named differently than you expected. You can see the CSPs supported by MDM in the [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference).
 
-When a CSP is available but is not explicitly included in your MDM solution, you may be able to make use of the CSP by using OMA-URI settings. In Intune, for example, you can use [custom policy settings](https://go.microsoft.com/fwlink/p/?LinkID=616316) to deploy settings. Intune documents [a partial list of settings](https://go.microsoft.com/fwlink/p/?LinkID=616317) that you can enter in the **OMA-URI Settings** section of a custom policy, if your MDM service provides that extension. You'll notice that the list doesn't explain the meanings of the allowed and default values, so use the [CSP reference documentation](/windows/client-management/mdm/configuration-service-provider-reference) to locate that information.
+When a CSP is available but is not explicitly included in your MDM solution, you may be able to make use of the CSP by using OMA-URI settings. In Intune, for example, you can use [custom policy settings](/mem/intune/configuration/custom-settings-configure) to deploy settings. Intune documents [a partial list of settings](/mem/intune/configuration/custom-settings-windows-10) that you can enter in the **OMA-URI Settings** section of a custom policy, if your MDM service provides that extension. You'll notice that the list doesn't explain the meanings of the allowed and default values, so use the [CSP reference documentation](/windows/client-management/mdm/configuration-service-provider-reference) to locate that information.
 
 ### CSPs in Lockdown XML
 
-Lockdown XML can be used to configure devices running Windows 10 Mobile. You can manually author a [Lockdown XML file](../mobile-devices/lockdown-xml.md) to make use of the configuration settings available through the [EnterpriseAssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/enterpriseassignedaccess-csp). In Windows 10, version 1703, you can also use the new [Lockdown Designer app](../mobile-devices/mobile-lockdown-designer.md) to configure your Lockdown XML.
-
 ## How do you use the CSP documentation?
 
-All CSPs in Windows 10 are documented in the [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference).
+All CSPs are documented in the [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference).
 
-The [main CSP topic](/windows/client-management/mdm/configuration-service-provider-reference) tells you which CSPs are supported on each edition of Windows 10, and links to the documentation for each individual CSP.
+The [CSP reference](/windows/client-management/mdm/configuration-service-provider-reference) tells you which CSPs are supported on each edition of Windows, and links to the documentation for each individual CSP.
 
-![csp per windows edition](../images/csptable.png)
+:::image type="content" source="../images/csptable.png" alt-text="The CSP reference shows the supported Windows editions":::
 
 The documentation for each CSP follows the same structure. After an introduction that explains the purpose of the CSP, a diagram shows the parts of the CSP in tree format.
 
@@ -94,7 +84,7 @@ The full path to a specific configuration setting is represented by its Open Mob
 
 The following example shows the diagram for the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). The diagram maps to the XML for that CSP. Notice the different shapes in the diagram: rounded elements are nodes, and rectangular elements are settings or policies for which a value must be supplied.
 
-![assigned access csp tree](../images/provisioning-csp-assignedaccess.png)
+:::image type="content" source="../images/provisioning-csp-assignedaccess.png" alt-text="The CSP reference shows the assigned access csp tree.":::
 
 The element in the tree diagram after the root node tells you the name of the CSP. Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. For example, in the following OMS-URI path for the kiosk mode app settings, you can see that it uses the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp).
 
@@ -104,7 +94,7 @@ The element in the tree diagram after the root node tells you the name of the CS
 
 When an element in the diagram uses _italic_ font, it indicates a placeholder for specific information, such as the tenant ID in the following example.
 
-![placeholder in csp tree](../images/csp-placeholder.png)
+:::image type="content" source="../images/csp-placeholder.png" alt-text="The placeholder in the CSP tree":::
 
 After the diagram, the documentation describes each element. For each policy or setting, the valid values are listed.
 
@@ -114,26 +104,11 @@ The documentation for most CSPs will also include an XML example.
 
 ## CSP examples
 
-CSPs provide access to a number of settings useful to enterprises. This section introduces the CSPs that an enterprise might find useful.
+CSPs provide access to many settings useful to enterprises. This section introduces the CSPs that an enterprise might find useful.
 
--   [EnterpriseAssignedAccess CSP](/windows/client-management/mdm/enterpriseassignedaccess-csp)
-
-    The EnterpriseAssignedAccess CSP lets IT administrators configure settings on a Windows 10 Mobile device. An enterprise can make use of this CSP to create single-use or limited-use mobile devices, such as a handheld device that only runs a price-checking app.
-
-    In addition to lock screen wallpaper, theme, time zone, and language, the EnterpriseAssignedAccess CSP includes AssignedAccessXml that can be used to lock down the device through the following settings:
-
-    -   Enabling or disabling the Action Center.
-    -   Configuring the number of tile columns in the Start layout.
-    -   Restricting the apps that will be available on the device.
-    -   Restricting the settings that the user can access.
-    -   Restricting the hardware buttons that will be operable.
-    -   Restricting access to the context menu.
-    -   Enabling or disabling tile manipulation.
-    -   Creating role-specific configurations.
-    
 -   [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider)
 
-    The Policy CSP enables the enterprise to configure policies on Windows 10 and Windows 10 Mobile. Some of these policy settings can also be applied using Group Policy, and the CSP documentation lists the equivalent Group Policy settings.
+    The Policy CSP enables the enterprise to configure policies on Windows client. Some of these policy settings can also be applied using Group Policy, and the CSP documentation lists the equivalent Group Policy settings.
 
     Some of the settings available in the Policy CSP include the following:
 
@@ -153,7 +128,7 @@ CSPs provide access to a number of settings useful to enterprises. This section
     -   **Update**, such as whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store.
     -   **WiFi**, such as whether Internet sharing is enabled.
 
-Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile Enterprise, or both:
+Here is a list of CSPs supported on Windows 10 Enterprise:
 
 -   [ActiveSync CSP](/windows/client-management/mdm/activesync-csp)
 -   [Application CSP](/windows/client-management/mdm/application-csp)
@@ -182,7 +157,6 @@ Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile Ent
 -   [EnterpriseAssignedAccess CSP](/windows/client-management/mdm/enterpriseassignedaccess-csp)
 -   [EnterpriseDesktopAppManagement CSP](/windows/client-management/mdm/enterprisedesktopappmanagement-csp)
 -   [EnterpriseExt CSP](/windows/client-management/mdm/enterpriseext-csp)
--   [EnterpriseExtFileSystem CSP](/windows/client-management/mdm/enterpriseextfilessystem-csp)
 -   [EnterpriseModernAppManagement CSP](/windows/client-management/mdm/enterprisemodernappmanagement-csp)
 -   [FileSystem CSP](/windows/client-management/mdm/filesystem-csp)
 -   [HealthAttestation CSP](/windows/client-management/mdm/healthattestation-csp)
@@ -211,4 +185,4 @@ Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile Ent
 -   [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)
 -   [Wi-Fi CSP](/documentation/)
 -   [WindowsLicensing CSP](/windows/client-management/mdm/windowslicensing-csp)
--   [WindowsSecurityAuditing CSP](/windows/client-management/mdm/windowssecurityauditing-csp)
\ No newline at end of file
+-   [WindowsSecurityAuditing CSP](/windows/client-management/mdm/windowssecurityauditing-csp)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
index 38b7e01c09..1305b2bb87 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
@@ -1,18 +1,17 @@
 ---
-title: Provision PCs with common settings (Windows 10)
+title: Provision PCs with common settings (Windows 10/11)
 description: Create a provisioning package to apply common settings to a PC running Windows 10. 
 ms.assetid: 66D14E97-E116-4218-8924-E2A326C9367E
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: gkomatsu
+manager: dougeby
 keywords: ["runtime provisioning", "provisioning package"]
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
 ---
 
 # Provision PCs with common settings for initial deployment (desktop wizard)
@@ -20,16 +19,17 @@ ms.date: 07/27/2017
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 11
 
-This topic explains how to create and apply a provisioning package that contains common enterprise settings to a device running all desktop editions of Windows 10 except Windows 10 Home.
+This topic explains how to create and apply a provisioning package that contains common enterprise settings to a device running all desktop editions of Windows client except Home.
 
 You can apply a provisioning package on a USB drive to off-the-shelf devices during setup, making it fast and easy to configure new devices. 
 
 ## Advantages
 -   You can configure new devices without reimaging.
 
--   Works on both mobile and desktop devices.
+-   Works on desktop devices.
 
 -   No network connectivity required.
 
@@ -51,14 +51,14 @@ The desktop wizard helps you configure the following settings in a provisioning
 - Add applications and certificates
 
 >[!WARNING]
->You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.
+>You must run Windows Configuration Designer on Windows client to configure Azure Active Directory enrollment using any of the wizards.
 
 Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more. 
 
 > [!TIP]
 > Use the desktop wizard to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc.
 >
->![open advanced editor](../images/icd-simple-edit.png)
+> :::image type="content" source="../images/icd-simple-edit.png" alt-text="In the desktop wizard, open the advanced editor.":::
 
 ## Create the provisioning package
 
@@ -68,26 +68,76 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
 2. Click **Provision desktop devices**.
 
-   ![ICD start options](../images/icd-create-options-1703.png)   
+    :::image type="content" source="../images/icd-create-options-1703.png" alt-text="In Windows Configuration Designer, see the ICD start options.":::
 
 3. Name your project and click **Finish**. The pages for desktop provisioning will walk you through the following steps.
 
-   ![ICD desktop provisioning](../images/icd-desktop-1703.png)
+    :::image type="content" source="../images/icd-desktop-1703.png" alt-text="In Windows Configuration Designer, select Finish, and see the ICD desktop provisioning.":::
   
 > [!IMPORTANT]
 > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 
 ## Configure settings
 
+1. Enable device setup:
 
-
-
-
-
-
- 
-
-
                  step oneset up device

                  Enter a name for the device.

                  (Optional) Select a license file to upgrade Windows 10 to a different edition. See the permitted upgrades.

                  Toggle Yes or No to Configure devices for shared use. This setting optimizes Windows 10 for shared use scenarios. Learn more about shared PC configuration.

                  You can also select to remove pre-installed software from the device.                   		device name, upgrade to enterprise, shared use, remove pre-installed software
                  step two  set up network

                  Toggle On or Off for wireless network connectivity. If you select On, enter the SSID, the network type (Open or WPA2-Personal), and (if WPA2-Personal) the password for the wireless network.                  		Enter network SSID and type
                  step three  account management

                  Enable account management if you want to configure settings on this page. 

                  You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device

                  To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.

                  Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization. The maximum number of devices per user setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 180 days from the date you get the token). Click Get bulk token. In the Let's get you signed in window, enter an account that has permissions to join a device to Azure AD, and then the password. Click Accept to give Windows Configuration Designer the necessary permissions. 

                  To create a local administrator account, select that option and enter a user name and password. 

                  Important: If you create a local account in the provisioning package, you must change the password using the Settings app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.                    		join Active Directory, Azure AD, or create a local admin account
                  step four add applications

                  You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see Provision PCs with apps.                   		add an application
                  step five add certificates

                  To provision the device with a certificate, click Add a certificate. Enter a name for the certificate, and then browse to and select the certificate to be used.                  		add a certificate
                    The 'finish' button as displayed when provisioning a desktop device in Windows Configuration Designer.

                  You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.                  		Protect your package
                  
+    :::image type="content" source="../images/set-up-device-details-desktop.png" alt-text="In Windows Configuration Designer, enable device setup, enter the device name, the product key to upgrade, turn off shared use, and remove preinstalled software.":::
+
+    If you want to enable device setup, select **Set up device**, and configure the following settings:
+
+    - **Device name**: Required. Enter a unique 15-character name for the device. You can use variables to add unique characters to the name, such as `Contoso-%SERIAL%` and `Contoso-%RAND:5%`.
+    - **Enter product key**: Optional. Select a license file to upgrade Windows client to a different edition. For more information, see [the permitted upgrades](/windows/deployment/upgrade/windows-10-edition-upgrades).
+    - **Configure devices for shared use**: Select **Yes** or **No** to optimize the Windows client for shared use scenarios.
+    - **Remove pre-installed software**: Optional. Select **Yes** if you want to remove preinstalled software.
+
+2. Set up the network:
+
+    :::image type="content" source="../images/set-up-network-details-desktop.png" alt-text="In Windows Configuration Designer, turn on wireless connectivity, enter the network SSID, and network type.":::
+
+    If you want to enable network setup, select **Set up network**, and configure the following settings:
+
+    - **Set up network**: To enable wireless connectivity, select **On**.
+    - **Network SSID**: Enter the Service Set IDentifier (SSID) of the network.
+    - **Network type**: Select **Open** or **WPA2-Personal**. If you select **WPA2-Personal**, enter the password for the wireless network.
+
+3. Enable account management:
+
+    :::image type="content" source="../images/account-management-details.png" alt-text="In Windows Configuration Designer, join Active Directory, Azure AD, or create a local admin account.":::
+
+    If you want to enable account management, select **Account Management**, and configure the following settings:
+
+    - **Manage organization/school accounts**: Choose how devices are enrolled. Your options:
+      - **Active Directory**: Enter the credentials for a least-privileged user account to join the device to the domain.
+      - **Azure Active Directory**: Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup). In your Azure AD tenant, the **maximum number of devices per user** setting determines how many times the bulk token in the wizard can be used.
+
+        If you select this option, enter a friendly name for the bulk token you get using the wizard. Set an expiration date for the token. The maximum is 180 days from the date you get the token. Select **Get bulk token**. In **Let's get you signed in**, enter an account that has permissions to join a device to Azure AD, and then the password. Select **Accept** to give Windows Configuration Designer the necessary permissions.
+
+        You must run Windows Configuration Designer on Windows client to configure Azure AD enrollment using any of the wizards.
+
+      - **Local administrator**: If you select this option, enter a user name and password. If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password isn't changed during that period, the account might be locked out, and unable to sign in.
+
+4. Add applications:
+
+    :::image type="content" source="../images/add-applications-details.png" alt-text="In Windows Configuration Designer, add an application.":::
+
+    To add applications to the devices, select **Add applications**. You can install multiple applications, including Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps. The settings in this step vary depending on the application you select. For help with the settings, see [Provision PCs with apps](provision-pcs-with-apps.md).
+
+5. Add certificates:
+
+    :::image type="content" source="../images/add-certificates-details.png" alt-text="In Windows Configuration Designer, add a certificate.":::
+
+    To add a certificate to the devices, select **Add certificates**, and configure the following settings:
+
+    - **Certificate name**: Enter a name for the certificate.
+    - **Certificate path**: Browse and select the certificate you want to add.
+
+6. Finish:
+
+    :::image type="content" source="../images/finish-details.png" alt-text="In Windows Configuration Designer, protect your package with a password.":::
+
+    To complete the wizard, select **Finish**, and configure the following setting:
+
+    - **Protect your package**: Select **Yes** or **No** to password protect your provisioning package. When you apply the provisioning package to a device, you must enter this password.
 
 After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
 
@@ -98,20 +148,16 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
 
 -   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
-
  
-## Related topics
+## Related articles
 
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
-- [NFC-based device provisioning](../mobile-devices/provisioning-nfc.md)
-- [Use the package splitter tool](../mobile-devices/provisioning-package-splitter.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
\ No newline at end of file
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
index a71916bfab..faad3522bb 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
@@ -5,13 +5,13 @@ keywords: ["runtime provisioning", "provisioning package"]
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 07/27/2017
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Provision PCs with apps and certificates for initial deployment (advanced provisioning)
@@ -46,7 +46,7 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
 
 2. Click **Advanced provisioning**.
 
-   ![ICD start options](../images/icdstart-option.png)  
+   ![ICD start options.](../images/icdstart-option.png)  
   
 3. Name your project and click **Next**.
 
@@ -73,19 +73,19 @@ Universal apps that you can distribute in the provisioning package can be line-o
 
 2. For **DeviceContextApp**, specify the **PackageFamilyName** for the app. In Microsoft Store for Business, the package family name is listed in the **Package details** section of the download page.
 
-    ![details for offline app package](../images/uwp-family.png)
+    ![details for offline app package.](../images/uwp-family.png)
 
 3. For **ApplicationFile**, click **Browse** to find and select the target app (either an \*.appx or \*.appxbundle).
 
 4. For **DependencyAppxFiles**, click **Browse** to find and add any dependencies for the app. In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. 
 
-    ![required frameworks for offline app package](../images/uwp-dependencies.png)
+    ![required frameworks for offline app package.](../images/uwp-dependencies.png)
 
 5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. 
 
     - In Microsoft Store for Business, generate the unencoded license for the app on the app's download page, and change the extension of the license file from **.xml** to **.ms-windows-store-license**.
 
-        ![generate license for offline app](../images/uwp-license.png)
+        ![generate license for offline app.](../images/uwp-license.png)
         
     - Open the license file and search for **LicenseID=** to get the GUID, enter the GUID in the **LicenseProductID** field and click **Add**.
     
@@ -194,8 +194,6 @@ For details about the settings you can customize in provisioning packages, see [
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [NFC-based device provisioning](../mobile-devices/provisioning-nfc.md)
-- [Use the package splitter tool](../mobile-devices/provisioning-package-splitter.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
 
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index cca8b46be8..f1b8691117 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -1,17 +1,16 @@
 ---
-title: Provision PCs with apps  (Windows 10)
+title: Provision PCs with apps  (Windows 10/11)
 description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package.
 keywords: ["runtime provisioning", "provisioning package"]
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.author: greglin
+ms.author: aaroncz
 ms.topic: article
-ms.date: 09/06/2017
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: gkomatsu
+manager: dougeby
 ---
 
 # Provision PCs with apps 
@@ -20,9 +19,10 @@ manager: dansimp
 **Applies to**
 
 - Windows 10
+- Windows 11
 
 
-In Windows 10, version 1703, you can install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package. This topic explains the various settings in [Windows Configuration Designer](provisioning-install-icd.md) for app install.
+You can install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package. This article explains the various settings in [Windows Configuration Designer](provisioning-install-icd.md) for app install.
 
 When you add an app in a Windows Configuration Designer wizard, the appropriate settings are displayed based on the app that you select. For instructions on adding an app using the advanced editor in Windows Configuration Designer, see [Add an app using advanced editor](#adv).
 
@@ -33,7 +33,7 @@ When you add an app in a Windows Configuration Designer wizard, the appropriate
 
 - **License Path**: Specify the license file if it is an app from the Microsoft Store. This is optional if you have a certificate for the app. 
 
-- **Package family name**: Specify the package family name if you don’t specify a license. This field will be auto-populated after you specify a license. 
+- **Package family name**: Specify the package family name if you don’t specify a license. This field will be autopopulated after you specify a license. 
 
 - **Required appx dependencies**: Specify the appx dependency packages that are required for the installation of the app 
 
@@ -44,25 +44,25 @@ When you add an app in a Windows Configuration Designer wizard, the appropriate
 > [!NOTE]
 > You can find more information about command-line options for Msiexec.exe [here](/windows/win32/msi/command-line-options).
 
-- **Command line arguments**: Optionally, append additional command arguments. The silent flag is appended for you. Example: PROPERTY=VALUE 
+- **Command line arguments**: Optionally, append more command arguments. The silent flag is appended for you. Example: PROPERTY=VALUE 
 
-- **Continue installations after failure**: Optionally, specify if you want to continue installing additional apps if this app fails to install 
+- **Continue installations after failure**: Optionally, specify if you want to continue installing more apps if this app fails to install 
 
-- **Restart required**: Optionally, specify if you want to initiate a reboot after a successful install of this app 
+- **Restart required**: Optionally, specify if you want to reboot after a successful install of this app 
 
-- **Required win32 app dependencies**: Optionally, specify additional files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
+- **Required win32 app dependencies**: Optionally, specify more files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab-the-application-assets). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
 
 ### Exe or other installer
 
-- **Command line arguments**: Append the command line arguments with a silent flag (required). Optionally, append additional flags 
+- **Command line arguments**: Append the command line arguments with a silent flag (required). Optionally, append more flags 
 
 - **Return Codes**: Specify the return codes for success and success with restart (0 and 3010 by default respectively) Any return code that is not listed will be interpreted as failure. The text boxes are space delimited. 
 
-- **Continue installations after failure**: Optionally, specify if you want to continue installing additional apps if this app fails to install 
+- **Continue installations after failure**: Optionally, specify if you want to continue installing more apps if this app fails to install 
 
-- **Restart required**: Optionally, specify if you want to initiate a reboot after a successful install of this app 
+- **Restart required**: Optionally, specify if you want to reboot after a successful install of this app 
 
-- **Required win32 app dependencies**: Optionally, specify additional files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
+- **Required win32 app dependencies**: Optionally, specify more files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab-the-application-assets). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
 
 
 
@@ -72,13 +72,13 @@ When you add an app in a Windows Configuration Designer wizard, the appropriate
 
 1. In the **Available customizations** pane, go to **Runtime settings** > **ProvisioningCommands** > **PrimaryContext** > **Command**. 
 
-2. Enter a name for the first app, and then click **Add**.
+2. Enter a name for the first app, and then select **Add**.
 
-    ![enter name for first app](../images/wcd-app-name.png)
+    ![enter name for first app.](../images/wcd-app-name.png)
 
 3. Configure the settings for the appropriate installer type.
 
-    ![enter settings for first app](../images/wcd-app-commands.png)
+    ![enter settings for first app.](../images/wcd-app-commands.png)
 
 ## Add a universal app to your package
 
@@ -88,25 +88,25 @@ Universal apps that you can distribute in the provisioning package can be line-o
 
 2. For **DeviceContextApp**, specify the **PackageFamilyName** for the app. In Microsoft Store for Business, the package family name is listed in the **Package details** section of the download page.
 
-    ![details for offline app package](../images/uwp-family.png)
+    ![details for offline app package.](../images/uwp-family.png)
 
-3. For **ApplicationFile**, click **Browse** to find and select the target app (either an \*.appx or \*.appxbundle).
+3. For **ApplicationFile**, select **Browse** to find and select the target app (either an \*.appx or \*.appxbundle).
 
-4. For **DependencyAppxFiles**, click **Browse** to find and add any dependencies for the app. In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. 
+4. For **DependencyAppxFiles**, select **Browse** to find and add any dependencies for the app. In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. 
 
-    ![required frameworks for offline app package](../images/uwp-dependencies.png)
+    ![required frameworks for offline app package.](../images/uwp-dependencies.png)
 
 5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. 
 
     - In Microsoft Store for Business, generate the unencoded license for the app on the app's download page. 
 
-        ![generate license for offline app](../images/uwp-license.png)
+        ![generate license for offline app.](../images/uwp-license.png)
         
-    - Open the license file and search for **LicenseID=** to get the GUID, enter the GUID in the **LicenseProductID** field and click **Add**.
+    - Open the license file and search for **LicenseID=** to get the GUID, enter the GUID in the **LicenseProductID** field and select **Add**.
     
-6. In the **Available customizations** pane, click the **LicenseProductId** that you just added. 
+6. In the **Available customizations** pane, select the **LicenseProductId** that you just added. 
 
-7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed *\*.**ms-windows-store-license**, and select the license file.
+7. For **LicenseInstall**, select **Browse**, navigate to the license file that you renamed *\*.**ms-windows-store-license**, and select the license file.
 
 [Learn more about distributing offline apps from the Microsoft Store for Business.](/microsoft-store/distribute-offline-apps)
 
@@ -119,7 +119,7 @@ Universal apps that you can distribute in the provisioning package can be line-o
 
 1. In the **Available customizations** pane, go to **Runtime settings** > **Certificates** > **ClientCertificates**. 
 
-2. Enter a **CertificateName** and then click **Add**. 
+2. Enter a **CertificateName** and then select **Add**. 
 
 2. Enter the **CertificatePassword**. 
 
@@ -136,12 +136,13 @@ For details about the settings you can customize in provisioning packages, see [
 
 ## Build your package
 
-1. When you are done configuring the provisioning package, on the **File** menu, click **Save**.
+1. When you are done configuring the provisioning package, on the **File** menu, select **Save**.
 
-2. Read the warning that project files may contain sensitive information, and click **OK**.
-   > **Important**  When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
+2. Read the warning that project files may contain sensitive information, and select **OK**.
 
-3. On the **Export** menu, click **Provisioning package**.
+    When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location, and delete the project files when they're no longer needed.
+
+3. On the **Export** menu, select **Provisioning package**.
 
 4. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
 
@@ -154,25 +155,25 @@ For details about the settings you can customize in provisioning packages, see [
 
    -   **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
 
-   -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
+   -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by selecting **Select...** and choosing the certificate you want to use to sign the package.
 
-       **Important**  
-       We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently. 
+    > [!TIP]
+    > We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store. Any package signed with that certificate can be applied silently. 
 
-7. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.
                  
-   Optionally, you can click **Browse** to change the default output location.
+7. Select **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.
                  
+   Optionally, you can select **Browse** to change the default output location.
 
-8. Click **Next**.
+8. Select **Next**.
 
-9. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.
                  
-   If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
+9. Select **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.
                  
+   If you need to cancel the build, select **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
 
 10. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
                  
     If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
 
-    -   If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
+    -   If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, select **Back** to change the output package name and path, and then select **Next** to start another build.
     
-    -   If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
+    -   If you are done, select **Finish** to close the wizard and go back to the **Customizations Page**.
 
 11. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods:
 
@@ -184,33 +185,23 @@ For details about the settings you can customize in provisioning packages, see [
 
     -   Email
 
-    -   USB tether (mobile only)
-
-    -   NFC (mobile only)
-
-
-
 **Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
 
 ## Learn more
 
 -   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
--   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
  
 
-## Related topics
+## Related articles
 
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
-- [NFC-based device provisioning](../mobile-devices/provisioning-nfc.md)
-- [Use the package splitter tool](../mobile-devices/provisioning-package-splitter.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
\ No newline at end of file
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md
index 4a1bb159ac..230570bfa8 100644
--- a/windows/configuration/provisioning-packages/provisioning-apply-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md
@@ -1,16 +1,15 @@
 ---
-title: Apply a provisioning package (Windows 10)
+title: Apply a provisioning package (Windows 10/11)
 description: Provisioning packages can be applied to a device during the first-run experience (OOBE) and after ("runtime").
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 08/22/2017
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: gkomatsu
+manager: dougeby
 ---
 
 # Apply a provisioning package
@@ -19,88 +18,52 @@ manager: dansimp
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
-Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
+Provisioning packages can be applied to client devices during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
 
 >[!NOTE]
->Applying a provisioning package to a desktop device requires administrator privileges on the device.
+>
+> - Applying a provisioning package to a desktop device requires administrator privileges on the device.
+> - You can interrupt a long-running provisioning process by pressing ESC.
 
-## Desktop editions
-
->[!NOTE]
->In Windows 10, version 1709, you can interrupt a long-running provisioning process by pressing ESC.
-
-### During initial setup, from a USB drive
+## During initial setup, from a USB drive
 
 1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
 
-    ![The first screen to set up a new PC](../images/oobe.jpg)
+    ![The first screen to set up a new PC.](../images/oobe.jpg)
 
 2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
 
     ![Set up device?](../images/setupmsg.jpg)
 
-3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
+3. The next screen asks you to select a provisioning source. Select **Removable Media** and select **Next**.
 
-    ![Provision this device](../images/prov.jpg)
-    
-4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**.
+    ![Provision this device.](../images/prov.jpg)
 
-    ![Choose a package](../images/choose-package.png)
+4. Select the provisioning package (`.ppkg`) that you want to apply, and select **Next**.
+
+    ![Choose a package.](../images/choose-package.png)
 
 5. Select **Yes, add it**.
 
     ![Do you trust this package?](../images/trust-package.png)
-    
 
-    
-### After setup, from a USB drive, network folder, or SharePoint site
+## After setup, from a USB drive, network folder, or SharePoint site
 
 Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. For a provisioning package stored on a network folder or on a SharePoint site, navigate to the provisioning package and double-click it to begin installation.
 
-![add a package option](../images/package.png)
-    
-## Mobile editions
+![add a package option.](../images/package.png)
 
-### Using removable media
+## Related articles
 
-1. Insert an SD card containing the provisioning package into the device.
-2. Navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. 
-
-    ![add a package option](../images/packages-mobile.png)
-
-3. Click **Add**.
-
-4. On the device, the **Is this package from a source you trust?** message will appear. Tap **Yes, add it**.
-
-    ![Is this package from a source you trust](../images/package-trust.png)
-    
-### Copying the provisioning package to the device
-
-1. Connect the device to your PC through USB.
-
-2. On the PC, select the provisioning package that you want to use to provision the device and then drag and drop the file to your device.
-
-3. On the device, the **Is this package from a source you trust?** message will appear. Tap **Yes, add it**.
-
-    ![Is this package from a source you trust](../images/package-trust.png)
-
-
-
-
-
-
-
-## Related topics
-
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md
index d4debef680..95e51c1316 100644
--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@@ -1,16 +1,15 @@
 ---
-title: Windows Configuration Designer command-line interface (Windows 10)
-description: 
+title: Windows Configuration Designer command-line interface (Windows 10/11)
+description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command-line interface for Windows10/11 client devices.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: gkomatsu
+manager: dougeby
 ---
 
 # Windows Configuration Designer command-line interface (reference)
@@ -19,11 +18,11 @@ manager: dansimp
 **Applies to**
 
 - Windows 10
-- Windows 10 Mobile
+- Windows 11
 
 You can use the Windows Configuration Designer command-line interface (CLI) to automate the building of provisioning packages. 
 
-- IT pros can use the Windows Configuration Designer CLI to require less re-tooling of existing processes. You must run the Windows Configuration Designer CLI from a command window with administrator privileges.
+- IT pros can use the Windows Configuration Designer CLI to require less retooling of existing processes. You must run the Windows Configuration Designer CLI from a command window with administrator privileges.
 
 - You must use the Windows Configuration Designer CLI and edit the customizations.xml sources to create a provisioning package with multivariant support. You need the customizations.xml file as one of the inputs to the Windows Configuration Designer CLI to build a provisioning package. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md). 
 
@@ -31,7 +30,7 @@ You can use the Windows Configuration Designer command-line interface (CLI) to a
 
 ## Syntax
 
-``` 
+``` cmd
 icd.exe /Build-ProvisioningPackage /CustomizationXML: /PackagePath: 
 [/StoreFile:]  [/MSPackageRoot:]  [/OEMInputXML:]
 [/ProductName:]  [/Variables::] [[+|-]Encrypted] [[+|-]Overwrite] [/?]
@@ -45,28 +44,20 @@ icd.exe /Build-ProvisioningPackage /CustomizationXML: /PackagePath:
 | /PackagePath | Yes | Specifies the path and the package name where the built provisioning package will be saved. |
 | /StoreFile | No


                  See Important note. | For partners using a settings store other than the default store(s) used by Windows Configuration Designer, use this parameter to specify the path to one or more comma-separated Windows settings store file. By default, if you don't specify a settings store file, the settings store that's common to all Windows editions will be loaded by Windows Configuration Designer.


                  **Important**  If you use this parameter, you must not use /MSPackageRoot or /OEMInputXML. |
 | /Variables | No | Specifies a semicolon separated `` and `` macro pair. The format for the argument must be `=`. |
-| Encrypted | No | Denotes whether the provisioning package should be built with encryption. Windows Configuration Designer auto-generates the decryption password and includes this information in the output.


                  Precede with + for encryption or - for no encryption. The default is no encryption. |
+| Encrypted | No | Denotes whether the provisioning package should be built with encryption. Windows Configuration Designer autogenerates the decryption password and includes this information in the output.


                  Precede with `+` for encryption, or `-` for no encryption. The default is no encryption. |
 | Overwrite | No | Denotes whether to overwrite an existing provisioning package.


                  Precede with + to overwrite an existing package or - if you don't want to overwrite an existing package. The default is false (don't overwrite). |
 | /? | No | Lists the switches and their descriptions for the command-line tool or for certain commands. |
  
+## Related articles
 
-
-
-## Related topics
-
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
  
-
-
-
-
-
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index b67e28b34d..f926e57f98 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -1,27 +1,27 @@
 ---
-title: Create a provisioning package (Windows 10)
-description: Learn how to create a provisioning package for Windows 10, which lets you quickly configure a device without having to install a new image.
+title: Create a provisioning package (Windows 10/11)
+description: Learn how to create a provisioning package for Windows 10/11, which lets you quickly configure a device without having to install a new image.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: gkomatsu
+manager: dougeby
+ms.collection: highpri
 ---
 
-# Create a provisioning package for Windows 10
+# Create a provisioning package
 
 
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
-You can use Windows Configuration Designer to create a provisioning package (.ppkg) that contains customization settings, and then apply the provisioning package to a device running Windows 10 or Windows 10 Mobile. 
+You can use Windows Configuration Designer to create a provisioning package (`.ppkg`) that contains customization settings, and then apply the provisioning package to a device running Windows client.
 
 >[Learn how to install Windows Configuration Designer.](provisioning-install-icd.md)
 
@@ -30,87 +30,89 @@ You can use Windows Configuration Designer to create a provisioning package (.pp
 
 ## Start a new project
 
-1. Open Windows Configuration Designer:
-   - From either the Start screen or Start menu search, type **Windows Configuration Designer**, and then select the **Windows Configuration Designer** shortcut. 
-
-     or
-
-   - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then select **ICD.exe**.
+1. Open Windows Configuration Designer: From either the Start menu or Start menu search, type **Windows Configuration Designer**, and then select the **Windows Configuration Designer** shortcut.
 
 2. Select your desired option on the **Start** page, which offers multiple options for creating a provisioning package, as shown in the following image:
 
-    ![Configuration Designer wizards](../images/icd-create-options-1703.png)
+    ![Configuration Designer wizards.](../images/icd-create-options-1703.png)
 
-    - The following wizard options provide a simple interface for configuring common settings for desktop, mobile, and kiosk devices: 
+    - The following wizard options provide a simple interface for configuring common settings for desktop and kiosk devices: 
 
         - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
-        - [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md)
         - [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
         - [Instructions for HoloLens wizard](/hololens/hololens-provisioning)
         - [Instructions for Surface Hub wizard](/surface-hub/provisioning-packages-for-surface-hub)
-        
-      Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop, mobile, and kiosk devices, see [What you can configure using Configuration Designer wizards](provisioning-packages.md#configuration-designer-wizards).
+
+      Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop and kiosk devices, see [What you can configure using Configuration Designer wizards](provisioning-packages.md#configuration-designer-wizards).
 
     - The **Advanced provisioning** option opens a new project with all the runtime settings available. (The rest of this procedure uses advanced provisioning.)
 
         >[!TIP]
         > You can start a project in the simple wizard editor and then switch the project to the advanced editor.
         >
-        > ![Switch to advanced editor](../images/icd-switch.png)
+        > ![Switch to advanced editor.](../images/icd-switch.png)
 
 3. Enter a name for your project, and then select **Next**.
 
 4. Select the settings you want to configure, based on the type of device, and then select **Next**. The following table describes the options.
 
 
-   |          Windows edition          |              Settings available for customization               |                                              Provisioning package can apply to                                              |
-   |-----------------------------------|-----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|
-   |       All Windows editions        |                         Common settings                         |                                                   All Windows 10 devices                                                    |
-   |   All Windows desktop editions    |    Common settings and settings specific to desktop devices     |                All Windows 10 desktop editions (Home, Pro, Enterprise, Pro Education, Enterprise Education)                 |
-   |    All Windows mobile editions    |     Common settings and settings specific to mobile devices     |                                                All Windows 10 Mobile devices                                                |
-   |        Windows 10 IoT Core        |  Common settings and settings specific to Windows 10 IoT Core   |                                               All Windows 10 IoT Core devices                                               |
-   |      Windows 10 Holographic       | Common settings and settings specific to Windows 10 Holographic |                  [Microsoft HoloLens](/hololens/hololens-provisioning)                   |
-   | Common to Windows 10 Team edition |    Common settings and settings specific to Windows 10 Team     | [Microsoft Surface Hub](/surface-hub/provisioning-packages-for-surface-hub) |
+    | Windows edition | Settings available for customization | Provisioning package can apply to |
+    |---|---|---|
+    |  All Windows editions | Common settings  | All Windows client devices |
+    | All Windows desktop editions    |    Common settings and settings specific to desktop devices |  All Windows client desktop editions (Home, Pro, Enterprise, Pro Education, Enterprise Education) |
+    | Windows 10 IoT Core        |  Common settings and settings specific to Windows 10 IoT Core   | All Windows 10 IoT Core devices |
+    | Windows 10 Holographic       | Common settings and settings specific to Windows 10 Holographic | [Microsoft HoloLens](/hololens/hololens-provisioning) |
+    | Common to Windows 10 Team edition |    Common settings and settings specific to Windows 10 Team  | [Microsoft Surface Hub](/surface-hub/provisioning-packages-for-surface-hub) |
 
 
 5. On the **Import a provisioning package (optional)** page, you can select **Finish** to create your project, or browse to and select an existing provisioning package to import to your project, and then select **Finish**.
 
->[!TIP]
->**Import a provisioning package** can make it easier to create different provisioning packages that all have certain settings in common. For example, you could create a provisioning package that contains the settings for your organization's network, and then import it into other packages that you create so you don't have to reconfigure those common settings repeatedly.
+    >[!TIP]
+    >**Import a provisioning package** can make it easier to create different provisioning packages that all have certain settings in common. For example, you could create a provisioning package that includes the settings for your organization's network. Then, import that package into other packages that you create so you don't have to reconfigure those common settings repeatedly.
 
 6. In the **Available customizations** pane, you can now configure settings for the package. 
 
-
-
-
 ## Configure settings
 
 For an advanced provisioning project, Windows Configuration Designer opens the **Available customizations** pane. The example in the following image is based on **All Windows desktop editions** settings.
 
-![What the ICD interface looks like](../images/icd-runtime.png)
+![What the ICD interface looks like.](../images/icd-runtime.png)
 
-The settings in Windows Configuration Designer are based on Windows 10 configuration service providers (CSPs). To learn more about CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](./how-it-pros-can-use-configuration-service-providers.md).
+The settings in Windows Configuration Designer are based on Windows client configuration service providers (CSPs). To learn more about CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](./how-it-pros-can-use-configuration-service-providers.md).
 
 The process for configuring settings is similar for all settings. The following table shows an example.
 
-
-
-
-
- 
-
-
                  step one
                  Expand a category.                  		Expand Certificates category
                  step two
                  Select a setting.                  		Select ClientCertificates
                  step three
                  Enter a value for the setting. Select Add if the button is displayed.                  		Enter a name for the certificate
                  step four
                  Some settings, such as this example, require additional information. In Available customizations, select the value you just created, and additional settings are displayed.                  		Additional settings for client certificate
                  step five
                  When the setting is configured, it is displayed in the Selected customizations pane.                  		Selected customizations pane
                  
+1. Expand a category:
 
-For details on each specific setting, see [Windows Provisioning settings reference](../wcd/wcd.md). The reference topic for a setting is also displayed in Windows Configuration Designer when you select the setting, as shown in the following image.
+    :::image type="content" source="../images/icd-step1.png" alt-text="In Windows Configuration Designer, expand the Certificates category.":::
 
-![Windows Configuration Designer opens the reference topic when you select a setting](../images/icd-setting-help.png) 
+2. Select a setting:
+
+    :::image type="content" source="../images/icd-step2.png" alt-text="In Windows Configuration Designer, select ClientCertificates.":::
+
+3. Enter a value for the setting. Select **Add** if the button is displayed:
+
+    :::image type="content" source="../images/icd-step3.png" alt-text="In Windows Configuration Designer, enter a name for the certificate.":::
+
+4. Some settings, such as this example, require additional information. In **Available customizations**, select the value you just created, and more settings are displayed:
+
+    :::image type="content" source="../images/icd-step4.png" alt-text="In Windows Configuration Designer, additional settings for client certificate are available.":::
+
+5. When the setting is configured, it is displayed in the **Selected customizations** pane:
+
+    :::image type="content" source="../images/icd-step5.png" alt-text="In Windows Configuration Designer, the selected customizations pane shows your settings.":::
+
+For details on each specific setting, see [Windows Provisioning settings reference](../wcd/wcd.md). The reference article for a setting is also displayed in Windows Configuration Designer when you select the setting, as shown in the following image.
+
+![Windows Configuration Designer opens the reference topic when you select a setting.](../images/icd-setting-help.png)
 
 
  ## Build package
 
 1. After you're done configuring your customizations, select **Export**, and then select **Provisioning Package**.
 
-    ![Export on top bar](../images/icd-export-menu.png)
+    ![Export on top bar.](../images/icd-export-menu.png)
 
 2. In the **Describe the provisioning package** window, enter the following information, and then select **Next**:
     - **Name** - This field is pre-populated with the project name. You can change this value by entering a different name in the **Name** field.
@@ -120,7 +122,7 @@ For details on each specific setting, see [Windows Provisioning settings referen
 
 3. In the **Select security details for the provisioning package** window, you can select to encrypt and/or sign a provisioning package with a selected certificate, and then select **Next**. Both selections are optional:
 
-   - **Encrypt package** -  If you select this option, an auto-generated password will be shown on the screen.
+   - **Encrypt package** -  If you select this option, an autogenerated password will be shown on the screen.
    - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by selecting **Select** and choosing the certificate you want to use to sign the package.
 
      >[!NOTE]
@@ -148,19 +150,17 @@ For details on each specific setting, see [Windows Provisioning settings referen
 
 - Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
-- Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
-
 - [How to bulk-enroll devices with On-premises Mobile Device Management in Microsoft Endpoint Configuration Manager](/configmgr/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm)
 
-## Related topics
+## Related articles
 
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
\ No newline at end of file
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
index 5942a86179..cc1fff48d3 100644
--- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md
+++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
@@ -1,31 +1,30 @@
 ---
-title: How provisioning works in Windows 10 (Windows 10)
-description: A provisioning package (.ppkg) is a container for a collection of configuration settings. 
+title: How provisioning works in Windows 10/11
+description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings. 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: gkomatsu
+manager: dougeby
 ---
 
-# How provisioning works in Windows 10
+# How provisioning works in Windows
 
 
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
-Provisioning packages in Windows 10 provide IT administrators with a simplified way to apply configuration settings to Windows 10 devices. Windows Configuration Designer is a tool that makes it easy to create a provisioning package. Windows Configuration Designer can be installed from the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) or through the Microsoft Store.
+Provisioning packages in Windows client provide IT administrators with a simplified way to apply configuration settings to Windows client devices. Windows Configuration Designer is a tool that makes it easy to create a provisioning package. Windows Configuration Designer can be installed from  Microsoft Store.
 
 ## Provisioning packages
 
-A provisioning package contains specific configurations/settings and assets that can be provided through a removable media or simply downloaded to the device.
+A provisioning package contains specific configurations/settings and assets that can be provided through a removable media or downloaded to the device.
 
 To enable adding multiple sets of settings or configurations, the configuration data used by the provisioning engine is built out of multiple configuration sources that consist of separate provisioning packages. Each provisioning package contains the provisioning data from a different source.
 
@@ -69,7 +68,7 @@ When the provisioning engine selects a configuration, the Windows provisioning X
 
 ## Provisioning engine
 
-The provisioning engine is the core component for managing provisioning and configuration at runtime in a device running Windows 10. 
+The provisioning engine is the core component for managing provisioning and configuration at runtime in a device running Windows 10/11. 
 
 The provisioning engine provides the following functionality:
 
@@ -82,7 +81,7 @@ The provisioning engine provides the following functionality:
 
 ## Configuration manager
 
-The configuration manager provides the unified way of managing Windows 10 devices. Configuration is mainly done through the Open Mobile Alliance (OMA) Device Management (DM) and Client Provisioning (CP) protocols. The configuration manager handles and parses these protocol requests from different channels and passes them down to [Configuration Service Providers (CSPs)](/windows/client-management/mdm/configuration-service-provider-reference) to perform the specific management requests and settings. 
+The configuration manager provides the unified way of managing Windows 10/11 devices. Configuration is mainly done through the Open Mobile Alliance (OMA) Device Management (DM) and Client Provisioning (CP) protocols. The configuration manager handles and parses these protocol requests from different channels and passes them down to [Configuration Service Providers (CSPs)](/windows/client-management/mdm/configuration-service-provider-reference) to perform the specific management requests and settings. 
 
 The provisioning engine relies on configuration manager for all of the actual processing and application of a chosen configuration. The provisioning engine determines the stage of provisioning and, based on a set of keys, determines the set of configuration to send to the configuration manager. The configuration manager in turn parses and calls into the CSPs for the setting to be applied. 
 
@@ -110,14 +109,6 @@ When a trigger occurs, provisioning is initiated for a particular provisioning s
 - **Update**: Runs after an update to apply potential updated settings changes.
 - **User**: runs during a user account first run to configure per-user settings.
 
-
-
-
-
-
-
-
-
 ## Device provisioning during OOBE
 
 The provisioning engine always applies provisioning packages persisted in the `C:\Recovery\Customizations` folder on the OS partition. When the provisioning engine applies provisioning packages in the `%ProgramData%\Microsoft\Provisioning` folder, certain runtime setting applications, such as the setting to install and configure Windows apps, may be extended past the OOBE pass and continually be processed in the background when the device gets to the desktop. Settings for configuring policies and certain crucial system configurations are always be completed before the first point at which they must take effect. 
@@ -129,8 +120,8 @@ The following table shows how device provisioning can be initiated when a user f
 
 | Package delivery | Initiation method | Supported device |
 | --- | --- | --- |
-| Removable media - USB drive or SD card
                   (Packages must be placed at media root) | 5 fast taps on the Windows key to launch the provisioning UI |All Windows devices |
-| From an administrator device through machine-to-machine NFC or NFC tag
                  (The administrator device must run an app that can transfer the package over NFC) | 5 fast taps on the Windows key to launch the provisioning UI | Windows 10 Mobile devices and IoT Core devices |
+| Removable media - USB drive or SD card
                   (Packages must be placed at media root) | Five fast taps on the Windows key to launch the provisioning UI |All Windows devices |
+| From an administrator device through machine-to-machine NFC or NFC tag
                  (The administrator device must run an app that can transfer the package over NFC) | Five fast taps on the Windows key to launch the provisioning UI | Windows IoT Core devices |
  
 The provisioning engine always copies the acquired provisioning packages to the `%ProgramData%\Microsoft\Provisioning` folder before processing them during OOBE. The provisioning engine always applies provisioning packages embedded in the installed Windows image during Windows Setup OOBE pass regardless of whether the package is signed and trusted. When the provisioning engine applies an encrypted provisioning package on an end-user device during OOBE, users must first provide a valid password to decrypt the package. The provisioning engine also checks whether a provisioning package is signed and trusted; if it's not, the user must provide consent before the package is applied to the device. 
 
@@ -143,8 +134,8 @@ At device runtime, stand-alone provisioning packages can be applied by user init
 | Package delivery | Initiation method | Supported device |
 | --- | --- | --- |
 | Removable media - USB drive or SD card
                  (Packages must be placed at media root) | **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** | All Windows devices |
-| Downloaded from a network connection and copied to a local folder | Double-click the package file | Windows 10 for desktop editions devices |
-| From an administrator device connected to the target device through USB tethering | Drag and drop the package file onto the target device | Windows 10 Mobile devices and IoT Core devices |
+| Downloaded from a network connection and copied to a local folder | Double-click the package file | Windows client for desktop editions devices |
+| From an administrator device connected to the target device through USB tethering | Drag and drop the package file onto the target device | Windows IoT Core devices |
 
 When applying provisioning packages from a removable media attached to the device, the Settings UI allows viewing contents of a package before selecting the package for provisioning. To minimize the risk of the device being spammed by applying provisioning packages from unknown sources, a provisioning package can be signed and encrypted. Partners can also set policies to limit the application of provisioning packages at device runtime. Applying provisioning packages at device runtime requires administrator privilege. If the package is not signed or trusted, a user must provide consent before the package is applied to the device. If the package is encrypted, a valid password is needed to decrypt the package before it can be applied to the device.
 
@@ -157,25 +148,16 @@ After a stand-alone provisioning package is applied to the device, the package i
 
 -   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
 
+## Related articles
 
-## Related topics
-
-- [Provisioning packages for Windows 10](provisioning-packages.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
-
-
-
-
- 
-
- 
\ No newline at end of file
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index 8a7b9c464d..1df2136104 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -1,37 +1,43 @@
 ---
-title: Install Windows Configuration Designer (Windows 10)
-description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10. 
+title: Install Windows Configuration Designer (Windows 10/11)
+description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11. 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 10/16/2017
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: gkomatsu
+manager: dougeby
+ms.collection: highpri
 ---
 
-# Install Windows Configuration Designer
+# Install Windows Configuration Designer, and learn about any limitations
 
 
 **Applies to**
 
--   Windows 10
--   Windows 10 Mobile
+- Windows 10
+- Windows 11
 
-Use the Windows Configuration Designer tool to create provisioning packages to easily configure devices running Windows 10. Windows Configuration Designer is primarily designed for use by IT departments for business and educational institutions who need to provision bring-your-own-device (BYOD) and business-supplied devices.
+Use the Windows Configuration Designer tool to create provisioning packages to easily configure devices running Windows client. Windows Configuration Designer is primarily used by IT departments for business and educational institutions who need to provision bring-your-own-device (BYOD) and business-supplied devices.
 
 ## Supported platforms
 
-Windows Configuration Designer can create provisioning packages for Windows 10 desktop and mobile editions, including Windows 10 IoT Core, as well as Microsoft Surface Hub and Microsoft HoloLens. You can run Windows Configuration Designer on the following operating systems:
+Windows Configuration Designer can create provisioning packages for Windows client desktop, including Windows IoT Core, Microsoft Surface Hub, and Microsoft HoloLens. You can run Windows Configuration Designer on the following operating systems:
 
+**Client OS**:
+
+- Windows 11
 - Windows 10 - x86 and amd64
 - Windows 8.1 Update - x86 and amd64
 - Windows 8.1 - x86 and amd64
 - Windows 8 - x86 and amd64
 - Windows 7 - x86 and amd64
+
+**Server OS**:
+
 - Windows Server 2016
 - Windows Server 2012 R2 Update
 - Windows Server 2012 R2
@@ -39,54 +45,38 @@ Windows Configuration Designer can create provisioning packages for Windows 10 d
 - Windows Server 2008 R2
 
 >[!WARNING]
->You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.
+>You must run Windows Configuration Designer on Windows client to configure Azure Active Directory enrollment using any of the wizards.
 
 ## Install Windows Configuration Designer
 
-On devices running Windows 10, you can install [the Windows Configuration Designer app from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22). To run Windows Configuration Designer on other operating systems or in languages other than English, install it from the [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
-
->[!NOTE]
->If you install Windows Configuration Designer from both the ADK and Microsoft Store, the Store app will not open.
->
->The Windows Configuration Designer App from Microsoft Store currently supports only English. For a localized version of the Windows Configuration Designer, install it from the Windows ADK. 
-
-1. Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) and select **Get Windows ADK** for the version of Windows 10 that you want to create provisioning packages for (version 1511, 1607, or 1703).
-
-    >[!NOTE]
-    >The rest of this procedure uses Windows ADK for Windows 10, version 1703 as an example.
-    
-2. Save **adksetup.exe** and then run it.
-
-3. On the **Specify Location** page, select an installation path and then click **Next**.
-    >[!NOTE]
-    >The estimated disk space listed on this page applies to the full Windows ADK. If you only install Windows Configuration Designer, the space requirement is approximately 32 MB.
-4. Make a selection on the **Windows Kits Privacy** page, and then click **Next**.
-
-5. Accept the **License Agreement**, and then click **Next**.
-
-6. On the **Select the features you want to install** page, clear all selections except **Configuration Designer**, and then click **Install**.
-
-    ![Only Configuration Designer selected for installation](../images/icd-install.png)
+On devices running Windows client, you can install [the Windows Configuration Designer app](https://www.microsoft.com/store/apps/9nblggh4tx22) from the Microsoft Store.
 
 ## Current Windows Configuration Designer limitations
 
-- Windows Configuration Designer will not work properly if the Group Policy setting **Policies > Administrative Templates > Windows Components > Internet Explorer > Security Zones: Use only machine settings** is enabled. We recommend that you run Windows Configuration Designer on a different device, rather than change the security setting. 
+- Windows Configuration Designer doesn't work properly if the **Policies > Administrative Templates > Windows Components > Internet Explorer > Security Zones: Use only machine settings** Group Policy setting is enabled. Instead of changing the security setting, we recommend you run Windows Configuration Designer on a different device.
 
 - You can only run one instance of Windows Configuration Designer on your computer at a time.
 
-- Be aware that when adding apps and drivers, all files stored in the same folder will be imported and may cause errors during the build process.
+- When adding apps and drivers, all files stored in the same folder are imported, and may cause errors during the build process.
 
-- The Windows Configuration Designer UI does not support multivariant configurations. Instead, you must use the Windows Configuration Designer command-line interface to configure multivariant settings. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md).
+- The Windows Configuration Designer UI doesn't support multivariant configurations. Instead, you must use the Windows Configuration Designer command-line interface to configure multivariant settings. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md).
 
-- While you can open multiple projects at the same time within Windows Configuration Designer, you can only build one project at a time.
+- In Windows Configuration Designer, you can only build one project at a time. You can open multiple projects at the same time, but you can only build one at a time.
 
-- In order to enable the simplified authoring jscripts to work on a server SKU running Windows Configuration Designer, you need to explicitly enable **Allow websites to prompt for information using scripted windows**. Do this by opening Internet Explorer and then navigating to **Settings** > **Internet Options** > **Security**  -> **Custom level** > **Allow websites to prompt for information using scripted windows**, and then choose **Enable**. 
+- To enable the simplified authoring jscripts to work on a server SKU running Windows Configuration Designer, you must enable **Allow websites to prompt for information using scripted windows**:
 
-- If you copy a Windows Configuration Designer project from one PC to another PC, make sure that all the associated files for the deployment assets, such as apps and drivers, are copied along with the project to the same path as it was on the original PC. 
+  1. Open Internet Explorer.
+  2. Go to **Settings** > **Internet Options** > **Security** > **Custom level**.
+  3. Select **Allow websites to prompt for information using scripted windows** > **Enable**.
 
-    For example, when you add a driver to a provisioned package, you must copy the .INF file to a local directory on the PC that is running Windows Configuration Designer. If you don't do this, and attempt to use a copied version of this project on a different PC, Windows Configuration Designer might attempt to resolve the path to the files that point to the original PC.
- 
-- **Recommended**: Before starting, copy all source files to the PC running Windows Configuration Designer, rather than using external sources like network shares or removable drives. This reduces the risk of interrupting the build process from a temporary network issue or from disconnecting the USB device.
+- If you copy a Windows Configuration Designer project from one PC to another PC, then:
+
+  - Copy all the associated files for the deployment assets with the project, including apps and drivers.
+  - Copy all the files to the same path as the original PC.
+
+  For example, when you add a driver to a provisioned package, you must copy the `.INF` file to a local directory on the PC that's running Windows Configuration Designer. If you don't copy the `.INF` file, and use a copied version of this project on a different PC, then Windows Configuration Designer might resolve the file paths to the original PC.
+
+- **Recommended**: Before starting, copy all source files to the PC running Windows Configuration Designer. Don't use external sources, like network shares or removable drives. Using local files reduces the risk of interrupting the build process from a network issue, or from disconnecting the USB device.
 
 **Next step**: [How to create a provisioning package](provisioning-create-package.md)
 
@@ -94,27 +84,15 @@ On devices running Windows 10, you can install [the Windows Configuration Design
 
 -   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
+## Related articles
 
-## Related topics
-
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
-
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md
index e5d60aba7f..0987e3f720 100644
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@@ -1,16 +1,15 @@
 ---
-title: Create a provisioning package with multivariant settings (Windows 10)
+title: Create a provisioning package with multivariant settings (Windows 10/11)
 description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 11/08/2017
-ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+ms.reviewer: gkomatsu
+manager: dougeby
+ms.author: aaroncz
 ---
 
 # Create a provisioning package with multivariant settings
@@ -19,7 +18,7 @@ ms.author: greglin
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
 
 In your organization, you might have different configuration requirements for devices that you manage. You can create separate provisioning packages for each group of devices in your organization that have different requirements. Or, you can create a multivariant provisioning package, a single provisioning package that can work for multiple conditions. For example, in a single provisioning package, you can define one set of customization settings that will apply to devices set up for French and a different set of customization settings for devices set up for Japanese. 
@@ -35,40 +34,45 @@ In the XML file, you provide an **Id**, or friendly name, for each **Target**. E
 
 A **Target** can have more than one **TargetState**, and a **TargetState** can have more than one **Condition**. 
 
-![Target with multiple target states and conditions](../images/multi-target.png)
+![Target with multiple target states and conditions.](../images/multi-target.png)
 
-The following table describes the logic for the target definition.
+The following information describes the logic for the target definition:
 
-
-
                  When all Condition elements are TRUE, TargetState is TRUE.Target state is true when all conditions are true
                  If any of the TargetState elements is TRUE, Target is TRUE, and the Id can be used for setting customizations.Target is true if any target state is true
                  
+- When all **Condition** elements are TRUE, **TargetState** is TRUE:
+
+  :::image type="content" source="../images/icd-multi-targetstate-true.png" alt-text="Target state is true when all conditions are true.":::
+
+- If any of the **TargetState** elements is TRUE, **Target** is TRUE, and the **ID** can be used for setting customizations:
+
+  :::image type="content" source="../images/icd-multi-target-true.png" alt-text="Target is true if any target state is true":::
 
 ### Conditions
 
-The following table shows the conditions supported in Windows 10 provisioning for a **TargetState**:
+The following table shows the conditions supported in Windows client provisioning for a **TargetState**:
 
 
-| Condition Name | Condition priority | Windows 10 Mobile | Windows 10 for desktop editions | Value type | Value description |
-| --- | --- | --- | --- | --- | --- |
-| MNC | P0 | Supported | Supported | Digit string | Use to target settings based on the Mobile Network Code (MNC) value. |
-| MCC | P0 | Supported | Supported | Digit string | Use to target settings based on the Mobile Country Code (MCC) value. |
-| SPN | P0 | Supported | Supported | String | Use to target settings based on the Service Provider Name (SPN) value. |
-| PNN | P0 | Supported | Supported | String | Use to target settings based on public land mobile network (PLMN) Network Name value. |
-| GID1 | P0 | Supported | Supported | Digit string | Use to target settings based on the Group Identifier (level 1) value. |
-| ICCID | P0 | Supported | Supported | Digit string | Use to target settings based on the Integrated Circuit Card Identifier (ICCID) value. |
-| Roaming | P0 | Supported | N/A | Boolean | Use to specify roaming. Set the value to **1** (roaming) or **0** (non-roaming). | 
-| UICC | P0 | Supported | N/A | Enumeration | Use to specify the Universal Integrated Circuit Card (UICC) state. Set the value to one of the following:


                  - 0 - Empty
                  - 1 - Ready
                  - 2 - Locked |
-| UICCSLOT | P0 | Supported | N/A | Digit string | Use to specify the UICC slot. Set the value one of the following:


                  - 0 - Slot 0
                  - 1 - Slot 1 |
-| ProcessorType | P1 | Supported | Supported | String | Use to target settings based on the processor type. |
-| ProcessorName | P1 | Supported | Supported | String | Use to target settings based on the processor name. |
-| AoAc ("Always On, Always Connected") | P1 | Supported | Supported | Boolean | Set the value to **0** (false) or **1** (true). If this condition is TRUE, the system supports the S0 low power idle model. |
-| PowerPlatformRole | P1 | Supported | Supported | Enumeration | Indicates the preferred power management profile. Set the value based on the [POWER_PLATFORM_ROLE enumeration](/windows/win32/api/winnt/ne-winnt-power_platform_role).  |
-| Architecture | P1 | Supported | Supported | String | Matches the PROCESSOR_ARCHITECTURE environment variable. |
-| Server | P1 | Supported | Supported | Boolean | Set the value to **0** (false) or **1** (true) to identify a server. |
-| Region | P1 | Supported | Supported | Enumeration | Use to target settings based on country/region, using the 2-digit alpha ISO code per [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). |
-| Lang | P1 | Supported | Supported | Enumeration | Use to target settings based on language code, using the 2-digit [ISO 639 alpha-2 code](https://en.wikipedia.org/wiki/ISO_639).  |
+| Condition Name | Condition priority | Windows client for desktop editions | Value type | Value description |
+| --- | --- | --- | --- | --- |
+| MNC | P0 | Supported | Digit string | Use to target settings based on the Mobile Network Code (MNC) value. |
+| MCC | P0 | Supported | Digit string | Use to target settings based on the Mobile Country Code (MCC) value. |
+| SPN | P0 | Supported | String | Use to target settings based on the Service Provider Name (SPN) value. |
+| PNN | P0 |  Supported | String | Use to target settings based on public land mobile network (PLMN) Network Name value. |
+| GID1 | P0 | Supported | Digit string | Use to target settings based on the Group Identifier (level 1) value. |
+| ICCID | P0 | Supported | Digit string | Use to target settings based on the Integrated Circuit Card Identifier (ICCID) value. |
+| Roaming | P0 | N/A | Boolean | Use to specify roaming. Set the value to **1** (roaming) or **0** (non-roaming). | 
+| UICC | P0 | N/A | Enumeration | Use to specify the Universal Integrated Circuit Card (UICC) state. Set the value to one of the following:


                  - 0 - Empty
                  - 1 - Ready
                  - 2 - Locked |
+| UICCSLOT | P0 | N/A | Digit string | Use to specify the UICC slot. Set the value one of the following:


                  - 0 - Slot 0
                  - 1 - Slot 1 |
+| ProcessorType | P1 | Supported | String | Use to target settings based on the processor type. |
+| ProcessorName | P1 | Supported | String | Use to target settings based on the processor name. |
+| AoAc ("Always On, Always Connected") | P1 | Supported | Boolean | Set the value to **0** (false) or **1** (true). If this condition is TRUE, the system supports the S0 low power idle model. |
+| PowerPlatformRole | P1 | Supported | Enumeration | Indicates the preferred power management profile. Set the value based on the [POWER_PLATFORM_ROLE enumeration](/windows/win32/api/winnt/ne-winnt-power_platform_role).  |
+| Architecture | P1 | Supported | String | Matches the PROCESSOR_ARCHITECTURE environment variable. |
+| Server | P1 | Supported | Boolean | Set the value to **0** (false) or **1** (true) to identify a server. |
+| Region | P1 | Supported | Enumeration | Use to target settings based on country/region, using the 2-digit alpha ISO code per [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). |
+| Lang | P1 | Supported | Enumeration | Use to target settings based on language code, using the 2-digit [ISO 639 alpha-2 code](https://en.wikipedia.org/wiki/ISO_639).  |
 
 
-The matching types supported in Windows 10 are:
+The matching types supported in Windows client are:
 
 | Matching type | Syntax | Example |
 | --- | --- | --- |
@@ -79,7 +83,7 @@ The matching types supported in Windows 10 are:
 
 ### TargetState priorities
 
-You can define more than one **TargetState** within a provisioning package to apply settings to devices that match device conditions. When the provisioning engine evalues each **TargetState**, more than one **TargetState** may fit current device conditions. To determine the order in which the settings are applied, the system assigns a priority to every **TargetState**. 
+You can define more than one **TargetState** within a provisioning package to apply settings to devices that match device conditions. When the provisioning engine evaluates each **TargetState**, more than one **TargetState** may fit current device conditions. To determine the order in which the settings are applied, the system assigns a priority to every **TargetState**. 
 
 A setting that matches a **TargetState** with a lower priority is applied before the setting that matches a **TargetState** with a higher priority. This means that a setting for the **TargetState** with the higher priority can overwrite a setting for the **TargetState** with the lower priority.
 
@@ -117,30 +121,30 @@ Follow these steps to create a provisioning package with multivariant capabiliti
     The following example shows the contents of a sample customizations.xml file.
 
     ```XML
-   <?xml version="1.0" encoding="utf-8"?> 
-    
-    
-    {6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e} 
-    My Provisioning Package 
-    1.0 
-    OEM 
-    50 
-    
-    
-     
-       
-         
-          0 
-          0 
-          0 
-         
-         
-          0 
-         
-       
-     
-    
-    
+   
+   
+     
+       {6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}
+       My Provisioning Package
+       1.0
+       OEM
+       50
+     
+     
+       
+         
+           
+             0
+             0
+             0
+           
+           
+             0
+           
+         
+       
+     
+    
     ```
 
 5. Edit the customizations.xml file to create a **Targets** section to describe the conditions that will handle your multivariant settings. 
@@ -148,48 +152,48 @@ Follow these steps to create a provisioning package with multivariant capabiliti
     The following example shows the customizations.xml, which has been modified to include several conditions including **ProcessorName**, **ProcessorType**, **MCC**, and **MNC**.
     
     ```XML
-     
-    
-    
-    {6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e} 
-    My Provisioning Package 
-    1.0 
-    OEM 
-    50 
-    
-    
-     
-       
-         
-          0 
-          0 
-          0 
-         
-         
-          0 
-         
-       
-       
-         
-           
-             
-             
-           
-           
-             
-             
-           
-         
-         
-           
-             
-             
-           
-         
-       
-     
-    
-    
+   
+   
+     
+       {6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}
+       My Provisioning Package
+       1.0
+       OEM
+       50
+     
+     
+       
+         
+           
+             0
+             0
+             0
+           
+           
+             0
+           
+         
+         
+           
+             
+               
+               
+             
+             
+               
+               
+             
+           
+           
+             
+               
+               
+             
+           
+         
+       
+     
+    
     ```
 
 6. In the customizations.xml file, create a **Variant** section for the settings you need to customize. To do this:
@@ -208,56 +212,56 @@ Follow these steps to create a provisioning package with multivariant capabiliti
     The following example shows the customizations.xml updated to include a **Variant** section and the moved settings that will be applied if the conditions for the variant are met.
 
     ```XML
-   <?xml version="1.0" encoding="utf-8"?> 
-    
-   
-    {6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e} 
-    My Provisioning Package 
-    1.0 
-    OEM 
-    50 
-    
-    
-     
-       
-       
-       
-         
-           
-             
-             
-           
-           
-             
-             
-           
-         
-         
-           
-             
-             
-           
-        
-       
-       
-         
-           
-           
-         
-         
-           
-            1 
-            1 
-            1 
-           
-           
-            1 
-           
-         
-       
-     
-    
-    
+   
+   
+     
+       {6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}
+       My Provisioning Package
+       1.0
+       OEM
+       50
+     
+     
+       
+         
+         
+         
+           
+             
+               
+               
+             
+             
+               
+               
+             
+           
+           
+             
+               
+               
+             
+           
+         
+         
+           
+             
+             
+           
+           
+             
+               1
+               1
+               1
+             
+             
+               1
+             
+           
+         
+       
+     
+    
     ```
 
 7. Save the updated customizations.xml file and note the path to this updated file. You will need the path as one of the values for the next step.
@@ -281,38 +285,29 @@ In this example, the **StoreFile** corresponds to the location of the settings s
 
 ## Events that trigger provisioning
 
-When you install the multivariant provisioning package on a Windows 10 device, the provisioning engine applies the matching condition settings at every event and triggers provisioning.
+When you install the multivariant provisioning package on a Windows client device, the provisioning engine applies the matching condition settings at every event and triggers provisioning.
 
-The following events trigger provisioning on Windows 10 devices:
+The following events trigger provisioning on Windows client devices:
 
-| Event | Windows 10 Mobile | Windows 10 for desktop editions |
-| --- | --- | --- |
-| System boot | Supported | Supported |
-| Operating system update | Supported | Planned |
-| Package installation during device first run experience | Supported | Supported |
-| Detection of SIM presence or update | Supported | Supported |
-| Package installation at runtime | Supported | Supported |
-| Roaming detected | Supported | Not supported |
+| Event | Windows client for desktop editions |
+| --- | --- | 
+| System boot | Supported |
+| Operating system update | Planned |
+| Package installation during device first run experience | Supported |
+| Detection of SIM presence or update | Supported |
+| Package installation at runtime | Supported |
+| Roaming detected | Not supported |
  
+## Related articles
 
- 
-
-
-
-
-
- 
-
-## Related topics
-
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index 2313b0e929..da386db801 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -1,48 +1,48 @@
 ---
-title: Provisioning packages (Windows 10)
-description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
+title: Provisioning packages overview on Windows 10/11
+description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
 ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: gkomatsu
+manager: dougeby
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.collection: highpri
 ---
 
-# Provisioning packages for Windows 10
+# Provisioning packages for Windows
 
 
 **Applies to**
 
 - Windows 10
-- Windows 10 Mobile
+- Windows 11
 
 Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using Windows provisioning, an IT administrator can easily specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers. 
 
-A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
+A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows client, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
 
-Provisioning packages are simple enough that with a short set of written instructions, a student or non-technical employee can use them to configure their device. This can result in a significant reduction in the time required to configure multiple devices in your organization.
+Provisioning packages are simple enough that with a short set of written instructions, a student, or non-technical employee can use them to configure their device. This can result in a significant reduction in the time required to configure multiple devices in your organization.
 
-The [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) includes the Windows Configuration Designer, a tool for configuring provisioning packages. Windows Configuration Designer is also available as an [app in the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22). 
+ 
+Windows Configuration Designer is available as an [app in the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22). 
 
 
 
 
-## New in Windows 10, version 1703
+
 
-- The tool for creating provisioning packages is renamed Windows Configuration Designer, replacing the Windows Imaging and Configuration Designer (ICD) tool. The components for creating images have been removed from Windows Configuration Designer, which now provides access to runtime settings only.
-- Windows Configuration Designer can still be installed from the Windows ADK. You can also install it from the Microsoft Store.
-- Windows Configuration Designer adds more wizards to make it easier to create provisioning packages for specific scenarios. See [What you can configure](#configuration-designer-wizards) for wizard descriptions.
-- The  Provision desktop devices wizard (previously called Simple provisioning) now enables joining Azure Active Directory (Azure AD) domains and also allows you to remove non-Microsoft software from Windows desktop devices during provisioning.
-- When provisioning packages are applied to a device, a status screen indicates successful or failed provisioning. 
-- Windows 10 includes PowerShell cmdlets that simplify scripted provisioning. Using these cmdlets, you can add provisioning packages, remove provisioning packages and generate log files to investigate provisioning errors.
-- The Provision school devices wizard is removed from Windows Configuration Designer. Instead, use the [Setup School PCs app](https://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) from the Microsoft Store.
- 
+
+
+
+
+
+
+
 
 
 ## Benefits of provisioning packages
@@ -74,20 +74,19 @@ Provisioning packages can be:
 
 The following table describes settings that you can configure using the wizards in Windows Configuration Designer to create provisioning packages.
 
-
-
-
-
-
-
-
-
-
-
-
                  StepDescriptionDesktop wizardMobile wizardKiosk wizardHoloLens wizard
                  Set up deviceAssign device name,
                  enter product key to upgrade Windows,
                  configure shared used,
                  remove pre-installed software                  		yesyes
                  (Only device name and upgrade key)                  		yesyes
                  Set up networkConnect to a Wi-Fi networkyesyesyesyes
                  Account managementEnroll device in Active Directory,
                  enroll device in Azure Active Directory,
                  or create a local administrator account                  		yesnoyesyes
                  Bulk Enrollment in Azure ADEnroll device in Azure Active Directory

                  Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization.                  		noyesnono
                  Add applicationsInstall applications using the provisioning package.yesnoyesno
                  Add certificatesInclude a certificate file in the provisioning package.yesnoyesyes
                  Configure kiosk account and appCreate local account to run the kiosk mode app,
                  specify the app to run in kiosk mode                  		nonoyesno
                  Configure kiosk common settingsSet tablet mode,
                  configure welcome and shutdown screens,
                  turn off timeout settings                  		nonoyesno
                  Developer SetupEnable Developer Mode.nononoyes
                  
+| Step | Description | Desktop wizard | Kiosk wizard | HoloLens wizard |
+| --- | --- | --- | --- | --- |
+| Set up device | Assign device name, enter product key to upgrade Windows, configure shared used, remove pre-installed software | ✔️ | ✔️ | ✔️ |
+| Set up network | Connect to a Wi-Fi network | ✔️ | ✔️ | ✔️ |
+| Account management | Enroll device in Active Directory, enroll device in Azure Active Directory, or create a local administrator account | ✔️ | ✔️ | ✔️ |
+| Bulk Enrollment in Azure AD | Enroll device in Azure Active Directory using Bulk Token

                   [Set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Azure AD enrollment,. | ✔️ | ✔️ | ✔️ |
+| Add applications | Install applications using the provisioning package.  | ✔️ | ✔️ | ❌ |
+| Add certificates | Include a certificate file in the provisioning package. | ✔️ | ✔️ | ✔️ |
+| Configure kiosk account and app | Create local account to run the kiosk mode app, specify the app to run in kiosk mode | ❌ | ✔️ | ❌ |
+| Configure kiosk common settings | Set tablet mode, configure welcome and shutdown screens, turn off timeout settings | ❌ | ✔️ | ❌ |
+| Developer Setup | Enable Developer Mode  | ❌ | ❌ | ✔️ |
 
 - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
-- [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md)
 - [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
 - [Instructions for the HoloLens wizard](/hololens/hololens-provisioning#wizard)
 
@@ -100,68 +99,62 @@ The following table describes settings that you can configure using the wizards
 The following table provides some examples of settings that you can configure using the Windows Configuration Designer advanced editor to create provisioning packages.
 
 
-|           Customization options            |                                                          Examples                                                           |
-|--------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|
+| Customization options |  Examples  |
+|---|---|
 | Bulk Active Directory join and device name | Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters |
-|                Applications                |                                         Windows apps, line-of-business applications                                         |
-|          Bulk enrollment into MDM          |                                    Automatic enrollment into a third-party MDM service\*                                    |
-|                Certificates                |                                   Root certification authority (CA), client certificates                                    |
-|           Connectivity profiles            |                                                Wi-Fi, proxy settings, Email                                                 |
-|            Enterprise policies             |                Security restrictions (password, device lock, camera, and so on), encryption, update settings                |
-|                Data assets                 |                                             Documents, music, videos, pictures                                              |
-|          Start menu customization          |                                           Start menu layout, application pinning                                            |
-|                   Other                    |                     Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on                     |
-
-\* Using a provisioning package for auto-enrollment to Microsoft Endpoint Manager is not supported. Use the Configuration Manager console to enroll devices.
-
+| Applications  |   Windows apps, line-of-business applications  |
+| Bulk enrollment into MDM  | Automatic enrollment into a third-party MDM service 

                  Using a provisioning package for auto-enrollment to Microsoft Endpoint Manager isn't supported. To enroll devices, use the Configuration Manager console. |
+| Certificates | Root certification authority (CA), client certificates |
+| Connectivity profiles | Wi-Fi, proxy settings, Email   |
+| Enterprise policies | Security restrictions (password, device lock, camera, and so on), encryption, update settings |
+| Data assets | Documents, music, videos, pictures  |
+| Start menu customization | Start menu layout, application pinning  |
+| Other | Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on  |
 
 For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
 
-## Changes to provisioning in Windows 10, version 1607
+
 
-> [!NOTE]
-> This section is retained for customers using Windows 10, version 1607, on the Current Branch for Business. Some of this information is not applicable in Windows 10, version 1703.
+
+
 
-Windows ICD for Windows 10, version 1607, simplified common provisioning scenarios. 
+WCD, simplified common provisioning scenarios. 
 
-![Configuration Designer options](../images/icd.png)
+:::image type="content" source="../images/icd.png" alt-text="Configuration Designer options":::
 
-Windows ICD in Windows 10, version 1607, supported the following scenarios for IT administrators:
+WCD supports the following scenarios for IT administrators:
 
-* **Simple provisioning** – Enables IT administrators to define a desired configuration in Windows ICD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner. 
+* **Simple provisioning** – Enables IT administrators to define a desired configuration in WCD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner. 
 
-[Learn how to use simple provisioning to configure Windows 10 computers.](provision-pcs-for-initial-deployment.md)
+  [Learn how to use simple provisioning to configure Windows computers.](provision-pcs-for-initial-deployment.md)
 
-* **Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates)** – Allows an IT administrator to use Windows ICD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices. 
+* **Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates)** – Allows an IT administrator to use WCD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices. 
 
-* **Mobile device enrollment into management** - Enables IT administrators to purchase off-the-shelf retail Windows 10 Mobile devices and enroll them into mobile device management (MDM) before handing them to end-users in the organization. IT administrators can use Windows ICD to specify the management end-point and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include: 
+* **Mobile device enrollment into management** - Enables IT administrators to purchase off-the-shelf retail Windows devices and enroll them into mobile device management (MDM) before handing them to end users in the organization. IT administrators can use WCD to specify the management endpoint and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include: 
 
-    * Microsoft Intune (certificate-based enrollment) 
-    * AirWatch (password-string based enrollment) 
-    * Mobile Iron (password-string based enrollment) 
-    * Other MDMs (cert-based enrollment) 
+  - Microsoft Intune (certificate-based enrollment) 
+  - AirWatch (password-string based enrollment) 
+  - MobileIron (password-string based enrollment) 
+  - Other MDMs (cert-based enrollment) 
 
-> [!NOTE]
-> Windows ICD in Windows 10, version 1607, also provided a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](/education/windows/).
+
+
 
 ## Learn more
 
-For more information about provisioning, watch the following videos: 
+For more information about provisioning, watch the following video: 
 
-- [Provisioning Windows 10 devices with new tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
+- [Provisioning Windows client devices with new tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
-- [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
+## Related articles
 
-## Related topics
-
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
-- [Use Windows Configuration Designer to configure Windows 10 Mobile devices](../mobile-devices/provisioning-configure-mobile.md)
\ No newline at end of file
diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md
index 4ed15d47fc..3b6e0300dc 100644
--- a/windows/configuration/provisioning-packages/provisioning-powershell.md
+++ b/windows/configuration/provisioning-packages/provisioning-powershell.md
@@ -1,39 +1,75 @@
 ---
-title: PowerShell cmdlets for provisioning Windows 10 (Windows 10)
-description: 
+title: PowerShell cmdlets for provisioning Windows 10/11 (Windows 10/11)
+description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: gkomatsu
+manager: dougeby
 ---
 
-# PowerShell cmdlets for provisioning Windows 10 (reference)
+# PowerShell cmdlets for provisioning Windows client (reference)
 
 
 **Applies to**
 
 - Windows 10
-- Windows 10 Mobile
+- Windows 11
 
-Windows 10, version 1703, ships with Windows Provisioning PowerShell cmdlets. These cmdlets make it easy to script the following functions.
+Windows client includes Provisioning PowerShell cmdlets. These cmdlets make it easy to script the following functions.
 
+## cmdlets
 
+- **Add-ProvisioningPackage**: Applies a provisioning package.
 
-
-
-
-
-
-
-
-
-
                  CmdletUse this cmdlet toSyntax
                  Add-ProvisioningPackage Apply a provisioning packageAdd-ProvisioningPackage [-Path] <string> [-ForceInstall] [-LogsFolder <string>] [-QuietInstall] [-WprpFile <string>] [<CommonParameters>]
                  Remove-ProvisioningPackageRemove a provisioning package   Remove-ProvisioningPackage -PackageId <string> [-LogsFolder <string>] [-WprpFile <string>]  [<CommonParameters>] 
                   Remove-ProvisioningPackage -Path <string> [-LogsFolder <string>] [-WprpFile <string>]  [<CommonParameters>] 
                   Remove-ProvisioningPackage -AllInstalledPackages [-LogsFolder <string>] [-WprpFile <string>]  [<CommonParameters>] 
                  Get-ProvisioningPackage    Get information about an installed provisioning package  Get-ProvisioningPackage -PackageId <string> [-LogsFolder <string>] [-WprpFile <string>]  [<CommonParameters>] 
                  Get-ProvisioningPackage -Path <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] 
                   Get-ProvisioningPackage -AllInstalledPackages [-LogsFolder <string>] [-WprpFile <string>]  [<CommonParameters>] 
                   Export-ProvisioningPackage    Extract the contents of a provisioning package Export-ProvisioningPackage -PackageId <string> -OutputFolder <string> [-Overwrite] [-AnswerFileOnly] [-LogsFolder <string>] [-WprpFile <string>]  [<CommonParameters>] 
                   Export-ProvisioningPackage -Path <string> -OutputFolder <string> [-Overwrite] [-AnswerFileOnly] [-LogsFolder <string>] [-WprpFile <string>]  [<CommonParameters>] 
                   Install-TrustedProvisioningCertificate    Adds a certificate to the Trusted Certificate store Install-TrustedProvisioningCertificate <path to local certificate file on disk>  
                  Get-TrustedProvisioningCertificate List all installed trusted provisioning certificates; use this cmdlet to get the certificate thumbprint to use with the Uninstall-TrustedProvisioningCertificate cmdletGet-TrustedProvisioningCertificate
                  Uninstall-TrustedProvisioningCertificate  Remove a previously installed provisioning certificateUninstall-TrustedProvisioningCertificate <thumbprint>
                  	
+  Syntax:
+
+  - `Add-ProvisioningPackage [-Path]  [-ForceInstall] [-LogsFolder ] [-QuietInstall] [-WprpFile ] []`
+
+- **Remove-ProvisioningPackage**: Removes a provisioning package.
+
+  Syntax:
+
+  - `Remove-ProvisioningPackage -PackageId  [-LogsFolder ] [-WprpFile ] []`
+  - `Remove-ProvisioningPackage -Path  [-LogsFolder ] [-WprpFile ] []`
+  - `Remove-ProvisioningPackage -AllInstalledPackages [-LogsFolder ] [-WprpFile ] []`
+
+- **Get-ProvisioningPackage**: Gets information about an installed provisioning package.
+
+  Syntax:
+
+  - `Get-ProvisioningPackage -PackageId  [-LogsFolder ] [-WprpFile ] []`
+  - `Get-ProvisioningPackage -Path  [-LogsFolder ] [-WprpFile ] []`
+  - `Get-ProvisioningPackage -AllInstalledPackages [-LogsFolder ] [-WprpFile ] []`
+
+- **Export-ProvisioningPackage**: Extracts the contents of a provisioning package.
+
+  Syntax:
+
+  - `Export-ProvisioningPackage -PackageId  -OutputFolder  [-Overwrite] [-AnswerFileOnly] [-LogsFolder ] [-WprpFile ] []`
+  - `Export-ProvisioningPackage -Path  -OutputFolder  [-Overwrite] [-AnswerFileOnly] [-LogsFolder ] [-WprpFile ] []`
+
+- **Install-TrustedProvisioningCertificate**: Adds a certificate to the Trusted Certificate store.
+
+  Syntax:
+
+  - `Install-TrustedProvisioningCertificate `
+
+- **Get-TrustedProvisioningCertificate**: Lists all installed trusted provisioning certificates. Use this cmdlet to get the certificate thumbprint to use with the `Uninstall-TrustedProvisioningCertificate` cmdlet. 
+
+  Syntax:
+
+  - `Get-TrustedProvisioningCertificate`
+
+- **Uninstall-TrustedProvisioningCertificate**: Removes a previously installed provisioning certificate.
+
+  Syntax:
+
+  - `Uninstall-TrustedProvisioningCertificate `
 
 >[!NOTE]
 > You can use Get-Help to get usage help on any command. For example: `Get-Help Add-ProvisioningPackage`
@@ -51,9 +87,9 @@ Trace logs are captured when using cmdlets. The following logs are available in
 >When applying provisioning packages using Powershell cmdlets, the default behavior is to suppress the prompt that appears when applying an unsigned provisioning package. This is by design so that provisioning packages can be applied as part of existing scripts.
 
 
-## Related topics
+## Related articles
 
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
@@ -63,15 +99,3 @@ Trace logs are captured when using cmdlets. The following logs are available in
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
 
-
-
-
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
index a616731808..0f1b11b953 100644
--- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
+++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
@@ -1,16 +1,15 @@
 ---
-title: Use a script to install a desktop app in provisioning packages (Windows 10)
-description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
+title: Use a script to install a desktop app in provisioning packages (Windows 10/11)
+description: With Windows 10/11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: gkomatsu
+manager: dougeby
 ---
 
 # Use a script to install a desktop app in provisioning packages
@@ -19,14 +18,9 @@ manager: dansimp
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
-This walkthrough describes how to leverage the ability to include scripts in a Windows 10 provisioning package to install Win32 applications. Scripted operations other than installing apps can also be performed, however, some care is needed in order to avoid unintended behavior during script execution (see [Remarks](#remarks) below). 
-
->**Prerequisite**: [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit), version 1511 or higher 
-
->[!NOTE]
->This scenario is only supported for installing applications on Windows 10 for desktop, version 1511 or higher.
+This walkthrough describes how to include scripts in a Windows client provisioning package to install Win32 applications. Scripted operations other than installing apps can also be performed. However, some care is needed to avoid unintended behavior during script execution (see [Remarks](#remarks) below).
 
 ## Assemble the application assets
 
@@ -34,12 +28,11 @@ This walkthrough describes how to leverage the ability to include scripts in a W
 
 2. If you need to include a directory structure of files, you will need to cab the assets for easy inclusion in the provisioning packages.
 
-
 ## Cab the application assets
 
-1. Create a .DDF file as below, replacing *file1* and *file2* with the files you want to package, and adding the name of file/directory.
+1. Create a `.DDF` file as below, replacing *file1* and *file2* with the files you want to package, and adding the name of file/directory.
 
-    ```
+    ```ddf
     ;*** MSDN Sample Source Code MakeCAB Directive file example
     
     ;
@@ -89,15 +82,15 @@ This walkthrough describes how to leverage the ability to include scripts in a W
 
 2. Use makecab to create the cab files.
 
-    ```
+    ```makecab
     Makecab -f 
     ```
 
 ## Create the script to install the application
 
-In Windows 10, version 1607 and earlier, create a script to perform whatever work is needed to install the application(s). The following examples are provided to help get started authoring the orchestrator script that will execute the required installers. In practice, the orchestrator script may reference many more assets than those in these examples.
+Create a script to perform whatever work is needed to install the application(s). The following examples are provided to help get started authoring the orchestrator script that will execute the required installers. In practice, the orchestrator script may reference many more assets than those in these examples.
 
-In Windows 10, version 1703, you don’t need to create an orchestrator script. You can have one command line per app. If necessary, you can create a script that logs the output per app, as mentioned below (rather than one orchestrator script for the entire provisioning package). 
+You don’t need to create an orchestrator script. You can have one command line per app. If necessary, you can create a script that logs the output per app, as mentioned below (rather than one orchestrator script for the entire provisioning package). 
 
 >[!NOTE]
 >All actions performed by the script must happen silently, showing no UI and requiring no user interaction.
@@ -108,15 +101,16 @@ In Windows 10, version 1703, you don’t need to create an orchestrator script.
 
 Granular logging is not built in, so the logging must be built into the script itself. Here is an example script that logs ‘Hello World’ to a logfile. When run on the device, the logfile will be available after provisioning is completed. As you will see in the following examples, it’s recommended that you log each action that your script performs.
 
-```
+```log
 set LOGFILE=%SystemDrive%\HelloWorld.log
 echo Hello, World >> %LOGFILE% 
 ```
+
 ### .exe example
 
-This example script shows how to create a log output file on the system drive, install an app from a .exe installer, and echo the results to the log file.
+This example script shows how to create a log output file on the system drive, install an app from an `.exe` installer, and echo the results to the log file.
 
-```
+```exe
 set LOGFILE=%SystemDrive%\Fiddler_install.log
 echo Installing Fiddler.exe >> %LOGFILE%
 fiddler4setup.exe /S >> %LOGFILE%
@@ -127,7 +121,7 @@ echo result: %ERRORLEVEL% >> %LOGFILE%
 
 This is the same as the previous installer, but installs the app from an MSI installer. Notice that msiexec is called with the /quiet flag in order to meet the silent requirement of scripts run from within a provisioning package.
 
-```
+```msi
 set LOGFILE=%SystemDrive%\IPOverUsb_install.log
 echo Installing IpOverUsbInstaller.msi >> %LOGFILE%
 msiexec /i IpOverUsbInstaller.msi /quiet >> %LOGFILE%
@@ -136,9 +130,9 @@ echo result: %ERRORLEVEL% >> %LOGFILE%
 
 ### PowerShell example
 
-This is an example script with logging that shows how to run a powershell script from the provisioning commands setting. Note that the PowerShell script referenced from this example must also be included in the package, and obey the same requirements as all scripts run from within the provisioning package: it must execute silently, with no user interaction.
+This is an example script with logging that shows how to run a PowerShell script from the provisioning commands setting. The PowerShell script referenced from this example must also be included in the package, and obey the same requirements as all scripts run from within the provisioning package: it must execute silently, with no user interaction.
 
-```
+```powershell
 set LOGFILE=%SystemDrive%\my_powershell_script.log
 echo Running my_powershell_script.ps1 in system context >> %LOGFILE%
 echo Executing "PsExec.exe -accepteula -i -s cmd.exe /c powershell.exe my_powershell_script.ps1" >> %LOGFILE%
@@ -147,11 +141,12 @@ echo result: %ERRORLEVEL% >> %LOGFILE%
 ```
 
 
+
 ### Extract from a .CAB example
 
-This example script shows expansion of a .cab from the provisioning commands script, as well as installation of the expanded setup.exe
+This example script shows expansion of a .cab from the provisioning commands script, and installation of the expanded setup.exe
 
-```
+```cab
 set LOGFILE=%SystemDrive%\install_my_app.log
 echo Expanding installer_assets.cab >> %LOGFILE%
 expand -r installer_assets.cab -F:* . >> %LOGFILE%
@@ -163,9 +158,9 @@ echo result: %ERRORLEVEL% >> %LOGFILE%
 
 ### Calling multiple scripts in the package
 
-In Windows 10, version 1703, your provisioning package can include multiple CommandLines.
+Your provisioning package can include multiple CommandLines.
 
-In Windows 10, version 1607 and earlier, you are allowed one CommandLine per provisioning package. The batch files shown above are orchestrator scripts that manage the installation and call any other scripts included in the provisioning package. The orchestrator script is what should be invoked from the CommandLine specified in the package. 
+You are allowed one CommandLine per provisioning package. The batch files shown above are orchestrator scripts that manage the installation and call any other scripts included in the provisioning package. The orchestrator script is what should be invoked from the CommandLine specified in the package. 
 
 Here’s a table describing this relationship, using the PowerShell example from above:
 
@@ -174,47 +169,47 @@ Here’s a table describing this relationship, using the PowerShell example from
 | --- | --- | --- |
 | ProvisioningCommands/DeviceContext/CommandLine | cmd /c PowerShell_Example.bat | The command line needed to invoke the orchestrator script. |
 | ProvisioningCommands/DeviceContext/CommandFiles | PowerShell_Example.bat | The single orchestrator script referenced by the command line that handles calling into the required installers or performing any other actions such as expanding cab files. This script must do the required logging. |
-| ProvisioningCommands/DeviceContext/CommandFiles | my_powershell_script.ps1 | Other assets referenced by the orchestrator script. In this example there is only one, but there could be many assets referenced here. One common use case is using the orchestrator to call a series of install.exe or setup.exe installers to install several applications. Each of those installers must be included as an asset here. |
+| ProvisioningCommands/DeviceContext/CommandFiles | my_powershell_script.ps1 | Other assets referenced by the orchestrator script. In this example, there is only one, but there could be many assets referenced here. One common use case is using the orchestrator to call a series of install.exe or setup.exe installers to install several applications. Each of those installers must be included as an asset here. |
 
- 
-### Add script to provisioning package (Windows 10, version 1607)
- 
-When you have the batch file written and the referenced assets ready to include, you can add them to a provisioning package in the Window Configuration Designer. 
+### Add script to provisioning package
 
-Using Windows Configuration Designer, specify the full details of how the script should be run in the CommandLine setting in the provisioning package. This includes flags or any other parameters that you would normally type on the command line. So for example if the package contained an app installer called install.exe and a script used to automate the install called InstallMyApp.bat, the `ProvisioningCommands/DeviceContext/CommandLine` setting should be configured to: 
+When you have the batch file written and the referenced assets ready to include, you can add them to a provisioning package in the Windows Configuration Designer.
 
-```
+Using Windows Configuration Designer, specify the full details of how the script should be run in the CommandLine setting in the provisioning package. This includes flags or any other parameters that you would normally type on the command line. So for example if the package contained an app installer called install.exe and a script used to automate the install called InstallMyApp.bat, the `ProvisioningCommands/DeviceContext/CommandLine` setting should be configured to:
+
+```bat
 cmd /c InstallMyApp.bat
 ```
 
 In Windows Configuration Designer, this looks like:
 
-![Command line in Selected customizations](../images/icd-script1.png)
+![Command line in Selected customizations.](../images/icd-script1.png)
 
 You also need to add the relevant assets for that command line including the orchestrator script and any other assets it references such as installers or .cab files.
 
 In Windows Configuration Designer, that is done by adding files under the `ProvisioningCommands/DeviceContext/CommandFiles` setting.
 
-![Command files in Selected customizations](../images/icd-script2.png)
+![Command files in Selected customizations.](../images/icd-script2.png)
 
 When you are done, [build the package](provisioning-create-package.md#build-package). 
  
 
 ### Remarks
+
 1. No user interaction or console output is supported via ProvisioningCommands. All work needs to be silent. If your script attempts to do any of the following it will cause undefined behavior, and could put the device in an unrecoverable state if executed during setup or the Out of Box Experience:
     a. Echo to console
     b. Display anything on the screen
     c. Prompt the user with a dialog or install wizard
 2. When applied at first boot, provisioning runs early in the boot sequence and before a user context has been established; care must be taken to only include installers that can run at this time. Other installers can be provisioned via a management tool.
-3. If the device is put into an unrecoverable state because of a bad script, you can reset it using [recovery options in Windows 10](https://support.microsoft.com/help/12415/windows-10-recovery-options).
+3. If the device is put into an unrecoverable state because of a bad script, you can reset it using [recovery options in Windows client](https://support.microsoft.com/help/12415/windows-10-recovery-options).
 4. The CommandFile assets are deployed on the device to a temporary folder unique to each package.
-    - For Windows 10, version 1607 and earlier:
-        a. For packages added during the out of box experience, this is usually in `%WINDIR%\system32\config\systemprofile\appdata\local\Temp\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands`
-        b. For packages added by double-clicking on an already deployed device, this will be in the temp folder for the user executing the PPKG: `%TMP%\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands`
-    - For Windows 10, version 1703:
-        a. For packages added during the out of box experience, this is usually in `%WINDIR%\system32\config\systemprofile\appdata\local\Temp\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands\0`
+
+    1. For packages added during the out of box experience, this is usually in `%WINDIR%\system32\config\systemprofile\appdata\local\Temp\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands\0`
+
         The `0` after `Commands\` refers to the installation order and indicates the first app to be installed. The number will increment for each app in the package.
-        b. For packages added by double-clicking on an already deployed device, this will be in the temp folder for the user executing the provisioning package: `%TMP%\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands\0`
+
+    2. For packages added by double-clicking on an already deployed device, this will be in the temp folder for the user executing the provisioning package: `%TMP%\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands\0`
+
 5. The command line will be executed with the directory the CommandFiles were deployed to as the working directory. This means you do not need to specific the full path to assets in the command line or from within any script.
 6. The runtime provisioning component will attempt to run the scripts from the provisioning package at the earliest point possible, depending on the stage when the PPKG was added. For example, if the package was added during the Out-of-Box Experience, it will be run immediately after the package is applied, while the out of box experience is still happening. This is before the user account configuration options are presented to the user. A spinning progress dialog will appear and “please wait” will be displayed on the screen. 
 
@@ -223,15 +218,15 @@ When you are done, [build the package](provisioning-create-package.md#build-pack
 7. The scripts are executed in the background as the rest of provisioning continues to run. For packages added on existing systems using the double-click to install, there is no notification that provisioning or script execution has completed
 
 
-## Related topics
+## Related articles
 
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
index 02e79a47a9..1a6f2d6af3 100644
--- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
@@ -1,16 +1,15 @@
 ---
-title: Uninstall a provisioning package - reverted settings (Windows 10)
-description: This topic lists the settings that are reverted when you uninstall a provisioning package.
+title: Uninstall a provisioning package - reverted settings (Windows 10/11)
+description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows 10/11 desktop client devices.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: gkomatsu
+manager: dougeby
 ---
 
 # Settings changed when you uninstall a provisioning package
@@ -19,9 +18,9 @@ manager: dansimp
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
-When you uninstall a provisioning package, only certain settings are revertible. This topic lists the settings that are reverted when you uninstall a provisioning package.
+When you uninstall a provisioning package, only certain settings are revertible. This article lists the settings that are reverted when you uninstall a provisioning package.
 
 
 As an administrator, you can uninstall by using the **Add or remove a package for work or school** option available under **Settings** > **Accounts** > **Access work or school**.
@@ -79,19 +78,15 @@ Here is the list of revertible settings based on configuration service providers
 
 
 
-## Related topics
+## Related articles
 
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
-
- 
-
- 
\ No newline at end of file
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index e4327a7b35..92a57a02af 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -1,38 +1,40 @@
 ---
-title: Set up a shared or guest PC with Windows 10 (Windows 10)
-description: Windows 10, version 1607, introduces *shared PC mode*, which optimizes Windows 10 for shared use scenarios.
+title: Set up a shared or guest PC with Windows 10/11
+description: Windows 10 and Windows has shared PC mode, which optimizes Windows client for shared use scenarios.
 keywords: ["shared pc mode"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.localizationpriority: medium
-ms.reviewer: 
-manager: dansimp
+ms.reviewer: sybruckm
+manager: dougeby
+ms.collection: highpri
 ---
 
-# Set up a shared or guest PC with Windows 10
+# Set up a shared or guest PC with Windows 10/11
 
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 11
 
-Windows 10, version 1607, introduced *shared PC mode*, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Pro Education, Education, and Enterprise.
+Windows client has a *shared PC mode*, which optimizes Windows client for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows client Pro, Pro Education, Education, and Enterprise.
 
 > [!NOTE]
-> If you're interested in using Windows 10 for shared PCs in a school, see [Use Set up School PCs app](/education/windows/use-set-up-school-pcs-app) which provides a simple way to configure PCs with shared PC mode plus additional settings specific for education.
+> If you're interested in using Windows client for shared PCs in a school, see [Use Set up School PCs app](/education/windows/use-set-up-school-pcs-app) which provides a simple way to configure PCs with shared PC mode plus additional settings specific for education.
 
 ## Shared PC mode concepts
-A Windows 10 PC in shared PC mode is designed to be management- and maintenance-free with high reliability. In shared PC mode, only one user can be signed in at a time. When the PC is locked, the currently signed in user can always be signed out at the lock screen. 
+A Windows client PC in shared PC mode is designed to be management- and maintenance-free with high reliability. In shared PC mode, only one user can be signed in at a time. When the PC is locked, the currently signed in user can always be signed out at the lock screen. 
 
 ### Account models
-It is intended that shared PCs are joined to an Active Directory or Azure Active Directory domain by a user with the necessary rights to perform a domain join as part of a setup process. This enables any user that is part of the directory to sign-in to the PC. If using Azure Active Directory Premium, any domain user can also be configured to sign in with administrative rights. Additionally, shared PC mode can be configured to enable a **Guest** option on the sign-in screen, which doesn't require any user credentials or authentication, and creates a new local account each time it is used. Windows 10, version 1703, introduces a **kiosk mode** account. Shared PC mode can be configured to enable a **Kiosk** option on the sign-in screen, which doesn't require any user credentials or authentication, and creates a new local account each time it is used to run a specified app in assigned access (kiosk) mode.
+It is intended that shared PCs are joined to an Active Directory or Azure Active Directory domain by a user with the necessary rights to perform a domain join as part of a setup process. This enables any user that is part of the directory to sign-in to the PC. If using Azure Active Directory Premium, any domain user can also be configured to sign in with administrative rights. Additionally, shared PC mode can be configured to enable a **Guest** option on the sign-in screen, which doesn't require any user credentials or authentication, and creates a new local account each time it is used. Windows client has a **kiosk mode** account. Shared PC mode can be configured to enable a **Kiosk** option on the sign-in screen, which doesn't require any user credentials or authentication, and creates a new local account each time it is used to run a specified app in assigned access (kiosk) mode.
 
 ### Account management
-When the account management service is turned on in shared PC mode, accounts are automatically deleted. Account deletion applies to Active Directory, Azure Active Directory, and local accounts that are created by the **Guest** and **Kiosk** options. Account management is performed both at sign-off time (to make sure there is enough disk space for the next user) as well as during system maintenance time periods. Shared PC mode can be configured to delete accounts immediately at sign-out or when disk space is low. In Windows 10, version 1703, an inactive option is added which deletes accounts if they haven't signed in after a specified number of days.
+When the account management service is turned on in shared PC mode, accounts are automatically deleted. Account deletion applies to Active Directory, Azure Active Directory, and local accounts that are created by the **Guest** and **Kiosk** options. Account management is performed both at sign-off time (to make sure there is enough disk space for the next user) as well as during system maintenance time periods. Shared PC mode can be configured to delete accounts immediately at sign-out or when disk space is low. In Windows client, an inactive option is added which deletes accounts if they haven't signed in after a specified number of days.
 
 ### Maintenance and sleep
 Shared PC mode is configured to take advantage of maintenance time periods which run while the PC is not in use. Therefore, sleep is strongly recommended so that the PC can wake up when it is not in use to perform maintenance, clean up accounts, and run Windows Update. The recommended settings can be set by choosing **SetPowerPolicies** in the list of shared PC options. Additionally, on devices without Advanced Configuration and Power Interface (ACPI) wake alarms, shared PC mode will always override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods.
@@ -62,8 +64,8 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re
 | Setting | Value |
 |:---|:---|
 | EnableSharedPCMode | Set as **True**. If this is not set to **True**, shared PC mode is not turned on and none of the other settings apply. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings) 

                  Some of the remaining settings in **SharedPC** are optional, but we strongly recommend that you also set `EnableAccountManager` to **True**.  |
-| AccountManagement: AccountModel | This option controls how users can sign-in on the PC. Choosing domain-joined will enable any user in the domain to sign-in. Specifying the guest option will add the **Guest** option to the sign-in screen and enable anonymous guest access to the PC. 
                    - **Only guest** allows anyone to use the PC as a local standard (non-admin) account.
                    - **Domain-joined only** allows users to sign in with an Active Directory or Azure AD account.
                  -   **Domain-joined and guest** allows users to sign in with an Active Directory, Azure AD, or local standard account. |
-| AccountManagement: DeletionPolicy | - **Delete immediately** will delete the account on sign-out. 
                  - **Delete at disk space threshold** will start deleting accounts when available disk space falls below the threshold you set for **DiskLevelDeletion**, and it will stop deleting accounts when the available disk space reaches the threshold you set for **DiskLevelCaching**. Accounts are deleted in order of oldest accessed to most recently accessed. 

                  Example: The caching number is 50 and the deletion number is 25. Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) at a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under the deletion threshold and disk space is very low, regardless if the PC is actively in use or not. 
                  - **Delete at disk space threshold and inactive threshold** will apply the same disk space checks as noted above, but also delete accounts if they have not signed in within the number of days specified by **InactiveThreshold**  |
+| AccountManagement: AccountModel | This option controls how users can sign-in on the PC. Choosing domain-joined will enable any user in the domain to sign-in. 

                  Specifying the guest option will add the **Guest** option to the sign-in screen and enable anonymous guest access to the PC. 

                    - **Only guest** allows anyone to use the PC as a local standard (non-admin) account.
                    - **Domain-joined only** allows users to sign in with an Active Directory or Azure AD account.
                  -   **Domain-joined and guest** allows users to sign in with an Active Directory, Azure AD, or local standard account. |
+| AccountManagement: DeletionPolicy | - **Delete immediately** will delete the account on sign-out. 

                  - **Delete at disk space threshold** will start deleting accounts when available disk space falls below the threshold you set for **DiskLevelDeletion**, and it will stop deleting accounts when the available disk space reaches the threshold you set for **DiskLevelCaching**. Accounts are deleted in order of oldest accessed to most recently accessed. 

                  Example: The caching number is 50 and the deletion number is 25. Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) at a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under the deletion threshold and disk space is very low, regardless if the PC is actively in use or not. 
                  - **Delete at disk space threshold and inactive threshold** will apply the same disk space checks as noted above, but also delete accounts if they have not signed in within the number of days specified by **InactiveThreshold**  |
 | AccountManagement: DiskLevelCaching | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account caching.   |
 | AccountManagement: DiskLevelDeletion | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account deletion.   |
 | AccountManagement: InactiveThreshold | If you set **DeletionPolicy** to **Delete at disk space threshold and inactive threshold**, set the number of days after which an account that has not signed in will be deleted.   | 
@@ -73,7 +75,7 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re
 | Customization: MaintenanceStartTime | By default, the maintenance start time (which is when automatic maintenance tasks run, such as Windows Update) is midnight. You can adjust the start time in this setting by entering a new start time in minutes from midnight. For example, if you want maintenance to begin at 2 AM, enter `120` as the value.   |
 | Customization: MaxPageFileSizeMB | Adjusts the maximum page file size in MB. This can be used to fine-tune page file behavior, especially on low end PCs.  |  
 | Customization: RestrictLocalStorage | Set as **True** to restrict the user from saving or viewing local storage when using File Explorer. This setting controls this API: [ShouldAvoidLocalStorage](/uwp/api/windows.system.profile.sharedmodesettings)  | 
-| Customization: SetEduPolicies | Set to **True** for PCs that will be used in a school. For more information, see [Windows 10 configuration recommendations for education customers](/education/windows/configure-windows-for-education). This setting controls this API: [IsEducationEnvironment](/uwp/api/windows.system.profile.educationsettings) |
+| Customization: SetEduPolicies | Set to **True** for PCs that will be used in a school. For more information, see [Windows client configuration recommendations for education customers](/education/windows/configure-windows-for-education). This setting controls this API: [IsEducationEnvironment](/uwp/api/windows.system.profile.educationsettings) |
 | Customization: SetPowerPolicies |  When set as **True**:
                  - Prevents users from changing power settings
                  - Turns off hibernate
                  - Overrides all power state transitions to sleep (e.g. lid close)  |
 | Customization: SignInOnResume | This setting specifies if the user is required to sign in with a password when the PC wakes from sleep.     |
 | Customization: SleepTimeout | Specifies all timeouts for when the PC should sleep. Enter the amount of idle time in seconds. If you don't set sleep timeout, the default of 1 hour applies.     |
@@ -83,7 +85,7 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re
 
 You can configure Windows to be in shared PC mode in a couple different ways:
 
-- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp). To setup a shared device policy for Windows 10 in Intune, complete the following steps:
+- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp). To setup a shared device policy for Windows client in Intune, complete the following steps:
 
   1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
   
@@ -108,16 +110,16 @@ You can configure Windows to be in shared PC mode in a couple different ways:
   8. On the **Configuration settings** page, set the ‘Shared PC Mode’ value to **Enabled**.
 
      > [!div class="mx-imgBorder"]
-     > ![Shared PC mode in the Configuration settings page](images/shared_pc_3.png) 
+     > ![Shared PC mode in the Configuration settings page.](images/shared_pc_3.png) 
 
   11. From this point on, you can configure any additional settings you’d like to be part of this policy, and then follow the rest of the set-up flow to its completion by selecting **Create** after **Step 6**.
 
-- A provisioning package created with the Windows Configuration Designer: You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows 10 PC that is already in use. The provisioning package is created in Windows Configuration Designer. Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp), exposed in Windows Configuration Designer as **SharedPC**.
+- A provisioning package created with the Windows Configuration Designer: You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows client that's already in use. The provisioning package is created in Windows Configuration Designer. Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp), exposed in Windows Configuration Designer as **SharedPC**.
 
-     ![Shared PC settings in ICD](images/icd-adv-shared-pc.png)
+     ![Shared PC settings in ICD.](images/icd-adv-shared-pc.png)
 
 - WMI bridge: Environments that use Group Policy can use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to configure the [MDM_SharedPC class](/windows/win32/dmwmibridgeprov/mdm-sharedpc). For all device settings, the WMI Bridge client must be executed under local system user; for more information, see [Using PowerShell scripting with the WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). For example, open PowerShell as an administrator and enter the following:
-    
+
   ```powershell
   $sharedPC = Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName "MDM_SharedPC"
   $sharedPC.EnableSharedPCMode = $True
@@ -189,7 +191,7 @@ You can apply the provisioning package to a PC during initial setup or to a PC t
 
 1. Start with a PC on the setup screen. 
 
-    ![The first screen to set up a new PC](images/oobe.jpg)
+    ![The first screen to set up a new PC.](images/oobe.jpg)
 
 2. Insert the USB drive. If nothing happens when you insert the USB drive, press the Windows key five times.
 
@@ -206,7 +208,7 @@ You can apply the provisioning package to a PC during initial setup or to a PC t
 
 On a desktop computer, navigate to **Settings** > **Accounts** > **Work access** > **Add or remove a management package** > **Add a package**, and selects the package to install. 
 
-![add a package option](images/package.png)
+![add a package option.](images/package.png)
 
 > [!NOTE]
 > If you apply the setup file to a computer that has already been set up, existing accounts and data might be lost.
@@ -241,92 +243,137 @@ On a desktop computer, navigate to **Settings** > **Accounts** > **Work ac
         New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force
         ``` 
 
-
 ## Policies set by shared PC mode
+
 Shared PC mode sets local group policies to configure the device. Some of these are configurable using the shared pc mode options.
 
 > [!IMPORTANT]
 > It is not recommended to set additional policies on PCs configured for **Shared PC Mode**. The shared PC mode has been optimized to be fast and reliable over time with minimal to no manual maintenance required.
 
- 
+### Admin Templates > Control Panel > Personalization
 
-
-
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
-
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
-
-  
-  
- 
- 
- 
- 
- 
- 
- 
-
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
-
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
-
-
- 
- 
- 
- 
-
-
                  Policy name
                  Value
                  When set?
                   
                  Admin Templates > Control Panel > Personalization
                  Prevent enabling lock screen slide show
                  Enabled
                  Always
                  Prevent changing lock screen and logon image
                  Enabled
                  Always
                  Admin Templates > System > Power Management > Button Settings
                  Select the Power button action (plugged in)
                  Sleep
                  SetPowerPolicies=True
                  Select the Power button action (on battery)
                  Sleep
                  SetPowerPolicies=True
                  Select the Sleep button action (plugged in)
                  Sleep
                  SetPowerPolicies=True
                  Select the lid switch action (plugged in)
                  Sleep
                  SetPowerPolicies=True
                  Select the lid switch action (on battery)
                  Sleep
                  SetPowerPolicies=True
                  Admin Templates > System > Power Management > Sleep Settings
                  Require a password when a computer wakes (plugged in)
                  Enabled
                  SignInOnResume=True
                  Require a password when a computer wakes (on battery)
                  Enabled
                  SignInOnResume=True
                  Specify the system sleep timeout (plugged in)
                  SleepTimeout
                  SetPowerPolicies=True
                  Specify the system sleep timeout (on battery)
                  SleepTimeout
                  SetPowerPolicies=True
                    
                  Turn off hybrid sleep (plugged in)
                  		  
                  Enabled
                  SetPowerPolicies=True
                    
                  Turn off hybrid sleep (on battery)
                  		  
                  Enabled
                  SetPowerPolicies=True
                    
                  Specify the unattended sleep timeout (plugged in)
                  		  
                  SleepTimeout
                   
                  SetPowerPolicies=True
                    
                  Specify the unattended sleep timeout (on battery)
                  		  
                  SleepTimeout
                   
                  SetPowerPolicies=True
                    
                  Allow standby states (S1-S3) when sleeping (plugged in)
                  		  
                  Enabled
                  SetPowerPolicies=True
                    
                  Allow standby states (S1-S3) when sleeping (on battery)
                  		  
                  Enabled
                  		 
                  SetPowerPolicies=True
                    
                  Specify the system hibernate timeout (plugged in)
                  		  
                  Enabled, 0
                  SetPowerPolicies=True
                    
                  Specify the system hibernate timeout (on battery)
                  		  
                  Enabled, 0
                  SetPowerPolicies=True
                    
                  Admin Templates>System>Power Management>Video and Display Settings
                    
                  Turn off the display (plugged in)
                  		  
                  SleepTimeout
                   
                  SetPowerPolicies=True
                    
                  Turn off the display (on battery
                  		  
                  SleepTimeout
                   
                  SetPowerPolicies=True
                    
                  Admin Templates>System>Power Management>Energy Saver Settings
                  Energy Saver Battery Threshold (on battery)70SetPowerPolicies=True
                    
                  Admin Templates>System>Logon
                    
                  Show first sign-in animation
                  		  
                  Disabled
                  Always
                    
                  Hide entry points for Fast User Switching
                  		  
                  Enabled
                  Always
                    
                  Turn on convenience PIN sign-in
                  		  
                  Disabled
                  Always
                    
                  Turn off picture password sign-in
                  		  
                  Enabled
                  Always
                    
                  Turn off app notification on the lock screen
                  		  
                  Enabled
                  Always
                    
                  Allow users to select when a password is required when resuming from connected standby
                  		  
                  Disabled
                  SignInOnResume=True
                    
                  Block user from showing account details on sign-in
                  		  
                  Enabled
                  Always
                    
                  Admin Templates>System>User Profiles
                    
                  Turn off the advertising ID
                  		  
                  Enabled
                  SetEduPolicies=True
                    
                  Admin Templates>Windows Components 
                    
                  Do not show Windows Tips 
                                     		  
                  Enabled
                  SetEduPolicies=True
                    
                  Turn off Microsoft consumer experiences 
                  		  
                  Enabled
                  SetEduPolicies=True
                    
                  Microsoft Passport for Work
                  		  
                  Disabled
                  Always
                    
                  Prevent the usage of OneDrive for file storage
                  		  
                  Enabled
                  Always
                    
                  Admin Templates>Windows Components>Biometrics
                    
                  Allow the use of biometrics
                  		  
                  Disabled
                  Always
                    
                  Allow users to log on using biometrics
                  		  
                  Disabled
                  Always
                    
                  Allow domain users to log on using biometrics
                  		  
                  Disabled
                  Always
                    
                  Admin Templates>Windows Components>Data Collection and Preview Builds
                    
                  Toggle user control over Insider builds
                  		  
                  Disabled
                  Always
                    
                  Disable pre-release features or settings
                  		  
                  Disabled
                  Always
                    
                  Do not show feedback notifications
                  		  
                  Enabled
                  Always
                  Allow TelemetryBasic, 0SetEduPolicies=True
                    
                  Admin Templates>Windows Components>File Explorer
                    
                  Show lock in the user tile menu
                  		  
                  Disabled
                  Always
                    
                  Admin Templates>Windows Components>Maintenance Scheduler
                    
                  Automatic Maintenance Activation Boundary
                  		  
                  MaintenanceStartTime
                  Always
                    
                  Automatic Maintenance Random Delay
                  		  
                  Enabled, 2 hours
                  Always
                    
                  Automatic Maintenance WakeUp Policy
                  		  
                  Enabled
                  Always
                    
                  Admin Templates>Windows Components>Windows Hello for Business
                    
                  Use phone sign-in
                  		  
                  Disabled
                  Always
                    
                  Use Windows Hello for Business
                  		  
                  Disabled
                  Always
                    
                  Use biometrics
                  		  
                  Disabled
                  Always
                    
                  Admin Templates>Windows Components>OneDrive
                    
                  Prevent the usage of OneDrive for file storage
                  		  
                  Enabled
                  Always
                    
                  Windows Settings>Security Settings>Local Policies>Security Options
                    
                  Interactive logon: Do not display last user name
                                     		  
                  Enabled, Disabled when account model is only guest
                   
                  Always
                    
                  Interactive logon: Sign-in last interactive user automatically after a system-initiated restart
                                     		  
                  Disabled
                                     		 
                  Always
                    
                  Shutdown: Allow system to be shut down without having to log on
                                     		  
                  Disabled
                   
                  Always
                    
                  User Account Control: Behavior of the elevation prompt for standard users
                                     		  
                  Auto deny
                   
                  Always
                   

                  
+|Policy Name| Value|When set?|
+|--- |--- |--- |
+|Prevent enabling lock screen slide show|Enabled|Always|
+|Prevent changing lock screen and logon image|Enabled|Always|
 
+### Admin Templates > System > Power Management > Button Settings
 
+|Policy Name| Value|When set?|
+|--- |--- |--- |
+|Select the Power button action (plugged in)|Sleep|SetPowerPolicies=True|
+|Select the Power button action (on battery)|Sleep|SetPowerPolicies=True|
+|Select the Sleep button action (plugged in)|Sleep|SetPowerPolicies=True|
+|Select the lid switch action (plugged in)|Sleep|SetPowerPolicies=True|
+|Select the lid switch action (on battery)|Sleep|SetPowerPolicies=True|
 
+### Admin Templates > System > Power Management > Sleep Settings
 
+|Policy Name| Value|When set?|
+|--- |--- |--- |
+|Require a password when a computer wakes (plugged in)|Enabled|SignInOnResume=True|
+|Require a password when a computer wakes (on battery)|Enabled|SignInOnResume=True|
+|Specify the system sleep timeout (plugged in)|*SleepTimeout*|SetPowerPolicies=True|
+|Specify the system sleep timeout (on battery)|*SleepTimeout*|SetPowerPolicies=True|
+|Turn off hybrid sleep (plugged in)|Enabled|SetPowerPolicies=True|
+|Turn off hybrid sleep (on battery)|Enabled|SetPowerPolicies=True|
+|Specify the unattended sleep timeout (plugged in)|*SleepTimeout*|SetPowerPolicies=True|
+|Specify the unattended sleep timeout (on battery)|*SleepTimeout*|SetPowerPolicies=True|
+|Allow standby states (S1-S3) when sleeping (plugged in)|Enabled|SetPowerPolicies=True|
+|Allow standby states (S1-S3) when sleeping (on battery)|Enabled |SetPowerPolicies=True|
+|Specify the system hibernate timeout (plugged in)|Enabled, 0|SetPowerPolicies=True|
+|Specify the system hibernate timeout (on battery)|Enabled, 0|SetPowerPolicies=True|
 
+### Admin Templates>System>Power Management>Video and Display Settings
+
+|Policy Name| Value|When set?|
+|--- |--- |--- |
+|Turn off the display (plugged in)|*SleepTimeout*|SetPowerPolicies=True|
+|Turn off the display (on battery|*SleepTimeout*|SetPowerPolicies=True|
+
+### Admin Templates>System>Power Management>Energy Saver Settings
+
+|Policy Name| Value|When set?|
+|--- |--- |--- |
+|Energy Saver Battery Threshold (on battery)|70|SetPowerPolicies=True|
+
+### Admin Templates>System>Logon
+
+|Policy Name| Value|When set?|
+|--- |--- |--- |
+|Show first sign-in animation|Disabled|Always|
+|Hide entry points for Fast User Switching|Enabled|Always|
+|Turn on convenience PIN sign-in|Disabled|Always|
+|Turn off picture password sign-in|Enabled|Always|
+|Turn off app notification on the lock screen|Enabled|Always|
+|Allow users to select when a password is required when resuming from connected standby|Disabled|SignInOnResume=True|
+|Block user from showing account details on sign-in|Enabled|Always|
+
+### Admin Templates>System>User Profiles
+
+|Policy Name| Value|When set?|
+|--- |--- |--- |
+|Turn off the advertising ID|Enabled|SetEduPolicies=True|
+
+### Admin Templates>Windows Components
+
+|Policy Name| Value|When set?|
+|--- |--- |--- |
+|Do not show Windows Tips |Enabled|SetEduPolicies=True|
+|Turn off Microsoft consumer experiences |Enabled|SetEduPolicies=True|
+|Microsoft Passport for Work|Disabled|Always|
+|Prevent the usage of OneDrive for file storage|Enabled|Always|
+
+### Admin Templates>Windows Components>Biometrics
+
+|Policy Name| Value|When set?|
+|--- |--- |--- |
+|Allow the use of biometrics|Disabled|Always|
+|Allow users to log on using biometrics|Disabled|Always|
+|Allow domain users to log on using biometrics|Disabled|Always|
+
+### Admin Templates>Windows Components>Data Collection and Preview Builds
+
+|Policy Name| Value|When set?|
+|--- |--- |--- |
+|Toggle user control over Insider builds|Disabled|Always| 
+|Disable pre-release features or settings|Disabled|Always|
+|Do not show feedback notifications|Enabled|Always|
+|Allow Telemetry|Basic, 0|SetEduPolicies=True|
+
+### Admin Templates>Windows Components>File Explorer
+
+|Policy Name| Value|When set?|
+|--- |--- |--- |
+|Show lock in the user tile menu|Disabled|Always|
+
+### Admin Templates>Windows Components>Maintenance Scheduler
+
+|Policy Name| Value|When set?|
+|--- |--- |--- |
+|Automatic Maintenance Activation Boundary|*MaintenanceStartTime*|Always|
+|Automatic Maintenance Random Delay|Enabled, 2 hours|Always|
+|Automatic Maintenance WakeUp Policy|Enabled|Always|
+
+### Admin Templates>Windows Components>Windows Hello for Business
+
+|Policy Name| Value|When set?|
+|--- |--- |--- |
+|Use phone sign-in|Disabled|Always|
+|Use Windows Hello for Business|Disabled|Always|
+|Use biometrics|Disabled|Always|
+
+### Admin Templates>Windows Components>OneDrive
+
+|Policy Name| Value|When set?|
+|--- |--- |--- |
+|Prevent the usage of OneDrive for file storage|Enabled|Always|
+
+### Windows Settings>Security Settings>Local Policies>Security Options
+
+|Policy Name| Value|When set?|
+|--- |--- |--- |
+|Interactive logon: Do not display last user name|Enabled, Disabled when account model is only guest|Always|
+|Interactive logon: Sign-in last interactive user automatically after a system-initiated restart|Disabled |Always|
+|Shutdown: Allow system to be shut down without having to log on|Disabled|Always|
+|User Account Control: Behavior of the elevation prompt for standard users|Auto deny|Always|
diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md
index 80bbd5b7da..921c556ecf 100644
--- a/windows/configuration/setup-digital-signage.md
+++ b/windows/configuration/setup-digital-signage.md
@@ -1,41 +1,40 @@
 ---
-title: Set up digital signs on Windows 10  (Windows 10)
-description: A single-use device such as a digital sign is easy to set up in Windows 10 (Pro, Enterprise, and Education).
+title: Set up digital signs on Windows 10/11
+description: A single-use device such as a digital sign is easy to set up in Windows 10 and Windows 11 (Pro, Enterprise, and Education).
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
-ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+ms.reviewer: sybruckm
+manager: dougeby
+ms.author: aaroncz
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage", "kiosk browser", "browser"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
+author: aczechowski
 ms.localizationpriority: medium
-ms.date: 10/02/2018
+ms.date: 09/20/2021
 ms.topic: article
 ---
 
-# Set up digital signs on Windows 10
-
+# Set up digital signs on Windows 10/11
 
 **Applies to**
 
--   Windows 10 Pro, Enterprise, and Education
+- Windows 10 Pro, Enterprise, and Education
+- Windows 11
 
 Digital signage can be a useful and exciting business tool. Use digital signs to showcase your products and services, to display testimonials, or to advertise promotions and campaigns. A digital sign can be a static display, such as a building directory or menu, or it can be dynamic, such as repeating videos or a social media feed. 
 
-For digital signage, simply select a digital sign player as your kiosk app. You can also use [Microsoft Edge in kiosk mode](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy) or the Kiosk Browser app (a new Microsoft app for Windows 10, version 1803) and configure it to show your online content.
+For digital signage, simply select a digital sign player as your kiosk app. You can also use [Microsoft Edge in kiosk mode](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy) or the Kiosk Browser app, and configure it to show your online content.
 
 >[!TIP]
 >Kiosk Browser can also be used in [single-app kiosks](kiosk-single-app.md) and [multi-app kiosk](lock-down-windows-10-to-specific-apps.md) as a web browser. For more information, see [Guidelines for web browsers](guidelines-for-assigned-access-app.md#guidelines-for-web-browsers). 
 
-Kiosk Browser must be downloaded for offline licensing using Microsoft Store for Business. You can deploy Kiosk Browser to devices running Windows 10, version 1803.
+Kiosk Browser must be downloaded for offline licensing using Microsoft Store for Business. You can deploy Kiosk Browser to devices running Windows 11, and Windows 10 version 1803+.
 
 >[!NOTE]
 >If you haven't set up your Microsoft Store for Business yet, check out [the prerequisites](/microsoft-store/prerequisites-microsoft-store-for-business) and then [sign up](/microsoft-store/sign-up-microsoft-store-for-business).
 
-
-This procedure explains how to configure digital signage using Kiosk Browser on a device running Windows 10, version 1803, that has already been set up (completed the first-run experience). 
+This procedure explains how to configure digital signage using Kiosk Browser on a device running Windows client that has already been set up (completed the first-run experience).
 
 1. [Get **Kiosk Browser** in Microsoft Store for Business with offline, unencoded license type.](/microsoft-store/acquire-apps-microsoft-store-for-business#acquire-apps) 
 2. [Download the **Kiosk Browser** package, license file, and all required frameworks.](/microsoft-store/distribute-offline-apps#download-an-offline-licensed-app)
@@ -43,24 +42,24 @@ This procedure explains how to configure digital signage using Kiosk Browser on
 3. Open Windows Configuration Designer and select **Provision kiosk devices**.
 4. Enter a friendly name for the project, and select **Finish**.
 5. On **Set up device**, select **Disabled**, and select **Next**.
-6. On **Set up network**, enable network setup. 
+6. On **Set up network**, enable network setup:
     - Toggle **On** wireless network connectivity. 
     - Enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.
 7. On **Account management**, select **Disabled**, and select **Next**.
-8. On **Add applications**, select **Add an application**.
+8. On **Add applications**, select **Add an application**:
     - For **Application name**, enter `Kiosk Browser`.
     - For **Installer path**, browse to and select the AppxBundle that you downloaded from Microsoft Store for Business. After you select the package, additional fields are displayed.
     - For **License file path**, browse to and select the XML license file that you downloaded from Microsoft Store for Business.
     - The **Package family name** is populated automatically.
     - Select **Next**.
 9. On **Add certificates**, select **Next**.
-10. On **Configure kiosk account and app**, toggle **Yes** to create a local user account for your digital signage. 
+10. On **Configure kiosk account and app**, toggle **Yes** to create a local user account for your digital signage:
     - Enter a user name and password, and toggle **Auto sign-in** to **Yes**.
     - Under **Configure the kiosk mode app**, enter the user name for the account that you're creating.
     - For **App type**, select **Universal Windows App**.
     - In **Enter the AUMID for the app**, enter `Microsoft.KioskBrowser_8wekyb3d8bbwe!App`.
 11. In the bottom left corner of Windows Configuration Designer, select **Switch to advanced editor**. 
-12. Go to **Runtime settings** > **Policies** > **KioskBrowser**. Let's assume that the URL for your digital signage content is contoso.com/menu.
+12. Go to **Runtime settings** > **Policies** > **KioskBrowser**. Let's assume that the URL for your digital signage content is contoso.com/menu:
     - In **BlockedUrlExceptions**, enter `https://www.contoso.com/menu`.
     - In **BlockedUrl**, enter `*`.
     - In **DefaultUrl**, enter `https://www.contoso.com/menu`.
@@ -79,16 +78,3 @@ This procedure explains how to configure digital signage using Kiosk Browser on
 20. Copy the .ppkg file to a USB drive.
 21. Attach the USB drive to the device that you want to use for your digital sign.
 22. Go to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package on the USB drive.
-
-     
-
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md
index 24dbcd1b32..4b0658894b 100644
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@@ -4,12 +4,13 @@ description: Learn how to troubleshoot common Start menu errors in Windows 10. F
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-ms.author: greglin
-author: greg-lindsay
+ms.author: aaroncz
+author: aczechowski
 ms.localizationpriority: medium
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ms.topic: troubleshooting
+ms.collection: highpri
 ---
 
 # Troubleshoot Start menu errors
@@ -42,7 +43,7 @@ When troubleshooting basic Start issues (and for the most part, all other Window
   - `get-AppXPackage -Name Microsoft.Windows.ShellExperienceHost`
   - `get-AppXPackage -Name Microsoft.Windows.Cortana`
 
-    ![Example of output from cmdlets](images/start-ts-1.png)
+     :::image type="content" alt-text="Example of output from cmdlets." source="images/start-ts-1.png" lightbox="images/start-ts-1.png":::
 
     Failure messages will appear if they aren't installed
 
@@ -188,7 +189,7 @@ Events for both PDC and Background Tasks Infrastructure Service will be recorded
 
 ### Symptom: Application tiles like Alarm, Calculator, and Edge are missing from Start menu and the Settings app fails to open on Windows 10, version 1709 when a local user profile is deleted
 
-![Screenshots that show download icons on app tiles and missing app tiles](images/start-ts-2.png)
+:::image type="content" alt-text="Screenshots that show download icons on app tiles and missing app tiles." source="images/start-ts-2.png" lightbox="images/start-ts-2.png":::
 
 **Cause**: This issue is known. The first-time sign-in experience is not detected and does not trigger the install of some apps.
 
@@ -236,11 +237,11 @@ Specifically, behaviors include
 - If a new roaming user is created, the first sign-in appears normal, but on subsequent sign-ins, tiles are missing.
 
 
-![Example of a working layout](images/start-ts-3.png)
+![Example of a working layout.](images/start-ts-3.png)
 
 *Working layout on first sign-in of a new roaming user profile*
 
-![Example of a failing layout](images/start-ts-4.png)
+![Example of a failing layout.](images/start-ts-4.png)
 
 *Failing layout on subsequent sign-ins*
 
@@ -256,15 +257,15 @@ Specifically, behaviors include
 
 Before the upgrade:
  
-  ![Example of Start screen with customizations applied](images/start-ts-5.jpg)
+  ![Example of Start screen with customizations applied.](images/start-ts-5.jpg)
 
 After the upgrade the user pinned tiles are missing:
 
-  ![Example of Start screen with previously pinned tiles missing](images/start-ts-6.png)
+  ![Example of Start screen with previously pinned tiles missing.](images/start-ts-6.png)
  
 Additionally, users may see blank tiles if sign-in was attempted without network connectivity.
 
-  ![Example of blank tiles](images/start-ts-7.png)
+  ![Example of blank tiles.](images/start-ts-7.png)
  
 
 **Resolution**: This issue was fixed in the [October 2017 update](https://support.microsoft.com/en-us/help/4041676).
@@ -279,7 +280,7 @@ Additionally, users may see blank tiles if sign-in was attempted without network
 
 ### Symptom: Start Menu issues with Tile Data Layer corruption 
 
-**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database. (The feature was deprecated in [Windows 10 1703](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update).) 
+**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database. (The feature was deprecated in [Windows 10 1703](/windows/deployment/planning/windows-10-removed-features).) 
 
 **Resolution** There are steps you can take to fix the icons, first is to confirm that is the issue that needs to be addressed.
 
@@ -292,9 +293,9 @@ Additionally, users may see blank tiles if sign-in was attempted without network
 >[!Note]
 >Corruption recovery removes any manual pins from Start. Apps should still be visible, but you’ll need to re-pin any secondary tiles and/or pin app tiles to the main Start view. Aps that you have installed that are completely missing from “all apps” is unexpected, however. That implies the re-registration didn’t work.
 
-- Open a command prompt, and run the following command:
+Open a command prompt, and run the following command:
 
-```
+```console
 C:\Windows\System32\tdlrecover.exe -reregister -resetlayout -resetcache
 ```
 
@@ -324,4 +325,4 @@ If you have already encountered this issue, use one of the following two options
 
 5. Select **Edit**, and then select **Add** to add the group.
 
-6. Test Start and other Apps.
\ No newline at end of file
+6. Test Start and other Apps.
diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md
index 49a2494418..a0d7a0b65a 100644
--- a/windows/configuration/start-layout-xml-desktop.md
+++ b/windows/configuration/start-layout-xml-desktop.md
@@ -1,17 +1,18 @@
 ---
 title: Start layout XML for desktop editions of Windows 10 (Windows 10)
-description: This topic describes the options for customizing Start layout in LayoutModification.xml for Windows 10 desktop editions.
+description: This article describes the options for customizing Start layout in LayoutModification.xml for Windows 10 desktop editions.
 keywords: ["start screen"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.date: 10/02/2018
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ms.localizationpriority: medium
+ms.collection: highpri
 ---
 
 # Start layout XML for desktop editions of Windows 10 (reference)
@@ -19,7 +20,7 @@ ms.localizationpriority: medium
 
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
 >**Looking for consumer information?** See [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
 
@@ -28,9 +29,9 @@ On Windows 10 for desktop editions, the customized Start works by:
 - Windows 10 checks the chosen base default layout, such as the desktop edition and whether Cortana is supported for the country/region.
 
 - Windows 10 reads the LayoutModification.xml file and allows groups to be appended to Start. The groups have the following constraints:
-    - 2 groups that are 6 columns wide, or equivalent to the width of 3 medium tiles.
-    - 2 medium-sized tile rows in height. Windows 10 ignores any tiles that are pinned beyond the second row. 
-    - No limit to the number of apps that can be pinned. There is a theoretical limit of 24 tiles per group (4 small tiles per medium square x 3 columns x 2 rows). 
+    - Two groups that are six columns wide, or equivalent to the width of three medium tiles.
+    - Two medium-sized tile rows in height. Windows 10 ignores any tiles that are pinned beyond the second row. 
+    - No limit to the number of apps that can be pinned. There's a theoretical limit of 24 tiles per group (four small tiles per medium square x 3 columns x 2 rows). 
     
 >[!NOTE]
 >To use the layout modification XML to configure Start with roaming user profiles, see [Deploying Roaming User Profiles](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#step-7-optionally-specify-a-start-layout-for-windows-10-pcs).
@@ -78,18 +79,18 @@ The following table lists the supported elements and attributes for the LayoutMo
 | [RequiredStartGroups](#requiredstartgroups)

                  Parent:
                  RequiredStartGroupsCollection | Region | Use to contain the AppendGroup tags, which represent groups that can be appended to the default Start layout |
 | [AppendGroup](#appendgroup)

                  Parent:
                  RequiredStartGroups | Name | Use to specify the tiles that need to be appended to the default Start layout |
 | [start:Tile](#specify-start-tiles)

                  Parent:
                  AppendGroup | AppUserModelID
                  Size
                  Row
                  Column | Use to specify any of the following:
                  - A Universal Windows app
                  - A Windows 8 or Windows 8.1 app

                  Note that AppUserModelID is case-sensitive. |
-start:Folder

                  Parent:
                  start:Group | Name (in Windows 10, version 1809 and later only)
                  Size
                  Row
                  Column
                  LocalizedNameResourcetag | Use to specify a folder of icons; can include [Tile](#start-tile), [SecondaryTile](#start-secondarytile), and [DesktopApplicationTile](#start-desktopapplicationtile).  
-| start:DesktopApplicationTile

                  Parent:
                  AppendGroup | DesktopApplicationID
                  DesktopApplicationLinkPath
                  Size
                  Row
                  Column | Use to specify any of the following:
                  - A Windows desktop application with a known AppUserModelID
                  - An application in a known folder with a link in a legacy Start Menu folder
                  - A Windows desktop application link in a legacy Start Menu folder
                  - A Web link tile with an associated .url file that is in a legacy Start Menu folder |
+| start:Folder

                  Parent:
                  start:Group | Name (in Windows 10, version 1809 and later only)
                  Size
                  Row
                  Column
                  LocalizedNameResourcetag | Use to specify a folder of icons; can include [Tile](#start-tile), [SecondaryTile](#start-secondarytile), and [DesktopApplicationTile](#start-desktopapplicationtile).  |
+| start:DesktopApplicationTile

                  Parent:
                  AppendGroup | DesktopApplicationID
                  DesktopApplicationLinkPath
                  Size
                  Row
                  Column | Use to specify any of the following:
                  - A Windows desktop application with a known AppUserModelID
                  - An application in a known folder with a link in a legacy Start Menu folder
                  - A Windows desktop application link in a legacy Start Menu folder
                  - A Web link tile with an associated `.url` file that is in a legacy Start Menu folder |
 | start:SecondaryTile

                  Parent:
                  AppendGroup | AppUserModelID
                  TileID
                  Arguments
                  DisplayName
                  Square150x150LogoUri
                  ShowNameOnSquare150x150Logo
                  ShowNameOnWide310x150Logo
                  Wide310x150LogoUri
                  BackgroundColor
                  ForegroundText
                  IsSuggestedApp
                  Size
                  Row
                  Column | Use to pin a Web link through a Microsoft Edge secondary tile. Note that AppUserModelID is case-sensitive. |
-| TopMFUApps

                  Parent:
                  LayoutModificationTemplate | n/a | Use to add up to 3 default apps to the frequently used apps section in the system area.

                  **Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
+| TopMFUApps

                  Parent:
                  LayoutModificationTemplate | n/a | Use to add up to three default apps to the frequently used apps section in the system area.

                  **Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
 | Tile

                  Parent:
                  TopMFUApps | AppUserModelID | Use with the TopMFUApps tags to specify an app with a known AppUserModelID. 

                  **Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
 | DesktopApplicationTile

                  Parent:
                  TopMFUApps | LinkFilePath | Use with the TopMFUApps tags to specify an app without a known AppUserModelID.

                  **Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
-| AppendOfficeSuite

                  Parent:
                  LayoutModificationTemplate | n/a | Use to add the in-box installed Office suite to Start. For more information, see [Customize the Office suite of tiles](/windows-hardware/customize/desktop/customize-start-layout#customize-the-office-suite-of-tiles).

                  Do not use this tag with AppendDownloadOfficeTile |
+| AppendOfficeSuite

                  Parent:
                  LayoutModificationTemplate | n/a | Use to add the in-box installed Office suite to Start. For more information, see [Customize the Office suite of tiles](/windows-hardware/customize/desktop/customize-start-layout#customize-the-office-suite-of-tiles).

                  Don't use this tag with AppendDownloadOfficeTile. |
 | AppendDownloadOfficeTile

                  Parent:
                  LayoutModificationTemplate | n/a | Use to add a specific **Download Office** tile to a specific location in Start

                  Do not use this tag with AppendOfficeSuite |
 
 ### LayoutOptions
 
-New devices running Windows 10 for desktop editions will default to a Start menu with 2 columns of tiles unless boot to tablet mode is enabled. Devices with screens that are under 10" have boot to tablet mode enabled by default. For these devices, users see the full screen Start on the desktop. You can adjust the following features:
+New devices running Windows 10 for desktop editions will default to a Start menu with two columns of tiles unless boot to tablet mode is enabled. Devices with screens that are under 10" have boot to tablet mode enabled by default. For these devices, users see the full screen Start on the desktop. You can adjust the following features:
 
 - Boot to tablet mode can be set on or off. 
 - Set full screen Start on desktop to on or off. 
@@ -97,7 +98,7 @@ New devices running Windows 10 for desktop editions will default to a Start menu
 - Specify the number of columns in the Start menu to 1 or 2. 
     To do this, add the LayoutOptions element in your LayoutModification.xml file and set the StartTileGroupsColumnCount attribute to 1 or 2. 
 
-The following example shows how to use the LayoutOptions element to specify full screen Start on the desktop and to use 1 column in the Start menu:
+The following example shows how to use the LayoutOptions element to specify full screen Start on the desktop and to use one column in the Start menu:
 
 ```XML
 [!IMPORTANT]
 >For Windows 10 for desktop editions, you can add a maximum of two (2) **AppendGroup** tags per **RequiredStartGroups** tag. 
 
-You can also assign regions to the append groups in the **RequiredStartGroups** tag's using the optional **Region** attribute or you can use the multivariant capabilities in Windows provisioning. If you are using the **Region** attribute, you must use a two-letter country code to specify the country/region that the append group(s) apply to. To specify more than one country/region, use a pipe ("|") delimiter as shown in the following example: 
+You can also assign regions to the append groups in the **RequiredStartGroups** tag's using the optional **Region** attribute or you can use the multivariant capabilities in Windows provisioning. If you're using the **Region** attribute, you must use a two-letter country code to specify the country/region that the append group(s) apply to. To specify more than one country/region, use a pipe ("|") delimiter as shown in the following example: 
 
 ```XML
 [!NOTE]
   >In Start layouts for Windows 10, version 1703, you should use **DesktopApplicationID** rather than **DesktopApplicationLinkPath** if you are using Group Policy or MDM to apply the start layout and the application was installed after the user's first sign-in.
@@ -210,7 +211,7 @@ You can use the **start:DesktopApplicationTile** tag to pin a Windows desktop ap
 
   If you are pointing to a third-party Windows desktop application and the layout is being applied before the first boot, you must put the .lnk file in a legacy Start Menu directory before first boot; for example, "%APPDATA%\Microsoft\Windows\Start Menu\Programs\" or the all users profile "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\".
 
-- By using the application's application user model ID, if this is known. If the Windows desktop application doesn't have one, use the shortcut link option.
+- Use the application's application user model ID, if this is known. If the Windows desktop application doesn't have one, use the shortcut link option.
 
 
   You can use the [Get-StartApps cmdlet](/powershell/module/startlayout/get-startapps) on a PC that has the application pinned to Start to obtain the app ID.
@@ -230,7 +231,7 @@ You can use the **start:DesktopApplicationTile** tag to pin a Windows desktop ap
 
 You can also use the **start:DesktopApplicationTile** tag as one of the methods for pinning a Web link to Start. The other method is to use a Microsoft Edge secondary tile.
 
-To pin a legacy .url shortcut to Start, you must create .url file (right-click on the desktop, select **New** > **Shortcut**, and then type a Web URL). You must add this .url file in a legacy Start Menu directory before first boot; for example, `%APPDATA%\Microsoft\Windows\Start Menu\Programs\` or the all users profile `%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\`.
+To pin a legacy `.url` shortcut to Start, you must create a `.url` file (right-click on the desktop, select **New** > **Shortcut**, and then type a Web URL). You must add this `.url` file in a legacy Start Menu directory before first boot; for example, `%APPDATA%\Microsoft\Windows\Start Menu\Programs\` or the all users profile `%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\`.
 
 The following example shows how to create a tile of the Web site's URL, which you can treat similarly to a Windows desktop application tile:
 
@@ -248,7 +249,7 @@ The following example shows how to create a tile of the Web site's URL, which yo
 
 #### start:SecondaryTile
 
-You can use the **start:SecondaryTile** tag to pin a Web link through a Microsoft Edge secondary tile. This method doesn't require any additional action compared to the method of using legacy .url shortcuts (through the start:DesktopApplicationTile tag).
+You can use the **start:SecondaryTile** tag to pin a Web link through a Microsoft Edge secondary tile. This method doesn't require any additional action compared to the method of using legacy `.url` shortcuts (through the start:DesktopApplicationTile tag).
 
 The following example shows how to create a tile of the Web site's URL using the Microsoft Edge secondary tile:
 
@@ -444,7 +445,7 @@ The following sample LayoutModification.xml shows how you can configure the Star
 
 The Windows Provisioning multivariant capability allows you to declare target conditions that, when met, supply specific customizations for each variant condition. For Start customization, you can create specific layouts for each variant that you have. To do this, you must create a separate LayoutModification.xml file for each variant that you want to support and then include these in your provisioning package. For more information on how to do this, see [Create a provisioning package with multivariant settings](./provisioning-packages/provisioning-multivariant.md).
 
-The provisioning engine chooses the right customization file based on the target conditions that were met, adds the file in the location that's specified for the setting, and then uses the specific file to customize Start. To differentiate between layouts, you can add modifiers to the LayoutModification.xml filename such as "LayoutCustomization1". Regardless of the modifier that you use, the provsioning engine will always output "LayoutCustomization.xml" so that the operating system has a consistent file name to query against.
+The provisioning engine chooses the right customization file based on the target conditions that were met, adds the file in the location that's specified for the setting, and then uses the specific file to customize Start. To differentiate between layouts, you can add modifiers to the LayoutModification.xml filename such as "LayoutCustomization1". Regardless of the modifier that you use, the provisioning engine will always output "LayoutCustomization.xml" so that the operating system has a consistent file name to query against.
 
 For example, if you want to ensure that there's a specific layout for a certain condition, you can:
 1. Create a specific layout customization file and then name it LayoutCustomization1.xml.
@@ -511,7 +512,7 @@ You must repeat this process for all variants that you want to support so that e
 
 Once you have created your LayoutModification.xml file to customize devices that will run Windows 10 for desktop editions, you can use Windows ICD methods to add the XML file to the device. 
 
-1. In the **Available customizations** pane, expand **Runtime settings**, select **Start** and then click the **StartLayout** setting.
+1. In the **Available customizations** pane, expand **Runtime settings**, select **Start** > Select the **StartLayout** setting.
 2. In the middle pane, click **Browse** to open File Explorer.
 3. In the File Explorer window, navigate to the location where you saved your LayoutModification.xml file. 
 4. Select the file and then click **Open**. 
@@ -524,16 +525,6 @@ This should set the value of **StartLayout**. The setting appears in the **Selec
 Once you have created the LayoutModification.xml file and it is present in the device, the system overrides the base default layout and any Unattend settings used to customize Start. 
 
 
-
-
-
-
-
-
-
-
-
-
 ## Related topics
 
 - [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
@@ -542,9 +533,5 @@ Once you have created the LayoutModification.xml file and it is present in the d
 - [Add image for secondary tiles](start-secondary-tiles.md)
 - [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
 - [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
+- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
 - [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
-- [Start layout XML for mobile editions of Windows 10 (reference)](mobile-devices/start-layout-xml-mobile.md)
-
- 
-
diff --git a/windows/configuration/start-secondary-tiles.md b/windows/configuration/start-secondary-tiles.md
index d988f11531..5699938be7 100644
--- a/windows/configuration/start-secondary-tiles.md
+++ b/windows/configuration/start-secondary-tiles.md
@@ -1,16 +1,16 @@
 ---
 title: Add image for secondary Microsoft Edge tiles (Windows 10)
-description: 
+description: Add app tiles on Windows 10 that's a secondary tile.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: article
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ---
 
 # Add image for secondary Microsoft Edge tiles 
@@ -18,7 +18,6 @@ manager: dansimp
 **Applies to**
 
 - Windows 10
-- Windows 10 Mobile
 
 App tiles are the Start screen tiles that represent and launch an app. A tile that allows a user to go to a specific location in an app is a *secondary tile*. Some examples of secondary tiles include:
 
@@ -31,19 +30,19 @@ In a Start layout for Windows 10, version 1703, you can include secondary tiles
 
 Suppose that the [Start layout that you export](customize-and-export-start-layout.md) had two secondary tiles, such as in the following image:
 
-![tile for MSN and for a SharePoint site](images/edge-with-logo.png)
+![tile for MSN and for a SharePoint site.](images/edge-with-logo.png)
 
 In prior versions of Windows 10, when you applied the Start layout to a device, the tiles would display as shown in the following image:
 
-![tile for MSN and for a SharePoint site with no logos](images/edge-without-logo.png)
+![tile for MSN and for a SharePoint site with no logos.](images/edge-without-logo.png)
 
 In Windows 10, version 1703, by using the PowerShell cmdlet `export-StartLayoutEdgeAssets` and the policy setting `ImportEdgeAssets`, the tiles will now display the same as they did on the device from which you exported the Start layout.
 
-![tile for MSN and for a SharePoint site](images/edge-with-logo.png)
+![tile for MSN and for a SharePoint site.](images/edge-with-logo.png)
 
 **Example of secondary tiles in XML generated by Export-StartLayout**
 
-```
+```xml
 .xml
     ```
+
     In the previous command, `-path` is a required parameter that specifies the path and file name for the export file. You can specify a local path or a UNC path (for example, \\\\FileServer01\\StartLayouts\\StartLayoutMarketing.xml).
 
-    Use a file name of your choice—for example, StartLayoutMarketing.xml. Include the .xml file name extension. The [Export-StartLayout](/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet does not append the file name extension, and the policy settings require the extension.
-    
+    Use a file name of your choice—for example, StartLayoutMarketing.xml. Include the .xml file name extension. The [Export-StartLayout](/powershell/module/startlayout/export-startlayout) cmdlet does not append the file name extension, and the policy settings require the extension.
+
 3. If you’d like to change the image for a secondary tile to your own custom image, open the layout.xml file, and look for the images that the tile references.
    - For example, your layout.xml contains `Square150x150LogoUri="ms-appdata:///local/PinnedTiles/21581260870/hires.png" Wide310x150LogoUri="ms-appx:///"` 
-   - Open `C:\Users\\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\21581260870\` and replace those images with your customized images.     
-        
+   - Open `C:\Users\\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\21581260870\` and replace those images with your customized images.
+
 4. In Windows PowerShell, enter the following command:
  
-    ```
+    ```powershell
     Export-StartLayoutEdgeAssets assets.xml
     ```
 
@@ -91,22 +91,38 @@ You can apply the customized Start layout with images for secondary tiles by usi
 
 In Microsoft Intune, you create a device restrictions policy to apply to device group. For other MDM solutions, you may need to use an OMA-URI setting for Start layout, based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider). The OMA-URI setting is `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`.
 
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. Select **Devices** > **Configuration profiles** > **Create profile**.
+3. Enter the following properties:
 
-1.  In the Microsoft Azure portal, search for **Intune** or go to **More services** > **Intune**.
-2.  Select **Device configuration**.
-3.  Select **Profiles**.
-4.  Select **Create profile**.
-5.  Enter a friendly name for the profile.
-6.  Select **Windows 10 and later** for the platform.
-7. Select **Device restrictions** for the profile type.
-8. Select **Start**.
-9. In **Start menu layout**, browse to and select your Start layout XML file.
-9. In **Pin websites to tiles in Start menu**, browse to and select your assets XML file.
-10. Select **OK** twice, and then select **Create**.
-11. [Assign the profile to a group](/intune/device-profile-assign).
+    - **Platform**: Select **Windows 10 and later**.
+    - **Profile**: Select **Templates** > **Device restrictions**.
 
->[!NOTE]
->The device restrictions in Microsoft Intune include [other Start settings](/intune/device-restrictions-windows-10#start) that you can also configure in your profile.
+4. Select **Create**.
+5. In **Basics**, enter the following properties:
+
+    - **Name**: Enter a descriptive name for the policy. Name your policies so you can easily identify them later.
+    - **Description**: Enter a description for the policy. This setting is optional, but recommended.
+
+6. Select **Next**.
+
+7. In **Configuration settings**, select **Start**. Configure the following properties:
+
+    - **Start menu layout**: Browse to, and select your Start layout XML file.
+    - **Pin websites to tiles in Start menu**: Browse to, and select your assets XML file.
+
+    There are more Start menu settings you can configure. For more information on these settings, see [Start settings in Intune](/intune/device-restrictions-windows-10#start)
+
+8. Select **Next**.
+9. In **Scope tags** (optional), assign a tag to filter the profile to specific IT groups, such as `US-NC IT Team` or `JohnGlenn_ITDepartment`. For more information about scope tags, see [Use RBAC and scope tags for distributed IT](/mem/intune/fundamentals/scope-tags).
+
+    Select **Next**.
+
+10. In **Assignments**, select the users or groups that will receive your profile. For more information on assigning profiles, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
+
+    Select **Next**.
+
+11. In **Review + create**, review your settings. When you select **Create**, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.
 
 ### Using a provisioning package
 
@@ -156,7 +172,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
 12. Open the customizations.xml file in a text editor. The **<Customizations>** section will look like this:
 
-     ![Customizations file with the placeholder text to replace highlighted](images/customization-start-edge.png)
+     ![Customizations file with the placeholder text to replace highlighted.](images/customization-start-edge.png)
 
 13. Replace **layout.xml** with the text from the layout.xml file, [with markup characters replaced with escape characters](#escape).
 
@@ -199,7 +215,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
 26. Double-click the ppkg file and allow it to install.
 
-    ## Related topics
+## Related articles
  
 - [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
 - [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
@@ -207,7 +223,6 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 - [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
 - [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
 - [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
+- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
 - [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)   
 
-
diff --git a/windows/configuration/stop-employees-from-using-microsoft-store.md b/windows/configuration/stop-employees-from-using-microsoft-store.md
index 1f02d08053..40fc295016 100644
--- a/windows/configuration/stop-employees-from-using-microsoft-store.md
+++ b/windows/configuration/stop-employees-from-using-microsoft-store.md
@@ -3,16 +3,17 @@ title: Configure access to Microsoft Store (Windows 10)
 description: Learn how to configure access to Microsoft Store for client computers and mobile devices in your organization.
 ms.assetid: 7AA60D3D-2A69-45E7-AAB0-B8AFC29C2E97
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store, mobile
-author: greg-lindsay
-ms.author: greglin
+author: aczechowski
+ms.author: aaroncz
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 4/16/2018
+ms.collection: highpri
 ---
 
 # Configure access to Microsoft Store
@@ -20,8 +21,7 @@ ms.date: 4/16/2018
 
 **Applies to**
 
--   Windows 10
--   Windows 10 Mobile
+-   Windows 10
 
 >For more info about the features and functionality that are supported in each edition of Windows, see [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare).
 
@@ -36,7 +36,7 @@ You can use these tools to configure access to Microsoft Store: AppLocker or Gro
 
 ## Block Microsoft Store using AppLocker
 
-Applies to: Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile
+Applies to: Windows 10 Enterprise, Windows 10 Education
 
 
 AppLocker provides policy-based access control management for applications. You can block access to Microsoft Store app with AppLocker by creating a rule for packaged apps. You'll give the name of the Microsoft Store app as the packaged app that you want to block from client computers.
@@ -83,7 +83,7 @@ For more information on the rules available via AppLocker on the different suppo
 Applies to: Windows 10 Enterprise, Windows 10 Education 
 
 > [!Note]
-> Not supported on Windows 10 Pro, starting with version 1511. For more info, see [Knowledge Base article #3135657](https://support.microsoft.com/kb/3135657).
+> Not supported on Windows 10 Pro, starting with version 1511. For more info, see [Knowledge Base article #3135657](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store).
 
 You can also use Group Policy to manage access to Microsoft Store.
 
@@ -100,23 +100,9 @@ You can also use Group Policy to manage access to Microsoft Store.
 > [!Important]
 > Enabling **Turn off the Store application** policy turns off app updates from Microsoft Store.  
 
-## Block Microsoft Store on Windows 10 Mobile
-
-
-Applies to: Windows 10 Mobile
-
-If you have mobile devices in your organization that you upgraded from earlier versions of Windows Phone 8 to Windows 10 Mobile, existing policies created using the Windows Phone 8.1 CSPs with your MDM tool will continue to work on Windows 10 Mobile. If you are starting with Windows 10 Mobile, we recommend using [AppLocker](#block-store-applocker) to manage access to Microsoft Store app.
-
-When your MDM tool supports Microsoft Store for Business, the MDM can use these CSPs to block Microsoft Store app:
-
--   [Policy](/windows/client-management/mdm/policy-configuration-service-provider)
-
--   [EnterpriseAssignedAccess](/windows/client-management/mdm/enterpriseassignedaccess-csp) (Windows 10 Mobile, only)
-
-For more information, see [Configure an MDM provider](/microsoft-store/configure-mdm-provider-windows-store-for-business).
-
 ## Show private store only using Group Policy 
-Applies to Windows 10 Enterprise, version 1607, Windows 10 Education
+
+Applies to Windows 10 Enterprise, Windows 10 Education
 
 If you're using Microsoft Store for Business and you want employees to only see apps you're managing in your private store, you can use Group Policy to show only the private store. Microsoft Store app will still be available, but employees can't view or purchase apps. Employees can view and install apps that the admin has added to your organization's private store. 
 
@@ -139,4 +125,4 @@ If you're using Microsoft Store for Business and you want employees to only see
 [Manage access to private store](/microsoft-store/manage-access-to-private-store)
 
 
- 
\ No newline at end of file
+ 
diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
new file mode 100644
index 0000000000..30c40db968
--- /dev/null
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -0,0 +1,72 @@
+---
+title: Supported CSP policies to customize Start menu on Windows 11 | Microsoft Docs
+description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Start menu.
+ms.assetid: 
+manager: dougeby
+ms.author: aaroncz
+ms.reviewer: ericpapa
+ms.prod: w11
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mobile
+author: aczechowski
+ms.localizationpriority: medium
+---
+
+# Supported configuration service provider (CSP) policies for Windows 11 Start menu
+
+**Applies to**:
+
+- Windows 11
+
+The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Endpoint Manager](/mem/endpoint-manager-overview). In an MDM policy, these CSPs are settings that you configure in a policy. When the policy is ready, you deploy the policy to your devices.
+
+This article lists the CSPs that are available to customize the Start menu for Windows 11 devices. Windows 11 uses the [Policy CSP - Start](/windows/client-management/mdm/policy-csp-start). For more general information, see [Configuration service provider (CSP) reference](/windows/client-management/mdm/configuration-service-provider-reference).
+
+For information on customizing the Start menu layout using policy, see [Customize the Start menu layout on Windows 11](customize-start-menu-layout-windows-11.md).
+
+## Existing Windows CSP policies that Windows 11 supports
+
+- [Start/AllowPinnedFolderDocuments](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments)
+- [Start/AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer)
+- [Start/AllowPinnedFolderFileExplorer](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup)
+- [Start/AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup)
+- [Start/AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic)
+- [Start/AllowPinnedFolderNetwork](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork)
+- [Start/AllowPinnedFolderPersonalFolder](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder)
+- [Start/AllowPinnedFolderPictures](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures)
+- [Start/AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings)
+- [Start/AllowPinnedFolderVideos](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos)
+- [Start/HideChangeAccountSettings](/windows/client-management/mdm/policy-csp-start#start-hidechangeaccountsettings)
+- [Start/HideHibernate](/windows/client-management/mdm/policy-csp-start#start-hidehibernate)
+- [Start/HideLock](/windows/client-management/mdm/policy-csp-start#start-hidelock)
+- [Start/HidePowerButton](/windows/client-management/mdm/policy-csp-start#start-hidepowerbutton)
+- [Start/HideRestart](/windows/client-management/mdm/policy-csp-start#start-hiderestart)
+- [Start/HideShutDown](/windows/client-management/mdm/policy-csp-start#start-hideshutdown)
+- [Start/HideSignOut](/windows/client-management/mdm/policy-csp-start#start-hidesignout)
+- [Start/HideSleep](/windows/client-management/mdm/policy-csp-start#start-hidesleep)
+- [Start/HideSwitchAccount](/windows/client-management/mdm/policy-csp-start#start-hideswitchaccount)
+- [Start/HideUserTile](/windows/client-management/mdm/policy-csp-start#start-hideusertile)
+- [Start/HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists)
+- [Start/NoPinningToTaskbar](/windows/client-management/mdm/policy-csp-start#start-nopinningtotaskbar)
+- **Start/ShowOrHideMostUsedApps**: New policy starting with Windows 11. This policy enforces always showing Most Used Apps, or always hiding Most Used Apps in the Start menu. If you use this policy, the [Start/HideFrequentlyUsedApps](/windows/client-management/mdm/policy-csp-start#start-hidefrequentlyusedapps) policy is ignored.
+
+  The [Start/HideFrequentlyUsedApps](/windows/client-management/mdm/policy-csp-start#start-hidefrequentlyusedapps) policy enforces hiding Most Used Apps on the Start menu. You can't use this policy to enforce always showing Most Used Apps on the Start menu.
+
+## Existing CSP policies that Windows 11 doesn't support
+
+- [Start/StartLayout](/windows/client-management/mdm/policy-csp-start#start-startlayout)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Start Layout`
+
+- [Start/HideRecentlyAddedApps](/windows/client-management/mdm/policy-csp-start#start-hiderecentlyaddedapps)
+  - Group policy: `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Remove "Recently added" list from Start Menu`
+
+- [Start/HideAppList](/windows/client-management/mdm/policy-csp-start#start-hideapplist)
+  - Group policy:
+    - `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Remove All Programs list from the Start menu`
+    - `User Configuration\Administrative Templates\Start Menu and Taskbar\Remove All Programs list from the Start menu`
+
+- [Start/DisableContextMenus](/windows/client-management/mdm/policy-csp-start#start-disablecontextmenus)
+  - Group policy: 
+    - `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Disable context menus in the Start Menu`
+    - `User Configuration\Administrative Templates\Start Menu and Taskbar\Disable context menus in the Start Menu`
diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/supported-csp-taskbar-windows.md
new file mode 100644
index 0000000000..0891f70e8c
--- /dev/null
+++ b/windows/configuration/supported-csp-taskbar-windows.md
@@ -0,0 +1,71 @@
+---
+title: Supported CSP policies to customize the Taskbar on Windows 11 | Microsoft Docs
+description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Taskbar.
+ms.assetid: 
+manager: dougeby
+ms.author: aaroncz
+ms.reviewer: chataylo
+ms.prod: w11
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mobile
+author: aczechowski
+ms.localizationpriority: medium
+---
+
+# Supported configuration service provider (CSP) policies for Windows 11 taskbar
+
+**Applies to**:
+
+- Windows 11
+
+The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Endpoint Manager](/mem/endpoint-manager-overview). In an MDM policy, these CSPs are settings that you configure. When the policy is ready, you deploy the policy to your devices.
+
+This article lists the CSPs that are available to customize the Taskbar for Windows 11 devices. Windows 11 uses the [Policy CSP - Start](/windows/client-management/mdm/policy-csp-start).
+
+For more general information, see [Configuration service provider (CSP) reference](/windows/client-management/mdm/configuration-service-provider-reference).
+
+## Existing CSP policies that Windows 11 taskbar supports
+
+- [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not keep history of recently opened documents`
+  - Local setting: Settings > Personalization > Start > Show recently opened items in Jump Lists on Start or the taskbar
+
+- [Start/NoPinningToTaskbar](/windows/client-management/mdm/policy-csp-start#start-nopinningtotaskbar)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not allow pinning programs to the Taskbar`
+  - Local setting: None
+
+- [Experience/ConfigureChatIcon](/windows/client-management/mdm/policy-csp-experience#experience-configurechaticonvisibilityonthetaskbar)
+  - Group policy: `Computer Configuration\Administrative Templates\Windows Components\Chat`
+  - Local setting: Settings > Personalization > Taskbar > Chat
+
+## Existing CSP policies that Windows 11 doesn't support
+
+The following list includes some of the CSP policies that aren't supported on Windows 11:
+
+- [TaskbarLockAll CSP](/windows/client-management/mdm/policy-csp-admx-taskbar#admx-taskbar-taskbarlockall)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Lock all taskbar settings`
+
+- [TaskbarNoAddRemoveToolbar CSP](/windows/client-management/mdm/policy-csp-admx-taskbar#admx-taskbar-taskbarnoaddremovetoolbar)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from adding or removing toolbars`
+
+- [TaskbarNoDragToolbar CSP](/windows/client-management/mdm/policy-csp-admx-taskbar#admx-taskbar-taskbarnodragtoolbar)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from rearranging toolbars`
+
+- [TaskbarNoRedock CSP](/windows/client-management/mdm/policy-csp-admx-taskbar#admx-taskbar-taskbarnoredock)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from moving taskbar to another screen dock location`
+
+- [TaskbarNoResize CSP](/windows/client-management/mdm/policy-csp-admx-taskbar#admx-taskbar-taskbarnoresize)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from resizing the taskbar`
+
+- [NoToolbarsOnTaskbar CSP](/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-notoolbarsontaskbar)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not display any custom toolbars in the taskbar`
+
+- [NoTaskGrouping CSP](/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-notaskgrouping)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent grouping of taskbar items`
+
+- [HidePeopleBar CSP](/windows/client-management/mdm/policy-csp-start#start-hidepeoplebar)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Remove the People Bar from the taskbar`
+
+- [QuickLaunchEnabled CSP](/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-quicklaunchenabled)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Show QuickLaunch on Taskbar`
diff --git a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
index 5a6de72bf1..5c0961785e 100644
--- a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
@@ -1,15 +1,15 @@
 ---
 title: Administering UE-V with Windows PowerShell and WMI
 description: Learn how User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 
@@ -44,4 +44,4 @@ After you create and deploy UE-V settings location templates, you can manage tho
 
 - [Administering UE-V](uev-administering-uev.md)
 
-- [User Experience Virtualization in Windows PowerShell](/powershell/module/uev/)
\ No newline at end of file
+- [User Experience Virtualization in Windows PowerShell](/powershell/module/uev/)
diff --git a/windows/configuration/ue-v/uev-administering-uev.md b/windows/configuration/ue-v/uev-administering-uev.md
index 819a185439..f2456dee1a 100644
--- a/windows/configuration/ue-v/uev-administering-uev.md
+++ b/windows/configuration/ue-v/uev-administering-uev.md
@@ -1,15 +1,15 @@
 ---
 title: Administering UE-V
 description: Learn how to perform administrative tasks for User Experience Virtualization (UE-V). These tasks include configuring the UE-V service and recovering lost settings.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 
diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md
index 1ac2f752ac..50a4533c63 100644
--- a/windows/configuration/ue-v/uev-application-template-schema-reference.md
+++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md
@@ -1,15 +1,15 @@
 ---
 title: Application Template Schema Reference for UE-V
 description: Learn details about the XML structure of the UE-V settings location templates and learn how to edit these files.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 
@@ -70,7 +70,7 @@ The XML declaration must specify the XML version 1.0 attribute (<?xml version
 
 **Type: String**
 
-UE-V uses the https://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag:
+UE-V uses the ```https://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate``` namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag:
 
 ``
 
@@ -108,52 +108,14 @@ Architecture enumerates two possible values: **Win32** and **Win64**. These valu
 **Process**
 The Process data type is a container used to describe processes to be monitored by UE-V. It contains six child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. This table details each element’s respective data type:
 
-
-----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  




                  Element
                  Data Type
                  Mandatory
                  Filename
                  FilenameString
                  True
                  Architecture
                  Architecture
                  False
                  ProductName
                  String
                  False
                  FileDescription
                  String
                  False
                  ProductVersion
                  ProcessVersion
                  False
                  FileVersion
                  ProcessVersion
                  False
                  
-
- 
+|Element|Data Type|Mandatory|
+|--- |--- |--- |
+|Filename|FilenameString|True|
+|Architecture|Architecture|False|
+|ProductName|String|False|
+|FileDescription|String|False|
+|ProductVersion|ProcessVersion|False|
+|FileVersion|ProcessVersion|False|
 
 **Processes**
 The Processes data type represents a container for a collection of one or more Process elements. Two child elements are supported in the Processes sequence type: **Process** and **ShellProcess**. Process is an element of type Process and ShellProcess is of data type Empty. At least one item must be identified in the sequence.
@@ -177,32 +139,11 @@ FileSetting contains parameters associated with files and files paths. Four chil
 **Settings**
 Settings is a container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings described earlier. In addition, it can also contain the following child elements with behaviors described:
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  Element
                  Description
                  Asynchronous
                  Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This is useful for settings that can be applied asynchronously, such as those get/set through an API, like SystemParameterSetting.
                  PreventOverlappingSynchronization
                  By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.
                  AlwaysApplySettings
                  This parameter forces an imported settings package to be applied even if there are no differences between the package and the current state of the application. This parameter should be used only in special cases since it can slow down settings import.
                  
-
- 
+|Element|Description|
+|--- |--- |
+|Asynchronous|Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This is useful for settings that can be applied asynchronously, such as those get/set through an API, like SystemParameterSetting.|
+|PreventOverlappingSynchronization|By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.|
+|AlwaysApplySettings|This parameter forces an imported settings package to be applied even if there are no differences between the package and the current state of the application. This parameter should be used only in special cases since it can slow down settings import.|
 
 ### Name Element
 
@@ -212,8 +153,8 @@ Settings is a container for all the settings that apply to a particular template
 
 Name specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. In general, avoid referencing version information, as this can be objected from the ProductVersion element. For example, specify `My Application` rather than `My Application 1.1`.
 
-**Note**  
-UE-V does not reference external DTDs, so it is not possible to use named entities in a settings location template. For example, do not use ® to refer to the registered trade mark sign ®. Instead, use canonical numbered references to include these types of special characters, for example, &\#174 for the ® character. This rule applies to all string values in this document.
+> [!NOTE]
+> UE-V does not reference external DTDs, so it is not possible to use named entities in a settings location template. For example, do not use ® to refer to the registered trade mark sign ®. Instead, use canonical numbered references to include these types of special characters, for example, &\#174 for the ® character. This rule applies to all string values in this document.
 
 See  for a complete list of character entities. UTF-8-encoded documents may include the Unicode characters directly. Saving templates through the UE-V template generator converts character entities to their Unicode representations automatically.
 
@@ -239,22 +180,23 @@ ID populates a unique identifier for a particular template. This tag becomes the
 
 Version identifies the version of the settings location template for administrative tracking of changes. The UE-V template generator automatically increments this number by one each time the template is saved. Notice that this field must be a whole number integer; fractional values, such as `2.5` are not allowed.
 
-**Hint:** You can save notes about version changes using XML comment tags ``, for example:
+> [!TIP]
+> You can save notes about version changes using XML comment tags ``, for example:
 
 ```xml
-  
-  4
+   Version 1 Jul 05, 2012 Initial template created by Generator - Denise@Contoso.com
+   Version 2 Jul 31, 2012 Added support for app.exe v2.1.3 - Mark@Contoso.com
+   Version 3 Jan 01, 2013 Added font settings support - Mark@Contoso.com
+   Version 4 Jan 31, 2013 Added support for plugin settings - Tony@Contoso.com
+ -->
+4
 ```
 
-**Important**  
-This value is queried to determine if a new version of a template should be applied to an existing template in these instances:
+> [!IMPORTANT]
+> This value is queried to determine if a new version of a template should be applied to an existing template in these instances:
 
 -   When the scheduled Template Auto Update task executes
 
@@ -281,24 +223,24 @@ Author identifies the creator of the settings location template. Two optional ch
 Processes contains at least one `` element, which in turn contains the following child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. The Filename child element is mandatory and the others are optional. A fully populated element contains tags similar to this example:
 
 ```xml
-    
-      MyApplication.exe
-      Win64
-       MyApplication 
-      MyApplication.exe
-      
-        
-        
-        
-        
-      
-      
-        
-        
-        
-        
-      
-    
+
+  MyApplication.exe
+  Win64
+   MyApplication 
+  MyApplication.exe
+  
+	
+	
+	
+	
+  
+  
+	
+	
+	
+	
+  
+
 ```
 
 ### Filename
@@ -311,7 +253,8 @@ Filename refers to the actual file name of the executable as it appears in the f
 
 Valid filenames must not match the regular expression \[^\\\\\\?\\\*\\|<>/:\]+, that is, they may not contain backslash characters, asterisk or question mark wild-card characters, the pipe character, the greater than or less than sign, forward slash, or colon (the \\ ? \* | < > / or : characters.).
 
-**Hint:** To test a string against this regex, use a PowerShell command window and substitute your executable’s name for **YourFileName**:
+> [!TIP]
+> To test a string against this regex, use a PowerShell command window and substitute your executable’s name for **YourFileName**:
 
 `"YourFileName.exe" -match  "[\\\?\*\|<>/:]+"`
 
@@ -325,8 +268,8 @@ A value of **True** indicates that the string contains illegal characters. Here
 
 -   Program<1>.exe
 
-**Note**  
-The UE-V template generator encodes the greater than and less than characters as > and < respectively.
+> [!NOTE]
+> The UE-V template generator encodes the greater than and less than characters as > and < respectively.
 
  
 
@@ -342,8 +285,8 @@ Architecture refers to the processor architecture for which the target executabl
 
 If this element is absent, the settings location template ignores the process’ architecture and applies to both 32 and 64-bit processes if the file name and other attributes apply.
 
-**Note**  
-UE-V does not support ARM processors in this version.
+> [!NOTE]
+> UE-V does not support ARM processors in this version.
 
  
 
@@ -356,13 +299,13 @@ UE-V does not support ARM processors in this version.
 ProductName is an optional element used to identify a product for administrative purposes or reporting. ProductName differs from Filename in that there are no regular expression restrictions on its value. This allows for more easily understood descriptions of a process where the executable name may not be obvious. For example:
 
 ```xml
-    
-      MyApplication.exe
-      My Application 6.x by Contoso.com
-      
-        
-      
-    
+
+  MyApplication.exe
+  My Application 6.x by Contoso.com
+  
+	
+  
+
 ```
 
 ### FileDescription
@@ -410,10 +353,10 @@ The product and file version elements may be left unspecified. Doing so makes th
 Product version: 1.0 specified in the UE-V template generator produces the following XML:
 
 ```xml
-      
-        
-        
-      
+
+  
+  
+
 ```
 
 **Example 2:**
@@ -421,12 +364,12 @@ Product version: 1.0 specified in the UE-V template generator produces the follo
 File version: 5.0.2.1000 specified in the UE-V template generator produces the following XML:
 
 ```xml
-      
-        
-        
-        
-        
-      
+
+  
+  
+  
+  
+
 ```
 
 **Incorrect Example 1 – incomplete range:**
@@ -434,9 +377,9 @@ File version: 5.0.2.1000 specified in the UE-V template generator produces the f
 Only the Minimum attribute is present. Maximum must be included in a range as well.
 
 ```xml
-      
-        
-      
+
+  
+
 ```
 
 **Incorrect Example 2 – Minor specified without Major element:**
@@ -444,9 +387,9 @@ Only the Minimum attribute is present. Maximum must be included in a range as we
 Only the Minor element is present. Major must be included as well.
 
 ```xml
-      
-        
-      
+
+  
+
 ```
 
 ### FileVersion
@@ -464,180 +407,68 @@ Including a FileVersion element for an application allows for more granular fine
 The child elements and syntax rules for FileVersion are identical to those of ProductVersion.
 
 ```xml
-      
-        MSACCESS.EXE
-        Win32
-        
-          
-          
-        
-        
-          
-          
-        
-      
+
+  MSACCESS.EXE
+  Win32
+  
+    
+    
+  
+  
+    
+    
+  
+
 ```
 
 ### Application Element
 
 Application is a container for settings that apply to a particular application. It is a collection of the following fields/types.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  Field/Type
                  Description
                  Name
                  Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.
                  ID
                  Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see ID.
                  Description
                  An optional description of the template.
                  LocalizedNames
                  An optional name displayed in the UI, localized by a language locale.
                  LocalizedDescriptions
                  An optional template description localized by a language locale.
                  Version
                  Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.
                  DeferToMSAccount
                  Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.
                  DeferToOffice365
                  Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.
                  FixedProfile
                  Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.
                  Processes
                  A container for a collection of one or more Process elements. For more information, see Processes.
                  Settings
                  A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.
                  
+|Field/Type|Description|
+|--- |--- |
+|Name|Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).|
+|ID|Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).|
+|Description|An optional description of the template.|
+|LocalizedNames|An optional name displayed in the UI, localized by a language locale.|
+|LocalizedDescriptions|An optional template description localized by a language locale.|
+|Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).|
+|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.|
+|DeferToOffice365|Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.|
+|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.|
+|Processes|A container for a collection of one or more Process elements. For more information, see [Processes](#processes21).|
+|Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21)".|
 
- 
 
 ### Common Element
 
 Common is similar to an Application element, but it is always associated with two or more Application elements. The Common section represents the set of settings that are shared between those Application instances. It is a collection of the following fields/types.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  Field/Type
                  Description
                  Name
                  Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.
                  ID
                  Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see ID.
                  Description
                  An optional description of the template.
                  LocalizedNames
                  An optional name displayed in the UI, localized by a language locale.
                  LocalizedDescriptions
                  An optional template description localized by a language locale.
                  Version
                  Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.
                  DeferToMSAccount
                  Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.
                  DeferToOffice365
                  Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.
                  FixedProfile
                  Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.
                  Settings
                  A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.
                  
-
- 
+|Field/Type|Description|
+|--- |--- |
+|Name|Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).|
+|ID|Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).|
+|Description|An optional description of the template.|
+|LocalizedNames|An optional name displayed in the UI, localized by a language locale.|
+|LocalizedDescriptions|An optional template description localized by a language locale.|
+|Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).|
+|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.|
+|DeferToOffice365|Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.|
+|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.|
+|Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21).|
 
 ### SettingsLocationTemplate Element
 
 This element defines the settings for a single application or a suite of applications.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  Field/Type
                  Description
                  Name
                  Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.
                  ID
                  Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see ID.
                  Description
                  An optional description of the template.
                  LocalizedNames
                  An optional name displayed in the UI, localized by a language locale.
                  LocalizedDescriptions
                  An optional template description localized by a language locale.
                  
+|Field/Type|Description|
+|--- |--- |
+|Name|Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).|
+|ID|Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).|
+|Description|An optional description of the template.|
+|LocalizedNames|An optional name displayed in the UI, localized by a language locale.|
+|LocalizedDescriptions|An optional template description localized by a language locale.|
 
- 
 
 ### Appendix: SettingsLocationTemplate.xsd
 
diff --git a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
index 95f6808caf..7b1980ded7 100644
--- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
+++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
@@ -1,15 +1,15 @@
 ---
 title: Changing the Frequency of UE-V Scheduled Tasks
 description: Learn how to create a script that uses the Schtasks.exe command-line options so you can change the frequency of UE-V scheduled tasks.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 
@@ -29,8 +29,8 @@ When the User Experience Virtualization (UE-V) service is enabled, it creates th
 
 -   [Template Auto Update](#template-auto-update)
 
-**Note**
                  
-These tasks must remain enabled, because UE-V cannot function without them.
+> [!NOTE]
+> These tasks must remain enabled, because UE-V cannot function without them.
 
 These scheduled tasks are not configurable with the UE-V tools. Administrators who want to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options.
 
@@ -44,55 +44,21 @@ The following scheduled tasks are included in UE-V with sample scheduled task co
 
 The **Monitor Application Settings** task is used to synchronize settings for Windows apps. It is runs at logon but is delayed by 30 seconds to not affect the logon detrimentally. The Monitor Application Status task runs the UevAppMonitor.exe file, which is located in the UE-V Agent installation directory.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  Task nameDefault event
                  \Microsoft\UE-V\Monitor Application Status
                  Logon
                  
-
- 
+|Task name|Default event|
+|--- |--- |
+|\Microsoft\UE-V\Monitor Application Status|Logon|
 
 ### Sync Controller Application
 
 The **Sync Controller Application** task is used to start the Sync Controller to synchronize settings from the computer to the settings storage location. By default, the task runs every 30 minutes. At that time, local settings are synchronized to the settings storage location, and updated settings on the settings storage location are synchronized to the computer. The Sync Controller application runs the Microsoft.Uev.SyncController.exe, which is located in the UE-V Agent installation directory.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  Task nameDefault event
                  \Microsoft\UE-V\Sync Controller Application
                  Logon, and every 30 minutes thereafter
                  
-
- 
+|Task name|Default event|
+|--- |--- |
+|\Microsoft\UE-V\Sync Controller Application|Logon, and every 30 minutes thereafter|
 
 For example, the following command configures the agent to synchronize settings every 15 minutes instead of the default 30 minutes.
 
-``` syntax
+```console
 Schtasks /change /tn “Microsoft\UE-V\Sync Controller Application” /ri 15
 ```
 
@@ -100,118 +66,36 @@ Schtasks /change /tn “Microsoft\UE-V\Sync Controller Application” /ri 15
 
 The **Synchronize Settings at Logoff** task is used to start an application at logon that controls the synchronization of applications at logoff for UE-V. The Synchronize Settings at Logoff task runs the Microsoft.Uev.SyncController.exe file, which is located in the UE-V Agent installation directory.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  Task nameDefault event
                  \Microsoft\UE-V\Synchronize Settings at Logoff
                  Logon
                  
-
- 
+|Task name|Default event|
+|--- |--- |
+|\Microsoft\UE-V\Synchronize Settings at Logoff|Logon|
 
 ### Template Auto Update
 
 The **Template Auto Update** task checks the settings template catalog for new, updated, or removed templates. This task only runs if the SettingsTemplateCatalog is configured. The **Template Auto Update** task runs the ApplySettingsCatalog.exe file, which is located in the UE-V Agent installation directory.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
                  



                  Task nameDefault event
                  \Microsoft\UE-V\Template Auto Update
                  System startup and at 3:30 AM every day, at a random time within a 1-hour window
                  
+|Task name|Default event|
+|--- |--- |
+|\Microsoft\UE-V\Template Auto Update|System startup and at 3:30 AM every day, at a random time within a 1-hour window|
 
- 
 
 **Example:** The following command configures the UE-V service to check the settings template catalog store every hour.
 
-``` syntax
+```console
 schtasks /change /tn "Microsoft\UE-V\Template Auto Update" /ri 60
 ```
 
 
 ## UE-V Scheduled Task Details
 
-
 The following chart provides additional information about scheduled tasks for UE-V 2:
 
-
--------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  







                  Task Name (file name)
                  Default Frequency
                  Power Toggle
                  Idle Only
                  Network Connection
                  Description
                  Monitor Application Settings (UevAppMonitor.exe)
                  Starts 30 seconds after logon and continues until logoff.
                  No
                  Yes
                  N/A
                  Synchronizes settings for Windows (AppX) apps.
                  Sync Controller Application (Microsoft.Uev.SyncController.exe)
                  At logon and every 30 min thereafter.
                  Yes
                  Yes
                  Only if Network is connected
                  Starts the Sync Controller which synchronizes local settings with the settings storage location.
                  Synchronize Settings at Logoff (Microsoft.Uev.SyncController.exe)
                  Runs at logon and then waits for Logoff to Synchronize settings.
                  No
                  Yes
                  N/A
                  Start an application at logon that controls the synchronization of applications at logoff.
                  Template Auto Update (ApplySettingsCatalog.exe)
                  Runs at initial logon and at 3:30 AM every day thereafter.
                  Yes
                  No
                  N/A
                  Checks the settings template catalog for new, updated, or removed templates. This task only runs if SettingsTemplateCatalog is configured.
                  
-
- 
+|Task Name (file name)|Default Frequency|Power Toggle|Idle Only|Network Connection|Description|
+|--- |--- |--- |--- |--- |--- |
+|**Monitor Application Settings** (UevAppMonitor.exe)|Starts 30 seconds after logon and continues until logoff.|No|Yes|N/A|Synchronizes settings for Windows (AppX) apps.|
+|**Sync Controller Application** (Microsoft.Uev.SyncController.exe)|At logon and every 30 min thereafter.|Yes|Yes|Only if Network is connected|Starts the Sync Controller which synchronizes local settings with the settings storage location.|
+|**Synchronize Settings at Logoff** (Microsoft.Uev.SyncController.exe)|Runs at logon and then waits for Logoff to Synchronize settings.|No|Yes|N/A|Start an application at logon that controls the synchronization of applications at logoff.|
+|**Template Auto Update** (ApplySettingsCatalog.exe)|Runs at initial logon and at 3:30 AM every day thereafter.|Yes|No|N/A|Checks the settings template catalog for new, updated, or removed templates. This task only runs if SettingsTemplateCatalog is configured.|
 
 **Legend**
 
@@ -251,4 +135,4 @@ The following additional information applies to UE-V scheduled tasks:
 
 [Administering UE-V](uev-administering-uev.md)
 
-[Deploy UE-V for Custom Applications](uev-deploy-uev-for-custom-applications.md)
\ No newline at end of file
+[Deploy UE-V for Custom Applications](uev-deploy-uev-for-custom-applications.md)
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
index 852fd636c1..8aa4719d90 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
@@ -1,15 +1,15 @@
 ---
 title: Configuring UE-V with Group Policy Objects
 description: In this article, learn how to configure User Experience Virtualization (UE-V) with Group Policy objects.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 
@@ -26,147 +26,31 @@ The following policy settings can be configured for UE-V.
 
 **Group Policy settings**
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  





                  Group Policy setting nameTargetGroup Policy setting descriptionConfiguration options
                  Do not use the sync provider
                  Computers and Users
                  By using this Group Policy setting, you can configure whether UE-V uses the sync provider feature. This policy setting also lets you enable notification to appear when the import of user settings is delayed.
                  Enable this setting to configure the UE-V service not to use the sync provider.
                  First Use Notification
                  Computers Only
                  This Group Policy setting enables a notification in the notification area that appears when the UE-V service runs for the first time.
                  The default is enabled.
                  Synchronize Windows settings
                  Computers and Users
                  This Group Policy setting configures the synchronization of Windows settings.
                  Select which Windows settings synchronize between computers.
                  
-
                  By default, Windows themes, desktop settings, and Ease of Access settings synchronize settings between computers of the same operating system version.
                  Settings package size warning threshold
                  Computers and Users
                  This Group Policy setting lets you configure the UE-V service to report when a settings package file size reaches a defined threshold.
                  Specify the preferred threshold for settings package sizes in kilobytes (KB).
                  
-
                  By default, the UE-V service does not have a package file size threshold.
                  Settings storage path
                  Computers and Users
                  This Group Policy setting configures where the user settings are to be stored.
                  Enter a Universal Naming Convention (UNC) path and variables such as \Server\SettingsShare%username%.
                  Settings template catalog path
                  Computers Only
                  This Group Policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog is to be used to replace the default Microsoft templates that are installed with the UE-V service.
                  Enter a Universal Naming Convention (UNC) path such as \Server\TemplateShare or a folder location on the computer.
                  
-
                  Select the check box to replace the default Microsoft templates.
                  Sync settings over metered connections
                  Computers and Users
                  This Group Policy setting defines whether UE-V synchronizes settings over metered connections.
                  By default, the UE-V service does not synchronize settings over a metered connection.
                  Sync settings over metered connections even when roaming
                  Computers and Users
                  This Group Policy setting defines whether UE-V synchronizes settings over metered connections outside of the home provider network, for example, when the data connection is in roaming mode.
                  By default, UE-V does not synchronize settings over a metered connection when it is in roaming mode.
                  Synchronization timeout
                  Computers and Users
                  This Group Policy setting configures the number of milliseconds that the computer waits before a time-out when it retrieves user settings from the remote settings location. If the remote storage location is unavailable, and the user does not use the sync provider, the application start is delayed by this many milliseconds.
                  Specify the preferred synchronization time-out in milliseconds. The default value is 2000 milliseconds.
                  Tray Icon
                  Computers Only
                  This Group Policy setting enables the User Experience Virtualization (UE-V) tray icon.
                  This setting only has an effect for UE-V 2.x and earlier. It has no effect for UE-V in Windows 10, version 1607.
                  Use User Experience Virtualization (UE-V)
                  Computers and Users
                  This Group Policy setting lets you enable or disable User Experience Virtualization (UE-V).
                  This setting only has an effect for UE-V 2.x and earlier. For UE-V in Windows 10, version 1607, use the Enable UE-V setting.
                  Enable UE-V
                  Computers and Users
                  This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect.
                  This setting only has an effect for UE-V in Windows 10, version 1607. For UE-V 2.x and earlier, choose the Use User Experience Virtualization (UE-V) setting.
                  
+|Group Policy setting name|Target|Group Policy setting description|Configuration options|
+|--- |--- |--- |--- |
+|Do not use the sync provider|Computers and Users|By using this Group Policy setting, you can configure whether UE-V uses the sync provider feature. This policy setting also lets you enable notification to appear when the import of user settings is delayed.|Enable this setting to configure the UE-V service not to use the sync provider.|
+|First Use Notification|Computers Only|This Group Policy setting enables a notification in the notification area that appears when the UE-V service runs for the first time.|The default is enabled.|
+|Synchronize Windows settings|Computers and Users|This Group Policy setting configures the synchronization of Windows settings.|Select which Windows settings synchronize between computers.
                  By default, Windows themes, desktop settings, and Ease of Access settings synchronize settings between computers of the same operating system version.|
+|Settings package size warning threshold|Computers and Users|This Group Policy setting lets you configure the UE-V service to report when a settings package file size reaches a defined threshold.|Specify the preferred threshold for settings package sizes in kilobytes (KB).
                  By default, the UE-V service does not have a package file size threshold.|
+|Settings storage path|Computers and Users|This Group Policy setting configures where the user settings are to be stored.|Enter a Universal Naming Convention (UNC) path and variables such as \Server\SettingsShare%username%.|
+|Settings template catalog path|Computers Only|This Group Policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog is to be used to replace the default Microsoft templates that are installed with the UE-V service.|Enter a Universal Naming Convention (UNC) path such as \Server\TemplateShare or a folder location on the computer.
                  Select the check box to replace the default Microsoft templates.|
+|Sync settings over metered connections|Computers and Users|This Group Policy setting defines whether UE-V synchronizes settings over metered connections.|By default, the UE-V service does not synchronize settings over a metered connection.|
+|Sync settings over metered connections even when roaming|Computers and Users|This Group Policy setting defines whether UE-V synchronizes settings over metered connections outside of the home provider network, for example, when the data connection is in roaming mode.|By default, UE-V does not synchronize settings over a metered connection when it is in roaming mode.|
+|Synchronization timeout|Computers and Users|This Group Policy setting configures the number of milliseconds that the computer waits before a time-out when it retrieves user settings from the remote settings location. If the remote storage location is unavailable, and the user does not use the sync provider, the application start is delayed by this many milliseconds.|Specify the preferred synchronization time-out in milliseconds. The default value is 2000 milliseconds.|
+|Tray Icon|Computers Only|This Group Policy setting enables the User Experience Virtualization (UE-V) tray icon.|This setting only has an effect for UE-V 2.x and earlier. It has no effect for UE-V in Windows 10, version 1607.|
+|Use User Experience Virtualization (UE-V)|Computers and Users|This Group Policy setting lets you enable or disable User Experience Virtualization (UE-V).|This setting only has an effect for UE-V 2.x and earlier. For UE-V in Windows 10, version 1607, use the **Enable UE-V** setting.|
+|Enable UE-V|Computers and Users|This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect.|This setting only has an effect for UE-V in Windows 10, version 1607. For UE-V 2.x and earlier, choose the **Use User Experience Virtualization (UE-V)** setting.|
 
- 
-
-**Note**  
-In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications.
-
- 
+>[!NOTE]
+>In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications.
 
 **Windows App Group Policy settings**
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                  





                  Group Policy setting nameTargetGroup Policy setting descriptionConfiguration options
                  Do not synchronize Windows Apps
                  Computers and Users
                  This Group Policy setting defines whether the UE-V service synchronizes settings for Windows apps.
                  The default is to synchronize Windows apps.
                  Windows App List
                  Computer and User
                  This setting lists the family package names of the Windows apps and states expressly whether UE-V synchronizes that app’s settings.
                  You can use this setting to specify that settings of an app are never synchronized by UE-V, even if the settings of all other Windows apps are synchronized.
                  Sync Unlisted Windows Apps
                  Computer and User
                  This Group Policy setting defines the default settings sync behavior of the UE-V service for Windows apps that are not explicitly listed in the Windows app list.
                  By default, the UE-V service only synchronizes settings of those Windows apps that are included in the Windows app list.
                  
-
- 
+|Group Policy setting name|Target|Group Policy setting description|Configuration options|
+|--- |--- |--- |--- |
+|Do not synchronize Windows Apps|Computers and Users|This Group Policy setting defines whether the UE-V service synchronizes settings for Windows apps.|The default is to synchronize Windows apps.|
+|Windows App List|Computer and User|This setting lists the family package names of the Windows apps and states expressly whether UE-V synchronizes that app’s settings.|You can use this setting to specify that settings of an app are never synchronized by UE-V, even if the settings of all other Windows apps are synchronized.|
+|Sync Unlisted Windows Apps|Computer and User|This Group Policy setting defines the default settings sync behavior of the UE-V service for Windows apps that are not explicitly listed in the Windows app list.|By default, the UE-V service only synchronizes settings of those Windows apps that are included in the Windows app list.|
 
 For more information about synchronizing Windows apps, see [Windows App List](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md#win8applist).
 
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
index 742b25f00e..fa9dda05ab 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
@@ -1,15 +1,15 @@
 ---
 title: Configuring UE-V with Microsoft Endpoint Configuration Manager
 description: Learn how to configure User Experience Virtualization (UE-V) with Microsoft Endpoint Configuration Manager. 
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 
@@ -35,52 +35,15 @@ The UE-V Configuration Pack includes tools to:
 
 -   Create or update a UE-V Agent policy configuration item to set or clear these settings
 
-    
-    -    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
                  




                  Max package size
                  Enable/disable Windows app sync
                  Wait for sync on application start
                  Setting import delay
                  Sync unlisted Windows apps
                  Wait for sync on logon
                  Settings import notification
                  IT contact URL
                  Wait for sync timeout
                  Settings storage path
                  IT contact descriptive text
                  Settings template catalog path
                  Sync enablement
                  Tray icon enabled
                  Start/Stop UE-V agent service
                  Sync method
                  First use notification
                  Define which Windows apps will roam settings
                  Sync timeout
                  
-
-     
+     |Configuration|Setting|Description|
+     |--- |--- |--- |
+     |Max package size|Enable/disable Windows app sync|Wait for sync on application start|
+     |Setting import delay|Sync unlisted Windows apps|Wait for sync on logon|
+     |Settings import notification|IT contact URL|Wait for sync timeout|
+     |Settings storage path|IT contact descriptive text|Settings template catalog path|
+     |Sync enablement|Tray icon enabled|Start/Stop UE-V agent service|
+     |Sync method|First use notification|Define which Windows apps will roam settings|
+     |Sync timeout|||
 
 -   Verify compliance by confirming that UE-V is running.
 
@@ -101,8 +64,8 @@ The UE-V service policy configuration item CAB file is created using the UevTemp
 
 -   ConfigurationFile <full path to agent configuration XML file>
 
-**Note**  
-It might be necessary to change the PowerShell execution policy to allow these scripts to run in your environment. Perform these steps in the Configuration Manager console:
+> [!NOTE]
+> It might be necessary to change the PowerShell execution policy to allow these scripts to run in your environment. Perform these steps in the Configuration Manager console:
 
 1.  Select **Administration > Client Settings > Properties**
 
@@ -113,7 +76,7 @@ It might be necessary to change the PowerShell execution policy to allow these s
 
 1.  Copy the default settings configuration file from the UE-V Config Pack installation directory to a location visible to your ConfigMgr Admin Console:
 
-    ``` syntax
+    ```cmd
     C:\Program Files (x86)\Windows Kits\10\Microsoft User Experience Virtualization\Management\AgentConfiguration.xml 
     ```
 
@@ -162,7 +125,7 @@ It might be necessary to change the PowerShell execution policy to allow these s
 
 3.  Run this command on a machine running the ConfigMgr Admin Console:
 
-    ``` syntax
+    ```cmd
     C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe -Site ABC -CabFilePath "C:\MyCabFiles\UevPolicyItem.cab" -ConfigurationFile "c:\AgentConfiguration.xml"
     ```
 
@@ -206,7 +169,7 @@ The result is a baseline CAB file that is ready for import into Configuration Ma
 
 3.  Add the command and parameters to the .bat file that will generate the baseline. The following example creates a baseline that distributes Notepad and Calculator:
 
-    ``` syntax
+    ```cmd
     C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe -Site "ABC" -TemplateFolder "C:\ProductionUevTemplates" -Register "MicrosoftNotepad.xml, MicrosoftCalculator.xml" -CabFilePath "C:\MyCabFiles\UevTemplateBaseline.cab"
     ```
 
@@ -226,25 +189,7 @@ To distribute a new Notepad template, you would perform these steps:
 
 4.  Import the generated CAB file into ConfigMgr using the console or PowerShell Import-CMBaseline.
 
-## Get the UE-V Configuration Pack
-
-You can download the [System Center 2012 Configuration Pack for Microsoft User Experience Virtualization 2.0](https://www.microsoft.com/download/details.aspx?id=40913) from the Microsoft Download Center.
-
-
-
-
-
-
 ## Related topics
 
 
 [Manage Configurations for UE-V](uev-manage-configurations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/configuration/ue-v/uev-deploy-required-features.md b/windows/configuration/ue-v/uev-deploy-required-features.md
index 7b078d49b1..1b6513b56d 100644
--- a/windows/configuration/ue-v/uev-deploy-required-features.md
+++ b/windows/configuration/ue-v/uev-deploy-required-features.md
@@ -1,15 +1,15 @@
 ---
 title: Deploy required UE-V features
 description: Learn how to install and configure User Experience Virtualization (UE-V) features, for example a network share that stores and retrieves user settings.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 
diff --git a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
index 83744db2ca..21f2749843 100644
--- a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
+++ b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
@@ -1,15 +1,15 @@
 ---
 title: Use UE-V with custom applications
 description: Use User Experience Virtualization (UE-V) to create your own custom settings location templates with the UE-V template generator.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 
@@ -121,7 +121,7 @@ UE-V for Windows 10, version 1607 includes a new template generator. If you are
 
 -->
 
-![Selecting UE-V features in ADK](images/uev-adk-select-uev-feature.png)
+![Selecting UE-V features in ADK.](images/uev-adk-select-uev-feature.png)
 
 3. To open the generator, select **Microsoft Application Virtualization Generator** from the **Start** menu. 
 
diff --git a/windows/configuration/ue-v/uev-for-windows.md b/windows/configuration/ue-v/uev-for-windows.md
index bb6d70d870..9074ddc234 100644
--- a/windows/configuration/ue-v/uev-for-windows.md
+++ b/windows/configuration/ue-v/uev-for-windows.md
@@ -1,15 +1,15 @@
 ---
 title: User Experience Virtualization for Windows 10, version 1607
 description: Overview of User Experience Virtualization for Windows 10, version 1607
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 05/02/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 
@@ -41,7 +41,7 @@ The diagram below illustrates how UE-V components work together to synchronize u
 UE-V architecture, with server share, desktop, and UE-V service
 
 
 
 | **Component**            | **Function**     |
@@ -65,7 +65,7 @@ Use these UE-V components to create and manage custom templates for your third-p
 
 -->
 
-![UE-V template generator process](images/uev-generator-process.png)
+![UE-V template generator process.](images/uev-generator-process.png)
 
 ## Settings synchronized by default
 
diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md
index 2b8d0a7d04..2bb02af5e6 100644
--- a/windows/configuration/ue-v/uev-getting-started.md
+++ b/windows/configuration/ue-v/uev-getting-started.md
@@ -1,15 +1,15 @@
 ---
 title: Get Started with UE-V
 description: Use the steps in this article to deploy User Experience Virtualization (UE-V) for the first time in a test environment.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 03/08/2018
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ---
 
 # Get Started with UE-V
@@ -170,4 +170,4 @@ For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.c
 
 -   [Troubleshooting UE-V](uev-troubleshooting.md)
 
--   [Technical Reference for UE-V](uev-technical-reference.md)
\ No newline at end of file
+-   [Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
index d992db0cca..9ed8904dec 100644
--- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
+++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
@@ -1,15 +1,15 @@
 ---
 title: Manage Administrative Backup and Restore in UE-V
 description: Learn how an administrator of User Experience Virtualization (UE-V) can back up and restore application and Windows settings to their original state.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 
@@ -112,64 +112,22 @@ WMI and Windows PowerShell commands let you restore application and Windows sett
 
 2.  Enter the following Windows PowerShell cmdlet to restore the application settings and Windows settings.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
                  



                  Windows PowerShell cmdletDescription
                  Restore-UevUserSetting -<TemplateID>
                  Restores the user settings for an application or restores a group of Windows settings.
                  
-
-
-
+     |**Windows PowerShell cmdlet**|**Description**|
+     |--- |--- |
+     |`Restore-UevUserSetting -` |Restores the user settings for an application or restores a group of Windows settings.|
+   
 **To restore application settings and Windows settings with WMI**
 
 1.  Open a Windows PowerShell window.
 
 2.  Enter the following WMI command to restore application settings and Windows settings.
 
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
                  



                  WMI commandDescription
                  Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name RestoreByTemplateId -ArgumentList <template_ID>
                  Restores the user settings for an application or restores a group of Windows settings.
                  
-
-
-
-~~~
-**Note**  
-UE-V does not provide a settings rollback for Windows apps.
-~~~
-
-
-
-
-
+    |**WMI command**|**Description**|
+    |--- |--- |
+    |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name RestoreByTemplateId -ArgumentList `|Restores the user settings for an application or restores a group of Windows settings.|
 
+>[!NOTE]
+>UE-V does not provide a settings rollback for Windows apps.
 
 ## Related topics
 
diff --git a/windows/configuration/ue-v/uev-manage-configurations.md b/windows/configuration/ue-v/uev-manage-configurations.md
index 1f773b7392..4533fb9eb7 100644
--- a/windows/configuration/ue-v/uev-manage-configurations.md
+++ b/windows/configuration/ue-v/uev-manage-configurations.md
@@ -1,15 +1,15 @@
 ---
 title: Manage Configurations for UE-V
 description: Learn to manage the configuration of the User Experience Virtualization (UE-V) service and also learn to manage storage locations for UE-V resources.
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 
diff --git a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
index 778370f194..b36faf10c5 100644
--- a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
@@ -1,15 +1,15 @@
 ---
 title: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
 description: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
-author: greg-lindsay
+author: aczechowski
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dansimp
-ms.author: greglin
+manager: dougeby
+ms.author: aaroncz
 ms.topic: article
 ---
 
@@ -21,7 +21,8 @@ ms.topic: article
 
 User Experience Virtualization (UE-V) uses XML settings location templates to define the settings that User Experience Virtualization captures and applies. UE-V includes a set of standard settings location templates. It also includes the UE-V template generator tool that enables you to create custom settings location templates. After you create and deploy settings location templates, you can manage those templates by using Windows PowerShell and the Windows Management Instrumentation (WMI). 
 
-> **Note**  For a complete list of UE-V cmdlets, see [User Experience Virtualization in Windows PowerShell](/powershell/module/uev/).
+> [!NOTE]
+> For a complete list of UE-V cmdlets, see [User Experience Virtualization in Windows PowerShell](/powershell/module/uev/).
 
 ## Manage UE-V settings location templates by using Windows PowerShell
 
@@ -29,139 +30,44 @@ The WMI and Windows PowerShell features of UE-V include the ability to enable, d
 
 You must have administrator permissions to update, register, or unregister a settings location template. Administrator permissions are not required to enable, disable, or list templates.
 
-***To manage settings location templates by using Windows PowerShell***
+**To manage settings location templates by using Windows PowerShell**
 
 1.  Use an account with administrator rights to open a Windows PowerShell command prompt.
 
 2.  Use the following Windows PowerShell cmdlets to register and manage the UE-V settings location templates.
-
-    
-    -    -    -    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
-    
                  



                  Windows PowerShell commandDescription
                  Get-UevTemplate
                  Lists all the settings location templates that are registered on the computer.
                  Get-UevTemplate -Application <string>
                  Lists all the settings location templates that are registered on the computer where the application name or template name contains <string>.
                  Get-UevTemplate -TemplateID <string>
                  Lists all the settings location templates that are registered on the computer where the template ID contains <string>.
                  Get-UevTemplate [-ApplicationOrTemplateID] <string>
                  Lists all the settings location templates that are registered on the computer where the application or template name, or template ID contains <string>.
                  Get-UevTemplateProgram [-ID] <template ID>
                  Gets the name of the program and version information, which depend on the template ID.
                  Get-UevAppXPackage
                  Gets the effective list of Windows apps.
                  Get-UevAppXPackage -Computer
                  Gets the list of Windows apps that are configured for the computer.
                  Get-UevAppXPackage -CurrentComputerUser
                  Gets the list of Windows apps that are configured for the current user.
                  Register-UevTemplate [-Path] <template file path>[,<template file path>]
                  Registers one or more settings location template with UE-V by using relative paths and/or wildcard characters in file paths. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.
                  Register-UevTemplate -LiteralPath <template file path>[,<template file path>]
                  Registers one or more settings location template with UE-V by using literal paths, where no characters can be interpreted as wildcard characters. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.
                  Unregister-UevTemplate [-ID] <template ID>
                  Unregisters a settings location template with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.
                  Unregister-UevTemplate -All
                  Unregisters all settings location templates with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.
                  Update-UevTemplate [-Path] <template file path>[,<template file path>]
                  Updates one or more settings location templates with a more recent version of the template. Use relative paths and/or wildcard characters in the file paths. The new template should be a newer version than the existing template.
                  Update-UevTemplate -LiteralPath <template file path>[,<template file path>]
                  Updates one or more settings location templates with a more recent version of the template. Use full paths to template files, where no characters can be interpreted as wildcard characters. The new template should be a newer version than the existing template.
                  Clear-UevAppXPackage -Computer [-PackageFamilyName] <package family name>[,<package family name>]
                  Removes one or more Windows apps from the computer Windows app list.
                  Clear-UevAppXPackage -CurrentComputerUser
                  Removes Windows app from the current user Windows app list.
                  Clear-UevAppXPackage -Computer -All
                  Removes all Windows apps from the computer Windows app list.
                  Clear-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]
                  Removes one or more Windows apps from the current user Windows app list.
                  Clear-UevAppXPackage [-CurrentComputerUser] -All
                  Removes all Windows apps from the current user Windows app list.
                  Disable-UevTemplate [-ID] <template ID>
                  Disables a settings location template for the current user of the computer.
                  Disable-UevAppXPackage -Computer [-PackageFamilyName] <package family name>[,<package family name>]
                  Disables one or more Windows apps in the computer Windows app list.
                  Disable-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]
                  Disables one or more Windows apps in the current user Windows app list.
                  Enable-UevTemplate [-ID] <template ID>
                  Enables a settings location template for the current user of the computer.
                  Enable-UevAppXPackage -Computer [-PackageFamilyName] <package family name>[,<package family name>]
                  Enables one or more Windows apps in the computer Windows app list.
                  Enable-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]
                  Enables one or more Windows apps in the current user Windows app list.
                  Test-UevTemplate [-Path] <template file path>[,<template file path>]
                  Determines whether one or more settings location templates comply with its XML schema. Can use relative paths and wildcard characters.
                  Test-UevTemplate -LiteralPath <template file path>[,<template file path>]
                  Determines whether one or more settings location templates comply with its XML schema. The path must be a full path to the template file, but does not include wildcard characters.
                  
-
-     
-
+    
+    |Windows PowerShell command|Description|
+    |--- |--- |
+    |`Get-UevTemplate`|Lists all the settings location templates that are registered on the computer.|
+    |`Get-UevTemplate -Application `|Lists all the settings location templates that are registered on the computer where the application name or template name contains.|
+    |`Get-UevTemplate -TemplateID `|Lists all the settings location templates that are registered on the computer where the template ID contains.|
+    |`Get-UevTemplate [-ApplicationOrTemplateID] `|Lists all the settings location templates that are registered on the computer where the application or template name, or template ID contains.|
+    |`Get-UevTemplateProgram [-ID]